attributes
On this page
Description
The OCM library supports a set of attributes, which can be used to influence the behaviour of various functions. The CLI also supports setting of those attributes using the config file (see ocm configfile) or by command line options of the main command (see ocm).
The following options are available in the currently used version of the OCM library:
github.com/mandelsoft/logforward
[logfwd
]: logconfig Logging config structure used for config forwardingThis attribute is used to specify a logging configuration intended to be forwarded to other tools. (For example: TOI passes this config to the executor)
github.com/mandelsoft/oci/cache
[cache
]: stringFilesystem folder to use for caching OCI blobs
github.com/mandelsoft/ocm/compat
[compat
]: boolCompatibility mode: Avoid generic local access methods and prefer type specific ones.
github.com/mandelsoft/ocm/hasher
: JSONPreferred hash algorithm to calculate resource digests. The following digesters are supported:
NO-DIGEST
SHA-256
(default)SHA-512
github.com/mandelsoft/ocm/keeplocalblob
[keeplocalblob
]: boolKeep local blobs when importing OCI artifacts to OCI registries from
localBlob
access methods. By default, they will be expanded to OCI artifacts with the access methodociRegistry
. If this option is set to true, they will be stored as local blobs, also. The access method will still belocalBlob
but with a nestedociRegistry
access method for describing the global access.github.com/mandelsoft/ocm/mapocirepo
[mapocirepo
]: bool|YAMLWhen uploading an OCI artifact blob to an OCI based OCM repository and the artifact is uploaded as OCI artifact, the repository path part is shortened, either by hashing all but the last repository name part or by executing some prefix based name mappings.
If a boolean is given the short hash or none mode is enabled. The YAML flavor uses the following fields:
mode
string:hash
,shortHash
,prefixMapping
ornone
. If unset, no mapping is done.prefixMappings
: map[string]string repository path prefix mapping.prefix
: string repository prefix to use (replaces potential sub path of OCM repo). ornone
.prefixMapping
: map[string]string repository path prefix mapping.
Notes:
- The mapping only occurs in transfer commands and only when transferring to OCI registries (e.g. when transferring to a CTF archive this option will be ignored).
- The mapping in mode
prefixMapping
requires a full prefix of the composed final name. Partial matches are not supported. The host name of the target will be skipped. - The artifact name of the component-descriptor is not mapped.
- If the mapping is provided on the command line it must be JSON format and needs to be properly escaped (see example below).
Example:
Assume a component named
github.com/my_org/myexamplewithalongname
and a chart nameecho
in theCharts.yaml
of the chart archive. The following input to aresource.yaml
creates a component version:name: mychart type: helmChart input: type: helm path: charts/mychart.tgz --- name: myimage type: ociImage version: 0.1.0 input: type: ociImage repository: ocm/ocm.software/ocmcli/ocmcli-image path: ghcr.io/acme/ocm/ocm.software/ocmcli/ocmcli-image:0.1.0
The following command:
ocm "-X mapocirepo={\"mode\":\"mapping\",\"prefixMappings\":{\"acme/github.com/my_org/myexamplewithalongname/ocm/ocm.software/ocmcli\":\"acme/cli\", \"acme/github.com/my_org/myexamplewithalongnameabc123\":\"acme/mychart\"}}" transfer ctf -f --copy-resources ./ctf ghcr.io/acme
will result in the following artifacts in
ghcr.io/my_org
:mychart/echo cli/ocmcli-image
Note that the host name part of the transfer target
ghcr.io/acme
is excluded from the prefix but the pathacme
is considered.The same using a config file
.ocmconfig
:type: generic.config.ocm.software/v1 configurations: ... - type: attributes.config.ocm.software attributes: ... mapocirepo: mode: mapping prefixMappings: acme/github.com/my\_org/myexamplewithalongname/ocm/ocm.software/ocmcli: acme/cli acme/github.com/my\_org/myexamplewithalongnameabc123: acme/mychart
ocm transfer ca -f --copy-resources ./ca ghcr.io/acme
github.com/mandelsoft/ocm/ociuploadrepo
[ociuploadrepo
]: oci base repository refUpload local OCI artifact blobs to a dedicated repository.
github.com/mandelsoft/ocm/plugindir
[plugindir
]: plugin directoryDirectory to look for OCM plugin executables.
github.com/mandelsoft/ocm/rootcerts
[rootcerts
]: JSONGeneral root certificate settings given as JSON document with the following format:
{ "rootCertificates": [ { "data": ""<base64>" }, { "path": ""<file path>" } ] }
One of following data fields are possible:
data
: base64 encoded binary datastringdata
: plain text datapath
: a file path to read the data from
github.com/mandelsoft/ocm/signing
: JSONPublic and private Key settings given as JSON document with the following format:
{ "publicKeys": [ "<provider>": { "data": ""<base64>" } ], "privateKeys"": [ "<provider>": { "path": ""<file path>" } ] }
One of following data fields are possible:
data
: base64 encoded binary datastringdata
: plain text datapath
: a file path to read the data from
github.com/mandelsoft/tempblobcache
[blobcache
]: string Foldername for temporary blob cacheThe temporary blob cache is used to accessing large blobs from remote systems. The are temporarily stored in the filesystem, instead of the memory, to avoid blowing up the memory consumption.
ocm.software/cliconfig
[cliconfig
]: cliconfig Configuration Object passed to command line plugin.ocm.software/compositionmode
[compositionmode
]: bool (default: false)Composition mode decouples a component version provided by a repository implementation from the backend persistence. Added local blobs will and other changes will not be forwarded to the backend repository until an AddVersion is called on the component. If composition mode is disabled blobs will directly be forwarded to the backend and descriptor updated will be persisted on AddVersion or closing a provided existing component version.
ocm.software/signing/sigstore
[sigstore
]: sigstore config Configuration to use for sigstore based signing.The following fields are used.
fulcioURL
string default is https://fulcio.sigstore.devrekorURL
string default is https://rekor.sigstore.devOIDCIssuer
string default is https://oauth2.sigstore.dev/authOIDCClientID
string default is sigstore