-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support features with resources, e.x. shell scripts #32
Comments
I have a very raw protoype at https://github.com/PetrGlad/pazuzu-registry/tree/32-attachments |
There is now working server-side implementation in https://github.com/PetrGlad/pazuzu-registry/tree/32-attachments. Missing piece is file checksums. See also https://github.com/zalando/pazuzu-registry/wiki/File-attachments for details. |
To complete implementation we need UI part (add/remove files, and highlighting in code editor for present/missing files in Docker instructions) and support from CLI side (fetch files from registry before build). You can ask me if you have any questions regarding this. |
@PetrGlad regarding API, File object has name which has unique constraint, this raises next questions:
|
I think easiest solution would be to provide path, like: |
@pgronkiewicz you mean provide this path as file name for attachment to be uploaded? I thought about this too (not full, url, but just feature-name/file-name), but current implementation not allows this:
|
Some changes in the code may be needed. I don't think it should be passed though, as from the source you have access to feature name you are creating, so it should create a path using that. |
Ok, so current File REST API should be rewritten, currently it looks like:
So, no relations to particular feature. Probably there should be any relation to particular feature:
But then need to know featureId should be created, so first need to store Feature, get id, then associate attachments with it. |
One thing we should keep in mind is that we should not expose those files until they are approved. Otherwise we risk having our repository as a storage for uknown and potentially illegal/harmful content. |
Ok, then we can add endpoint for approval:
Calls:
|
We should write some good tests about it, to make sure we don't expose unapproved resources. |
Ok, I will handle this |
First of all, why do you need to strictly bind a file to a particular feature? What's wrong with sharing them? Regarding filenames - they can be arbitrary. If UI needs to select one it can just start with feature name with a generated suffix, however I was expecting that user enters some meaningful name when file is added. Current API binds existing files to feature automatically when feature is saved - any references found in Dockerfile are linked (and missing are unlinked). You can read files attached to a feature with existing API, /api/features/{feature-name}/files |
And there's unclear purpose of this project. If it's intended for in-house use by other organizations then it requires one set of features, if it's intended as public service there's host of completely different requirements. I do not see where feature/files approval fits here. If it's necessary I still think that it's best implemented with tags which we already have. |
We should never create tooling just for one company :) Approvals are needed to ensure quality and security of features available through the registry. You should always trust what you are getting back, so we cannot have unchecked features and resources inside. This issue is viable both for running this software inhouse (so Security team is happy) and as an open-source registry (so people don't use it for sharing torrents, etc) |
Sometimes a feature has some resources that would be copied to a docker image, e.x. official Golang docker image comes with go-wrapper:
https://github.com/docker-library/golang/tree/1eab0db63794152b4516dbcb70270eb9dced4cbd/1.5
The text was updated successfully, but these errors were encountered: