Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add external built image integrity validation #405

Open
ricardozanini opened this issue Feb 20, 2024 · 0 comments
Open

Add external built image integrity validation #405

ricardozanini opened this issue Feb 20, 2024 · 0 comments
Assignees
@ricardozanini

Comments

@ricardozanini
Copy link
Member

Description

As we allow external images set in the SonataFlow resource introduced by KOGITO-9265, we must guarantee that the informed image is valid.

This means that the .spec.flow definition must match with the workflow definition in the image. Without it, theoretically, a user could define a "hello world" workflow in the .spec.flow and a highly complex one in the image itself.

Having a conciliation between the flow and the one served by the image is important for the operator to configure correctly the deployment in the topology.

The operator won't deploy a SonataFlow instance if the given image integrity doesn't match the definition. Preferably, the operator should do static analysis in the image.

Workarounds
If use our tooling to generate CRs, this won't be a problem since we can control every aspect of the deployment, but won't prohibit one from changing the flow as they please.

Implementation ideas

No response
@ricardozanini ricardozanini self-assigned this Feb 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ricardozanini ricardozanini

Labels
None yet
Projects
🦉 KIE Podling Board
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ricardozanini