Give descriptive error if auth method not found #10163
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lkysow
force-pushed
the
lkysow/auth-method-not-found
branch
from
4f1f60f
to
984e50d
Compare
lkysow
force-pushed
the
lkysow/auth-method-not-found
branch
from
984e50d
to
2a75560
Compare
Previously during a `consul login -method=blah`, if the auth method was not found, the error returned would be "ACL not found". This is potentially confusing because there may be many different ACLs involved in a login: the ACL of the Consul client, perhaps the binding rule or the auth method. Now the error will be "auth method blah not found", which is much easier to debug.
lkysow
force-pushed
the
lkysow/auth-method-not-found
branch
from
2a75560
to
9dd9013
Compare
dnephin
reviewed
May 3, 2021
command/login/login_test.go
Outdated
| @@ -143,7 +143,7 @@ func TestLoginCommand(t *testing.T) { | |||
|
|
|||
| code := cmd.Run(args) | |||
| require.Equal(t, code, 1, "err: %s", ui.ErrorWriter.String()) | |||
| require.Contains(t, ui.ErrorWriter.String(), "403 (ACL not found)") | |||
| require.Contains(t, ui.ErrorWriter.String(), "500 (auth method \"test\" not found)") | |||
There was a problem hiding this comment.
I don't think we want a 500 response code for this. Either a 404 or 403 seems appropriate.
There's some related context in #8520 (comment) (and the associated issue).
There was a problem hiding this comment.
Totally agreed, didn't know how to do that but your suggestion works like a charm!
dnephin
reviewed
May 3, 2021
agent/consul/acl_endpoint.go
Outdated
| @@ -2380,7 +2380,7 @@ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) erro | |||
| if err != nil { | |||
| return err | |||
| } else if method == nil { | |||
| return acl.ErrNotFound | |||
| return fmt.Errorf("auth method %q not found", auth.AuthMethod) | |||
There was a problem hiding this comment.
Oops, forgot to submit this comment:
I think we'll need something like this:
Suggested change
| return fmt.Errorf("auth method %q not found", auth.AuthMethod) | |
| return fmt.Errorf("auth method %q: %w", auth.AuthMethod, acl.ErrNotFound) |
There was a problem hiding this comment.
I swapped it around so it reads ACL not found: auth method <blah> not found
dnephin
added
backport/1.10
theme/acls
|
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/361410. |
|
🍒✅ Cherry pick of commit 8d6cbe7 onto |
hc-github-team-consul-core
pushed a commit
that referenced
this pull request
May 3, 2021
* Give descriptive error if auth method not found Previously during a `consul login -method=blah`, if the auth method was not found, the error returned would be "ACL not found". This is potentially confusing because there may be many different ACLs involved in a login: the ACL of the Consul client, perhaps the binding rule or the auth method. Now the error will be "auth method blah not found", which is much easier to debug.
|
🍒✅ Cherry pick of commit 8d6cbe7 onto |
hc-github-team-consul-core
pushed a commit
that referenced
this pull request
May 3, 2021
* Give descriptive error if auth method not found Previously during a `consul login -method=blah`, if the auth method was not found, the error returned would be "ACL not found". This is potentially confusing because there may be many different ACLs involved in a login: the ACL of the Consul client, perhaps the binding rule or the auth method. Now the error will be "auth method blah not found", which is much easier to debug.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously during a
consul login -method=blah, if the auth method was not found, theerror returned would be "ACL not found". This is potentially confusing
because there may be many different ACLs involved in a login: the ACL of
the Consul client, perhaps the binding rule or the auth method.
Now the error will be "auth method blah not found", which is much easier
to debug.