microsandbox_image/auth.rs
1//! Registry authentication.
2
3use serde::{Deserialize, Serialize};
4
5//--------------------------------------------------------------------------------------------------
6// Types
7//--------------------------------------------------------------------------------------------------
8
9/// Authentication credentials for OCI registry access.
10///
11/// Resolution chain (in [`Registry`](crate::Registry)):
12/// 1. Explicit [`RegistryAuth`] via [`Registry::with_auth()`](crate::Registry::with_auth)
13/// 2. OS keyring / credential store (when configured by the caller)
14/// 3. Global config `registries.auth` (`store`, `password_env`, or `secret_name`)
15/// 4. Docker credential store/config fallback (when enabled by the caller)
16/// 5. [`Anonymous`](Self::Anonymous) fallback
17#[derive(Debug, Clone, Default, Serialize, Deserialize)]
18pub enum RegistryAuth {
19 /// No authentication. Works for public registries.
20 #[default]
21 Anonymous,
22
23 /// Username + password authentication.
24 Basic {
25 /// Registry username.
26 username: String,
27 /// Registry password or token.
28 password: String,
29 },
30}
31
32//--------------------------------------------------------------------------------------------------
33// Trait Implementations
34//--------------------------------------------------------------------------------------------------
35
36impl From<&RegistryAuth> for oci_client::secrets::RegistryAuth {
37 fn from(auth: &RegistryAuth) -> Self {
38 match auth {
39 RegistryAuth::Anonymous => oci_client::secrets::RegistryAuth::Anonymous,
40 RegistryAuth::Basic { username, password } => {
41 oci_client::secrets::RegistryAuth::Basic(username.clone(), password.clone())
42 }
43 }
44 }
45}