Add external built image integrity validation #405
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
As we allow external images set in the SonataFlow resource introduced by KOGITO-9265, we must guarantee that the informed image is valid.
This means that the .spec.flow definition must match with the workflow definition in the image. Without it, theoretically, a user could define a "hello world" workflow in the .spec.flow and a highly complex one in the image itself.
Having a conciliation between the flow and the one served by the image is important for the operator to configure correctly the deployment in the topology.
The operator won't deploy a SonataFlow instance if the given image integrity doesn't match the definition. Preferably, the operator should do static analysis in the image.
Workarounds
If use our tooling to generate CRs, this won't be a problem since we can control every aspect of the deployment, but won't prohibit one from changing the flow as they please.
Implementation ideas
No response
The text was updated successfully, but these errors were encountered: