mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 09:17:43 +03:00
New error category: SecurityAlert (#14957)
CHANGELOG_BEGIN Added new error category "SecurityAlert". Corrected documentation of GRPC status codes for error categories MaliciousOrFaultyBehavior, AuthInterceptorInvalidAuthenticationCredentials, and InsufficientPermission. CHANGELOG_END
This commit is contained in:
parent
09d9dd903c
commit
08559be6af
@ -66,7 +66,7 @@ MaliciousOrFaultyBehaviour
|
||||
|
||||
**Default log level**: WARN
|
||||
|
||||
**Description**: Request processing failed due to unrecoverable data loss or corruption (e.g. detected via checksums). This error is exposed on the API with grpc-status INTERNAL without any details for security reasons
|
||||
**Description**: Request processing failed due to unrecoverable data loss or corruption (e.g. detected via checksums). This error is exposed on the API with grpc-status UNKNOWN without any details for security reasons
|
||||
|
||||
**Resolution**: Expectation: this can be a severe issue that requires operator attention or intervention, and potentially vendor support.
|
||||
|
||||
@ -81,7 +81,7 @@ AuthInterceptorInvalidAuthenticationCredentials
|
||||
|
||||
**Default log level**: WARN
|
||||
|
||||
**Description**: The request does not have valid authentication credentials for the operation. This error is exposed on the API with grpc-status INTERNAL without any details for security reasons
|
||||
**Description**: The request does not have valid authentication credentials for the operation. This error is exposed on the API with grpc-status UNAUTHENTICATED without any details for security reasons
|
||||
|
||||
**Resolution**: Expectation: this is an application bug, application misconfiguration or ledger-level misconfiguration. Resolution requires application and/or ledger operator intervention.
|
||||
|
||||
@ -96,13 +96,28 @@ InsufficientPermission
|
||||
|
||||
**Default log level**: WARN
|
||||
|
||||
**Description**: The caller does not have permission to execute the specified operation. This error is exposed on the API with grpc-status INTERNAL without any details for security reasons
|
||||
**Description**: The caller does not have permission to execute the specified operation. This error is exposed on the API with grpc-status PERMISSION_DENIED without any details for security reasons
|
||||
|
||||
**Resolution**: Expectation: this is an application bug or application misconfiguration. Resolution requires application operator intervention.
|
||||
|
||||
**Retry strategy**: Retry after application operator intervention.
|
||||
|
||||
|
||||
SecurityAlert
|
||||
========================================================================================================================
|
||||
**Category id**: 15
|
||||
|
||||
**gRPC status code**: INVALID_ARGUMENT
|
||||
|
||||
**Default log level**: WARN
|
||||
|
||||
**Description**: A potential attack has been detected. This error is exposed on the API with grpc-status INVALID_ARGUMENT without any details for security reasons.
|
||||
|
||||
**Resolution**: Expectation: this can be a severe issue that requires operator attention or intervention, and potentially vendor support.
|
||||
|
||||
**Retry strategy**: Errors in this category are non-retryable.
|
||||
|
||||
|
||||
InvalidIndependentOfSystemState
|
||||
========================================================================================================================
|
||||
**Category id**: 8
|
||||
|
@ -46,6 +46,7 @@ object ErrorCategory {
|
||||
MaliciousOrFaultyBehaviour,
|
||||
AuthInterceptorInvalidAuthenticationCredentials,
|
||||
InsufficientPermission,
|
||||
SecurityAlert,
|
||||
InvalidIndependentOfSystemState,
|
||||
InvalidGivenCurrentSystemStateOther,
|
||||
InvalidGivenCurrentSystemStateResourceExists,
|
||||
@ -157,7 +158,7 @@ object ErrorCategory {
|
||||
*/
|
||||
@Description(
|
||||
"""Request processing failed due to unrecoverable data loss or corruption
|
||||
|(e.g. detected via checksums). This error is exposed on the API with grpc-status INTERNAL without any details for security reasons"""
|
||||
|(e.g. detected via checksums). This error is exposed on the API with grpc-status UNKNOWN without any details for security reasons"""
|
||||
)
|
||||
@RetryStrategy("Retry after operator intervention.")
|
||||
@Resolution(
|
||||
@ -178,7 +179,7 @@ object ErrorCategory {
|
||||
/** Client is not authenticated properly
|
||||
*/
|
||||
@Description(
|
||||
"""The request does not have valid authentication credentials for the operation. This error is exposed on the API with grpc-status INTERNAL without any details for security reasons"""
|
||||
"""The request does not have valid authentication credentials for the operation. This error is exposed on the API with grpc-status UNAUTHENTICATED without any details for security reasons"""
|
||||
)
|
||||
@RetryStrategy("""Retry after application operator intervention.""")
|
||||
@Resolution(
|
||||
@ -199,7 +200,7 @@ object ErrorCategory {
|
||||
/** Client does not have appropriate permissions
|
||||
*/
|
||||
@Description(
|
||||
"""The caller does not have permission to execute the specified operation. This error is exposed on the API with grpc-status INTERNAL without any details for security reasons"""
|
||||
"""The caller does not have permission to execute the specified operation. This error is exposed on the API with grpc-status PERMISSION_DENIED without any details for security reasons"""
|
||||
)
|
||||
@RetryStrategy("""Retry after application operator intervention.""")
|
||||
@Resolution(
|
||||
@ -217,6 +218,26 @@ object ErrorCategory {
|
||||
)
|
||||
with ErrorCategory
|
||||
|
||||
@Description(
|
||||
"""A potential attack has been detected.
|
||||
|This error is exposed on the API with grpc-status INVALID_ARGUMENT without any details for security reasons."""
|
||||
)
|
||||
@RetryStrategy("Errors in this category are non-retryable.")
|
||||
@Resolution(
|
||||
"""Expectation: this can be a severe issue that requires operator attention or intervention, and
|
||||
|potentially vendor support."""
|
||||
)
|
||||
object SecurityAlert
|
||||
extends ErrorCategoryImpl(
|
||||
grpcCode = Some(Code.INVALID_ARGUMENT),
|
||||
logLevel = Level.WARN,
|
||||
retryable = None,
|
||||
securitySensitive = true,
|
||||
asInt = 15,
|
||||
rank = 1,
|
||||
)
|
||||
with ErrorCategory
|
||||
|
||||
/** A request which is never going to be valid
|
||||
*/
|
||||
@Description("""The request is invalid independent of the state of the system.""")
|
||||
|
Loading…
Reference in New Issue
Block a user