27112982280

Committed 08 Jun 2026 02:41AM UTC coverage: 83.255% (-2.8%) from 86.023%

Build # 27112982280

Build Type

push

github

Committed by

maxlambrecht

Commit Message

build(features): remove redundant workload-api-full

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>

Coverage Stats

6165 of 7405 relevant lines covered (83.25%)

756.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/spiffe/src/workload_api/error.rs

//! Error types for Workload API operations.

use thiserror::Error;

use crate::transport::EndpointError;
use crate::SpiffeIdError;
#[cfg(feature = "jwt")]
use crate::{JwtBundleError, JwtSvidError};
#[cfg(feature = "x509")]
use crate::{X509BundleError, X509SvidError};

#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
use crate::transport::TransportError;

/// Errors produced by Workload API operations.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum WorkloadApiError {
    /// `SPIFFE_ENDPOINT_SOCKET` is not set.
    #[error("missing SPIFFE endpoint socket path (SPIFFE_ENDPOINT_SOCKET)")]
    MissingEndpointSocket,

    /// `SPIFFE_ENDPOINT_SOCKET` is not a valid UTF-8 string.
    #[error("SPIFFE endpoint socket path is not a valid UTF-8 string: {}", .0.display())]
    NotUnicodeEndpointSocket(std::ffi::OsString),

    /// The Workload API returned an empty response.
    ///
    /// This error can occur when:
    /// - The gRPC stream ends unexpectedly
    /// - No SVIDs are available for the requested identity
    /// - The Workload API is misconfigured or the workload is not registered
    ///
    /// **Common causes:**
    /// - Workload selectors don't match
    /// - SPIRE agent is not running
    /// - Network connectivity issues
    #[error("empty Workload API response")]
    EmptyResponse,

    /// Failed to parse the Workload API endpoint string.
    #[error("invalid workload api endpoint: {0}")]
    Endpoint(#[from] EndpointError),

    /// The Workload API denied issuing an identity for this workload (e.g. selectors do not match).
    ///
    /// This error occurs when the SPIRE agent cannot match the workload to any
    /// registration entry based on the workload's selectors.
    #[error("no identity issued")]
    NoIdentityIssued,

    /// The Workload API denied the request for other permission reasons.
    #[error("permission denied: {0}")]
    PermissionDenied(String),

    /// No JWT-SVID found with the requested hint.
    #[error("no JWT-SVID found with hint: {0}")]
    HintNotFound(String),

    /// Errors returned by the underlying transport.
    #[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
    #[error(transparent)]
    Transport(#[from] TransportError),

    /// Failed to parse an X.509 SVID from the Workload API response.
    #[cfg(feature = "x509")]
    #[error("failed to parse X.509 SVID: {0}")]
    X509Svid(#[from] X509SvidError),

    /// Failed to parse a JWT-SVID from the Workload API response.
    #[cfg(feature = "jwt")]
    #[error("failed to parse JWT-SVID: {0}")]
    JwtSvid(#[from] JwtSvidError),

    /// Failed to parse an X.509 bundle from the Workload API response.
    #[cfg(feature = "x509")]
    #[error("failed to parse X.509 bundle: {0}")]
    X509Bundle(#[from] X509BundleError),

    /// Failed to parse a JWT bundle from the Workload API response.
    #[cfg(feature = "jwt")]
    #[error("failed to parse JWT bundle: {0}")]
    JwtBundle(#[from] JwtBundleError),

    /// Failed to parse a SPIFFE identifier from the Workload API response.
    #[error("failed to parse SPIFFE ID: {0}")]
    SpiffeId(#[from] SpiffeIdError),
}

#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
impl From<tonic::Status> for WorkloadApiError {
    fn from(status: tonic::Status) -> Self {
        use tonic::Code;

        if status.code() == Code::PermissionDenied {
            let msg = status.message();

            if msg.contains("no identity issued") {
                return Self::NoIdentityIssued;
            }

            return Self::PermissionDenied(msg.to_owned());
        }

        Self::Transport(TransportError::Status(status))
    }
}

#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
impl From<tonic::transport::Error> for WorkloadApiError {
    fn from(e: tonic::transport::Error) -> Self {
        Self::Transport(TransportError::Tonic(e))
    }
}

