Bug Fix: error syntax in schema definitions #444
Conversation
| manifestList: ` | ||
| { | ||
| "schemaVersion": 2, | ||
| "mediaType": "invalid" |
There was a problem hiding this comment.
Probably also want a test where schemaVersion is 0, although support for checking that is still in flight with #404.
There was a problem hiding this comment.
It is reasonable and I take it in mind. This case should be added after #404 is landed.
There was a problem hiding this comment.
#404 also adds testing for the self-deceiving media type you're attempting to verify here ;). I expect this case is failing for a different reason.
There was a problem hiding this comment.
It is now on line https://github.com/opencontainers/image-spec/pull/444/files#diff-b1e07ac69261c70ec3feda53adffb906R34.
I read #404. It strict the manifest and list media type, but it seems not to set up unit test for manifest list media type, it just modify Backwards Compatibility, to let manifest list be compatible to Docker's. It doesn't test invalid string.
this pr looks not duplicated with #404, right, or I miss something?
There was a problem hiding this comment.
Yeah, we want both this PR and #404. Which one lands first depends on whether we're doing Test-Driven Development ;).
There was a problem hiding this comment.
@wking, maybe I express inaccurately. I mean if my test case is not redundant(as my explain above), and this PR looks OK?
{
"schemaVersion": 2,
"mediaType": "invalid",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 7143,
"digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f",
"platform": {
"architecture": "ppc64le",
"os": "linux"
}
}
]
}
| }, | ||
| { | ||
| "mediaType": "application/vnd.oci.image.manifest.v1+json", | ||
| "size": "7682", |
There was a problem hiding this comment.
No need to include multiple manifests to exercise this bit of the JSON Schema. Can we drop the sha256:e69… entry?
There was a problem hiding this comment.
Although it is done in manifest_test.go, but I think we should still cover it here, against that schema definition for manifest and manifest list split. After all, they are different stories.
And I agree to test without required entry case.
| } | ||
| }, | ||
| { | ||
| "mediaType": "foo", |
There was a problem hiding this comment.
This is not a valid media type (you need both a type and a subtype). I recommend using text/plain or some other off-the-shelf, non OCI media type.
There was a problem hiding this comment.
We have talked about how to look and handle the media type of reference fields. I remember we agree to only omit warning for not OCI canonical media type and later, we need to add strict mode to fail it.
In unit test, I propose to use free string to show the current compatibility and reality. Using restricted string maybe conceal the defect on design.
IMO.
There was a problem hiding this comment.
The descriptor spec (which manifest-list leans on) requires this to be a media type (but doesn't require it to be a specific media type). So there are a few cases for validation:
a. A media type that implementations MUST support (currently just application/vnd.oci.image.manifest.v1+json).
b. Another media type (e.g. text/plain).
c. A non-media-type string (e.g. foo), which doesn't match RFC 4288's name requirements.
d. A non-string.
We may not be able to recognize the media types in (b), but we can distinguish them from the non-media-type strings in (c). I'd expect validation to fail for (c), but am happy to PR more explicit language to the spec before you make changes here.
There was a problem hiding this comment.
You are right. Actually current schema exist some bugs, to lead illegal cases passed.
I fix them in 7f792fa and 2da8885.
With those supporting, we can test and get the excepted result. After fixing, I add the necessary test cases, including what you suggested.
2da8885 MUST be done, otherwise some customized but legal media types like application/octet-stream(Docker are using) will be rejected, and TestBackwardsCompatibilityManifest be failed.
I think this PR should has been finished, PTAL, thanks.
| "annotations": { | ||
| "com.example.key1": "value1", | ||
| "com.example.key2": "value2" | ||
| } |
There was a problem hiding this comment.
You've already exercised annotations, so I'd leave it off of tests that focused on other properties.
|
It is undated in a0e0290. |
xiekeyang
changed the title
| }, | ||
| "size": { | ||
| "description": "the size in bytes of the referenced object", | ||
| "$ref": "defs.json#/definitions/int64" | ||
| }, | ||
| "digest": { | ||
| "$ref": "defs-image.json#definitions/digest" | ||
| "description": "the cryptographic checksum digest of the object, in the pattern '<hash>:<hexadecimal digest>'", |
There was a problem hiding this comment.
I'm fine with “the digest of the object referenced object”, to match the existing mediaType description. For more details, folks should be reading descriptor.md.
There was a problem hiding this comment.
I carry on the description from https://github.com/opencontainers/image-spec/blob/master/schema/defs-image.json#L10 directly. I think it had better to keep same words for one entry.
There was a problem hiding this comment.
Ah, fair enough. I can file a PR shooting for consistency between mediaType and digest descriptions if/when this PR lands.
| @@ -6,14 +6,15 @@ | |||
| "properties": { | |||
| "mediaType": { | |||
| "description": "the mediatype of the referenced object", | |||
| "$ref": "defs-image.json#definitions/mediaType" | |||
| "$ref": "defs-image.json#/definitions/mediaType" | |||
There was a problem hiding this comment.
+1 to this. Backing docs in RFC 6901 and the current JSON Schema draft.
| @@ -4,7 +4,7 @@ | |||
| "mediaType": { | |||
| "id": "https://opencontainers.org/schema/image/mediaType", | |||
| "type": "string", | |||
| "pattern": "^[a-z]+/[0-9a-zA-Z.+]+$" | |||
| "pattern": "^[a-z]+/[0-9a-zA-Z-_+.]+$" | |||
There was a problem hiding this comment.
This is still not quite right. I've spun off a PR focused on this issue and descriptor tests (pulling in one of your commits from this series) in #448. Although it would be good if we could get some of these validation PRs landed :p. Having so many in the air at once is making it hard to keep them orthogonal ;).
|
On Sat, Nov 05, 2016 at 09:52:12PM -0700, xiekeyang wrote:
To unpack that comment a bit: You've cherry-picked that in in place of your previous 2da8885. And
Sounds good. |
|
@opencontainers/image-spec-maintainers |
| @@ -4,7 +4,7 @@ | |||
| "mediaType": { | |||
| "id": "https://opencontainers.org/schema/image/mediaType", | |||
| "type": "string", | |||
| "pattern": "^[a-z]+/[0-9a-zA-Z.+]+$" | |||
| "pattern": "^[A-Za-z0-9][A-Za-z0-9!#$&-^_.+]{0,126}/[A-Za-z0-9][A-Za-z0-9!#$&-^_.+]{0,126}$" | |||
There was a problem hiding this comment.
Is ^ and #` really allowed? What is the source of these additions?
There was a problem hiding this comment.
I wonder if we should just do an enum here. Is there a way we can define an enum, then have callers of the validator add values to it as needed?
There was a problem hiding this comment.
That change is cherry-picked from #448, which focuses on updating the mediaType pattern to match RFC 6838. And yeah, for some reason they allow both # and ^ :p.
I don't think an enum would work, because descriptors are generic. On the other hand, particular instances of descriptors may not be generic, and #404 is an example of using enums in those cases.
There was a problem hiding this comment.
@stevvooe enum seems too strict, which will lead customized types failed during verifying. I checked RFC 6838, the pattern really follows it. I think RFC 6838 rule should be OK here.
|
@stevvooe We've discussed in some issues before, and finally think it is best to let json schema pattern just cover spec declaration, and check future more via strict controllable function. |
xiekeyang
changed the title
|
@stevvooe If the above comment #444 (comment) and this patch is acceptable? Thanks a lot! |
|
LGTM |
|
Rebased, PTAL, thanks a lot! |
|
LGTM |
|
@opencontainers/image-spec-maintainers I think this is ready to me merged. PTAL, thanks. |
|
LGTM |
|
@opencontainers/image-spec-maintainers rebased, PTAL. |
|
I worried that schema bugs will exist in spec without this PR. That let schema work incorrectly. |
| "config": { | ||
| "mediaType": "application/vnd.oci.image.config.v1+json", | ||
| "size": 1470, | ||
| "digest": "sha256:c86f7763873b6c0aae22d9h3bab59b4f5debbed6685761b5951584f6efb0633b" |
There was a problem hiding this comment.
Could you make this less subtle?
There is an h in the middle for anyone not keeping count.
There was a problem hiding this comment.
There was a problem hiding this comment.
need re-LGTM thanks a lot!
|
LGTM I do have a nit but you can PR that later. |
|
LGTM |
Signed-off-by: xiekeyang <[email protected]>
Previously we didn't define what a media type was and the old regular expression (from 818a56a, schema: image manifest, 2016-04-12, #18) was stricter than the RFC. The RFC rules are in [1], and the JSON Schema regexp syntax is in [2]. In the new pattern, * [A-Za-z0-9] is restricted-name-first (ALPHA / DIGIT), with ALPHA and DIGIT defined in RFC 5234 [3]. * [A-Za-z0-9!#$&-^_.+] is restricted-name-chars. [1]: https://tools.ietf.org/html/rfc6838#section-4.2 [2]: https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-3.3 [3]: https://tools.ietf.org/html/rfc5234#appendix-B.1 Signed-off-by: W. Trevor King <[email protected]> Removed the MUST for RFC 6838 from descriptor.md. Signed-off-by: xiekeyang <[email protected]>
Signed-off-by: xiekeyang <[email protected]>
Signed-off-by: xiekeyang <[email protected]>
|
LGTM |
|
@vbatts Please re-LGTM, thanks. |
|
@vbatts should be ready to merge. |
|
LGTM |
Validate manifest list JSON object via schema.Validator.
Signed-off-by: xiekeyang [email protected]