signstar_config/config/
error.rs

1//! Error handling for [`SignstarConfig`] and related components.
2
3use nethsm::{KeyId, NamespaceId, SystemWideUserId, UserId};
4use signstar_common::config::get_config_file_paths;
5
6#[cfg(doc)]
7use crate::SignstarConfig;
8use crate::SystemUserId;
9
10/// An error that may occur when handling a [`SignstarConfig`].
11#[derive(Debug, thiserror::Error)]
12pub enum Error {
13    /// The Signstar configuration is missing.
14    #[error("No configuration file found in {}.",
15        get_config_file_paths().iter().map(|path| path.display().to_string()).collect::<Vec<_>>().join(", ")
16    )]
17    ConfigIsMissing,
18
19    /// Duplicate NetHSM user names
20    #[error("The NetHSM user ID {nethsm_user_id} is used more than once!")]
21    DuplicateNetHsmUserId {
22        /// The name of a NetHSM user that is used more than once.
23        nethsm_user_id: UserId,
24    },
25
26    /// An SSH public key is used more than once.
27    #[error("The SSH public key \"{ssh_public_key}\" is used more than once!")]
28    DuplicateSshPublicKey {
29        /// The SSH public key that is used more than once.
30        ssh_public_key: String,
31    },
32
33    /// Duplicate key ID
34    #[error(
35        "The key ID \"{key_id}\" ({}) is used more than once",
36        if let Some(namespace) = namespace {
37            format!("namespace: \"{namespace}\"")
38        } else {
39            "system-wide".to_string()
40        },
41    )]
42    DuplicateKeyId {
43        /// The name of a key that is used more than once.
44        key_id: KeyId,
45        /// The optional `namespace` in which more than one `key_id` exists.
46        namespace: Option<NamespaceId>,
47    },
48
49    /// Duplicate system user names
50    #[error("The system user ID {system_user_id} is used more than once!")]
51    DuplicateSystemUserId {
52        /// The name of a system user that is usd more than once.
53        system_user_id: SystemUserId,
54    },
55
56    /// A tag for a user/key is used more than once.
57    #[error(
58        "The tag {tag} ({}) is used more than once",
59        if let Some(namespace) = namespace {
60            format!("namespace: \"{namespace}\"")
61        } else {
62            "system-wide".to_string()
63        },
64    )]
65    DuplicateTag {
66        /// The tag of a key/user that is used more than once.
67        tag: String,
68        /// The optional name of a namespace in which `tag` is used more than once.
69        namespace: Option<NamespaceId>,
70    },
71
72    /// A system username is invalid
73    #[error("The system user name {name} is invalid")]
74    InvalidSystemUserName {
75        /// The invalid system user name.
76        name: String,
77    },
78
79    /// An entry in authorized_keys is invalid.
80    #[error("The SSH authorized key \"{entry}\" is invalid")]
81    InvalidAuthorizedKeyEntry {
82        /// A string that represents an invalid SSH public key.
83        entry: String,
84    },
85
86    /// A [`UserId`] is used both for a user in the [`Metrics`][`nethsm::UserRole::Metrics`] and
87    /// [`Operator`][`nethsm::UserRole::Operator`] role.
88    #[error("The NetHsm user {metrics_user} is both in the Metrics and Operator role!")]
89    MetricsAlsoOperator {
90        /// The system-wide User ID of a NetHSM user that is both in the
91        /// [`Metrics`][`nethsm::UserRole::Metrics`] and
92        /// [`Operator`][`nethsm::UserRole::Operator`] role.
93        metrics_user: SystemWideUserId,
94    },
95
96    /// A user in the Administrator role is missing system-wide (_R-Administrator_) or in one or
97    /// more namespaces (_N-Administrator_).
98    #[error(
99        "No user in the Administrator role exists ({})",
100        if let Some(namespaces) = namespaces {
101            namespaces.iter().map(|id| id.to_string()).collect::<Vec<_>>().join(", ")
102        } else {
103            "system-wide".to_string()
104        }
105    )]
106    MissingAdministrator {
107        /// The list of namespaces in which administrators are missing.
108        namespaces: Option<Vec<NamespaceId>>,
109    },
110
111    /// Missing system user for downloading shares of a shared secret
112    #[error("No system user for downloading shares of a shared secret exists.")]
113    MissingShareDownloadSystemUser,
114
115    /// Missing system user for uploading shares of a shared secret
116    #[error("No system user for uploading shares of a shared secret exists.")]
117    MissingShareUploadSystemUser,
118
119    /// There are no SSH authorized keys
120    #[error("No SSH authorized key provided!")]
121    NoAuthorizedKeys,
122
123    /// There is no mapping for a provided system user name.
124    #[error("No mapping found where a system user matches the name {name}")]
125    NoMatchingMappingForSystemUser {
126        /// The name of a system user for which no mapping exists.
127        name: String,
128    },
129
130    /// Shamir's Secret Sharing (SSS) is not used for administrative secret handling, but users for
131    /// handling of secret shares are defined
132    #[error(
133        "Shamir's Secret Sharing not used for administrative secret handling, but the following users are setup to handle shares: {share_users:?}"
134    )]
135    NoSssButShareUsers {
136        /// A list of system user names that are setup for Shamir's Secret Sharing.
137        share_users: Vec<SystemUserId>,
138    },
139
140    /// User data is invalid
141    #[error("User data invalid: {0}")]
142    User(#[from] nethsm::UserError),
143
144    /// An SSH key error
145    #[error("SSH key error: {0}")]
146    SshKey(#[from] ssh_key::Error),
147}