gcp-lite-rs 0.1.1

Lightweight HTTP client for Google Cloud Platform APIs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

//! Token provider abstractions for GCP authentication.

use async_trait::async_trait;

mod static_provider;

pub use static_provider::StaticTokenProvider;

/// Provides access tokens for GCP API authentication.
///
/// Implementations handle credential resolution, token caching, and refresh.
#[async_trait]
pub trait TokenProvider: Send + Sync {
    /// Get a valid access token for the specified scopes.
    ///
    /// This is called on every HTTP request. Implementations should handle
    /// caching internally.
    ///
    /// # Arguments
    ///
    /// * `scopes` - OAuth2 scopes required for the request
    ///
    /// # Returns
    ///
    /// A valid bearer token string
    async fn get_token(&self, scopes: &[&str]) -> Result<String, TokenError>;

    /// Called when a token is rejected by GCP (401 response).
    ///
    /// Allows the provider to invalidate cached tokens.
    fn on_token_rejected(&self) {
        // Default: no-op
    }

    /// Get the quota project ID for billing purposes.
    ///
    /// Returns the project ID that should be used for quota and billing.
    /// When set, the `x-goog-user-project` header will be added to requests.
    ///
    /// Default implementation returns `None`, meaning no quota project header
    /// will be added.
    fn quota_project_id(&self) -> Option<&str> {
        None
    }
}

/// Errors that can occur during token acquisition
#[derive(Debug, thiserror::Error)]
pub enum TokenError {
    /// No credentials found in any source
    #[error("No credentials found")]
    NoCredentialsFound,

    /// Failed to read credential file
    #[error("Failed to read credentials file: {path}")]
    CredentialFileError {
        /// Path to the credential file
        path: std::path::PathBuf,
        /// Underlying IO error
        #[source]
        source: std::io::Error,
    },

    /// Invalid credential format
    #[error("Invalid credentials: {message}")]
    InvalidCredentials {
        /// Error description
        message: String,
    },

    /// Token refresh failed
    #[error("Token refresh failed: {message}")]
    RefreshFailed {
        /// Error description
        message: String,
    },
}

#[cfg(test)]
mod tests {
    use super::*;

    struct TestProvider {
        quota_project: Option<String>,
    }

    #[async_trait]
    impl TokenProvider for TestProvider {
        async fn get_token(&self, _scopes: &[&str]) -> Result<String, TokenError> {
            Ok("test-token".to_string())
        }

        fn quota_project_id(&self) -> Option<&str> {
            self.quota_project.as_deref()
        }
    }

    #[test]
    fn test_quota_project_id_default_is_none() {
        // Default implementation should return None
        let provider = crate::token::StaticTokenProvider::new("token");
        assert!(provider.quota_project_id().is_none());
    }

    #[test]
    fn test_quota_project_id_custom_impl() {
        let provider = TestProvider {
            quota_project: Some("my-project".to_string()),
        };
        assert_eq!(provider.quota_project_id(), Some("my-project"));
    }
}