consul/acl/errors_test.go
skpratt ad43846755
Remove legacy acl tokens (#15947)
* remove legacy tokens

* Update test comment

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* fix imports

* update docs for additional CLI changes

* add test case for anonymous token

* set deprecated api fields to json ignore and fix patch errors

* update changelog to breaking-change

* fix import

* update api docs to remove legacy reference

* fix docs nav data

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
2023-01-27 09:17:07 -06:00

52 lines
1.3 KiB
Go

package acl
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestPermissionDeniedError(t *testing.T) {
type testCase struct {
err PermissionDeniedError
expected string
}
testName := func(t testCase) string {
return t.expected
}
auth1 := MockAuthorizer{}
auth2 := AllowAuthorizer{nil, AnonymousTokenID}
cases := []testCase{
{
err: PermissionDeniedError{},
expected: "Permission denied",
},
{
err: PermissionDeniedError{Cause: "simon says"},
expected: "Permission denied: simon says",
},
{
err: PermissionDeniedByACL(&auth1, nil, ResourceService, AccessRead, "foobar"),
expected: "Permission denied: token with AccessorID '' lacks permission 'service:read' on \"foobar\"",
},
{
err: PermissionDeniedByACLUnnamed(&auth1, nil, ResourceService, AccessRead),
expected: "Permission denied: token with AccessorID '' lacks permission 'service:read'",
},
{
err: PermissionDeniedByACLUnnamed(auth2, nil, ResourceService, AccessRead),
expected: "Permission denied: anonymous token lacks permission 'service:read'. The anonymous token is used implicitly when a request does not specify a token.",
},
}
for _, tcase := range cases {
t.Run(testName(tcase), func(t *testing.T) {
require.Error(t, tcase.err)
require.Equal(t, tcase.expected, tcase.err.Error())
})
}
}