open-consul/acl/errors_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package acl

import (
	"testing"

	"github.com/stretchr/testify/require"
)

func TestPermissionDeniedError(t *testing.T) {
	type testCase struct {
		err      PermissionDeniedError
		expected string
	}

	testName := func(t testCase) string {
		return t.expected
	}

	auth1 := MockAuthorizer{}
	auth2 := AllowAuthorizer{nil, AnonymousTokenID}

	cases := []testCase{
		{
			err:      PermissionDeniedError{},
			expected: "Permission denied",
		},
		{
			err:      PermissionDeniedError{Cause: "simon says"},
			expected: "Permission denied: simon says",
		},
		{
			err:      PermissionDeniedByACL(&auth1, nil, ResourceService, AccessRead, "foobar"),
			expected: "Permission denied: token with AccessorID '' lacks permission 'service:read' on \"foobar\"",
		},
		{
			err:      PermissionDeniedByACLUnnamed(&auth1, nil, ResourceService, AccessRead),
			expected: "Permission denied: token with AccessorID '' lacks permission 'service:read'",
		},
		{
			err:      PermissionDeniedByACLUnnamed(auth2, nil, ResourceService, AccessRead),
			expected: "Permission denied: anonymous token lacks permission 'service:read'. The anonymous token is used implicitly when a request does not specify a token.",
		},
	}

	for _, tcase := range cases {
		t.Run(testName(tcase), func(t *testing.T) {
			require.Error(t, tcase.err)
			require.Equal(t, tcase.expected, tcase.err.Error())
		})
	}
}
Add copyright headers for acl, api and bench folders (#16706) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * fix merge conflicts * copyright headers for agent folder * Ignore test data files * fix proto files * ignore agent/uiserver folder for now * copyright headers for agent folder * Add copyright headers for acl, api and bench folders 2023-03-28 20:12:41 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Refactor to make ACL errors more structured. (#12308) * First phase of refactoring PermissionDeniedError Add extended type PermissionDeniedByACLError that captures information about the accessor, particular permission type and the object and name of the thing being checked. It may be worth folding the test and error return into a single helper function, that can happen at a later date. Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-02-11 20:53:23 +00:00			`package acl`

			`import (`
			`"testing"`

			`"github.com/stretchr/testify/require"`
			`)`

			`func TestPermissionDeniedError(t *testing.T) {`
			`type testCase struct {`
			`err PermissionDeniedError`
			`expected string`
			`}`

			`testName := func(t testCase) string {`
			`return t.expected`
			`}`

Leadership transfer cmd (#14132) * add leadership transfer command * add RPC call test (flaky) * add missing import * add changelog * add command registration * Apply suggestions from code review Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * add the possibility of providing an id to raft leadership transfer. Add few tests. * delete old file from cherry pick * rename changelog filename to PR # * rename changelog and fix import * fix failing test * check for OperatorWrite Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * rename from leader-transfer to transfer-leader * remove version check and add test for operator read * move struct to operator.go * first pass * add code for leader transfer in the grpc backend and tests * wire the http endpoint to the new grpc endpoint * remove the RPC endpoint * remove non needed struct * fix naming * add mog glue to API * fix comment * remove dead code * fix linter error * change package name for proto file * remove error wrapping * fix failing test * add command registration * add grpc service mock tests * fix receiver to be pointer * use defined values Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * reuse MockAclAuthorizer * add documentation * remove usage of external.TokenFromContext * fix failing tests * fix proto generation * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review * add more context in doc for the reason * Apply suggestions from docs code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * regenerate proto * fix linter errors Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2022-11-14 20:35:12 +00:00			`auth1 := MockAuthorizer{}`
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com> 2023-01-27 15:17:07 +00:00			`auth2 := AllowAuthorizer{nil, AnonymousTokenID}`
Refactor to make ACL errors more structured. (#12308) * First phase of refactoring PermissionDeniedError Add extended type PermissionDeniedByACLError that captures information about the accessor, particular permission type and the object and name of the thing being checked. It may be worth folding the test and error return into a single helper function, that can happen at a later date. Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-02-11 20:53:23 +00:00
			`cases := []testCase{`
			`{`
			`err: PermissionDeniedError{},`
			`expected: "Permission denied",`
			`},`
			`{`
			`err: PermissionDeniedError{Cause: "simon says"},`
			`expected: "Permission denied: simon says",`
			`},`
			`{`
			`err: PermissionDeniedByACL(&auth1, nil, ResourceService, AccessRead, "foobar"),`
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com> 2023-01-27 15:17:07 +00:00			`expected: "Permission denied: token with AccessorID '' lacks permission 'service:read' on \"foobar\"",`
Refactor to make ACL errors more structured. (#12308) * First phase of refactoring PermissionDeniedError Add extended type PermissionDeniedByACLError that captures information about the accessor, particular permission type and the object and name of the thing being checked. It may be worth folding the test and error return into a single helper function, that can happen at a later date. Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-02-11 20:53:23 +00:00			`},`
			`{`
			`err: PermissionDeniedByACLUnnamed(&auth1, nil, ResourceService, AccessRead),`
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com> 2023-01-27 15:17:07 +00:00			`expected: "Permission denied: token with AccessorID '' lacks permission 'service:read'",`
			`},`
			`{`
			`err: PermissionDeniedByACLUnnamed(auth2, nil, ResourceService, AccessRead),`
			`expected: "Permission denied: anonymous token lacks permission 'service:read'. The anonymous token is used implicitly when a request does not specify a token.",`
Refactor to make ACL errors more structured. (#12308) * First phase of refactoring PermissionDeniedError Add extended type PermissionDeniedByACLError that captures information about the accessor, particular permission type and the object and name of the thing being checked. It may be worth folding the test and error return into a single helper function, that can happen at a later date. Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-02-11 20:53:23 +00:00			`},`
			`}`

			`for _, tcase := range cases {`
			`t.Run(testName(tcase), func(t *testing.T) {`
			`require.Error(t, tcase.err)`
			`require.Equal(t, tcase.expected, tcase.err.Error())`
			`})`
			`}`
			`}`