rpc_proxy+itest: return uniform error for unhandled URI

Currently `basicAuthToMacaroon` returns a different error for an
un-handled URI than is returned for other funcions which first check the
permissions manager to see if a URI is handled. With this commit, we
ensure that the error returned is the same so that the error we assert
on in tests can just be one error.

Author: ellemouton

itest/litd_mode_integrated_test.go

@@ -422,8 +422,7 @@ func integratedTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					endpoint.requestFn,
 					endpoint.successPattern,
 					endpointDisabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -459,8 +458,7 @@ func integratedTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					shouldFailWithoutMacaroon,
 					endpoint.successPattern,
 					endpointDisabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -485,8 +483,7 @@ func integratedTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					ttt, cfg.LitAddr(), cfg.UIPassword,
 					endpoint.grpcWebURI,
 					withoutUIPassword, endpointDisabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -525,8 +522,7 @@ func integratedTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					endpoint.requestFn,
 					endpoint.successPattern,
 					endpointDisabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -1062,26 +1058,19 @@ func runLNCAuthTest(t *testing.T, rawLNCConn grpc.ClientConnInterface,
 	// macaroon permissions properly set up).
 	resp, err := makeRequest(ctxt, rawLNCConn)
 
-	// Is this a disallowed call?
-	if !callAllowed {
-		if disabled {
-			require.ErrorContains(t, err, "unknown permissions "+
-				"required for method")
-		} else {
-			require.ErrorContains(t, err, expectErrContains)
-		}
-
-		return
-	}
-
+	switch {
 	// The call should be allowed, so we expect no error unless this is
 	// for a disabled sub-server.
-	if disabled {
-		require.ErrorContains(t, err, "unknown permissions "+
-			"required for method")
+	case disabled:
+		require.ErrorContains(t, err, "unknown request")
 
 		return
-	} else {
+
+	// Is this a disallowed call?
+	case !callAllowed:
+		require.ErrorContains(t, err, expectErrContains)
+
+	default:
 		require.NoError(t, err)
 	}
 

itest/litd_mode_remote_test.go

@@ -66,8 +66,7 @@ func remoteTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					endpoint.requestFn,
 					endpoint.successPattern,
 					endpointEnabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -93,8 +92,7 @@ func remoteTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					shouldFailWithoutMacaroon,
 					endpoint.successPattern,
 					endpointEnabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -117,8 +115,7 @@ func remoteTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					ttt, cfg.LitAddr(), cfg.UIPassword,
 					endpoint.grpcWebURI, withoutUIPassword,
 					endpointEnabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}
@@ -146,8 +143,7 @@ func remoteTestSuite(ctx context.Context, net *NetworkHarness, t *testing.T,
 					endpoint.requestFn,
 					endpoint.successPattern,
 					endpointEnabled,
-					"unknown permissions required for "+
-						"method",
+					"unknown request",
 				)
 			})
 		}

rpc_proxy.go

@@ -34,9 +34,15 @@ const (
 	HeaderMacaroon = "Macaroon"
 )
 
-// ErrWaitingToStart is returned if Lit's rpcProxy is not yet ready to handle
-// calls.
-var ErrWaitingToStart = fmt.Errorf("waiting for the RPC server to start")
+var (
+	// ErrWaitingToStart is returned if Lit's rpcProxy is not yet ready to
+	// handle calls.
+	ErrWaitingToStart = fmt.Errorf("waiting for the RPC server to start")
+
+	// ErrUnknownRequest is an error returned when the request URI is
+	// unknown if the permissions for the request are unknown.
+	ErrUnknownRequest = fmt.Errorf("unknown request")
+)
 
 // proxyErr is an error type that adds more context to an error occurring in the
 // proxy.
@@ -375,8 +381,7 @@ func (p *rpcProxy) UnaryServerInterceptor(ctx context.Context, req interface{},
 
 	uriPermissions, ok := p.permsMgr.URIPermissions(info.FullMethod)
 	if !ok {
-		return nil, fmt.Errorf("%s: unknown permissions "+
-			"required for method", info.FullMethod)
+		return nil, ErrUnknownRequest
 	}
 
 	// For now, basic authentication is just a quick fix until we
@@ -420,8 +425,7 @@ func (p *rpcProxy) StreamServerInterceptor(srv interface{},
 
 	uriPermissions, ok := p.permsMgr.URIPermissions(info.FullMethod)
 	if !ok {
-		return fmt.Errorf("%s: unknown permissions required "+
-			"for method", info.FullMethod)
+		return ErrUnknownRequest
 	}
 
 	// For now, basic authentication is just a quick fix until we
@@ -521,8 +525,7 @@ func (p *rpcProxy) basicAuthToMacaroon(basicAuth, requestURI string,
 		macPath = p.cfg.MacaroonPath
 
 	default:
-		return nil, fmt.Errorf("unknown gRPC web request: %v",
-			requestURI)
+		return nil, ErrUnknownRequest
 	}
 
 	switch {
@@ -572,8 +575,7 @@ func (p *rpcProxy) convertSuperMacaroon(ctx context.Context, macHex string,
 
 	requiredPermissions, ok := p.permsMgr.URIPermissions(fullMethod)
 	if !ok {
-		return nil, fmt.Errorf("%s: unknown permissions required for "+
-			"method", fullMethod)
+		return nil, ErrUnknownRequest
 	}
 
 	// We have a super macaroon, from here on out we'll return errors if