Add ability for specific geographic regions to be blocked from pulling images within a namespace

data/registry_model/interface.py

@@ -316,3 +316,9 @@ class RegistryDataInterface(object):
     """ Creates a manifest under the repository and sets a temporary tag to point to it.
         Returns the manifest object created or None on error.
     """
+
+  @abstractmethod
+  def get_cached_namespace_region_blacklist(self, model_cache, namespace_name):
+    """ Returns a cached set of ISO country codes blacklisted for pulls for the namespace
+        or None if the list could not be loaded.
+    """

data/registry_model/shared.py

@@ -121,6 +121,27 @@ class SharedModel:
     torrent_info = model.storage.save_torrent_info(image_storage, piece_length, pieces)
     return TorrentInfo.for_torrent_info(torrent_info)
 
+
+  def get_cached_namespace_region_blacklist(self, model_cache, namespace_name):
+    """ Returns a cached set of ISO country codes blacklisted for pulls for the namespace
+        or None if the list could not be loaded.
+    """
+
+    def load_blacklist():
+      restrictions = model.user.list_namespace_geo_restrictions(namespace_name)
+      if restrictions is None:
+        return None
+
+      return [restriction.restricted_region_iso_code for restriction in restrictions]
+
+    blacklist_cache_key = cache_key.for_namespace_geo_restrictions(namespace_name)
+    result = model_cache.retrieve(blacklist_cache_key, load_blacklist)
+    if result is None:
+      return None
+
+    return set(result)
+
+
   def get_cached_repo_blob(self, model_cache, namespace_name, repo_name, blob_digest):
     """
     Returns the blob in the repository with the given digest if any or None if none.