openstack-experimental · gtema · Jan 14, 2026 · Jan 12, 2026
diff --git a/src/application_credential/error.rs b/src/application_credential/error.rs
@@ -30,17 +30,17 @@ pub enum ApplicationCredentialProviderError {
     #[error("conflict: {0}")]
     Conflict(String),
 
+    /// Unsupported driver.
+    #[error("unsupported driver {0}")]
+    UnsupportedDriver(String),
+
     /// Request validation error.
     #[error("request validation error: {}", source)]
     Validation {
         /// The source of the error.
         #[from]
         source: validator::ValidationErrors,
     },
-
-    /// Unsupported driver.
-    #[error("unsupported driver {0}")]
-    UnsupportedDriver(String),
 }
 
 impl From<ApplicationCredentialDatabaseError> for ApplicationCredentialProviderError {

diff --git a/src/error.rs b/src/error.rs
@@ -194,15 +194,6 @@ pub enum DatabaseError {
         context: String,
     },
 
-    /// SqlError.
-    #[error("{message} while {context}")]
-    Sql {
-        /// The error message.
-        message: String,
-        /// The error context.
-        context: String,
-    },
-
     /// Database error.
     #[error("Database error while {context}")]
     Database {
@@ -211,6 +202,15 @@ pub enum DatabaseError {
         /// The error context.
         context: String,
     },
+
+    /// SqlError.
+    #[error("{message} while {context}")]
+    Sql {
+        /// The error message.
+        message: String,
+        /// The error context.
+        context: String,
+    },
 }
 
 pub trait DbContextExt<T> {

diff --git a/src/identity/backend/error.rs b/src/identity/backend/error.rs
@@ -39,15 +39,15 @@ pub enum IdentityDatabaseError {
     #[error("{0}")]
     GroupNotFound(String),
 
-    #[error("corrupted database entries for user {0}")]
-    MalformedUser(String),
-
     #[error(transparent)]
     Join {
         #[from]
         source: tokio::task::JoinError,
     },
 
+    #[error("corrupted database entries for user {0}")]
+    MalformedUser(String),
+
     /// No data for local_user and passwords
     #[error("no passwords for the user {0}")]
     NoPasswordsForUser(String),

diff --git a/src/identity/error.rs b/src/identity/error.rs
@@ -73,14 +73,6 @@ pub enum IdentityProviderError {
         source: BuilderError,
     },
 
-    /// Request validation error.
-    #[error("request validation error: {}", source)]
-    Validation {
-        /// The source of the error.
-        #[from]
-        source: validator::ValidationErrors,
-    },
-
     /// Unsupported driver.
     #[error("unsupported driver {0}")]
     UnsupportedDriver(String),
@@ -92,6 +84,13 @@ pub enum IdentityProviderError {
     /// The user has not been found.
     #[error("user {0} not found")]
     UserNotFound(String),
+    /// Request validation error.
+    #[error("request validation error: {}", source)]
+    Validation {
+        /// The source of the error.
+        #[from]
+        source: validator::ValidationErrors,
+    },
 }
 
 impl From<IdentityDatabaseError> for IdentityProviderError {

diff --git a/src/identity_mapping/error.rs b/src/identity_mapping/error.rs
@@ -47,17 +47,17 @@ pub enum IdentityMappingError {
         source: BuilderError,
     },
 
+    /// Unsupported driver.
+    #[error("unsupported driver {0}")]
+    UnsupportedDriver(String),
+
     /// Request validation error.
     #[error("request validation error: {}", source)]
     Validation {
         /// The source of the error.
         #[from]
         source: validator::ValidationErrors,
     },
-
-    /// Unsupported driver.
-    #[error("unsupported driver {0}")]
-    UnsupportedDriver(String),
 }
 
 impl From<IdentityMappingDatabaseError> for IdentityMappingError {

diff --git a/src/policy.rs b/src/policy.rs
@@ -40,16 +40,18 @@ use crate::token::Token;
 /// Policy related error.
 #[derive(Debug, Error)]
 pub enum PolicyError {
+    /// Module compilation error.
+    #[error("module compilation task crashed")]
+    Compilation(#[from] eyre::Report),
+
+    /// Forbidden error.
     #[error("{}", .0.violations.as_ref().map(
         |v| v.iter().cloned().map(|x| x.msg)
         .reduce(|acc, s| format!("{acc}, {s}"))
         .unwrap_or_default()
     ).unwrap_or("The request you made requires authentication.".into()))]
     Forbidden(PolicyEvaluationResult),
 
-    #[error("module compilation task crashed")]
-    Compilation(#[from] eyre::Report),
-
     #[error(transparent)]
     IO(#[from] std::io::Error),
 

diff --git a/src/token/error.rs b/src/token/error.rs
@@ -26,14 +26,14 @@ pub enum TokenProviderError {
     #[error("actor has no roles on scope")]
     ActorHasNoRolesOnTarget,
 
