1use crate::{InternalError, InternalErrorClass, InternalErrorOrigin, dto::error::Error};
2
3fn internal_error_to_public(err: &InternalError) -> Error {
4 if let Some(public) = err.public_error() {
5 return public.clone();
6 }
7
8 let message = err.to_string();
9
10 match err.class() {
11 InternalErrorClass::Access => Error::unauthorized(message),
12
13 InternalErrorClass::Domain => match err.origin() {
14 InternalErrorOrigin::Config => Error::invalid(message),
15 _ => Error::conflict(message),
16 },
17
18 InternalErrorClass::Invariant => Error::invariant(message),
19
20 InternalErrorClass::Infra | InternalErrorClass::Ops | InternalErrorClass::Workflow => {
21 Error::internal(message)
22 }
23 }
24}
25
26impl From<&InternalError> for Error {
27 fn from(err: &InternalError) -> Self {
28 internal_error_to_public(err)
29 }
30}
31
32impl From<InternalError> for Error {
33 fn from(err: InternalError) -> Self {
34 internal_error_to_public(&err)
35 }
36}
37
38#[cfg(test)]
43mod tests {
44 use super::*;
45 use crate::{
46 access::AccessError,
47 cdk::types::Principal,
48 domain::policy::pure::topology::{TopologyPolicyError, registry::RegistryPolicyError},
49 dto::error::ErrorCode,
50 ids::CanisterRole,
51 };
52
53 fn p(id: u8) -> Principal {
54 Principal::from_slice(&[id; 29])
55 }
56
57 #[test]
58 fn internal_error_mapping_matches_class_contract() {
59 let access: Error = InternalError::from(AccessError::Denied("denied".to_string())).into();
60 assert_eq!(access.code, ErrorCode::Unauthorized);
61
62 let domain_config: Error =
63 InternalError::domain(InternalErrorOrigin::Config, "bad config").into();
64 assert_eq!(domain_config.code, ErrorCode::InvalidInput);
65
66 let domain_other: Error =
67 InternalError::domain(InternalErrorOrigin::Domain, "conflict").into();
68 assert_eq!(domain_other.code, ErrorCode::Conflict);
69
70 let invariant: Error =
71 InternalError::invariant(InternalErrorOrigin::Ops, "broken invariant").into();
72 assert_eq!(invariant.code, ErrorCode::InvariantViolation);
73
74 let infra: Error = InternalError::infra(InternalErrorOrigin::Infra, "infra fail").into();
75 assert_eq!(infra.code, ErrorCode::Internal);
76
77 let ops: Error = InternalError::ops(InternalErrorOrigin::Ops, "ops fail").into();
78 assert_eq!(ops.code, ErrorCode::Internal);
79
80 let workflow: Error =
81 InternalError::workflow(InternalErrorOrigin::Workflow, "workflow fail").into();
82 assert_eq!(workflow.code, ErrorCode::Internal);
83
84 let token_expired: Error = AccessError::DelegatedAuthTokenExpired.into();
85 assert_eq!(token_expired.code, ErrorCode::AuthTokenExpired);
86
87 let cert_expired: Error = AccessError::DelegatedAuthCertExpired.into();
88 assert_eq!(cert_expired.code, ErrorCode::AuthProofExpired);
89 }
90
91 #[test]
92 fn public_error_is_preserved_without_remap() {
93 let public = Error::not_found("missing");
94 let remapped: Error = InternalError::public(public.clone()).into();
95 assert_eq!(remapped, public);
96 }
97
98 #[test]
99 fn registry_policy_errors_map_to_stable_public_policy_codes() {
100 let err = RegistryPolicyError::RoleAlreadyRegistered {
101 role: CanisterRole::new("app"),
102 pid: p(7),
103 };
104 let internal: InternalError = TopologyPolicyError::from(err).into();
105 let public: Error = internal.into();
106 assert_eq!(public.code, ErrorCode::PolicyRoleAlreadyRegistered);
107 }
108
109 #[test]
110 fn registry_policy_service_parent_errors_use_service_owned_public_codes() {
111 let cases = [
112 (
113 RegistryPolicyError::ReplicaRequiresServiceWithScaling {
114 role: CanisterRole::new("replica"),
115 parent_role: CanisterRole::new("plain_parent"),
116 },
117 ErrorCode::PolicyReplicaRequiresServiceWithScaling,
118 ),
119 (
120 RegistryPolicyError::ShardRequiresServiceWithSharding {
121 role: CanisterRole::new("shard"),
122 parent_role: CanisterRole::new("plain_parent"),
123 },
124 ErrorCode::PolicyShardRequiresServiceWithSharding,
125 ),
126 (
127 RegistryPolicyError::InstanceRequiresServiceWithDirectory {
128 role: CanisterRole::new("instance"),
129 parent_role: CanisterRole::new("plain_parent"),
130 },
131 ErrorCode::PolicyInstanceRequiresServiceWithDirectory,
132 ),
133 ];
134
135 for (err, expected) in cases {
136 let internal: InternalError = TopologyPolicyError::from(err).into();
137 let public: Error = internal.into();
138
139 assert_eq!(public.code, expected);
140 }
141 }
142}