Skip to main content

nominal_api/conjure/endpoints/authorization/
internal_sandbox_token_service.rs

1use conjure_http::endpoint;
2/// Cluster-internal endpoint that mints short-lived access tokens for a
3/// preconfigured sandbox workspace + sandbox user. The intended caller is an
4/// in-cluster integration test Job; access is gated by a shared-secret header
5/// and a NetworkPolicy that restricts the source pods.
6///
7/// This service must not be exposed via the public ingress.
8#[conjure_http::conjure_endpoints(
9    name = "InternalSandboxTokenService",
10    use_legacy_error_serialization
11)]
12pub trait InternalSandboxTokenService {
13    /// Issue a Nominal-signed bearer token bound to the configured sandbox
14    /// user + org. The TTL is capped at 1 hour server-side regardless of the
15    /// requested value. The shared-secret header must match the value
16    /// configured on gatekeeper or the call is rejected.
17    #[endpoint(
18        method = POST,
19        path = "/sandbox-token-internal/v1/issue",
20        name = "issueSandboxToken",
21        produces = conjure_http::server::StdResponseSerializer
22    )]
23    fn issue_sandbox_token(
24        &self,
25        #[body(deserializer = conjure_http::server::StdRequestDeserializer)]
26        request: super::super::super::objects::authorization::IssueSandboxTokenRequest,
27        #[header(
28            name = "X-Nominal-Sandbox-Shared-Secret",
29            decoder = conjure_http::server::conjure::FromPlainDecoder,
30            log_as = "sharedSecret"
31        )]
32        shared_secret: String,
33    ) -> Result<
34        super::super::super::objects::authorization::IssueSandboxTokenResponse,
35        conjure_http::private::Error,
36    >;
37}
38/// Cluster-internal endpoint that mints short-lived access tokens for a
39/// preconfigured sandbox workspace + sandbox user. The intended caller is an
40/// in-cluster integration test Job; access is gated by a shared-secret header
41/// and a NetworkPolicy that restricts the source pods.
42///
43/// This service must not be exposed via the public ingress.
44#[conjure_http::conjure_endpoints(
45    name = "InternalSandboxTokenService",
46    use_legacy_error_serialization
47)]
48pub trait AsyncInternalSandboxTokenService {
49    /// Issue a Nominal-signed bearer token bound to the configured sandbox
50    /// user + org. The TTL is capped at 1 hour server-side regardless of the
51    /// requested value. The shared-secret header must match the value
52    /// configured on gatekeeper or the call is rejected.
53    #[endpoint(
54        method = POST,
55        path = "/sandbox-token-internal/v1/issue",
56        name = "issueSandboxToken",
57        produces = conjure_http::server::StdResponseSerializer
58    )]
59    async fn issue_sandbox_token(
60        &self,
61        #[body(deserializer = conjure_http::server::StdRequestDeserializer)]
62        request: super::super::super::objects::authorization::IssueSandboxTokenRequest,
63        #[header(
64            name = "X-Nominal-Sandbox-Shared-Secret",
65            decoder = conjure_http::server::conjure::FromPlainDecoder,
66            log_as = "sharedSecret"
67        )]
68        shared_secret: String,
69    ) -> Result<
70        super::super::super::objects::authorization::IssueSandboxTokenResponse,
71        conjure_http::private::Error,
72    >;
73}
74/// Cluster-internal endpoint that mints short-lived access tokens for a
75/// preconfigured sandbox workspace + sandbox user. The intended caller is an
76/// in-cluster integration test Job; access is gated by a shared-secret header
77/// and a NetworkPolicy that restricts the source pods.
78///
79/// This service must not be exposed via the public ingress.
80#[conjure_http::conjure_endpoints(
81    name = "InternalSandboxTokenService",
82    use_legacy_error_serialization,
83    local
84)]
85pub trait LocalAsyncInternalSandboxTokenService {
86    /// Issue a Nominal-signed bearer token bound to the configured sandbox
87    /// user + org. The TTL is capped at 1 hour server-side regardless of the
88    /// requested value. The shared-secret header must match the value
89    /// configured on gatekeeper or the call is rejected.
90    #[endpoint(
91        method = POST,
92        path = "/sandbox-token-internal/v1/issue",
93        name = "issueSandboxToken",
94        produces = conjure_http::server::StdResponseSerializer
95    )]
96    async fn issue_sandbox_token(
97        &self,
98        #[body(deserializer = conjure_http::server::StdRequestDeserializer)]
99        request: super::super::super::objects::authorization::IssueSandboxTokenRequest,
100        #[header(
101            name = "X-Nominal-Sandbox-Shared-Secret",
102            decoder = conjure_http::server::conjure::FromPlainDecoder,
103            log_as = "sharedSecret"
104        )]
105        shared_secret: String,
106    ) -> Result<
107        super::super::super::objects::authorization::IssueSandboxTokenResponse,
108        conjure_http::private::Error,
109    >;
110}