mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-10 16:47:01 +02:00
Code Issues Projects Releases Wiki Activity
86ba0dbdeb
vault/sdk/logical/error.go
divyaac 74abae6f01
Added Invalid Token Error Message that will be returned for bad tokens (#25953) 
Edited changelog

Added dummy policy to CE file to make tests pass

Added changelog
2024-03-14 11:15:20 -07:00

177 lines
5.2 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package logical
import (
"context"
"errors"
)
var (
// ErrUnsupportedOperation is returned if the operation is not supported
// by the logical backend.
ErrUnsupportedOperation = errors.New("unsupported operation")
// ErrUnsupportedPath is returned if the path is not supported
// by the logical backend.
ErrUnsupportedPath = errors.New("unsupported path")
// ErrInvalidRequest is returned if the request is invalid
ErrInvalidRequest = errors.New("invalid request")
// ErrPermissionDenied is returned if the client is not authorized
ErrPermissionDenied = errors.New("permission denied")
// ErrInvalidToken is returned if the token is revoked, expired, or non-existent
ErrInvalidToken = errors.New("invalid token")
// ErrInvalidCredentials is returned when the provided credentials are incorrect
// This is used internally for user lockout purposes. This is not seen externally.
// The status code returned does not change because of this error
ErrInvalidCredentials = errors.New("invalid credentials")
// ErrMultiAuthzPending is returned if the request needs more
// authorizations
ErrMultiAuthzPending = errors.New("request needs further approval")
// ErrUpstreamRateLimited is returned when Vault receives a rate limited
// response from an upstream
ErrUpstreamRateLimited = errors.New("upstream rate limited")
// ErrPerfStandbyForward is returned when Vault is in a state such that a
// perf standby cannot satisfy a request
ErrPerfStandbyPleaseForward = errors.New("please forward to the active node")
// ErrLeaseCountQuotaExceeded is returned when a request is rejected due to a lease
// count quota being exceeded.
ErrLeaseCountQuotaExceeded = errors.New("lease count quota exceeded")
// ErrRateLimitQuotaExceeded is returned when a request is rejected due to a
// rate limit quota being exceeded.
ErrRateLimitQuotaExceeded = errors.New("rate limit quota exceeded")
// ErrUnrecoverable is returned when a request fails due to something that
// is likely to require manual intervention. This is a generic form of an
// unrecoverable error.
// e.g.: misconfigured or disconnected storage backend.
ErrUnrecoverable = errors.New("unrecoverable error")
// ErrMissingRequiredState is returned when a request can't be satisfied
// with the data in the local node's storage, based on the provided
// X-Vault-Index request header.
ErrMissingRequiredState = errors.New("required index state not present")
// Error indicating that the requested path used to serve a purpose in older
// versions, but the functionality has now been removed
ErrPathFunctionalityRemoved = errors.New("functionality on this path has been removed")
// ErrNotFound is an error used to indicate that a particular resource was
// not found.
ErrNotFound = errors.New("not found")
)
type DelegatedAuthErrorHandler func(ctx context.Context, initiatingRequest, authRequest *Request, authResponse *Response, err error) (*Response, error)
var _ error = &RequestDelegatedAuthError{}
// RequestDelegatedAuthError Special error indicating the backend wants to delegate authentication elsewhere
type RequestDelegatedAuthError struct {
mountAccessor string
path string
data map[string]interface{}
errHandler DelegatedAuthErrorHandler
}
func NewDelegatedAuthenticationRequest(mountAccessor, path string, data map[string]interface{}, errHandler DelegatedAuthErrorHandler) *RequestDelegatedAuthError {
return &RequestDelegatedAuthError{
mountAccessor: mountAccessor,
path: path,
data: data,
errHandler: errHandler,
}
}
func (d *RequestDelegatedAuthError) Error() string {
return "authentication delegation requested"
}
func (d *RequestDelegatedAuthError) MountAccessor() string {
return d.mountAccessor
}
func (d *RequestDelegatedAuthError) Path() string {
return d.path
}
func (d *RequestDelegatedAuthError) Data() map[string]interface{} {
return d.data
}
func (d *RequestDelegatedAuthError) AuthErrorHandler() DelegatedAuthErrorHandler {
return d.errHandler
}
type HTTPCodedError interface {
Error() string
Code() int
}
func CodedError(status int, msg string) HTTPCodedError {
return &codedError{
Status: status,
Message: msg,
}
}
var _ HTTPCodedError = (*codedError)(nil)
type codedError struct {
Status int
Message string
}
func (e *codedError) Error() string {
return e.Message
}
func (e *codedError) Code() int {
return e.Status
}
// Struct to identify user input errors. This is helpful in responding the
// appropriate status codes to clients from the HTTP endpoints.
type StatusBadRequest struct {
Err string
}
// Implementing error interface
func (s *StatusBadRequest) Error() string {
return s.Err
}
// This is a new type declared to not cause potential compatibility problems if
// the logic around the CodedError changes; in particular for logical request
// paths it is basically ignored, and changing that behavior might cause
// unforeseen issues.
type ReplicationCodedError struct {
Msg string
Code int
}
func (r *ReplicationCodedError) Error() string {
return r.Msg
}
type KeyNotFoundError struct {
Err error
}
func (e *KeyNotFoundError) WrappedErrors() []error {
return []error{e.Err}
}
func (e *KeyNotFoundError) Error() string {
return e.Err.Error()
}
Reference in New Issue View Git Blame Copy Permalink