signstar_config/config/
error.rs

1//! Error handling for [`SignstarConfig`] and related components.
2
3#[cfg(doc)]
4use nethsm::NetHsm;
5use nethsm::{KeyId, NamespaceId, UserId};
6use signstar_common::config::get_config_file_paths;
7
8#[cfg(doc)]
9use crate::SignstarConfig;
10use crate::{SystemUserId, SystemWideUserId};
11
12/// An error that may occur when handling a [`SignstarConfig`].
13#[derive(Debug, thiserror::Error)]
14pub enum Error {
15    /// The Signstar configuration is missing.
16    #[error("No configuration file found in {}.",
17        get_config_file_paths().iter().map(|path| path.display().to_string()).collect::<Vec<_>>().join(", ")
18    )]
19    ConfigIsMissing,
20
21    /// Duplicate NetHsm user names
22    #[error("The NetHsm user ID {nethsm_user_id} is used more than once!")]
23    DuplicateNetHsmUserId {
24        /// The name of a [`NetHsm`] user that is used more than once.
25        nethsm_user_id: UserId,
26    },
27
28    /// An SSH public key is used more than once.
29    #[error("The SSH public key \"{ssh_public_key}\" is used more than once!")]
30    DuplicateSshPublicKey {
31        /// The SSH public key that is used more than once.
32        ssh_public_key: String,
33    },
34
35    /// Duplicate key ID
36    #[error(
37        "The key ID \"{key_id}\" ({}) is used more than once",
38        if let Some(namespace) = namespace {
39            format!("namespace: \"{namespace}\"")
40        } else {
41            "system-wide".to_string()
42        },
43    )]
44    DuplicateKeyId {
45        /// The name of a key that is used more than once.
46        key_id: KeyId,
47        /// The optional `namespace` in which more than one `key_id` exists.
48        namespace: Option<NamespaceId>,
49    },
50
51    /// Duplicate system user names
52    #[error("The system user ID {system_user_id} is used more than once!")]
53    DuplicateSystemUserId {
54        /// The name of a system user that is usd more than once.
55        system_user_id: SystemUserId,
56    },
57
58    /// A tag for a user/key is used more than once.
59    #[error(
60        "The tag {tag} ({}) is used more than once",
61        if let Some(namespace) = namespace {
62            format!("namespace: \"{namespace}\"")
63        } else {
64            "system-wide".to_string()
65        },
66    )]
67    DuplicateTag {
68        /// The tag of a key/user that is used more than once.
69        tag: String,
70        /// The optional name of a namespace in which `tag` is used more than once.
71        namespace: Option<NamespaceId>,
72    },
73
74    /// A system username is invalid
75    #[error("The system user name {name} is invalid")]
76    InvalidSystemUserName {
77        /// The invalid system user name.
78        name: String,
79    },
80
81    /// An entry in authorized_keys is invalid.
82    #[error("The SSH authorized key \"{entry}\" is invalid")]
83    InvalidAuthorizedKeyEntry {
84        /// A string that represents an invalid SSH public key.
85        entry: String,
86    },
87
88    /// A [`UserId`] is used both for a user in the [`Metrics`][`nethsm::UserRole::Metrics`] and
89    /// [`Operator`][`nethsm::UserRole::Operator`] role.
90    #[error("The NetHsm user {metrics_user} is both in the Metrics and Operator role!")]
91    MetricsAlsoOperator {
92        /// The system-wide User ID of a [`NetHsm`] user that is both in the
93        /// [`Metrics`][`nethsm::UserRole::Metrics`] and
94        /// [`Operator`][`nethsm::UserRole::Operator`] role.
95        metrics_user: SystemWideUserId,
96    },
97
98    /// A user in the Administrator role is missing system-wide (_R-Administrator_) or in one or
99    /// more namespaces (_N-Administrator_).
100    #[error(
101        "No user in the Administrator role exists ({})",
102        if let Some(namespaces) = namespaces {
103            namespaces.iter().map(|id| id.to_string()).collect::<Vec<_>>().join(", ")
104        } else {
105            "system-wide".to_string()
106        }
107    )]
108    MissingAdministrator {
109        /// The list of namespaces in which administrators are missing.
110        namespaces: Option<Vec<NamespaceId>>,
111    },
112
113    /// Missing system user for downloading shares of a shared secret
114    #[error("No system user for downloading shares of a shared secret exists.")]
115    MissingShareDownloadSystemUser,
116
117    /// Missing system user for uploading shares of a shared secret
118    #[error("No system user for uploading shares of a shared secret exists.")]
119    MissingShareUploadSystemUser,
120
121    /// There are no SSH authorized keys
122    #[error("No SSH authorized key provided!")]
123    NoAuthorizedKeys,
124
125    /// There is no mapping for a provided system user name.
126    #[error("No mapping found where a system user matches the name {name}")]
127    NoMatchingMappingForSystemUser {
128        /// The name of a system user for which no mapping exists.
129        name: String,
130    },
131
132    /// Shamir's Secret Sharing (SSS) is not used for administrative secret handling, but users for
133    /// handling of secret shares are defined
134    #[error(
135        "Shamir's Secret Sharing not used for administrative secret handling, but the following users are setup to handle shares: {share_users:?}"
136    )]
137    NoSssButShareUsers {
138        /// A list of system user names that are setup for Shamir's Secret Sharing.
139        share_users: Vec<SystemUserId>,
140    },
141
142    /// User data is invalid
143    #[error("User data invalid: {0}")]
144    User(#[from] nethsm::UserError),
145
146    /// An SSH key error
147    #[error("SSH key error: {0}")]
148    SshKey(#[from] ssh_key::Error),
149
150    /// A system-wide [`UserId`] has a namespace
151    #[error("The system-wide User ID has a namespace: {0}")]
152    SystemWideUserIdWithNamespace(UserId),
153}