Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oras Discover - json output include details of the image itself and not just directly attached artifacts (option for all artifacts) #1403

Open
1 task
akcrisp opened this issue Jun 12, 2024 · 4 comments
Open
1 task

Oras Discover - json output include details of the image itself and not just directly attached artifacts (option for all artifacts) #1403

akcrisp opened this issue Jun 12, 2024 · 4 comments
Labels
enhancement New feature or request format output spec required Issues that require specifications
Milestone
v1.3.0-beta.2

Comments

@akcrisp
Copy link

akcrisp commented Jun 12, 2024

What is the version of your ORAS CLI

1.2

What would you like to be added?

update the --format json option to include details of the image itself including digest and application type.

Can we also have a flag to output all artifacts whether direct or indirect in the json output. So for example if i have an sbom attached as an artifact, which is signed, - the json output shows the sbom details but no mention of the signature for the sbom.

Why is this needed for ORAS?

At moment because the json doesn't include the image details i am havig to discover that info by other means. Ideally the three supported output formats of json / tree and table should be aligned so they all output the same - ideally everything.(or indirect via a switch if need be)

Are you willing to submit PRs to contribute to this feature?

  • Yes, I am willing to implement it.
@akcrisp akcrisp added enhancement New feature or request triage New issues or PRs to be acknowledged by maintainers labels Jun 12, 2024
@qweeah
Copy link
Contributor

qweeah commented Jun 12, 2024

I can see two requirements raised in this issue:

  1. Metadata of the subject image should be included in the JSON output of oras discover
  2. Support showing indirect referrers in the JSON output of oras discover (This requires redesign fields in v1.2.0's model and might introduce breaking changes)

/cc @FeynmanZhou @yizha1

@akcrisp Feel free to add more details

@qweeah qweeah removed the triage New issues or PRs to be acknowledged by maintainers label Jun 21, 2024
@FeynmanZhou FeynmanZhou added the spec required Issues that require specifications label Jun 21, 2024
@FeynmanZhou FeynmanZhou added this to the v1.3.0 milestone Jun 21, 2024
@sajayantony
Copy link
Contributor

Nested artifacts can be challenging but the subject of the referrers can be included as a descriptor in the format output.

@qweeah
Copy link
Contributor

qweeah commented Nov 27, 2024

https://github.com/qweeah/oras/releases/tag/v1.2.0-discover
Sharing a demo of my own private build back in June. This private build

  1. Adds a new field manifests to the format model of oras discover to show metadata of the referrers.
  2. Adds a new flag -r/recursive to show indirect referrers.

To install

## 1. Installation
VERSION="1.2.0-discover" &&\
curl -LO "https://github.com/qweeah/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" &&\
mkdir -p oras-install/ &&\
tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/

