pub trait ContainerTokenSink:
Send
+ Sync
+ Debug {
// Required methods
fn persist<'life0, 'async_trait>(
&'life0 self,
record: StoredAccessToken,
) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn revoke<'life0, 'life1, 'async_trait>(
&'life0 self,
jti: &'life1 str,
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
}Expand description
Sink the runtime uses to persist + revoke per-container scoped access
tokens. Implemented in the bin over the daemon’s AccessTokenStorage
(which is SecretsStore-backed, so it replicates cluster-wide).
Required Methods§
Sourcefn persist<'life0, 'async_trait>(
&'life0 self,
record: StoredAccessToken,
) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn persist<'life0, 'async_trait>(
&'life0 self,
record: StoredAccessToken,
) -> Pin<Box<dyn Future<Output = bool> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Persist a freshly-minted container token record (so its jti is
accepted by the auth layer’s fail-closed revocation check). Returns
true when the record was persisted (the token is now revocable and its
jti may safely be embedded); false on failure (the caller must mint
without a jti so the fail-closed check doesn’t reject it).
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".