Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop image tools cmd/ and image/ #337

Merged
merged 2 commits into from
Oct 21, 2016
Merged

Conversation

wking
Copy link
Contributor

@wking wking commented Sep 21, 2016

They are now in opencontainers/image-tools. Also update the
dependencies. Details in the commit messages.

@philips
Copy link
Contributor

philips commented Sep 21, 2016

@wking travis build needs to be updated as well.

@stevvooe
Copy link
Contributor

I thought the plan was to maintain the validation package here. How will we continue to validate the specification if we accept this PR?

@wking
Copy link
Contributor Author

wking commented Sep 22, 2016

On Wed, Sep 21, 2016 at 03:05:54PM -0700, Brandon Philips wrote:

@wking travis build needs to be updated as well.

Oops, thanks :). Did that, and also updated Makefile, HACKING.md, and
.gitignore with 90bbb292fcdec9.

@wking
Copy link
Contributor Author

wking commented Sep 22, 2016

On Wed, Sep 21, 2016 at 03:30:30PM -0700, Stephen Day wrote:

I thought the plan was to maintain the validation package here. How
will we continue to validate the specification if we accept this PR?

I don't really have a preference for where validation lives. The
runtime projects keep the JSON Schema and a generic JSON Schema
validator in runtime-spec 1. Additional validation beyond what JSON
Schema can cover happens in an runtime-tools, where they will
hopefully soon become their own package
(opencontainers/runtime-tools#188). The runtime-tools validation will
also hopefully soon include the JSON Schema validation as a portion of
the full validation (opencontainers/runtime-tools#197). That was the
pattern I expected image-spec to follow, but a lot of that pattern is
still in-flight.

While runtime-spec occasionally has to fix buggy JSON Schema or Go
structures (opencontainers/runtime-spec#491,
opencontainers/runtime-spec#502, opencontainers/runtime-spec#581), I
think that we're far more likely to have churn on the full validator.
I think the version-decoupling which motivated the tool/spec split
(opencontainers/runtime-tools#83) applies to that code. Plus the
separation makes it easier for the validation tooling to support
multiple spec versions at once (some discussion in
opencontainers/image-tools#9).

However, I agree that having local validation to support ‘make
validate-examples’ is quite useful. I think that validating the
examples as:

  1. legal JSON, and
  2. instances of the appropriate JSON Schema

is sufficient to catch most example errors. Weighing the benefit of
covering errors that cannot be represented in JSON Schema with the
local validate-examples vs. the cost of maintaining a validator
compatible with multiple spec versions inside the spec repository, my
personal preference is to keep that additional testing in runtime-spec
instead of in image-spec.

So having outlined the runtime approach and given some background on
why I think it's a good idea, I'm still happy to go whichever way the
image-spec maintainers want to go on this one ;). If your target
differs widely from what I have here, it may be faster to just submit
an alternative PR (in which case feel free to cherry-pick anything
from here that seems useful).

@stevvooe
Copy link
Contributor

@wking Could you summarize what you are trying to say?

@wking
Copy link
Contributor Author

wking commented Sep 23, 2016

On Thu, Sep 22, 2016 at 06:49:58PM -0700, Stephen Day wrote:

@wking Could you summarize what you are trying to say?

I like the PR as it stands, for the reasons I've listed 1. It
matches what runtime-spec is doing. And you'll still have reasonable
validation coverage with just the JSON Schema locally.

@stevvooe
Copy link
Contributor

@wking

How will we continue to validate the specification if we accept this PR?

@wking
Copy link
Contributor Author

wking commented Sep 23, 2016

On Fri, Sep 23, 2016 at 03:49:52PM -0700, Stephen Day wrote:

How will we continue to validate the specification if we accept
this PR?

This PR keeps all of the JSON Schema stuff locally, and I explain in
1 why I think that is sufficient for validating local examples.

@stevvooe
Copy link
Contributor

@wking Explain it in a single paragraph so I don't have to read a book. Again, please answer the question:

How will we continue to validate the specification if we accept this PR?

Rules for your response:

  1. Keep it short.
  2. Avoid obtuse references to your own commentary.
  3. Keep your language plain and simple to understand.

