pub trait InternalSandboxTokenService<I: Iterator<Item = Result<Bytes, Error>>> {
// Required method
fn issue_sandbox_token(
&self,
request: &IssueSandboxTokenRequest,
shared_secret: &str,
) -> Result<IssueSandboxTokenResponse, Error>;
}Expand description
Cluster-internal endpoint that mints short-lived access tokens for a preconfigured sandbox workspace + sandbox user. The intended caller is an in-cluster integration test Job; access is gated by a shared-secret header and a NetworkPolicy that restricts the source pods.
This service must not be exposed via the public ingress.
Required Methods§
Sourcefn issue_sandbox_token(
&self,
request: &IssueSandboxTokenRequest,
shared_secret: &str,
) -> Result<IssueSandboxTokenResponse, Error>
fn issue_sandbox_token( &self, request: &IssueSandboxTokenRequest, shared_secret: &str, ) -> Result<IssueSandboxTokenResponse, Error>
Issue a Nominal-signed bearer token bound to the configured sandbox user + org. The TTL is capped at 1 hour server-side regardless of the requested value. The shared-secret header must match the value configured on gatekeeper or the call is rejected.