-
Notifications
You must be signed in to change notification settings - Fork 149
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add policy enforcement for bundle metadata format based on OCP versions
Signed-off-by: Jordan Keister <[email protected]>
- Loading branch information
Showing
4 changed files
with
112 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
|
||
## Bundle properties are not permitted in a FBC fragment for OCP version | ||
|
||
Tasks may fail with an error message containing the string `bundle properties are not permitted in a FBC fragment for OCP version`. This means that your fragment needs to utilize the appropriate FBC bundle metadata format which aligns with your target catalog. Failure to do so will result in your package not being displayed in the OpenShift Console. | ||
|
||
For OCP versions: | ||
- _4.16 or earlier_, bundle metadata must use the `olm.bundle.object` format | ||
- _4.17 or later_, bundle metadata must use the `olm.csv.metadata` format | ||
|
||
### If you use `opm` tooling to generate your fragment | ||
|
||
Note: This assumes that opm is version v1.46.0 or later. | ||
|
||
If you generate your FBC using catalog template expansion or migration of existing catalogs, then by default, the tool will output `olm.bundle.object` metadata format. | ||
You can choose to produce `olm.csv.metadata` format by using the `--migrate-level=bundle-object-to-csv-metadata` flag. | ||
|
||
### If you use other tooling to generate your fragment | ||
|
||
Bundle data in `olm.csv.metadata` format contains only information that the OpenShift Console needs which is derived from the package's Cluster Standard Version(CSV). Since the previous `olm.bundle.object` format would include bundle CSV metadata as well as other properties it is possible to convert from `olm.bundle.object` to `olm.csv.metadata`, but not the reverse. | ||
|
||
If you rely on other tooling/processes to produce your fragment and currently use the `olm.bundle.object` bundle metadata format, then you may either adjust your tooling to generate `olm.csv.metadata` format or you may use `opm` to migrate your fragment's bundle metadata by using `opm render --migrate-level=bundle-object-to-csv-metadata [fragment-ref]` (where `fragment-ref` is a pullspec to the fragment or a path to a directory containing the fragment). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# fbc-validation task | ||
|
||
## Checks: | ||
### Valid base image | ||
To validate the image in build pipeline, Skopeo is used to extract | ||
information from the image itself and then contents are checked using the OpenShift Operator Framework. The binary | ||
used to run the validation is extracted from the base image for the component being tested. Because of this, the | ||
base image must come from a trusted source. Trusted sources are declared in `ALLOWED_BASE_IMAGES` in fbc-validation.yaml. | ||
|
||
### Valid FBC schema | ||
To validate the schema format of the FBC fragment, the test | ||
1. validates that the `operators.operatoframework.io.index.configs.v1` label is present on the image to identify the fragment path | ||
2. extracts the `opm` binary from the base image for the fragment | ||
3. executes `opm validate` over the fragment | ||
|
||
### At least one package in fragment | ||
To validate that at least one package is included in the fragment, the test renders the FBC using `opm` and uses `jq` to count instances of `olm.package` and fails if there are none. | ||
|
||
### Bundle metadata in the appropriate format | ||
To validate bundle metadata, the test evaluates bundle metadata usage against the target OCP version: | ||
- for 4.16 and earlier, fragments must use `olm.bundle.object` (and not use `olm.csv.metadata`) | ||
- for 4.17 and later, fragments must use `olm.csv.metadata` (and not use `olm.bundle.object`) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters