Bug 1800670

Summary: We were able to publish an image bundle to redhat-operators containing references to unpublished images
Product: [Retired] Red Hat Quay Reporter: Simone Tiraboschi <stirabos>
Component: quay.ioAssignee: Bill Dettelback <bdettelb>
Status: CLOSED NOTABUG QA Contact: Dongbo Yan <dyan>
Severity: unspecified Docs Contact: Chris Negus <cnegus>
Priority: unspecified    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-28 15:05:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Simone Tiraboschi 2020-02-07 16:47:46 UTC 
Description of problem:
I'm not 100% sure I should open this here on on the errata tools; feel free to move this to the right component.

The image bundle is now the de facto mechanism to publish OLM (operators) based applications.
Currently the image bundle is just an image which content (the bundle) is almost completely opaque to the errata tool while the user will be instead going to consume the content of the bundle.

In our case, see bug https://bugzilla.redhat.com/1797804 , we were able to publish to redhat-operators catalog a bundle containing references to unreleased, and so unavailable, images and this broken `oc adm catalog build` mirroring mechanism.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. create a bundle image with link to unexisting images
2. attach it to an errata, move it to staging and then ship to prod
3.

Actual results:
The broken bundle is consumable from redhat-operators but the images are not there

Expected results:
Something at errata level should inspect the bundle and/or something at appregistry level should reject bundles with unexisting images

Additional info:
Comment 1 Bill Dettelback 2020-02-11 14:46:27 UTC 
https://issues.redhat.com/browse/PROJQUAY-270 raised for tracking.
Comment 2 Bill Dettelback 2020-02-18 14:59:44 UTC 
After review it doesn't look like this is within Quay's scope.  Quay is only handling the image storage itself and not managing the full workflow here- including referential integrity across images.  There isn't anything Quay can do to help here TBH.  Request that we close this issue.