Skip to main content

coil_tls/
error.rs

1use thiserror::Error;
2
3use crate::TlsInstant;
4
5#[derive(Debug, Clone, Error, PartialEq, Eq)]
6pub enum TlsModelError {
7    #[error("`{field}` cannot be empty")]
8    EmptyField { field: &'static str },
9    #[error("`{field}` contains an invalid token `{value}`")]
10    InvalidToken { field: &'static str, value: String },
11    #[error("external termination does not issue certificates")]
12    ExternalTerminationDoesNotIssue,
13    #[error("manual mode requires an imported certificate inventory entry")]
14    ManualModeRequiresImportedCertificate,
15    #[error("wildcard hostnames require dns-01 validation")]
16    WildcardRequiresDns01,
17    #[error("certificate `{certificate_id}` is not currently active")]
18    CertificateNotActive { certificate_id: String },
19    #[error(
20        "certificate `{certificate_id}` cannot be renewed because it is already replacing itself"
21    )]
22    RenewalAlreadyInProgress { certificate_id: String },
23    #[error("certificate `{certificate_id}` is not known to the TLS inventory")]
24    UnknownCertificate { certificate_id: String },
25    #[error("hostname `{hostname}` is already bound to active certificate `{certificate_id}`")]
26    DuplicateHostnameBinding {
27        hostname: String,
28        certificate_id: String,
29    },
30    #[error(
31        "certificate `{certificate_id}` cannot be renewed until `{renew_after}`, current time is `{now}`"
32    )]
33    RenewalNotDue {
34        certificate_id: String,
35        renew_after: TlsInstant,
36        now: TlsInstant,
37    },
38    #[error("certificate `{certificate_id}` has no pending replacement")]
39    MissingReplacementCertificate { certificate_id: String },
40    #[error("certificate material `{certificate_id}` is already attached")]
41    CertificateMaterialAlreadyAttached { certificate_id: String },
42    #[error("certificate material `{certificate_id}` is missing")]
43    MissingCertificateMaterial { certificate_id: String },
44    #[error("certificate material cannot be decrypted with key `{key_id}`")]
45    UnsupportedEncryptedMaterialKey { key_id: String },
46    #[error("invalid certificate material `{field}`: {reason}")]
47    InvalidCertificateMaterial { field: &'static str, reason: String },
48    #[error("failed to encrypt certificate material: {reason}")]
49    CertificateMaterialEncryptionFailed { reason: String },
50    #[error("failed to decrypt certificate material: {reason}")]
51    CertificateMaterialDecryptionFailed { reason: String },
52    #[error("tls control-plane state `{path}` is invalid: {reason}")]
53    CorruptControlPlaneState { path: String, reason: String },
54    #[error("failed to persist tls control-plane state `{path}`: {reason}")]
55    ControlPlaneStatePersistence { path: String, reason: String },
56    #[error("distributed tls control-plane namespace `{namespace}` is invalid: {reason}")]
57    CorruptDistributedControlPlaneState { namespace: String, reason: String },
58    #[error("failed to persist distributed tls control-plane state `{namespace}`: {reason}")]
59    DistributedControlPlaneStatePersistence { namespace: String, reason: String },
60    #[error("tls provider `{provider}` requires credential material")]
61    MissingProviderCredential { provider: String },
62    #[error("tls provider `{provider}` does not support challenge `{challenge}`")]
63    UnsupportedProviderChallenge { provider: String, challenge: String },
64    #[error("invalid tls configuration for `{field}`: {reason}")]
65    InvalidConfiguration { field: &'static str, reason: String },
66    #[error("tls provider `{provider}` failed during `{operation}`: {reason}")]
67    ProviderRequestFailed {
68        provider: String,
69        operation: &'static str,
70        reason: String,
71    },
72}