Skip to main content

canic_core/api/
error.rs

1use crate::{InternalError, InternalErrorClass, InternalErrorOrigin, dto::error::Error};
2
3fn internal_error_to_public(err: &InternalError) -> Error {
4    if let Some(public) = err.public_error() {
5        return public.clone();
6    }
7
8    let message = err.to_string();
9
10    match err.class() {
11        InternalErrorClass::Access => Error::unauthorized(message),
12
13        InternalErrorClass::Domain => match err.origin() {
14            InternalErrorOrigin::Config => Error::invalid(message),
15            _ => Error::conflict(message),
16        },
17
18        InternalErrorClass::Invariant => Error::invariant(message),
19
20        InternalErrorClass::Infra | InternalErrorClass::Ops | InternalErrorClass::Workflow => {
21            Error::internal(message)
22        }
23    }
24}
25
26impl From<&InternalError> for Error {
27    fn from(err: &InternalError) -> Self {
28        internal_error_to_public(err)
29    }
30}
31
32impl From<InternalError> for Error {
33    fn from(err: InternalError) -> Self {
34        internal_error_to_public(&err)
35    }
36}
37
38// -----------------------------------------------------------------------------
39// Tests
40// -----------------------------------------------------------------------------
41
42#[cfg(test)]
43mod tests {
44    use super::*;
45    use crate::{
46        access::AccessError,
47        cdk::types::Principal,
48        domain::policy::pure::topology::{TopologyPolicyError, registry::RegistryPolicyError},
49        dto::error::ErrorCode,
50        ids::CanisterRole,
51    };
52
53    fn p(id: u8) -> Principal {
54        Principal::from_slice(&[id; 29])
55    }
56
57    #[test]
58    fn internal_error_mapping_matches_class_contract() {
59        let access: Error = InternalError::from(AccessError::Denied("denied".to_string())).into();
60        assert_eq!(access.code, ErrorCode::Unauthorized);
61
62        let domain_config: Error =
63            InternalError::domain(InternalErrorOrigin::Config, "bad config").into();
64        assert_eq!(domain_config.code, ErrorCode::InvalidInput);
65
66        let domain_other: Error =
67            InternalError::domain(InternalErrorOrigin::Domain, "conflict").into();
68        assert_eq!(domain_other.code, ErrorCode::Conflict);
69
70        let invariant: Error =
71            InternalError::invariant(InternalErrorOrigin::Ops, "broken invariant").into();
72        assert_eq!(invariant.code, ErrorCode::InvariantViolation);
73
74        let infra: Error = InternalError::infra(InternalErrorOrigin::Infra, "infra fail").into();
75        assert_eq!(infra.code, ErrorCode::Internal);
76
77        let ops: Error = InternalError::ops(InternalErrorOrigin::Ops, "ops fail").into();
78        assert_eq!(ops.code, ErrorCode::Internal);
79
80        let workflow: Error =
81            InternalError::workflow(InternalErrorOrigin::Workflow, "workflow fail").into();
82        assert_eq!(workflow.code, ErrorCode::Internal);
83
84        let token_expired: Error = AccessError::DelegatedAuthTokenExpired.into();
85        assert_eq!(token_expired.code, ErrorCode::AuthTokenExpired);
86
87        let cert_expired: Error = AccessError::DelegatedAuthCertExpired.into();
88        assert_eq!(cert_expired.code, ErrorCode::AuthProofExpired);
89    }
90
91    #[test]
92    fn public_error_is_preserved_without_remap() {
93        let public = Error::not_found("missing");
94        let remapped: Error = InternalError::public(public.clone()).into();
95        assert_eq!(remapped, public);
96    }
97
98    #[test]
99    fn registry_policy_errors_map_to_stable_public_policy_codes() {
100        let err = RegistryPolicyError::RoleAlreadyRegistered {
101            role: CanisterRole::new("app"),
102            pid: p(7),
103        };
104        let internal: InternalError = TopologyPolicyError::from(err).into();
105        let public: Error = internal.into();
106        assert_eq!(public.code, ErrorCode::PolicyRoleAlreadyRegistered);
107    }
108
109    #[test]
110    fn registry_policy_service_parent_errors_use_service_owned_public_codes() {
111        let cases = [
112            (
113                RegistryPolicyError::ReplicaRequiresServiceWithScaling {
114                    role: CanisterRole::new("replica"),
115                    parent_role: CanisterRole::new("plain_parent"),
116                },
117                ErrorCode::PolicyReplicaRequiresServiceWithScaling,
118            ),
119            (
120                RegistryPolicyError::ShardRequiresServiceWithSharding {
121                    role: CanisterRole::new("shard"),
122                    parent_role: CanisterRole::new("plain_parent"),
123                },
124                ErrorCode::PolicyShardRequiresServiceWithSharding,
125            ),
126            (
127                RegistryPolicyError::InstanceRequiresServiceWithDirectory {
128                    role: CanisterRole::new("instance"),
129                    parent_role: CanisterRole::new("plain_parent"),
130                },
131                ErrorCode::PolicyInstanceRequiresServiceWithDirectory,
132            ),
133        ];
134
135        for (err, expected) in cases {
136            let internal: InternalError = TopologyPolicyError::from(err).into();
137            let public: Error = internal.into();
138
139            assert_eq!(public.code, expected);
140        }
141    }
142}