image-inspect: remove Config fields that are not part of the image #48457
Conversation
|
Keeping this in draft for now; it looks like the image-spec types use |
| // FIXME(thaJeztah): this is a copy of dockerOCIImageConfigToContainerConfig in daemon/containerd: https://github.com/moby/moby/blob/6b617699c500522aa6526cfcae4558333911b11f/daemon/containerd/imagespec.go#L107-L128 | ||
| func dockerOCIImageConfigToContainerConfig(cfg dockerspec.DockerOCIImageConfig) *container.Config { |
There was a problem hiding this comment.
This was copied from
moby/daemon/containerd/imagespec.go
Lines 107 to 128 in 6b61769
We should probably look at moving that to an internal/ package so that we can re-use those functions
There was a problem hiding this comment.
Or even move it to https://github.com/moby/docker-image-spec? 🤔
There was a problem hiding this comment.
Yeah, but that would require a docker-specific type to be imported there, so probably won't work.
| @@ -53,6 +53,7 @@ func (i *ImageService) ImageInspect(ctx context.Context, refOrID string, _ backe | |||
| layers = append(layers, l.String()) | |||
| } | |||
|
|
|||
| imgConfig := containerConfigToDockerOCIImageConfig(img.Config) | |||
There was a problem hiding this comment.
Also wondering if we should consider (and if it'd be possible) to change the image-type we store on disk to use the new type so that we don't have to perform conversion (other than when committing a container to an image)
|
Looks like docker-py may need an update, as I think it's checking for an empty edit: hm.. not sure now; it's edit2: ah; It's building the first target, which doesn't have |
thaJeztah
force-pushed
the
api_remove_deprecated_fields
branch
5 times, most recently
from
3df5ef6 to
6feb664
Compare
thaJeztah
added
area/api
status/2-code-review
impact/api
impact/changelog
impact/deprecation
area/go-sdk
thaJeztah
force-pushed
the
api_remove_deprecated_fields
branch
from
6feb664 to
c6e7214
Compare
thaJeztah
force-pushed
the
api_remove_deprecated_fields
branch
from
c6e7214 to
4b7dd37
Compare
hack/make/test-docker-py
Outdated
| @@ -22,6 +22,9 @@ if [ -n "$TEST_INTEGRATION_USE_SNAPSHOTTER" ]; then | |||
| PY_TEST_OPTIONS="$PY_TEST_OPTIONS --deselect=tests/integration/api_build_test.py::BuildTest::test_build_squash" | |||
| fi | |||
|
|
|||
| # TODO(thaJeztah) re-enable after https://github.com/docker/docker-py/pull/3336 is in the DOCKER_PY_COMMIT release. | |||
| PY_TEST_OPTIONS="$PY_TEST_OPTIONS --deselect=tests/integration/api_build_test.pyy::BuildTest::test_build_container_with_target" | |||
There was a problem hiding this comment.
Arf;
| PY_TEST_OPTIONS="$PY_TEST_OPTIONS --deselect=tests/integration/api_build_test.pyy::BuildTest::test_build_container_with_target" | |
| PY_TEST_OPTIONS="$PY_TEST_OPTIONS --deselect=tests/integration/api_build_test.py::BuildTest::test_build_container_with_target" |
There was a problem hiding this comment.
Maybe instead of skipping, let's just pull docker-py by commit?
Line 8 in 04d3817
There was a problem hiding this comment.
Yeah, there's a bunch of other tests that are also waiting for a new release; didn't want to include all of those in this PR (and ideally, look if we can have a new release of docker-py); let me keep that for a follow-up.
Mostly dusted-off this PR because we kept on forgetting about it 😂
There was a problem hiding this comment.
Either way, fixed the typo for now 👍
thaJeztah
force-pushed
the
api_remove_deprecated_fields
branch
from
4b7dd37 to
9da4321
Compare
|
Looks like test is failing: |
|
Heh. Looks like that test piggy-backed on the moby/integration-cli/docker_cli_by_digest_test.go Lines 188 to 189 in f4ffeb8 |
thaJeztah
force-pushed
the
api_remove_deprecated_fields
branch
from
9da4321 to
505bd61
Compare
| // verify the build was ok | ||
| res := inspectField(c, name, "Config.Cmd") | ||
| assert.Equal(c, res, `[/bin/echo Hello World]`) |
There was a problem hiding this comment.
Changed it to a sanity check that the build indeed "built" (may even be redundant)
make BIND_DIR=. TEST_FILTER='TestBuildByDigest' test-integration
...
=== RUN TestDockerRegistrySuite/TestBuildByDigest
check_test.go:468: [de4fbab56e382] daemon is not started
--- PASS: TestDockerRegistrySuite (1.80s)
--- PASS: TestDockerRegistrySuite/TestBuildByDigest (1.80s)
| @@ -160,7 +160,7 @@ type ImageInspectOpts struct { | |||
| type CommitConfig struct { | |||
| Author string | |||
| Comment string | |||
| Config *container.Config | |||
| Config *container.Config // TODO(thaJeztah); change this to [dockerspec.DockerOCIImageConfig] | |||
There was a problem hiding this comment.
Possibly this would help reduce the conversion juggling - I'd have to check though exactly where this field is all used 🤔
docs/api/version-history.md
Outdated
| @@ -24,6 +24,14 @@ keywords: "API, Docker, rcli, REST, documentation" | |||
| * Deprecated: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the | |||
| `GET /info` response were deprecated in API v1.48, and are now omitted | |||
| in API v1.50. | |||
| * Deprecated: `GT /images/{name}/json` no longer returns the following `Config` | |||
There was a problem hiding this comment.
| * Deprecated: `GT /images/{name}/json` no longer returns the following `Config` | |
| * Deprecated: `GET /images/{name}/json` no longer returns the following `Config` |
commit af0cdc3 marked these fields as deprecated and to be removed in API v1.47 (which was targeted for v28.0). We shipped v1.47 with the v27.2 release, but did not yet remove the erroneous fields, so the version to deprecate was updated to v1.48 through 3df03d8 This patch removes fields that are not part of the image by replacing the type with the Config struct from the docker image-spec. curl -s --unix-socket /var/run/docker.sock http://localhost/v1.50/images/alpine/json | jq .Config { "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/sh" ] } curl -s --unix-socket /var/run/docker.sock http://localhost/v1.49/images/alpine/json | jq .Config { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/sh" ], "Image": "", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": null } Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
api_remove_deprecated_fields
branch
from
505bd61 to
d7cca3f
Compare
|
Was it actually intended that This change resulted in a bug in Scuba (JonathonReinhart/scuba#262) which was essentially doing this: cp = subprocess.run("docker", "inspect", "--type", "image", image, capture=True)
info = json.loads(cp.stdout)[0]
entrypoint = info["Config"]["Entrypoint"]
# ^^^^^^^^^^^^ KeyError on docker-ce 28.2The commit messages for 4dc961d and referenced depreciation commit af0cdc3 only talk about erroneous fields not part of the image; it is never mentioned that the behavior for actual image fields (e.g. This seems like a regression to me. Edit: This appears to apply to Without Entrypointhttps://github.com/JonathonReinhart/scuba/blob/main/test-docker-images/hello/Dockerfile FROM alpine
ADD hello.sh /hello.sh
RUN chmod 755 /hello.sh
CMD ["/hello.sh"]$ docker inspect --type image scuba/hello | jq '.[0].Config'
{
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/hello.sh"
],
"WorkingDir": "/",
"ArgsEscaped": true
}With Entrypointhttps://github.com/JonathonReinhart/scuba/blob/main/test-docker-images/entrypoint-test/Dockerfile FROM alpine:latest
COPY entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]$ docker inspect --type image scuba/entrypoint-test | jq '.[0].Config'
{
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Entrypoint": [
"/entrypoint.sh"
],
"WorkingDir": "/"
} |
|
@JonathonReinhart see;
Empty values will likely be omitted in future though, so In general, I'd recommend adjusting how those are handled to either unmarshal to a type on the receiving end, or to handle missing fields gracefully. Omitting the fields is a closer alignment to the OCI image specification, which also omits Config options that are not set; https://github.com/opencontainers/image-spec/blob/v1.1.1/specs-go/v1/config.go#L23-L62 |
relates to:
GET /images/{name}/jsonresponse #47941commit af0cdc3 marked these fields as deprecated and to be removed in API v1.47 (which was targeted for v28.0). We shipped v1.47 with the v27.2 release, but did not yet remove the erroneous fields, so the version to deprecate was updated to v1.48 through 3df03d8
This patch removes fields that are not part of the image by replacing the type with the Config struct from the docker image-spec.
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)