spiffe/
error.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
//! Defines errors related to interactions with the GRPC client, including handling of X.509 and JWT materials,
//! SPIFFE endpoint socket path validation, and other potential failure points within the Rust-Spiffe library.
//! This encompasses errors related to endpoint configuration, response handling, data processing, and specific
//! errors for various SPIFFE components.

use crate::{JwtBundleError, JwtSvidError, SpiffeIdError, X509BundleError, X509SvidError};
use thiserror::Error;
use url::ParseError;

/// Errors that may arise while interacting with and fetching materials from a GRPC client.
/// Includes errors related to endpoint configuration, response handling, and data processing.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum GrpcClientError {
    /// Missing environment variable for the endpoint socket address.
    #[error("missing endpoint socket address environment variable (SPIFFE_ENDPOINT_SOCKET)")]
    MissingEndpointSocketPath,

    /// The GRPC client received an empty response.
    #[error("received an empty response from the GRPC client")]
    EmptyResponse,

    /// Invalid endpoint socket path configuration.
    #[error("invalid endpoint socket path")]
    InvalidEndpointSocketPath(#[from] SocketPathError),

    /// Failed to parse the X509Svid response from the client.
    #[error("failed to process X509Svid response")]
    InvalidX509Svid(#[from] X509SvidError),

    /// Failed to parse the JwtSvid response from the client.
    #[error("failed to process JwtSvid response")]
    InvalidJwtSvid(#[from] JwtSvidError),

    /// Failed to parse the X509Bundle response from the client.
    #[error("failed to process X509Bundle response")]
    InvalidX509Bundle(#[from] X509BundleError),

    /// Failed to parse the JwtBundle response from the client.
    #[error("failed to process JwtBundle response")]
    InvalidJwtBundle(#[from] JwtBundleError),

    /// Invalid trust domain in the bundles response.
    #[error("invalid trust domain in bundles response")]
    InvalidTrustDomain(#[from] SpiffeIdError),

    /// Error returned by the GRPC library for error responses from the client.
    #[error("error response from the GRPC client")]
    Grpc(#[from] tonic::Status),

    /// Error returned by the GRPC library when creating a transport channel.
    #[error("error creating transport channel to the GRPC client")]
    Transport(#[from] tonic::transport::Error),
}

/// Errors related to the validation of a SPIFFE endpoint socket path.
/// These cover scenarios such as invalid URI schemes, missing components, and unexpected URI structure.
#[derive(Debug, Error, PartialEq, Copy, Clone)]
#[non_exhaustive]
pub enum SocketPathError {
    /// The SPIFFE endpoint socket URI has a scheme other than 'unix' or 'tcp'.
    #[error("workload endpoint socket URI must have a tcp:// or unix:// scheme")]
    InvalidScheme,

    /// The SPIFFE endpoint unix socket URI does not include a path.
    #[error("workload endpoint unix socket URI must include a path")]
    UnixAddressEmptyPath,

    /// The SPIFFE endpoint tcp socket URI include a path.
    #[error("workload endpoint tcp socket URI must not include a path")]
    TcpAddressNonEmptyPath,

    /// The SPIFFE endpoint socket URI has query values.
    #[error("workload endpoint socket URI must not include query values")]
    HasQueryValues,

    /// The SPIFFE endpoint socket URI has a fragment.
    #[error("workload endpoint socket URI must not include a fragment")]
    HasFragment,

    /// The SPIFFE endpoint socket URI has query user info.
    #[error("workload endpoint socket URI must not include user info")]
    HasUserInfo,

    /// The SPIFFE endpoint tcp socket URI has misses a host.
    #[error("workload endpoint tcp socket URI must include a host")]
    TcpEmptyHost,

    /// The SPIFFE endpoint tcp socket URI has misses a port.
    #[error("workload endpoint tcp socket URI host component must be an IP:port")]
    TcpAddressNoIpPort,

    /// Error returned by the URI parsing library.
    #[error("workload endpoint socket is not a valid URI")]
    Parse(#[from] ParseError),
}