libpod/image: Use ParseNormalizedNamed in RepoDigests #2106
Conversation
wking
force-pushed
the
fix-repo-digests-name-parsing
branch
from
c675435 to
397ba9d
Compare
| { | ||
| name: "digest", | ||
| names: []string{"docker.io/library/busybox@sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc"}, | ||
| expected: []string{"docker.io/library/busybox@sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc"}, |
There was a problem hiding this comment.
This test fails with the doubled @sha256 unless we also include the ParseNormalizedNamed change this commit makes to RepoDigests().
| @@ -41,13 +41,18 @@ func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error { | |||
| for _, image := range images { | |||
| labels, _ := image.Labels(getContext()) | |||
| containers, _ := image.Containers() | |||
| repoDigests, err := image.RepoDigests() | |||
| if err != nil { | |||
| return err | |||
There was a problem hiding this comment.
image.Labels(...) seems to ignore errors as well.
There was a problem hiding this comment.
image.Labels(...)seems to ignore errors as well.
Yeah, I left the existing error-ignores alone, since I don't understand their motivation. I'm happy to make these all consistent though (one way or the other) if someone can explain the motivation.
There was a problem hiding this comment.
It looks like we don't want to fatally fail when trying to get some information on an image, but it's not commented at all so I'm not sure. @baude this intentional?
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
| { | ||
| name: "tagged", | ||
| names: []string{"docker.io/library/busybox:latest"}, | ||
| expected: []string{"docker.io/library/busybox@sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc"}, |
There was a problem hiding this comment.
How often does Busybox update (such that this would no longer pull the same image)?
Can we throw a comment on here that this needs updating when busybox bumps its image version?
There was a problem hiding this comment.
How often does Busybox update...
This digest is hard-coded in the test itself; it is completely decoupled from any real-world BusyBox image. So no need to bump anything.
There was a problem hiding this comment.
Oh, sorry, I meant the line above - busybox:latest
There was a problem hiding this comment.
Oh, sorry, I meant the line above -
busybox:latest
Still just a string I'm hard-coding for these unit tests with no relation to real-world images. The new unit tests should just be exercising vendored string-manipulation code; they aren't hitting the network or anything.
There was a problem hiding this comment.
Alright, should be fine then, thanks
|
Few questions but code LGTM. |
|
Tests are failing - looks like there's a |
Do you know what's going in there. The unit tests pass for me locally, and we vendor the parser, so I dunno how CI is failing. |
|
Will attempt to rerun them to see if it is a flake. |
Actually, I must have changed something and forgotten to run them again, since now I can reproduce locally (thank you, CI ;). Obviously |
reference.WithDigest(reference.TrimNamed(input), digest)should work. |
| for _, name := range i.Names() { | ||
| repoDigests = append(repoDigests, strings.SplitN(name, ":", 2)[0]+"@"+i.Digest().String()) | ||
| named, err := reference.ParseNormalizedNamed(name) | ||
| if err != nil { |
There was a problem hiding this comment.
FWIW c/image/storage silently ignores errors (= .Names entries not in the c/image/docker/reference format).
Names are not documented to be in any particular format, so hard failures here may not be appropriate — OTOH maybe we should tighten the definition of Names instead. I don’t know.
There was a problem hiding this comment.
Namesare not documented to be in any particular format, so hard failures here may not be appropriate...
I don't have an opinion on what ParseNormaliedNamed wants to consider an error, but if it returns an error, I think we should be passing it back up the chain. I certainly don't want different opinions on what names are considered valid living at different places in the stack.
There was a problem hiding this comment.
I’m saying that the existing opinion/practice is that non-ParseNormalizedNamed names are 1) allowed and 2) silently ignored, so if you ”don’t want different opinions” (which I agree with) the right thing to do is to silently ignore such names as well.
I do support tightening the definition, but if that should happen, it needs be a separate PR set across c/storage (documenting the field as such)+c/image+libpod (using it) and maybe others.
