pulp · lubosmj · Apr 30, 2024 · Apr 15, 2024 · ipanova · Apr 16, 2024
diff --git a/CHANGES/1537.removal b/CHANGES/1537.removal
@@ -0,0 +1 @@
+Removed the deprecated `ADDITIONAL_OCI_ARTIFACT_TYPES` setting.
diff --git a/docs/workflows/oci-artifacts.rst b/docs/workflows/oci-artifacts.rst
@@ -3,58 +3,14 @@ Managing additional OCI media types
 
 .. _default-oci-types:
 
-By default the following list of media types is enabled in the Container Registry::
+Pulp is not only a container registry, it also supports OCI artifacts by leveraging the config property on the image manifest.
+Here are some examples of compliant OCI artifacts supported by `pulp_container` plugin::
 
- * OCI images
- * Helm
- * Cosign, SBOMs, attestations
+ * [OCI images](./workflows/build-containerfile.rst)
+ * [Helm](./workflows/helm-support.rst)
+ * [Flatpak images](./workflows/flatpak-support.rst)
+ * [Cosign, SBOMs, attestations](./workflows/cosign-support.rst)
  * Source containers
  * Singularity
  * Conftest policies
  * WASM
-
-.. note::
-
-    The ``ADDITIONAL_OCI_ARTIFACT_TYPES`` is deprecated and will be removed in a future release.
-    Since the validation of media types is not part of the OCI standard and new types keep being
-    added we decided to deprecate this configuration.
-
-For any other OCI media type that is not supported by default, you can add them to the
-``ADDITIONAL_OCI_ARTIFACT_TYPES`` setting using the following format::
-
- ADDITIONAL_OCI_ARTIFACT_TYPES = {
-    "<oci config type 1>": [
-        "<oci layer type A>",
-        "<oci layer type B>",
-    ],
-    "<oci config type 2>": [
-        "<oci layer type C>",
-        "<oci layer type D>",
-    ],
- }
-
-
-For example, you can add support for custom defined mediatype by adding the following to your
-``ADDITIONAL_OCI_ARTIFACT_TYPES`` setting::
-
- ADDITIONAL_OCI_ARTIFACT_TYPES = {
-    "<oci config type 1>": [
-        "<oci layer type A>",
-        "<oci layer type B>",
-    ],
-    "<oci config type 2>": [
-        "<oci layer type C>",
-        "<oci layer type D>",
-    ],
-    "application/vnd.guardians.groot.config.v1+json": [
-        "text/plain",
-        "application/vnd.guardians.groot.docs.layer.v1+tar",
-    ],
- }
-
- .. note::
-
-When adding OCI media types that are not configured by default, it is necessary then to manually add
-the :ref:`Default oci types<default-oci-types>` to the list.
-The OCI image-spec types are supported by default, they are built-in and cannot be disabled, it is
-not necessary to add them manually to the list.
diff --git a/pulp_container/app/__init__.py b/pulp_container/app/__init__.py
@@ -11,12 +11,3 @@ class PulpContainerPluginAppConfig(PulpPluginAppConfig):
 
     def ready(self):
         super().ready()
-        self.register_registry_types()
-
-    def register_registry_types(self):
-        # circular import avoidance
-        from pulp_container import constants
-        from django.conf import settings
-
-        for media_type, layer_types in settings.ADDITIONAL_OCI_ARTIFACT_TYPES.items():
-            constants.register_well_known_types(media_type, layer_types)
diff --git a/pulp_container/app/settings.py b/pulp_container/app/settings.py
@@ -3,50 +3,6 @@
     "reusable_conditions": ["pulp_container.app.global_access_conditions"],
 }
 
-ADDITIONAL_OCI_ARTIFACT_TYPES = {
-    "application/vnd.oci.image.config.v1+json": [
-        # cosign signing and attestations
-        "application/vnd.dev.cosign.simplesigning.v1+json",
-        "application/vnd.dsse.envelope.v1+json",
-        # cosign SBOMS spdx and cyclonedx
-        "text/spdx",
-        "text/spdx+xml",
-        "text/spdx+json",
-        "application/vnd.cyclonedx",
-        "application/vnd.cyclonedx+xml",
-        "application/vnd.cyclonedx+json",
-        # syft SBOMS
-        "application/vnd.syft+json",
-        # cosign in-toto attestations
-        "application/vnd.in-toto+json",
-    ],
-    # helm
-    "application/vnd.cncf.helm.config.v1+json": [
-        "application/tar+gzip",
-        "application/vnd.cncf.helm.chart.content.v1.tar+gzip",
-        "application/vnd.cncf.helm.chart.provenance.v1.prov",
-    ],
-    # source containers
-    "application/vnd.oci.source.image.config.v1+json": [
-        "application/vnd.oci.image.layer.v1.tar+gzip",
-    ],
-    # conftest policies
-    "application/vnd.cncf.openpolicyagent.config.v1+json": [
-        "application/vnd.cncf.openpolicyagent.policy.layer.v1+rego",
-        "application/vnd.cncf.openpolicyagent.data.layer.v1+json",
-        "application/vnd.cncf.openpolicyagent.manifest.layer.v1+json",
-        "application/vnd.cncf.openpolicyagent.rego.layer.v1+rego",
-    ],
-    # singularity
-    "application/vnd.sylabs.sif.config.v1+json": [
-        "application/vnd.sylabs.sif.layer.v1.sif",
-    ],
-    # wasm
-    "application/vnd.wasm.config.v1+json": [
-        "application/vnd.wasm.content.layer.v1+wasm",
-    ],
-}
-
 FLATPAK_INDEX = False
 
