feat(normalisation): jsonNormalisation/v3 and fixes to jsonNormalisation/v1 as well as jsonNormalisation/v2 #1218
Conversation
github-actions
bot
added
kind/feature
jakobmoellerdev
force-pushed
the
feat/jsonNormalisation/v3
branch
3 times, most recently
from
4c85f74 to
0a1ccc5
Compare
Package jsonv3 provides a normalization which is completely based on the abstract (internal) version of the component descriptor and is therefore agnostic of the final serialization format. Signatures using this algorithm can be transferred among different schema versions, as long as is able to handle the complete information using for the normalization. jsonv2 is the predecessor of this version but had internal defaulting logic that is no longer included as part of this normalization. Thus v3 should be preferred over v2. Note that between v2 and v3 differences can occur mainly if the "extra identity" field is not unique, in which case the v2 normalization opinionated on how to differentiate these items. This no longer happens in v3, meaning the component descriptor is normalized as is. v2 and v1 were adjusted to accomodate the old(but new because forgotten) legacy behavior in legacy.go. Without this, old signatures would not work
jakobmoellerdev
force-pushed
the
feat/jsonNormalisation/v3
branch
from
0a1ccc5 to
dc977e1
Compare
There was a problem hiding this comment.
I'm not sure, why you created a new normalization v3, which is basically exactly the same as v2, before, and changed v2 to modify the component descriptor.
Normalization should never change anything.
The issue stated, that the problem arises after a transport, therefore it cannot be caused by the normalization, but by the transport handling of the extra identity (as you correctly identified in your comment in the issue).
So, it is caused by the defaulting done in the SetResource and SetSource methods of a CV. If modify mode is on, it defaults the extra identity according to the new rules.
This has been intended for the creation of a component version, but this should never happen during a transport.
Therefore, we have to fix the transport behavior, ere. This is only possible by introducing a new modification option for those methods, which instruct the adding to keep the original method data and do not the defaulting. The transport tool then has to give this option. (see #1223)
I changed it because your change broke existing logic for normalization. Before, it didnt matter if the component versions contained extra identities or not, now it does. V3 simply makes this break obvious.
This is true, but at the same time, the normalization is not allowed to change. I still think the change you submitted is relevant, but the normalization must stay the same.
Also true, but existing (already transferred) component versions have to be verifiable as well, even with the transport having changed the extra identity |
jakobmoellerdev
merged commit a93ecca
into
open-component-model:main
…ion/v1 as well as jsonNormalisation/v2 (open-component-model#1218) <!-- markdownlint-disable MD041 --> #### What this PR does / why we need it Package jsonv3 provides a normalization which is completely based on the abstract (internal) version of the component descriptor and is therefore agnostic of the final serialization format. Signatures using this algorithm can be transferred among different schema versions, as long as is able to handle the complete information using for the normalization. jsonv2 is the predecessor of this version but had internal defaulting logic that is no longer included as part of this normalization. Thus v3 should be preferred over v2. Note that between v2 and v3 differences can occur mainly if the "extra identity" field is not unique, in which case the v2 normalization opinionated on how to differentiate these items. This no longer happens in v3, meaning the component descriptor is normalized as is. v2 and v1 were adjusted to accomodate the old(but new because forgotten) legacy behavior in legacy.go. Without this, old signatures would not work. This means this should be (at least partially) back-ported to the last minor versioned released without this correction. #### Which issue(s) this PR fixes <!-- Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> This issue fixes open-component-model#1214 and supercedes open-component-model#1217 as a better solution longterm (by getting rid of the old normalization) and shortterm (by achieving full backwards compatibility + introducing a simple test case) Note that this changes the default normalization algorithm to be `jsonNormalisation/v3` instead of `jsonNormalisation/v1` as it is important for users to migrate as soon as possible.
…ion/v1 as well as jsonNormalisation/v2 (#1218) (#1230) Note that this introduces a json normalization algorithm v3 which technically will break a minor release. however this is needed as we currently broke hashing and need to offer a working alternative. thus it should have been part of v0.19.0 already: #1214 <!-- markdownlint-disable MD041 --> #### What this PR does / why we need it Package jsonv3 provides a normalization which is completely based on the abstract (internal) version of the component descriptor and is therefore agnostic of the final serialization format. Signatures using this algorithm can be transferred among different schema versions, as long as is able to handle the complete information using for the normalization. jsonv2 is the predecessor of this version but had internal defaulting logic that is no longer included as part of this normalization. Thus v3 should be preferred over v2. Note that between v2 and v3 differences can occur mainly if the "extra identity" field is not unique, in which case the v2 normalization opinionated on how to differentiate these items. This no longer happens in v3, meaning the component descriptor is normalized as is. v2 and v1 were adjusted to accomodate the old(but new because forgotten) legacy behavior in legacy.go. Without this, old signatures would not work. This means this should be (at least partially) back-ported to the last minor versioned released without this correction. #### Which issue(s) this PR fixes <!-- Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> This issue fixes #1214 and supercedes #1217 as a better solution longterm (by getting rid of the old normalization) and shortterm (by achieving full backwards compatibility + introducing a simple test case) Note that this changes the default normalization algorithm to be `jsonNormalisation/v3` instead of `jsonNormalisation/v1` as it is important for users to migrate as soon as possible. This is a backport of a93ecca in #1218
What this PR does / why we need it
Package jsonv3 provides a normalization which is completely based on the abstract (internal) version of the component descriptor and is therefore agnostic of the final serialization format. Signatures using this algorithm can be transferred among different schema versions, as long as is able to handle the complete information using for the normalization. jsonv2 is the predecessor of this version but had internal defaulting logic that is no longer included as part of this normalization. Thus v3 should be preferred over v2. Note that between v2 and v3 differences can occur mainly if the "extra identity" field is not unique, in which case the v2 normalization opinionated on how to differentiate these items. This no longer happens in v3, meaning the component descriptor is normalized as is.
v2 and v1 were adjusted to accomodate the old(but new because forgotten) legacy behavior in legacy.go. Without this, old signatures would not work. This means this should be (at least partially) back-ported to the last minor versioned released without this correction.
Which issue(s) this PR fixes
This issue fixes #1214 and supercedes #1217 as a better solution longterm (by getting rid of the old normalization) and shortterm (by achieving full backwards compatibility + introducing a simple test case)
Note that this changes the default normalization algorithm to be
jsonNormalisation/v3instead ofjsonNormalisation/v1as it is important for users to migrate as soon as possible.