Builder

google_cloud_auth::credentials::external_account

Struct Builder 

Source 
pub struct Builder { /* private fields */ }
Expand description

A builder for external account Credentials instances.

§Example

let project_id = project_id();
let workload_identity_pool_id = workload_identity_pool();
let provider_id = workload_identity_provider();
let provider_name = format!(
    "//iam.googleapis.com/projects/{project_id}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{provider_id}"
);
let config = serde_json::json!({
    "type": "external_account",
    "audience": provider_name,
    "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
    "token_url": "https://sts.googleapis.com/v1beta/token",
    "credential_source": {
        "url": format!("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource={provider_name}"),
        "headers": {
          "Metadata": "True"
        },
        "format": {
          "type": "json",
          "subject_token_field_name": "access_token"
        }
    }
});
let credentials = Builder::new(config)
    .with_quota_project_id("quota_project")
    .build();
});

Implementations§

Source§

impl Builder

Source

pub fn new(external_account_config: Value) -> Self

Creates a new builder using external_account_credentials JSON value.

Source

pub fn with_quota_project_id<S: Into<String>>(self, quota_project_id: S) -> Self

Sets the quota project for this credentials.

In some services, you can use a service account in one project for authentication and authorization, and charge the usage to a different project. This requires that the service account has serviceusage.services.use permissions on the quota project.

Source

pub fn with_scopes<I, S>(self, scopes: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Overrides the scopes for this credentials.

Source

pub fn with_retry_policy<V: Into<RetryPolicyArg>>(self, v: V) -> Self

Configure the retry policy for fetching tokens.

The retry policy controls how to handle retries, and sets limits on the number of attempts or the total time spent retrying.

use gax::retry_policy::{AlwaysRetry, RetryPolicyExt};
let config = serde_json::json!({
    "type": "external_account",
    "audience": "audience",
    "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
    "token_url": "https://sts.googleapis.com/v1beta/token",
    "credential_source": { "file": "/path/to/your/oidc/token.jwt" }
});
let credentials = Builder::new(config)
    .with_retry_policy(AlwaysRetry.with_attempt_limit(3))
    .build();
Source

pub fn with_backoff_policy<V: Into<BackoffPolicyArg>>(self, v: V) -> Self

Configure the retry backoff policy.

The backoff policy controls how long to wait in between retry attempts.

use gax::exponential_backoff::ExponentialBackoff;
let config = serde_json::json!({
    "type": "external_account",
    "audience": "audience",
    "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
    "token_url": "https://sts.googleapis.com/v1beta/token",
    "credential_source": { "file": "/path/to/your/oidc/token.jwt" }
});
let policy = ExponentialBackoff::default();
let credentials = Builder::new(config)
    .with_backoff_policy(policy)
    .build();
Source

pub fn with_retry_throttler<V: Into<RetryThrottlerArg>>(self, v: V) -> Self

Configure the retry throttler.

Advanced applications may want to configure a retry throttler to Address Cascading Failures and when Handling Overload conditions. The authentication library throttles its retry loop, using a policy to control the throttling algorithm. Use this method to fine tune or customize the default retry throttler.

use gax::retry_throttler::AdaptiveThrottler;
let config = serde_json::json!({
    "type": "external_account",
    "audience": "audience",
    "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
    "token_url": "https://sts.googleapis.com/v1beta/token",
    "credential_source": { "file": "/path/to/your/oidc/token.jwt" }
});
let credentials = Builder::new(config)
    .with_retry_throttler(AdaptiveThrottler::default())
    .build();
Source

pub fn build(self) -> Result<Credentials, Error>

Returns a Credentials instance with the configured settings.

§Errors

Returns a BuilderError if the external_account_config provided to Builder::new cannot be successfully deserialized into the expected format for an external account configuration. This typically happens if the JSON value is malformed or missing required fields.

For more information, on the expected format, consult the relevant section in the external_account_credentials guide.

Source

pub fn build_access_token_credentials( self, ) -> Result<AccessTokenCredentials, Error>

Returns an AccessTokenCredentials instance with the configured settings.

§Errors

Returns a BuilderError if the external_account_config provided to Builder::new cannot be successfully deserialized into the expected format for an external account configuration. This typically happens if the JSON value is malformed or missing required fields.

For more information, on the expected format, consult the relevant section in the external_account_credentials guide.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more