pub trait CredentialVendor:
Send
+ Sync
+ Debug {
// Required methods
fn vend_credentials<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
table_location: &'life1 str,
identity: Option<&'life2 Identity>,
) -> Pin<Box<dyn Future<Output = Result<VendedCredentials>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
fn provider_name(&self) -> &'static str;
fn permission(&self) -> VendedPermission;
}Expand description
Trait for credential vendors that generate temporary credentials.
Each cloud provider has its own configuration passed via the vendor
implementation. The permission level is configured at vendor creation time
via VendedPermission.
Required Methods§
Sourcefn vend_credentials<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
table_location: &'life1 str,
identity: Option<&'life2 Identity>,
) -> Pin<Box<dyn Future<Output = Result<VendedCredentials>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn vend_credentials<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
table_location: &'life1 str,
identity: Option<&'life2 Identity>,
) -> Pin<Box<dyn Future<Output = Result<VendedCredentials>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Vend credentials for accessing the specified table location.
The permission level (read/write/admin) is determined by the vendor’s configuration, not per-request. When identity is provided, the vendor may use different authentication flows:
auth_token: Use AssumeRoleWithWebIdentity (AWS validates the token)api_key: Validate against configured API key hashes and use AssumeRoleNone: Use static configuration with AssumeRole
§Arguments
table_location- The table URI to vend credentials foridentity- Optional identity from the request (api_key OR auth_token, mutually exclusive)
§Returns
Returns vended credentials with expiration information.
§Errors
Returns error if identity validation fails (no fallback to static config).
Sourcefn provider_name(&self) -> &'static str
fn provider_name(&self) -> &'static str
Returns the cloud provider name (e.g., “aws”, “gcp”, “azure”).
Sourcefn permission(&self) -> VendedPermission
fn permission(&self) -> VendedPermission
Returns the permission level configured for this vendor.