From ea315f8a5f62f1a9b3427ad18f57596157629b91 Mon Sep 17 00:00:00 2001 From: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com> Date: Mon, 10 Feb 2025 10:57:20 +0100 Subject: [PATCH] Review fixes Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com> --- rfc/20241206-oci-registries/1-oci-primer.md | 4 ++-- rfc/20241206-oci-registries/5-providers.md | 6 ++++-- rfc/20241206-oci-registries/6-modules.md | 13 ++++++++----- rfc/20241206-oci-registries/7-authentication.md | 2 ++ 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/rfc/20241206-oci-registries/1-oci-primer.md b/rfc/20241206-oci-registries/1-oci-primer.md index fc9403f785..01188653e2 100644 --- a/rfc/20241206-oci-registries/1-oci-primer.md +++ b/rfc/20241206-oci-registries/1-oci-primer.md @@ -376,10 +376,10 @@ ORAS can also customize the config manifest using the `--config` option. This wi } ``` -It is worth noting that trying to pull an ORAS image with traditional containerization software will result in unexpected errors [as documented here](https://oras.land/docs/how_to_guides/manifest_config#docker-behaviors). +It is worth noting that trying to pull an ORAS image with traditional containerization software may result in unexpected errors [as documented here](https://oras.land/docs/how_to_guides/manifest_config#docker-behaviors). > [!NOTE] -> At the time of writing, [ORAS does not support multi-platform images](https://github.com/oras-project/oras/issues/1053). +> At the time of writing, [ORAS does not support multi-platform images](https://github.com/oras-project/oras/issues/1053). However, it is possible to push manifests manually using the `oras manifest` subcommand. --- diff --git a/rfc/20241206-oci-registries/5-providers.md b/rfc/20241206-oci-registries/5-providers.md index bde5a98c32..190cefd4d4 100644 --- a/rfc/20241206-oci-registries/5-providers.md +++ b/rfc/20241206-oci-registries/5-providers.md @@ -51,8 +51,10 @@ In this case, provider addresses matching `include` blocks would be redirected t > ```hcl > terraform { > required_providers { -> source = "yourcompany.org/us-east-1/aws" -> version = "5.64.0" +> aws = { +> source = "yourcompany.org/us-east-1/aws" +> version = "5.64.0" +> } > } > } > ``` diff --git a/rfc/20241206-oci-registries/6-modules.md b/rfc/20241206-oci-registries/6-modules.md index b250ff5f20..bd982f7c29 100644 --- a/rfc/20241206-oci-registries/6-modules.md +++ b/rfc/20241206-oci-registries/6-modules.md @@ -22,22 +22,25 @@ By default, this will inspect all the tags whose name can be parsed as a semanti > [!NOTE] > Semantic versioning numbers may contain the `+` sign delimiting a build identifier, such as `1.1.0+something`. That character is not valid in an OCI reference, so OpenTofu will automatically translate the `_` symbol to `+` when attempting to parse a tag name as a version number. -If you would prefer to override the automatic selection, or to use a tag whose name does not conform to the semantic versioning syntax at all, you can specify a specific tag using the optional `tag` argument: +If you preferred to override the automatic selection, or to use a tag whose name does not conform to the semantic versioning syntax at all, you can specify a specific tag using the optional `ref` argument: ```hcl module "foo" { - source = "oci://AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPOSITORY?tag=1.1.0" + source = "oci://AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPOSITORY?ref=1.1.0" } ``` -Alternatively, you can specify a specific digest directly using the optional `reference` argument, which is mutually-exclusive with `tag`: +Alternatively, you can specify a specific digest as a reference: ```hcl module "foo" { - source = "oci://AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPOSITORY?digest=sha256:1d57d25084effd3fdfd902eca00020b34b1fb020253b84d7dd471301606015ac" + source = "oci://AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPOSITORY?ref=sha256:1d57d25084effd3fdfd902eca00020b34b1fb020253b84d7dd471301606015ac" } ``` +> [!NOTE] +> OpenTofu currently doesn't support semantic versioning outside of traditional OpenTofu/Terraform registries. See [this issue](https://github.com/opentofu/opentofu/issues/2495) for details. + By default, OpenTofu expects to find a module in the root of the artifact, but you can optionally specify a subdirectory using [the usual subdirectory syntax](https://opentofu.org/docs/language/modules/sources/#modules-in-package-sub-directories): ```hcl @@ -46,7 +49,7 @@ module "foo" { } ``` -To combine that with the explicit `tag` argument, place the query string after the subdirectory portion: `oci://example.com/repository//directory?tag=example`. +To combine that with the explicit `ref` argument, place the query string after the subdirectory portion: `oci://example.com/repository//directory?ref=example`. ## Artifact layout diff --git a/rfc/20241206-oci-registries/7-authentication.md b/rfc/20241206-oci-registries/7-authentication.md index 32fd6e1746..73189ee1af 100644 --- a/rfc/20241206-oci-registries/7-authentication.md +++ b/rfc/20241206-oci-registries/7-authentication.md @@ -34,6 +34,8 @@ oci { # Use the container engine configuration present on the current device. # Defaults to: "auto" # Possible values: "auto", "docker", "off + # Note that currently "auto" and "docker" are equivalent, but this behavior + # may later change. use_container_engine_authentication = "auto" # Specify which configuration files to look for.