trait implementation

Author: chlowell

sdk/identity/azure_identity/src/azure_cli_credential.rs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 use crate::{
+    authentication_error,
     env::Env,
     process::{new_executor, shell_exec, Executor, OutputProcessor},
     validate_scope, validate_subscription, validate_tenant_id,
@@ -158,7 +159,9 @@ impl TokenCredential for AzureCliCredential {
 
         trace!("running Azure CLI command: {command:?}");
 
-        shell_exec::<CliTokenResponse>(self.executor.clone(), &self.env, &command).await
+        shell_exec::<CliTokenResponse>(self.executor.clone(), &self.env, &command)
+            .await
+            .map_err(authentication_error::<Self>)
     }
 }
 

sdk/identity/azure_identity/src/azure_developer_cli_credential.rs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 use crate::{
+    authentication_error,
     env::Env,
     process::{new_executor, shell_exec, Executor, OutputProcessor},
     validate_scope, validate_tenant_id,
@@ -128,7 +129,9 @@ impl TokenCredential for AzureDeveloperCliCredential {
             command.push(" --tenant-id ");
             command.push(tenant_id);
         }
-        shell_exec::<AzdTokenResponse>(self.executor.clone(), &self.env, &command).await
+        shell_exec::<AzdTokenResponse>(self.executor.clone(), &self.env, &command)
+            .await
+            .map_err(authentication_error::<Self>)
     }
 }
 

sdk/identity/azure_identity/src/azure_pipelines_credential.rs

@@ -226,7 +226,7 @@ impl fmt::Display for ErrorHeaders {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::env::Env;
+    use crate::{env::Env, TroubleshootingGuide, TSG_LINK_ERROR_TEXT};
     use azure_core::{
         http::{BufResponse, ClientOptions, Transport},
         Bytes,
@@ -300,7 +300,10 @@ mod tests {
                     err.to_string().contains("bar"),
         ));
         assert!(
-            err.to_string().contains(&format!("{}apc", crate::TSG_LINK)),
+            err.to_string().contains(&format!(
+                "{TSG_LINK_ERROR_TEXT}{}",
+                AzurePipelinesCredential::FRAGMENT
+            )),
             "expected error to contain a link to the troubleshooting guide, got '{err}'",
         );
     }

sdk/identity/azure_identity/src/client_secret_credential.rs

@@ -172,7 +172,7 @@ impl TokenCredential for ClientSecretCredential {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::{tests::*, TSG_LINK};
+    use crate::{tests::*, TroubleshootingGuide, TSG_LINK_ERROR_TEXT};
     use azure_core::{
         authority_hosts::AZURE_PUBLIC_CLOUD,
         http::{headers::Headers, BufResponse, StatusCode, Transport},
@@ -237,8 +237,10 @@ mod tests {
             err
         );
         assert!(
-            err.to_string()
-                .contains(&format!("{TSG_LINK}client-secret")),
+            err.to_string().contains(&format!(
+                "{TSG_LINK_ERROR_TEXT}{}",
+                ClientSecretCredential::FRAGMENT
+            )),
             "expected error to contain a link to the troubleshooting guide, got '{err}'",
         );
     }

sdk/identity/azure_identity/src/lib.rs

@@ -112,26 +112,75 @@ fn get_authority_host(env: Option<Env>, option: Option<String>) -> Result<Url> {
     Url::parse(&authority_host).map_err(Into::<Error>::into)
 }
 
-const TSG_LINK: &str = ". To troubleshoot, visit https://aka.ms/azsdk/rust/identity/troubleshoot#";
+const TSG_LINK_ERROR_TEXT: &str =
+    ". To troubleshoot, visit https://aka.ms/azsdk/rust/identity/troubleshoot";
+
+/// A troubleshooting guide entry.
+#[doc(hidden)]
+pub trait TroubleshootingGuide: private::Sealed {
+    /// The URL fragment (leading '#' and an anchor) for this type's entry in the troubleshooting guide.
+    const FRAGMENT: &'static str;
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+impl TroubleshootingGuide for AzureCliCredential {
+    const FRAGMENT: &'static str = "#azure-cli";
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+impl TroubleshootingGuide for AzureDeveloperCliCredential {
+    const FRAGMENT: &'static str = "#azd";
+}
+
+impl TroubleshootingGuide for AzurePipelinesCredential {
+    const FRAGMENT: &'static str = "#apc";
+}
+
+#[cfg(feature = "client_certificate")]
+impl TroubleshootingGuide for ClientCertificateCredential {
+    const FRAGMENT: &'static str = "#client-cert";
+}
+
+impl TroubleshootingGuide for ClientSecretCredential {
+    const FRAGMENT: &'static str = "#client-secret";
+}
+
+impl TroubleshootingGuide for ManagedIdentityCredential {
+    const FRAGMENT: &'static str = "#managed-id";
+}
+
+impl TroubleshootingGuide for WorkloadIdentityCredential {
+    const FRAGMENT: &'static str = "#workload";
+}
+
+mod private {
+    pub trait Sealed {}
+    #[cfg(not(target_arch = "wasm32"))]
+    impl Sealed for super::AzureCliCredential {}
+    #[cfg(not(target_arch = "wasm32"))]
+    impl Sealed for super::AzureDeveloperCliCredential {}
+    impl Sealed for super::AzurePipelinesCredential {}
+    #[cfg(feature = "client_certificate")]
+    impl Sealed for super::ClientCertificateCredential {}
+    impl Sealed for super::ClientSecretCredential {}
+    impl Sealed for super::ManagedIdentityCredential {}
+    impl Sealed for super::WorkloadIdentityCredential {}
+}
 
 /// Map an error from a credential's get_token() method to an ErrorKind::Credential error, appending
 /// a link to the troubleshooting guide entry for that credential, if it has one.
 ///
 /// TODO: decide whether to map to ErrorKind::Credential here (https://github.com/Azure/azure-sdk-for-rust/issues/3127)
-fn authentication_error<T: 'static>(e: azure_core::Error) -> azure_core::Error {
+fn authentication_error<T: TroubleshootingGuide + 'static>(
+    e: azure_core::Error,
+) -> azure_core::Error {
     azure_core::Error::with_message_fn(e.kind().clone(), || {
         let type_name = std::any::type_name::<T>();
-        let short_name = type_name.rsplit("::").next().unwrap_or(type_name); // cspell:ignore rsplit
-        let link = match short_name {
-            "AzureCliCredential" => format!("{TSG_LINK}azure-cli"),
-            "AzureDeveloperCliCredential" => format!("{TSG_LINK}azd"),
-            "AzurePipelinesCredential" => format!("{TSG_LINK}apc"),
-            #[cfg(feature = "client_certificate")]
-            "ClientCertificateCredential" => format!("{TSG_LINK}client-cert"),
-            "ClientSecretCredential" => format!("{TSG_LINK}client-secret"),
-            "ManagedIdentityCredential" => format!("{TSG_LINK}managed-id"),
-            "WorkloadIdentityCredential" => format!("{TSG_LINK}workload"),
-            _ => "".to_string(),
+        let short_name = type_name.rsplit("::").next().unwrap_or(type_name);
+        let link = if T::FRAGMENT.is_empty() {
+            String::new()
+        } else {
+            format!("{TSG_LINK_ERROR_TEXT}{}", T::FRAGMENT)
         };
 
         format!("{short_name} authentication failed: {e}{link}")

sdk/identity/azure_identity/src/managed_identity_credential.rs

@@ -165,8 +165,11 @@ fn get_source(env: &Env) -> ManagedIdentitySource {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::env::Env;
-    use crate::tests::{LIVE_TEST_RESOURCE, LIVE_TEST_SCOPES};
+    use crate::{
+        env::Env,
+        tests::{LIVE_TEST_RESOURCE, LIVE_TEST_SCOPES},
+        TroubleshootingGuide, TSG_LINK_ERROR_TEXT,
+    };
     use azure_core::http::headers::Headers;
     use azure_core::http::{BufResponse, Method, Request, StatusCode, Transport, Url};
     use azure_core::time::OffsetDateTime;
@@ -459,8 +462,10 @@ mod tests {
             .to_string()
             .contains("the requested identity has not been assigned to this resource"));
         assert!(
-            err.to_string()
-                .contains(&format!("{}managed-id", crate::TSG_LINK)),
+            err.to_string().contains(&format!(
+                "{TSG_LINK_ERROR_TEXT}{}",
+                ManagedIdentityCredential::FRAGMENT
+            )),
             "expected error to contain a link to the troubleshooting guide, got '{err}'",
         );
     }

sdk/identity/azure_identity/src/workload_identity_credential.rs

@@ -191,6 +191,7 @@ mod tests {
         client_assertion_credential::tests::{is_valid_request, FAKE_ASSERTION},
         env::Env,
         tests::*,
+        TroubleshootingGuide, TSG_LINK_ERROR_TEXT,
     };
     use azure_core::{
         http::{
@@ -315,8 +316,10 @@ mod tests {
         ));
         assert!(err.to_string().contains(description));
         assert!(
-            err.to_string()
-                .contains(&format!("{}workload", crate::TSG_LINK)),
+            err.to_string().contains(&format!(
+                "{TSG_LINK_ERROR_TEXT}{}",
+                WorkloadIdentityCredential::FRAGMENT
+            )),
             "expected error to contain a link to the troubleshooting guide, got '{err}'",
         );
     }