Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use artifactType from image manifest #395

Merged

Conversation

sudo-bmitch
Copy link
Contributor

This updates the guidance to use the artifactType value first, and fall back to the config.mediaType when determining the artifactType to set in the referrers response. This should be merged after opencontainers/image-spec#1043 is approved.

jdolitsky
jdolitsky previously approved these changes Mar 25, 2023
@sudo-bmitch sudo-bmitch added this to the v1.1.0 milestone Mar 28, 2023
Copy link
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some thoughts ...

spec.md Outdated
@@ -489,7 +489,8 @@ When pushing a manifest with the `subject` field and the [referrers API](#listin
1. If the tag returns a 404, the client MUST begin with an empty image index.
1. Verify the descriptor for the manifest is not already in the referrers list (duplicate entries SHOULD NOT be created).
1. Append a descriptor for the pushed manifest to the manifests in the referrers list.
The value of the `artifactType` MUST be set to the config descriptor `mediaType` in the image manifest.
The value of the `artifactType` MUST be set to the `artifactType` value in the image manifest.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems confusing that the artifactType MUST be set to the artifactType field of the image manifest .. or if nil/unset must be set to the config descriptor mediaType..

Indicates it may be set in both places and that they can be inconsistent..

If both we should talk about the rules here .. such that you can't have both and sometimes one is used and other times the other is used.. depending. Does set/unset logic apply? I didn't check the schema. I'm thinking if both are set they must be the same or it's an error.

Copy link
Member

@mikebrow mikebrow Mar 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are we saying/proposing at least one of these must be set and not nil (in this push manifest with subject case)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm looking for the right wording to say artifactType must be set, and the value is the manifest artifactType if defined, otherwise it falls back to the config.mediaType, so there's a precedence to document. The config.mediaType is always defined in the image-spec.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kk let's go to chat.. :-)

spec.md Outdated Show resolved Hide resolved
@rchincha
Copy link
Contributor

lgtm

spec.md Outdated Show resolved Hide resolved
Copy link

@andaaron andaaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the perspective of the consumer of the API does it matter if the match is made on the config descriptor mediaType or the artifactType?
I guess if someone codes a client which handles a limited types of artifacts it doesn't matter, because he can handle each case individually by verifying the artifactType value, but I think there should be a way to distinguish the source of the artifact type value in the reply itself to handle more generic cases.

spec.md Outdated
@@ -555,7 +556,8 @@ If the request is invalid, such as a `<digest>` with an invalid syntax, a `400 B

Upon success, the response MUST be a JSON body with an image index containing a list of descriptors.
Each descriptor is of an image manifest in the same `<name>` namespace with a `subject` field that specifies the value of `<digest>`.
The descriptors MUST include an `artifactType` field that is set to the value the configuration descriptor's `mediaType` for an image manifest.
The descriptors MUST include an `artifactType` field that is set to the value of the `artifactType` in the image manifest.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part doesn't seem to be consistent with the image spec proposal. In the image spec the 'artifactType' is only mandatory if the config descriptor mediaType is scratch.

So if an image has a non-scratch config descriptor mediaType and an artifactType, it makes sense for anyone reading the manifest to ignore the artifactType altogether, including the registry implementation.

Or else the registry may return an artifactType matching the artifactType, and after the artifact is copied locally, another tool with a different implementation may only look at the config descriptor.

That is unless we make sure the artifactType is absent from any image having a non-scratch config descriptor mediaType. Meaning the image spec mandates artifactType and non-scratch config descriptor mediaTypes are mutually exclusive.

jdolitsky
jdolitsky previously approved these changes Apr 6, 2023
@sudo-bmitch
Copy link
Contributor Author

@andaaron

From the perspective of the consumer of the API does it matter if the match is made on the config descriptor mediaType or the artifactType? I guess if someone codes a client which handles a limited types of artifacts it doesn't matter, because he can handle each case individually by verifying the artifactType value, but I think there should be a way to distinguish the source of the artifact type value in the reply itself to handle more generic cases.

I'm looking at it from a progressive upgrade with backwards compatibility. An existing artifact that has a dedicated config blob and media type can continue using that to avoid impacting existing clients. A new artifact that needs a config blob, but also wants a specific artifactType can do that, and find itself using that artifactType. And a new artifact without a config blob is required to specify an artifactType because "scratch" isn't the real artifact type.

I'm hoping that artifacts with a specific type will be created according to some spec from that artifact producer, and have the fields set consistently according to their spec (e.g. all Helm charts follow a Helm spec). From the listing we shouldn't care how the artifactType value was determined, only that it has a specific value that we want.

@andaaron
Copy link

andaaron commented Apr 6, 2023

@sudo-bmitch
If you put it like this (all tooling will eventually converge to check artifactType first, or will have special handling for individual artifact specs), then it makes sense.

andaaron
andaaron previously approved these changes Apr 6, 2023
@sudo-bmitch
Copy link
Contributor Author

@andaaron the goal of the phrasing is to say "check artifactType first, and fall back to using config.mediaType". Suggestions for better wording in the spec is welcome, because I'm not happy with it either.

@andaaron
Copy link

andaaron commented Apr 6, 2023

@andaaron the goal of the phrasing is to say "check artifactType first, and fall back to using config.mediaType". Suggestions for better wording in the spec is welcome, because I'm not happy with it either.

I'm fine with the wording as long as the other consumers of the image spec use the same rationale when reading a manifest. That was my concern.

spec.md Outdated Show resolved Hide resolved
spec.md Outdated Show resolved Hide resolved
spec.md Outdated Show resolved Hide resolved
mikebrow
mikebrow previously approved these changes Apr 13, 2023
Copy link
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with if present language on the MUST requirement

sajayantony
sajayantony previously approved these changes Apr 13, 2023
@jdolitsky jdolitsky dismissed stale reviews from sajayantony, mikebrow, and andaaron via b1f810e April 13, 2023 17:48
jdolitsky
jdolitsky previously approved these changes Apr 13, 2023
@jdolitsky
Copy link
Member

@mikebrow can I get a re-approve? (adding jons suggestion dismissed your review)

@sudo-bmitch
Copy link
Contributor Author

This has been updated with the changes from today's meeting. PTAL.

Copy link
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jdolitsky jdolitsky merged commit 79ee8e2 into opencontainers:main Apr 18, 2023
@sudo-bmitch sudo-bmitch deleted the pr-image-manifest-artifact-type branch April 18, 2023 21:18
@jdolitsky jdolitsky mentioned this pull request Apr 19, 2023
@sudo-bmitch sudo-bmitch mentioned this pull request Feb 1, 2024
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants