Builder

google_cloud_auth::credentials

Struct Builder 

Source 
pub struct Builder { /* private fields */ }
Expand description

A builder for constructing Credentials instances.

This builder loads credentials according to the standard Application Default Credentials (ADC) strategy. ADC is the recommended approach for most applications and conforms to AIP-4110. If you need to load credentials from a non-standard location or source, you can use Builders on the specific credential types.

Common use cases where using ADC would is useful include:

  • Your application is deployed to a Google Cloud environment such as Google Compute Engine (GCE), Google Kubernetes Engine (GKE), or Cloud Run. Each of these deployment environments provides a default service account to the application, and offers mechanisms to change this default service account without any code changes to your application.
  • You are testing or developing the application on a workstation (physical or virtual). These credentials will use your preferences as set with gcloud auth application-default. These preferences can be your own Google Cloud user credentials, or some service account.
  • Regardless of where your application is running, you can use the GOOGLE_APPLICATION_CREDENTIALS environment variable to override the defaults. This environment variable should point to a file containing a service account key file, or a JSON object describing your user credentials.

The headers returned by these credentials should be used in the Authorization HTTP header.

The Google Cloud client libraries for Rust will typically find and use these credentials automatically if a credentials file exists in the standard ADC search paths. You might instantiate these credentials if you need to:

  • Override the OAuth 2.0 scopes being requested for the access token.
  • Override the quota project ID for billing and quota management.

§Example: fetching headers using ADC

let credentials = Builder::default()
    .with_quota_project_id("my-project")
    .build()?;
let headers = credentials.headers(Extensions::new()).await?;
println!("Headers: {headers:?}");

Implementations§

Source§

impl Builder

Source

pub fn with_quota_project_id<S: Into<String>>(self, quota_project_id: S) -> Self

Sets the quota project for these credentials.

In some services, you can use an account in one project for authentication and authorization, and charge the usage to a different project. This requires that the user has serviceusage.services.use permissions on the quota project.

§Important: Precedence

If the GOOGLE_CLOUD_QUOTA_PROJECT environment variable is set, its value will be used instead of the value provided to this method.

§Example
let credentials = Builder::default()
    .with_quota_project_id("my-project")
    .build();
Source

pub fn with_scopes<I, S>(self, scopes: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Sets the scopes for these credentials.

scopes act as an additional restriction in addition to the IAM permissions granted to the principal (user or service account) that creates the token.

scopes define the permissions being requested for this specific access token when interacting with a service. For example, https://www.googleapis.com/auth/devstorage.read_write.

IAM permissions, on the other hand, define the underlying capabilities the principal possesses within a system. For example, storage.buckets.delete.

The credentials certify that a particular token was created by a certain principal.

When a token generated with specific scopes is used, the request must be permitted by both the the principals’s underlying IAM permissions and the scopes requested for the token.

Source

pub fn build(self) -> Result<Credentials, Error>

Returns a Credentials instance with the configured settings.

§Errors

Returns a CredentialsError if an unsupported credential type is provided or if the JSON value is either malformed or missing required fields.

For more information, on how to generate the JSON for a credential, consult the relevant section in the application-default credentials guide.

Source

pub fn build_access_token_credentials( self, ) -> Result<AccessTokenCredentials, Error>

Returns an AccessTokenCredentials instance with the configured settings.

§Example
// This will search for Application Default Credentials and build AccessTokenCredentials.
let credentials: AccessTokenCredentials = Builder::default()
    .build_access_token_credentials()?;
let access_token = credentials.access_token().await?;
println!("Token: {}", access_token.token);
§Errors

Returns a CredentialsError if an unsupported credential type is provided or if the JSON value is either malformed or missing required fields.

For more information, on how to generate the JSON for a credential, consult the relevant section in the application-default credentials guide.

Trait Implementations§

Source§

impl Debug for Builder

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Builder

Source§

fn default() -> Self

Creates a new builder where credentials will be obtained via application-default login.

§Example
let credentials = Builder::default().build();

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more