Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(referrers): delete manifest with subject #174

Open
wants to merge 35 commits into
base: main
Choose a base branch
from
Open

feat(referrers): delete manifest with subject #174

wants to merge 35 commits into from

Conversation

pat-pan
Copy link
Contributor

@pat-pan pat-pan commented Jan 6, 2025
edited
Loading

What this PR does / why we need it

The PR is to implement the feature to delete manifest with subject as per the OCI distribution spec v1.1.0.

Which issue(s) this PR resolves / fixes

Resolves / Fixes #160

Please check the following list

  • Does the affected code have corresponding tests, e.g. unit test, E2E test?
  • Does this change require a documentation update?
  • Does this introduce breaking changes that would require an announcement or bumping the major version?
  • Do all new files have an appropriate license header?

Patrick Pan added 23 commits November 18, 2024 18:16
push manifest with subject
e3e1217 
Signed-off-by: Patrick Pan <[email protected]>
add unit tests
846e173 
Signed-off-by: Patrick Pan <[email protected]>
add unit tests
7fca0cb 
Signed-off-by: Patrick Pan <[email protected]>
Merge branch 'main' into feature/pushManifestWithSubject
ec93662
resolve merge conflicts
7809549 
Signed-off-by: Patrick Pan <[email protected]>
add tests
c7e4418 
Signed-off-by: Patrick Pan <[email protected]>
add comments
a6d552f 
Signed-off-by: Patrick Pan <[email protected]>
add unit test
685ab70 
Signed-off-by: Patrick Pan <[email protected]>
add unit tests
1b9ade3 
Signed-off-by: Patrick Pan <[email protected]>
resolve comments
5041592 
Signed-off-by: Patrick Pan <[email protected]>
add SetReferrersSupportLevel func and unit tests
c26ccb6 
Signed-off-by: Patrick Pan <[email protected]>
remove NoReferrerUpdateException and update tests accordingly
ddbf048 
Signed-off-by: Patrick Pan <[email protected]>
add Index constructor
d6e8499 
Signed-off-by: Patrick Pan <[email protected]>
add license header
cf431f0 
Signed-off-by: Patrick Pan <[email protected]>
resolve merge conflicts
50e696e 
Signed-off-by: Patrick Pan <[email protected]>
add lock on SetReferrerState
856c0ef 
Signed-off-by: Patrick Pan <[email protected]>
simplify ApplyReferrerChanges
fcb121e 
Signed-off-by: Patrick Pan <[email protected]>
resolve comments
2b24e07 
Signed-off-by: Patrick Pan <[email protected]>
Merge branch 'main' into feature/pushManifestWithSubject
7df36ca 
Signed-off-by: Patrick Pan <[email protected]>
delete manifest with subject
36a428f 
Signed-off-by: Patrick Pan <[email protected]>
add reference clone
1813869 
Signed-off-by: Patrick Pan <[email protected]>
change variable naming
878535c 
Signed-off-by: Patrick Pan <[email protected]>
fix merge conflict
4bee2cc 
Signed-off-by: Patrick Pan <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Jan 6, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 83.03571% with 19 lines in your changes missing coverage. Please review.

Project coverage is 83.24%. Comparing base (1c58199) to head (d5c38b9).

Files with missing lines Patch % Lines
src/OrasProject.Oras/Registry/Remote/Repository.cs 75.75% 5 Missing and 3 partials ⚠️
.../OrasProject.Oras/Registry/Remote/ManifestStore.cs 80.55% 3 Missing and 4 partials ⚠️
src/OrasProject.Oras/Registry/Reference.cs 66.66% 2 Missing and 1 partial ⚠️
...sProject.Oras/Registry/Remote/ResponseException.cs 95.45% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #174      +/-   ##
==========================================
- Coverage   83.25%   83.24%   -0.01%     
==========================================
  Files          37       37              
  Lines        1266     1355      +89     
  Branches      149      164      +15     
==========================================
+ Hits         1054     1128      +74     
- Misses        149      158       +9     
- Partials       63       69       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Patrick Pan added 4 commits January 13, 2025 15:22
add unit tests
d7eb9b5 
Signed-off-by: Patrick Pan <[email protected]>
remove unnecessary changes
dfc538d 
Signed-off-by: Patrick Pan <[email protected]>
remove unnecessary changes
ff334ca 
Signed-off-by: Patrick Pan <[email protected]>
move ResponseException to Exceptions folder
53f8e12 
Signed-off-by: Patrick Pan <[email protected]>
Wwwsylvia
Wwwsylvia reviewed Jan 14, 2025
View reviewed changes
src/OrasProject.Oras/Exceptions/ResponseException.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/Referrers.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/ManifestStore.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/Repository.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/Repository.cs
reference.ContentReference = Referrers.ZeroDigest;
var url = new UriFactory(reference, Options.PlainHttp).BuildReferrersUrl();
var request = new HttpRequestMessage(HttpMethod.Get, url);
var response = Options.HttpClient.SendAsync(request, cancellationToken).ConfigureAwait(true).GetAwaiter()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we await this function and make PingReferrers async? But async calls are not allowed within the lock statement. We can try SemaphoreSlim.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SemaphoreSlim does not seem right either. We need to consider a lock-free version.

resolve comments
b13de61 
Signed-off-by: Patrick Pan <[email protected]>
shizhMSFT
shizhMSFT reviewed Jan 15, 2025
View reviewed changes
src/OrasProject.Oras/Exceptions/ResponseException.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Exceptions/ResponseException.cs Outdated
using System.Text.Json.Serialization;

namespace OrasProject.Oras.Registry.Remote;

public class ResponseException : HttpRequestException
{
{
public static readonly string ErrorCodeNameUnknown = "NAME_UNKNOWN";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be grouped as an enum for ErrorCode?

src/OrasProject.Oras/Registry/Reference.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/ManifestStore.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/ManifestStore.cs Outdated Show resolved Hide resolved
src/OrasProject.Oras/Registry/Remote/ManifestStore.cs Outdated
await Repository.DeleteAsync(target, true, cancellationToken).ConfigureAwait(false);
return;
}
var manifest = await FetchAsync(target, cancellationToken).ConfigureAwait(false);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The manifest is not verified against the target descriptor. It is possible that a corrupted manifest is fetched.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to clarify that if this is to, for example, check the digests between target and manifest?

src/OrasProject.Oras/Registry/Remote/ManifestStore.cs Outdated
await Repository.DeleteAsync(target, true, cancellationToken).ConfigureAwait(false);
return;
}
var manifest = await FetchAsync(target, cancellationToken).ConfigureAwait(false);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The download size of the manifest is not limited / well-guarded. It means it is vulnerable to excessive resource attack.

src/OrasProject.Oras/Registry/Remote/Repository.cs Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Wwwsylvia Wwwsylvia Wwwsylvia left review comments

@shizhMSFT shizhMSFT shizhMSFT left review comments

@sammychinedu2ky sammychinedu2ky Awaiting requested review from sammychinedu2ky sammychinedu2ky is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Delete Manifest with subject
3 participants
@pat-pan @Wwwsylvia @shizhMSFT