wking
force-pushed
the
fix-repo-digests-name-parsing
branch
from
397ba9d to
f539fd2
Compare
|
I've pushed 397ba9d -> f539fd2 adding |
|
@wking Still broken :^( |
|
@wking I think the issue with CI was introduced by the most recent merge (another user of RepoDigests appeared and needs to be changed to use the error return) |
Avoid generating quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and similar when the image name is already digest-based [1]. It's not clear exactly how we get into this state, but as shown by the unit tests, the new code handles this case correctly (while the previous code does not). [1]: containers#2086 Signed-off-by: W. Trevor King <wking@tremily.us>
wking
force-pushed
the
fix-repo-digests-name-parsing
branch
from
f539fd2 to
a780521
Compare
|
All green :). |
|
Code LGTM |
|
📌 Commit a780521 has been approved by |
|
☀️ Test successful - status-papr |
…-release:4.0.0-0.2 RHCOS 47.280 brings in, among other things, [1], which fixes a bug we see occasionally on the bootstrap machine. Clayton pushed 4.0.0-0.nightly-2019-01-25-205123 to quay.io/openshift-release-dev/ocp-release:4.0.0-0.2. Renaming OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE gets us CI testing of the pinned release despite openshift/release@60007df2 (Use RELEASE_IMAGE_LATEST for CVO payload, 2018-10-03, openshift/release#1793). Also comment out regions which this particular RHCOS build wasn't pushed to, leaving only: $ curl -s https://releases-rhcos.svc.ci.openshift.org/storage/releases/maipo/47.280/meta.json | jq -r '.amis[] | .name' ap-northeast-1 ap-northeast-2 ap-south-1 ap-southeast-1 ap-southeast-2 ca-central-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 sa-east-1 us-east-1 us-east-2 us-west-1 us-west-2 I'd initially expected to export the pinning environment variables in release.sh, but I've put them in build.sh here because our continuous integration tests use build.sh directly and don't go through release.sh. [1]: containers/podman#2106
To get the more-robust handling from 0f6535c (libpod/image: Use ParseNormalizedNamed in RepoDigests, 2019-01-08, containers#2106) here too. Signed-off-by: W. Trevor King <wking@tremily.us>
…-release:4.0.0-0.3 The bump from RHCOS 47.280 to 47.297 brings in, among other things, v0.12 kubelets. Clayton pushed 4.0.0-0.nightly-2019-01-30-145955 to quay.io/openshift-release-dev/ocp-release:4.0.0-0.3. Renaming OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE gets us CI testing of the pinned release despite openshift/release@60007df2 (Use RELEASE_IMAGE_LATEST for CVO payload, 2018-10-03, openshift/release#1793). Also comment out regions which this particular RHCOS build wasn't pushed to, leaving only: $ curl -s https://releases-rhcos.svc.ci.openshift.org/storage/releases/maipo/47.297/meta.json | jq -r '.amis[] | .name' ap-northeast-1 ap-northeast-2 ap-south-1 ap-southeast-1 ap-southeast-2 ca-central-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 sa-east-1 us-east-1 us-east-2 us-west-1 us-west-2 I'd initially expected to export the pinning environment variables in release.sh, but I've put them in build.sh here because our continuous integration tests use build.sh directly and don't go through release.sh. [1]: containers/podman#2106
To get the more-robust handling from 0f6535c (libpod/image: Use ParseNormalizedNamed in RepoDigests, 2019-01-08, containers#2106) here too. Signed-off-by: W. Trevor King <wking@tremily.us>
…-release:4.0.0-0.5
Clayton pushed 4.0.0-0.nightly-2019-02-26-125216 to
quay.io/openshift-release-dev/ocp-release:4.0.0-0.5. Extracting the
associated RHCOS build:
$ oc adm release info --pullspecs quay.io/openshift-release-dev/ocp-release:4.0.0-0.5 | grep machine-os-content
machine-os-content registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-02-26-125216@sha256:1262533e31a427917f94babeef2774c98373409897863ae742ff04120f32f79b
$ oc image info registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-02-26-125216@sha256:1262533e31a427917f94babeef2774c98373409897863ae742ff04120f32f79b | grep version
version=47.330
The bump from RHCOS 47.297 to 47.330 brings in, among other things,
Podman 1.0.1.
Renaming OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE gets us CI testing
of the pinned release despite openshift/release@60007df2 (Use
RELEASE_IMAGE_LATEST for CVO payload, 2018-10-03,
openshift/release#1793).
Also comment out regions which this particular RHCOS build wasn't
pushed to, leaving only:
$ curl -s https://releases-rhcos.svc.ci.openshift.org/storage/releases/maipo/47.330/meta.json | jq -r '.amis[] | .name'
ap-northeast-1
ap-northeast-2
ap-south-1
ap-southeast-1
ap-southeast-2
ca-central-1
eu-central-1
eu-west-1
eu-west-2
eu-west-3
sa-east-1
us-east-1
us-east-2
us-west-1
us-west-2
I'd initially expected to export the pinning environment variables in
release.sh, but I've put them in build.sh here because our continuous
integration tests use build.sh directly and don't go through
release.sh.
[1]: containers/podman#2106
github-actions
bot
added
the
locked - please file new issue/PR
Avoid generating
quay.io/openshift-release-dev/ocp-release@sha256@sha256:239...and similar when the image name is already digest-based. It's not clear exactly how we get into this state, but as shown by the unit tests, the new code handles this case correctly (while the previous code does not).Fixes #2086