Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make PermissionDeniedError struct more detailed #12239

Closed
markan opened this issue Feb 1, 2022 · 0 comments · Fixed by #12308
Closed

Make PermissionDeniedError struct more detailed #12239

markan opened this issue Feb 1, 2022 · 0 comments · Fixed by #12308
Assignees
@markan
Labels
theme/acls ACL and token generation theme/internal-cleanup Used to identify tech debt, testing improvements, code refactoring, and non-impactful optimization

Comments

@markan
Copy link
Contributor

markan commented Feb 1, 2022
edited
Loading

The PermissionDeniedError struct is contains only simple text string created at the time of error generation. We'd like to make that data structured to allow better user messages.

Currently we have

type PermissionDeniedError struct {
	Cause string // which might be the full error message rendered at the point of creation...
}

In many cases we have detailed information about the reason for rejection and would like to capture that.
We should extend with this info. Not all PermissionDenied errors fit that template, so we should create a new structure to capture this.

type PermissionDeniedByACLError struct {
	Accessor string // "token guid"
        Permission string // e.g. "service:read" Perhaps split into resource and level 
        Type string // e.g. service
        Name string // e.g. "sidecar-proxy-1"
        EnterpriseMeta 
}

The acl.PermissionDenied helper function usage should also be examined to see where we need to convert to the new form.

A string conversion function similar to what PermissionDeniedError has should be added.

https://github.com/hashicorp/consul-enterprise/pull/1533
@markan markan added theme/acls ACL and token generation theme/internal-cleanup Used to identify tech debt, testing improvements, code refactoring, and non-impactful optimization labels Feb 1, 2022
@markan markan self-assigned this Feb 1, 2022
@markan markan mentioned this issue Feb 1, 2022
Closed
@markan markan mentioned this issue Feb 10, 2022
Merged
@markan markan closed this as completed Feb 10, 2022
@markan markan reopened this Feb 10, 2022
@markan markan linked a pull request Feb 10, 2022 that will close this issue
Refactor to make ACL errors more structured. #12308
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markan markan

Labels
theme/acls ACL and token generation theme/internal-cleanup Used to identify tech debt, testing improvements, code refactoring, and non-impactful optimization
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor to make ACL errors more structured. hashicorp/consul
1 participant
@markan