-
Notifications
You must be signed in to change notification settings - Fork 237
Update spec language to support pushing multiple tags at once #600
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
jcarter3
wants to merge
3
commits into
opencontainers:main
Choose a base branch
from
jcarter3:multiple-tag-push
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My personal preference is to allow a registry to respond with an error if a limit is exceeded and have the spec identify a minimum that registries are expected to support, similar to how large manifests are handled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue I see here is that if a client passes 100, but the registry only supports 25, then the client has no way of knowing if the other 75 failed for error, or if there was a limit. We could set this as something reasonably high enough (100?) so that it would rarely happen in practice. Or also add an
OCI-Tag-Limitresponse header to indicate the max so that the client could intelligently batch. But the thinking here is that this can make both the registry and the client much more efficient with validations and network calls, so as long as it's a valid URL length, it should work.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's an invalid URL length?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems a bit tricky to nail down as it's all over the place. Browsers seem to support a lot, like in the 65,000-100,000 character range. (>500 tags at max tag length). Some security recommendations say to limit it to 1k-2k on webservers to prevent some kinds of attacks, which is more like a max of 10 tags at a time at max tag length.
Maybe it should be updated to say it MUST support a minimum of 10, SHOULD not set an upper limit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I'm not finding a limit in the http RFCs. In Go, the limit defaults to 1MB for
net/http Server.MaxHeaderByteswhich includes all headers and the request, but that is configurable. I'd say registries SHOULD support at least 10 tags per request. If a registry rejects the request for exceeding a tag limit, it MUST return a414 Request-URI Too Long, and clients MAY retry with fewer tags.If they hit the Go limit, that throws a
431 Request Header Fields Too Large, which we should document as another possible error.I hesitate to respond with an
OCI-Tag-Limitheader because the 414/431 could be from different causes, including a proxy or the internal Go http server, and it may be from other headers, the overall URI length, or a fixed limit on the number of tags enforced by the registry implementation.In practice, I think most users would rarely exceed 5 tags per manifest (3 tags for semver + a fixed/latest tag or two), so I don't think a failure or split+retry is going to impact folks doing normal things.