Skip to main content

EngineError

hessra_cap_engine::error

Enum EngineError 

Source 
pub enum EngineError {
    CapabilityDenied {
        subject: ObjectId,
        target: ObjectId,
        operation: Operation,
        reason: String,
    },
    ExposureRestriction {
        label: ExposureLabel,
        target: ObjectId,
    },
    Identity(String),
    Context(String),
    Token(TokenError),
    TokenOperation(String),
    Policy(String),
    MissingRequiredDesignation {
        target: ObjectId,
        operation: Operation,
        label: String,
    },
    UnknownLabelInPolicy {
        target: ObjectId,
        operation: Operation,
        label: String,
    },
    SchemaPolicyMismatch(String),
    Resolver(ResolverError),
    ChainCheckFailed {
        subject: ObjectId,
        ancestor: ObjectId,
        target: ObjectId,
        operation: Operation,
        reason: ChainCheckFailure,
    },
}
Expand description

Errors from the capability engine.

Variants§

§

CapabilityDenied

Capability request denied by policy.

Fields

§subject: ObjectId
§target: ObjectId
§operation: Operation
§reason: String
§

ExposureRestriction

Capability request denied due to exposure restriction.

Fields

§label: ExposureLabel
§target: ObjectId
§

Identity(String)

Identity token operation failed.

§

Context(String)

Context token operation failed.

§

Token(TokenError)

Token error from underlying token crate.

§

TokenOperation(String)

Token creation or verification failed.

§

Policy(String)

Policy backend error.

§

MissingRequiredDesignation

A required designation declared in the schema was not supplied at mint time (neither by the policy declaration nor by the caller).

Fields

§target: ObjectId
§operation: Operation
§label: String
§

UnknownLabelInPolicy

A static designation declared in policy references a label that does not appear in the target’s schema for the matched operation. Surfaced at engine construction.

Fields

§target: ObjectId
§operation: Operation
§label: String
§

SchemaPolicyMismatch(String)

Cross-validation between policy and schema failed at engine construction. Either a policy-declared static designation references an unknown label (see EngineError::UnknownLabelInPolicy) or another structural mismatch was detected.

§

Resolver(ResolverError)

A designation resolver failed during a mint_with_context call.

§

ChainCheckFailed

The mint failed the delegated identity chain check: an ancestor of subject either does not hold a grant for (target, operation), or holds a grant whose static designations are not all present in the capability being minted. This enforces “sub-identity capabilities ⊆ parent identity capabilities” transitively, including the per-grant designation envelope.

Fields

§subject: ObjectId
§ancestor: ObjectId
§target: ObjectId
§operation: Operation
§reason: ChainCheckFailure

Trait Implementations§

Source§

impl Debug for EngineError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for EngineError

Source§

fn fmt(&self, __formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Error for EngineError

Source§

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more
1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

Read more
1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

Source§

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)
Provides type-based access to context intended for error reports. Read more
Source§

impl From<ResolverError> for EngineError

Source§

fn from(source: ResolverError) -> Self

Converts to this type from the input type.
Source§

impl From<TokenError> for EngineError

Source§

fn from(source: TokenError) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more