mirror of https://github.com/hashicorp/consul
Browse Source
* First phase of refactoring PermissionDeniedError Add extended type PermissionDeniedByACLError that captures information about the accessor, particular permission type and the object and name of the thing being checked. It may be worth folding the test and error return into a single helper function, that can happen at a later date. Signed-off-by: Mark Anderson <manderson@hashicorp.com>pull/12630/head
Mark Anderson
3 years ago
committed by
GitHub
7 changed files with 141 additions and 31 deletions
@ -0,0 +1,3 @@ |
|||||||
|
```release-note:enhancement |
||||||
|
Refactor ACL denied error code and start improving error details |
||||||
|
``` |
@ -0,0 +1,18 @@ |
|||||||
|
//go:build !consulent
|
||||||
|
// +build !consulent
|
||||||
|
|
||||||
|
package acl |
||||||
|
|
||||||
|
// In some sense we really want this to contain an EnterpriseMeta, but
|
||||||
|
// this turns out to be a convenient place to hang helper functions off of.
|
||||||
|
type ResourceDescriptor struct { |
||||||
|
Name string |
||||||
|
} |
||||||
|
|
||||||
|
func NewResourceDescriptor(name string, _ *AuthorizerContext) ResourceDescriptor { |
||||||
|
return ResourceDescriptor{Name: name} |
||||||
|
} |
||||||
|
|
||||||
|
func (od *ResourceDescriptor) ToString() string { |
||||||
|
return od.Name |
||||||
|
} |
@ -0,0 +1,46 @@ |
|||||||
|
package acl |
||||||
|
|
||||||
|
import ( |
||||||
|
"testing" |
||||||
|
|
||||||
|
"github.com/stretchr/testify/require" |
||||||
|
) |
||||||
|
|
||||||
|
func TestPermissionDeniedError(t *testing.T) { |
||||||
|
type testCase struct { |
||||||
|
err PermissionDeniedError |
||||||
|
expected string |
||||||
|
} |
||||||
|
|
||||||
|
testName := func(t testCase) string { |
||||||
|
return t.expected |
||||||
|
} |
||||||
|
|
||||||
|
auth1 := mockAuthorizer{} |
||||||
|
|
||||||
|
cases := []testCase{ |
||||||
|
{ |
||||||
|
err: PermissionDeniedError{}, |
||||||
|
expected: "Permission denied", |
||||||
|
}, |
||||||
|
{ |
||||||
|
err: PermissionDeniedError{Cause: "simon says"}, |
||||||
|
expected: "Permission denied: simon says", |
||||||
|
}, |
||||||
|
{ |
||||||
|
err: PermissionDeniedByACL(&auth1, nil, ResourceService, AccessRead, "foobar"), |
||||||
|
expected: "Permission denied: provided accessor lacks permission 'service:read' foobar", |
||||||
|
}, |
||||||
|
{ |
||||||
|
err: PermissionDeniedByACLUnnamed(&auth1, nil, ResourceService, AccessRead), |
||||||
|
expected: "Permission denied: provided accessor lacks permission 'service:read'", |
||||||
|
}, |
||||||
|
} |
||||||
|
|
||||||
|
for _, tcase := range cases { |
||||||
|
t.Run(testName(tcase), func(t *testing.T) { |
||||||
|
require.Error(t, tcase.err) |
||||||
|
require.Equal(t, tcase.expected, tcase.err.Error()) |
||||||
|
}) |
||||||
|
} |
||||||
|
} |
Loading…
Reference in new issue