Skip to content

Conversation

@jwhonce
Copy link
Member

@jwhonce jwhonce commented Oct 6, 2025

See https://issues.redhat.com/browse/RUN-3555

Signed-off-by: Jhon Honce jhonce@redhat.com
Helped-by: Nicola Sella nsella@redhat.com

Initial design documents for Quadlet API endpoints.

See https://issues.redhat.com/browse/RUN-3555

Signed-off-by: Jhon Honce <jhonce@redhat.com>
Helped-by: Nicola Sella <nsella@redhat.com>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 6, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jwhonce
Once this PR has been reviewed and has the lgtm label, please assign lsm5 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Signed-off-by: Jhon Honce <jhonce@redhat.com>
@packit-as-a-service
Copy link

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

Signed-off-by: Jhon Honce <jhonce@redhat.com>
Copy link
Collaborator

@ninja-quokka ninja-quokka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work @jwhonce, I did a quick pass over, will take another look with fresh eyes as well.

@@ -0,0 +1,2955 @@
openapi: 3.1.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we okay to use openapi version 3.x? We are using https://github.com/go-swagger/go-swagger which currently only supports version 2.x

"/{name}":
parameters:
- name: name
in: query
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
in: query
in: path

schema:
$ref: "#/components/schemas/Error"
components:
parameters:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason not to use the $ref reference here like used elsewhere?:

      parameters:
        - $ref: "#/components/parameters/NameParam"
        - $ref: "#/components/parameters/ForceParam"


### Challenges

1. Where should the unit files be written?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already decided, podman quadlet install has complete logic for this.

1. XDG_CONFIG_HOME is not currently always available
2. Need to research if HOME is set when SocketActivated()
3. What is the server environment for the new TLS endpoint?
2. How to safely and securely invoke systemd reloads or other operations from API service.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really a problem? I don't think reloading systemd from an active unit is a problem.


## **Target Podman Release**

5.Y+ (with no breaking changes we can release on any Y branch)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6.0 seems safest

security:
- main_auth: []
paths:
"/":
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The complete lack of comments in this file makes it very difficult to read, IMO

- quadlet
summary: Get quadlet by name
description: |
Read the quadlet system unit files by name and render them as JSON.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why JSON? Why are we mutilating the unit file before transfer?

schema:
$ref: "#/components/schemas/Error"

"/{name}/build":
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we doing separate endpoints for each unit type? I don't see a reason not to unify them

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(The underlying APIs are entirely unified, and for a good number of cases expect to install multiple Quadlets of varying types at the same time)


## **Short Summary**

The aim is to offer a collection of API endpoints for managing quadlets on a remote Podman API server.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have we used "quadlets" or "Quadlets"? From the blog posts on line, it looks to be capitalized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants