nominal-api 0.1240.0

API bindings for the Nominal platform
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

use conjure_http::endpoint;
/// Cluster-internal endpoint that mints short-lived access tokens for a
/// preconfigured sandbox workspace + sandbox user. The intended caller is an
/// in-cluster integration test Job; access is gated by a shared-secret header
/// and a NetworkPolicy that restricts the source pods.
///
/// This service must not be exposed via the public ingress.
#[conjure_http::conjure_client(name = "InternalSandboxTokenService")]
pub trait InternalSandboxTokenService<
    #[response_body]
    I: Iterator<
            Item = Result<conjure_http::private::Bytes, conjure_http::private::Error>,
        >,
> {
    /// Issue a Nominal-signed bearer token bound to the configured sandbox
    /// user + org. The TTL is capped at 1 hour server-side regardless of the
    /// requested value. The shared-secret header must match the value
    /// configured on gatekeeper or the call is rejected.
    #[endpoint(
        method = POST,
        path = "/sandbox-token-internal/v1/issue",
        name = "issueSandboxToken",
        accept = conjure_http::client::StdResponseDeserializer
    )]
    fn issue_sandbox_token(
        &self,
        #[body(serializer = conjure_http::client::StdRequestSerializer)]
        request: &super::super::super::objects::authorization::IssueSandboxTokenRequest,
        #[header(
            name = "X-Nominal-Sandbox-Shared-Secret",
            encoder = conjure_http::client::conjure::PlainEncoder
        )]
        shared_secret: &str,
    ) -> Result<
        super::super::super::objects::authorization::IssueSandboxTokenResponse,
        conjure_http::private::Error,
    >;
}
/// Cluster-internal endpoint that mints short-lived access tokens for a
/// preconfigured sandbox workspace + sandbox user. The intended caller is an
/// in-cluster integration test Job; access is gated by a shared-secret header
/// and a NetworkPolicy that restricts the source pods.
///
/// This service must not be exposed via the public ingress.
#[conjure_http::conjure_client(name = "InternalSandboxTokenService")]
pub trait AsyncInternalSandboxTokenService<
    #[response_body]
    I: conjure_http::private::Stream<
            Item = Result<conjure_http::private::Bytes, conjure_http::private::Error>,
        >,
> {
    /// Issue a Nominal-signed bearer token bound to the configured sandbox
    /// user + org. The TTL is capped at 1 hour server-side regardless of the
    /// requested value. The shared-secret header must match the value
    /// configured on gatekeeper or the call is rejected.
    #[endpoint(
        method = POST,
        path = "/sandbox-token-internal/v1/issue",
        name = "issueSandboxToken",
        accept = conjure_http::client::StdResponseDeserializer
    )]
    async fn issue_sandbox_token(
        &self,
        #[body(serializer = conjure_http::client::StdRequestSerializer)]
        request: &super::super::super::objects::authorization::IssueSandboxTokenRequest,
        #[header(
            name = "X-Nominal-Sandbox-Shared-Secret",
            encoder = conjure_http::client::conjure::PlainEncoder
        )]
        shared_secret: &str,
    ) -> Result<
        super::super::super::objects::authorization::IssueSandboxTokenResponse,
        conjure_http::private::Error,
    >;
}
/// Cluster-internal endpoint that mints short-lived access tokens for a
/// preconfigured sandbox workspace + sandbox user. The intended caller is an
/// in-cluster integration test Job; access is gated by a shared-secret header
/// and a NetworkPolicy that restricts the source pods.
///
/// This service must not be exposed via the public ingress.
#[conjure_http::conjure_client(name = "InternalSandboxTokenService", local)]
pub trait LocalAsyncInternalSandboxTokenService<
    #[response_body]
    I: conjure_http::private::Stream<
            Item = Result<conjure_http::private::Bytes, conjure_http::private::Error>,
        >,
> {
    /// Issue a Nominal-signed bearer token bound to the configured sandbox
    /// user + org. The TTL is capped at 1 hour server-side regardless of the
    /// requested value. The shared-secret header must match the value
    /// configured on gatekeeper or the call is rejected.
    #[endpoint(
        method = POST,
        path = "/sandbox-token-internal/v1/issue",
        name = "issueSandboxToken",
        accept = conjure_http::client::StdResponseDeserializer
    )]
    async fn issue_sandbox_token(
        &self,
        #[body(serializer = conjure_http::client::StdRequestSerializer)]
        request: &super::super::super::objects::authorization::IssueSandboxTokenRequest,
        #[header(
            name = "X-Nominal-Sandbox-Shared-Secret",
            encoder = conjure_http::client::conjure::PlainEncoder
        )]
        shared_secret: &str,
    ) -> Result<
        super::super::super::objects::authorization::IssueSandboxTokenResponse,
        conjure_http::private::Error,
    >;
}