Skip to content

Add option to enable/disable unknown fields in OCI config #12052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 21, 2025
Merged

Add option to enable/disable unknown fields in OCI config #12052

merged 2 commits into from
Aug 21, 2025

Conversation

@ioterw
Copy link
Contributor

@ioterw ioterw commented Aug 16, 2025

Currently in OCI config it is possible to add any extra json data, which will be ignored by runsc.
I found it is a bit confusing when was learning OCI implementation of gvisor (adding wrong/non existent fields does not produce any error or warning), therefore decided to add flag allow-unknown-fields, which is true by default (does not modify current behavior).
In case of being false, gvisor produces error like this:

reading spec: error unmarshaling spec from file "config.json": json: unknown field "oooooo"

@ayushr2
Copy link
Collaborator

ayushr2 commented Aug 16, 2025

Please squash the commits into 1. Currently this branch has 7 commits. If we were to merge this, all the intermediate commits will make it to the master branch.

@ioterw ioterw force-pushed the allow_unknown_fields branch from 9c3cb2d to e740c7e Compare August 17, 2025 14:00
@ioterw
Copy link
Contributor Author

ioterw commented Aug 17, 2025

Should be good

EtiennePerot
EtiennePerot requested changes Aug 19, 2025
View reviewed changes
runsc/config/config.go Outdated

// AllowUnknownFields allows unknown fields in the OCI config. If disabled,
// unknown fields will result in an error.
AllowUnknownFields bool `flag:"allow-unknown-fields"`
Copy link
Collaborator

@EtiennePerot EtiennePerot Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems a bit too vaguely-named. How about allow-unknown-oci-spec-fields?

Copy link
Contributor Author

@ioterw ioterw Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. Changed to allow-unknown-oci-spec-fields

EtiennePerot
EtiennePerot reviewed Aug 19, 2025
View reviewed changes
runsc/specutils/specutils.go Outdated
decoder := json.NewDecoder(bytes.NewReader(specBytes))
if !conf.AllowUnknownFields {
decoder.DisallowUnknownFields()
}
Copy link
Collaborator

@EtiennePerot EtiennePerot Aug 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I only thought about this after seconds review, but what do you think about removing the flag, and instead having the behavior here be like:

  • Try to parse with the DisallowUnknownFields option set.
  • If it succeeds, great, go ahead.
  • If it fails, try to parse again, this time without the DisallowUnknownFields option.
  • If that fails too (malformed JSON?), return the error from the second parsing attempt.
  • If the second parsing attempt succeeds, then log a warning with the error from the first parsing attempt, but still continue with the originally-decoded JSON.

This way avoids introducing a new flag, and also makes any lack of specific OCI option support in runsc more obvious even with default flags.

Copy link
Contributor Author

@ioterw ioterw Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what is better in general, but looks fine for me too. Can change a bit later today :)

@ioterw ioterw closed this Aug 20, 2025
@ioterw ioterw force-pushed the allow_unknown_fields branch from 4dfb562 to fc2f4df Compare August 20, 2025 19:24
@ioterw ioterw reopened this Aug 20, 2025
@ioterw
Copy link
Contributor Author

ioterw commented Aug 20, 2025

No more fields. Only small warning. Should we make it more loud? Or small log.Warningf is fine?

EtiennePerot
EtiennePerot requested changes Aug 20, 2025
View reviewed changes
runsc/specutils/specutils.go Outdated
return nil, fmt.Errorf("error unmarshaling spec from file %q: %v\n %s", specFile.Name(), err, string(specBytes))
decoder := json.NewDecoder(bytes.NewReader(specBytes))
decoder.DisallowUnknownFields()
if err := decoder.Decode(&spec); err != nil {
Copy link
Collaborator

@EtiennePerot EtiennePerot Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please give the 2 errors distinctive names to differentiate them from each other, like errStrictDecode and errLooseDecode or something.

runsc/specutils/specutils.go Outdated
if err2 := json.Unmarshal(specBytes, &spec); err2 != nil {
return nil, fmt.Errorf("error unmarshaling spec from file %q: %v\n %s", specFile.Name(), err2, string(specBytes))
} else {
log.Warningf("Problem with spec file %q: %v. Consider removing unnecessary fields.", specFile.Name(), err)
Copy link
Collaborator

@EtiennePerot EtiennePerot Aug 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can only happen in the case where there are unknown fields, and the message should also make it clear that this isn't a fatal error because the fields will be ignored.

log.Warningf("OCI spec file %q contains fields unknown to `runsc`: %v. Ignoring these fields and continuing anyway.")

@ioterw
Copy link
Contributor Author

ioterw commented Aug 21, 2025

@EtiennePerot Thx for showing the way. Good to squash?

copybara-service bot pushed a commit that referenced this pull request Aug 21, 2025
@ioterw @gvisor-bot
Add option to enable/disable unknown fields in OCI config
a29e098 
Currently in OCI config it is possible to add any extra json data, which will be ignored by runsc.
I found it is a bit confusing when was learning OCI implementation of gvisor (adding wrong/non existent  fields does not produce any error or warning), therefore decided to add flag `allow-unknown-fields`, which is `true` by default (does not modify current behavior).
In case of being `false`, gvisor produces error like this:
```
reading spec: error unmarshaling spec from file "config.json": json: unknown field "oooooo"
```

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12052 from ioterw:allow_unknown_fields 0662917
PiperOrigin-RevId: 797846468
@copybara-service copybara-service bot mentioned this pull request Aug 21, 2025
Merged
copybara-service bot pushed a commit that referenced this pull request Aug 21, 2025
@ioterw @gvisor-bot
Add option to enable/disable unknown fields in OCI config
2144f45 
Currently in OCI config it is possible to add any extra json data, which will be ignored by runsc.
I found it is a bit confusing when was learning OCI implementation of gvisor (adding wrong/non existent  fields does not produce any error or warning), therefore decided to add flag `allow-unknown-fields`, which is `true` by default (does not modify current behavior).
In case of being `false`, gvisor produces error like this:
```
reading spec: error unmarshaling spec from file "config.json": json: unknown field "oooooo"
```

FUTURE_COPYBARA_INTEGRATE_REVIEW=#12052 from ioterw:allow_unknown_fields 0662917
PiperOrigin-RevId: 797846468
@copybara-service copybara-service bot merged commit b60a9bd into google:master Aug 21, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EtiennePerot EtiennePerot EtiennePerot approved these changes

Assignees

No one assigned

Labels

ready to pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ioterw @ayushr2 @EtiennePerot