Skip to content

Track expiration for Azure SAS token credentials #750

Description

@Xuanwo

Background

reqsign_azure_storage::Credential::SasToken currently stores only the token string and is considered valid as long as it is non-empty. That is fine for static SAS tokens managed externally, but it is not enough for temporary vended credentials.

A credential vending flow usually returns a SAS token plus an expiration timestamp. The signer should reload credentials after the token is close to expiration, just like AWS temporary credentials and Google OAuth2 tokens already do.

Proposal

Extend Azure SAS token credentials to preserve optional expiration information.

Possible shape:

Credential::SasToken {
    token: String,
    expires_in: Option<Timestamp>,
}

Add constructors that keep existing simple usage working while allowing expiration-aware credentials, for example:

Credential::with_sas_token(token)
Credential::with_sas_token_expires_at(token, expires_at)
StaticCredentialProvider::new_sas_token(token)
StaticCredentialProvider::new_sas_token_expires_at(token, expires_at)

SigningCredential::is_valid() should treat an expiring SAS token as invalid before expiration using the same kind of safety buffer used by other temporary credentials.

Compatibility notes

This is a public enum change, so the exact API shape needs care. The goal is to keep the common constructor-based path source-compatible while giving dynamic/vended SAS providers a way to trigger automatic reload through the existing Signer cache invalidation path.

Non-goals

  • Do not change how a SAS token is applied to requests.
  • Do not add catalog or namespace-specific behavior.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestrustPull requests that update Rust code

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions