Skip to main content

Credentials

google_cloud_auth::credentials

Struct Credentials 

Source 
pub struct Credentials { /* private fields */ }
Expand description

An implementation of crate::credentials::CredentialsProvider.

Represents a Credentials used to obtain the auth request headers.

In general, Credentials are “digital object that provide proof of identity”, the archetype may be a username and password combination, but a private RSA key may be a better example.

Modern authentication protocols do not send the credentials to authenticate with a service. Even when sent over encrypted transports, the credentials may be accidentally exposed via logging or may be captured if there are errors in the transport encryption. Because the credentials are often long-lived, that risk of exposure is also long-lived.

Instead, modern authentication protocols exchange the credentials for a time-limited Token, a digital object that shows the caller was in possession of the credentials. Because tokens are time limited, risk of misuse is also time limited. Tokens may be further restricted to only a certain subset of the RPCs in the service, or even to specific resources, or only when used from a given machine (virtual or not). Further limiting the risks associated with any leaks of these tokens.

This struct also abstracts token sources that are not backed by a specific digital object. The canonical example is the Metadata Service. This service is available in many Google Cloud environments, including Google Compute Engine, and Google Kubernetes Engine.

Implementations§

Source§

impl Credentials

Source

pub async fn headers( &self, extensions: Extensions, ) -> Result<CacheableResource<HeaderMap>, CredentialsError>

Asynchronously constructs the auth headers.

Different auth tokens are sent via different headers. The Credentials constructs the headers (and header values) that should be sent with a request. If the authentication provider requires it, headers are cached, and a background task periodically refreshes any expired tokens.

§Parameters
  • extensions - An http::Extensions map that can be used to pass additional context to the credential provider. If the caller does not need to compute derived values from the headers then do not provide an EntityTag. The credentials will either return Err(...) or Ok(CacheableResource::New {}) in this case. Since the credentials already cache the headers, then it can use the results directly. Some applications need to compute values derived from the result, and want to avoid that computation if the headers have not changed. In that case, provide the EntityTag returned from a previous call. If the underlying authentication data has not changed, this method returns Ok(CacheableResource::NotModified) and you can use the same derived data. If the caller provides an EntityTag and the underlying authentication data has changed, this function returns Ok(CacheableResource::New { ... }). That result invalidates the tag, and provides new values for the headers.
§Returns

A Result containing:

  • Ok(CacheableResource::New { entity_tag, data }): If new or updated headers are available.
  • Ok(CacheableResource::NotModified): If the headers have not changed since the ETag provided via extensions was issued.
  • Err(CredentialsError): If an error occurs while trying to fetch or generating the headers.
Source

pub async fn universe_domain(&self) -> Option<String>

Retrieves the universe domain associated with the credentials, if any.

A “universe” is an isolated Google Cloud environment, such as the public cloud or a sovereign/air-gapped deployment. The universe domain is used to construct base URLs for API endpoints within that environment.

By default, this returns None, which means the default universe domain of googleapis.com. You should only override this if your application is operating within a custom Cloud universe and needs to direct authentication and service requests to a different base endpoint.

Trait Implementations§

Source§

impl Clone for Credentials

Source§

fn clone(&self) -> Credentials

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Credentials

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T> From<T> for Credentials
where T: CredentialsProvider + Send + Sync + 'static,

Source§

fn from(value: T) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more