diff --git a/internal/daemon/controller/handlers/targets/target_service.go b/internal/daemon/controller/handlers/targets/target_service.go index 477470a3e0..fbaaf83463 100644 --- a/internal/daemon/controller/handlers/targets/target_service.go +++ b/internal/daemon/controller/handlers/targets/target_service.go @@ -754,9 +754,6 @@ func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSession return nil, err } t, err = repo.LookupTarget(ctx, t.GetPublicId()) - hostSources := t.GetHostSources() - credSources := t.GetCredentialSources() - if err != nil { if errors.IsNotFoundError(err) { return nil, handlers.NotFoundErrorf("Target %q not found.", t.GetPublicId()) @@ -766,6 +763,8 @@ func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSession if t == nil { return nil, handlers.NotFoundErrorf("Target %q not found.", t.GetPublicId()) } + hostSources := t.GetHostSources() + credSources := t.GetCredentialSources() if len(credSources) > 0 { if err := validateCredentialSourcesFn(ctx, t.GetType(), credSources); err != nil { return nil, err diff --git a/internal/daemon/controller/handlers/targets/tcp/target_service_test.go b/internal/daemon/controller/handlers/targets/tcp/target_service_test.go index 8abdbe0a04..da503c67d8 100644 --- a/internal/daemon/controller/handlers/targets/tcp/target_service_test.go +++ b/internal/daemon/controller/handlers/targets/tcp/target_service_test.go @@ -3499,38 +3499,57 @@ func TestAuthorizeSession_Errors(t *testing.T) { } cases := []struct { - name string - setup []func(target.Target) uint32 - err bool + name string + setup []func(target.Target) uint32 + useTargetId bool + wantErr bool + wantErrContains string }{ { // This one must be run first since it relies on the DB not having any worker details - name: "no worker", - setup: []func(tcpTarget target.Target) uint32{hostExists, libraryExists}, - err: true, + name: "no worker", + setup: []func(tcpTarget target.Target) uint32{hostExists, libraryExists}, + useTargetId: true, + wantErr: true, + wantErrContains: "No workers are available to handle this session", + }, + { + name: "success", + setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, libraryExists}, + useTargetId: true, }, { - name: "success", - setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, libraryExists}, + name: "no target", + setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, libraryExists}, + useTargetId: false, + wantErr: true, + wantErrContains: "Resource not found", }, { - name: "no host port", - setup: []func(tcpTarget target.Target) uint32{workerExists, hostWithoutPort, libraryExists}, + name: "no host port", + setup: []func(tcpTarget target.Target) uint32{workerExists, hostWithoutPort, libraryExists}, + useTargetId: true, }, { - name: "no hosts", - setup: []func(tcpTarget target.Target) uint32{workerExists, hostSetNoHostExists, libraryExists}, - err: true, + name: "no hosts", + setup: []func(tcpTarget target.Target) uint32{workerExists, hostSetNoHostExists, libraryExists}, + useTargetId: true, + wantErr: true, + wantErrContains: "No host sources or address found for given target", }, { - name: "bad library configuration", - setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, misConfiguredlibraryExists}, - err: true, + name: "bad library configuration", + setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, misConfiguredlibraryExists}, + useTargetId: true, + wantErr: true, + wantErrContains: "external system issue: error #3014: Error making API request", }, { - name: "expired token library", - setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, expiredTokenLibrary}, - err: true, + name: "expired token library", + setup: []func(tcpTarget target.Target) uint32{workerExists, hostExists, expiredTokenLibrary}, + useTargetId: true, + wantErr: true, + wantErrContains: "vault.newClient: invalid configuration", }, } for i, tc := range cases { @@ -3542,12 +3561,18 @@ func TestAuthorizeSession_Errors(t *testing.T) { tar.SetVersion(ver) } + id := tar.GetPublicId() + if !tc.useTargetId { + id = "ttcp_bogusid" + } + res, err := s.AuthorizeSession(ctx, &pbs.AuthorizeSessionRequest{ - Id: tar.GetPublicId(), + Id: id, }) - if tc.err { + if tc.wantErr { require.Error(t, err) require.Nil(t, res) + require.ErrorContains(t, err, tc.wantErrContains) return } require.NoError(t, err)