Skip to main content

ArtifactRegistry

alien_sdk

Trait ArtifactRegistry 

Source 
pub trait ArtifactRegistry: Binding {

Show 14 methods    // Required methods
    fn create_repository<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_name: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<RepositoryResponse, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;
    fn get_repository<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_id: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<RepositoryResponse, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;
    fn add_cross_account_access<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_id: &'life1 str,
        access: CrossAccountAccess,
    ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;
    fn remove_cross_account_access<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_id: &'life1 str,
        access: CrossAccountAccess,
    ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;
    fn get_cross_account_access<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_id: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<CrossAccountPermissions, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;
    fn generate_credentials<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_id: &'life1 str,
        permissions: ArtifactRegistryPermissions,
        ttl_seconds: Option<u32>,
    ) -> Pin<Box<dyn Future<Output = Result<ArtifactRegistryCredentials, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;
    fn delete_repository<'life0, 'life1, 'async_trait>(
        &'life0 self,
        repo_id: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: 'async_trait;

    // Provided methods
    fn registry_endpoint(&self) -> String { ... }
    fn upstream_repository_prefix(&self) -> String { ... }
    fn cleanup_credentials<'life0, 'life1, 'async_trait>(
        &'life0 self,
        _repo_id: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             Self: Sync + 'async_trait { ... }
    fn generate_blob_download_url<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        _repo_name: &'life1 str,
        _digest: &'life2 str,
        _ttl_seconds: u32,
    ) -> Pin<Box<dyn Future<Output = Result<Option<String>, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             Self: Sync + 'async_trait { ... }
    fn get_manifest<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        _repo_name: &'life1 str,
        _reference: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<(Vec<u8>, String), AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             Self: Sync + 'async_trait { ... }
    fn head_manifest<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        _repo_name: &'life1 str,
        _reference: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<Option<(String, String)>, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             Self: Sync + 'async_trait { ... }
    fn head_blob<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        _repo_name: &'life1 str,
        _digest: &'life2 str,
    ) -> Pin<Box<dyn Future<Output = Result<Option<u64>, AlienError<ErrorData>>> + Send + 'async_trait>>
       where 'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait,
             Self: Sync + 'async_trait { ... }

}
Expand description

A trait for artifact registry bindings that provide container image repository management.

Required Methods§

Source

fn create_repository<'life0, 'life1, 'async_trait>( &'life0 self, repo_name: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<RepositoryResponse, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Creates a repository within the artifact registry. Returns the repository details. URI will be None if repository is still being created.

Source

fn get_repository<'life0, 'life1, 'async_trait>( &'life0 self, repo_id: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<RepositoryResponse, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Gets repository details including name, URI, and creation time.

Source

fn add_cross_account_access<'life0, 'life1, 'async_trait>( &'life0 self, repo_id: &'life1 str, access: CrossAccountAccess, ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Adds cross-account access permissions for a repository. This adds the specified permissions to any existing cross-account permissions.

For AWS: Grants access to specified account IDs with configurable principals and compute service types. For GCP: Grants access to serverless robots and service accounts based on compute service types. For Azure: Not supported - returns OperationNotSupported error.

Source

fn remove_cross_account_access<'life0, 'life1, 'async_trait>( &'life0 self, repo_id: &'life1 str, access: CrossAccountAccess, ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Removes cross-account access permissions for a repository. This removes the specified permissions from existing cross-account permissions.

For AWS: Removes access for specified account IDs and compute service types. For GCP: Removes access for specified project numbers and service accounts. For Azure: Not supported - returns OperationNotSupported error.

Source

fn get_cross_account_access<'life0, 'life1, 'async_trait>( &'life0 self, repo_id: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<CrossAccountPermissions, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Gets the current cross-account access permissions for a repository. For Azure: Not supported - returns OperationNotSupported error.

Source

fn generate_credentials<'life0, 'life1, 'async_trait>( &'life0 self, repo_id: &'life1 str, permissions: ArtifactRegistryPermissions, ttl_seconds: Option<u32>, ) -> Pin<Box<dyn Future<Output = Result<ArtifactRegistryCredentials, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Generates credentials for accessing a repository with specified permissions. On AWS: assumes the relevant role and calls get_authorization_token. On GCP: impersonates the relevant service account and gets an oauth token. On Azure: uses the built-in token mechanism.

Source

fn delete_repository<'life0, 'life1, 'async_trait>( &'life0 self, repo_id: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: 'async_trait,

Deletes a repository and all contained images.

Provided Methods§

Source

fn registry_endpoint(&self) -> String

Returns the raw registry endpoint URL (e.g., “https://123456.dkr.ecr.us-east-1.amazonaws.com” or “http://localhost:5000”). Used by the push proxy to forward requests transparently.

Default returns empty string — cloud provider implementations should override.

Source

fn upstream_repository_prefix(&self) -> String

Returns the OCI repository path prefix used for upstream operations.

When the proxy forwards push/pull requests to the upstream registry, this prefix is prepended to the image name portion of the OCI path.

Examples:

  • ECR: "alien-e2e" (flat repo prefix)
  • GAR: "my-project/alien-e2e" (project/repo structure)
  • ACR: "" (images pushed to root)
  • Local: "artifacts" or similar

Default returns empty string.

Source

fn cleanup_credentials<'life0, 'life1, 'async_trait>( &'life0 self, _repo_id: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<(), AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, Self: Sync + 'async_trait,

Cleans up resources created by generate_credentials (scope maps, tokens). On Azure: deletes the scope map and token for the given repo ID. Default: no-op (other providers use short-lived or IAM-based credentials).

Source

fn generate_blob_download_url<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _repo_name: &'life1 str, _digest: &'life2 str, _ttl_seconds: u32, ) -> Pin<Box<dyn Future<Output = Result<Option<String>, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, Self: Sync + 'async_trait,

Generates a pre-signed download URL for a blob (layer) in the registry.

Used by the registry proxy to return 307 redirects instead of streaming blob bytes through the manager. Returns None if the provider doesn’t support pre-signed URLs (the proxy will stream the blob directly instead).

  • ECR: Calls GetDownloadUrlForLayer (returns pre-signed S3 URL).
  • GAR: Returns None (GAR uses OCI distribution API with bearer auth).
  • ACR: Returns None (ACR uses OCI distribution API with bearer auth).
  • Local: Returns None (local registry is co-located, streaming is fine).
Source

fn get_manifest<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _repo_name: &'life1 str, _reference: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<(Vec<u8>, String), AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, Self: Sync + 'async_trait,

Fetches a manifest from the upstream registry by reference (tag or digest).

Used by the registry proxy to serve manifest requests. Returns the manifest bytes and the content type (e.g., application/vnd.oci.image.manifest.v1+json).

Default implementation returns OperationNotSupported. Providers that support the registry proxy should implement this.

Source

fn head_manifest<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _repo_name: &'life1 str, _reference: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<Option<(String, String)>, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, Self: Sync + 'async_trait,

Checks if a manifest exists in the upstream registry.

Returns the content type and digest if the manifest exists. Default implementation returns OperationNotSupported.

Source

fn head_blob<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _repo_name: &'life1 str, _digest: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<Option<u64>, AlienError<ErrorData>>> + Send + 'async_trait>>
where 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait, Self: Sync + 'async_trait,

Checks if a blob exists in the upstream registry.

Returns the content length if the blob exists. Default implementation returns OperationNotSupported.

Implementors§