2023-03-28 20:12:41 +00:00
// Copyright (c) HashiCorp, Inc.
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
2023-03-28 20:12:41 +00:00
2022-02-11 20:53:23 +00:00
package acl
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestPermissionDeniedError ( t * testing . T ) {
type testCase struct {
err PermissionDeniedError
expected string
}
testName := func ( t testCase ) string {
return t . expected
}
2022-11-14 20:35:12 +00:00
auth1 := MockAuthorizer { }
2023-01-27 15:17:07 +00:00
auth2 := AllowAuthorizer { nil , AnonymousTokenID }
2022-02-11 20:53:23 +00:00
cases := [ ] testCase {
{
err : PermissionDeniedError { } ,
expected : "Permission denied" ,
} ,
{
err : PermissionDeniedError { Cause : "simon says" } ,
expected : "Permission denied: simon says" ,
} ,
{
err : PermissionDeniedByACL ( & auth1 , nil , ResourceService , AccessRead , "foobar" ) ,
2023-01-27 15:17:07 +00:00
expected : "Permission denied: token with AccessorID '' lacks permission 'service:read' on \"foobar\"" ,
2022-02-11 20:53:23 +00:00
} ,
{
err : PermissionDeniedByACLUnnamed ( & auth1 , nil , ResourceService , AccessRead ) ,
2023-01-27 15:17:07 +00:00
expected : "Permission denied: token with AccessorID '' lacks permission 'service:read'" ,
} ,
{
err : PermissionDeniedByACLUnnamed ( auth2 , nil , ResourceService , AccessRead ) ,
expected : "Permission denied: anonymous token lacks permission 'service:read'. The anonymous token is used implicitly when a request does not specify a token." ,
2022-02-11 20:53:23 +00:00
} ,
}
for _ , tcase := range cases {
t . Run ( testName ( tcase ) , func ( t * testing . T ) {
require . Error ( t , tcase . err )
require . Equal ( t , tcase . expected , tcase . err . Error ( ) )
} )
}
}