CLI Support for serverless contexts or custom cache locations

[kattmang]

(An AWS ECR engineer)

Is your feature request related to a problem?

Hey, just wanted to drop this with folks. When I presented on Notation this Re:Invent 2023, I came up with a Lambda-based solution using notation CLI, and the main blocker I ran into was the fact that the directory inferred for plugins was tied to the same directory for the image cache to sign images from. I had to make a pretty gross workaround to copy the plugins over to the /tmp directory in Lambda in order to have a writable directory for retrieving/signing the image. My Dockerfile (this is a container-based lambda) is here.

What solution do you propose?

Ideally I'd like to see environment variable well-knowns for the plugin directory ("NOTATION_PLUGIN_DIR") and the cache directory ("NOTATION_CACHE_DIR") to make this more serverless-friendly.

What alternatives have you considered?

Ideally you could even infer in which context Notation is running in, similar to how it retrieves AWS auth, and move everything over to /tmp or the appropriate writeable directory for you.

Any additional context?

No response

[FeynmanZhou]

/cc @iamsamirzon @priteshbandi @gokarnm

[yizha1]

@kattmang there is a PR to add environment variable for plugin, see https://github.com/notaryproject/notation/pull/821, let me know whether this help. Regarding cached directory, would you mind clarifying it, as there is not cache directory for Notation if I remember correctly. @priteshbandi would you mind helping here since it is related to ECR scenarios.

[kattmang]

I believe https://github.com/notaryproject/notation/pull/821 would close this, thanks. In terms of cache directory, I think you're probably right (I don't know the implementation detail/LLD for notation) that notation doesn't directly keep a cache but I would expect your dep of oras sdk to have something like a writable cache, which is what is inferred through the HOME env var.