alien_core/resources/

artifact_registry.rs

use crate::error::{ErrorData, Result};
use crate::resource::{ResourceDefinition, ResourceOutputsDefinition, ResourceRef, ResourceType};
use alien_error::AlienError;
use bon::Builder;
use serde::{Deserialize, Serialize};
use std::any::Any;
use std::fmt::Debug;

/// Represents an artifact registry for storing container images and other build artifacts.
/// This is a high-level wrapper resource that provides a cloud-agnostic interface over
/// AWS ECR, GCP Artifact Registry, and Azure Container Registry.
///
/// # Platform Mapping
/// - **AWS**: Implicitly exists as the AWS account and region
/// - **GCP**: Explicitly configured per project and location (Artifact Registry API enabled)
/// - **Azure**: Explicitly provisioned Azure Container Registry instance
///
/// The actual repository management and permissions are handled through the bindings API.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Builder)]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
#[builder(start_fn = new)]
pub struct ArtifactRegistry {
    /// Identifier for the artifact registry. Must contain only alphanumeric characters, hyphens, and underscores ([A-Za-z0-9-_]).
    /// Maximum 64 characters.
    #[builder(start_fn)]
    pub id: String,

    /// AWS-only: regions to replicate container images to.
    /// ECR private image replication ensures images pushed in the registry's home region
    /// are automatically available in these additional regions (required when Lambda or
    /// other compute runs in a different region from the registry).
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    #[builder(default)]
    pub replication_regions: Vec<String>,
}

impl ArtifactRegistry {
    /// The resource type identifier for ArtifactRegistry
    pub const RESOURCE_TYPE: ResourceType = ResourceType::from_static("artifact-registry");

    /// Returns the artifact registry's unique identifier.
    pub fn id(&self) -> &str {
        &self.id
    }
}

// Implementation of ResourceDefinition trait for ArtifactRegistry
impl ResourceDefinition for ArtifactRegistry {
    fn get_resource_type(&self) -> ResourceType {
        Self::RESOURCE_TYPE
    }

    fn id(&self) -> &str {
        &self.id
    }

    fn get_dependencies(&self) -> Vec<ResourceRef> {
        Vec::new()
    }

    fn validate_update(&self, new_config: &dyn ResourceDefinition) -> Result<()> {
        // Downcast to ArtifactRegistry type to use the existing validate_update method
        let new_registry = new_config
            .as_any()
            .downcast_ref::<ArtifactRegistry>()
            .ok_or_else(|| {
                AlienError::new(ErrorData::UnexpectedResourceType {
                    resource_id: self.id.clone(),
                    expected: Self::RESOURCE_TYPE,
                    actual: new_config.get_resource_type(),
                })
            })?;

        if self.id != new_registry.id {
            return Err(AlienError::new(ErrorData::InvalidResourceUpdate {
                resource_id: self.id.clone(),
                reason: "the 'id' field is immutable".to_string(),
            }));
        }
        Ok(())
    }

    fn as_any(&self) -> &dyn Any {
        self
    }

    fn as_any_mut(&mut self) -> &mut dyn Any {
        self
    }

    fn box_clone(&self) -> Box<dyn ResourceDefinition> {
        Box::new(self.clone())
    }

    fn resource_eq(&self, other: &dyn ResourceDefinition) -> bool {
        other.as_any().downcast_ref::<ArtifactRegistry>() == Some(self)
    }

    fn to_json_value(&self) -> serde_json::Result<serde_json::Value> {
        serde_json::to_value(self)
    }
}

/// Outputs generated by a successfully provisioned ArtifactRegistry.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
#[serde(rename_all = "camelCase")]
pub struct ArtifactRegistryOutputs {
    /// The platform-specific registry identifier.
    /// - AWS: Account and region (e.g., "123456789012:us-west-2")
    /// - GCP: Full registry name (e.g., "projects/my-project/locations/us-central1")
    /// - Azure: Registry resource ID (e.g., "/subscriptions/.../resourceGroups/.../providers/Microsoft.ContainerRegistry/registries/myregistry")
    pub registry_id: String,

    /// The registry endpoint for docker operations.
    /// - AWS: ECR registry URL (e.g., "123456789012.dkr.ecr.us-west-2.amazonaws.com")
    /// - GCP: Artifact Registry URL (e.g., "us-central1-docker.pkg.dev/my-project")
    /// - Azure: Container registry login server (e.g., "myregistry.azurecr.io")
    pub registry_endpoint: String,

    /// Role/principal identifier for pull-only access.
    /// - AWS: IAM role ARN (e.g., "arn:aws:iam::123456789012:role/my-stack-my-registry-pull")
    /// - GCP: Service account email (e.g., "my-stack-my-registry-pull@my-project.iam.gserviceaccount.com")
    /// - Azure: Managed identity resource ID (e.g., "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-registry-pull")
    #[serde(skip_serializing_if = "Option::is_none")]
    pub pull_role: Option<String>,

    /// Role/principal identifier for push and pull access.
    /// - AWS: IAM role ARN (e.g., "arn:aws:iam::123456789012:role/my-stack-my-registry-push")
    /// - GCP: Service account email (e.g., "my-stack-my-registry-push@my-project.iam.gserviceaccount.com")
    /// - Azure: Managed identity resource ID (e.g., "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-registry-push")
    #[serde(skip_serializing_if = "Option::is_none")]
    pub push_role: Option<String>,
}

impl ResourceOutputsDefinition for ArtifactRegistryOutputs {
    fn get_resource_type(&self) -> ResourceType {
        ArtifactRegistry::RESOURCE_TYPE.clone()
    }

    fn as_any(&self) -> &dyn Any {
        self
    }

    fn box_clone(&self) -> Box<dyn ResourceOutputsDefinition> {
        Box::new(self.clone())
    }

    fn outputs_eq(&self, other: &dyn ResourceOutputsDefinition) -> bool {
        other.as_any().downcast_ref::<ArtifactRegistryOutputs>() == Some(self)
    }

    fn to_json_value(&self) -> serde_json::Result<serde_json::Value> {
        serde_json::to_value(self)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_artifact_registry_creation() {
        let registry = ArtifactRegistry::new("my-registry".to_string()).build();
        assert_eq!(registry.id, "my-registry");
    }

    #[test]
    fn test_artifact_registry_dependencies() {
        let registry = ArtifactRegistry::new("my-registry".to_string()).build();
        let dependencies = registry.get_dependencies();
        assert!(dependencies.is_empty());
    }
}