github.com/hashicorp/vault/sdk@v0.13.0/logical/error.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package logical 5 6 import ( 7 "context" 8 "errors" 9 ) 10 11 var ( 12 // ErrUnsupportedOperation is returned if the operation is not supported 13 // by the logical backend. 14 ErrUnsupportedOperation = errors.New("unsupported operation") 15 16 // ErrUnsupportedPath is returned if the path is not supported 17 // by the logical backend. 18 ErrUnsupportedPath = errors.New("unsupported path") 19 20 // ErrInvalidRequest is returned if the request is invalid 21 ErrInvalidRequest = errors.New("invalid request") 22 23 // ErrPermissionDenied is returned if the client is not authorized 24 ErrPermissionDenied = errors.New("permission denied") 25 26 // ErrInvalidToken is returned if the token is revoked, expired, or non-existent 27 ErrInvalidToken = errors.New("invalid token") 28 29 // ErrInvalidCredentials is returned when the provided credentials are incorrect 30 // This is used internally for user lockout purposes. This is not seen externally. 31 // The status code returned does not change because of this error 32 ErrInvalidCredentials = errors.New("invalid credentials") 33 34 // ErrMultiAuthzPending is returned if the request needs more 35 // authorizations 36 ErrMultiAuthzPending = errors.New("request needs further approval") 37 38 // ErrUpstreamRateLimited is returned when Vault receives a rate limited 39 // response from an upstream 40 ErrUpstreamRateLimited = errors.New("upstream rate limited") 41 42 // ErrPerfStandbyForward is returned when Vault is in a state such that a 43 // perf standby cannot satisfy a request 44 ErrPerfStandbyPleaseForward = errors.New("please forward to the active node") 45 46 // ErrLeaseCountQuotaExceeded is returned when a request is rejected due to a lease 47 // count quota being exceeded. 48 ErrLeaseCountQuotaExceeded = errors.New("lease count quota exceeded") 49 50 // ErrRateLimitQuotaExceeded is returned when a request is rejected due to a 51 // rate limit quota being exceeded. 52 ErrRateLimitQuotaExceeded = errors.New("rate limit quota exceeded") 53 54 // ErrUnrecoverable is returned when a request fails due to something that 55 // is likely to require manual intervention. This is a generic form of an 56 // unrecoverable error. 57 // e.g.: misconfigured or disconnected storage backend. 58 ErrUnrecoverable = errors.New("unrecoverable error") 59 60 // ErrMissingRequiredState is returned when a request can't be satisfied 61 // with the data in the local node's storage, based on the provided 62 // X-Vault-Index request header. 63 ErrMissingRequiredState = errors.New("required index state not present") 64 65 // Error indicating that the requested path used to serve a purpose in older 66 // versions, but the functionality has now been removed 67 ErrPathFunctionalityRemoved = errors.New("functionality on this path has been removed") 68 69 // ErrNotFound is an error used to indicate that a particular resource was 70 // not found. 71 ErrNotFound = errors.New("not found") 72 ) 73 74 type DelegatedAuthErrorHandler func(ctx context.Context, initiatingRequest, authRequest *Request, authResponse *Response, err error) (*Response, error) 75 76 var _ error = &RequestDelegatedAuthError{} 77 78 // RequestDelegatedAuthError Special error indicating the backend wants to delegate authentication elsewhere 79 type RequestDelegatedAuthError struct { 80 mountAccessor string 81 path string 82 data map[string]interface{} 83 errHandler DelegatedAuthErrorHandler 84 } 85 86 func NewDelegatedAuthenticationRequest(mountAccessor, path string, data map[string]interface{}, errHandler DelegatedAuthErrorHandler) *RequestDelegatedAuthError { 87 return &RequestDelegatedAuthError{ 88 mountAccessor: mountAccessor, 89 path: path, 90 data: data, 91 errHandler: errHandler, 92 } 93 } 94 95 func (d *RequestDelegatedAuthError) Error() string { 96 return "authentication delegation requested" 97 } 98 99 func (d *RequestDelegatedAuthError) MountAccessor() string { 100 return d.mountAccessor 101 } 102 103 func (d *RequestDelegatedAuthError) Path() string { 104 return d.path 105 } 106 107 func (d *RequestDelegatedAuthError) Data() map[string]interface{} { 108 return d.data 109 } 110 111 func (d *RequestDelegatedAuthError) AuthErrorHandler() DelegatedAuthErrorHandler { 112 return d.errHandler 113 } 114 115 type HTTPCodedError interface { 116 Error() string 117 Code() int 118 } 119 120 func CodedError(status int, msg string) HTTPCodedError { 121 return &codedError{ 122 Status: status, 123 Message: msg, 124 } 125 } 126 127 var _ HTTPCodedError = (*codedError)(nil) 128 129 type codedError struct { 130 Status int 131 Message string 132 } 133 134 func (e *codedError) Error() string { 135 return e.Message 136 } 137 138 func (e *codedError) Code() int { 139 return e.Status 140 } 141 142 // Struct to identify user input errors. This is helpful in responding the 143 // appropriate status codes to clients from the HTTP endpoints. 144 type StatusBadRequest struct { 145 Err string 146 } 147 148 // Implementing error interface 149 func (s *StatusBadRequest) Error() string { 150 return s.Err 151 } 152 153 // This is a new type declared to not cause potential compatibility problems if 154 // the logic around the CodedError changes; in particular for logical request 155 // paths it is basically ignored, and changing that behavior might cause 156 // unforeseen issues. 157 type ReplicationCodedError struct { 158 Msg string 159 Code int 160 } 161 162 func (r *ReplicationCodedError) Error() string { 163 return r.Msg 164 } 165 166 type KeyNotFoundError struct { 167 Err error 168 } 169 170 func (e *KeyNotFoundError) WrappedErrors() []error { 171 return []error{e.Err} 172 } 173 174 func (e *KeyNotFoundError) Error() string { 175 return e.Err.Error() 176 }