feat: support inspect the model artifact from remote registry (#189)

Signed-off-by: chlins <[email protected]>

Author: chlins

cmd/inspect.go

@@ -22,11 +22,14 @@ import (
 	"fmt"
 
 	"github.com/CloudNativeAI/modctl/pkg/backend"
+	"github.com/CloudNativeAI/modctl/pkg/config"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
+var inspectConfig = config.NewInspect()
+
 // inspectCmd represents the modctl command for inspect.
 var inspectCmd = &cobra.Command{
 	Use:                "inspect [flags] <target>",
@@ -42,7 +45,10 @@ var inspectCmd = &cobra.Command{
 
 // init initializes inspect command.
 func init() {
-	flags := rmCmd.Flags()
+	flags := inspectCmd.Flags()
+	flags.BoolVar(&inspectConfig.Remote, "remote", false, "inspect model artifact from remote registry")
+	flags.BoolVar(&inspectConfig.PlainHTTP, "plain-http", false, "use plain HTTP instead of HTTPS")
+	flags.BoolVar(&inspectConfig.Insecure, "insecure", false, "allow insecure connections")
 
 	if err := viper.BindPFlags(flags); err != nil {
 		panic(fmt.Errorf("bind cache inspect flags to viper: %w", err))
@@ -60,7 +66,7 @@ func runInspect(ctx context.Context, target string) error {
 		return fmt.Errorf("target is required")
 	}
 
-	inspected, err := b.Inspect(ctx, target)
+	inspected, err := b.Inspect(ctx, target, inspectConfig)
 	if err != nil {
 		return err
 	}

pkg/backend/attach.go

@@ -58,12 +58,12 @@ var (
 
 // Attach attaches user materials into the model artifact which follows the Model Spec.
 func (b *backend) Attach(ctx context.Context, filepath string, cfg *config.Attach) error {
-	srcManifest, err := b.getManifest(ctx, cfg.Source, cfg)
+	srcManifest, err := b.getManifest(ctx, cfg.Source, cfg.OutputRemote, cfg.PlainHTTP, cfg.Insecure)
 	if err != nil {
 		return fmt.Errorf("failed to get source manifest: %w", err)
 	}
 
-	srcModelConfig, err := b.getModelConfig(ctx, cfg.Source, srcManifest.Config, cfg)
+	srcModelConfig, err := b.getModelConfig(ctx, cfg.Source, srcManifest.Config, cfg.OutputRemote, cfg.PlainHTTP, cfg.Insecure)
 	if err != nil {
 		return fmt.Errorf("failed to get source model config: %w", err)
 	}
@@ -169,7 +169,7 @@ func (b *backend) Attach(ctx context.Context, filepath string, cfg *config.Attac
 	return nil
 }
 
-func (b *backend) getManifest(ctx context.Context, reference string, cfg *config.Attach) (*ocispec.Manifest, error) {
+func (b *backend) getManifest(ctx context.Context, reference string, fromRemote, plainHTTP, insecure bool) (*ocispec.Manifest, error) {
 	ref, err := ParseReference(reference)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse source reference: %w", err)
@@ -181,7 +181,7 @@ func (b *backend) getManifest(ctx context.Context, reference string, cfg *config
 	}
 
 	// Fetch from local storage if it is not remote.
-	if !cfg.OutputRemote {
+	if !fromRemote {
 		manifestRaw, _, err := b.store.PullManifest(ctx, repo, tag)
 		if err != nil {
 			return nil, fmt.Errorf("failed to pull manifest: %w", err)
@@ -195,7 +195,7 @@ func (b *backend) getManifest(ctx context.Context, reference string, cfg *config
 		return &manifest, nil
 	}
 
-	client, err := remote.New(repo, remote.WithPlainHTTP(cfg.PlainHTTP), remote.WithInsecure(cfg.Insecure))
+	client, err := remote.New(repo, remote.WithPlainHTTP(plainHTTP), remote.WithInsecure(insecure))
 	if err != nil {
 		return nil, fmt.Errorf("failed to create remote client: %w", err)
 	}
@@ -214,7 +214,7 @@ func (b *backend) getManifest(ctx context.Context, reference string, cfg *config
 	return &manifest, nil
 }
 
-func (b *backend) getModelConfig(ctx context.Context, reference string, desc ocispec.Descriptor, cfg *config.Attach) (*modelspec.Model, error) {
+func (b *backend) getModelConfig(ctx context.Context, reference string, desc ocispec.Descriptor, fromRemote, plainHTTP, insecure bool) (*modelspec.Model, error) {
 	ref, err := ParseReference(reference)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse reference: %w", err)
@@ -226,7 +226,7 @@ func (b *backend) getModelConfig(ctx context.Context, reference string, desc oci
 	}
 
 	// Fetch from local storage if it is not remote.
-	if !cfg.OutputRemote {
+	if !fromRemote {
 		reader, err := b.store.PullBlob(ctx, repo, desc.Digest.String())
 		if err != nil {
 			return nil, fmt.Errorf("failed to pull blob: %w", err)
@@ -241,7 +241,7 @@ func (b *backend) getModelConfig(ctx context.Context, reference string, desc oci
 		return &model, nil
 	}
 
-	client, err := remote.New(repo, remote.WithPlainHTTP(cfg.PlainHTTP), remote.WithInsecure(cfg.Insecure))
+	client, err := remote.New(repo, remote.WithPlainHTTP(plainHTTP), remote.WithInsecure(insecure))
 	if err != nil {
 		return nil, fmt.Errorf("failed to create remote client: %w", err)
 	}

pkg/backend/attach_test.go

@@ -44,15 +44,15 @@ func TestBackendGetManifest(t *testing.T) {
 		mockStore.On("PullManifest", ctx, "localhost/repo", "tag").Return(manifestBytes, "", nil)
 
 		cfg := &config.Attach{OutputRemote: false}
-		result, err := b.getManifest(ctx, "localhost/repo:tag", cfg)
+		result, err := b.getManifest(ctx, "localhost/repo:tag", cfg.OutputRemote, cfg.PlainHTTP, cfg.Insecure)
 		assert.NoError(t, err)
 		assert.Equal(t, manifest.Layers, result.Layers)
 		mockStore.AssertExpectations(t)
 	})
 
 	t.Run("InvalidReference", func(t *testing.T) {
 		cfg := &config.Attach{OutputRemote: false}
-		_, err := b.getManifest(ctx, "invalid", cfg)
+		_, err := b.getManifest(ctx, "invalid", cfg.OutputRemote, cfg.PlainHTTP, cfg.Insecure)
 		assert.Error(t, err)
 		assert.Contains(t, err.Error(), "failed to parse source reference")
 	})

pkg/backend/backend.go

@@ -56,7 +56,7 @@ type Backend interface {
 	Prune(ctx context.Context, dryRun, removeUntagged bool) error
 
 	// Inspect inspects the model artifact.
-	Inspect(ctx context.Context, target string) (*InspectedModelArtifact, error)
+	Inspect(ctx context.Context, target string, cfg *config.Inspect) (*InspectedModelArtifact, error)
 
 	// Extract extracts the model artifact.
 	Extract(ctx context.Context, target string, cfg *config.Extract) error

pkg/backend/inspect.go

@@ -22,8 +22,10 @@ import (
 	"fmt"
 	"time"
 
+	godigest "github.com/opencontainers/go-digest"
+
+	"github.com/CloudNativeAI/modctl/pkg/config"
 	modelspec "github.com/CloudNativeAI/model-spec/specs-go/v1"
-	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // InspectedModelArtifact is the data structure for model artifact that has been inspected.
@@ -63,38 +65,30 @@ type InspectedModelArtifactLayer struct {
 }
 
 // Inspect inspects the target from the storage.
-func (b *backend) Inspect(ctx context.Context, target string) (*InspectedModelArtifact, error) {
-	ref, err := ParseReference(target)
+func (b *backend) Inspect(ctx context.Context, target string, cfg *config.Inspect) (*InspectedModelArtifact, error) {
+	_, err := ParseReference(target)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse target: %w", err)
 	}
 
-	repo, tag := ref.Repository(), ref.Tag()
-	manifestRaw, digest, err := b.store.PullManifest(ctx, repo, tag)
+	manifest, err := b.getManifest(ctx, target, cfg.Remote, cfg.PlainHTTP, cfg.Insecure)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get manifest: %w", err)
 	}
 
-	var manifest ocispec.Manifest
-	if err := json.Unmarshal(manifestRaw, &manifest); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal manifest: %w", err)
-	}
-
-	// fetch and parse the model config.
-	configReader, err := b.store.PullBlob(ctx, repo, manifest.Config.Digest.String())
+	manifestRaw, err := json.Marshal(manifest)
 	if err != nil {
-		return nil, fmt.Errorf("failed to pull config: %w", err)
+		return nil, fmt.Errorf("failed to marshal manifest: %w", err)
 	}
 
-	defer configReader.Close()
-	var config modelspec.Model
-	if err := json.NewDecoder(configReader).Decode(&config); err != nil {
-		return nil, fmt.Errorf("failed to decode config: %w", err)
+	config, err := b.getModelConfig(ctx, target, manifest.Config, cfg.Remote, cfg.PlainHTTP, cfg.Insecure)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get config: %w", err)
 	}
 
 	inspectedModelArtifact := &InspectedModelArtifact{
 		ID:           manifest.Config.Digest.String(),
-		Digest:       digest,
+		Digest:       godigest.FromBytes(manifestRaw).String(),
 		Architecture: config.Config.Architecture,
 		Family:       config.Descriptor.Family,
 		Format:       config.Config.Format,

pkg/backend/inspect_test.go

@@ -22,8 +22,10 @@ import (
 	"io"
 	"testing"
 
-	"github.com/CloudNativeAI/modctl/test/mocks/storage"
 	"github.com/stretchr/testify/assert"
+
+	pkgconfig "github.com/CloudNativeAI/modctl/pkg/config"
+	"github.com/CloudNativeAI/modctl/test/mocks/storage"
 )
 
 func TestInspect(t *testing.T) {
@@ -126,13 +128,13 @@ func TestInspect(t *testing.T) {
   }
 }`
 
-	mockStore.On("PullManifest", ctx, "example.com/repo", "tag").Return([]byte(manifest), "sha256:2bc8836f5910ec63a01109e20db67c2ad7706cb19bef5a303bc86fa5572ec9a2", nil)
+	mockStore.On("PullManifest", ctx, "example.com/repo", "tag").Return([]byte(manifest), "sha256:9ca701e8784e5656e2c36f10f82410a0af4c44f859590a28a3d1519ee1eea89d", nil)
 	mockStore.On("PullBlob", ctx, "example.com/repo", "sha256:e31b55920173ba79526491fbd01efe609c1d0d72c3a83df85b2c4fe74df2eea2").Return(io.NopCloser(bytes.NewReader([]byte(config))), nil)
 
-	inspected, err := b.Inspect(ctx, target)
+	inspected, err := b.Inspect(ctx, target, &pkgconfig.Inspect{})
 	assert.NoError(t, err)
 	assert.Equal(t, "sha256:e31b55920173ba79526491fbd01efe609c1d0d72c3a83df85b2c4fe74df2eea2", inspected.ID)
-	assert.Equal(t, "sha256:2bc8836f5910ec63a01109e20db67c2ad7706cb19bef5a303bc86fa5572ec9a2", inspected.Digest)
+	assert.Equal(t, "sha256:9ca701e8784e5656e2c36f10f82410a0af4c44f859590a28a3d1519ee1eea89d", inspected.Digest)
 	assert.Equal(t, "transformer", inspected.Architecture)
 	assert.Equal(t, "2025-02-12T17:01:43+08:00", inspected.CreatedAt)
 	assert.Equal(t, "qwen2", inspected.Family)

pkg/config/inspect.go

@@ -0,0 +1,31 @@
+/*
+ *     Copyright 2024 The CNAI Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package config
+
+type Inspect struct {
+	Remote    bool
+	PlainHTTP bool
+	Insecure  bool
+}
+
+func NewInspect() *Inspect {
+	return &Inspect{
+		Remote:    false,
+		PlainHTTP: false,
+		Insecure:  false,
+	}
+}