Builder

google_cloud_auth::credentials::impersonated

Struct Builder 

Source 
pub struct Builder { /* private fields */ }
Expand description

A builder for constructing Impersonated Service Account Credentials instance.

§Example

let impersonated_credential = serde_json::json!({
    "type": "impersonated_service_account",
    "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/test-principal:generateAccessToken",
    "source_credentials": {
        "type": "authorized_user",
        "client_id": "test-client-id",
        "client_secret": "test-client-secret",
        "refresh_token": "test-refresh-token"
    }
});
let credentials = Builder::new(impersonated_credential).build();

Implementations§

Source§

impl Builder

Source

pub fn new(impersonated_credential: Value) -> Self

Creates a new builder using impersonated_service_account JSON value.

The impersonated_service_account JSON is typically generated using a gcloud command for application default login.

Source

pub fn from_source_credentials(source_credentials: Credentials) -> Self

Creates a new builder with a source credentials object.

§Example
let source_credentials = user_account::Builder::new(json!({ /* add details here */ })).build()?;

let creds = impersonated::Builder::from_source_credentials(source_credentials)
    .with_target_principal("test-principal")
    .build()?;
Source

pub fn with_target_principal<S: Into<String>>(self, target_principal: S) -> Self

Sets the target principal. This is required when using from_source_credentials. Target principal is the email of the service account to impersonate.

§Example
let impersonated_credential = json!({ /* add details here */ });

let creds = impersonated::Builder::new(impersonated_credential.into())
    .with_target_principal("test-principal")
    .build();
Source

pub fn with_delegates<I, S>(self, delegates: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the chain of delegates.

§Example
let impersonated_credential = json!({ /* add details here */ });

let creds = impersonated::Builder::new(impersonated_credential.into())
    .with_delegates(["delegate1", "delegate2"])
    .build();
Source

pub fn with_scopes<I, S>(self, scopes: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the scopes for these credentials.

Any value set here overrides a scopes value from the input impersonated_service_account JSON.

By default https://www.googleapis.com/auth/cloud-platform scope is used.

§Example
let impersonated_credential = json!({ /* add details here */ });

let creds = impersonated::Builder::new(impersonated_credential.into())
    .with_scopes(["https://www.googleapis.com/auth/pubsub"])
    .build();
Source

pub fn with_quota_project_id<S: Into<String>>(self, quota_project_id: S) -> Self

Sets the quota project for these credentials.

For some services, you can use an account in one project for authentication and authorization, and charge the usage to a different project. This requires that the target service account has serviceusage.services.use permissions on the quota project.

Any value set here overrides a quota_project_id value from the input impersonated_service_account JSON.

§Example
let impersonated_credential = json!({ /* add details here */ });

let creds = impersonated::Builder::new(impersonated_credential.into())
    .with_quota_project_id("my-project")
    .build();
Source

pub fn with_lifetime(self, lifetime: Duration) -> Self

Sets the lifetime for the impersonated credentials.

§Example
let impersonated_credential = json!({ /* add details here */ });

let creds = impersonated::Builder::new(impersonated_credential.into())
    .with_lifetime(Duration::from_secs(500))
    .build();
Source

pub fn with_retry_policy<V: Into<RetryPolicyArg>>(self, v: V) -> Self

Configure the retry policy for fetching tokens.

The retry policy controls how to handle retries, and sets limits on the number of attempts or the total time spent retrying.

use gax::retry_policy::{AlwaysRetry, RetryPolicyExt};
let impersonated_credential = json!({ /* add details here */ });
let credentials = Builder::new(impersonated_credential.into())
    .with_retry_policy(AlwaysRetry.with_attempt_limit(3))
    .build();
Source

pub fn with_backoff_policy<V: Into<BackoffPolicyArg>>(self, v: V) -> Self

Configure the retry backoff policy.

The backoff policy controls how long to wait in between retry attempts.

use gax::exponential_backoff::ExponentialBackoff;
let policy = ExponentialBackoff::default();
let impersonated_credential = json!({ /* add details here */ });
let credentials = Builder::new(impersonated_credential.into())
    .with_backoff_policy(policy)
    .build();
Source

pub fn with_retry_throttler<V: Into<RetryThrottlerArg>>(self, v: V) -> Self

Configure the retry throttler.

Advanced applications may want to configure a retry throttler to Address Cascading Failures and when Handling Overload conditions. The authentication library throttles its retry loop, using a policy to control the throttling algorithm. Use this method to fine tune or customize the default retry throttler.

use gax::retry_throttler::AdaptiveThrottler;
let impersonated_credential = json!({ /* add details here */ });
let credentials = Builder::new(impersonated_credential.into())
    .with_retry_throttler(AdaptiveThrottler::default())
    .build();
Source

pub fn build(self) -> Result<Credentials, Error>

Returns a Credentials instance with the configured settings.

§Errors

Returns a BuilderError for one of the following cases:

  • If the impersonated_service_account provided to Builder::new cannot be successfully deserialized into the expected format. This typically happens if the JSON value is malformed or missing required fields. For more information, on how to generate impersonated_service_account json, consult the relevant section in the application-default credentials guide.
  • If the impersonated_service_account provided to Builder::new has a source_credentials of impersonated_service_account type.
  • If service_account_impersonation_url is not provided after initializing the builder with Builder::from_source_credentials.
Source

pub fn build_access_token_credentials( self, ) -> Result<AccessTokenCredentials, Error>

Returns an AccessTokenCredentials instance with the configured settings.

§Example
let impersonated_credential = json!({
    "type": "impersonated_service_account",
    "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/test-principal:generateAccessToken",
    "source_credentials": {
        "type": "authorized_user",
        "client_id": "test-client-id",
        "client_secret": "test-client-secret",
        "refresh_token": "test-refresh-token"
    }
});
let credentials: AccessTokenCredentials = Builder::new(impersonated_credential.into())
    .build_access_token_credentials()?;
let access_token = credentials.access_token().await?;
println!("Token: {}", access_token.token);
§Errors

Returns a BuilderError for one of the following cases:

  • If the impersonated_service_account provided to Builder::new cannot be successfully deserialized into the expected format. This typically happens if the JSON value is malformed or missing required fields. For more information, on how to generate impersonated_service_account json, consult the relevant section in the application-default credentials guide.
  • If the impersonated_service_account provided to Builder::new has a source_credentials of impersonated_service_account type.
  • If service_account_impersonation_url is not provided after initializing the builder with Builder::from_source_credentials.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more