Skip to main content

openstack_keystone_core/k8s_auth/
error.rs

1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5//     http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14//! # K8s Auth error
15
16use thiserror::Error;
17
18use crate::error::BuilderError;
19
20/// K8s auth provider error.
21#[derive(Error, Debug)]
22pub enum K8sAuthProviderError {
23    /// Role audience does not match.
24    #[error("role `bound_audience` does not match")]
25    AudienceMismatch,
26
27    /// K8s auth instance disabled.
28    #[error("k8s instance {0} not active")]
29    AuthInstanceNotActive(String),
30
31    /// K8s auth instance not found.
32    #[error("k8s instance {0} not found")]
33    AuthInstanceNotFound(String),
34
35    /// K8s CA certificate is unknown.
36    #[error("CA certificate of the k8s cannot be identified")]
37    CaCertificateUnknown,
38
39    /// Conflict.
40    #[error("conflict: {0}")]
41    Conflict(String),
42
43    /// Driver error.
44    #[error("backend driver error: {source}")]
45    Driver {
46        /// The source of the error.
47        #[source]
48        source: Box<dyn std::error::Error + Send + Sync>,
49    },
50
51    /// Service account name of the token not matching the
52    /// `bound_service_account_names`.
53    #[error("invalid service account name of the token")]
54    FailedBoundServiceAccountName(String),
55
56    /// Service account name of the token not matching the
57    /// `bound_service_account_namespaces`.
58    #[error("invalid service account namespace of the token")]
59    FailedBoundServiceAccountNamespace(String),
60
61    /// JWT error.
62    #[error("jwt validation error: {source}")]
63    Jwt {
64        /// The source of the error.
65        #[from]
66        source: jsonwebtoken::errors::Error,
67    },
68
69    /// Expired token.
70    #[error("expired token")]
71    ExpiredToken,
72
73    /// Http client error.
74    #[error(transparent)]
75    Http {
76        /// The source of the error.
77        #[from]
78        source: reqwest::Error,
79    },
80
81    /// Identity provider error.
82    #[error(transparent)]
83    IdentityProvider {
84        /// The source of the error.
85        #[from]
86        source: crate::identity::error::IdentityProviderError,
87    },
88
89    /// Insecure JWT signature algorithm.
90    #[error("insecure jwt signature algorithm")]
91    InsecureAlgorithm,
92
93    /// Invalid token.
94    #[error("invalid token")]
95    InvalidToken,
96
97    /// Invalid token review response.
98    #[error("invalid token review response")]
99    InvalidTokenReviewResponse,
100
101    /// K8s auth role not found.
102    #[error("k8s auth role {0} not found")]
103    RoleNotFound(String),
104
105    /// K8s auth role not active.
106    #[error("k8s auth role {0} not active")]
107    RoleNotActive(String),
108
109    /// Role is bound to the other configuration.
110    #[error("k8s auth role {0} belongs to the other instance")]
111    RoleInstanceOwnershipMismatch(String),
112
113    /// Structures builder error.
114    #[error(transparent)]
115    StructBuilder {
116        /// The source of the error.
117        #[from]
118        source: BuilderError,
119    },
120
121    /// Token provider error.
122    #[error(transparent)]
123    TokenProvider {
124        /// The source of the error.
125        #[from]
126        source: crate::token::TokenProviderError,
127    },
128
129    /// Token restriction not found.
130    #[error("token restriction {0} not found")]
131    TokenRestrictionNotFound(String),
132
133    /// Token restriction MUST specify the `project_id`.
134    #[error("token restriction must specify `project_id`")]
135    TokenRestrictionMustSpecifyProjectId,
136
137    /// Token restriction MUST specify the `user_id`.
138    #[error("token restriction must specify `user_id`")]
139    TokenRestrictionMustSpecifyUserId,
140
141    /// Unsupported driver.
142    #[error("unsupported driver `{0}` for the k8s provider")]
143    UnsupportedDriver(String),
144
145    /// User not found.
146    #[error("user {0} not found")]
147    UserNotFound(String),
148}