gcp-sa 0.1.2

Google Cloud Platform Service Account OAuth authentication abstraction
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

#![warn(missing_docs)]

//! Error struct for Google's authentication API JWT error messages

use serde::Deserialize;
use std::fmt;

/// Variants of different error messages types that the API can return. These are [documented] at Google's API descriptions.
///
/// [documented]: https://developers.google.com/identity/protocols/oauth2/service-account#error-codes
#[derive(PartialEq, Debug, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum GoogleJWTErrorType {
    /// Client was unauthorized to perform the request
    UnauthorizedClient,
    /// Credentials provided do not have approriate permissions
    AccessDenied,
    /// Non valid grant was provided
    InvalidGrant,
    /// Invalid scope was provided
    InvalidScope,
    /// The OAuth client was disabled.
    DisabledClient,
}

/// Google's authentication API error response
#[derive(Debug, Deserialize)]
pub struct GoogleJWTError {
    error: GoogleJWTErrorType,
    error_description: String,
}

impl fmt::Display for GoogleJWTError {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        write!(f, "{}", self.error_description)
    }
}

#[cfg(test)]
mod tests {
    use crate::error::{GoogleJWTError, GoogleJWTErrorType};

    const ACCESSDENIED_MSG: &str = "This is a test error that simulates access denied condition.";

    const ACCESSDENIED_JSON: &str = r#"
        {
            "error": "access_denied",
            "error_description": "This is a test error that simulates access denied condition."
        }
    "#;

    #[test]
    fn test_accessdenied() {
        let raised: Result<(), GoogleJWTError> = Err(GoogleJWTError {
            error: GoogleJWTErrorType::AccessDenied,
            error_description: ACCESSDENIED_MSG.to_string(),
        });
        assert_eq!(raised.is_err(), true);
        match raised {
            Ok(_) => {}
            Err(error) => {
                assert_eq!(error.error, GoogleJWTErrorType::AccessDenied);
                assert_eq!(error.error_description, ACCESSDENIED_MSG);
            }
        };
    }

    #[test]
    fn test_accessdenied_from_json() {
        use serde_json::from_str;

        let raised: Result<(), GoogleJWTError> = Err(from_str(&ACCESSDENIED_JSON).unwrap());
        assert_eq!(raised.is_err(), true);
        match raised {
            Ok(_) => {}
            Err(error) => {
                assert_eq!(error.error, GoogleJWTErrorType::AccessDenied);
                assert_eq!(error.error_description, ACCESSDENIED_MSG);
            }
        };
    }
}

// eof