Missing content API

[lann]

I'm looking at updating the missing content API from this:

"missingContent": ["sha256:abc..."]

to this:

"missingContent": {
  "sha256:abc...": {
    "upload": {"type": "http-post", "url": "https://<registry>/.../sha256:abc..." }
  }
}

The purpose of endpoints being a list is to allow for endpoint negotiation for registries that serve multiple types of client.
Edit: This would be better handled by a (future) client specifying e.g. supportedUploadEndpointTypes=oci,http-post so that the server can avoid generating unusable endpoints.

[devigned]

The issue that I see here is that the client will need to have write access to the OCI content store. With the blob store, it's convenient to send back the signed URI to the client to provided constrained access to the storage service. I don't think a similar constrained access URI signing scheme is broadly available for OCI registries.

[lann]

Good point. Based on this and other feedback from @macovedj and @calvinrp I think I can simplify this a little.

[calvinrp]

Pretty sure these changes have been resolved, but feel free to reopen the discussion if not.