To be clear, the agreement we had when creating the tools repo was to leave the validation code in the spec repo. This includes multiple versions of validation, since the specification has to consider multiple versions, as well.

The tools repo was just supposed to be a cmd directory.

@wking
Copy link
Contributor Author

wking commented Sep 26, 2016

On Mon, Sep 26, 2016 at 11:59:06AM -0700, Stephen Day wrote:

@wking Explain it in a single paragraph so I don't have to read a
book.

I can give one paragraph responses, but they cut corners. Linking to
more complete comments gives folks with more time a way to find out
what what those corners were.

To be clear, the agreement we had when creating the tools repo was
to leave the validation code in the spec repo. This includes
multiple versions of validation, since the specification has to
consider multiple versions, as well.

I think it is better to have validation beyond comparison with the
current JSON Schema in image-tools (which is how the runtime repos
split things up). Can you explain why a v2.0 specification would have
to be able to validate images compatible with the v1.0 specification?
Or why a v1.4 specification would have to be able to validate a
strictly v1.0 image? It seems orthongal to me. The only examples
inlined in a v1.4 spec should be v1.4 examples.

The tools repo was just supposed to be a cmd directory.

I'm not sure there is a consensus around that among image-spec
maintainers. For example @philips punted the image/-only issues like
#242 to image-tools. And even ported some schema/-only issues like
#150 to image-tools.

@stevvooe
Copy link
Contributor

I'm not sure there is a consensus around that among image-spec
maintainers.

We had this consensus in the face to face meeting. I consider the fact that this in the process changed an oversight at minimum.

Can you explain why a v2.0 specification would have
to be able to validate images compatible with the v1.0 specification?
Or why a v1.4 specification would have to be able to validate a
strictly v1.0 image? It seems orthongal to me. The only examples
inlined in a v1.4 spec should be v1.4 examples.

Specifications don't exist in a vacuum. v1.4 needs to be backwards compatible with v1.0 to meet semantic versioning requirements.

This isn't that hard and having the specification and validator in sync is more important than these other concerns.

@wking
Copy link
Contributor Author

wking commented Sep 26, 2016

On Mon, Sep 26, 2016 at 12:33:33PM -0700, Stephen Day wrote:

Can you explain why a v2.0 specification would have to be able to
validate images compatible with the v1.0 specification? Or why a
v1.4 specification would have to be able to validate a strictly
v1.0 image? It seems orthongal to me. The only examples inlined
in a v1.4 spec should be v1.4 examples.

Specifications don't exist in a vacuum. v1.4 needs to be backwards
compatible with v1.0 to meet semantic versioning requirements.

Agreed. But the backward-compatibility test is “Does v1.4 tooling
interpret v1.0 images with the same semantics as v1.0 tooling on
issues covered by the v1.0 spec?”. If we're not changing the
semantics of existing fields on minor bumps, I don't know why you'd
need v1.0 schema validation to check that.

This isn't that hard and having the specification and validator in
sync is more important than these other concerns.

Not having typos in the spec is important. But the v1.4 spec isn't
going to also include the v1.0 spec (in a subdirectory?). So the
only thing worth keeping in sync in this repository is a v1.4
validator. And because of churn concerns 1, I don't think it's
worth keeping more than the JSON Schema validation in sync either.
We're ok with a bit of delay before the tool repos catch up 2 to
cover the cases that JSON Schema cannot handle.

@wking
Copy link
Contributor Author

wking commented Sep 27, 2016

On Mon, Sep 26, 2016 at 11:59:06AM -0700, Stephen Day wrote:

The tools repo was just supposed to be a cmd directory.

I took a local stab at rerolling this branch to only drop cmd/ (since
that seems to be something we agree on), but glide.yml requires
runtime-spec ^1.0.0-rc1, which (for some reason, despite SemVer
pointing out that pre-releases may not satisfy their version's compat
requirements 1) happily pulls in
opencontainers/runtime-spec@7dab1a24 (tag v1.0.0-rc2). That brings in
the *Linux change from opencontainers/runtime-spec#502, and I'm not
interested enough in the image→runtime config translation to want to
port it around that change. So if you want a PR that just drops cmd/,
someone else will have to write it ;). Or this repo can pin the
runtime-spec dependency at a particular version so it doesn't float
with update-deps.

@vbatts
Copy link
Member

vbatts commented Oct 19, 2016

@stevvooe is this PR in line with what you described last week on the call?

@stevvooe
Copy link
Contributor

@vbatts This looks like it suffices.

@wking Please cleanup the history. This should only be two commits.

wking added 2 commits October 19, 2016 21:29
These have been spun off into [1].

# glide.yaml

* Drop runtime-spec (the last reference was removed with
  image/config.go).
* Drop cobra (the last references were removed with cmd/).

# HACKING

The http/FileSystem stuff still applies, since the JSON Schema
validation is staying in this repo.  I've made it's earlier
oci-image-tool references more generic, and adopted the README's
recommended one sentence per line where I touched a line.

[1]: https://github.com/opencontainers/image-tools

Signed-off-by: W. Trevor King <[email protected]>
With:

  $ rm -rf vendor
  $ make update-deps

Signed-off-by: W. Trevor King <[email protected]>
@wking
Copy link
Contributor Author

wking commented Oct 20, 2016

On Wed, Oct 19, 2016 at 04:49:43PM -0700, Stephen Day wrote:

@wking Please cleanup the history. This should only be two commits.

I think it's easier to review and understand when the more detailed
changes aren't lost in a sea of ‘rm -rf’ noise, but whatever ;).
Rebased onto master and squashed into two commits (the things I did
and the things glide did) with 2fcdec942b0bea.

wking added a commit to wking/image-spec that referenced this pull request Oct 20, 2016
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.  In situations
where you don't know the blob digest, the new DigestByte will help you
calculate it (for a byte array).

There is also a new 'strict' parameter to distinguish between
compliant images (which should only pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should pass regardless of strict).  The current JSON
Schemas are not strict, and I expect we'll soon gain Go code to handle
the distinction (e.g. [4]).  So the presence of 'strict' in the
Validator type is future-proofing our API and not exposing a
currently-implemented feature.

I've made the minimal sane changes to cmd/ and image/, because we're
dropping them from this repository [2] (and continuing them in
runtime-tools).

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
wking added a commit to wking/image-spec that referenced this pull request Oct 20, 2016
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.  In situations
where you don't know the blob digest, the new DigestByte will help you
calculate it (for a byte array).

There is also a new 'strict' parameter to distinguish between
compliant images (which should only pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should pass regardless of strict).  The current JSON
Schemas are not strict, and I expect we'll soon gain Go code to handle
the distinction (e.g. [4]).  So the presence of 'strict' in the
Validator type is future-proofing our API and not exposing a
currently-implemented feature.

I've made the minimal sane changes to cmd/ and image/, because we're
dropping them from this repository [2] (and continuing them in
runtime-tools).

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
wking added a commit to wking/image-spec that referenced this pull request Oct 20, 2016
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.  In situations
where you don't know the blob digest, the new DigestByte will help you
calculate it (for a byte array).

There is also a new 'strict' parameter to distinguish between
compliant images (which should only pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should pass regardless of strict).  The current JSON
Schemas are not strict, and I expect we'll soon gain Go code to handle
the distinction (e.g. [4]).  So the presence of 'strict' in the
Validator type is future-proofing our API and not exposing a
currently-implemented feature.

I've made the minimal sane changes to cmd/ and image/, because we're
dropping them from this repository [2] (and continuing them in
runtime-tools).

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
@stevvooe
Copy link
Contributor

stevvooe commented Oct 20, 2016

LGTM

Approved with PullApprove

1 similar comment
@vbatts
Copy link
Member

vbatts commented Oct 21, 2016

LGTM

Approved with PullApprove

@vbatts vbatts merged commit ed9ffce into opencontainers:master Oct 21, 2016
@wking wking deleted the drop-tools branch October 21, 2016 19:23
wking added a commit to wking/image-spec that referenced this pull request Oct 21, 2016
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.  In situations
where you don't know the blob digest, the new DigestByte will help you
calculate it (for a byte array).

