1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
//! Error type for the IAM client.
//!
//! Every variant represents a situation in which a decision could **not** be obtained
//! (or a token could not be verified). By the crate's fail-closed contract, all of them
//! must be treated as **deny** by callers — see [`crate::ResultExt::is_allowed`].
use Error;
/// Errors returned by [`crate::IamClient`] operations.
///
/// None of these ever mean "allow". A caller that turns any [`IamError`] into anything
/// other than a denial has broken the fail-closed guarantee.