[TEP-0081] Proposal: Convention for param/result reserved names #504
Conversation
tekton-robot
added
the
do-not-merge/hold
tekton-robot
added
the
size/XL
mattmoor
force-pushed
the
naming-convention
branch
from
c5bf67c to
b266a00
Compare
vdemeester
added
the
kind/tep
|
/assign @jerop @bobcatfish @vdemeester |
tekton-robot
added
the
needs-rebase
| such as Chains can use this duck type to determine the attestation payload, and | ||
| other duck types such as `2.` to determine the artifact to which that attestation | ||
| applies (we could also have `dev.tekton.chains.subject`, but that's beyond the | ||
| scope of this TEP!). |
There was a problem hiding this comment.
i think asking Tasks to produce chains specific outputs introduces some coupling between specific Tasks and Pipelines and chains that it would be nice to avoid
maybe im getting caught up on the name, maybe if it was tekton.attestion instead of tekton.chains.attestation it would resonate with me more
the point is that chains is just one possible tool that could be observing this data - i think we should avoid introducing coupling between chains and pipelines if we can
There was a problem hiding this comment.
To be completely clear: there should be zero code in tektoncd/pipeline that is aware of these conventions, but it should support users expressing them (thus the . TEP, but that's where it should end).
The point is to enable Task/Pipeline authors to target certain conventions (think: implement an interface or duck type) in order to hook into a semantic of a higher level system.
Whether chains is in the string or not, is a bikeshed out of scope for this TEP, this TEP is strictly about using reverse-domain scoping. This example is purely illustrative.
|
|
||
| volumes: | ||
| - name: empty-dir | ||
| emptyDir: {} |
There was a problem hiding this comment.
side note about volumes and volumemounts, workspaces provide a way to make it easy to provide the actual volumes at runtime instead of requiring the volume be declared in the Task
There was a problem hiding this comment.
Ack. I don't want to paint the bikeshed on illustrative examples, but I'm sure I could come up with (perhaps contrived) examples where each is "better" than the other in some regard.
| One alternative would be to claim a namespace for Tekton, and not expose a more | ||
| generalized way to reserve names. Given that the only instance I've seen of this | ||
| being proposed was `tekton.*` I don't see why generalizing to the reverse domain | ||
| `dev.tekton.*` is harmful at all. |
There was a problem hiding this comment.
im guessing that the reverse domain approach has a lot of precedent - maybe it would be helpful to point to some?
having less exposure to these, from my perspective dev.tekton confuses me when i read it b/c i start wondering "what is dev" and additionaly wondering if it is some kind of stability indication (e.g. is there some kind like v1.tekton)
one (maybe minor) downside i can think of is what if we want to establish some kind of namespace that doesnt map to a some specific domain name
(and would dev.tekton.chains imply that chains.tekton.dev should resolve to something?)
There was a problem hiding this comment.
I thought I did, but off the top of my head:
- Java imports
- CloudEvent types
- containerd plugins
(I'll make sure these land in the TEP, but I thought they were there 🤔 )
and would dev.tekton.chains imply that chains.tekton.dev should resolve to something
As with K8s apiGroup this is a subjective thing, but a nice thing folks could elect to do.
There was a problem hiding this comment.
You are totally right. I think I spaced on including these as I was plowing through the sections of the template. I'll rebase and push a list of these now.
There was a problem hiding this comment.
Ok, I added it under "Notes / Caveats" for now, lmk if there's someplace better, but I figured with it being right under "Proposal" it fit.
| ## Design Evaluation | ||
|
|
||
| This doesn't really directly influence Task/Pipeline conformance because this is a | ||
| convention on top of them. However, this does create new microcosms of conformance |
There was a problem hiding this comment.
would this be enforced somehow?
There was a problem hiding this comment.
Whether it is even possible to create a conformance test is impossible to say outside of the context of a specific semantic, and this TEP isn't about defining any of these semantic interfaces, simply around laying the foundation to enable them.
I suspect for certain semantics, it could be possible to test certain point aspects of conformance (like "this Task emits results that are compatible with what something like Chains would sign")
mattmoor
force-pushed
the
naming-convention
branch
from
b266a00 to
9c1d1ec
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
removed
the
needs-rebase
teps/0081-convention-for-parameterresult-name-ownership-and-definition.md
Outdated
Show resolved
Hide resolved
mattmoor
force-pushed
the
naming-convention
branch
from
262401e to
2b1fcca
Compare
Yes, |
teps/0081-convention-for-parameterresult-name-ownership-and-definition.md
Show resolved
Hide resolved
mattmoor
force-pushed
the
naming-convention
branch
from
2b1fcca to
0442ed0
Compare
tekton-robot
added
size/L
|
/hold cancel I have rebased this now that TEP-0080 has landed, and added the precedent of OCI annotations. This should be RFAL. |
tekton-robot
removed
the
do-not-merge/hold
|
@mattmoor I'm not totally understanding what it would mean to accept this TEP - i.e. what would we actually DO? (e.g. publish some docs, maintain a list of reserved scopes?) if I missed this info in the PR plz just point me in the right direction |
|
@bobcatfish Yeah, good question. It could be docs, but in some sense I see this (and acknowledgement of this agreement by some of the core stewards) as the sort of core meta artifact. Beyond the scope of this, I think the subsequent artifacts (owned by Tekton) will be the sorts of conventions Tekton adopts using this (under |
|
@mattmoor: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
tekton-robot
added
the
needs-rebase
Do you have any examples of what these artifacts might look like?
If you have any ideas of specifically how this would impact the catalog (maybe an example of an existing Task that would benefit) I think that would be great to include I'm not sure if this is the kind of thing you have in mind, but a couple important "schemas" I think Tekton should define and care about are: details when an image has been built and params that are needed when you clone a git repo (and probably outputs as well to reflect what was actually cloned). Is that the kind of thing you image using something like results:
- name: "dev.tekton.builtImage"
type: object
properties:
url:
type: string
digest:
type: string(nit could we do "tekton.dev/buildImage" instead...) |
I'd say a mix of TEPs, and (for those) docs so it is clear how folks integrate with conventions like these.
Yeah, images that are produced are exactly one of the cases I had in mind, and probably one of the first cases we should tackle because the pattern matching Chains has to do today is extremely janky 😅 I totally agree that TEP-0075 would be very complementary here, and avoid an explosion of things that could be objects, but I suspect we will quickly yearn for SchemaRefs 😁
It's certainly an option. K8s does this, but has limits like single-slash. One thing I think we should think about (it can be here or elsewhere) is how we deal with higher-arity things. To be fair, the answer here may just be TEP-0075, most of my thinking on this aspect predates that. One of the things I had in mind was that folks could use |
I'd still like to see something more concrete as a deliverable but maybe agreeing that we think this direction makes sense is enough for now?
hm it'd be nice if we could find a way to not start encoding even more structure into these reserved names - it feels like an array of Thinking about it more maybe I think I'd have an easier time wrapping my head around this TEP if we were trying to agree on structure for some specific examples, e.g. what interface Chains will be using an expecting - that's probably a separate TEP but I'm just still not totally understanding what we'd be agreeing to here with this TEP approved - without the TEP there's nothing to stop anyone from using this kind of naming scheme. |
|
Listening to Solarwinds talk, one things that came to mind might be to have a standard result name that can be consumed to get turned into a github check / commit status by a separate observer controller (like Chains is) |
|
re the comments ive left above my biggest question is if that interface is defined by the name of the results or if it's by the shape of the results e.g. vs In the first example chains/github check/whatever would be looking for a result with an explicit name, in the second example, chains would be looking for fields within a result |
|
Issues go stale after 90d of inactivity. /lifecycle stale Send feedback to tektoncd/plumbing. |
tekton-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. /lifecycle rotten Send feedback to tektoncd/plumbing. |
tekton-robot
added
lifecycle/rotten
|
@mattmoor any updates or comments? /lifecycle frozen |
tekton-robot
added
lifecycle/frozen
bobcatfish
changed the title
This builds on #503 to actually define a convention for parameter and result names.
/hold
Putting a hold since this is dependent on the other PR (separate commits).