Here is a demo of listing indirect referrers in the formatted output

> ./oras-install/oras discover mcr.microsoft.com/oss/kubernetes/kubectl:v1.29.1 --format json -r
{
  "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:bece4f4746a39cb39e38451c70fa5a1e5ea4fa20d4cca40136b51d9557918b01",
  "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
  "digest": "sha256:bece4f4746a39cb39e38451c70fa5a1e5ea4fa20d4cca40136b51d9557918b01",
  "size": 1788,
  "manifests": [
    {
      "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:325129be79f416fe11a9ec44233cfa57f5d89434e6d37170f97e48f7904983e3",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:325129be79f416fe11a9ec44233cfa57f5d89434e6d37170f97e48f7904983e3",
      "size": 788,
      "annotations": {
        "org.opencontainers.image.created": "2024-03-15T22:49:10Z",
        "vnd.microsoft.artifact.lifecycle.end-of-life.date": "2024-03-15"
      },
      "artifactType": "application/vnd.microsoft.artifact.lifecycle",
      "manifests": [
        {
          "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:f520330e9f43c05859c532e67a25c9c765b144782ae7b872656192c27fd4e2dd",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:f520330e9f43c05859c532e67a25c9c765b144782ae7b872656192c27fd4e2dd",
          "size": 1080,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[430ecf0685f8018443f8418f5d7134b146f28862116114925713635d5703fb69,9b1894f223d934cbd6575af3c6e1f6096b9221a7da132185f5a5cdc92235b5dc,23ffe2b8bdb9a1711515d4cffda04bc7f793d513c76c243f1020507d8669b7db]",
            "org.opencontainers.image.created": "2024-03-15T22:54:42Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:a811606b09341bab4bbc0a4deb2c0cb709ec9702635cbe2d36b77d58359ec046",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:a811606b09341bab4bbc0a4deb2c0cb709ec9702635cbe2d36b77d58359ec046",
      "size": 747,
      "annotations": {
        "org.opencontainers.image.created": "2024-01-18T18:12:41Z"
      },
      "artifactType": "application/vnd.in-toto+json",
      "manifests": [
        {
          "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:04723fd7d00df77c6f226b907667396554bf9418dc48a7a04feb5ff24aa0b9ec",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:04723fd7d00df77c6f226b907667396554bf9418dc48a7a04feb5ff24aa0b9ec",
          "size": 1080,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[430ecf0685f8018443f8418f5d7134b146f28862116114925713635d5703fb69,9b1894f223d934cbd6575af3c6e1f6096b9221a7da132185f5a5cdc92235b5dc,23ffe2b8bdb9a1711515d4cffda04bc7f793d513c76c243f1020507d8669b7db]",
            "org.opencontainers.image.created": "2024-01-18T18:20:09Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:a389ef0a7179df56efef693b6c818039f94369edb2dac1294e2a29cf5401330c",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:a389ef0a7179df56efef693b6c818039f94369edb2dac1294e2a29cf5401330c",
      "size": 753,
      "annotations": {
        "org.opencontainers.image.created": "2024-01-18T18:08:20Z"
      },
      "artifactType": "application/spdx+json",
      "manifests": [
        {
          "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:4677dd1e053026b99c12bac7ab03aebc9af71bd312020cb00ac237b692e2c62c",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:4677dd1e053026b99c12bac7ab03aebc9af71bd312020cb00ac237b692e2c62c",
          "size": 1080,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[430ecf0685f8018443f8418f5d7134b146f28862116114925713635d5703fb69,9b1894f223d934cbd6575af3c6e1f6096b9221a7da132185f5a5cdc92235b5dc,23ffe2b8bdb9a1711515d4cffda04bc7f793d513c76c243f1020507d8669b7db]",
            "org.opencontainers.image.created": "2024-01-18T18:12:07Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:2ce3bcd20e25589de58b3458256ea5ed9a28ddd7b99b256dd5192db996c11b3e",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:2ce3bcd20e25589de58b3458256ea5ed9a28ddd7b99b256dd5192db996c11b3e",
      "size": 752,
      "annotations": {
        "org.opencontainers.image.created": "2024-01-18T18:08:19Z"
      },
      "artifactType": "application/spdx+json",
      "manifests": [
        {
          "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:33b7512c09387ea502e30dec6036e70015669878725252a6c0c66a5a97e28a1d",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:33b7512c09387ea502e30dec6036e70015669878725252a6c0c66a5a97e28a1d",
          "size": 1080,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[c89466fbfbfc4ad002abe2ebbcd9ba591e4e65d24d6ac23a606d7eb92c45d4f1,9b1894f223d934cbd6575af3c6e1f6096b9221a7da132185f5a5cdc92235b5dc,23ffe2b8bdb9a1711515d4cffda04bc7f793d513c76c243f1020507d8669b7db]",
            "org.opencontainers.image.created": "2024-01-18T18:11:58Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:98cbcc4452cae716725b82f542a7271f57eff9564cb5ff31ea8bc94c65d39f18",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:98cbcc4452cae716725b82f542a7271f57eff9564cb5ff31ea8bc94c65d39f18",
      "size": 753,
      "annotations": {
        "org.opencontainers.image.created": "2024-01-18T18:08:17Z"
      },
      "artifactType": "application/spdx+json",
      "manifests": [
        {
          "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:a97ec31fed4a07d72086aa495ebfee5df6a3c825cf14d59022234bf4c8b38ce6",
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "digest": "sha256:a97ec31fed4a07d72086aa495ebfee5df6a3c825cf14d59022234bf4c8b38ce6",
          "size": 1080,
          "annotations": {
            "io.cncf.notary.x509chain.thumbprint#S256": "[430ecf0685f8018443f8418f5d7134b146f28862116114925713635d5703fb69,9b1894f223d934cbd6575af3c6e1f6096b9221a7da132185f5a5cdc92235b5dc,23ffe2b8bdb9a1711515d4cffda04bc7f793d513c76c243f1020507d8669b7db]",
            "org.opencontainers.image.created": "2024-01-18T18:12:06Z"
          },
          "artifactType": "application/vnd.cncf.notary.signature"
        }
      ]
    },
    {
      "reference": "mcr.microsoft.com/oss/kubernetes/kubectl@sha256:f2098a230b6311edeb44ab2d6e5789372300d9b98be34c4d9477d3b9638a3bb1",
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:f2098a230b6311edeb44ab2d6e5789372300d9b98be34c4d9477d3b9638a3bb1",
      "size": 1008,
      "annotations": {
        "io.cncf.notary.x509chain.thumbprint#S256": "[c89466fbfbfc4ad002abe2ebbcd9ba591e4e65d24d6ac23a606d7eb92c45d4f1,9b1894f223d934cbd6575af3c6e1f6096b9221a7da132185f5a5cdc92235b5dc,23ffe2b8bdb9a1711515d4cffda04bc7f793d513c76c243f1020507d8669b7db]",
        "org.opencontainers.image.created": "2024-01-18T18:07:12Z"
      },
      "artifactType": "application/vnd.cncf.notary.signature"
    }
  ]
}

@FeynmanZhou FeynmanZhou modified the milestones: v1.3.0, v1.3.0-beta.2 Dec 10, 2024
@FeynmanZhou
Copy link
Member

FeynmanZhou commented Dec 10, 2024
edited
Loading

This is a totally valid feature request to me. The formatted output of oras discover is supposed to show the image itself not just the referrers.

Thanks @qweeah for sharing the idea and PoC. I will need to validate it and update the formatted output spec first. I moved this issue to v1.3.0-beta.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request format output spec required Issues that require specifications
Projects
None yet
Milestone
v1.3.0-beta.2
Development

No branches or pull requests
4 participants
@sajayantony @qweeah @akcrisp @FeynmanZhou