Document Conditional Requests #251
Conversation
|
@sargun had a comment about registry support for this. Many registries supply ETags today, but it's unclear if they already support conditional requests. One simple idea would be defining an HTTP header such that registries can positively indicate support for conditional requests. E.g. something dumb like:
If a client sees that header, they could rely on conditional request semantics. If they don't see that header, they could choose to alter their behavior to work around potential race conditions (if possible), log a warning, return an error, etc. |
|
|
||
| [RFC 7232](https://tools.ietf.org/html/rfc7232) defines the semantics of Conditional Requests in great detail, so this document will simply highlight the relevant portions of the RFC as applied to the Distribution Specification. | ||
|
|
||
| ### Safely Mutating Manifests |
There was a problem hiding this comment.
Is this limited to only mutating a manifest for a given tag?
There was a problem hiding this comment.
I can't really think of anywhere else this is needed, but I might be overlooking something. There are races when creating, moving, and deleting tags, but everything else should be safe in the face of concurrency... right?
I think it's fine for this to apply to e.g. a manifest PUT, by digest, but it seems not very useful. You could say "don't PUT this manifest if it already exists", but PUT should be idempotent regardless, and you either want the manifest to exist or not.
There was a problem hiding this comment.
I guess we could also use this when uploading blobs?
Instead of always doing a HEAD request to check for blob existence in a registry, you could just start with a POST that includes the If-None-Match header (if you know the blob digest). The registry returning a 412 would indicate that the blob already exists, and we could do both the existence check and the upload initiation in a single request.
Unfortunately, this would require us to have deterministic Etags, as @awakecoding is suggesting, which I like, but I haven't thought completely through.
There was a problem hiding this comment.
I agree that having deterministic etags would be great to have, but that is already something mostly managed by a registry themself, since any client would not particularly expect portability of a given etag across registries, would they?
What API would the registry have to add this header for -- all? It seems like to me, the client can be optimistic, and if the registry doesn't support it, it can return some known error value. |
I would say anywhere that includes an
I don't think that works. If a registry doesn't implement conditional requests, the registry would happily just allow any requests to go through and not return any errors for conflicts. We need the registry to signal positive support, because by default there is no way to determine the lack of support beyond probing the registry's behavior by sending a request you would expect to fail. |
Signed-off-by: Jon Johnson <jonjohnson@google.com>
jonjohnsonjr
requested review from
dmcgowan,
jdolitsky,
jzelinskie,
mikebrow and
vbatts
as code owners
|
|
||
| [RFC 7232](https://tools.ietf.org/html/rfc7232) defines the semantics of Conditional Requests in great detail, so this document will simply highlight the relevant portions of the RFC as applied to the Distribution Specification. | ||
|
|
||
| ### Safely Mutating Manifests |
There was a problem hiding this comment.
I agree that having deterministic etags would be great to have, but that is already something mostly managed by a registry themself, since any client would not particularly expect portability of a given etag across registries, would they?
| @@ -98,6 +98,11 @@ When process B attempts to upload the layer, the registry indicates that its not | |||
| If process A and B upload the same layer at the same time, both operations will proceed and the first to complete will be stored in the registry. | |||
| Even in the case where both uploads are accepted, the registry may securely only store one copy of the layer since the computed digests match. | |||
|
|
|||
| ### Conditional Requests | |||
|
|
|||
| A container engine would like to safely push a new tag or modify an existing tag without racing against another container engine acting upon the registry at the same time. | |||
| If-None-Match: * | ||
| ``` | ||
|
|
||
| If there already exists a manifest in the registry with a matching tag identifier, the registry MUST return a `412 Precondition Failed` response. |
There was a problem hiding this comment.
It's a nitpick, but maybe we should include this in the spec and not have a bunch of files. I feel like the other files we've had have rotted over time because they were not being reviewed alongside everything else.
|
@jonjohnsonjr - can you address @vbatts and @jzelinskie comments above and we can merge? Also - are these things we can realistically add to the conformance suite? |
|
Friendly ping. Some of the recent discussion in the reference types WG has bumped into this as a blocker, and even regardless of how/whether that work uses and updates indexes, it would be great to have this formally spelled out. @opencontainers/distribution-spec-maintainers any more comments and/or approvals? |
Can we be sure that there isn't a case where the current registry only uses etags for |
Here's a first stab at #250
This isn't complete, but I wanted to get something together so we can start bikeshedding.
A couple other use cases we should add are deleting tags (untagging) and interactions with caches.