From 29a684647e82b384381e8e65ced51810f8a81537 Mon Sep 17 00:00:00 2001
From: dkanney <dkanney@terpmail.umd.edu>
Date: Fri, 21 Feb 2025 17:05:28 -0500
Subject: [PATCH] fix(scope): Add defensive checks around invalid resource
 types

---
 internal/types/scope/scope.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/types/scope/scope.go b/internal/types/scope/scope.go
index d9eef8acb9..bdf196d9b6 100644
--- a/internal/types/scope/scope.go
+++ b/internal/types/scope/scope.go
@@ -53,11 +53,15 @@ func AllowedIn(ctx context.Context, r resource.Type) ([]Type, error) {
 		return []Type{Global}, nil
 	case resource.Account, resource.AuthMethod, resource.AuthToken, resource.ManagedGroup, resource.Policy, resource.Scope, resource.SessionRecording, resource.StorageBucket, resource.User:
 		return []Type{Global, Org}, nil
-	case resource.All, resource.Group, resource.Role:
+	case resource.Group, resource.Role:
 		return []Type{Global, Org, Project}, nil
 	case resource.CredentialLibrary, resource.Credential, resource.CredentialStore, resource.HostCatalog, resource.HostSet, resource.Host, resource.Session, resource.Target:
 		return []Type{Project}, nil
+	case resource.Unknown:
+		return nil, errors.New(ctx, errors.InvalidParameter, op, "unknown resource type")
+	case resource.All:
+		return nil, errors.New(ctx, errors.InvalidParameter, op, "resource type '*' is not supported")
 	default:
-		return nil, errors.New(ctx, errors.InvalidParameter, op, "invalid or unknown resource type")
+		return nil, errors.New(ctx, errors.InvalidParameter, op, "invalid resource type")
 	}
 }