-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
2
-
True
-
False
-
AppSvc Sprint 220, AppSvc Sprint 223, AppSvc Sprint 224
Owner: Architect:
Martin Mulholland
Story (Required)
As an OpenShift user I want to know that submitted charts are not based on edited/false reports.
Background (Required)
It is relatively easy to modify the report before submission and as a result a chart mau be published with false information.
Glossary
<List of new terms and definition used in this story>
Out of scope
Modifying chart workflow ro check th sha
In Scope
Add sha value to report
Approach(Required)
The sha value will be based on an in memory version of the report which does not include the report sha. The sha could be be added under:
metadata:
report:
sha:
The verifier report should must also be updated to include verification of the sha prior to producing other report information.
The report version should be increased.
This will also impact our tests which use an existing report.
Dependencies
<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>
Edge Case
This will prevent us, at any time in the future, from modifying a report on behalf of a partner. However, I am not sure we should design behavior for such a edge case.
Acceptance Criteria
<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>
..
A report sha is included in the report.
A modified report is detected.
Test Case added to Acceptance nightly test.
Documentation note added to chart verifier readme.
INVEST Checklist
Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated
Legend
Unknown
Verified
Unsatisfied