Uploaded image for project: 'Helm'
  1. Helm
  2. HELM-536

[Helm chart cert] Present chart cert report leaks image URL data

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Helm
    • False
    • None
    • False

      Support Case: 03838138
      Brought up on behalf of ISV partner QUID INFORMATICA SPA

      As a seeker of certification for a Helm chart to be "catalog only", the present Helm chart report submission process requires creating a GitHub PR with the Helm Chart Certification Report for the chart in question.  

      The report contains the full specification URLs of every container image that the Helm chart installs. This partner considers that to be sensitive information, as it could allow a potential customer, competitor, hacker, etc. to access the images (or at least attempt to access them).  

      Suggestion: Instead of displaying this in the report:

          - check: v1.1/images-are-certified
      type: Mandatory
      outcome: PASS
      reason: |-
        Image is Red Hat certified : gigamon/gigamon-gigavue-uctc-tap:6.5.00-424867
        Image is Red Hat certified : gigamon/gigamon-gigavue-uctc-cntlr:6.5.00-424867
 

      display this (or something similar) instead:

          - check: v1.1/images-are-certified
      type: Mandatory
      outcome: PASS
      reason: All images are Red Hat Certified.
 

      In the event of test failure, the report could show the 'simple' repository:tag value instead of the full URL.

      Owner: Architect:

      _<Architect is responsible for completing this section to define the
      details of the story>_

      Story (Required)

      As an OpenShift user

      _<Describes high level purpose and goal for this story. Answers the
      questions: Who is impacted, what is it and why do we need it? How does it
      improve the customer’s experience?>_

      Background (Required)

      <Describes the context or background related to this story>

      Glossary

      <List of new terms and definition used in this story>

      Out of scope

      <Defines what is not included in this story>

      In Scope

      <Defines what is included in this story>

      Approach(Required)

      _<Description of the general technical path on how to achieve the goal of
      the story. Include details like json schema, class definitions>_

      Demo requirements(Required)

      _<Description of demo which would show the value of this story. Any demo
      should also be included as part of the acceptance criteria.>_

      Dependencies

      _<Describes what this story depends on. Dependent Stories and EPICs should
      be linked to the story.>_

      Edge Case

      _<Describe edge cases to consider when implementing the story and defining
      tests>_

      Acceptance Criteria

      _<Provides a required and minimum list of acceptance tests for this story.
      More is expected as the engineer implements this story>_

      Development:

      QE:
      Documentation: Yes/No (needs-docs|upstream-docs / no-doc)

      Upstream: <Inputs/Requirement details: Concept/Procedure>/ Not
      Applicable

      Downstream: <Inputs/Requirement details: Concept/Procedure>/ Not
      Applicable

      Release Notes Type: <New Feature/Enhancement/Known Issue/Bug
      fix/Breaking change/Deprecated Functionality/Technology Preview>

      INVEST Checklist

      Dependencies identified

      Blockers noted and expected delivery timelines set

      Design is implementable

      Acceptance criteria agreed upon

      Story estimated

      v

      Legend

      Unknown

      Verified

      Unsatisfied

            Unassigned Unassigned
            jfrancin@redhat.com John Francini
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: