pub trait AuthProvider: Send + Sync {
// Required methods
fn check_credentials<'life0, 'life1, 'async_trait>(
&'life0 self,
unverified: &'life1 Unverified,
) -> Pin<Box<dyn Future<Output = Option<ValidCredentials>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
fn image_permissions<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
creds: &'life1 ValidCredentials,
image: &'life2 ImageLocation,
) -> Pin<Box<dyn Future<Output = Permissions> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
fn blob_permissions<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
creds: &'life1 ValidCredentials,
blob: &'life2 ImageDigest,
) -> Pin<Box<dyn Future<Output = Permissions> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
}Expand description
An authentication and authorization provider.
At the moment, container-registry gives full access to any valid user.
Required Methods§
Sourcefn check_credentials<'life0, 'life1, 'async_trait>(
&'life0 self,
unverified: &'life1 Unverified,
) -> Pin<Box<dyn Future<Output = Option<ValidCredentials>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn check_credentials<'life0, 'life1, 'async_trait>(
&'life0 self,
unverified: &'life1 Unverified,
) -> Pin<Box<dyn Future<Output = Option<ValidCredentials>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Checks whether the supplied unverified credentials are valid.
Must return None if the credentials are not valid at all, malformed or similar.
This is an authenticating function, returning Some indicates that the “login” was
successful, but makes not statement about what these credentials can actually access (see
allowed_read() and allowed_write() for authorization checks).
Sourcefn image_permissions<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
creds: &'life1 ValidCredentials,
image: &'life2 ImageLocation,
) -> Pin<Box<dyn Future<Output = Permissions> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn image_permissions<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
creds: &'life1 ValidCredentials,
image: &'life2 ImageLocation,
) -> Pin<Box<dyn Future<Output = Permissions> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Determine permissions for given credentials at image location.
This is an authorizing function that determines permissions for previously authenticated
credentials on a given ImageLocation.
Sourcefn blob_permissions<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
creds: &'life1 ValidCredentials,
blob: &'life2 ImageDigest,
) -> Pin<Box<dyn Future<Output = Permissions> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn blob_permissions<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
creds: &'life1 ValidCredentials,
blob: &'life2 ImageDigest,
) -> Pin<Box<dyn Future<Output = Permissions> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Determine permissions for given credentials to a specific blob.
This is an authorizing function that determines permissions for previously authenticated
credentials on a given ImageLocation.
Note that blob permissions are only ever queried for reading blobs. Writing blobs does not involve the uploader sending a hash beforehand, thus this function cannot be used to implement a blacklist for specific blobs.