Documentation
¶
Overview ¶
Package credentials defines the provisioner surface used by runtimes to mint lease-bound credentials for accepted jobs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var BudgetExhausted = arcp.ErrBudgetExhausted
BudgetExhausted maps upstream per-credential budget exhaustion to the ARCP boundary error.
var ErrNoRevocation = arcp.Newf(arcp.CodeInternalError, "provisioner lacks durable revocation path")
ErrNoRevocation signals that a provisioner cannot provide a revocation path acceptable for provisioned_credentials.
Functions ¶
This section is empty.
Types ¶
type IssueRequest ¶
type IssueRequest struct {
JobID string
Principal string
Agent string
Lease arcp.Lease
Budget map[arcp.Currency]float64
ExpiresAt *time.Time
ParentJobID string
}
IssueRequest carries the finalized job lease and context a provisioner needs to mint scoped upstream credentials.
type Memory ¶
type Memory struct {
// contains filtered or unexported fields
}
Memory is a deterministic in-memory Provisioner for tests, examples, and local development.
func NewMemory ¶
NewMemory returns an in-memory provisioner whose credential IDs are prefix + counter.
func (*Memory) Issue ¶
func (m *Memory) Issue(_ context.Context, req IssueRequest) ([]messages.Credential, error)
Issue returns one bearer credential scoped to req's budget, model, and expiration constraints.
func (*Memory) Issued ¶
func (m *Memory) Issued() []IssueRequest
Issued returns a snapshot of issue requests.
func (*Memory) Outstanding ¶
Outstanding returns the number of credentials not yet revoked.
type Provisioner ¶
type Provisioner interface {
Issue(ctx context.Context, req IssueRequest) ([]messages.Credential, error)
Revoke(ctx context.Context, credentialID string) error
}
Provisioner issues credentials after job acceptance and revokes them when the job reaches a terminal state.
Source Files