host-identity 1.1.1

Stable, collision-resistant host identity resolution across platforms, container runtimes, cloud providers, and Kubernetes
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! Error type for identity resolution.

use std::io;
use std::path::PathBuf;

use crate::source::SourceKind;

/// Errors returned by [`crate::Resolver::resolve`].
///
/// Every variant except [`Error::NoSource`] carries the [`SourceKind`]
/// that produced it, so logs and error messages unambiguously identify
/// which source failed. [`Error::source_kind`] exposes the field
/// uniformly across variants.
#[derive(Debug, thiserror::Error)]
#[non_exhaustive]
pub enum Error {
    /// Every configured source was tried and none produced a usable identity.
    #[error("no identity source produced a value (tried: {tried})")]
    NoSource {
        /// Comma-separated list of sources that were attempted.
        tried: String,
    },

    /// A source file was present but contained the systemd `uninitialized`
    /// sentinel. The caller should not treat this as a valid identity — every
    /// host in this state would hash to the same UUID.
    #[error("{source_kind}: {path} contains the `uninitialized` sentinel")]
    Uninitialized {
        /// Which source produced the error.
        source_kind: SourceKind,
        /// Path of the offending file.
        path: PathBuf,
    },

    /// I/O failure while reading a source file. Command-spawn failures are
    /// reported as [`Error::Platform`] instead — this variant's `path`
    /// field is always a real filesystem path.
    #[error("{source_kind}: I/O error reading {}: {source}", path.display())]
    Io {
        /// Which source produced the error.
        source_kind: SourceKind,
        /// Filesystem path that produced the error.
        path: PathBuf,
        /// Underlying I/O error.
        #[source]
        source: io::Error,
    },

    /// A source returned a value that is not a well-formed identifier
    /// (empty after trimming, wrong shape, invalid UTF-8, …).
    #[error("{source_kind}: malformed value: {reason}")]
    Malformed {
        /// Which source produced the error.
        source_kind: SourceKind,
        /// Human-readable reason.
        reason: String,
    },

    /// Platform-specific lookup failed (registry query, syscall, ioreg,
    /// cloud metadata contract violation, …).
    #[error("{source_kind}: {reason}")]
    Platform {
        /// Which source produced the error.
        source_kind: SourceKind,
        /// Human-readable reason.
        reason: String,
    },
}

impl Error {
    /// The source that produced this error, if the variant carries one.
    ///
    /// Returns `None` only for [`Error::NoSource`], which reports that
    /// *every* source was tried and none produced a value — that error
    /// doesn't belong to any single source.
    #[must_use]
    pub fn source_kind(&self) -> Option<SourceKind> {
        match self {
            Self::NoSource { .. } => None,
            Self::Uninitialized { source_kind, .. }
            | Self::Io { source_kind, .. }
            | Self::Malformed { source_kind, .. }
            | Self::Platform { source_kind, .. } => Some(*source_kind),
        }
    }

    /// Whether this error is reasonable for the caller to recover from
    /// at runtime (log a warning, mint a per-run placeholder UUID, etc.)
    /// rather than treat as a fatal configuration problem.
    ///
    /// - [`Error::NoSource`] → `true`. No source produced a value, but
    ///   the crate is behaving correctly; the caller's chain simply
    ///   doesn't match the environment. Apps often handle this by
    ///   falling back to their own ID scheme.
    /// - All other variants → `false`. They indicate a concrete fault
    ///   (sentinel, I/O failure, malformed source value, platform-tool
    ///   failure) that won't fix itself on retry; the caller should
    ///   surface them to the operator.
    ///
    /// This classification is a guideline, not a hard contract. A
    /// particular deployment might reasonably treat an `Io` error on
    /// `/etc/machine-id` as recoverable (keep going with the next
    /// source) — the method exists to give the common case a one-liner,
    /// not to remove the caller's judgement.
    #[must_use]
    pub fn is_recoverable(&self) -> bool {
        matches!(self, Self::NoSource { .. })
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn is_recoverable_only_true_for_no_source() {
        assert!(Error::NoSource { tried: "x".into() }.is_recoverable());
        assert!(
            !Error::Uninitialized {
                source_kind: SourceKind::MachineId,
                path: "/etc/machine-id".into(),
            }
            .is_recoverable()
        );
        assert!(
            !Error::Platform {
                source_kind: SourceKind::IoPlatformUuid,
                reason: "ioreg failed".into(),
            }
            .is_recoverable()
        );
        assert!(
            !Error::Malformed {
                source_kind: SourceKind::Dmi,
                reason: "not a uuid".into(),
            }
            .is_recoverable()
        );
    }

    #[test]
    fn source_kind_round_trips_through_error() {
        let err = Error::Platform {
            source_kind: SourceKind::AwsImds,
            reason: "x".into(),
        };
        assert_eq!(err.source_kind(), Some(SourceKind::AwsImds));
        assert_eq!(
            Error::NoSource {
                tried: "env-override".into()
            }
            .source_kind(),
            None
        );
    }
}