2023-03-28 21:12:41 +01:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2022-02-11 12:53:23 -08:00
package acl
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestPermissionDeniedError ( t * testing . T ) {
type testCase struct {
err PermissionDeniedError
expected string
}
testName := func ( t testCase ) string {
return t . expected
}
2022-11-14 15:35:12 -05:00
auth1 := MockAuthorizer { }
2023-01-27 09:17:07 -06:00
auth2 := AllowAuthorizer { nil , AnonymousTokenID }
2022-02-11 12:53:23 -08:00
cases := [ ] testCase {
{
err : PermissionDeniedError { } ,
expected : "Permission denied" ,
} ,
{
err : PermissionDeniedError { Cause : "simon says" } ,
expected : "Permission denied: simon says" ,
} ,
{
err : PermissionDeniedByACL ( & auth1 , nil , ResourceService , AccessRead , "foobar" ) ,
2023-01-27 09:17:07 -06:00
expected : "Permission denied: token with AccessorID '' lacks permission 'service:read' on \"foobar\"" ,
2022-02-11 12:53:23 -08:00
} ,
{
err : PermissionDeniedByACLUnnamed ( & auth1 , nil , ResourceService , AccessRead ) ,
2023-01-27 09:17:07 -06:00
expected : "Permission denied: token with AccessorID '' lacks permission 'service:read'" ,
} ,
{
err : PermissionDeniedByACLUnnamed ( auth2 , nil , ResourceService , AccessRead ) ,
expected : "Permission denied: anonymous token lacks permission 'service:read'. The anonymous token is used implicitly when a request does not specify a token." ,
2022-02-11 12:53:23 -08:00
} ,
}
for _ , tcase := range cases {
t . Run ( testName ( tcase ) , func ( t * testing . T ) {
require . Error ( t , tcase . err )
require . Equal ( t , tcase . expected , tcase . err . Error ( ) )
} )
}
}