Update CatalogSource Pod security context (#2782)

* Update ci artifact collection Signed-off-by: perdasilva <perdasilva@redhat.com> * Update e2e test images to use FBC Signed-off-by: perdasilva <perdasilva@redhat.com> * Update CatalogSource Pod security context Signed-off-by: perdasilva <perdasilva@redhat.com>
operator-framework · Jun 9, 2022 · 99b51e7 · camilamacedo86 · Jun 25, 2022 · 99b51e7
1 parent c610a3e
commit 99b51e7
Show file tree

Hide file tree

Showing 37 changed files with 2,110 additions and 350 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,7 @@ FROM quay.io/fedora/fedora:34-x86_64 as builder
 LABEL stage=builder
 WORKDIR /build
 
-# install dependencies and go 1.16
+# install dependencies and go 1.17
 
 # copy just enough of the git repo to parse HEAD, used to record version in OLM binaries
 RUN dnf update -y && dnf install -y bash make git mercurial jq wget && dnf upgrade -y

diff --git a/pkg/controller/registry/reconciler/reconciler.go b/pkg/controller/registry/reconciler/reconciler.go
@@ -113,7 +113,13 @@ func Pod(source *operatorsv1alpha1.CatalogSource, name string, image string, saN
  pullPolicy = corev1.PullAlways
  }
 
+ // Security context
  readOnlyRootFilesystem := false
+ allowPrivilegeEscalation := false
+ runAsNonRoot := true
+
+ // See: https://github.com/operator-framework/operator-registry/blob/master/Dockerfile#L27
+ runAsUser := int64(1001)
 
  pod := &corev1.Pod{
  ObjectMeta: metav1.ObjectMeta{
@@ -167,12 +173,23 @@ func Pod(source *operatorsv1alpha1.CatalogSource, name string, image string, saN
  },
  },
  SecurityContext: &corev1.SecurityContext{
- ReadOnlyRootFilesystem: &readOnlyRootFilesystem,
+ ReadOnlyRootFilesystem: &readOnlyRootFilesystem,
+ AllowPrivilegeEscalation: &allowPrivilegeEscalation,
+ Capabilities: &corev1.Capabilities{
+ Drop: []corev1.Capability{"ALL"},
+ },
  },
  ImagePullPolicy: pullPolicy,
  TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
  },
  },
+ SecurityContext: &corev1.PodSecurityContext{
+ RunAsNonRoot: &runAsNonRoot,
+ RunAsUser: &runAsUser,
+ SeccompProfile: &corev1.SeccompProfile{
+ Type: corev1.SeccompProfileTypeRuntimeDefault,
+ },
+ },
  NodeSelector: map[string]string{
  "kubernetes.io/os": "linux",
  },

diff --git a/pkg/controller/registry/reconciler/reconciler_test.go b/pkg/controller/registry/reconciler/reconciler_test.go
@@ -79,8 +79,23 @@ func TestPullPolicy(t *testing.T) {
 
 func TestPodContainerSecurityContext(t *testing.T) {
  expectedReadOnlyRootFilesystem := false
+ expectedAllowPrivilegeEscalation := false
+ expectedRunAsNonRoot := true
+ expectedRunAsUser := int64(1001)
+
  expectedContainerSecCtx := &corev1.SecurityContext{
- ReadOnlyRootFilesystem: &expectedReadOnlyRootFilesystem,
+ ReadOnlyRootFilesystem: &expectedReadOnlyRootFilesystem,
+ AllowPrivilegeEscalation: &expectedAllowPrivilegeEscalation,
+ Capabilities: &corev1.Capabilities{
+ Drop: []corev1.Capability{"ALL"},
+ },
+ }
+ expectedPodSecCtx := &corev1.PodSecurityContext{
+ RunAsNonRoot: &expectedRunAsNonRoot,
+ RunAsUser: &expectedRunAsUser,
+ SeccompProfile: &corev1.SeccompProfile{
+ Type: corev1.SeccompProfileTypeRuntimeDefault,
+ },
  }
 
  catsrc := &v1alpha1.CatalogSource{
@@ -92,7 +107,9 @@ func TestPodContainerSecurityContext(t *testing.T) {
 
  gotPod := Pod(catsrc, "hello", "busybox", "", map[string]string{}, map[string]string{}, int32(0), int32(0))
  gotContainerSecCtx := gotPod.Spec.Containers[0].SecurityContext
+ gotPodSecCtx := gotPod.Spec.SecurityContext
  require.Equal(t, expectedContainerSecCtx, gotContainerSecCtx)
+ require.Equal(t, expectedPodSecCtx, gotPodSecCtx)
 }
 
 func TestPodSchedulingOverrides(t *testing.T) {

diff --git a/scripts/build_test_images.sh b/scripts/build_test_images.sh
@@ -1,19 +1,43 @@
 #!/usr/bin/env bash
 
+set -e
+
+CATALOG_DIR=./test/catalogs
+CATALOG_DOCKER=${CATALOG_DIR}/catalog.Dockerfile
+
+# Given an image and a catalog name
+# This functions builds the image and pushes it to the repository
+function build_and_push() {
+ IMG_NAME=$1
+ CATALOG_NAME=$2
+ docker build -t "${IMG_NAME}" -f "${CATALOG_DOCKER}" "${CATALOG_DIR}/${CATALOG_NAME}"
+ docker push "${IMG_NAME}"
+}
+
+# olmtest images
+
 # Busybox Operator Index Image
-docker build -t quay.io/olmtest/busybox-bundle:1.0.0 ./test/images/busybox-index/busybox/1.0.0
-docker build -t quay.io/olmtest/busybox-bundle:2.0.0 ./test/images/busybox-index/busybox/2.0.0
+catalogs=( 1.0.0 2.0.0 )
+for c in "${catalogs[@]}"; do
+ build_and_push "quay.io/olmtest/busybox-dependencies-index:${c}-with-ListBundles-method" "busybox-${c}"
+done
+
+# single bundle index
+catalogs=( pdb-v1 objects objects-upgrade-samename objects-upgrade-diffname )
+for c in "${catalogs[@]}"; do
+ build_and_push "quay.io/olmtest/single-bundle-index:${c}" "single-bundle-index-${c}"
+done
 
-docker build -t quay.io/olmtest/busybox-dependency-bundle:1.0.0 ./test/images/busybox-index/busybox-dependency/1.0.0
-docker build -t quay.io/olmtest/busybox-dependency-bundle:2.0.0 ./test/images/busybox-index/busybox-dependency/2.0.0
+# catsrc-update-test catalogs
+catalogs=( old new related )
+for c in "${catalogs[@]}"; do
+ build_and_push "quay.io/olmtest/catsrc-update-test:${c}" "catsrc-update-test-${c}"
+done
 
-docker push quay.io/olmtest/busybox-bundle:1.0.0
-docker push quay.io/olmtest/busybox-bundle:2.0.0
-docker push quay.io/olmtest/busybox-dependency-bundle:1.0.0
-docker push quay.io/olmtest/busybox-dependency-bundle:2.0.0
+# operator-framework images
 
-opm index add --bundles quay.io/olmtest/busybox-dependency-bundle:1.0.0,quay.io/olmtest/busybox-bundle:1.0.0 --tag quay.io/olmtest/busybox-dependencies-index:1.0.0-with-ListBundles-method -c docker
-docker push quay.io/olmtest/busybox-dependencies-index:1.0.0-with-ListBundles-method
+# ci-index
+build_and_push quay.io/operator-framework/ci-index:latest "ci-index"
 
-opm index add --bundles quay.io/olmtest/busybox-dependency-bundle:2.0.0,quay.io/olmtest/busybox-bundle:2.0.0 --tag quay.io/olmtest/busybox-dependencies-index:2.0.0-with-ListBundles-method --from-index quay.io/olmtest/busybox-dependencies-index:1.0.0-with-ListBundles-method -c docker
-docker push quay.io/olmtest/busybox-dependencies-index:2.0.0-with-ListBundles-method
+# webhook-operator-index
+build_and_push quay.io/operator-framework/webhook-operator-index:0.0.3 "webhook-operator-index-0.0.3"
diff --git a/test/catalogs/busybox-1.0.0/busybox-dependency/catalog.json b/test/catalogs/busybox-1.0.0/busybox-dependency/catalog.json
@@ -0,0 +1,60 @@
+{
+ "schema": "olm.package",
+ "name": "busybox-dependency",
+ "defaultChannel": "alpha"
+}
+{
+ "schema": "olm.channel",
+ "name": "alpha",
+ "package": "busybox-dependency",
+ "entries": [
+ {
+ "name": "busybox-dependency.v1.0.0"
+ }
+ ]
+}
+{
+ "schema": "olm.bundle",
+ "name": "busybox-dependency.v1.0.0",
+ "package": "busybox-dependency",
+ "image": "quay.io/olmtest/busybox-dependency-bundle:1.0.0",
+ "properties": [
+ {
+ "type": "olm.gvk",
+ "value": {
+ "group": "olm.test.io",
+ "kind": "Foo",
+ "version": "v1"
+ }
+ },
+ {
+ "type": "olm.package",
+ "value": {
+ "packageName": "busybox-dependency",
+ "version": "1.0.0"
+ }
+ },
+ {
+ "type": "olm.bundle.object",
+ "value": {
+ "data": "eyJhcGlWZXJzaW9uIjoib3BlcmF0b3JzLmNvcmVvcy5jb20vdjFhbHBoYTEiLCJraW5kIjoiQ2x1c3RlclNlcnZpY2VWZXJzaW9uIiwibWV0YWRhdGEiOnsibmFtZSI6ImJ1c3lib3gtZGVwZW5kZW5jeS52MS4wLjAiLCJuYW1lc3BhY2UiOiJwbGFjZWhvbGRlciJ9LCJzcGVjIjp7ImN1c3RvbXJlc291cmNlZGVmaW5pdGlvbnMiOnsib3duZWQiOlt7ImRlc2NyaXB0aW9uIjoiRm9vIHJlc291cmNlcyBmb3IgdGVzdGluZyBkZXBlbmRlbmNpZXMiLCJkaXNwbGF5TmFtZSI6IkZvbyIsImdyb3VwIjoib2xtLnRlc3QuaW8iLCJraW5kIjoiRm9vIiwibmFtZSI6ImZvb3Mub2xtLnRlc3QuaW8iLCJ2ZXJzaW9uIjoidjEifV19LCJkZXNjcmlwdGlvbiI6IkEgYnVzeWJveC1kZXBlbmRlbmN5IENTVi5cbiIsImRpc3BsYXlOYW1lIjoiYnVzeWJveC1kZXBlbmRlbmN5IiwiaW5zdGFsbCI6eyJzcGVjIjp7ImRlcGxveW1lbnRzIjpbeyJuYW1lIjoiYnVzeWJveC1kZXBlbmRlbmN5Iiwic3BlYyI6eyJyZXBsaWNhcyI6MSwic2VsZWN0b3IiOnsibWF0Y2hMYWJlbHMiOnsiYXBwIjoiYnVzeWJveC1kZXBlbmRlbmN5In19LCJ0ZW1wbGF0ZSI6eyJtZXRhZGF0YSI6eyJsYWJlbHMiOnsiYXBwIjoiYnVzeWJveC1kZXBlbmRlbmN5In19LCJzcGVjIjp7ImNvbnRhaW5lcnMiOlt7ImNvbW1hbmQiOlsic2xlZXAiLCI5MDAwIl0sImltYWdlIjoiYnVzeWJveCIsIm5hbWUiOiJidXN5Ym94LWRlcGVuZGVuY3kifV19fX19XX0sInN0cmF0ZWd5IjoiZGVwbG95bWVudCJ9LCJpbnN0YWxsTW9kZXMiOlt7InN1cHBvcnRlZCI6dHJ1ZSwidHlwZSI6Ik93bk5hbWVzcGFjZSJ9LHsic3VwcG9ydGVkIjp0cnVlLCJ0eXBlIjoiU2luZ2xlTmFtZXNwYWNlIn0seyJzdXBwb3J0ZWQiOnRydWUsInR5cGUiOiJNdWx0aU5hbWVzcGFjZSJ9LHsic3VwcG9ydGVkIjp0cnVlLCJ0eXBlIjoiQWxsTmFtZXNwYWNlcyJ9XSwibWF0dXJpdHkiOiJhbHBoYSIsInByb3ZpZGVyIjp7Im5hbWUiOiJSZWQgSGF0In0sInZlcnNpb24iOiIxLjAuMCJ9fQ=="
+ }
+ },
+ {
+ "type": "olm.bundle.object",
+ "value": {
+ "data": "eyJhcGlWZXJzaW9uIjoiYXBpZXh0ZW5zaW9ucy5rOHMuaW8vdjEiLCJraW5kIjoiQ3VzdG9tUmVzb3VyY2VEZWZpbml0aW9uIiwibWV0YWRhdGEiOnsibmFtZSI6ImZvb3Mub2xtLnRlc3QuaW8ifSwic3BlYyI6eyJncm91cCI6Im9sbS50ZXN0LmlvIiwibmFtZXMiOnsia2luZCI6IkZvbyIsImxpc3RLaW5kIjoiRm9vTGlzdCIsInBsdXJhbCI6ImZvb3MiLCJzaW5ndWxhciI6ImZvbyJ9LCJzY29wZSI6Ik5hbWVzcGFjZWQiLCJ2ZXJzaW9ucyI6W3sibmFtZSI6InYxIiwic2NoZW1hIjp7Im9wZW5BUElWM1NjaGVtYSI6eyJ0eXBlIjoib2JqZWN0In19LCJzZXJ2ZWQiOnRydWUsInN0b3JhZ2UiOnRydWUsInN1YnJlc291cmNlcyI6eyJzdGF0dXMiOnt9fX1dfX0="
+ }
+ }
+ ],
+ "relatedImages": [
+ {
+ "name": "",
+ "image": "busybox"
+ },
+ {
+ "name": "",
+ "image": "quay.io/olmtest/busybox-dependency-bundle:1.0.0"
+ }
+ ]
+}
diff --git a/test/catalogs/busybox-1.0.0/busybox/catalog.json b/test/catalogs/busybox-1.0.0/busybox/catalog.json
@@ -0,0 +1,54 @@
+{
+ "schema": "olm.package",
+ "name": "busybox",
+ "defaultChannel": "alpha"
+}
+{
+ "schema": "olm.channel",
+ "name": "alpha",
+ "package": "busybox",
+ "entries": [
+ {
+ "name": "busybox.v1.0.0"
+ }
+ ]
+}
+{
+ "schema": "olm.bundle",
+ "name": "busybox.v1.0.0",
+ "package": "busybox",
+ "image": "quay.io/olmtest/busybox-bundle:1.0.0",
+ "properties": [
+ {
+ "type": "olm.gvk.required",
+ "value": {
+ "group": "olm.test.io",
+ "kind": "Foo",
+ "version": "v1"
+ }
+ },
+ {
+ "type": "olm.package",
+ "value": {
+ "packageName": "busybox",
+ "version": "1.0.0"
+ }
+ },
+ {
+ "type": "olm.bundle.object",
+ "value": {
+ "data": "eyJhcGlWZXJzaW9uIjoib3BlcmF0b3JzLmNvcmVvcy5jb20vdjFhbHBoYTEiLCJraW5kIjoiQ2x1c3RlclNlcnZpY2VWZXJzaW9uIiwibWV0YWRhdGEiOnsibmFtZSI6ImJ1c3lib3gudjEuMC4wIiwibmFtZXNwYWNlIjoicGxhY2Vob2xkZXIifSwic3BlYyI6eyJjdXN0b21yZXNvdXJjZWRlZmluaXRpb25zIjp7InJlcXVpcmVkIjpbeyJkZXNjcmlwdGlvbiI6IkZvbyByZXNvdXJjZXMgZm9yIHRlc3RpbmcgZGVwZW5kZW5jaWVzIiwiZGlzcGxheU5hbWUiOiJGb28iLCJraW5kIjoiRm9vIiwibmFtZSI6ImZvb3Mub2xtLnRlc3QuaW8iLCJ2ZXJzaW9uIjoidjEifV19LCJkZXNjcmlwdGlvbiI6IkEgYnVzeWJveCBDU1YuXG4iLCJkaXNwbGF5TmFtZSI6ImJ1c3lib3giLCJpbnN0YWxsIjp7InNwZWMiOnsiZGVwbG95bWVudHMiOlt7Im5hbWUiOiJidXN5Ym94Iiwic3BlYyI6eyJyZXBsaWNhcyI6MSwic2VsZWN0b3IiOnsibWF0Y2hMYWJlbHMiOnsiYXBwIjoiYnVzeWJveCJ9fSwidGVtcGxhdGUiOnsibWV0YWRhdGEiOnsibGFiZWxzIjp7ImFwcCI6ImJ1c3lib3gifX0sInNwZWMiOnsiY29udGFpbmVycyI6W3siY29tbWFuZCI6WyJzbGVlcCIsIjkwMDAiXSwiaW1hZ2UiOiJidXN5Ym94IiwibmFtZSI6ImJ1c3lib3gifV19fX19XX0sInN0cmF0ZWd5IjoiZGVwbG95bWVudCJ9LCJpbnN0YWxsTW9kZXMiOlt7InN1cHBvcnRlZCI6dHJ1ZSwidHlwZSI6Ik93bk5hbWVzcGFjZSJ9LHsic3VwcG9ydGVkIjp0cnVlLCJ0eXBlIjoiU2luZ2xlTmFtZXNwYWNlIn0seyJzdXBwb3J0ZWQiOnRydWUsInR5cGUiOiJNdWx0aU5hbWVzcGFjZSJ9LHsic3VwcG9ydGVkIjp0cnVlLCJ0eXBlIjoiQWxsTmFtZXNwYWNlcyJ9XSwibWF0dXJpdHkiOiJhbHBoYSIsInByb3ZpZGVyIjp7Im5hbWUiOiJSZWQgSGF0In0sInZlcnNpb24iOiIxLjAuMCJ9fQ=="
+ }
+ }
+ ],
+ "relatedImages": [
+ {
+ "name": "",
+ "image": "busybox"
+ },
+ {
+ "name": "",
+ "image": "quay.io/olmtest/busybox-bundle:1.0.0"
+ }
+ ]
+}
diff --git a/test/catalogs/busybox-2.0.0/busybox-dependency/catalog.json b/test/catalogs/busybox-2.0.0/busybox-dependency/catalog.json
@@ -0,0 +1,61 @@
+{
+ "schema": "olm.package",
+ "name": "busybox-dependency",
+ "defaultChannel": "alpha"
+}
+{
+ "schema": "olm.channel",
+ "name": "alpha",
+ "package": "busybox-dependency",
+ "entries": [
+ {
+ "name": "busybox-dependency.v2.0.0",
+ "skipRange": ">=0.0.0 <2.0.0"
+ }
+ ]
+}
+{
+ "schema": "olm.bundle",
+ "name": "busybox-dependency.v2.0.0",
+ "package": "busybox-dependency",
+ "image": "quay.io/olmtest/busybox-dependency-bundle:2.0.0",
+ "properties": [
+ {
+ "type": "olm.gvk",
+ "value": {
+ "group": "olm.test.io",
+ "kind": "Foo",
+ "version": "v1"
+ }
+ },
+ {
+ "type": "olm.package",
+ "value": {
+ "packageName": "busybox-dependency",
+ "version": "2.0.0"
+ }
+ },
+ {
+ "type": "olm.bundle.object",
+ "value": {
+ "data": "eyJhcGlWZXJzaW9uIjoib3BlcmF0b3JzLmNvcmVvcy5jb20vdjFhbHBoYTEiLCJraW5kIjoiQ2x1c3RlclNlcnZpY2VWZXJzaW9uIiwibWV0YWRhdGEiOnsiYW5ub3RhdGlvbnMiOnsib2xtLnNraXBSYW5nZSI6Ilx1MDAzZT0wLjAuMCBcdTAwM2MyLjAuMCJ9LCJuYW1lIjoiYnVzeWJveC1kZXBlbmRlbmN5LnYyLjAuMCIsIm5hbWVzcGFjZSI6InBsYWNlaG9sZGVyIn0sInNwZWMiOnsiY3VzdG9tcmVzb3VyY2VkZWZpbml0aW9ucyI6eyJvd25lZCI6W3siZGVzY3JpcHRpb24iOiJGb28gcmVzb3VyY2VzIGZvciB0ZXN0aW5nIGRlcGVuZGVuY2llcyIsImRpc3BsYXlOYW1lIjoiRm9vIiwiZ3JvdXAiOiJvbG0udGVzdC5pbyIsImtpbmQiOiJGb28iLCJuYW1lIjoiZm9vcy5vbG0udGVzdC5pbyIsInZlcnNpb24iOiJ2MSJ9XX0sImRlc2NyaXB0aW9uIjoiQSBidXN5Ym94LWRlcGVuZGVuY3kgQ1NWLlxuIiwiZGlzcGxheU5hbWUiOiJidXN5Ym94LWRlcGVuZGVuY3kiLCJpbnN0YWxsIjp7InNwZWMiOnsiZGVwbG95bWVudHMiOlt7Im5hbWUiOiJidXN5Ym94LWRlcGVuZGVuY3kiLCJzcGVjIjp7InJlcGxpY2FzIjoxLCJzZWxlY3RvciI6eyJtYXRjaExhYmVscyI6eyJhcHAiOiJidXN5Ym94LWRlcGVuZGVuY3kifX0sInRlbXBsYXRlIjp7Im1ldGFkYXRhIjp7ImxhYmVscyI6eyJhcHAiOiJidXN5Ym94LWRlcGVuZGVuY3kifX0sInNwZWMiOnsiY29udGFpbmVycyI6W3siY29tbWFuZCI6WyJzbGVlcCIsIjkwMDAiXSwiaW1hZ2UiOiJidXN5Ym94IiwibmFtZSI6ImJ1c3lib3gtZGVwZW5kZW5jeSJ9XX19fX1dfSwic3RyYXRlZ3kiOiJkZXBsb3ltZW50In0sImluc3RhbGxNb2RlcyI6W3sic3VwcG9ydGVkIjp0cnVlLCJ0eXBlIjoiT3duTmFtZXNwYWNlIn0seyJzdXBwb3J0ZWQiOnRydWUsInR5cGUiOiJTaW5nbGVOYW1lc3BhY2UifSx7InN1cHBvcnRlZCI6dHJ1ZSwidHlwZSI6Ik11bHRpTmFtZXNwYWNlIn0seyJzdXBwb3J0ZWQiOnRydWUsInR5cGUiOiJBbGxOYW1lc3BhY2VzIn1dLCJtYXR1cml0eSI6ImFscGhhIiwicHJvdmlkZXIiOnsibmFtZSI6IlJlZCBIYXQifSwidmVyc2lvbiI6IjIuMC4wIn19"
+ }
+ },
+ {
+ "type": "olm.bundle.object",
+ "value": {
+ "data": "eyJhcGlWZXJzaW9uIjoiYXBpZXh0ZW5zaW9ucy5rOHMuaW8vdjEiLCJraW5kIjoiQ3VzdG9tUmVzb3VyY2VEZWZpbml0aW9uIiwibWV0YWRhdGEiOnsibmFtZSI6ImZvb3Mub2xtLnRlc3QuaW8ifSwic3BlYyI6eyJncm91cCI6Im9sbS50ZXN0LmlvIiwibmFtZXMiOnsia2luZCI6IkZvbyIsImxpc3RLaW5kIjoiRm9vTGlzdCIsInBsdXJhbCI6ImZvb3MiLCJzaW5ndWxhciI6ImZvbyJ9LCJzY29wZSI6Ik5hbWVzcGFjZWQiLCJ2ZXJzaW9ucyI6W3sibmFtZSI6InYxIiwic2NoZW1hIjp7Im9wZW5BUElWM1NjaGVtYSI6eyJ0eXBlIjoib2JqZWN0In19LCJzZXJ2ZWQiOnRydWUsInN0b3JhZ2UiOnRydWUsInN1YnJlc291cmNlcyI6eyJzdGF0dXMiOnt9fX1dfX0="
+ }
+ }
+ ],
+ "relatedImages": [
+ {
+ "name": "",
+ "image": "busybox"
+ },
+ {
+ "name": "",
+ "image": "quay.io/olmtest/busybox-dependency-bundle:2.0.0"
+ }
+ ]
+}
diff --git a/test/catalogs/busybox-2.0.0/busybox/catalog.json b/test/catalogs/busybox-2.0.0/busybox/catalog.json
@@ -0,0 +1,55 @@
+{
+ "schema": "olm.package",
+ "name": "busybox",
+ "defaultChannel": "alpha"
+}
+{
+ "schema": "olm.channel",
+ "name": "alpha",
+ "package": "busybox",
+ "entries": [
+ {
+ "name": "busybox.v2.0.0",
+ "skipRange": ">=0.0.0 <2.0.0"
+ }
+ ]
+}
+{
+ "schema": "olm.bundle",
+ "name": "busybox.v2.0.0",
+ "package": "busybox",
+ "image": "quay.io/olmtest/busybox-bundle:2.0.0",
+ "properties": [
+ {
+ "type": "olm.gvk.required",
+ "value": {
+ "group": "olm.test.io",
+ "kind": "Foo",
+ "version": "v1"
+ }
+ },
+ {
+ "type": "olm.package",
+ "value": {
+ "packageName": "busybox",
+ "version": "2.0.0"
+ }
+ },
+ {
+ "type": "olm.bundle.object",
+ "value": {
+ "data": "eyJhcGlWZXJzaW9uIjoib3BlcmF0b3JzLmNvcmVvcy5jb20vdjFhbHBoYTEiLCJraW5kIjoiQ2x1c3RlclNlcnZpY2VWZXJzaW9uIiwibWV0YWRhdGEiOnsiYW5ub3RhdGlvbnMiOnsib2xtLnNraXBSYW5nZSI6Ilx1MDAzZT0wLjAuMCBcdTAwM2MyLjAuMCJ9LCJuYW1lIjoiYnVzeWJveC52Mi4wLjAiLCJuYW1lc3BhY2UiOiJwbGFjZWhvbGRlciJ9LCJzcGVjIjp7ImN1c3RvbXJlc291cmNlZGVmaW5pdGlvbnMiOnsicmVxdWlyZWQiOlt7ImRlc2NyaXB0aW9uIjoiRm9vIHJlc291cmNlcyBmb3IgdGVzdGluZyBkZXBlbmRlbmNpZXMiLCJkaXNwbGF5TmFtZSI6IkZvbyIsImtpbmQiOiJGb28iLCJuYW1lIjoiZm9vcy5vbG0udGVzdC5pbyIsInZlcnNpb24iOiJ2MSJ9XX0sImRlc2NyaXB0aW9uIjoiQSBidXN5Ym94IENTVi5cbiIsImRpc3BsYXlOYW1lIjoiYnVzeWJveCIsImluc3RhbGwiOnsic3BlYyI6eyJkZXBsb3ltZW50cyI6W3sibmFtZSI6ImJ1c3lib3giLCJzcGVjIjp7InJlcGxpY2FzIjoxLCJzZWxlY3RvciI6eyJtYXRjaExhYmVscyI6eyJhcHAiOiJidXN5Ym94In19LCJ0ZW1wbGF0ZSI6eyJtZXRhZGF0YSI6eyJsYWJlbHMiOnsiYXBwIjoiYnVzeWJveCJ9fSwic3BlYyI6eyJjb250YWluZXJzIjpbeyJjb21tYW5kIjpbInNsZWVwIiwiOTAwMCJdLCJpbWFnZSI6ImJ1c3lib3giLCJuYW1lIjoiYnVzeWJveCJ9XX19fX1dfSwic3RyYXRlZ3kiOiJkZXBsb3ltZW50In0sImluc3RhbGxNb2RlcyI6W3sic3VwcG9ydGVkIjp0cnVlLCJ0eXBlIjoiT3duTmFtZXNwYWNlIn0seyJzdXBwb3J0ZWQiOnRydWUsInR5cGUiOiJTaW5nbGVOYW1lc3BhY2UifSx7InN1cHBvcnRlZCI6dHJ1ZSwidHlwZSI6Ik11bHRpTmFtZXNwYWNlIn0seyJzdXBwb3J0ZWQiOnRydWUsInR5cGUiOiJBbGxOYW1lc3BhY2VzIn1dLCJtYXR1cml0eSI6ImFscGhhIiwicHJvdmlkZXIiOnsibmFtZSI6IlJlZCBIYXQifSwidmVyc2lvbiI6IjIuMC4wIn19"
+ }
+ }
+ ],
+ "relatedImages": [
+ {
+ "name": "",
+ "image": "busybox"
+ },
+ {
+ "name": "",
+ "image": "quay.io/olmtest/busybox-bundle:2.0.0"
+ }
+ ]
+}
diff --git a/test/catalogs/catalog.Dockerfile b/test/catalogs/catalog.Dockerfile
@@ -0,0 +1,14 @@
+# The base image is expected to contain
+# /bin/opm (with a serve subcommand) and /bin/grpc_health_probe
+FROM quay.io/operator-framework/opm:latest
+
+# Configure the entrypoint and command
+ENTRYPOINT ["/bin/opm"]
+CMD ["serve", "/catalog"]
+
+# Copy declarative config root into image at /configs
+COPY . /catalog
+
+# Set label for the location of the catalog root directory
+# in the image
+LABEL operators.operatorframework.io.index.configs.v1=/catalog