 # The number of allowed threads to sign manifests in parallel

diff --git a/pulp_container/app/utils.py b/pulp_container/app/utils.py
@@ -15,7 +15,7 @@
 
 from pulpcore.plugin.models import Artifact, Task
 
-from pulp_container.constants import ALLOWED_ARTIFACT_TYPES, MANIFEST_MEDIA_TYPES, MEDIA_TYPE
+from pulp_container.constants import MANIFEST_MEDIA_TYPES, MEDIA_TYPE
 from pulp_container.app.exceptions import ManifestInvalid
 from pulp_container.app.json_schemas import (
     OCI_INDEX_SCHEMA,
@@ -177,10 +177,10 @@ def determine_media_type_from_json(content_data):
     else:
         if config := content_data.get("config"):
             config_media_type = config.get("mediaType")
-            if config_media_type in ALLOWED_ARTIFACT_TYPES:
-                return MEDIA_TYPE.MANIFEST_OCI
-            else:
+            if config_media_type == MEDIA_TYPE.CONFIG_BLOB:
                 return MEDIA_TYPE.MANIFEST_V2
+            else:
+                return MEDIA_TYPE.MANIFEST_OCI
         else:
             return MEDIA_TYPE.MANIFEST_V1
 

diff --git a/pulp_container/constants.py b/pulp_container/constants.py
@@ -71,16 +71,3 @@
 SIGNATURE_PAYLOAD_MAX_SIZE = 4 * MEGABYTE
 
 SIGNATURE_API_EXTENSION_VERSION = 2
-
-
-ALLOWED_ARTIFACT_TYPES = [MEDIA_TYPE.CONFIG_BLOB_OCI, MEDIA_TYPE.OCI_EMPTY_JSON]
-ALLOWED_BLOB_CONTENT_TYPES = OCI_BLOB_MEDIA_TYPE
-
-
-def register_well_known_types(artifact_config_type, artifact_layer_types):
-    if artifact_config_type not in ALLOWED_ARTIFACT_TYPES:
-        ALLOWED_ARTIFACT_TYPES.append(artifact_config_type)
-
-    for layer_type in artifact_layer_types:
-        if layer_type not in ALLOWED_BLOB_CONTENT_TYPES:
-            ALLOWED_BLOB_CONTENT_TYPES.append(layer_type)
diff --git a/staging_docs/admin/guides/change-allowed-artifacts.md b/staging_docs/admin/guides/change-allowed-artifacts.md
@@ -1,61 +1,14 @@
-# Configure Supported OCI Types
-
-By default, the following list of media types is enabled in the Container Registry:
-
-* OCI images
-* Helm
-* Cosign, SBOMs, attestations
-* Source containers
-* Singularity
-* Conftest policies
-* WASM
-
-!!! note
-
-    The `ADDITIONAL_OCI_ARTIFACT_TYPES` is deprecated and will be removed in a future release.
-    Since the validation of media types is not part of the OCI standard and new types keep being
-    added we decided to deprecate this configuration.
-
-For any other OCI media type that is not supported by default, you can add them to the
-`ADDITIONAL_OCI_ARTIFACT_TYPES` setting using the following format:
-
-```
-ADDITIONAL_OCI_ARTIFACT_TYPES = {
-   "<oci config type 1>": [
-       "<oci layer type A>",
-       "<oci layer type B>",
-   ],
-   "<oci config type 2>": [
-       "<oci layer type C>",
-       "<oci layer type D>",
-   ],
-}
-```
-
-For example, you can add support for custom defined mediatype by adding the following to your
-`ADDITIONAL_OCI_ARTIFACT_TYPES` setting:
-
-```
-ADDITIONAL_OCI_ARTIFACT_TYPES = {
-   "<oci config type 1>": [
-       "<oci layer type A>",
-       "<oci layer type B>",
-   ],
-   "<oci config type 2>": [
-       "<oci layer type C>",
-       "<oci layer type D>",
-   ],
-   "application/vnd.guardians.groot.config.v1+json": [
-       "text/plain",
-       "application/vnd.guardians.groot.docs.layer.v1+tar",
-   ],
-}
-
-```
-
-!!! note
-
-    When adding OCI media types that are not configured by default, it is necessary then to manually add
-    the `Default oci types<default-oci-types>` to the list.
-    The OCI image-spec types are supported by default, they are built-in and cannot be disabled, it is
-    not necessary to add them manually to the list.
+# Support To OCI Artifacts
+
+Pulp is not only a container registry, it also supports OCI artifacts by leveraging the config
+property on the image manifest.
+Here are some examples of compliant OCI artifacts supported by `pulp_container` plugin:
+
+ * [OCI images](site:pulp_container/docs/user/guides/manage-image)
+ * [Helm](site:pulp_container/docs/user/guides/manage-helm-chart)
+ * [Flatpak images](site:pulp_container/docs/user/guides/manage-flatpak)
+ * [Cosign, SBOMs, attestations](site:pulp_container/docs/user/guides/manage-cosign-signature)
+ * Source containers
+ * Singularity
+ * Conftest policies
+ * WASM
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Removed the deprecated `ADDITIONAL_OCI_ARTIFACT_TYPES` setting.