Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

append annotations instead of overwrite? #571

Open
rchincha opened this issue Sep 15, 2022 · 14 comments
Open

append annotations instead of overwrite? #571

rchincha opened this issue Sep 15, 2022 · 14 comments
Assignees
@FeynmanZhou
Labels
enhancement New feature or request question Further information is requested spec required Issues that require specifications
Milestone
v1.3.0

Comments

@rchincha
Copy link

oras push with annotations appears to assume a full update. Is there any way to perform an append to existing annotations?
@sajayantony
Copy link
Contributor

sajayantony commented Sep 15, 2022
edited
Loading

+1 on this. I would like to propose an amend command that would

  1. Add an annotation to an existing manifest
  2. Put the new manifest
  3. Delete the old manifest by digest so that we don’t have a dangling manifest but maybe have and option to skip delete(flag)

@qweeah
Copy link
Contributor

qweeah commented Sep 16, 2022

Add an annotation to an existing manifest
Put the new manifest
Delete the old manifest by digest so that we don’t have a dangling manifest but maybe have and option to skip delete(flag)

@rchincha Will this functionally cover what you need?

@qweeah qweeah added the enhancement New feature or request label Sep 16, 2022
@rchincha
Copy link
Author

https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-manifests

Note the two options that are possible.
By digest, it is a read-copy-update operation but by tag, it is a single in-situ update.
Thoughts?

@shizhMSFT shizhMSFT added the question Further information is requested label Sep 16, 2022
@shizhMSFT
Copy link
Contributor

shizhMSFT commented Sep 16, 2022
edited
Loading

Amending manifests can have unintended consequences that can affect existing attached artifacts, associated tags, and associated manifest list / index.

  • Scenario 1: Amending annotations of a signed image
    • Modifying a manifest will result in a manifest with a new digest. The signature of the previous manifest gets invalidated immediately.
  • Scenario 2: Amending annotations of an image tagged with latest, v1.1.0, v1.1, v1.
    • Modifying a manifest will result in a manifest with a new digest, which is not tagged.
    • If the previous manifest gets deleted, all associated tags are deleted.
    • Since there is no common API to reverse search the tags of the manifest being amended, the client has to scan all tags, which is inefficient with a repository full of tags, in order to tag the new manifest with the same tags.
  • Scenario 3: Amending annotations of an image manifest, which is in a manifest list.
    • Modifying a manifest will result in a manifest with a new digest. Therefore, the corresponding manifest list is required to be updated.

@shizhMSFT
Copy link
Contributor

shizhMSFT commented Sep 16, 2022
edited
Loading

+1 on this. I would like to propose an amend command that would

  1. Add an annotation to an existing manifest
  2. Put the new manifest
  3. Delete the old manifest by digest so that we don’t have a dangling manifest but maybe have and option to skip delete(flag)

Although we don't have a command like oras manifest amend --annotation key=value, this operation can be equivalently achieved using the oras CLI built from the main branch by

  1. oras manifest fetch localhost:5000/test:latest --descriptor -o manifest.json
  2. Edit manifest.json with any tools
  3. oras manifest push localhost:5000/test:latest manifest.json
  4. Delete the old manifest by oras manifest delete localhost:5000/test@sha256:xxxx using the digest obtained from step 1.

@rchincha
Copy link
Author

rchincha commented Sep 16, 2022
edited
Loading

A slight enhancement ...

oras manifest amend --annotation key=value
^ a single key/val

(OR) this

oras manifest amend --annotation key=value,key=value,key=value...

@rchincha
Copy link
Author

Amending manifests can have unintended consequences that can affect existing attached artifacts, associated tags, and associated manifest list / index.

* **Scenario 1**: Amending annotations of a signed image
  
  * Modifying a manifest will result in a manifest with a new digest. The signature of the previous manifest gets invalidated immediately.

* **Scenario 2**: Amending annotations of an image tagged with `latest`, `v1.1.0`, `v1.1`, `v1`.
  
  * Modifying a manifest will result in a manifest with a new digest, which is not tagged.
  * If the previous manifest gets deleted, all associated tags are deleted.
  * Since there is no common API to reverse search the tags of the manifest being amended, the client has to scan all tags, which is inefficient with a repository full of tags, in order to tag the new manifest with the same tags.

* **Scenario 3**: Amending annotations of an image manifest, which is in a manifest list.
  
  * Modifying a manifest will result in a manifest with a new digest. Therefore, the corresponding manifest list is required to be updated.

Signatures or any other invariant will be invalidated since the image manifest itself is changing, which may be ok and would requiring re-signing etc.

When we compose, extend or distribute images based off of other images, this is really the normal.

@shizhMSFT
Copy link
Contributor

A slight enhancement ...

oras manifest amend --annotation key=value ^ a single key/val

(OR) this

oras manifest amend --annotation key=value,key=value,key=value...

If we decide to do this, a suggested command is

oras manifest amend --annotation key=value --annotation key=value ...

which is consistent with oras push.

@shizhMSFT
Copy link
Contributor

/cc @FeynmanZhou @yizha1 for inputs.

@shizhMSFT
Copy link
Contributor

shizhMSFT commented Sep 20, 2022
edited
Loading

There are more questions:

  • We can amend an image manifest. How about OCI Index / manifest list?
  • What's the UX to delete an annotation entry? Note: empty string is a valid value.

@FeynmanZhou
Copy link
Member

FeynmanZhou commented Sep 21, 2022
edited
Loading

Although we don't have a command like oras manifest amend --annotation key=value, this operation can be equivalently achieved using the oras CLI built from the main branch by

  1. oras manifest fetch localhost:5000/test:latest --descriptor -o manifest.json

  2. Edit manifest.json with any tools

  3. oras manifest push localhost:5000/test:latest manifest.json

  4. Delete the old manifest by oras manifest delete localhost:5000/test@sha256:xxxx using the digest obtained from step 1.

I think it's significant to support amend annotations to simplify the process above.

The effects on the existing attached artifacts, associated tags, and associated manifest list / index are acceptable but should be explicitly informed to users in the documentation or somewhere.

If we decide to do this, a suggested command is

oras manifest amend --annotation key=value --annotation key=value ...

The sample above only considered the case of appending new annotations. Should Delete or Modify annotations also be considered in the amending case?

@mathieu-benoit
Copy link

Just found this thread, I think it would be interesting indeed to have an easy way to add annotations on an existing image (not just via oras push), like we could do with crane mutate for example:

crane mutate --annotation foo=bar myimage

With the current state of oras, I was able to accomplish this like this:

oras manifest fetch myimage > manifest.json
jq '.annotations.foo = "bar"' manifest.json > manifest-tmp.json && mv manifest-tmp.json manifest.json

Just sharing.

@qweeah
Copy link
Contributor

qweeah commented Jan 3, 2023

@mathieu-benoit Thanks for sharing. You can actually pipeline commands into one line like below:

IMAGE="myimage"
oras manifest fetch $IMAGE |jq '.annotations.foo = "bar"' |oras manifest push $IMAGE -

Also don't forget that the original manifest should be deleted via oras manifest delete

@FeynmanZhou FeynmanZhou added this to the v1.2.0 milestone Mar 22, 2023
@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale Inactive issues or pull requests label Jul 24, 2023
@qweeah qweeah removed the stale Inactive issues or pull requests label Jul 31, 2023
@qweeah qweeah modified the milestones: v1.2.0, future Oct 17, 2023
@FeynmanZhou FeynmanZhou modified the milestones: future, v1.3.0 Mar 4, 2024
@FeynmanZhou FeynmanZhou added the spec required Issues that require specifications label Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FeynmanZhou FeynmanZhou

Labels
enhancement New feature or request question Further information is requested spec required Issues that require specifications
Projects
ORAS Project Board-2023
Status: In Progress
ORAS-Planning
Status: No status
Milestone
v1.3.0
Development

No branches or pull requests
6 participants
@sajayantony @qweeah @mathieu-benoit @shizhMSFT @FeynmanZhou @rchincha