diff --git a/internal/credential/service_list_credentials.go b/internal/credential/service_list_credentials.go index 5c87c43aa8..27f11038d1 100644 --- a/internal/credential/service_list_credentials.go +++ b/internal/credential/service_list_credentials.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/util" ) // CredentialService defines the interface expected @@ -43,7 +44,7 @@ func List( return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1") case filterItemFn == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") case credentialStoreId == "": return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store ID") diff --git a/internal/credential/service_list_credentials_ext_test.go b/internal/credential/service_list_credentials_ext_test.go index 587a54f231..cfd6840231 100644 --- a/internal/credential/service_list_credentials_ext_test.go +++ b/internal/credential/service_list_credentials_ext_test.go @@ -215,6 +215,16 @@ func TestService_List(t *testing.T) { _, err = credential.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, "") require.ErrorContains(t, err, "missing credential store ID") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, c credential.Static) (bool, error) { + return true, nil + } + tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, credStore.GetPublicId()) + require.ErrorContains(t, err, "token did not have a credential resource type") + }) }) t.Run("ListRefresh validation", func(t *testing.T) { t.Parallel() @@ -283,6 +293,16 @@ func TestService_List(t *testing.T) { _, err = credential.ListRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, "") require.ErrorContains(t, err, "missing credential store ID") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, c credential.Static) (bool, error) { + return true, nil + } + tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, credStore.GetPublicId()) + require.ErrorContains(t, err, "token did not have a credential resource type") + }) }) t.Run("ListRefreshPage validation", func(t *testing.T) { t.Parallel() @@ -361,6 +381,16 @@ func TestService_List(t *testing.T) { _, err = credential.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, "") require.ErrorContains(t, err, "missing credential store ID") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, c credential.Static) (bool, error) { + return true, nil + } + tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, credStore.GetPublicId()) + require.ErrorContains(t, err, "token did not have a credential resource type") + }) }) t.Run("simple pagination", func(t *testing.T) { diff --git a/internal/credential/service_list_credentials_page.go b/internal/credential/service_list_credentials_page.go index e9a686c4cd..d1e42f88df 100644 --- a/internal/credential/service_list_credentials_page.go +++ b/internal/credential/service_list_credentials_page.go @@ -10,6 +10,8 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" + "github.com/hashicorp/boundary/internal/util" ) // ListPage lists up to page size credentials, filtering out entries that @@ -38,10 +40,12 @@ func ListPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") case credentialStoreId == "": return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store ID") + case tok.ResourceType != resource.Credential: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a credential resource type") } if _, ok := tok.Subtype.(*listtoken.PaginationToken); !ok { return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a pagination token component") diff --git a/internal/credential/service_list_credentials_refresh.go b/internal/credential/service_list_credentials_refresh.go index 6eeb049207..04d0fd2e92 100644 --- a/internal/credential/service_list_credentials_refresh.go +++ b/internal/credential/service_list_credentials_refresh.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" + "github.com/hashicorp/boundary/internal/util" ) // ListRefresh lists up to page size credentials, filtering out entries that @@ -42,10 +44,12 @@ func ListRefresh( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") case credentialStoreId == "": return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store ID") + case tok.ResourceType != resource.Credential: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a credential resource type") } rt, ok := tok.Subtype.(*listtoken.StartRefreshToken) if !ok { diff --git a/internal/credential/service_list_credentials_refresh_page.go b/internal/credential/service_list_credentials_refresh_page.go index 5b6cb907fe..22c949f852 100644 --- a/internal/credential/service_list_credentials_refresh_page.go +++ b/internal/credential/service_list_credentials_refresh_page.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" + "github.com/hashicorp/boundary/internal/util" ) // ListRefreshPage lists up to page size credentials, filtering out entries that @@ -42,10 +44,12 @@ func ListRefreshPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") case credentialStoreId == "": return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store ID") + case tok.ResourceType != resource.Credential: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a credential resource type") } rt, ok := tok.Subtype.(*listtoken.RefreshToken) if !ok { diff --git a/internal/credential/service_list_libraries.go b/internal/credential/service_list_libraries.go index f68c4e5328..89929100a8 100644 --- a/internal/credential/service_list_libraries.go +++ b/internal/credential/service_list_libraries.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/util" ) // LibraryService defines the interface expected @@ -43,7 +44,7 @@ func ListLibraries( return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1") case filterItemFn == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") case credentialStoreId == "": return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store ID") diff --git a/internal/credential/service_list_libraries_ext_test.go b/internal/credential/service_list_libraries_ext_test.go index adecc4986c..ac759b4a23 100644 --- a/internal/credential/service_list_libraries_ext_test.go +++ b/internal/credential/service_list_libraries_ext_test.go @@ -196,7 +196,17 @@ func TestLibraryService_List(t *testing.T) { tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.CredentialLibrary, []byte("some hash"), "some-id", fiveDaysAgo) require.NoError(t, err) _, err = credential.ListLibrariesPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, "") - require.ErrorContains(t, err, "missing store id") + require.ErrorContains(t, err, "missing credential store id") + }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, l credential.Library) (bool, error) { + return true, nil + } + tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListLibrariesPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, credStore.GetPublicId()) + require.ErrorContains(t, err, "token did not have an credential library resource type") }) }) t.Run("ListLibrariesRefresh validation", func(t *testing.T) { @@ -266,6 +276,16 @@ func TestLibraryService_List(t *testing.T) { _, err = credential.ListLibrariesRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, "") require.ErrorContains(t, err, "missing credential store ID") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, l credential.Library) (bool, error) { + return true, nil + } + tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListLibrariesRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, credStore.GetPublicId()) + require.ErrorContains(t, err, "token did not have an credential library resource type") + }) }) t.Run("ListLibrariesRefreshPage validation", func(t *testing.T) { t.Parallel() @@ -334,6 +354,26 @@ func TestLibraryService_List(t *testing.T) { _, err = credential.ListLibrariesRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, nil, credStore.GetPublicId()) require.ErrorContains(t, err, "missing service") }) + t.Run("missing credential store ID", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, l credential.Library) (bool, error) { + return true, nil + } + tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.CredentialLibrary, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListLibrariesRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, "") + require.ErrorContains(t, err, "missing credential store id") + }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, l credential.Library) (bool, error) { + return true, nil + } + tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListLibrariesRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, credStore.GetPublicId()) + require.ErrorContains(t, err, "token did not have an credential library resource type") + }) }) t.Run("simple pagination", func(t *testing.T) { diff --git a/internal/credential/service_list_libraries_page.go b/internal/credential/service_list_libraries_page.go index 901fbfe0f3..b713518fb6 100644 --- a/internal/credential/service_list_libraries_page.go +++ b/internal/credential/service_list_libraries_page.go @@ -10,6 +10,8 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" + "github.com/hashicorp/boundary/internal/util" ) // ListLibrariesPage lists up to page size credential libraries, filtering out entries that @@ -38,8 +40,12 @@ func ListLibrariesPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") + case credentialStoreId == "": + return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store id") + case tok.ResourceType != resource.CredentialLibrary: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have an credential library resource type") } if _, ok := tok.Subtype.(*listtoken.PaginationToken); !ok { return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a pagination token component") diff --git a/internal/credential/service_list_libraries_refresh.go b/internal/credential/service_list_libraries_refresh.go index ff29020fd0..0ae4fc52fc 100644 --- a/internal/credential/service_list_libraries_refresh.go +++ b/internal/credential/service_list_libraries_refresh.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" + "github.com/hashicorp/boundary/internal/util" ) // ListRefresh lists up to page size credential libraries, filtering out entries that @@ -42,10 +44,12 @@ func ListLibrariesRefresh( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") case credentialStoreId == "": return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store ID") + case tok.ResourceType != resource.CredentialLibrary: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have an credential library resource type") } rt, ok := tok.Subtype.(*listtoken.StartRefreshToken) if !ok { diff --git a/internal/credential/service_list_libraries_refresh_page.go b/internal/credential/service_list_libraries_refresh_page.go index b0fb8a0cfa..3cfca01df8 100644 --- a/internal/credential/service_list_libraries_refresh_page.go +++ b/internal/credential/service_list_libraries_refresh_page.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" + "github.com/hashicorp/boundary/internal/util" ) // ListRefreshPage lists up to page size credential libraries, filtering out entries that @@ -42,8 +44,12 @@ func ListLibrariesRefreshPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case service == nil: + case util.IsNil(service): return nil, errors.New(ctx, errors.InvalidParameter, op, "missing service") + case credentialStoreId == "": + return nil, errors.New(ctx, errors.InvalidParameter, op, "missing credential store id") + case tok.ResourceType != resource.CredentialLibrary: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have an credential library resource type") } rt, ok := tok.Subtype.(*listtoken.RefreshToken) if !ok { diff --git a/internal/credential/service_list_stores.go b/internal/credential/service_list_stores.go index 52c5397c61..e463fe2ff4 100644 --- a/internal/credential/service_list_stores.go +++ b/internal/credential/service_list_stores.go @@ -33,7 +33,7 @@ func ListStores( return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1") case filterItemFn == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") - case projectIds == nil: + case len(projectIds) == 0: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing project ids") case repo == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") diff --git a/internal/credential/service_list_stores_ext_test.go b/internal/credential/service_list_stores_ext_test.go index 1ef0c856eb..dc2c0ed006 100644 --- a/internal/credential/service_list_stores_ext_test.go +++ b/internal/credential/service_list_stores_ext_test.go @@ -151,7 +151,7 @@ func TestStoreService_List(t *testing.T) { _, err := credential.ListStores(ctx, []byte("some hash"), 1, filterFunc, nil, []string{prj.PublicId}) require.ErrorContains(t, err, "missing repo") }) - t.Run("missing public Ids", func(t *testing.T) { + t.Run("missing project ids", func(t *testing.T) { t.Parallel() filterFunc := func(_ context.Context, s credential.Store) (bool, error) { return true, nil @@ -237,6 +237,16 @@ func TestStoreService_List(t *testing.T) { _, err = credential.ListStoresPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, nil) require.ErrorContains(t, err, "missing project ids") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, s credential.Store) (bool, error) { + return true, nil + } + tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListStoresPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, []string{prj.PublicId}) + require.ErrorContains(t, err, "token did not have a credential store resource type") + }) }) t.Run("ListRefresh validation", func(t *testing.T) { t.Parallel() @@ -305,6 +315,16 @@ func TestStoreService_List(t *testing.T) { _, err = credential.ListStoresRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, nil) require.ErrorContains(t, err, "missing project ids") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, s credential.Store) (bool, error) { + return true, nil + } + tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListStoresRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, []string{prj.PublicId}) + require.ErrorContains(t, err, "token did not have a credential store resource type") + }) }) t.Run("ListRefreshPage validation", func(t *testing.T) { t.Parallel() @@ -383,6 +403,16 @@ func TestStoreService_List(t *testing.T) { _, err = credential.ListStoresRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, nil) require.ErrorContains(t, err, "missing project ids") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, s credential.Store) (bool, error) { + return true, nil + } + tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo) + require.NoError(t, err) + _, err = credential.ListStoresRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, []string{prj.PublicId}) + require.ErrorContains(t, err, "token did not have a credential store resource type") + }) }) t.Run("simple pagination", func(t *testing.T) { diff --git a/internal/credential/service_list_stores_page.go b/internal/credential/service_list_stores_page.go index e18c69b858..a6b0ea4132 100644 --- a/internal/credential/service_list_stores_page.go +++ b/internal/credential/service_list_stores_page.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" ) // ListStoresPage lists up to page size credential stores, filtering out entries that @@ -38,8 +39,12 @@ func ListStoresPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") + case len(projectIds) == 0: + return nil, errors.New(ctx, errors.InvalidParameter, op, "missing project ids") case repo == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") + case tok.ResourceType != resource.CredentialStore: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a credential store resource type") } if _, ok := tok.Subtype.(*listtoken.PaginationToken); !ok { return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a pagination token component") diff --git a/internal/credential/service_list_stores_refresh.go b/internal/credential/service_list_stores_refresh.go index 7cd600a3ba..262a2f6730 100644 --- a/internal/credential/service_list_stores_refresh.go +++ b/internal/credential/service_list_stores_refresh.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" ) // ListStoresRefresh lists up to page size credential stores, filtering out entries that @@ -42,10 +43,12 @@ func ListStoresRefresh( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") - case projectIds == nil: + case len(projectIds) == 0: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing project ids") case repo == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") + case tok.ResourceType != resource.CredentialStore: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a credential store resource type") } rt, ok := tok.Subtype.(*listtoken.StartRefreshToken) if !ok { diff --git a/internal/credential/service_list_stores_refresh_page.go b/internal/credential/service_list_stores_refresh_page.go index 0046e0043f..2492515f56 100644 --- a/internal/credential/service_list_stores_refresh_page.go +++ b/internal/credential/service_list_stores_refresh_page.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" ) // ListStoresRefreshPage lists up to page size credential stores, filtering out entries that @@ -42,8 +43,12 @@ func ListStoresRefreshPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback") case tok == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token") + case len(projectIds) == 0: + return nil, errors.New(ctx, errors.InvalidParameter, op, "missing project ids") case repo == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") + case tok.ResourceType != resource.CredentialStore: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a credential store resource type") } rt, ok := tok.Subtype.(*listtoken.RefreshToken) if !ok {