Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect schema definition for LogEntry.body #2097

Open
woodruffw opened this issue Apr 23, 2024 · 0 comments
Open

Incorrect schema definition for LogEntry.body #2097

woodruffw opened this issue Apr 23, 2024 · 0 comments
Labels
bug Something isn't working rekor-v2

Comments

@woodruffw
Copy link
Member

See #2091 for full context, as well as a fixing (but backwards-incompatible) patch. I'm filing this as a separate issue so that it can be tracked for Rekor's v2 series 🙂

TL;DR:

  • Rekor uses an OpenAPI spec written in Swagger 2.0
  • The OpenAPI spec currently includes a LogEntry.body definition with type: object, which doesn't reflect the actual type of body in practice (in practice it's actually a base64 string, i.e. type: string)
  • This would have caused problems in the Go code except that Go generates type: object as interface, meaning that the mis-typing was silently ignored and is now baked into the public API for Rekor.
  • As such, changing LogEntry.body to type: string can't be done until Rekor v2.

Alternatives considered:

  • Fixing it now: this can't be done, since it incurs backwards-incompatible changes to the generated Go clients. These changes are mostly trivial (going from interface.(string) to using string directly), but are still incompatible and therefore must wait until v2.
  • Using oneOf in the OpenAPI definition: this doesn't work, since the current OpenAPI spec used is Swagger 2.0, which does not support oneOf. This could be fixed by upgrading from Swagger 2.0 to OpenAPI 3.0 (OpenAPI 3.0 for openapi.yaml? #1729), but this is itself blocked by go-swagger's intentional lack of support for OAPI 3.0 (Support for Open API spec 3.0 go-swagger/go-swagger#1122)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working rekor-v2
Projects
None yet
Development

No branches or pull requests

2 participants