From eba8d42efeb817d3c7b86118ef34fb810f11d3a9 Mon Sep 17 00:00:00 2001 From: JasonPowr Date: Thu, 5 Feb 2026 08:57:27 +0000 Subject: [PATCH] fix: add upgrade path from tech-preview to stable --- .../policy-controller-operator/catalog.json | 203 +++++++++++++++++- v4.19/policy-controller-operator/graph.yaml | 21 ++ 2 files changed, 222 insertions(+), 2 deletions(-) diff --git a/v4.19/policy-controller-operator/catalog/policy-controller-operator/catalog.json b/v4.19/policy-controller-operator/catalog/policy-controller-operator/catalog.json index 6c80d29..4e12262 100644 --- a/v4.19/policy-controller-operator/catalog/policy-controller-operator/catalog.json +++ b/v4.19/policy-controller-operator/catalog/policy-controller-operator/catalog.json @@ -13,7 +13,8 @@ "package": "policy-controller-operator", "entries": [ { - "name": "policy-controller-operator.v1.0.0" + "name": "policy-controller-operator.v1.0.0", + "replaces": "policy-controller-operator.v0.0.1-techpreview" } ] } @@ -23,7 +24,185 @@ "package": "policy-controller-operator", "entries": [ { - "name": "policy-controller-operator.v1.0.0" + "name": "policy-controller-operator.v1.0.0", + "replaces": "policy-controller-operator.v0.0.1-techpreview" + } + ] +} +{ + "schema": "olm.channel", + "name": "tech-preview", + "package": "policy-controller-operator", + "entries": [ + { + "name": "policy-controller-operator.v0.0.1-techpreview" + } + ] +} +{ + "schema": "olm.bundle", + "name": "policy-controller-operator.v0.0.1-techpreview", + "package": "policy-controller-operator", + "image": "registry.redhat.io/rhtas/policy-controller-operator-bundle@sha256:0f31421a30a1cefa861e3edd4c3ca740afe4bef9a9fd0e2857a3a6529a675d95", + "properties": [ + { + "type": "olm.gvk", + "value": { + "group": "policy.sigstore.dev", + "kind": "ClusterImagePolicy", + "version": "v1alpha1" + } + }, + { + "type": "olm.gvk", + "value": { + "group": "policy.sigstore.dev", + "kind": "ClusterImagePolicy", + "version": "v1beta1" + } + }, + { + "type": "olm.gvk", + "value": { + "group": "policy.sigstore.dev", + "kind": "TrustRoot", + "version": "v1alpha1" + } + }, + { + "type": "olm.gvk", + "value": { + "group": "rhtas.charts.redhat.com", + "kind": "PolicyController", + "version": "v1alpha1" + } + }, + { + "type": "olm.package", + "value": { + "packageName": "policy-controller-operator", + "version": "0.0.1-techpreview" + } + }, + { + "type": "olm.csv.metadata", + "value": { + "annotations": { + "alm-examples": "[\n {\n \"apiVersion\": \"policy.sigstore.dev/v1alpha1\",\n \"kind\": \"TrustRoot\",\n \"metadata\": {\n \"name\": \"trust-root\"\n },\n \"spec\": {\n \"remote\": {\n \"mirror\": \"https://tuf.example.com\",\n \"root\": \"\\u003cbase64 encode trust root\\u003e\\n\"\n }\n }\n },\n {\n \"apiVersion\": \"policy.sigstore.dev/v1beta1\",\n \"kind\": \"ClusterImagePolicy\",\n \"metadata\": {\n \"name\": \"cluster-image-policy\"\n },\n \"spec\": {\n \"authorities\": [\n {\n \"ctlog\": {\n \"trustRootRef\": \"trust-root-ref\",\n \"url\": \"https://rekor.example.com\"\n },\n \"keyless\": {\n \"identities\": [\n {\n \"issuer\": \"https://oidc.example.com\",\n \"subject\": \"oidc-issuer-subject\"\n }\n ],\n \"trustRootRef\": \"trust-root-ref\",\n \"url\": \"https://fulcio.example.com\"\n }\n }\n ],\n \"images\": [\n {\n \"glob\": \"**\"\n }\n ]\n }\n },\n {\n \"apiVersion\": \"rhtas.charts.redhat.com/v1alpha1\",\n \"kind\": \"PolicyController\",\n \"metadata\": {\n \"name\": \"policycontroller-sample\"\n },\n \"spec\": {\n \"policy-controller\": {\n \"cosign\": {\n \"webhookName\": \"policy.rhtas.com\"\n },\n \"webhook\": {\n \"extraArgs\": {\n \"mutating-webhook-name\": \"defaulting.clusterimagepolicy.rhtas.com\",\n \"validating-webhook-name\": \"validating.clusterimagepolicy.rhtas.com\",\n \"webhook-name\": \"policy.rhtas.com\"\n },\n \"failurePolicy\": \"Fail\",\n \"name\": \"webhook\",\n \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"policy.rhtas.com/include\",\n \"operator\": \"In\",\n \"values\": [\n \"true\"\n ]\n }\n ]\n },\n \"webhookNames\": {\n \"defaulting\": \"defaulting.clusterimagepolicy.rhtas.com\",\n \"validating\": \"validating.clusterimagepolicy.rhtas.com\"\n }\n }\n }\n }\n }\n]", + "capabilities": "Basic Install", + "containerImage": "registry.redhat.io/rhtas/policy-controller-rhel9-operator@sha256:04df1881c5cefde8478ac8e96d24ea8b4a144c303d9b3eed74e8bcbeb9b34981", + "createdAt": "2025-09-23T11:59:34Z", + "features.operators.openshift.io/cnf": "false", + "features.operators.openshift.io/cni": "false", + "features.operators.openshift.io/csi": "false", + "features.operators.openshift.io/disconnected": "false", + "features.operators.openshift.io/fips-compliant": "false", + "features.operators.openshift.io/proxy-aware": "false", + "features.operators.openshift.io/tls-profiles": "false", + "features.operators.openshift.io/token-auth-aws": "false", + "features.operators.openshift.io/token-auth-azure": "false", + "features.operators.openshift.io/token-auth-gcp": "false", + "operators.openshift.io/valid-subscription": "[\"Red Hat Trusted Artifact Signer\"]", + "operators.operatorframework.io/builder": "operator-sdk-v1.39.2", + "operators.operatorframework.io/project_layout": "helm.sdk.operatorframework.io/v1", + "repository": "https://github.com/securesign/policy-controller-operator", + "support": "Red Hat" + }, + "apiServiceDefinitions": {}, + "crdDescriptions": { + "owned": [ + { + "name": "clusterimagepolicies.policy.sigstore.dev", + "version": "v1alpha1", + "kind": "ClusterImagePolicy", + "displayName": "Cluster Image Policy", + "description": "Cluster Image Policy is the Schema for the clusterimagepolicies API" + }, + { + "name": "clusterimagepolicies.policy.sigstore.dev", + "version": "v1beta1", + "kind": "ClusterImagePolicy", + "displayName": "Cluster Image Policy", + "description": "Cluster Image Policy is the Schema for the clusterimagepolicies API" + }, + { + "name": "policycontrollers.rhtas.charts.redhat.com", + "version": "v1alpha1", + "kind": "PolicyController", + "displayName": "Policy Controller", + "description": "Policy Controller is the Schema for the policycontrollers API" + }, + { + "name": "trustroots.policy.sigstore.dev", + "version": "v1alpha1", + "kind": "TrustRoot", + "displayName": "Trust Root", + "description": "Trust Root is the Schema for the trustroots API" + } + ] + }, + "description": "A Helm-managed Operator that installs and maintains the Red Hat Trusted Artifact Signer's (RHTAS) Policy Controller on OpenShift.\nThe Operator deploys an admission-webhook that evaluates every create and update request against Cluster Image Policies, this lets cluster administrators\nblock non-compliant workloads and enforce supply-chain, security, and compliance standards across any namespaces.\n", + "displayName": "Policy Controller Operator", + "installModes": [ + { + "type": "OwnNamespace", + "supported": true + }, + { + "type": "SingleNamespace", + "supported": false + }, + { + "type": "MultiNamespace", + "supported": false + }, + { + "type": "AllNamespaces", + "supported": true + } + ], + "keywords": [ + "security", + "rhtas", + "trust", + "admissions controller", + "policy controller" + ], + "links": [ + { + "name": "Policy Controller Operator", + "url": "https://github.com/securesign/policy-controller-operator" + } + ], + "maintainers": [ + { + "name": "Jason Power", + "email": "japower@redhat.com" + } + ], + "maturity": "tech-preview", + "provider": { + "name": "Red Hat" + } + } + } + ], + "relatedImages": [ + { + "name": "ose-cli", + "image": "registry.redhat.io/openshift4/ose-cli@sha256:2bc6e85e12269f8fe42bebcc69587714715bcf69c60a541096a07683cc158fa5" + }, + { + "name": "", + "image": "registry.redhat.io/rhtas/policy-controller-operator-bundle@sha256:0f31421a30a1cefa861e3edd4c3ca740afe4bef9a9fd0e2857a3a6529a675d95" + }, + { + "name": "", + "image": "registry.redhat.io/rhtas/policy-controller-rhel9-operator@sha256:04df1881c5cefde8478ac8e96d24ea8b4a144c303d9b3eed74e8bcbeb9b34981" + }, + { + "name": "policy-controller", + "image": "registry.redhat.io/rhtas/policy-controller-rhel9@sha256:a876c38c134f41259a469f2fd3ce33e6b07a7a4ddbf29bb6768316c5c4d64004" } ] } @@ -194,3 +373,23 @@ } ] } +{ + "schema": "olm.deprecations", + "package": "policy-controller-operator", + "entries": [ + { + "reference": { + "schema": "olm.channel", + "name": "stable-v1.0" + }, + "message": "tech-preview is no longer supported. Please switch to channel 'stable' or channel 'stable-v1.0' for continued support." + }, + { + "reference": { + "schema": "olm.bundle", + "name": "policy-controller-operator.v0.0.1-techpreview" + }, + "message": "policy-controller-operator.v0.0.1-techpreview is deprecated. Please consider updating for continued support." + } + ] +} diff --git a/v4.19/policy-controller-operator/graph.yaml b/v4.19/policy-controller-operator/graph.yaml index 522d34e..71e6141 100644 --- a/v4.19/policy-controller-operator/graph.yaml +++ b/v4.19/policy-controller-operator/graph.yaml @@ -8,14 +8,35 @@ entries: mediatype: image/svg+xml - entries: - name: policy-controller-operator.v1.0.0 + replaces: policy-controller-operator.v0.0.1-techpreview name: stable-v1.0 package: policy-controller-operator schema: olm.channel - entries: - name: policy-controller-operator.v1.0.0 + replaces: policy-controller-operator.v0.0.1-techpreview name: stable package: policy-controller-operator schema: olm.channel + - entries: + - name: policy-controller-operator.v0.0.1-techpreview + name: tech-preview + package: policy-controller-operator + schema: olm.channel + - image: registry.redhat.io/rhtas/policy-controller-operator-bundle@sha256:0f31421a30a1cefa861e3edd4c3ca740afe4bef9a9fd0e2857a3a6529a675d95 + name: policy-controller-operator.v0.0.1-techpreview + schema: olm.bundle - image: registry.redhat.io/rhtas/policy-controller-operator-bundle@sha256:5fc84a0c6e851a524c505240f9692cc9519f25a83cbae8917ef824b2f4fdcc55 name: policy-controller-operator.v1.0.0 schema: olm.bundle + - entries: + - message: tech-preview is no longer supported. Please switch to channel 'stable' or channel 'stable-v1.0' for continued support. + reference: + name: stable-v1.0 + schema: olm.channel + - message: policy-controller-operator.v0.0.1-techpreview is deprecated. Please consider updating for continued support. + reference: + name: policy-controller-operator.v0.0.1-techpreview + schema: olm.bundle + package: policy-controller-operator + schema: olm.deprecations