diff --git a/foundation/auth/src/error.rs b/foundation/auth/src/error.rs index 1e951f1a..9cce8614 100644 --- a/foundation/auth/src/error.rs +++ b/foundation/auth/src/error.rs @@ -17,8 +17,8 @@ pub enum Error { #[error("jwt error: {0}")] JwtError(#[from] jsonwebtoken::errors::Error), - #[error("http error: {0}")] - HttpError(#[from] reqwest::Error), + #[error("http error on {0}: {1}")] + HttpError(String, reqwest::Error), #[error("GOOGLE_APPLICATION_CREDENTIALS or default credentials is required: {0}")] CredentialsIOError(#[from] std::io::Error), diff --git a/foundation/auth/src/token_source/authorized_user_token_source.rs b/foundation/auth/src/token_source/authorized_user_token_source.rs index e15dc459..93a96f64 100644 --- a/foundation/auth/src/token_source/authorized_user_token_source.rs +++ b/foundation/auth/src/token_source/authorized_user_token_source.rs @@ -63,9 +63,11 @@ impl TokenSource for UserAccountTokenSource { .post(self.token_url.to_string()) .json(&data) .send() - .await? + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))? .json::() - .await?; + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))?; return Ok(it.to_token(time::OffsetDateTime::now_utc())); } diff --git a/foundation/auth/src/token_source/compute_identity_source.rs b/foundation/auth/src/token_source/compute_identity_source.rs index 1ecf2558..996fc1d9 100644 --- a/foundation/auth/src/token_source/compute_identity_source.rs +++ b/foundation/auth/src/token_source/compute_identity_source.rs @@ -71,9 +71,11 @@ impl TokenSource for ComputeIdentitySource { .get(self.token_url.to_string()) .header(METADATA_FLAVOR_KEY, METADATA_GOOGLE) .send() - .await? + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))? .text() - .await?; + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))?; let exp = jsonwebtoken::decode::(&jwt, &self.decoding_key, &self.validation)? .claims diff --git a/foundation/auth/src/token_source/compute_token_source.rs b/foundation/auth/src/token_source/compute_token_source.rs index 1b0530d3..c8cf3b05 100644 --- a/foundation/auth/src/token_source/compute_token_source.rs +++ b/foundation/auth/src/token_source/compute_token_source.rs @@ -41,9 +41,11 @@ impl TokenSource for ComputeTokenSource { .get(self.token_url.to_string()) .header(METADATA_FLAVOR_KEY, METADATA_GOOGLE) .send() - .await? + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))? .json::() - .await?; + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))?; return Ok(it.to_token(time::OffsetDateTime::now_utc())); } } diff --git a/foundation/auth/src/token_source/impersonate_token_source.rs b/foundation/auth/src/token_source/impersonate_token_source.rs index ccd5201d..16b3a9e9 100644 --- a/foundation/auth/src/token_source/impersonate_token_source.rs +++ b/foundation/auth/src/token_source/impersonate_token_source.rs @@ -55,12 +55,22 @@ impl TokenSource for ImpersonateTokenSource { format!("{} {}", auth_token.token_type, auth_token.access_token), ) .send() - .await?; + .await + .map_err(|e| Error::HttpError(self.url.clone(), e))?; let response = if !response.status().is_success() { let status = response.status().as_u16(); - return Err(Error::UnexpectedImpersonateTokenResponse(status, response.text().await?)); + return Err(Error::UnexpectedImpersonateTokenResponse( + status, + response + .text() + .await + .map_err(|e| Error::HttpError(self.url.clone(), e))?, + )); } else { - response.json::().await? + response + .json::() + .await + .map_err(|e| Error::HttpError(self.url.clone(), e))? }; let expiry = time::OffsetDateTime::parse(&response.expire_time, &Rfc3339)?; diff --git a/foundation/auth/src/token_source/service_account_token_source.rs b/foundation/auth/src/token_source/service_account_token_source.rs index 588000ad..9a699f80 100644 --- a/foundation/auth/src/token_source/service_account_token_source.rs +++ b/foundation/auth/src/token_source/service_account_token_source.rs @@ -171,7 +171,7 @@ impl OAuth2ServiceAccountTokenSource { } /// Checks whether an HTTP response is successful and returns it, or returns an error. - async fn check_response_status(response: Response) -> Result { + async fn check_response_status(token_url: &String, response: Response) -> Result { // Check the status code, returning the response if it is not an error. let error = match response.error_for_status_ref() { Ok(_) => return Ok(response), @@ -188,7 +188,7 @@ impl OAuth2ServiceAccountTokenSource { error: response.error, error_description: response.error_description, }) - .unwrap_or(Error::HttpError(error))) + .unwrap_or(Error::HttpError(token_url.to_owned(), error))) } } @@ -222,19 +222,33 @@ impl TokenSource for OAuth2ServiceAccountTokenSource { .ok_or(Error::NoTargetAudienceFound)? .as_str() .ok_or(Error::NoTargetAudienceFound)?; - let response = self.client.post(self.token_url.as_str()).form(&form).send().await?; - Ok(Self::check_response_status(response) + let response = self + .client + .post(self.token_url.as_str()) + .form(&form) + .send() + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))?; + Ok(Self::check_response_status(&self.token_url, response) .await? .json::() - .await? + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))? .to_token(audience)?) } false => { - let response = self.client.post(self.token_url.as_str()).form(&form).send().await?; - Ok(Self::check_response_status(response) + let response = self + .client + .post(self.token_url.as_str()) + .form(&form) + .send() + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))?; + Ok(Self::check_response_status(&self.token_url, response) .await? .json::() - .await? + .await + .map_err(|e| Error::HttpError(self.token_url.clone(), e))? .to_token(iat)) } }