1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

use std::fmt;

/// The Error
#[derive(Debug)]
pub enum Error {
    /// ParseError is returned when there was an error parsing a url
    ParseError(url::ParseError),
    /// ReqwestError is returned when the request made to vault itself fails
    ReqwestError(reqwest::Error),
    /// IOError is returned by operations that have to do some sort of IO, like
    /// the helper function for the kubernetes backend, which loads the JWT token
    /// from a local file
    IOError(std::io::Error),
    /// InvalidRequest is returned when the made to vault was missing data or was invalid/
    /// malformed data and therefore was rejected by vault before doing anything
    InvalidRequest,
    /// IsSealed is returned when the given vault instance is not available because it
    /// is currently sealed and therefore does not accept or handle any requests other
    /// than to unseal it
    IsSealed,
    /// NotFound is returned when the given vault endpoint/path was not found on the
    /// actual vault instance that you are connected to
    NotFound,
    /// Unauthorized is returned when your current Session has either expired and has not
    /// been renewed or when the credentials for login are not valid and therefore rejected
    /// or when you try to access something that you dont have the permissions to do so
    Unauthorized,
    /// SessionExpired is returned when the session you tried to use is expired and was
    /// configured to not automatically obtain a new session, when it notices that the
    /// current one is expired
    SessionExpired,
    /// Other simply represents all other errors that could not be grouped into on the other
    /// categories listed above
    Other,
}

impl fmt::Display for Error {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        match *self {
            Error::ParseError(ref cause) => write!(f, "Parse Error: {}", cause),
            Error::ReqwestError(ref cause) => write!(f, "Reqwest Error: {}", cause),
            Error::IOError(ref cause) => write!(f, "IO Error: {}", cause),
            Error::InvalidRequest => write!(f, "Invalid Request: Invalid or Missing data"),
            Error::IsSealed => write!(
                f,
                "The Vault instance is still sealed and can't be used at the moment"
            ),
            Error::NotFound => write!(f, "Not Found"),
            Error::Unauthorized => write!(f, "Unauthorized"),
            Error::SessionExpired => write!(f, "Session has expired, no auto login"),
            Error::Other => write!(f, "Unknown error"),
        }
    }
}

impl From<url::ParseError> for Error {
    fn from(cause: url::ParseError) -> Error {
        Error::ParseError(cause)
    }
}
impl From<reqwest::Error> for Error {
    fn from(cause: reqwest::Error) -> Error {
        Error::ReqwestError(cause)
    }
}
impl From<std::io::Error> for Error {
    fn from(cause: std::io::Error) -> Error {
        Error::IOError(cause)
    }
}
/// This is only meant for status codes and assumes that the
/// given u16 is a status-code from an http-request
impl From<u16> for Error {
    fn from(cause: u16) -> Error {
        match cause {
            400 => Error::InvalidRequest,
            403 => Error::Unauthorized,
            404 => Error::NotFound,
            503 => Error::IsSealed,
            _ => Error::Other,
        }
    }
}

/// The possible errors returned by the Renew part of the Client
pub enum RenewError {
    /// Possible Errors returned by the Auth backend when you try to renew the
    /// current token/session
    AuthError(Error),
    /// This is returned if you try to run the Renew session part but without
    /// enabling the Renew Policy in the config
    NotEnabled,
    /// Returned when the current session can actually not be renewed
    NotRenewable,
}

impl fmt::Display for RenewError {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        match *self {
            RenewError::AuthError(ref cause) => {
                write!(f, "Error returned by Auth-Backend: {}", cause)
            }
            RenewError::NotEnabled => write!(f, "The Renew Policy is not enabled"),
            RenewError::NotRenewable => write!(f, "The current session can not be renewed"),
        }
    }
}

impl From<Error> for RenewError {
    fn from(cause: Error) -> RenewError {
        RenewError::AuthError(cause)
    }
}