chio-envoy-ext-authz 0.1.0

Envoy ext_authz gRPC adapter that bridges external authorization checks to the Chio kernel
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

//! Error types for the Chio ext_authz adapter.

use thiserror::Error;

/// Errors produced while translating an Envoy `CheckRequest` into an Chio
/// [`crate::translate::ToolCallRequest`].
#[derive(Debug, Error, PartialEq, Eq)]
pub enum TranslateError {
    /// The `CheckRequest` did not carry an `AttributeContext`.
    #[error("check request is missing the attributes field")]
    MissingAttributes,

    /// The attributes did not include a nested `Request`.
    #[error("check request attributes are missing the request field")]
    MissingRequest,

    /// The request did not include an `HttpRequest` payload.
    #[error("check request is missing the HTTP request field")]
    MissingHttpRequest,

    /// The HTTP method string was empty or unrecognised.
    #[error("check request HTTP method is empty or invalid: {0:?}")]
    InvalidHttpMethod(String),
}

/// Errors returned by the [`crate::EnvoyKernel`] abstraction. The adapter
/// translates any error into a fail-closed `DeniedHttpResponse` with status
/// `500 Internal Server Error`.
#[derive(Debug, Error)]
pub enum KernelError {
    /// The kernel rejected the request with a terminal internal error.
    #[error("kernel evaluation failed: {0}")]
    Evaluation(String),
}

impl KernelError {
    /// Construct an evaluation error from any displayable value.
    pub fn evaluation(reason: impl std::fmt::Display) -> Self {
        Self::Evaluation(reason.to_string())
    }
}