There is also a new 'strict' parameter to distinguish between
compliant images (which should only pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should pass regardless of strict).  The current JSON
Schemas are not strict, and I expect we'll soon gain Go code to handle
the distinction (e.g. [4]).  So the presence of 'strict' in the
Validator type is future-proofing our API and not exposing a
currently-implemented feature.

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
wking added a commit to wking/image-spec that referenced this pull request Nov 1, 2016
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.  In situations
where you don't know the blob digest, the new DigestByte will help you
calculate it (for a byte array).

There is also a new 'strict' parameter to distinguish between
compliant images (which should always pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should only pass if strict is true).  The current
JSON Schemas are not strict, but the config/layer media type checks in
ValidateManifest exercise this distinction.

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
stderr.Println(err)
os.Exit(1)
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You delete this file in this place , but in the image-tools and did not restore the relevant content, why not? I think it is useful to use.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image-tools has all of the previous subcommands, just promoted to independent binaries. What were you missing?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, like the file, the set of all sub commands into a whole.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the image-tools maintainers made an explicit decision to split the former sub-commands out into their own binaries (#296, opencontainers/image-tools#1). I don't have strong feelings on that one way or the other. What this PR is about is that none of those commands belong in the spec ;). If you feel like the wrapping command is important, it's probably best to open an issue arguing your case in image-tools.

wking added a commit to wking/image-spec that referenced this pull request Jan 19, 2017
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.

There is also a new 'strict' parameter to distinguish between
compliant images (which should always pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should only pass if strict is true).  The current
JSON Schemas are not strict, but the config/layer media type checks in
ValidateManifest exercise this distinction.

Also use go-digest for local hashing now that we're vendoring it.

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
wking added a commit to wking/image-spec that referenced this pull request Jan 22, 2017
With image-tools split off into its own repository, the plan seems to
be to keep all intra-blob JSON validation in this repository and to
move all other validation (e.g. for layers or for walking Merkle
trees) in image-tools [1].  All the non-validation logic currently in
image/ is moving into image-tools as well [2].

Some requirements (e.g. multi-parameter checks like allowed OS/arch
pairs [3]) are difficult to handle in JSON Schema but easy to handle
in Go.  And callers won't care if we're using JSON Schema or not; they
just want to know if their blob is valid.

This commit restructures intra-blob validation to ease the path going
forward (although it doesn't actually change the current validation
significantly).  The old method:

  func (v Validator) Validate(src io.Reader) error

is now a new Validator type:

  type Validator(blob io.Reader, descriptor *v1.Descriptor, strict bool) (err error)

and instead of instantiating an old Validator instance:

  schema.MediaTypeImageConfig.Validate(reader)

there's a Validators registry mapping from the media type strings to
the appropriate Validator instance (which may or may not use JSON
Schema under the hood).  And there's a Validate function (with the
same Validator interface) that looks up the appropriate entry in
Validators for you so you have:

  schema.Validate(reader, descriptor, true)

By using a Validators map, we make it easy for library consumers to
register (or override) intra-blob validators for a particular type.
Locations that call Validate(...) will automatically pick up the new
validators without needing local changes.

All of the old validation was based on JSON Schema, so currently all
Validators values are ValidateJSONSchema.  As the schema package grows
non-JSON-Schema validation, entries will start to look like:

  var Validators = map[string]Validator{
    v1.MediaTypeImageConfig: ValidateConfig,
    ...
  }

although ValidateConfig will probably use ValidateJSONSchema
internally.

By passing through a descriptor, we get a chance to validate the
digest and size (which we were not doing before).  Digest and size
validation for a byte array are also exposed directly (as
ValidateByteDigest and ValidateByteSize) for use in validators that
are not based on ValidateJSONSchema.  Access to the digest also gives
us a way to print specific error messages on failures.

There is also a new 'strict' parameter to distinguish between
compliant images (which should always pass when strict is false) and
images that only use features which the spec requires implementations
to support (which should only pass if strict is true).  The current
JSON Schemas are not strict, but the config/layer media type checks in
ValidateManifest exercise this distinction.

Also use go-digest for local hashing now that we're vendoring it.

[1]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-10-12-21.01.log.html#l-71
[2]: opencontainers#337
[3]: https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.5
[4]: opencontainers#341

Signed-off-by: W. Trevor King <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants