Migrate (Cluster)ImagePolicy to v1

Signed-off-by: Qi Wang <qiwan@redhat.com>

Author: QiWang19

pkg/controller/bootstrap/bootstrap.go

@@ -87,8 +87,8 @@ func (b *Bootstrap) Run(destDir string) error {
 		icspRules            []*apioperatorsv1alpha1.ImageContentSourcePolicy
 		idmsRules            []*apicfgv1.ImageDigestMirrorSet
 		itmsRules            []*apicfgv1.ImageTagMirrorSet
-		clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy
-		imagePolicies        []*apicfgv1alpha1.ImagePolicy
+		clusterImagePolicies []*apicfgv1.ClusterImagePolicy
+		imagePolicies        []*apicfgv1.ImagePolicy
 		imgCfg               *apicfgv1.Image
 		apiServer            *apicfgv1.APIServer
 	)
@@ -138,9 +138,9 @@ func (b *Bootstrap) Run(destDir string) error {
 				itmsRules = append(itmsRules, obj)
 			case *apicfgv1.Image:
 				imgCfg = obj
-			case *apicfgv1alpha1.ClusterImagePolicy:
+			case *apicfgv1.ClusterImagePolicy:
 				clusterImagePolicies = append(clusterImagePolicies, obj)
-			case *apicfgv1alpha1.ImagePolicy:
+			case *apicfgv1.ImagePolicy:
 				imagePolicies = append(imagePolicies, obj)
 			case *apicfgv1.FeatureGate:
 				if obj.GetName() == ctrlcommon.ClusterFeatureInstanceName {

pkg/controller/container-runtime-config/container_runtime_config_controller.go

@@ -12,14 +12,12 @@ import (
 	signature "github.com/containers/image/v5/signature"
 	ign3types "github.com/coreos/ignition/v2/config/v3_5/types"
 	apicfgv1 "github.com/openshift/api/config/v1"
-	apicfgv1alpha1 "github.com/openshift/api/config/v1alpha1"
 	features "github.com/openshift/api/features"
 	apioperatorsv1alpha1 "github.com/openshift/api/operator/v1alpha1"
 	configclientset "github.com/openshift/client-go/config/clientset/versioned"
 	configinformers "github.com/openshift/client-go/config/informers/externalversions"
 	cligoinformersv1 "github.com/openshift/client-go/config/informers/externalversions/config/v1"
 	cligolistersv1 "github.com/openshift/client-go/config/listers/config/v1"
-	cligolistersv1alpha1 "github.com/openshift/client-go/config/listers/config/v1alpha1"
 	runtimeutils "github.com/openshift/runtime-utils/pkg/registries"
 
 	operatorinformersv1alpha1 "github.com/openshift/client-go/operator/informers/externalversions/operator/v1alpha1"
@@ -107,10 +105,10 @@ type Controller struct {
 	itmsListerSynced cache.InformerSynced
 
 	configInformerFactory          configinformers.SharedInformerFactory
-	clusterImagePolicyLister       cligolistersv1alpha1.ClusterImagePolicyLister
+	clusterImagePolicyLister       cligolistersv1.ClusterImagePolicyLister
 	clusterImagePolicyListerSynced cache.InformerSynced
 
-	imagePolicyLister       cligolistersv1alpha1.ImagePolicyLister
+	imagePolicyLister       cligolistersv1.ImagePolicyLister
 	imagePolicyListerSynced cache.InformerSynced
 	addedPolicyObservers    bool
 
@@ -320,15 +318,15 @@ func (ctrl *Controller) addImagePolicyObservers() {
 		UpdateFunc: ctrl.clusterImagePolicyUpdated,
 		DeleteFunc: ctrl.clusterImagePolicyDeleted,
 	})
-	ctrl.clusterImagePolicyLister = ctrl.configInformerFactory.Config().V1alpha1().ClusterImagePolicies().Lister()
+	ctrl.clusterImagePolicyLister = ctrl.configInformerFactory.Config().V1().ClusterImagePolicies().Lister()
 	ctrl.clusterImagePolicyListerSynced = ctrl.configInformerFactory.Config().V1alpha1().ClusterImagePolicies().Informer().HasSynced
 
 	ctrl.configInformerFactory.Config().V1alpha1().ImagePolicies().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc:    ctrl.imagePolicyAdded,
 		UpdateFunc: ctrl.imagePolicyUpdated,
 		DeleteFunc: ctrl.imagePolicyDeleted,
 	})
-	ctrl.imagePolicyLister = ctrl.configInformerFactory.Config().V1alpha1().ImagePolicies().Lister()
+	ctrl.imagePolicyLister = ctrl.configInformerFactory.Config().V1().ImagePolicies().Lister()
 	ctrl.imagePolicyListerSynced = ctrl.configInformerFactory.Config().V1alpha1().ImagePolicies().Informer().HasSynced
 }
 
@@ -866,24 +864,24 @@ func (ctrl *Controller) syncImageConfig(key string) error {
 	var (
 		registriesBlocked, policyBlocked, allowedRegs []string
 		releaseImage                                  string
-		clusterImagePolicies                          []*apicfgv1alpha1.ClusterImagePolicy
+		clusterImagePolicies                          []*apicfgv1.ClusterImagePolicy
 		clusterScopePolicies                          map[string]signature.PolicyRequirements
-		imagePolicies                                 []*apicfgv1alpha1.ImagePolicy
+		imagePolicies                                 []*apicfgv1.ImagePolicy
 		scopeNamespacePolicies                        map[string]map[string]signature.PolicyRequirements
 	)
 
 	if ctrl.sigstoreAPIEnabled() && ctrl.addedPolicyObservers {
 		// Find all ClusterImagePolicy objects
 		clusterImagePolicies, err = ctrl.clusterImagePolicyLister.List(labels.Everything())
 		if err != nil && errors.IsNotFound(err) {
-			clusterImagePolicies = []*apicfgv1alpha1.ClusterImagePolicy{}
+			clusterImagePolicies = []*apicfgv1.ClusterImagePolicy{}
 		} else if err != nil {
 			return nil
 		}
 		// Find all ImagePolicy objects
 		imagePolicies, err = ctrl.imagePolicyLister.List(labels.Everything())
 		if err != nil && errors.IsNotFound(err) {
-			imagePolicies = []*apicfgv1alpha1.ImagePolicy{}
+			imagePolicies = []*apicfgv1.ImagePolicy{}
 		} else if err != nil {
 			return nil
 		}
@@ -1068,7 +1066,7 @@ func registriesConfigIgnition(templateDir string, controllerConfig *mcfgv1.Contr
 
 // getValidScopePolicies returns a map[scope]policyRequirement from ClusterImagePolicy, a map[scope][namespace]policyRequirement from ImagePolicy CRs.
 // It skips ImagePolicy scopes that conflict with ClusterImagePolicy scopes and logs the conflicting scopes in the ImagePolicy Status.
-func getValidScopePolicies(clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy, imagePolicies []*apicfgv1alpha1.ImagePolicy, ctrl *Controller) (map[string]signature.PolicyRequirements, map[string]map[string]signature.PolicyRequirements, error) {
+func getValidScopePolicies(clusterImagePolicies []*apicfgv1.ClusterImagePolicy, imagePolicies []*apicfgv1.ImagePolicy, ctrl *Controller) (map[string]signature.PolicyRequirements, map[string]map[string]signature.PolicyRequirements, error) {
 	clusterScopePolicies := make(map[string]signature.PolicyRequirements)
 	namespacePolicies := make(map[string]map[string]signature.PolicyRequirements)
 
@@ -1110,7 +1108,7 @@ func getValidScopePolicies(clusterImagePolicies []*apicfgv1alpha1.ClusterImagePo
 			if len(conflictScopes) > 0 {
 				msg := fmt.Sprintf("has conflicting scope(s) %q that equal to or nest inside existing clusterimagepolicy, only policy from clusterimagepolicy scope(s) will be applied", conflictScopes)
 				klog.V(2).Info(msg)
-				ctrl.syncImagePolicyStatusOnly(namespace, imagePolicy.ObjectMeta.Name, apicfgv1alpha1.ImagePolicyPending, reasonConflictScopes, msg, metav1.ConditionFalse)
+				ctrl.syncImagePolicyStatusOnly(namespace, imagePolicy.ObjectMeta.Name, apicfgv1.ImagePolicyPending, reasonConflictScopes, msg, metav1.ConditionFalse)
 			}
 		}
 	}
@@ -1141,7 +1139,7 @@ func (ctrl *Controller) syncImagePolicyStatusOnly(namespace, imagepolicy, condit
 // RunImageBootstrap generates MachineConfig objects for mcpPools that would have been generated by syncImageConfig,
 // except that mcfgv1.Image is not available.
 func RunImageBootstrap(templateDir string, controllerConfig *mcfgv1.ControllerConfig, mcpPools []*mcfgv1.MachineConfigPool, icspRules []*apioperatorsv1alpha1.ImageContentSourcePolicy,
-	idmsRules []*apicfgv1.ImageDigestMirrorSet, itmsRules []*apicfgv1.ImageTagMirrorSet, imgCfg *apicfgv1.Image, clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy, imagePolicies []*apicfgv1alpha1.ImagePolicy,
+	idmsRules []*apicfgv1.ImageDigestMirrorSet, itmsRules []*apicfgv1.ImageTagMirrorSet, imgCfg *apicfgv1.Image, clusterImagePolicies []*apicfgv1.ClusterImagePolicy, imagePolicies []*apicfgv1.ImagePolicy,
 	fgHandler ctrlcommon.FeatureGatesHandler) ([]*mcfgv1.MachineConfig, error) {
 
 	var (

pkg/controller/container-runtime-config/container_runtime_config_controller_test.go

@@ -30,7 +30,6 @@ import (
 
 	ign3types "github.com/coreos/ignition/v2/config/v3_5/types"
 	apicfgv1 "github.com/openshift/api/config/v1"
-	apicfgv1alpha1 "github.com/openshift/api/config/v1alpha1"
 	features "github.com/openshift/api/features"
 	mcfgv1 "github.com/openshift/api/machineconfiguration/v1"
 	apioperatorsv1alpha1 "github.com/openshift/api/operator/v1alpha1"
@@ -74,8 +73,8 @@ type fixture struct {
 	icspLister               []*apioperatorsv1alpha1.ImageContentSourcePolicy
 	idmsLister               []*apicfgv1.ImageDigestMirrorSet
 	itmsLister               []*apicfgv1.ImageTagMirrorSet
-	clusterImagePolicyLister []*apicfgv1alpha1.ClusterImagePolicy
-	imagePolicyLister        []*apicfgv1alpha1.ImagePolicy
+	clusterImagePolicyLister []*apicfgv1.ClusterImagePolicy
+	imagePolicyLister        []*apicfgv1.ImagePolicy
 
 	actions               []core.Action
 	skipActionsValidation bool
@@ -211,20 +210,20 @@ func newClusterVersionConfig(name, desiredImage string) *apicfgv1.ClusterVersion
 	}
 }
 
-func newClusterImagePolicyWithPublicKey(name string, scopes []string, keyData []byte) *apicfgv1alpha1.ClusterImagePolicy {
-	imgScopes := []apicfgv1alpha1.ImageScope{}
+func newClusterImagePolicyWithPublicKey(name string, scopes []string, keyData []byte) *apicfgv1.ClusterImagePolicy {
+	imgScopes := []apicfgv1.ImageScope{}
 	for _, scope := range scopes {
-		imgScopes = append(imgScopes, apicfgv1alpha1.ImageScope(scope))
+		imgScopes = append(imgScopes, apicfgv1.ImageScope(scope))
 	}
-	return &apicfgv1alpha1.ClusterImagePolicy{
-		TypeMeta:   metav1.TypeMeta{APIVersion: apicfgv1alpha1.SchemeGroupVersion.String()},
+	return &apicfgv1.ClusterImagePolicy{
+		TypeMeta:   metav1.TypeMeta{APIVersion: apicfgv1.SchemeGroupVersion.String()},
 		ObjectMeta: metav1.ObjectMeta{Name: name, UID: types.UID(utilrand.String(5)), Generation: 1},
-		Spec: apicfgv1alpha1.ClusterImagePolicySpec{
+		Spec: apicfgv1.ClusterImagePolicySpec{
 			Scopes: imgScopes,
-			Policy: apicfgv1alpha1.Policy{
-				RootOfTrust: apicfgv1alpha1.PolicyRootOfTrust{
-					PolicyType: apicfgv1alpha1.PublicKeyRootOfTrust,
-					PublicKey: &apicfgv1alpha1.PublicKey{
+			Policy: apicfgv1.Policy{
+				RootOfTrust: apicfgv1.PolicyRootOfTrust{
+					PolicyType: apicfgv1.PublicKeyRootOfTrust,
+					PublicKey: &apicfgv1.PublicKey{
 						KeyData: keyData,
 					},
 				},
@@ -233,20 +232,20 @@ func newClusterImagePolicyWithPublicKey(name string, scopes []string, keyData []
 	}
 }
 
-func newImagePolicyWithPublicKey(name, namespace string, scopes []string, keyData []byte) *apicfgv1alpha1.ImagePolicy {
-	imgScopes := []apicfgv1alpha1.ImageScope{}
+func newImagePolicyWithPublicKey(name, namespace string, scopes []string, keyData []byte) *apicfgv1.ImagePolicy {
+	imgScopes := []apicfgv1.ImageScope{}
 	for _, scope := range scopes {
-		imgScopes = append(imgScopes, apicfgv1alpha1.ImageScope(scope))
+		imgScopes = append(imgScopes, apicfgv1.ImageScope(scope))
 	}
-	return &apicfgv1alpha1.ImagePolicy{
-		TypeMeta:   metav1.TypeMeta{APIVersion: apicfgv1alpha1.SchemeGroupVersion.String()},
+	return &apicfgv1.ImagePolicy{
+		TypeMeta:   metav1.TypeMeta{APIVersion: apicfgv1.SchemeGroupVersion.String()},
 		ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, UID: types.UID(utilrand.String(5)), Generation: 1},
-		Spec: apicfgv1alpha1.ImagePolicySpec{
+		Spec: apicfgv1.ImagePolicySpec{
 			Scopes: imgScopes,
-			Policy: apicfgv1alpha1.Policy{
-				RootOfTrust: apicfgv1alpha1.PolicyRootOfTrust{
-					PolicyType: apicfgv1alpha1.PublicKeyRootOfTrust,
-					PublicKey: &apicfgv1alpha1.PublicKey{
+			Policy: apicfgv1.Policy{
+				RootOfTrust: apicfgv1.PolicyRootOfTrust{
+					PolicyType: apicfgv1.PublicKeyRootOfTrust,
+					PublicKey: &apicfgv1.PublicKey{
 						KeyData: keyData,
 					},
 				},
@@ -323,10 +322,10 @@ func (f *fixture) newController() *Controller {
 		ci.Config().V1().ImageTagMirrorSets().Informer().GetIndexer().Add(c)
 	}
 	for _, c := range f.clusterImagePolicyLister {
-		ci.Config().V1alpha1().ClusterImagePolicies().Informer().GetIndexer().Add(c)
+		ci.Config().V1().ClusterImagePolicies().Informer().GetIndexer().Add(c)
 	}
 	for _, c := range f.imagePolicyLister {
-		ci.Config().V1alpha1().ImagePolicies().Informer().GetIndexer().Add(c)
+		ci.Config().V1().ImagePolicies().Informer().GetIndexer().Add(c)
 	}
 
 	return c
@@ -473,7 +472,7 @@ type registriesConfigAndPolicyVerifyOptions struct {
 	numberOfImagePolicyNamespaces       int
 }
 
-func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcName string, imgcfg *apicfgv1.Image, icsp *apioperatorsv1alpha1.ImageContentSourcePolicy, idms *apicfgv1.ImageDigestMirrorSet, itms *apicfgv1.ImageTagMirrorSet, clusterImagePolicy *apicfgv1alpha1.ClusterImagePolicy, imagePolicy *apicfgv1alpha1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
+func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcName string, imgcfg *apicfgv1.Image, icsp *apioperatorsv1alpha1.ImageContentSourcePolicy, idms *apicfgv1.ImageDigestMirrorSet, itms *apicfgv1.ImageTagMirrorSet, clusterImagePolicy *apicfgv1.ClusterImagePolicy, imagePolicy *apicfgv1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
 	icsps := []*apioperatorsv1alpha1.ImageContentSourcePolicy{}
 	if icsp != nil {
 		icsps = append(icsps, icsp)
@@ -486,11 +485,11 @@ func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcNa
 	if itms != nil {
 		itmss = append(itmss, itms)
 	}
-	clusterImagePolicies := []*apicfgv1alpha1.ClusterImagePolicy{}
+	clusterImagePolicies := []*apicfgv1.ClusterImagePolicy{}
 	if clusterImagePolicy != nil {
 		clusterImagePolicies = append(clusterImagePolicies, clusterImagePolicy)
 	}
-	imagePolicies := []*apicfgv1alpha1.ImagePolicy{}
+	imagePolicies := []*apicfgv1.ImagePolicy{}
 	if imagePolicy != nil {
 		imagePolicies = append(imagePolicies, imagePolicy)
 	}
@@ -499,7 +498,7 @@ func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcNa
 	verifyRegistriesConfigAndPolicyJSONContents(t, updatedMC, mcName, imgcfg, icsps, idmss, itmss, clusterImagePolicies, imagePolicies, releaseImageReg, opts)
 }
 
-func verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mc *mcfgv1.MachineConfig, mcName string, imgcfg *apicfgv1.Image, icsps []*apioperatorsv1alpha1.ImageContentSourcePolicy, idmss []*apicfgv1.ImageDigestMirrorSet, itmss []*apicfgv1.ImageTagMirrorSet, clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy, imagePolicies []*apicfgv1alpha1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
+func verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mc *mcfgv1.MachineConfig, mcName string, imgcfg *apicfgv1.Image, icsps []*apioperatorsv1alpha1.ImageContentSourcePolicy, idmss []*apicfgv1.ImageDigestMirrorSet, itmss []*apicfgv1.ImageTagMirrorSet, clusterImagePolicies []*apicfgv1.ClusterImagePolicy, imagePolicies []*apicfgv1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
 	// This is not testing updateRegistriesConfig, which has its own tests; this verifies the created object contains the expected
 	// configuration file.
 	// First get the valid blocked registries to ensure we don't block the registry where the release image is from
@@ -1237,8 +1236,8 @@ func TestRunImageBootstrap(t *testing.T) {
 			icspRules             []*apioperatorsv1alpha1.ImageContentSourcePolicy
 			idmsRules             []*apicfgv1.ImageDigestMirrorSet
 			itmsRules             []*apicfgv1.ImageTagMirrorSet
-			clusterImagePolicies  []*apicfgv1alpha1.ClusterImagePolicy
-			imagePolicies         []*apicfgv1alpha1.ImagePolicy
+			clusterImagePolicies  []*apicfgv1.ClusterImagePolicy
+			imagePolicies         []*apicfgv1.ImagePolicy
 			imagePolicyNamespaces int
 		}{
 			{
@@ -1267,10 +1266,10 @@ func TestRunImageBootstrap(t *testing.T) {
 				},
 			},
 			{
-				clusterImagePolicies: []*apicfgv1alpha1.ClusterImagePolicy{
+				clusterImagePolicies: []*apicfgv1.ClusterImagePolicy{
 					&testClusterImagePolicy,
 				},
-				imagePolicies: []*apicfgv1alpha1.ImagePolicy{
+				imagePolicies: []*apicfgv1.ImagePolicy{
 					&testImagePolicy,
 				},
 				imagePolicyNamespaces: 1,