1	//! Error types for Workload API operations.
2
3	use thiserror::Error;
4
5	use crate::transport::EndpointError;
6	use crate::SpiffeIdError;
7	#[cfg(feature = "jwt")]
8	use crate::{JwtBundleError, JwtSvidError};
9	#[cfg(feature = "x509")]
10	use crate::{X509BundleError, X509SvidError};
11
12	#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
13	use crate::transport::TransportError;
14
15	/// Errors produced by Workload API operations.
16	#[derive(Debug, Error)]
17	#[non_exhaustive]
18	pub enum WorkloadApiError {
19	/// `SPIFFE_ENDPOINT_SOCKET` is not set.
20	#[error("missing SPIFFE endpoint socket path (SPIFFE_ENDPOINT_SOCKET)")]
21	MissingEndpointSocket,
22
23	/// `SPIFFE_ENDPOINT_SOCKET` is not a valid UTF-8 string.
24	#[error("SPIFFE endpoint socket path is not a valid UTF-8 string: {}", .0.display())]
25	NotUnicodeEndpointSocket(std::ffi::OsString),
26
27	/// The Workload API returned an empty response.
28	///
29	/// This error can occur when:
30	/// - The gRPC stream ends unexpectedly
31	/// - No SVIDs are available for the requested identity
32	/// - The Workload API is misconfigured or the workload is not registered
33	///
34	/// Common causes:
35	/// - Workload selectors don't match
36	/// - SPIRE agent is not running
37	/// - Network connectivity issues
38	#[error("empty Workload API response")]
39	EmptyResponse,
40
41	/// Failed to parse the Workload API endpoint string.
42	#[error("invalid workload api endpoint: {0}")]
43	Endpoint(#[from] EndpointError),
44
45	/// The Workload API denied issuing an identity for this workload (e.g. selectors do not match).
46	///
47	/// This error occurs when the SPIRE agent cannot match the workload to any
48	/// registration entry based on the workload's selectors.
49	#[error("no identity issued")]
50	NoIdentityIssued,
51
52	/// The Workload API denied the request for other permission reasons.
53	#[error("permission denied: {0}")]
54	PermissionDenied(String),
55
56	/// No JWT-SVID found with the requested hint.
57	#[error("no JWT-SVID found with hint: {0}")]
58	HintNotFound(String),
59
60	/// Errors returned by the underlying transport.
61	#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
62	#[error(transparent)]
63	Transport(#[from] TransportError),
64
65	/// Failed to parse an X.509 SVID from the Workload API response.
66	#[cfg(feature = "x509")]
67	#[error("failed to parse X.509 SVID: {0}")]
68	X509Svid(#[from] X509SvidError),
69
70	/// Failed to parse a JWT-SVID from the Workload API response.
71	#[cfg(feature = "jwt")]
72	#[error("failed to parse JWT-SVID: {0}")]
73	JwtSvid(#[from] JwtSvidError),
74
75	/// Failed to parse an X.509 bundle from the Workload API response.
76	#[cfg(feature = "x509")]
77	#[error("failed to parse X.509 bundle: {0}")]
78	X509Bundle(#[from] X509BundleError),
79
80	/// Failed to parse a JWT bundle from the Workload API response.
81	#[cfg(feature = "jwt")]
82	#[error("failed to parse JWT bundle: {0}")]
83	JwtBundle(#[from] JwtBundleError),
84
85	/// Failed to parse a SPIFFE identifier from the Workload API response.
86	#[error("failed to parse SPIFFE ID: {0}")]
87	SpiffeId(#[from] SpiffeIdError),
88	}
89
90	#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
91	impl From<tonic::Status> for WorkloadApiError {
92	fn from(status: tonic::Status) -> Self {	×
93	use tonic::Code;
94
95	if status.code() == Code::PermissionDenied {	×
96	let msg = status.message();	×
97
98	if msg.contains("no identity issued") {	×
99	return Self::NoIdentityIssued;	×
100	}	×
101
102	return Self::PermissionDenied(msg.to_owned());	×
103	}	×
104
105	Self::Transport(TransportError::Status(status))	×
106	}	×
107	}
108
109	#[cfg(any(feature = "workload-api-x509", feature = "workload-api-jwt"))]
110	impl From<tonic::transport::Error> for WorkloadApiError {
111	fn from(e: tonic::transport::Error) -> Self {	×
112	Self::Transport(TransportError::Tonic(e))	×
113	}	×
114	}

maxlambrecht / rust-spiffe / 27112982280

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous