Owner: Architect:

Martin Mulholland

Story (Required)

As an OpenShift user I want to know that submitted charts are not based on edited/false reports.

Background (Required)

It is relatively easy to modify the report before submission and as a result a chart mau be published with false information.

Glossary

<List of new terms and definition used in this story>

Out of scope

Modifying chart workflow ro check th sha

In Scope

Add sha value to report

Approach(Required)

The sha value will be based on an in memory version of the report which does not include the report sha. The sha could be be added under:

metadata:
      report:
           sha:

The verifier report should must also be updated to include verification of the sha prior to producing other report information.

The report version should be increased.

This will also impact our tests which use an existing report. 

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

Edge Case

This will prevent us, at any time in the future, from modifying a report on behalf of a partner. However, I am not sure we should design behavior for such a edge case. 

Acceptance Criteria

<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>
..

A report sha is included in the report.

A modified report is detected. 

Test Case added to Acceptance nightly test.

Documentation note added to chart verifier readme.

INVEST Checklist

Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated

Legend

Unknown
Verified
Unsatisfied