Uploaded image for project: 'A-MQ Messaging-as-a-Service'
  1. A-MQ Messaging-as-a-Service
  2. ENTMQMAAS-1551

operators use tag for containerImage reference instead of digest

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 1.5.x
    • None
    • olm
    • Hide

      $ oc get packagemanifest/amq-online -n openshift-marketplace -o=jsonpath='

      {.metadata.name}

      {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage}

      {"\n"}

      {end}

      '
      amq-online amqonline.1.3.1 registry.redhat.io/amq7/amq-online-1-controller-manager:1.3

      Show
      $ oc get packagemanifest/amq-online -n openshift-marketplace -o=jsonpath=' {.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end} ' amq-online amqonline.1.3.1 registry.redhat.io/amq7/amq-online-1-controller-manager:1.3

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

              Unassigned Unassigned
              rhn-support-jshepher Jason Shepherd
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: