Implement plugin manager

[qmuntal]

This PR implements the common code of the plugin-extensibility spec so it will be used by notary and others.

The Manager implementation will probably change once notaryproject/notation#167 is discussed.

It also contains unit test and integration tests with ad-hoc plugins. Coverage is around 95%.

@SteveLasker

Signed-off-by: qmuntal qmuntaldiaz@microsoft.com

[SteveLasker]

Great to get the baseline in, as we continue to iterate.

[gokarnm]

cc: @rgnote @shizhMSFT for review.

[rgnote]

supported-contract-versions

Should it be supportedContractVersions?

[qmuntal]

Good catch!

[rgnote]

Overall, looks solid

[rgnote]

Isn't this discover?

[qmuntal]

We changed it to get-plugin-metadata in notaryproject/specifications#150

[rgnote]

nit: doc comment

[qmuntal]

Done!

[qmuntal]

@jaredpar @SteveLasker as the review process is going slower than expected, I've pushed a new batch of commits since. They don't add new functionality but refine the API after the learnings I got using it in notaryproject/notation#168.

[SteveLasker]

@qmuntal, question for how we can test a set of these changes.
Just an idea (might be a bad one), should we create a branch in notation, notation-go and azure/notation-azure-kv to test these changes?

[qmuntal]

@qmuntal, question for how we can test a set of these changes. Just an idea (might be a bad one), should we create a branch in notation, notation-go and azure/notation-azure-kv to test these changes?

I like the idea! I'll come with something and share it with you all.

[gokarnm]

Overall structure and organization looks great, added some comments. Will make another pass tomorrow for some areas I skipped. I'm new to Go, some high level questions.

1. Some of these error messages will be presented to users through the CLI, how do we differentiate them, and case and format them correctly with more context.
2. We need to support verbose logging through out the library and CLI, is there a standard way to do that in Go? With verbose logging, we can return concise error messages to the user, and they can enable verbose logging for more details/troubleshooting.

[gokarnm]

Do we need this exported variable? Plugin implementation should ideally return a custom error message that includes the unsupported command name.

[qmuntal]

Wops, this variable is an unused leftover, will remove it.

[gokarnm]

I didn't understand what this code achieves, specially line 204. I'm new to Go.

[qmuntal]

if fsys, ok := fsys.(rootedFS); ok { this is an interface type cast, being ok a flag which is true when fsys can be casted to rootedFS.

In production fsys type is always rootedFS, as this is what NewManager instantiates, but for testing purposes I'm also supporting generic fsys types, aka fs.FS, which are mostly instantiated from testing/fstest package.

[gokarnm]

Got it. Should we add a code comment here to make this clearer, that the alternate path is to support testing?

[qmuntal]

Done!

[qmuntal]

Overall structure and organization looks great, added some comments. Will make another pass tomorrow for some areas I skipped. I'm new to Go, some high level questions.

1. Some of these error messages will be presented to users through the CLI, how do we differentiate them, and case and format them correctly with more context.
2. We need to support verbose logging through out the library and CLI, is there a standard way to do that in Go? With verbose logging, we can return concise error messages to the user, and they can enable verbose logging for more details/troubleshooting.

Thanks for the review @gokarnm. My take is that notation-go should provide fine-grained error messaged which are good for displaying but also can be captured programmatically. If an error is missing some context, then we should add it.

What I wouldn't support is verbose levels in the returned errors. It either returns an error or not, leaving to the caller to decide if it should be logged as a debug, info, warning or whatever other level.

The build-in log package does not have support for using log levels, but there are multiple well-known packages with does support it, e.g. github.com/sirupsen/logrus.

[gokarnm]

Thanks for the review @gokarnm. My take is that notation-go should provide fine-grained error messaged which are good for displaying but also can be captured programmatically. If an error is missing some context, then we should add it.

What about the error message casing, error messages which are returned to CLI users should be correctly cased. It seems to be a convention to use small case error messages in Go?

What I wouldn't support is verbose levels in the returned errors. It either returns an error or not, leaving to the caller to decide if it should be logged as a debug, info, warning or whatever other level.

Agreed, I wasn't clear enough. I meant verbose level should log to stdout so that it's visible to in CLI or an upstream caller if they enable verbose logging. The verbose logging will need to be supported in notation-go and notation-core-go, as that's where bulk of the decision paths and validations will be. This need not be implemented right away.

[gokarnm]

LGTM for this iteration. Added a couple of comments to not allow symlinks for plugin dir, that can be addressed in next revision, when we add support for describe-key.

[gokarnm]

We should additionally check if the containing dir ~/.notation/plugins/{plugin-name}/notation-{plugin-name} is also not a symlink, something that was missed in the spec.

[qmuntal]

This is exactly what it is being checked here. Non-regular files include symlinks and directories.

[gokarnm]

I'm bit confused here. Isn't this code only checking that the plugin executable (notation-{plugin-name}) itself is not a symlink, and not that additionally the enclosing directory is also not a symlink (~/.notation/plugins/{plugin-name} dir)?

[gokarnm]

We should skip over plugin dirs that are symlinks, something that was missed in the spec.

[qmuntal]

Done!

[qmuntal]

What about the error message casing, error messages which are returned to CLI users should be correctly cased. It seems to be a convention to use small case error messages in Go?

There are multiple options to transform and localize text, being https://pkg.go.dev/golang.org/x/text the most common.

Agreed, I wasn't clear enough. I meant verbose level should log to stdout so that it's visible to in CLI or an upstream caller if they enable verbose logging. The verbose logging will need to be supported in notation-go and notation-core-go, as that's where bulk of the decision paths and validations will be. This need not be implemented right away.

If we need to log something from those libraries, which is still not clear to me if we should, we will find the way. For example, http.Server logs error into the optional http.Server.ErrorLog property.

[gokarnm]

If we need to log something from those libraries, which is still not clear to me if we should, we will find the way. For example, http.Server logs error into the optional http.Server.ErrorLog property.

Yes, that's what I'm looking for, similar to libraries that support emitting verbose logs to aid debugging issues. It would be useful for us to debug user reported errors as the logic in many of these areas, plugin and signature verification logic, is quite complex.