Add optional digest suffix to template locator #3021
Conversation
It was part of cmd/limactl/start.go but should be generally reusable code. Moved related cmd/limactl/guessarg into limatmpl as well. Also created a new `limactl template` command. It takes a single template locator argument, loads the template, and writes it to STDOUT. This is currently not very interesting; it is in preparation of implementing composable (multi-file) templates. Signed-off-by: Jan Dubois <[email protected]>
This comment was marked as outdated.
This comment was marked as outdated.
jandubois
force-pushed
the
tmpldigest
branch
2 times, most recently
from
2ab5c20 to
c288fcb
Compare
The digest is not part of the URL, it is part of the template locator: Not all FILE_REFs are URLs. The notation means that you cannot use the I don't think being able to use
It is not, but with relative template locators you don't know if they are resolved locally or not. They work similar to So |
jandubois
force-pushed
the
tmpldigest
branch
from
c288fcb to
71bf68f
Compare
I've updated the PR to only match valid digest suffixes. See the included test cases for the suffix splitter. @AkihiroSuda PTAL (at 6a0d370) and let me know if there are any actual issues with this approach. I still think this is the most elegant way to provide the additional functionality without adding needless complexity for the regular user. |
The suffix is "@digest" which may include an optional algorithm (defaults to "sha256"). The encoded digest must be at least 7 characters long. Examples: - template://my@sha256:60a87371451eabcd211c929759db61746a7c6a1c068f59d868db6aa8dca637bd - template://my@sha256:60a87371451 - template://my@60a8737 Signed-off-by: Jan Dubois <[email protected]>
jandubois
force-pushed
the
tmpldigest
branch
from
71bf68f to
6a0d370
Compare
There was a problem hiding this comment.
I still do not think that we should invent a new micro format.
https://example.com/foo@deadbeef should just send GET /foo@deadbeef HTTP/1.1, regardless to the length and format of the deadbeef part.
Why not just: #3009 (comment)
base:
location: "https://example.com/a.yaml"
digest: "sha256:deadbeef"
YAML also allows writing this in oneliner:
base: {location: "https://example.com/a.yaml", digest: "sha256:deadbeef"}
We already do. There is no other application that understands I do not understand what problem you have with adding a suffix; as I pointed out above, it is not part of the URL, it is part of the locator. Adding I'm mostly concentrating on usability, and having a single identifier that can describe an immutable resource seems much better to me than needing multiple pieces of information provided in separate places (an extra field in the YAML, another CLI option).
I assume you mean: basedOn:
- location: "https://..."
digest: "sha256:..."
- location: "template://alpine"
...It just seems overly complex for something when most users just need: basedOn: "template://fedora"Which is already special-cased via custom marshaller to mean basedOn: ["template://fedora"]So this would add yet another possible marshaller to the mix, making the common use case complex for an edge case that virtually nobody will be using. My real concern is that it makes composable templates "too complicated" when they are really quite simple conceptually. Maybe we should ignore the whole digest stuff, and see how we and the users will actually use the new functionality, and then decide if adding more complexity is worth it. As you said earlier, this is a side note to a side note, so we can revisit this at some later point in time. I just thought I could offer an elegant mechanism to provide this right away. |
BTW, and I know you are aware of this, but the format is not something specific to us; it is already used to specify container images. E.g. I can write: $ docker build --build-context src=docker-image://alpine@sha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b .So syntactically we use the same format. And the intent from the user's point of view is the same as well: to specify not just a location for the resource, but also a specific immutable content. The locator breaks if the content has changed1. So this should provide a lot of familiarity for the user. Now the implementation is of course subtly different: in our case the checksum is not used to locate the resource (so the FILE_REF part must already uniquely specify it), but just to make sure the request fails if the content in the response does not match the request. But that is an implementation detail; from the user's view this is not a radically new/different format. Footnotes
|
|
|
|
Ok, let's not do this. It is premature anyways, as the code for multi-file templates has not been merged yet, and we have no experience how parameterized templates will be used, stored, shared, etc. |
This PR is stacked on top of #3009 and should be rebased once that one is merged.
Meanwhile look at 6a0d370 for the changes specific to this PR. See also discussion in #3019.
The suffix is
@digestwhich may include an optional algorithm (defaults tosha256). The encoded digest must be at least 7 characters long.Examples:
template://my@sha256:60a87371451eabcd211c929759db61746a7c6a1c068f59d868db6aa8dca637bdtemplate://my@sha256:60a87371451template://my@60a8737