Skip to main content

zlayer_types/
auth.rs

1//! Auth wire DTOs.
2//!
3//! These types describe how authentication for OCI registries is configured
4//! over the wire. The synchronous and async resolvers themselves live in
5//! `zlayer-core` (which depends on `oci-client` and other heavier crates);
6//! this module intentionally only carries the serde-friendly DTOs.
7
8use serde::{Deserialize, Serialize};
9use std::path::PathBuf;
10
11/// Authentication source configuration
12#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
13#[serde(tag = "type", rename_all = "snake_case")]
14pub enum AuthSource {
15    /// No authentication
16    #[default]
17    Anonymous,
18
19    /// Basic authentication with username and password
20    Basic { username: String, password: String },
21
22    /// Load from Docker config.json
23    DockerConfig,
24
25    /// Load from environment variables
26    EnvVar {
27        username_var: String,
28        password_var: String,
29    },
30
31    /// Look up credentials from the `RegistryCredentialStore` by id.
32    /// Requires the async resolver -- the sync path returns `Anonymous` with
33    /// a warning log.
34    SecretStore { credential_id: String },
35}
36
37/// Per-registry authentication configuration
38#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
39pub struct RegistryAuthConfig {
40    /// Registry hostname (e.g., "docker.io", "ghcr.io")
41    pub registry: String,
42
43    /// Authentication source for this registry
44    pub source: AuthSource,
45}
46
47/// Global authentication configuration
48#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
49pub struct AuthConfig {
50    /// Per-registry authentication overrides
51    #[serde(default)]
52    pub registries: Vec<RegistryAuthConfig>,
53
54    /// Default authentication source for registries not in the list
55    #[serde(default)]
56    pub default: AuthSource,
57
58    /// Custom path to Docker config.json (if not using default)
59    pub docker_config_path: Option<PathBuf>,
60}
61
62impl Default for AuthConfig {
63    fn default() -> Self {
64        Self {
65            registries: Vec::new(),
66            default: AuthSource::DockerConfig,
67            docker_config_path: None,
68        }
69    }
70}