Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

graph-builder: switch to using dkregistry and implement authenticated requests #4

Merged
merged 4 commits into from
Nov 16, 2018

Conversation

steveej
Copy link
Contributor

@steveej steveej commented Oct 12, 2018

No description provided.

@openshift-ci-robot openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 12, 2018
@steveej steveej changed the title [WIP] graph-builder: switch to using dkregistry and implement support authenticated requests [WIP] graph-builder: switch to using dkregistry and implement authenticated requests Oct 12, 2018
graph-builder/Cargo.toml Outdated Show resolved Hide resolved
docs/design/cincinnati.md Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
@steveej steveej changed the title [WIP] graph-builder: switch to using dkregistry and implement authenticated requests [WIP][TOO EARLY TO REAVIEW] graph-builder: switch to using dkregistry and implement authenticated requests Oct 12, 2018
@steveej steveej changed the title [WIP][TOO EARLY TO REAVIEW] graph-builder: switch to using dkregistry and implement authenticated requests [WIP][TOO EARLY TO REVIEW] graph-builder: switch to using dkregistry and implement authenticated requests Oct 12, 2018
@steveej steveej force-pushed the switch-to-dkregistry branch 2 times, most recently from 28ff3a3 to 44a9c2a Compare October 12, 2018 22:35
@steveej steveej changed the title [WIP][TOO EARLY TO REVIEW] graph-builder: switch to using dkregistry and implement authenticated requests [WIP] graph-builder: switch to using dkregistry and implement authenticated requests Oct 12, 2018
@steveej steveej force-pushed the switch-to-dkregistry branch 3 times, most recently from 1b8ad70 to f983bff Compare October 12, 2018 22:44
graph-builder/src/main.rs Outdated Show resolved Hide resolved
graph-builder/Cargo.toml Outdated Show resolved Hide resolved
graph-builder/Cargo.toml Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
@steveej steveej force-pushed the switch-to-dkregistry branch 5 times, most recently from b6b254e to 103816b Compare October 27, 2018 21:10
@openshift-ci-robot openshift-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 27, 2018
@steveej steveej force-pushed the switch-to-dkregistry branch 2 times, most recently from 9c8e925 to aab6d10 Compare October 27, 2018 22:52
@steveej steveej force-pushed the switch-to-dkregistry branch from aab6d10 to dd96805 Compare October 31, 2018 21:06
@steveej steveej changed the title [WIP] graph-builder: switch to using dkregistry and implement authenticated requests graph-builder: switch to using dkregistry and implement authenticated requests Oct 31, 2018
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 31, 2018
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
.trim_left_matches("http://")
}

fn get_credentials_or_empty_reader(credentials_path: &Option<PathBuf>) -> Box<dyn std::io::Read> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you just inline this function, you can avoid the heap allocation. I don't think this helps much with readability.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using Box<dyn std::io::Read> as the return type is the only way I've found to tell the compiler that all cases yield a reader. I've double-checked inlining this yesterday and couldn't make it work. Do you want me to triple-check?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I managed to inline the functionality yet the Box is still required. I suggest we leave it in and revisit on subsequent compiler releases.

graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
Copy link
Contributor

@crawford crawford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't made it all the way through this yet. clippy also has some suggestions you should follow.

graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
) {
Ok(mut tags) => {
if tags.len() == 0 {
bail!("{}/{} has no tags", registry, repo);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem like an error condition.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if tags.len() == 0 {
bail!("{}/{} has no tags", registry, repo);
}
tags.sort();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why bother sorting the list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I designed the tests in a way to expect a certain vector of results because the documentation says the tags are returned in a lexical sorted order. Quay seems to diverge from that so this sort enforces what the docker registry API documents.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should really try to avoid coupling to Quay as much as possible. CI cannot depend on it being up and they have already expressed concern over the amount of load we are putting on them. I'd rather we just adjusted our tests instead of the product.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's possible to neglect the order in the tests, with the downside of making a failed test more difficult to debug.

graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
graph-builder/src/registry.rs Outdated Show resolved Hide resolved
.and_then(|tag_layer_digests| match tag_layer_digests {
Ok((tag, layer_digests)) => {
if layer_digests.len() == 0 {
bail!("layer_digests list empty")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem like an error condition. We can handle this gracefully.

Copy link
Contributor Author

@steveej steveej Nov 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting the context for the discussion: this is the case when there are no layers available for a discovered tag, which seems highly unexpected. Do you think it's better to just log the errors and drive the whole chain to completion and yield an empty result vector?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Logging the warning and then just returning an empty vector is fine.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't tested this behavior yet. It's not possible to upload an image without layers so this would include a bit of mocking.

@steveej steveej force-pushed the switch-to-dkregistry branch 5 times, most recently from 9924ec2 to ac7ac6f Compare November 16, 2018 17:15
Using the opportunity to update all dependencies.
@steveej steveej force-pushed the switch-to-dkregistry branch 2 times, most recently from 7a80125 to a594e53 Compare November 16, 2018 20:44
rustfmt 0.99.6-nightly (750b252 2018-10-18)
… calls

Switch to using dkregistry for all registry requests which supports
asynchronous authenticated calls towards image registries.
This commit also adds the parameter `--credentials-file` which takes a
path to a JSON file as produced by `docker login`[1].

[1]: https://docs.docker.com/engine/reference/commandline/login/
@steveej steveej force-pushed the switch-to-dkregistry branch from a594e53 to b074a25 Compare November 16, 2018 20:47
@crawford
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 16, 2018
@crawford crawford merged commit 2e37a45 into openshift:master Nov 16, 2018
@steveej steveej deleted the switch-to-dkregistry branch November 17, 2018 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants