Skip to main content

aa_security/policy/
error.rs

1//! Errors raised while parsing the canonical policy AST.
2
3use std::fmt;
4
5/// Errors that can occur while parsing a [`PolicyDocument`](super::PolicyDocument).
6#[derive(Debug, Clone, PartialEq, Eq)]
7pub enum PolicyParseError {
8    /// The YAML could not be deserialized.
9    Yaml(String),
10    /// A capability token was not recognised.
11    InvalidCapability {
12        /// The offending raw token.
13        raw: String,
14        /// Why it was rejected.
15        reason: String,
16    },
17    /// A syscall name in the `syscalls.allow` list was not recognised.
18    InvalidSyscall {
19        /// The offending raw token.
20        raw: String,
21        /// Why it was rejected.
22        reason: String,
23    },
24}
25
26impl fmt::Display for PolicyParseError {
27    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
28        match self {
29            Self::Yaml(msg) => write!(f, "policy YAML parse error: {msg}"),
30            Self::InvalidCapability { raw, reason } => {
31                write!(f, "invalid capability {raw:?}: {reason}")
32            }
33            Self::InvalidSyscall { raw, reason } => {
34                write!(f, "invalid syscall {raw:?}: {reason}")
35            }
36        }
37    }
38}
39
40impl std::error::Error for PolicyParseError {}
41
42#[cfg(test)]
43mod tests {
44    use super::*;
45
46    #[test]
47    fn display_yaml_error() {
48        let err = PolicyParseError::Yaml("bad".to_string());
49        assert_eq!(err.to_string(), "policy YAML parse error: bad");
50    }
51
52    #[test]
53    fn display_invalid_capability() {
54        let err = PolicyParseError::InvalidCapability {
55            raw: "teleport".to_string(),
56            reason: "unknown capability: 'teleport'".to_string(),
57        };
58        assert!(err.to_string().contains("teleport"));
59    }
60}