Add the Go bindings implementation necessary to support Artifacts.
Implement the tunnel interface that consumes the Artifacts Go bindings.
With this patch, users of the Podman remote clients will now be able to
manage OCI artifacts via the Podman CLI and Podman machine.
Jira: https://issues.redhat.com/browse/RUN-2714#
Signed-off-by: Lewis Roy <lewis@redhat.com>
Lock access to and modification of the index.json file, to ensure
concurrent addition/removal does not result in lost state. Use a
standard c/storage lockfile, making use of its r/w locking
ability to support concurrent access, only serializing writes.
This is not a very efficient locking scheme around artifact
removal and - especially - addition. I view this as the first
step, establishing any sort of mutual exclusion to prevent state
corruption. Step 2 is to adapt the staged removal work being
done to make image removal require only minimal use of locks,
ensuring it works with artifact addition. This staged addition
means we won't have to hold the lock for the full artifact pull.
Signed-off-by: Matt Heon <mheon@redhat.com>
This patch adds a new endpoint to the REST API called "artifacts" with
the following methods:
- Add
- Extract
- Inspect
- List
- Pull
- Push
- Remove
This API will be utilised by the Podman bindings to add OCI Artifact
support to our remote clients.
Jira: https://issues.redhat.com/browse/RUN-2711
Signed-off-by: Lewis Roy <lewis@redhat.com>
in #25884, it was pointed out that the standard detection used to
determine the artifact's file type can be wrong. in those cases, it
would be handy for the user to be able to override the media type of the
layer. as such, added a new option called `--file-type`, which is
optional, and allows users to do just that.
`podman artifact add --file-type text/yaml
quay.io/artifact/config:latest ./config.yaml `
Fixes: #25884
Signed-off-by: Brent Baude <bbaude@redhat.com>
The oci layout code can handle a relative path find but all paths
returned by the code then will alos be relative, this can be bad and
result in bugs if something ever changes the cwd. The graphroot path we
pass should already be always absolute, so just add a sanity check here
given libartifact is planned to be moved as sperate lib and we cannot
assume anything about the path we will be given there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The goal of this new interface is to expose the blob source path and the
target file name for a bind mount into a container.
libpod will call this and then take care of setting up the actual mounts
based on the returned paths.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Create a getArtifactAndImageSource() function so this one can be shared
with the new mount blob API that is added next to avoid code
duplication.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The main point of this is so that I can share the same lookup logic
between Extract() and then the new blob path API I add next.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
... to validate that the manifests match expected digests, if any.
Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts shere the sources are not trusted.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
In a different PR review, it was noted that defined error types for
artifacts was lacking. We have these for most other commands and they
help with error differentiation. The changes here are to define the
errors, implement them in the library, and adopt test verifications to
match.
Signed-off-by: Brent Baude <bbaude@redhat.com>
When the fs supports reflinks use that over a normal copy, this speeds
things up a lot when big files are used.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new command to extract the blob content of the artifact store to a
local path.
Fixes https://issues.redhat.com/browse/RUN-2445
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allowing for multiple manifest per artifact just makes the code and cli
design harder to work with it. It is not clear how mounting, extracting
or edit on a multi manifest artifact should have worked.
A single manifest should make the code much easier to work with.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman artifact add now supports two new command line switches.
--type string that describes the type of artifact
--annotation string slice in the form of key=val
These new options allow users to "tag" information in on their artifacts
for any number of purposes down the line
RUN-2446
Signed-off-by: Brent Baude <bbaude@redhat.com>
the podman artifact verb is used to manage OCI artifacts. the following
verbs were added to `podman artifact`:
* add
* inspect
* ls
* pull
* push
* rm
Notable items with this PR:
* all artifact commands and their output are subject to change. i.e.
consider all of this tech preview
* there is no way to add a file to an artifact that already exists in
the store. you would need to delete and recreate the artifact.
* all references to artifacts names should be fully qualified names in
the form of repo/name:tag (i.e. quay.io/artifact/foobar:latest)
* i understand that we will likely want to be able to attribute things
like arch, etc to artifact files. this function is not available yet.
Many thanks to Paul Holzinger for autocompletion PRs and review PRs that
fixed issues early on.
Also fix up some Args function to specify the correct number of args.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
