Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to refresh (current behaviour) or keep previous headers when fetching manifests #123

Merged
merged 3 commits into from
Jan 29, 2024

Conversation

kavish-p
Copy link
Contributor

Related PR: #121

A new optional parameter refresh_headers has been added to the pull and get_manifest functions.
When no value is provided, refresh_headers is set to True. This in in line with the current behaviour.

Setting refresh_headers to False carries forward previously set headers to the get_manifest call.

@kavish-p
Copy link
Contributor Author

hi @vsoch , sorry, I messed up my local repository so I thought it would be easier to create a new PR.

Regarding your comment from #121 (comment): When refresh_headers is not defined (None), I believe the default value should be True. Then previously set headers are ignored, which is the current behaviour.

Signed-off-by: Kavish Punchoo <[email protected]>
Copy link
Contributor

@vsoch vsoch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fantastic! Thank you for cleaning up the git history - it's much easier to review. It looks like this can go in without changing any default behavior and address your need, so let's ship it! I'll trigger a release shortly after.

Thank you!

@vsoch vsoch merged commit fb49f2f into oras-project:main Jan 29, 2024
5 checks passed
container = self.get_container(kwargs["target"])
self.load_configs(container, configs=kwargs.get("config_path"))
manifest = self.get_manifest(container, allowed_media_type)
manifest = self.get_manifest(container, allowed_media_type, refresh_headers)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a breaking change that has broken depscan. It shouldn't have been released as a patch.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you care to elaborate on that? This change adds no new dependencies, and (without specifying anything) the default behavior is the same as before.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see, you maintain a project, depscan https://github.com/owasp-dep-scan/dep-scan/actions/runs/7695237445/job/20967667418#step:7:44 and you have a custom class that reimplements the function https://github.com/owasp-dep-scan/dep-scan/blob/db4988ca72e6a6c28befec378191f62b2ab340bc/depscan/lib/orasclient.py#L25. You just need to add an additional argument there.

We can't always anticipate how a user of the library is going to customize a class for their needs. For your implementation it looks like it's a mirror copy but you removed validation. My suggestion would be to not re-implement the function but request a parameter that might more easily turn off the validation if you don't want it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants