openshift
diff --git a/‎go.mod‎
Lines changed: 3 additions & 3 deletions b/‎go.mod‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 6 deletions b/‎go.sum‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎pkg/controller/bootstrap/bootstrap.go‎
Lines changed: 4 additions & 4 deletions b/‎pkg/controller/bootstrap/bootstrap.go‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎pkg/controller/container-runtime-config/container_runtime_config_controller.go‎
Lines changed: 10 additions & 11 deletions b/‎pkg/controller/container-runtime-config/container_runtime_config_controller.go‎
Lines changed: 10 additions & 11 deletions
diff --git a/‎pkg/controller/container-runtime-config/container_runtime_config_controller_test.go‎
Lines changed: 28 additions & 28 deletions b/‎pkg/controller/container-runtime-config/container_runtime_config_controller_test.go‎
Lines changed: 28 additions & 28 deletions
@@ -33,9 +33,9 @@ require (
 	github.com/onsi/ginkgo/v2 v2.22.2
 	github.com/onsi/gomega v1.36.2
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c
-	github.com/openshift/api v0.0.0-20250425163235-9b80d67473bc
-	github.com/openshift/client-go v0.0.0-20250425165505-5f55ff6979a1
+	github.com/openshift-eng/openshift-tests-extension v0.0.0-20250128181728-a95ca461cacf
+	github.com/openshift/api v0.0.0-20250624181540-f9cb76628723
+	github.com/openshift/client-go v0.0.0-20250623095455-7b2007868c76
 	github.com/openshift/library-go v0.0.0-20250129210218-fe56c2cf5d70
 	github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b
 	github.com/prometheus/client_golang v1.20.5
 
@@ -575,12 +575,12 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE
 github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8=
 github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
-github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c h1:R5dI2oOF2RtS1sKtLrhW9KMg0ydzF0XM2Q//ma55nWI=
-github.com/openshift-eng/openshift-tests-extension v0.0.0-20250522124649-4ffcd156ec7c/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M=
-github.com/openshift/api v0.0.0-20250425163235-9b80d67473bc h1:BGKjHtYzBweOSu1UwTnNqtPbJZ4VzOTqVFlUDpP+6U8=
-github.com/openshift/api v0.0.0-20250425163235-9b80d67473bc/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
-github.com/openshift/client-go v0.0.0-20250425165505-5f55ff6979a1 h1:2HPG58V07TrrSGBviNPd0PY42vYHPPCIEwj/pb9nUlY=
-github.com/openshift/client-go v0.0.0-20250425165505-5f55ff6979a1/go.mod h1:kH5mjMfcHCF0tEnxwvNJTLMnlbrEt3Ua+vMVGvBOK5w=
+github.com/openshift-eng/openshift-tests-extension v0.0.0-20250128181728-a95ca461cacf h1:xAdvYS3qDIUFbNv94/EQ6Fu6WS/TlaAt9TSwbTUBJQU=
+github.com/openshift-eng/openshift-tests-extension v0.0.0-20250128181728-a95ca461cacf/go.mod h1:kXuC+wKAGTHl4J+sdweWnhO97DfM7OuEturAHZNczAg=
+github.com/openshift/api v0.0.0-20250624181540-f9cb76628723 h1:cAwMSvXtOWpQi7Ptk0zvt4JZpplJx0VopHJXe5GGUgg=
+github.com/openshift/api v0.0.0-20250624181540-f9cb76628723/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
+github.com/openshift/client-go v0.0.0-20250623095455-7b2007868c76 h1:tH4ZSE+YLzV6B8gsXCz/VDdWnkBo7TDST+fhGExWFig=
+github.com/openshift/client-go v0.0.0-20250623095455-7b2007868c76/go.mod h1:XdbrTCqQWLe1qJ/LgU5jcqJ2OX3VbhtZzgDjzlcbyzA=
 github.com/openshift/kubernetes v1.30.1-0.20250131233843-55625722a4b8 h1:iw1eJproBABuSVMzEhvANn/mjObdh2gp4Ls5WIIDde8=
 github.com/openshift/kubernetes v1.30.1-0.20250131233843-55625722a4b8/go.mod h1:4RS9VRpotH97uAid5TwHVizd4eCyQKUE/c0ufd6cATk=
 github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20250131233843-55625722a4b8 h1:i+jqeyuJMXTBmnZVgQZ6XMFaW97vPxAePfF0VHS4ThI=
 
@@ -88,8 +88,8 @@ func (b *Bootstrap) Run(destDir string) error {
 		icspRules            []*apioperatorsv1alpha1.ImageContentSourcePolicy
 		idmsRules            []*apicfgv1.ImageDigestMirrorSet
 		itmsRules            []*apicfgv1.ImageTagMirrorSet
-		clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy
-		imagePolicies        []*apicfgv1alpha1.ImagePolicy
+		clusterImagePolicies []*apicfgv1.ClusterImagePolicy
+		imagePolicies        []*apicfgv1.ImagePolicy
 		imgCfg               *apicfgv1.Image
 		apiServer            *apicfgv1.APIServer
 	)
@@ -139,9 +139,9 @@ func (b *Bootstrap) Run(destDir string) error {
 				itmsRules = append(itmsRules, obj)
 			case *apicfgv1.Image:
 				imgCfg = obj
-			case *apicfgv1alpha1.ClusterImagePolicy:
+			case *apicfgv1.ClusterImagePolicy:
 				clusterImagePolicies = append(clusterImagePolicies, obj)
-			case *apicfgv1alpha1.ImagePolicy:
+			case *apicfgv1.ImagePolicy:
 				imagePolicies = append(imagePolicies, obj)
 			case *apicfgv1.FeatureGate:
 				if obj.GetName() == ctrlcommon.ClusterFeatureInstanceName {
 
@@ -19,7 +19,6 @@ import (
 	configinformers "github.com/openshift/client-go/config/informers/externalversions"
 	cligoinformersv1 "github.com/openshift/client-go/config/informers/externalversions/config/v1"
 	cligolistersv1 "github.com/openshift/client-go/config/listers/config/v1"
-	cligolistersv1alpha1 "github.com/openshift/client-go/config/listers/config/v1alpha1"
 	runtimeutils "github.com/openshift/runtime-utils/pkg/registries"
 
 	operatorinformersv1alpha1 "github.com/openshift/client-go/operator/informers/externalversions/operator/v1alpha1"
@@ -108,10 +107,10 @@ type Controller struct {
 	itmsListerSynced cache.InformerSynced
 
 	configInformerFactory          configinformers.SharedInformerFactory
-	clusterImagePolicyLister       cligolistersv1alpha1.ClusterImagePolicyLister
+	clusterImagePolicyLister       cligolistersv1.ClusterImagePolicyLister
 	clusterImagePolicyListerSynced cache.InformerSynced
 
-	imagePolicyLister       cligolistersv1alpha1.ImagePolicyLister
+	imagePolicyLister       cligolistersv1.ImagePolicyLister
 	imagePolicyListerSynced cache.InformerSynced
 	addedPolicyObservers    bool
 
@@ -321,15 +320,15 @@ func (ctrl *Controller) addImagePolicyObservers() {
 		UpdateFunc: ctrl.clusterImagePolicyUpdated,
 		DeleteFunc: ctrl.clusterImagePolicyDeleted,
 	})
-	ctrl.clusterImagePolicyLister = ctrl.configInformerFactory.Config().V1alpha1().ClusterImagePolicies().Lister()
+	ctrl.clusterImagePolicyLister = ctrl.configInformerFactory.Config().V1().ClusterImagePolicies().Lister()
 	ctrl.clusterImagePolicyListerSynced = ctrl.configInformerFactory.Config().V1alpha1().ClusterImagePolicies().Informer().HasSynced
 
 	ctrl.configInformerFactory.Config().V1alpha1().ImagePolicies().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc:    ctrl.imagePolicyAdded,
 		UpdateFunc: ctrl.imagePolicyUpdated,
 		DeleteFunc: ctrl.imagePolicyDeleted,
 	})
-	ctrl.imagePolicyLister = ctrl.configInformerFactory.Config().V1alpha1().ImagePolicies().Lister()
+	ctrl.imagePolicyLister = ctrl.configInformerFactory.Config().V1().ImagePolicies().Lister()
 	ctrl.imagePolicyListerSynced = ctrl.configInformerFactory.Config().V1alpha1().ImagePolicies().Informer().HasSynced
 }
 
@@ -872,24 +871,24 @@ func (ctrl *Controller) syncImageConfig(key string) error {
 	var (
 		registriesBlocked, policyBlocked, allowedRegs []string
 		releaseImage                                  string
-		clusterImagePolicies                          []*apicfgv1alpha1.ClusterImagePolicy
+		clusterImagePolicies                          []*apicfgv1.ClusterImagePolicy
 		clusterScopePolicies                          map[string]signature.PolicyRequirements
-		imagePolicies                                 []*apicfgv1alpha1.ImagePolicy
+		imagePolicies                                 []*apicfgv1.ImagePolicy
 		scopeNamespacePolicies                        map[string]map[string]signature.PolicyRequirements
 	)
 
 	if ctrl.sigstoreAPIEnabled() && ctrl.addedPolicyObservers {
 		// Find all ClusterImagePolicy objects
 		clusterImagePolicies, err = ctrl.clusterImagePolicyLister.List(labels.Everything())
 		if err != nil && errors.IsNotFound(err) {
-			clusterImagePolicies = []*apicfgv1alpha1.ClusterImagePolicy{}
+			clusterImagePolicies = []*apicfgv1.ClusterImagePolicy{}
 		} else if err != nil {
 			return nil
 		}
 		// Find all ImagePolicy objects
 		imagePolicies, err = ctrl.imagePolicyLister.List(labels.Everything())
 		if err != nil && errors.IsNotFound(err) {
-			imagePolicies = []*apicfgv1alpha1.ImagePolicy{}
+			imagePolicies = []*apicfgv1.ImagePolicy{}
 		} else if err != nil {
 			return nil
 		}
@@ -1074,7 +1073,7 @@ func registriesConfigIgnition(templateDir string, controllerConfig *mcfgv1.Contr
 
 // getValidScopePolicies returns a map[scope]policyRequirement from ClusterImagePolicy, a map[scope][namespace]policyRequirement from ImagePolicy CRs.
 // It skips ImagePolicy scopes that conflict with ClusterImagePolicy scopes and logs the conflicting scopes in the ImagePolicy Status.
-func getValidScopePolicies(clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy, imagePolicies []*apicfgv1alpha1.ImagePolicy, ctrl *Controller) (map[string]signature.PolicyRequirements, map[string]map[string]signature.PolicyRequirements, error) {
+func getValidScopePolicies(clusterImagePolicies []*apicfgv1.ClusterImagePolicy, imagePolicies []*apicfgv1.ImagePolicy, ctrl *Controller) (map[string]signature.PolicyRequirements, map[string]map[string]signature.PolicyRequirements, error) {
 	clusterScopePolicies := make(map[string]signature.PolicyRequirements)
 	namespacePolicies := make(map[string]map[string]signature.PolicyRequirements)
 
@@ -1147,7 +1146,7 @@ func (ctrl *Controller) syncImagePolicyStatusOnly(namespace, imagepolicy, condit
 // RunImageBootstrap generates MachineConfig objects for mcpPools that would have been generated by syncImageConfig,
 // except that mcfgv1.Image is not available.
 func RunImageBootstrap(templateDir string, controllerConfig *mcfgv1.ControllerConfig, mcpPools []*mcfgv1.MachineConfigPool, icspRules []*apioperatorsv1alpha1.ImageContentSourcePolicy,
-	idmsRules []*apicfgv1.ImageDigestMirrorSet, itmsRules []*apicfgv1.ImageTagMirrorSet, imgCfg *apicfgv1.Image, clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy, imagePolicies []*apicfgv1alpha1.ImagePolicy,
+	idmsRules []*apicfgv1.ImageDigestMirrorSet, itmsRules []*apicfgv1.ImageTagMirrorSet, imgCfg *apicfgv1.Image, clusterImagePolicies []*apicfgv1.ClusterImagePolicy, imagePolicies []*apicfgv1.ImagePolicy,
 	featureGateAccess featuregates.FeatureGateAccess) ([]*mcfgv1.MachineConfig, error) {
 
 	var (
 
@@ -75,8 +75,8 @@ type fixture struct {
 	icspLister               []*apioperatorsv1alpha1.ImageContentSourcePolicy
 	idmsLister               []*apicfgv1.ImageDigestMirrorSet
 	itmsLister               []*apicfgv1.ImageTagMirrorSet
-	clusterImagePolicyLister []*apicfgv1alpha1.ClusterImagePolicy
-	imagePolicyLister        []*apicfgv1alpha1.ImagePolicy
+	clusterImagePolicyLister []*apicfgv1.ClusterImagePolicy
+	imagePolicyLister        []*apicfgv1.ImagePolicy
 
 	actions               []core.Action
 	skipActionsValidation bool
@@ -212,20 +212,20 @@ func newClusterVersionConfig(name, desiredImage string) *apicfgv1.ClusterVersion
 	}
 }
 
-func newClusterImagePolicyWithPublicKey(name string, scopes []string, keyData []byte) *apicfgv1alpha1.ClusterImagePolicy {
-	imgScopes := []apicfgv1alpha1.ImageScope{}
+func newClusterImagePolicyWithPublicKey(name string, scopes []string, keyData []byte) *apicfgv1.ClusterImagePolicy {
+	imgScopes := []apicfgv1.ImageScope{}
 	for _, scope := range scopes {
-		imgScopes = append(imgScopes, apicfgv1alpha1.ImageScope(scope))
+		imgScopes = append(imgScopes, apicfgv1.ImageScope(scope))
 	}
-	return &apicfgv1alpha1.ClusterImagePolicy{
+	return &apicfgv1.ClusterImagePolicy{
 		TypeMeta:   metav1.TypeMeta{APIVersion: apicfgv1alpha1.SchemeGroupVersion.String()},
 		ObjectMeta: metav1.ObjectMeta{Name: name, UID: types.UID(utilrand.String(5)), Generation: 1},
-		Spec: apicfgv1alpha1.ClusterImagePolicySpec{
+		Spec: apicfgv1.ClusterImagePolicySpec{
 			Scopes: imgScopes,
-			Policy: apicfgv1alpha1.Policy{
-				RootOfTrust: apicfgv1alpha1.PolicyRootOfTrust{
-					PolicyType: apicfgv1alpha1.PublicKeyRootOfTrust,
-					PublicKey: &apicfgv1alpha1.PublicKey{
+			Policy: apicfgv1.Policy{
+				RootOfTrust: apicfgv1.PolicyRootOfTrust{
+					PolicyType: apicfgv1.PublicKeyRootOfTrust,
+					PublicKey: &apicfgv1.PublicKey{
 						KeyData: keyData,
 					},
 				},
@@ -234,20 +234,20 @@ func newClusterImagePolicyWithPublicKey(name string, scopes []string, keyData []
 	}
 }
 
-func newImagePolicyWithPublicKey(name, namespace string, scopes []string, keyData []byte) *apicfgv1alpha1.ImagePolicy {
-	imgScopes := []apicfgv1alpha1.ImageScope{}
+func newImagePolicyWithPublicKey(name, namespace string, scopes []string, keyData []byte) *apicfgv1.ImagePolicy {
+	imgScopes := []apicfgv1.ImageScope{}
 	for _, scope := range scopes {
-		imgScopes = append(imgScopes, apicfgv1alpha1.ImageScope(scope))
+		imgScopes = append(imgScopes, apicfgv1.ImageScope(scope))
 	}
-	return &apicfgv1alpha1.ImagePolicy{
+	return &apicfgv1.ImagePolicy{
 		TypeMeta:   metav1.TypeMeta{APIVersion: apicfgv1alpha1.SchemeGroupVersion.String()},
 		ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, UID: types.UID(utilrand.String(5)), Generation: 1},
-		Spec: apicfgv1alpha1.ImagePolicySpec{
+		Spec: apicfgv1.ImagePolicySpec{
 			Scopes: imgScopes,
-			Policy: apicfgv1alpha1.Policy{
-				RootOfTrust: apicfgv1alpha1.PolicyRootOfTrust{
-					PolicyType: apicfgv1alpha1.PublicKeyRootOfTrust,
-					PublicKey: &apicfgv1alpha1.PublicKey{
+			Policy: apicfgv1.Policy{
+				RootOfTrust: apicfgv1.PolicyRootOfTrust{
+					PolicyType: apicfgv1.PublicKeyRootOfTrust,
+					PublicKey: &apicfgv1.PublicKey{
 						KeyData: keyData,
 					},
 				},
@@ -474,7 +474,7 @@ type registriesConfigAndPolicyVerifyOptions struct {
 	numberOfImagePolicyNamespaces       int
 }
 
-func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcName string, imgcfg *apicfgv1.Image, icsp *apioperatorsv1alpha1.ImageContentSourcePolicy, idms *apicfgv1.ImageDigestMirrorSet, itms *apicfgv1.ImageTagMirrorSet, clusterImagePolicy *apicfgv1alpha1.ClusterImagePolicy, imagePolicy *apicfgv1alpha1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
+func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcName string, imgcfg *apicfgv1.Image, icsp *apioperatorsv1alpha1.ImageContentSourcePolicy, idms *apicfgv1.ImageDigestMirrorSet, itms *apicfgv1.ImageTagMirrorSet, clusterImagePolicy *apicfgv1.ClusterImagePolicy, imagePolicy *apicfgv1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
 	icsps := []*apioperatorsv1alpha1.ImageContentSourcePolicy{}
 	if icsp != nil {
 		icsps = append(icsps, icsp)
@@ -487,11 +487,11 @@ func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcNa
 	if itms != nil {
 		itmss = append(itmss, itms)
 	}
-	clusterImagePolicies := []*apicfgv1alpha1.ClusterImagePolicy{}
+	clusterImagePolicies := []*apicfgv1.ClusterImagePolicy{}
 	if clusterImagePolicy != nil {
 		clusterImagePolicies = append(clusterImagePolicies, clusterImagePolicy)
 	}
-	imagePolicies := []*apicfgv1alpha1.ImagePolicy{}
+	imagePolicies := []*apicfgv1.ImagePolicy{}
 	if imagePolicy != nil {
 		imagePolicies = append(imagePolicies, imagePolicy)
 	}
@@ -500,7 +500,7 @@ func (f *fixture) verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mcNa
 	verifyRegistriesConfigAndPolicyJSONContents(t, updatedMC, mcName, imgcfg, icsps, idmss, itmss, clusterImagePolicies, imagePolicies, releaseImageReg, opts)
 }
 
-func verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mc *mcfgv1.MachineConfig, mcName string, imgcfg *apicfgv1.Image, icsps []*apioperatorsv1alpha1.ImageContentSourcePolicy, idmss []*apicfgv1.ImageDigestMirrorSet, itmss []*apicfgv1.ImageTagMirrorSet, clusterImagePolicies []*apicfgv1alpha1.ClusterImagePolicy, imagePolicies []*apicfgv1alpha1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
+func verifyRegistriesConfigAndPolicyJSONContents(t *testing.T, mc *mcfgv1.MachineConfig, mcName string, imgcfg *apicfgv1.Image, icsps []*apioperatorsv1alpha1.ImageContentSourcePolicy, idmss []*apicfgv1.ImageDigestMirrorSet, itmss []*apicfgv1.ImageTagMirrorSet, clusterImagePolicies []*apicfgv1.ClusterImagePolicy, imagePolicies []*apicfgv1.ImagePolicy, releaseImageReg string, opts registriesConfigAndPolicyVerifyOptions) {
 	// This is not testing updateRegistriesConfig, which has its own tests; this verifies the created object contains the expected
 	// configuration file.
 	// First get the valid blocked registries to ensure we don't block the registry where the release image is from
@@ -1238,8 +1238,8 @@ func TestRunImageBootstrap(t *testing.T) {
 			icspRules             []*apioperatorsv1alpha1.ImageContentSourcePolicy
 			idmsRules             []*apicfgv1.ImageDigestMirrorSet
 			itmsRules             []*apicfgv1.ImageTagMirrorSet
-			clusterImagePolicies  []*apicfgv1alpha1.ClusterImagePolicy
-			imagePolicies         []*apicfgv1alpha1.ImagePolicy
+			clusterImagePolicies  []*apicfgv1.ClusterImagePolicy
+			imagePolicies         []*apicfgv1.ImagePolicy
 			imagePolicyNamespaces int
 		}{
 			{
@@ -1268,10 +1268,10 @@ func TestRunImageBootstrap(t *testing.T) {
 				},
 			},
 			{
-				clusterImagePolicies: []*apicfgv1alpha1.ClusterImagePolicy{
+				clusterImagePolicies: []*apicfgv1.ClusterImagePolicy{
 					&testClusterImagePolicy,
 				},
-				imagePolicies: []*apicfgv1alpha1.ImagePolicy{
+				imagePolicies: []*apicfgv1.ImagePolicy{
 					&testImagePolicy,
 				},
 				imagePolicyNamespaces: 1,