Are we using OpenAPI? #166
Comments
|
We should be, ideally that is, but its a bit of a dumpster file and needed some post generation manual intervention. I recommend we maybe wait on the protobuf templates being available when I think we can scrap openapi @znewman01 , can you sanity check my above statements? |
Heartily endorse that conclusion 😂 There are three (currently AFAICT) potential sources of generated code for a typical Sigstore client (including sigstore-rs):
Long-run, what we'd like is for each of these sources to provide a generated proto client released in a language-idiomatic way (we're in the process of doing this for protobuf-specs for Python and Java, and would accept a Rust PR; that said, it's not urgent). So for Rust, you'd be able to add a dependency on You will be able to hand-code clients against these specs using JSON etc., but I don't recommend it. These will be generated code clients, and not terribly idiomatic to use; I'd expect sigstore-rs to expose (maybe as a separate crate, maybe as part of one big crate) Rekor and Fulcio clients that were a little bit nicer. We also want the Rekor API to move over to gRPC+proto for continuity here. However, I expect it to be difficult to do that while keeping compatibility with OpenAPI, so I don't imagine that will happen until Rekor API v2. I would probably advise in the short term that we keep any kludgy thing that works here, and that as we cut everything over to the "long-term" solution of language-idiomatic libraries containing generated client code that's when you'd cut out those hacks. Hopefully that makes sense, we can consider alternatives if not |
|
Thank you for the informative discussion! I appreciate the level of detail, which will help guide the work on this stuff. I opened a It seems there are actually two levels of problems:
Re: the latter, I can think of the following courses of action:
Any thoughts? Some of the work on better error handling in #116 is affected by this. |
I'm a little confused by this. Do they not match sigstore/rekor:openapi.yaml (or maybe an earlier version of the same)? If they don't, my vote is to try to generate the models from that YAML file. |
|
@znewman01 That actually makes sense, as both versions of Rekor would need to have the same interface and structures. I think it threw me for a loop that there was no copy of the file or pointer to the original in this repo. That does raise an interesting dilemma around making edits to the models for some Rust-specific purpose. It seems like we should leave the models alone for now. |
Definitely let's avoid that 😄 If you need changes made, upstream will probably be willing to accept them as long as they don't break any other clients. |
|
Sounds good, thanks for the insights @znewman01 . |
Quick question about our rekor submodule... a lot of the files (example here) have a header stating they are generated by OpenAPI, meaning they should not be edited manually. But I don't see any
.yamlfiles included at all. Are we meant to have anopenapi.yamlfile somewhere to do this? Or are we intending to edit these files manually, and the header was left in by mistake?The text was updated successfully, but these errors were encountered: