Require explicit opt-in on experimental and internal-only GeoTIFF paths (PR 4 of epic #2340)#2356
Merged
Merged
Conversation
…hs (#2352) PR 4 of 6 under epic #2340 (GeoTIFF release contract). Adds the matching read-side gates for the Tier 3 / Tier 4 codecs the writer already gated in #2137 and #1845, and extends the ``allow_experimental_codecs`` opt-in onto the writer rich-tag attrs (``gdal_metadata_xml`` / ``extra_tags``). Read side: - ``open_geotiff`` / ``read_geotiff_dask`` / ``read_geotiff_gpu`` / ``read_vrt`` now reject sources compressed with LERC, JPEG2000 / J2K, or LZ4 unless ``allow_experimental_codecs=True``. - The same readers reject JPEG-in-TIFF unless ``allow_internal_only_jpeg=True``. The flags do not collapse. - Gates fire at the public entry point (eager) or at graph build (dask), before any decode work, so the caller learns the opt-in name from the rejection rather than a deeper decode failure. Write side: - ``to_geotiff`` and ``write_geotiff_gpu`` reject writes that include ``attrs['gdal_metadata_xml']`` or ``attrs['extra_tags']`` unless ``allow_experimental_codecs=True``. Round-tripped attrs (carrying ``_xrspatial_geotiff_contract``) are exempt so the canonical attrs contract from #1984 still round-trips without a flag. Tests: - New ``test_experimental_internal_optin_2352.py`` pins the rejections, the exemption shape, and the public signatures. - Existing codec / rich-tag tests pass the new opt-ins through; the ``test_reader_kwarg_order_1935.py`` canonical kwarg order is updated to slot the new flags next to the other ``allow_*`` policy gates. Out of scope (sibling PRs under epic #2340): - Docstring rewrites for public read/write entry points (#2346). - Docs release-contract page (#2347). - ``SUPPORTED_FEATURES`` tier audit (#2348). - Unsupported-combination errors (#2349). Closes #2352.
Contributor
Author
Self-reviewSuggestions (should fix, not blocking)
Nits
What looks good
Checklist
|
…soft gate, and dask graph-build skip (#2352) Documents three design choices flagged during the self-review pass on #2356: * _COMPRESSION_TAG_TO_NAME collapses TIFF tag 32946 (Adobe Deflate) onto the stable codec.deflate entry on purpose. The comment makes the deliberate collapse vs accidental passthrough obvious to a future reviewer. * The rich-tag gate's _xrspatial_geotiff_contract exemption is a soft gate by design: forging the marker by hand would bypass it, but the alternative (gating every read-then-write call) would break the canonical attrs round-trip from #1984. * The dask read-side gate uses getattr(..., None) so a synthesised geo_info (non-TIFF source) skips the check rather than rejects. The comment documents the lockstep invariant (_ifd_compression stashed alongside _ifd_photometric / _ifd_samples_per_pixel on every TIFF source path) so the skip never silently bypasses a real TIFF read.
…al-internal-optin # Conflicts: # xrspatial/geotiff/_backends/dask.py # xrspatial/geotiff/_backends/gpu.py # xrspatial/geotiff/_backends/vrt.py # xrspatial/geotiff/_reader.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
open_geotiff/read_geotiff_dask/read_geotiff_gpu/read_vrtnow reject sources using LERC / JPEG2000 / J2K / LZ4 unlessallow_experimental_codecs=True, and reject JPEG-in-TIFF unlessallow_internal_only_jpeg=True. The two flags do not collapse, mirroring the writer side.allow_experimental_codecsonto the writer rich-tag attrs (gdal_metadata_xml/extra_tags). Round-tripped attrs that carry the_xrspatial_geotiff_contractmarker (set by the readers) are exempt so the canonical attrs round-trip from geotiff: define a public contract for DataArray attrs (canonical / alias / pass-through) #1984 keeps working without a flag; fresh DataArrays that set those attrs explicitly require the opt-in.Scope notes
PR 4 of 6 under epic #2340. Closes #2352.
Out of scope, covered by sibling PRs:
SUPPORTED_FEATUREStier audit (Align SUPPORTED_FEATURES with epic #2340 tiering #2348)Test plan
test_experimental_internal_optin_2352.pycovers signature pins, validator unit tests (stable / experimental / internal-only / round-trip exemption), end-to-end read rejections + opt-in acceptance for LERC / LZ4 / JPEG2000 / JPEG-in-TIFF, and the dask graph-build gate.test_supported_features_tiers_2137.pystill passes (writer-side flag pins).test_reader_kwarg_order_1935.pycanonical order slots the new flags next to the otherallow_*gates.xrspatial/geotiff/tests/suite passes locally (4517 passed; CPU + dask paths, GPU + network deselected).xrspatial/tests/suite still passes locally (3889 passed).