From 0781f49673d1bb8cf7fe9eaac1d3e9fad173123d Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 7 Jul 2025 21:06:14 +0200
Subject: [PATCH] [PR #10349/4195cbb3 backport][stable-11] incus_connection:
 Improve error handling (#10362)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

incus_connection: Improve error handling (#10349)

Related to #10344

This tweaks the error handling logic to work with more versions of Incus
as well as catching some of the project and instance access errors.

The full context (instance name, project name and remote name) is now
included so that the user can easily diagnose access problems.


(cherry picked from commit 4195cbb3645d2c3b81101ccbaf7ec80047a1e9b5)

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Co-authored-by: Stéphane Graber <stgraber@stgraber.org>
---
 .../10349-incus_connection-error-handling.yml |  2 ++
 plugins/connection/incus.py                   | 32 ++++++++++++++++---
 2 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/10349-incus_connection-error-handling.yml

diff --git a/changelogs/fragments/10349-incus_connection-error-handling.yml b/changelogs/fragments/10349-incus_connection-error-handling.yml
new file mode 100644
index 0000000000..b35da354d2
--- /dev/null
+++ b/changelogs/fragments/10349-incus_connection-error-handling.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - incus connection plugin - fix error handling to return more useful Ansible errors to the user (https://github.com/ansible-collections/community.general/issues/10344, https://github.com/ansible-collections/community.general/pull/10349).
diff --git a/plugins/connection/incus.py b/plugins/connection/incus.py
index 62a958b504..4f73d05532 100644
--- a/plugins/connection/incus.py
+++ b/plugins/connection/incus.py
@@ -155,11 +155,35 @@ class Connection(ConnectionBase):
         stdout = to_text(stdout)
         stderr = to_text(stderr)
 
-        if stderr == "Error: Instance is not running.\n":
-            raise AnsibleConnectionFailure(f"instance not running: {self._instance()}")
+        if stderr.startswith("Error: ") and stderr.rstrip().endswith(
+            ": Instance is not running"
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance not running: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )
 
-        if stderr == "Error: Instance not found\n":
-            raise AnsibleConnectionFailure(f"instance not found: {self._instance()}")
+        if stderr.startswith("Error: ") and stderr.rstrip().endswith(
+            ": Instance not found"
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance not found: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )
+
+        if (
+            stderr.startswith("Error: ")
+            and ": User does not have permission " in stderr
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance access denied: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )
+
+        if (
+            stderr.startswith("Error: ")
+            and ": User does not have entitlement " in stderr
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance access denied: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )
 
         return process.returncode, stdout, stderr