nominal-api 0.1239.0

API bindings for the Nominal platform
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

use conjure_http::endpoint;
/// Cluster-internal endpoint that mints short-lived access tokens for a
/// preconfigured sandbox workspace + sandbox user. The intended caller is an
/// in-cluster integration test Job; access is gated by a shared-secret header
/// and a NetworkPolicy that restricts the source pods.
///
/// This service must not be exposed via the public ingress.
#[conjure_http::conjure_endpoints(
    name = "InternalSandboxTokenService",
    use_legacy_error_serialization
)]
pub trait InternalSandboxTokenService {
    /// Issue a Nominal-signed bearer token bound to the configured sandbox
    /// user + org. The TTL is capped at 1 hour server-side regardless of the
    /// requested value. The shared-secret header must match the value
    /// configured on gatekeeper or the call is rejected.
    #[endpoint(
        method = POST,
        path = "/sandbox-token-internal/v1/issue",
        name = "issueSandboxToken",
        produces = conjure_http::server::StdResponseSerializer
    )]
    fn issue_sandbox_token(
        &self,
        #[body(deserializer = conjure_http::server::StdRequestDeserializer)]
        request: super::super::super::objects::authorization::IssueSandboxTokenRequest,
        #[header(
            name = "X-Nominal-Sandbox-Shared-Secret",
            decoder = conjure_http::server::conjure::FromPlainDecoder,
            log_as = "sharedSecret"
        )]
        shared_secret: String,
    ) -> Result<
        super::super::super::objects::authorization::IssueSandboxTokenResponse,
        conjure_http::private::Error,
    >;
}
/// Cluster-internal endpoint that mints short-lived access tokens for a
/// preconfigured sandbox workspace + sandbox user. The intended caller is an
/// in-cluster integration test Job; access is gated by a shared-secret header
/// and a NetworkPolicy that restricts the source pods.
///
/// This service must not be exposed via the public ingress.
#[conjure_http::conjure_endpoints(
    name = "InternalSandboxTokenService",
    use_legacy_error_serialization
)]
pub trait AsyncInternalSandboxTokenService {
    /// Issue a Nominal-signed bearer token bound to the configured sandbox
    /// user + org. The TTL is capped at 1 hour server-side regardless of the
    /// requested value. The shared-secret header must match the value
    /// configured on gatekeeper or the call is rejected.
    #[endpoint(
        method = POST,
        path = "/sandbox-token-internal/v1/issue",
        name = "issueSandboxToken",
        produces = conjure_http::server::StdResponseSerializer
    )]
    async fn issue_sandbox_token(
        &self,
        #[body(deserializer = conjure_http::server::StdRequestDeserializer)]
        request: super::super::super::objects::authorization::IssueSandboxTokenRequest,
        #[header(
            name = "X-Nominal-Sandbox-Shared-Secret",
            decoder = conjure_http::server::conjure::FromPlainDecoder,
            log_as = "sharedSecret"
        )]
        shared_secret: String,
    ) -> Result<
        super::super::super::objects::authorization::IssueSandboxTokenResponse,
        conjure_http::private::Error,
    >;
}
/// Cluster-internal endpoint that mints short-lived access tokens for a
/// preconfigured sandbox workspace + sandbox user. The intended caller is an
/// in-cluster integration test Job; access is gated by a shared-secret header
/// and a NetworkPolicy that restricts the source pods.
///
/// This service must not be exposed via the public ingress.
#[conjure_http::conjure_endpoints(
    name = "InternalSandboxTokenService",
    use_legacy_error_serialization,
    local
)]
pub trait LocalAsyncInternalSandboxTokenService {
    /// Issue a Nominal-signed bearer token bound to the configured sandbox
    /// user + org. The TTL is capped at 1 hour server-side regardless of the
    /// requested value. The shared-secret header must match the value
    /// configured on gatekeeper or the call is rejected.
    #[endpoint(
        method = POST,
        path = "/sandbox-token-internal/v1/issue",
        name = "issueSandboxToken",
        produces = conjure_http::server::StdResponseSerializer
    )]
    async fn issue_sandbox_token(
        &self,
        #[body(deserializer = conjure_http::server::StdRequestDeserializer)]
        request: super::super::super::objects::authorization::IssueSandboxTokenRequest,
        #[header(
            name = "X-Nominal-Sandbox-Shared-Secret",
            decoder = conjure_http::server::conjure::FromPlainDecoder,
            log_as = "sharedSecret"
        )]
        shared_secret: String,
    ) -> Result<
        super::super::super::objects::authorization::IssueSandboxTokenResponse,
        conjure_http::private::Error,
    >;
}