-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Save "META" field in Dockerfile into image content. #7470
Conversation
If you're thinking about adding a json payload, wouldn't it be better to define it as always JSON hash - rather than making it a string and then hoping that the divergent uses don't cause pain? that way, the separator escaping becomes more consistent too? |
Did not know I could do that, I will experiment with this today. But yes I believe this data should be in JSON format. |
If multiple I can imaging meta being used for various purposes. If data is stored as (a) JSON hash(es), I would like to have the option to update/append/remove data in that hash. Especially, if meta-data is inherited from the 'FROM' image. |
Updated to require JSON Format |
@thaJeztah I think that each image would have its own META data. So you could walk through the layered images to see all of the data. |
Here is a little python script that would allow you to look at the Meta data of all images used to create the current image. inspect.py import json |
@rhatdan makes sense yeah. Would require me to loop through all layers, but I guess that's unavoidable. Thx |
@rhatdan thanks again for that example, our comments just crossed 😄 Should this usage example be part of the docs, of would that be "out of scope"? Wdyt? |
Currently it looks like it appends them together. docker inspect |
Awesome! That's actually what I like! That should definitely be included as an example in the docs, so that users know what to expect when using |
Well the Meta Data is really only for the Image, IE If you build an image from Red Hat and then added data from "ACME" you would want Vendor of one layer to say ACME, and the base image to say Redhat |
IAMTM but it seems like this would be better implemented as a simple k/v store. I also think we are trying to reduce the amount of JSON exposed in the UI (Dockerfiles, CLI, etc) Again, IAMTM so don't go changing things based on this comment. |
Ok, right about that, but I would be able to obtain that info by looping through the layers? Other option would be to organise the meta-data using the layer-id as key, e.g.
But I feel that would be awkward to use and replicating the layers? Update; comment was targeted at @rhatdan, not @cpuguy83 .. Timing, LOL |
@cpuguy83 +1 on that one, only wondering;
|
How about if I allow both syntax META Organization: Red Hat, version :1.2, License: ASL 2.0, The code would just wrap this code with {} and do a json test. and standard json META { Organization: Red Hat, version :1.2, License: ASL 2.0 } |
To give you an idea of what kind of data we would see being stored in META data fields. Look at what rpm ships rpm -qi httpdName : httpd |
@rhatdan is that JSON or a multi-line string? Automatically wrapping the string following
Which will probably become:
At this point, the limitations of the Dockerfile format are becoming a bit of an issue (IMO), especially when defining "structured" information. |
Yes after fooling around with this a little more, I think sticking to json would be best. Writing the META content is a programmer/sysadmin job, they should be able to figure out how to write json. I worked late into the night last night, trying to get the Dockerfile content recorded into the Meta Field, and ended up settling on encoding the dockerfile commands as a string separated by \n. For a dockerfile that looks like: cat ~/DockerfileFROM fedora:rawhide I end up with docker inspect If someone has a better format than this, I am all ears. |
Just be aware that these;
Are (afaik) technically valid JSON (so, including strings, integers and floats), but not objects. Wether or not your implementation should accept them, is probably up to you :) |
Not sure why I wouldn't allow them. If an admin or programmer wants to put strange meta data into his image, not sure why I would block it. |
👍 comment was mainly to confirm if your PR wouldn't fail if something like that was used, don't know if the tests currently check for those :) (haven't looked TBH) |
2d35522
to
919a09f
Compare
Back from Vacation, updating Pull Requests and seeing if there is anything I can do to move these along. |
149a575
to
5c9d327
Compare
since everything is metadata, including Ports and Env, perhaps META is too generic for this. Really the distinction I'm seeing for this feature, which I feel has a place in the images ecosystem, is that this concept conveys information that is bound to the image, deterministically accesible (not like a random META-INF file in the image's filesystem), and is part of the information provided from image builder to the consumer of the image. |
The other Name that came up was Vendor. |
|
||
if r.Form.Get("meta") != "" { | ||
if err := json.Unmarshal([]byte(r.Form.Get("meta")), &meta); err != nil { | ||
return fmt.Errorf("META Data must be specified in valid json format") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we could be a little bit more specific for API error messages: ideally validation error like this would list verbatim: the field, optionally their value and what was the failed. expectation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the error message, so now
grep META ~/Dockerfile
META { Da=1, "Description" : "This image is used to start the foo executable", "Vendor" : "ACME Products", "Version" : "1.0" }
Would give an error like.
Step 3 : META { Da=1, "Description" : "This image is used to start the foo executable", "Vendor" : "ACME Products", "Version" : "1.0" }
2014/10/03 13:42:09 META Data must be specified in valid json format: invalid character 'D' looking for beginning of object key string
3a080a0
to
59dd2f0
Compare
+1 for this feature, being able to embed metadata and pull it from the API will be very useful in an enterprise environment. |
028aa18
to
8ab68d9
Compare
This will allow a user to save META data into an image, which can later be retrieved using: docker inspect IMAGEID I have copied this from the "Comment" handling in docker images. We want to be able to add json data to an image to describe the image, and then be able to use other tools to look at this data, to be able to do security checks based on this data. We are thinking about adding version names, Perhaps listing the content of the dockerfile. Descriptions of where the code came from etc. One option is to call this flag Meta, another would be to call it Vendor. Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
type Image struct { | ||
ID string `json:"id"` | ||
Parent string `json:"parent,omitempty"` | ||
Comment string `json:"comment,omitempty"` | ||
Meta *MetaData `json:"meta,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Meta
does not clearly reflect intended use. I would prefer something more explicit like userdata
or maybe labels
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like userdata
is the preference among maintainers so far.
We are reviewing design here, since the implementation itself is against the old builder implementation. If we agree on design we can go back to talking about implementation. Comments on design:
@rhatdan to avoid wasting more of your time on implementation back-and-forth, could you re-submit a docs-only patch, so we can lock down design (both UI and API)? Once that's approved, it will be easier to get your implementation through. Note: when submitting that docs patch, don't worry too much about cosmetic/form review by docs maintainers until the content itself is approved. Closing for bookkeeping, looking forward to the v2. Thanks! |
This will allow a user to save META data into an image, which
can later be retrieved using:
docker inspect IMAGEID
I have copied this from the "Comment" handling in docker images.
We want to be able to add json data to an image to describe the image, and
then be able to use other tools to look at this data, to be able to do
security checks based on this data.
We are thinking about adding version names, Perhaps listing the content of the dockerfile.
Descriptions of where the code came from etc.
One option is to call this flag Meta, another would be to call it Vendor.
Docker-DCO-1.1-Signed-off-by: Dan Walsh dwalsh@redhat.com (github: rhatdan)