Give descriptive error if auth method not found (#10163)

* Give descriptive error if auth method not found

Previously during a `consul login -method=blah`, if the auth method was not found, the
error returned would be "ACL not found". This is potentially confusing
because there may be many different ACLs involved in a login: the ACL of
the Consul client, perhaps the binding rule or the auth method.

Now the error will be "auth method blah not found", which is much easier
to debug.
This commit is contained in:
Luke Kysow 2021-05-03 13:39:13 -07:00 committed by GitHub
parent 5427a1465c
commit eb84a856c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 3 deletions

3
.changelog/10163.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
acl: Give more descriptive error if auth method not found.
```

View File

@ -2380,7 +2380,7 @@ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) erro
if err != nil {
return err
} else if method == nil {
return acl.ErrNotFound
return fmt.Errorf("%w: auth method %q not found", acl.ErrNotFound, auth.AuthMethod)
}
if err := a.enterpriseAuthMethodTypeValidation(method.Type); err != nil {

View File

@ -4628,7 +4628,7 @@ func TestACLEndpoint_Login(t *testing.T) {
}
resp := structs.ACLToken{}
testutil.RequireErrorContains(t, acl.Login(&req, &resp), "ACL not found")
testutil.RequireErrorContains(t, acl.Login(&req, &resp), fmt.Sprintf("auth method %q not found", method.Name+"-notexist"))
})
t.Run("invalid method token", func(t *testing.T) {

View File

@ -143,7 +143,7 @@ func TestLoginCommand(t *testing.T) {
code := cmd.Run(args)
require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String())
require.Contains(t, ui.ErrorWriter.String(), "403 (ACL not found)")
require.Contains(t, ui.ErrorWriter.String(), "403 (ACL not found: auth method \"test\" not found")
})
testSessionID := testauth.StartSession()