From eb84a856c4ee32f40620105aee9b70c383b287f3 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Mon, 3 May 2021 13:39:13 -0700 Subject: [PATCH] Give descriptive error if auth method not found (#10163) * Give descriptive error if auth method not found Previously during a `consul login -method=blah`, if the auth method was not found, the error returned would be "ACL not found". This is potentially confusing because there may be many different ACLs involved in a login: the ACL of the Consul client, perhaps the binding rule or the auth method. Now the error will be "auth method blah not found", which is much easier to debug. --- .changelog/10163.txt | 3 +++ agent/consul/acl_endpoint.go | 2 +- agent/consul/acl_endpoint_test.go | 2 +- command/login/login_test.go | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 .changelog/10163.txt diff --git a/.changelog/10163.txt b/.changelog/10163.txt new file mode 100644 index 000000000..45f594680 --- /dev/null +++ b/.changelog/10163.txt @@ -0,0 +1,3 @@ +```release-note:improvement +acl: Give more descriptive error if auth method not found. +``` diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index 1a761fca2..15143f727 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -2380,7 +2380,7 @@ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) erro if err != nil { return err } else if method == nil { - return acl.ErrNotFound + return fmt.Errorf("%w: auth method %q not found", acl.ErrNotFound, auth.AuthMethod) } if err := a.enterpriseAuthMethodTypeValidation(method.Type); err != nil { diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index a473f8d59..cf536b0c4 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -4628,7 +4628,7 @@ func TestACLEndpoint_Login(t *testing.T) { } resp := structs.ACLToken{} - testutil.RequireErrorContains(t, acl.Login(&req, &resp), "ACL not found") + testutil.RequireErrorContains(t, acl.Login(&req, &resp), fmt.Sprintf("auth method %q not found", method.Name+"-notexist")) }) t.Run("invalid method token", func(t *testing.T) { diff --git a/command/login/login_test.go b/command/login/login_test.go index 01e0febcb..8c9309b25 100644 --- a/command/login/login_test.go +++ b/command/login/login_test.go @@ -143,7 +143,7 @@ func TestLoginCommand(t *testing.T) { code := cmd.Run(args) require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) - require.Contains(t, ui.ErrorWriter.String(), "403 (ACL not found)") + require.Contains(t, ui.ErrorWriter.String(), "403 (ACL not found: auth method \"test\" not found") }) testSessionID := testauth.StartSession()