New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
YARN-11364. Docker Container to accept docker Image name with sha256 digest #5092
Conversation
🎊 +1 overall
This message was automatically generated. |
LGTM. |
2dbc4a0
to
5a780f0
Compare
🎊 +1 overall
This message was automatically generated. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ashutoshcipher , thank you for the patch. I entered a few comments.
@@ -208,6 +208,8 @@ public class DockerLinuxContainerRuntime extends OCIContainerRuntime { | |||
private static final Pattern dockerImagePattern = | |||
Pattern.compile(DOCKER_IMAGE_PATTERN); | |||
|
|||
private static final Pattern DOCKER_DIGEST_PATTERN = Pattern.compile("^sha256:[a-z0-9]{32,}$"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This allows "sha256:" followed by anywhere from 32 to an infinite number of characters. The maximum length of a SHA-256 is 64 characters. I believe Docker allows referencing a shortened SHA-256 as small as 12 characters, though I'm having trouble finding documentation to back that up.
Maybe we should go with either {32,64}
or {12,64}
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, Lets go with {12,64}
"123456789123.dkr.ecr.us-east-1.amazonaws.com/emr-docker-examples:pyspark-example" | ||
+ "@sha256:f1d4ae3f7261a72e98c6ebefe9985cf10a0ea5bd762585a43e0700ed99863807"}; | ||
|
||
String[] invalidNames = {"Ubuntu", "ubuntu || fedora", "ubuntu#", "myregistryhost:50AB0/ubuntu", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest also adding new negative tests here to make sure DOCKER_DIGEST_PATTERN
doesn't match inputs that we don't want it to match. For example:
// Invalid: contains "@sha256" but doesn't really contain a digest.
"123456789123.dkr.ecr.us-east-1.amazonaws.com/emr-docker-examples:pyspark-example@sha256"
// Invalid: digest is too short.
"123456789123.dkr.ecr.us-east-1.amazonaws.com/emr-docker-examples:pyspark-example@sha256:f1d4"
// Invalid: digest is too long (depending on if we take my code review feedback on the regex).
"123456789123.dkr.ecr.us-east-1.amazonaws.com/emr-docker-examples:pyspark-example@sha256:f1d4ae3f7261a72e98c6ebefe9985cf10a0ea5bd762585a43e0700ed99863807f"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, will add these negative test cases.
Thanks @cnauroth for review and comments. I will address them in my next commit. |
🎊 +1 overall
This message was automatically generated. |
@cnauroth, I have addressed your comments. Please help in reviewing it again. Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Thank you for incorporating the code review feedback, @ashutoshcipher . I can commit this in a little while, targeting trunk, branch-3.3 and branch-3.2.
@ashutoshcipher , thank you for the contribution. I have committed this to trunk, branch-3.3 and branch-3.2 (after resolving a merge conflict). @slfan1989 , thank you for your code review. |
…digest (apache#5092) Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com> Reviewed-by: slfan1989 <55643692+slfan1989@users.noreply.github.com> Signed-off-by: Chris Nauroth <cnauroth@apache.org>
Description of PR
JIRA - YARN-11364
Docker Container to accept docker Image name with sha256 digest.
While using docker and passing the using sha256 digest as docker image. It should be valid and not throw error
eg -
should be valid and not throw error.
How was this patch tested?
UT
For code changes:
LICENSE
,LICENSE-binary
,NOTICE-binary
files?