zlayer-types 0.11.13

Shared wire types for the ZLayer platform — API DTOs, OCI image references, and related serde types.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

//! Auth wire DTOs.
//!
//! These types describe how authentication for OCI registries is configured
//! over the wire. The synchronous and async resolvers themselves live in
//! `zlayer-core` (which depends on `oci-client` and other heavier crates);
//! this module intentionally only carries the serde-friendly DTOs.

use serde::{Deserialize, Serialize};
use std::path::PathBuf;

/// Authentication source configuration
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum AuthSource {
    /// No authentication
    #[default]
    Anonymous,

    /// Basic authentication with username and password
    Basic { username: String, password: String },

    /// Load from Docker config.json
    DockerConfig,

    /// Load from environment variables
    EnvVar {
        username_var: String,
        password_var: String,
    },

    /// Look up credentials from the `RegistryCredentialStore` by id.
    /// Requires the async resolver -- the sync path returns `Anonymous` with
    /// a warning log.
    SecretStore { credential_id: String },
}

/// Per-registry authentication configuration
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct RegistryAuthConfig {
    /// Registry hostname (e.g., "docker.io", "ghcr.io")
    pub registry: String,

    /// Authentication source for this registry
    pub source: AuthSource,
}

/// Global authentication configuration
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct AuthConfig {
    /// Per-registry authentication overrides
    #[serde(default)]
    pub registries: Vec<RegistryAuthConfig>,

    /// Default authentication source for registries not in the list
    #[serde(default)]
    pub default: AuthSource,

    /// Custom path to Docker config.json (if not using default)
    pub docker_config_path: Option<PathBuf>,
}

impl Default for AuthConfig {
    fn default() -> Self {
        Self {
            registries: Vec::new(),
            default: AuthSource::DockerConfig,
            docker_config_path: None,
        }
    }
}