extension proposal #111
extension proposal #111
Conversation
|
@opencontainers/distribution-spec-maintainers PTAL |
vbatts
force-pushed
the
extensions
branch
2 times, most recently
from
d325b4d to
f0e9ff5
Compare
ext/README.md
Outdated
| Each extension's endpoints will be nested below its name. | ||
|
|
||
| ```HTTP | ||
| GET /v2/ext/0/... |
There was a problem hiding this comment.
the /v2/ext/ string, in view of the distribution spec, suggests we are reserving ext as a logical registry name to be used for registry extension apis. We may need something like `/v3-ext/0' to make that happen?
There was a problem hiding this comment.
For registry level operations under /v2 in the past we prepended _. I think it is best to keep that convention here to not interfere with repository naming.
We could have a wider discussion on the role of /v2 and the potential to rev that or just make that not required. Personally I think the /v2 should remain an implementation detail and avoid having the version show up there in the spec. Like other things discussed, I think that belongs as part of the discovery design.
There was a problem hiding this comment.
note: https://github.com/opencontainers/distribution-spec/blob/master/spec.md#api-version-check
Agree we need long term plan/path for versioning, both for distribution and it's extensions.
There was a problem hiding this comment.
maybe reserve prepended _ for registry operations (legacy) and prepend _ext-[0-9]+ for extensions listed here such as _ext-0
edited to add... or whatever the regex ends up for naming be it numeric or alpha numeric.
There was a problem hiding this comment.
I think we should try to limit the number of new top-level paths, as they can easily conflict with paths already exposed by registries. I'd prefer if we kept all extensions under the registry root path, whether that be /v2 or something else moving forward
There was a problem hiding this comment.
@dmcgowan are you saying you would prefer /v2/_ext/$name/...?
@josephschorr is ^ inline with what you're saying?
keep in mind that $name-extension would be something like "signatures" for notary-v2, or "events" for the pub-sub proposal.
There was a problem hiding this comment.
Yeah, /v2/_ext/... works. It's not pretty but we can't override the namespace there. I agree with @josephschorr on limiting the number of top level paths. Making them ugly helps I guess ;)
There was a problem hiding this comment.
-
What would be the guidance be for extension authors to avoid naming collisions/squatting?
Should we consider/v2/_ext/oci-artifactsor/v2/_ext/signaturesor/v2/_ext/oci/signatures/v1/. -
Also would providing guidance around
/v2/_extitself. Is there an expectation of returning a list of supported extensions or are the names something that is discovered out of band and we just 404 on/v2/_ext/oci/signatures
spec.md
Outdated
|
|
||
| These extensions are similar concept to the use of "feature flags". | ||
|
|
||
| See the [`./ext/` directory](./ext/) for extensions available and their definitions. |
There was a problem hiding this comment.
@vbatts Do you have any thoughts on having an API-driven discovery mechanism for back-compatibility between versions of extensions, or do you fully intend all new versions of extensions to be completely independent?
There was a problem hiding this comment.
is this to say, clients could stay using the older version of an extension?
If so, no. That is up to the registry maintainer. I think the $name of any given extension ought to link to the its markdown doc describing it. If it changes, then the $name and doc should change. The registry owner can choose the lifecycle they support here.
There was a problem hiding this comment.
Hmm... I have concerns we'll run into the same problems that we're running into with /v2 in regards to back and forward compatibility. At minimum, I think we should have extensions have a defined way of publishing support for specific things or versions
There was a problem hiding this comment.
would /v2/_ext/oci-artifacts/v1/{namespace}/repo/manifests/{digest}/links?n=10 be inline with what we're discussing here?
- oci-artifacts would have a links extension.
- it would have a version
v1 - it would follow the
namespace/repopath consistency, but be rooted in a named extension/oci-artifacts
|
from a discussion that @dmcgowan and I had today. While I thought that all the endpoints of any given extension would be sandboxed in its prefix, Derek points out how that could make the ACLs a bit too tricky, without wholly expecting an extension to copy API patterns. So we walked through both. Notes below (copied from https://hackmd.io/Ljkrt0LORmeVznREeGOWuQ): GET /v2/_ext/{
"0" : {},
"sigs": {"doc":"http://github.com/opencontainers/distribution-spec/trees/master/ext/ext-sigs.md"}
}/v2/_ext/sigs/ (reserved for sigs extension)GET /v2/_ext/sigs/<hash>/<digest>/<name>
POST /v2/_ext/sigs/<hash>/<digest>/<name>
DELETE /v2/_ext/sigs/<hash>/<digest>/<id>
GET /v2/<repo name>/sigs/<hash>/<digest>
POST /v2/<repo name>/sigs/<hash>/<digest>
PUT /v2/<repo name>/sigs/<hash>/<digest>/<hash>/<digest>
DELETE /v2/<repo name>/sigs/<hash>/<digest>/<hash>/<digest>
|<--signed---->|<--signature-->| {
"0": {
"mediaType":"...signature...blob",
"size": 100,
"digest": "sha256:deadbeef"
}
}What ever mediaType of the signature object itself should be parseable to reference the digest of the blob that it is a signature for. (for garbage collection) |
|
@vbatts The concern I have there is overlap: if I currently have a registry that supports multiple levels of nesting, and I have a repository named Perhaps all extensions under the existing API should be prefixed with a character not supported by the current repo names? Like... |
|
@josephschorr when the API was originally being designed a similar issue also came up with |
|
Why not just adopt something like the |
|
@jzelinskie I'm highly concerned about overlap: its guaranteed that registries, today, have |
|
For new extensions that are being proposed, but have not yet been accepted into the spec, do we want to set a standard for naming that distinguishes a proposed-extension from a standard-extension? I'm thinking along the lines of vendor prefixes for CSS; this could allow a registry operator to experiment and provide an endpoint for a feature where there isn't yet consensus in the community. |
|
What will this extension covers? Everything in the brainstorm? |
|
scope of the extensions: A way to have a handshake between client-server for additional features capable. e.g. search, signatures, discoverability. etc The hope of having a server expose which features it implements vs. a newer version (i.e. I'm really wondering whether this is even the correct approach. If these features are the right and good for distribution-spec (the API), then just put them in the spec and rev the version. (Having a call with @dmcgowan @jzelinskie @mikebrow @jdolitsky @vbatts) |
|
This basically needs community discussion around "how can i experiment with bringing in new features, or have my own bespoke feature" |
|
What was the consensus here? Basically, should |
|
@vbatts, @dmcgowan, @justincormack, in today's OCI weekly call, we discussed moving forward with #111 where we document |
|
now that 1.0 is tagged, and a number of conversations that touched on this proposal have progressed, I intend to dust this off and find the path forward. |
|
Thanks @vbatts, here's a prototypical example for the reference types: opencontainers/artifacts#29 |
vbatts
force-pushed
the
extensions
branch
3 times, most recently
from
92de7a7 to
49e0bb2
Compare
|
|
||
| ### Reserved Namespaces | ||
|
|
||
| As of current, `_oci` and `_catalog` are considered as reserved namespaces and cannot be used by other extensions. |
There was a problem hiding this comment.
... or as part of repository names.
There was a problem hiding this comment.
oh for sure. In the updated push I include some string formatting regular expression. With the _ prefix on the extension name, that differentiates all extensions, from any <name> of a manifest reference.
|
updated PTAL |
vbatts
force-pushed
the
extensions
branch
2 times, most recently
from
1e66662 to
a44d24e
Compare
Co-authored-by: Stephen Day <stephen.day@getcruise.com> Co-authored-by: Aaron Goulet <gluten@amazon.com> Co-authored-by: Lachie Evenson <laevenso@microsoft.com Co-authored-by: Mike Brown <brownwm@us.ibm.com> Co-authored-by: Samuel Karp <me@samuelkarp.com> Co-authored-by: Sajay Antony <sajaya@microsoft.com> Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
|
|
||
| Human readable description of this endpoint. | ||
|
|
||
| - **`endpoints`** *array of strings*, REQUIRED |
There was a problem hiding this comment.
Are "endpoints" a reference to "components"?
There was a problem hiding this comment.
For anyone that wasn't on the call today, endpoints refers to _<extension>/<component>/<module>. Not sure if we want to include /v2/ and /v2/<repository> in there.
|
@opencontainers/distribution-spec-maintainers PTAL |
|
👏 |
👯
The goal of this PR is to enable API extensions to the distribution-spec (registry API), so that implementations may experiment, and then once ironed out can propose the API paths be documented canonically here in the OCI distribution-spec.
There will be a place in this spec repo for official extensions to live once ratified. But importantly, it should provide a method for registry/client implementors to iterate on extensions before surfacing them to be solidified in the specification.
The challenges faced are:
Fixes #74
Signed-off-by: Vincent Batts vbatts@hashbangbash.com