Skip to main content

ContainerTokenSink

Trait ContainerTokenSink 

Source
pub trait ContainerTokenSink:
    Send
    + Sync
    + Debug {
    // Required methods
    fn persist<'life0, 'async_trait>(
        &'life0 self,
        record: StoredAccessToken,
    ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn revoke<'life0, 'life1, 'async_trait>(
        &'life0 self,
        jti: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
}
Expand description

Sink the runtime uses to persist + revoke per-container scoped access tokens. Implemented in the bin over the daemon’s AccessTokenStorage (which is SecretsStore-backed, so it replicates cluster-wide).

Required Methods§

Source

fn persist<'life0, 'async_trait>( &'life0 self, record: StoredAccessToken, ) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Persist a freshly-minted container token record (so its jti is accepted by the auth layer’s fail-closed revocation check). Returns true when the record was persisted (the token is now revocable and its jti may safely be embedded); false on failure (the caller must mint without a jti so the fail-closed check doesn’t reject it).

Source

fn revoke<'life0, 'life1, 'async_trait>( &'life0 self, jti: &'life1 str, ) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Revoke a container token by its jti (called on teardown).

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§