Store the whole Bundle.json and generate a Relocation map #58
Comments
|
cc @jcsirot @radu-matei @glyn @caervs @chris-crone WDYT? |
|
@silvin-lubecki neat! To be clear, the annotations that we have today would continue to exist, correct? Maybe this is a separate conversation for us @chris-crone and @simonferquel (and maybe I need to re-read the spec), but I'd like to better understand the motivation for referencing images in external repos in the |
@caervs absolutely, we don't change that part at all. The pushed OCI index is still the same with this proposal, only the config object changes. |
|
I've been thinking about this and I'm not sure how the original image name would be obtained when pulling from or relocating from a bundle stored in a repository unless it is captured when pushing the bundle to the repository (and stored in the repository). This issue crops up in the example above: where did |
|
@glyn I think we have everything we need in the OCI index, we have an annotation with the component name, so we can link it to the original component in the Does that make sense? Am I missing something? |
|
@silvin-lubecki Thanks. I understand now. I incorrectly assumed you were treating the original |
|
@caervs - the usage of annotations is still required, since an OCI index does not currently support a As to the second part of your question, it has to do the following workflow:
Constructing an image map that is used by runtimes (with the restriction that all images referenced in the image map must have the same digest with the original images) allows us to move bundles across registries (OCI compliant registries, that generate the same image digest for the same image) without invalidating the trust data generated when first building the bundle. Does that make sense? @silvin-lubecki, @glyn, @chris-crone - LGTM, I'm happy to pair sometime this / next week and go through the requirements and workflows one more time. |
|
@radu-matei happy to pair with you on this, let's schedule that on slack 👍 |
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 5, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 5, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 5, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 5, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 5, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 6, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 7, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 7, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 7, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
eunomie
added a commit
to eunomie/app
that referenced
this issue
Nov 7, 2019
When a relocation map is generated from `cnab-to-oci` save it within the same directory as the `bundle.json` file. More information about reloaction map can be found in corresponding `cnab-to-oci` issue: cnabio/cnab-to-oci#58 The `bundle.Bundle` struct is now wrapped in a `relocated.Bundle` that will also contain the relocation map. Methods to fetch `bundle.json` and `relocation-map.json` as well as en entire bundle with the relocation map at once are moved to a `fetch` package to avoid dependency cycle. Signed-off-by: Yves Brissaud <yves.brissaud@docker.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context
During CNAB discussions about storing bundles into registry, some comments were raised about
cnab-to-ocinot storing the wholebundle.jsonin the registry but only a subset, reconstructing it during apull.Current behavior
When pushing a CNAB Bundle to a registry,
cnab-to-ociproduces the following:bundle.json(see the type here (with mostly parameters, actions and credentials) and retrieve its digestEx:
{ "schemaVersion": "v1.0.0-WD", "actions": { "com.docker.app.inspect": { "stateless": true }, "com.docker.app.render": { "stateless": true }, "io.cnab.status": {} }, "definitions": { "port": { "default": "8080", "type": "string" }, "text": { "default": "Hello, World!", "type": "string" } }, "parameters": { "fields": { "port": { "definition": "port", "destination": { "env": "docker_param1" } }, "text": { "definition": "text", "destination": { "env": "docker_param2" } } } }, "credentials": { "docker.context": { "path": "/cnab/app/context.dockercontext" } } }bundle.jsonlikemetadata(as annotations), or invocation/service images{ "schemaVersion": 2, "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "digest": "sha256:1f1470cc6d80bcf8057782bc38a2469a3d4c2833e804b98c19b6f4dedcddda4e", "size": 316, "annotations": { "io.cnab.manifest.type": "config" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "digest": "sha256:720d8fa437af27e98a76ade5395b92c32a8e39721c62a6b4d8c3e4e1967d0caa", "size": 1363, "annotations": { "io.cnab.manifest.type": "invocation" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "digest": "sha256:ba27d460cd1f22a1a4331bdf74f4fccbc025552357e8a3249c40ae216275de96", "size": 528, "annotations": { "io.cnab.component.name": "hello", "io.cnab.manifest.type": "component" } } ], "annotations": { "io.cnab.runtime_version": "v1.0.0-WD", "io.docker.app.format": "cnab", "io.docker.type": "app", "org.opencontainers.artifactType": "application/vnd.cnab.manifest.v1", "org.opencontainers.image.authors": "[{\"name\":\"user\",\"email\":\"user@email.com\"}]", "org.opencontainers.image.description": "Hello, World!", "org.opencontainers.image.title": "hello-world", "org.opencontainers.image.version": "0.1.0" } }During the pull, we can reconstruct the
bundle.jsonfrom the config object, the annotations and the images:{ "schemaVersion": "v1.0.0-WD", "name": "hello-world", "version": "0.1.0", "description": "Hello, World!", "maintainers": [ { "name": "user", "email": "user@email.com" } ], "invocationImages": [ { "imageType": "docker", "image": "slubecki/test1@sha256:720d8fa437af27e98a76ade5395b92c32a8e39721c62a6b4d8c3e4e1967d0caa", "size": 1363, "mediaType": "application/vnd.docker.distribution.manifest.v2+json" } ], "images": { "hello": { "imageType": "docker", "image": "slubecki/test1@sha256:ba27d460cd1f22a1a4331bdf74f4fccbc025552357e8a3249c40ae216275de96", "size": 528, "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "description": "" } }, "actions": { "com.docker.app.inspect": { "stateless": true }, "com.docker.app.render": { "stateless": true }, "io.cnab.status": {} }, "parameters": { "fields": { "port": { "definition": "port", "destination": { "env": "docker_param1" } }, "text": { "definition": "text", "destination": { "env": "docker_param2" } } } }, "credentials": { "docker.context": { "path": "/cnab/app/context.dockercontext" } }, "definitions": { "port": { "default": "8080", "type": "string" }, "text": { "default": "Hello, World!", "type": "string" } } }This reconstruction was designed to tackle 2 things:
bundle.jsonimage references, and then to re-sign it, so moving would remove any guarantee seal. With this design moving an OCI index does not change anything, we can safely keep the signature.Proposal
Since this design was implemented, the Image Relocation has been added to the CNAB specifications.
We propose to leverage this new feature in the Bundle Runtime so:
cnab-to-ocican then pull the originalbundle.json.Ex of Relocation map:
{ "hashicorp/http-echo": "slubecki/test1@sha256:ba27d460cd1f22a1a4331bdf74f4fccbc025552357e8a3249c40ae216275de96" }This new design does not avoid annotation/metadata replication, but we think it is a minor issue, regarding the concern of storing a subset of the
bundle.json.The text was updated successfully, but these errors were encountered: