Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add initial support for domains #1829

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add initial support for domains #1829

wants to merge 1 commit into from

Conversation

gerrod3
Copy link
Contributor

@gerrod3 gerrod3 commented Nov 21, 2024

This doesn't fully add support for domains. It just allows us to turn on the feature with pulp-container installed. I'm splitting up the work, thanks to @mdellweg suggestion, in order to make it easier to review and merge.

@gerrod3 gerrod3 force-pushed the domains branch 2 times, most recently from 9d173eb to d7e86c1 Compare November 21, 2024 21:18
mdellweg
mdellweg reviewed Nov 22, 2024
View reviewed changes
CHANGES/domain-enablement.feature Outdated
Comment on lines 1 to 2
Add partial support for Domains. The plugin can be installed with the feature turned on, but only
the default domain will properly work.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would much prefer if we can say "it only functions in the default domain". By that i mean, that you could not create a container repository outside of the default domain for example.

@gerrod3 gerrod3 force-pushed the domains branch 9 times, most recently from 5904d07 to 257de4e Compare January 28, 2025 16:32
@git-hyagi
Copy link
Contributor

I saw that in some places we are creating the objects with the domain definition, but in others we are not (which is fine, since it will use the default domain).
Should we update these to keep consistency and avoid issues in a future full feature support?

             namespaces = models.ContainerNamespace.objects.filter(pulp_domain=domain)

        ra = RemoteArtifact(
            url=blob_url,
            sha256=digest[len("sha256:") :],
            content_artifact=ca,
            remote=self.remote,
+            pulp_domain=get_domain(),
        )
  • tasks/sign.py

    pulp_container/pulp_container/app/tasks/sign.py

    Lines 138 to 147 in 257de4e

    signature = ManifestSignature(
    name=f"{manifest_digest}@{sig_digest[:32]}",
    digest=f"sha256:{sig_digest}",
    type=SIGNATURE_TYPE.ATOMIC_SHORT,
    key_id=sig_json["signing_key_id"],
    timestamp=sig_json["signature_timestamp"],
    creator=sig_json["optional"].get("creator"),
    data=encoded_sig,
    signed_manifest=manifest,
    ) 

            signature = ManifestSignature(
                name=f"{manifest_digest}@{sig_digest[:32]}",
                digest=f"sha256:{sig_digest}",
                type=SIGNATURE_TYPE.ATOMIC_SHORT,
                key_id=sig_json["signing_key_id"],
                timestamp=sig_json["signature_timestamp"],
                creator=sig_json["optional"].get("creator"),
                data=encoded_sig,
                signed_manifest=manifest,
+                _pulp_domain=get_domain(),
            )

        manifest_list = Manifest(
            digest=digest,
            schema_version=manifest_list_data["schemaVersion"],
            media_type=media_type,
            annotations=manifest_list_data.get("annotations", {}),
            data=raw_text_data,
+           _pulp_domain=get_domain(),
        )

pulp_container/pulp_container/app/tasks/sync_stages.py

Lines 394 to 402 in 257de4e

manifest = Manifest(
digest=digest,
schema_version=manifest_data["schemaVersion"],
media_type=media_type,
data=raw_text_data,
annotations=manifest_data.get("annotations", {}),
architecture=manifest_data.get("architecture", None),
os=manifest_data.get("os", None),
) 

        manifest = Manifest(
            digest=digest,
            schema_version=manifest_data["schemaVersion"],
            media_type=media_type,
            data=raw_text_data,
            annotations=manifest_data.get("annotations", {}),
            architecture=manifest_data.get("architecture", None),
            os=manifest_data.get("os", None),
+           _pulp_domain=get_domain(),
        )

pulp_container/pulp_container/app/tasks/sync_stages.py

Lines 416 to 424 in 257de4e

signature = ManifestSignature(
name=name or f"{man_dc.content.digest}@{sig_digest[:32]}",
digest=f"sha256:{sig_digest}",
type=SIGNATURE_TYPE.ATOMIC_SHORT,
key_id=signature_json["signing_key_id"],
timestamp=signature_json["signature_timestamp"],
creator=signature_json["optional"].get("creator"),
data=signature_b64 or base64.b64encode(signature_raw).decode(),
) 

        signature = ManifestSignature(
            name=name or f"{man_dc.content.digest}@{sig_digest[:32]}",
            digest=f"sha256:{sig_digest}",
            type=SIGNATURE_TYPE.ATOMIC_SHORT,
            key_id=signature_json["signing_key_id"],
            timestamp=signature_json["signature_timestamp"],
            creator=signature_json["optional"].get("creator"),
            data=signature_b64 or base64.b64encode(signature_raw).decode(),
+           _pulp_domain=get_domain(),
        )

pulp_container/pulp_container/app/tasks/sync_stages.py

Lines 436 to 446 in 257de4e

manifest = Manifest(
digest=digest,
schema_version=(
2 if media_type in (MEDIA_TYPE.MANIFEST_V2, MEDIA_TYPE.MANIFEST_OCI) else 1
),
media_type=media_type,
data=raw_text_data,
annotations=content_data.get("annotations", {}),
architecture=content_data.get("architecture", None),
os=content_data.get("os", None),
) 

        manifest = Manifest(
            digest=digest,
            schema_version=(
                2 if media_type in (MEDIA_TYPE.MANIFEST_V2, MEDIA_TYPE.MANIFEST_OCI) else 1
            ),
            media_type=media_type,
            data=raw_text_data,
            annotations=content_data.get("annotations", {}),
            architecture=content_data.get("architecture", None),
            os=content_data.get("os", None),
+           _pulp_domain=get_domain(),
        )

pulp_container/pulp_container/app/tasks/sync_stages.py

Lines 503 to 504 in 257de4e

blob_artifact = Artifact(sha256=digest[len("sha256:") :])
blob = Blob(digest=digest) 

+        domain = get_domain(),
-        blob_artifact = Artifact(sha256=digest[len("sha256:") :])
-        blob = Blob(digest=digest)
+        blob_artifact = Artifact(sha256=digest[len("sha256:") :], pulp_domain=domain)
+        blob = Blob(digest=digest, _pulp_domain=domain)

@git-hyagi
Copy link
Contributor

I think this also can be a problem in the future (in case FileContent is not at the same domain as the request), right?

                and not FileContent.objects.filter(
                    repositories__in=[build_context.repository.pk],
                    relative_path=data["containerfile_name"],
+                    _pulp_domain=get_domain(),
                ).exists()

git-hyagi
git-hyagi previously approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@git-hyagi git-hyagi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this awesome PR!

It looks good to me! I left some comments, but they can be considered more like questions or notes than "suggestions of change".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdellweg mdellweg mdellweg left review comments

@git-hyagi git-hyagi git-hyagi left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
no-issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gerrod3 @git-hyagi @mdellweg