Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-1173

operators use tag for containerImage reference instead of digest

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • None
    • Cloud
    • None

    • $ oc version
      Client Version: openshift-clients-4.2.2-201910250432-4-g4ac90784
      Server Version: 4.2.10
      Kubernetes Version: v1.14.6+17b1cc6

    • Hide 
      $ oc get packagemanifest/businessautomation-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}'
businessautomation-operator 	businessautomation-operator.1.2.1t registry.redhat.io/rhpam-7/rhpam-rhel8-operator:7.5.1
      Show
      $ oc get packagemanifest/businessautomation-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}' businessautomation-operator businessautomation-operator.1.2.1t registry.redhat.io/rhpam-7/rhpam-rhel8-operator:7.5.1

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

              rhn-support-fspolti Filippe Spolti
              rhn-support-jshepher Jason Shepherd
              Jakub Schwan Jakub Schwan
              Jakub Schwan Jakub Schwan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: