Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-1173

operators use tag for containerImage reference instead of digest

    Details

    • Type: Bug
    • Status: New (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Cloud
    • Labels:
      None
    • Environment:

      $ oc version
      Client Version: openshift-clients-4.2.2-201910250432-4-g4ac90784
      Server Version: 4.2.10
      Kubernetes Version: v1.14.6+17b1cc6

    • Steps to Reproduce:
      Hide
      $ oc get packagemanifest/businessautomation-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}'
      businessautomation-operator 	businessautomation-operator.1.2.1t registry.redhat.io/rhpam-7/rhpam-rhel8-operator:7.5.1
      
      Show
      $ oc get packagemanifest/businessautomation-operator -n openshift-marketplace -o=jsonpath='{.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}' businessautomation-operator businessautomation-operator.1.2.1t registry.redhat.io/rhpam-7/rhpam-rhel8-operator:7.5.1

      Description

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jshepher Jason Shepherd
                Tester:
                Jakub Schwan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: