/src/ztunnel/src/identity.rs

Source
// Copyright Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use crate::tls;
use std::str::Utf8Error;
use std::sync::Arc;

mod caclient;
pub use caclient::*;

pub mod manager;
pub use manager::*;

mod auth;
use crate::state::WorkloadInfo;
pub use auth::*;

#[cfg(any(test, feature = "testing"))]
pub mod mock {
    pub use super::caclient::mock::CaClient;
    pub use super::manager::mock::{
        Config as SecretManagerConfig, new_secret_manager, new_secret_manager_cfg,
    };
}

#[derive(thiserror::Error, Debug, Clone)]
pub enum Error {
    #[error("failed to create CSR: {0}")]
    Signing(Arc<tls::Error>),
    #[error("signing gRPC error ({}): {}", .0.code(), .0.message())]
    SigningRequest(#[from] Box<tonic::Status>),
    #[error("failed to process string: {0}")]
    Utf8(#[from] Utf8Error),
    #[error("did not find expected SAN: {0}")]
    SanError(Identity),
    #[error("chain returned from CA is empty for: {0}")]
    EmptyResponse(Identity),
    #[error("invalid spiffe identity: {0}")]
    Spiffe(String),
    #[error("workload is unknown: {0}")]
    UnknownWorkload(Arc<WorkloadInfo>),
    #[error("the identity is no longer needed")]
    Forgotten,
    #[error("BUG: identity requested {0}, but only allowed {1:?}")]
    BugInvalidIdentityRequest(Identity, Arc<WorkloadInfo>),
}

impl From<tls::Error> for Error {
    fn from(value: tls::Error) -> Self {
        Error::Signing(Arc::new(value))
    }
}

Line	Count	Source
1		// Copyright Istio Authors
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// http://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		use crate::tls;
16		use std::str::Utf8Error;
17		use std::sync::Arc;
18
19		mod caclient;
20		pub use caclient::*;
21
22		pub mod manager;
23		pub use manager::*;
24
25		mod auth;
26		use crate::state::WorkloadInfo;
27		pub use auth::*;
28
29		#[cfg(any(test, feature = "testing"))]
30		pub mod mock {
31		pub use super::caclient::mock::CaClient;
32		pub use super::manager::mock::{
33		Config as SecretManagerConfig, new_secret_manager, new_secret_manager_cfg,
34		};
35		}
36
37		#[derive(thiserror::Error, Debug, Clone)]
38		pub enum Error {
39		#[error("failed to create CSR: {0}")]
40		Signing(Arc<tls::Error>),
41		#[error("signing gRPC error ({}): {}", .0.code(), .0.message())]
42		SigningRequest(#[from] Box<tonic::Status>),
43		#[error("failed to process string: {0}")]
44		Utf8(#[from] Utf8Error),
45		#[error("did not find expected SAN: {0}")]
46		SanError(Identity),
47		#[error("chain returned from CA is empty for: {0}")]
48		EmptyResponse(Identity),
49		#[error("invalid spiffe identity: {0}")]
50		Spiffe(String),
51		#[error("workload is unknown: {0}")]
52		UnknownWorkload(Arc<WorkloadInfo>),
53		#[error("the identity is no longer needed")]
54		Forgotten,
55		#[error("BUG: identity requested {0}, but only allowed {1:?}")]
56		BugInvalidIdentityRequest(Identity, Arc<WorkloadInfo>),
57		}
58
59		impl From<tls::Error> for Error {
60	0	fn from(value: tls::Error) -> Self {
61	0	Error::Signing(Arc::new(value))
62	0	}
63		}

Coverage Report

Created: 2026-03-28 06:33