gcp_sdk_auth::credentials

Trait CredentialTrait

Source 
pub trait CredentialTrait: Debug {
    // Required methods
    fn get_token(
        &self,
    ) -> impl Future<Output = Result<Token, CredentialError>> + Send;
    fn get_headers(
        &self,
    ) -> impl Future<Output = Result<Vec<(HeaderName, HeaderValue)>, CredentialError>> + Send;
    fn get_universe_domain(&self) -> impl Future<Output = Option<String>> + Send;
}
Expand description

Represents a Credential used to obtain auth Tokens and the corresponding request headers.

In general, Credentials are “digital object that provide proof of identity”, the archetype may be a username and password combination, but a private RSA key may be a better example.

Modern authentication protocols do not send the credentials to authenticate with a service. Even when sent over encrypted transports, the credentials may be accidentally exposed via logging or may be captured if there are errors in the transport encryption. Because the credentials are often long-lived, that risk of exposure is also long-lived.

Instead, modern authentication protocols exchange the credentials for a time-limited Token, a digital object that shows the caller was in possession of the credentials. Because tokens are time limited, risk of misuse is also time limited. Tokens may be further restricted to only a certain subset of the RPCs in the service, or even to specific resources, or only when used from a given machine (virtual or not). Further limiting the risks associated with any leaks of these tokens.

This struct also abstracts token sources that are not backed by a specific digital object. The canonical example is the Metadata Service. This service is available in many Google Cloud environments, including Google Compute Engine, and Google Kubernetes Engine.

§Notes

Application developers who directly use the Auth SDK can use this trait to mock the credentials. Application developers who use the Google Cloud Rust SDK directly should not need this functionality.

Required Methods§

Source

fn get_token( &self, ) -> impl Future<Output = Result<Token, CredentialError>> + Send

Asynchronously retrieves a token.

Returns a Token for the current credentials. The underlying implementation refreshes the token as needed.

Source

fn get_headers( &self, ) -> impl Future<Output = Result<Vec<(HeaderName, HeaderValue)>, CredentialError>> + Send

Asynchronously constructs the auth headers.

Different auth tokens are sent via different headers. The Credential constructs the headers (and header values) that should be sent with a request.

The underlying implementation refreshes the token as needed.

Source

fn get_universe_domain(&self) -> impl Future<Output = Option<String>> + Send

Retrieves the universe domain associated with the credential, if any.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§