-    /// Application Credential used in the token is not found.
-    #[error("application credential with id: {0} not found")]
-    ApplicationCredentialNotFound(String),
-
     /// Application Credential has expired.
     #[error("application credential has expired")]
     ApplicationCredentialExpired,
 
+    /// Application Credential used in the token is not found.
+    #[error("application credential with id: {0} not found")]
+    ApplicationCredentialNotFound(String),
+
     /// Application credential provider error.
     #[error(transparent)]
     ApplicationCredentialProvider {
@@ -86,6 +86,14 @@ pub enum TokenProviderError {
     #[error("federated payload must contain idp_id and protocol_id")]
     FederatedPayloadMissingData,
 
+    /// Fernet Decryption
+    #[error("fernet decryption error")]
+    FernetDecryption(#[from] fernet::DecryptionError),
+
+    /// Missing fernet keys
+    #[error("no usable fernet keys has been found")]
+    FernetKeysMissing,
+
     /// Fernet key read error.
     #[error("fernet key read error: {}", source)]
     FernetKeyRead {
@@ -95,14 +103,6 @@ pub enum TokenProviderError {
         path: std::path::PathBuf,
     },
 
-    /// Fernet Decryption
-    #[error("fernet decryption error")]
-    FernetDecryption(#[from] fernet::DecryptionError),
-
-    /// Missing fernet keys
-    #[error("no usable fernet keys has been found")]
-    FernetKeysMissing,
-
     #[error(transparent)]
     IdentityProvider(#[from] crate::identity::error::IdentityProviderError),
 
@@ -157,14 +157,14 @@ pub enum TokenProviderError {
     #[error(transparent)]
     RevokeProvider(#[from] crate::revoke::error::RevokeProviderError),
 
-    /// MSGPack Decryption
-    #[error("rmp value error")]
-    RmpValueRead(#[from] rmp::decode::ValueReadError),
-
     /// MSGPack Encryption
     #[error("rmp value encoding error")]
     RmpEncode(String),
 
+    /// MSGPack Decryption
+    #[error("rmp value error")]
+    RmpValueRead(#[from] rmp::decode::ValueReadError),
+
     /// Target scope information is not found in the token.
     #[error("scope information missing")]
     ScopeMissing,
@@ -193,23 +193,23 @@ pub enum TokenProviderError {
     #[error("token has been revoked")]
     TokenRevoked,
 
-    #[error("int parse")]
-    TryFromIntError(#[from] TryFromIntError),
-
     /// Trust provider error.
     #[error(transparent)]
     TrustProvider(#[from] crate::trust::TrustError),
 
+    #[error("int parse")]
+    TryFromIntError(#[from] TryFromIntError),
+
+    #[error("unsupported authentication methods {0} in token payload")]
+    UnsupportedAuthMethods(String),
+
     /// The user is disabled.
     #[error("user disabled")]
     UserDisabled(String),
 
     #[error("user cannot be found: {0}")]
     UserNotFound(String),
 
-    #[error("unsupported authentication methods {0} in token payload")]
-    UnsupportedAuthMethods(String),
-
     #[error("uuid decryption error")]
     Uuid(#[from] uuid::Error),
 

diff --git a/src/trust/error.rs b/src/trust/error.rs
@@ -42,28 +42,28 @@ pub enum TrustError {
     #[error("requested expiration is more than the redelegated trust can provide")]
     ExpirationImpossible,
 
-    /// Redelegation chain is longer than allowed.
-    #[error("redelegation depth of {length} is out of allowed range [0..{max_depth}]")]
-    RedelegationDeepnessExceed { length: usize, max_depth: usize },
-
-    /// Relegation trust must not add new roles.
-    #[error("some of the requested roles are not in the redelegated trust")]
-    RedelegatedRolesNotAvailable,
-
     /// Relegated trust does not allow impersonation.
     #[error(
         "impersonation is not allowed because redelegated trust does not specify impersonation"
     )]
     RedelegatedImpersonationNotAllowed,
 
-    /// Remaining uses must be unset to redelegate a trust.
-    #[error("remaining uses is set while it must not be set in order to redelegate a trust")]
-    RemainingUsesMustBeUnset,
+    /// Relegation trust must not add new roles.
+    #[error("some of the requested roles are not in the redelegated trust")]
+    RedelegatedRolesNotAvailable,
+
+    /// Redelegation chain is longer than allowed.
+    #[error("redelegation depth of {length} is out of allowed range [0..{max_depth}]")]
+    RedelegationDeepnessExceed { length: usize, max_depth: usize },
 
     /// Remaining uses of the trust is exceeded.
     #[error("remaining uses exceed")]
     RemainingUsesExceed,
 
+    /// Remaining uses must be unset to redelegate a trust.
+    #[error("remaining uses is set while it must not be set in order to redelegate a trust")]
+    RemainingUsesMustBeUnset,
+
     /// (de)serialization error.
     #[error(transparent)]
     Serde {