Add CredentialProvider trait, CredentialSet enum, and ConfigCredentialProvider

Define the outbound authentication abstraction in alknet_core::credentials: - CredentialProvider trait with get_credentials and refresh_credentials - CredentialSet enum with ApiKey, Basic, Bearer, S3AccessKey, OidcToken, Custom variants - ConfigCredentialProvider reads credentials from DynamicConfig.credentials - SecretStoreCredentialProvider stub returns None for all lookups (Phase 3) - Wire CredentialProvider into OperationEnv via credentials() method - Add credentials HashMap field to DynamicConfig
2026-06-09 10:51:54 +00:00
parent 752e61df4f
commit f8b4fb66b3
6 changed files with 345 additions and 1 deletions
--- a/crates/alknet-core/src/config/dynamic_config.rs
+++ b/crates/alknet-core/src/config/dynamic_config.rs
@@ -11,6 +11,7 @@ use russh::keys::ssh_key::HashAlg;
 use crate::auth::identity::Identity;
 use crate::auth::ServerAuthConfig;
 use crate::config::forwarding::ForwardingPolicy;
+use crate::credentials::CredentialSet;

 pub struct AuthPolicy {
    pub authorized_keys: std::collections::HashSet<russh::keys::PublicKey>,
@@ -238,6 +239,7 @@ pub struct DynamicConfig {
    pub auth: AuthPolicy,
    pub forwarding: ForwardingPolicy,
    pub rate_limits: RateLimitConfig,
+    pub credentials: HashMap<String, CredentialSet>,
 }

 impl DynamicConfig {
@@ -246,6 +248,7 @@ impl DynamicConfig {
            auth,
            forwarding: ForwardingPolicy::allow_all(),
            rate_limits: RateLimitConfig::default(),
+            credentials: HashMap::new(),
        }
    }

@@ -258,6 +261,7 @@ impl DynamicConfig {
            auth,
            forwarding,
            rate_limits,
+            credentials: HashMap::new(),
        }
    }

@@ -270,6 +274,11 @@ impl DynamicConfig {
        self.rate_limits = limits;
        self
    }
+
+    pub fn with_credentials(mut self, credentials: HashMap<String, CredentialSet>) -> Self {
+        self.credentials = credentials;
+        self
+    }
 }

 impl Default for DynamicConfig {
@@ -278,6 +287,7 @@ impl Default for DynamicConfig {
            auth: AuthPolicy::empty(),
            forwarding: ForwardingPolicy::allow_all(),
            rate_limits: RateLimitConfig::default(),
+            credentials: HashMap::new(),
        }
    }
 }
@@ -351,6 +361,7 @@ mod tests {
            auth: AuthPolicy::empty(),
            forwarding: ForwardingPolicy::deny_all(),
            rate_limits: RateLimitConfig::default(),
+            credentials: HashMap::new(),
        };
        handle.reload(new_config);