Trait CredentialsProvider 

pub trait CredentialsProvider: Debug {
    // Required methods
    fn headers(
        &self,
        extensions: Extensions,
    ) -> impl Future<Output = Result<CacheableResource<HeaderMap>, CredentialsError>> + Send;
    fn universe_domain(&self) -> impl Future<Output = Option<String>> + Send;
}

Represents a Credentials used to obtain auth request headers.

In general, Credentials are “digital object that provide proof of identity”, the archetype may be a username and password combination, but a private RSA key may be a better example.

Modern authentication protocols do not send the credentials to authenticate with a service. Even when sent over encrypted transports, the credentials may be accidentally exposed via logging or may be captured if there are errors in the transport encryption. Because the credentials are often long-lived, that risk of exposure is also long-lived.

Instead, modern authentication protocols exchange the credentials for a time-limited Token, a digital object that shows the caller was in possession of the credentials. Because tokens are time limited, risk of misuse is also time limited. Tokens may be further restricted to only a certain subset of the RPCs in the service, or even to specific resources, or only when used from a given machine (virtual or not). Further limiting the risks associated with any leaks of these tokens.

This struct also abstracts token sources that are not backed by a specific digital object. The canonical example is the Metadata Service. This service is available in many Google Cloud environments, including Google Compute Engine, and Google Kubernetes Engine.

Notes

Application developers who directly use the Auth SDK can use this trait, along with crate::credentials::Credentials::from() to mock the credentials. Application developers who use the Google Cloud Rust SDK directly should not need this functionality.

Required Methods

fn headers( &self, extensions: Extensions, ) -> impl Future<Output = Result<CacheableResource<HeaderMap>, CredentialsError>> + Send

Asynchronously constructs the auth headers.

Different auth tokens are sent via different headers. The Credentials constructs the headers (and header values) that should be sent with a request.

Parameters

• extensions - An http::Extensions map that can be used to pass additional context to the credential provider. For caching purposes, this can include an EntityTag from a previously returned CacheableResource<HeaderMap>. If a valid EntityTag is provided and the underlying authentication data has not changed, this method returns Ok(CacheableResource::NotModified).

Returns

A Future that resolves to a Result containing:

• Ok(CacheableResource::New { entity_tag, data }): If new or updated headers are available.
• Ok(CacheableResource::NotModified): If the headers have not changed since the ETag provided via extensions was issued.
• Err(CredentialsError): If an error occurs while trying to fetch or generating the headers.

fn universe_domain(&self) -> impl Future<Output = Option<String>> + Send

Retrieves the universe domain associated with the credentials, if any.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors