From b23c869083389963d0ff0f4034a8f46da94849fb Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Wed, 7 Jan 2026 10:09:09 -0500 Subject: [PATCH 1/2] bump(api) --- go.mod | 2 +- go.sum | 4 +- .../config/v1/types_cluster_image_policy.go | 2 +- .../api/config/v1/types_image_policy.go | 24 +- .../api/config/v1/zz_generated.deepcopy.go | 210 +++++----- .../v1/zz_generated.swagger_doc_generated.go | 76 ++-- .../v1alpha1/types_cluster_image_policy.go | 2 +- .../api/config/v1alpha1/types_image_policy.go | 24 +- .../config/v1alpha1/zz_generated.deepcopy.go | 202 +++++----- .../zz_generated.swagger_doc_generated.go | 76 ++-- .../openshift/api/openapi/openapi.json | 376 +++++++++--------- vendor/modules.txt | 2 +- 12 files changed, 500 insertions(+), 500 deletions(-) diff --git a/go.mod b/go.mod index 9bbf6f6e7..041ba8d6f 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/openshift/client-go go 1.24.0 require ( - github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7 + github.com/openshift/api v0.0.0-20260107103503-6d35063ca179 github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee github.com/spf13/pflag v1.0.6 k8s.io/api v0.34.1 diff --git a/go.sum b/go.sum index 2d9a9eac7..67d8b8b13 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,8 @@ github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= -github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7 h1:DeKd90ff6ieG02cFroiRTh7oKguGVaEYyTDkXHLIn5A= -github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/openshift/api v0.0.0-20260107103503-6d35063ca179 h1:5gMFMmuVLAcEnBAjNFql/8L2ZRPBDOxl7nmbjO5klvk= +github.com/openshift/api v0.0.0-20260107103503-6d35063ca179/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go index ca604e05c..491390098 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go @@ -52,7 +52,7 @@ type ClusterImagePolicySpec struct { // policy is a required field that contains configuration to allow scopes to be verified, and defines how // images not matching the verification policy will be treated. // +required - Policy Policy `json:"policy"` + Policy ImageSigstoreVerificationPolicy `json:"policy"` } // +k8s:deepcopy-gen=true diff --git a/vendor/github.com/openshift/api/config/v1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_policy.go index a6a640513..3cc46141c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_policy.go @@ -51,7 +51,7 @@ type ImagePolicySpec struct { // policy is a required field that contains configuration to allow scopes to be verified, and defines how // images not matching the verification policy will be treated. // +required - Policy Policy `json:"policy"` + Policy ImageSigstoreVerificationPolicy `json:"policy"` } // +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" @@ -60,8 +60,8 @@ type ImagePolicySpec struct { // +kubebuilder:validation:MaxLength=512 type ImageScope string -// Policy defines the verification policy for the items in the scopes list. -type Policy struct { +// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. +type ImageSigstoreVerificationPolicy struct { // rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. // This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated. // +required @@ -89,18 +89,18 @@ type PolicyRootOfTrust struct { // publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. // publicKey is required when policyType is PublicKey, and forbidden otherwise. // +optional - PublicKey *PublicKey `json:"publicKey,omitempty"` + PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"` // fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. // fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise // For more information about Fulcio and Rekor, please refer to the document at: // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor // +optional - FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"` + FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"` // pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. // pki is required when policyType is PKI, and forbidden otherwise. // +optional // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI - PKI *PKI `json:"pki,omitempty"` + PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"` } // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor @@ -113,8 +113,8 @@ const ( PKIRootOfTrust PolicyType = "PKI" ) -// PublicKey defines the root of trust based on a sigstore public key. -type PublicKey struct { +// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. +type ImagePolicyPublicKeyRootOfTrust struct { // keyData is a required field contains inline base64-encoded data for the PEM format public key. // keyData must be at most 8192 characters. // +required @@ -132,8 +132,8 @@ type PublicKey struct { RekorKeyData []byte `json:"rekorKeyData,omitempty"` } -// FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. -type FulcioCAWithRekor struct { +// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. +type ImagePolicyFulcioCAWithRekorRootOfTrust struct { // fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. // fulcioCAData must be at most 8192 characters. // +required @@ -172,8 +172,8 @@ type PolicyFulcioSubject struct { SignedEmail string `json:"signedEmail"` } -// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type PKI struct { +// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. +type ImagePolicyPKIRootOfTrust struct { // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. // +required // +kubebuilder:validation:MaxLength=8192 diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 95084cfcb..d80aebdf3 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2361,33 +2361,6 @@ func (in *FeatureGateTests) DeepCopy() *FeatureGateTests { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) { - *out = *in - if in.FulcioCAData != nil { - in, out := &in.FulcioCAData, &out.FulcioCAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.FulcioSubject = in.FulcioSubject - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FulcioCAWithRekor. -func (in *FulcioCAWithRekor) DeepCopy() *FulcioCAWithRekor { - if in == nil { - return nil - } - out := new(FulcioCAWithRekor) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { *out = *in @@ -3144,6 +3117,33 @@ func (in *ImagePolicy) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) { + *out = *in + if in.FulcioCAData != nil { + in, out := &in.FulcioCAData, &out.FulcioCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.FulcioSubject = in.FulcioSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust. +func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyFulcioCAWithRekorRootOfTrust) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { *out = *in @@ -3177,6 +3177,59 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) { + *out = *in + if in.CertificateAuthorityRootsData != nil { + in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CertificateAuthorityIntermediatesData != nil { + in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.PKICertificateSubject = in.PKICertificateSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust. +func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyPKIRootOfTrust) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) { + *out = *in + if in.KeyData != nil { + in, out := &in.KeyData, &out.KeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust. +func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyPublicKeyRootOfTrust) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { *out = *in @@ -3222,6 +3275,28 @@ func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) { + *out = *in + in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) + if in.SignedIdentity != nil { + in, out := &in.SignedIdentity, &out.SignedIdentity + *out = new(PolicyIdentity) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy. +func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy { + if in == nil { + return nil + } + out := new(ImageSigstoreVerificationPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { *out = *in @@ -5109,33 +5184,6 @@ func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKI) DeepCopyInto(out *PKI) { - *out = *in - if in.CertificateAuthorityRootsData != nil { - in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CertificateAuthorityIntermediatesData != nil { - in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.PKICertificateSubject = in.PKICertificateSubject - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. -func (in *PKI) DeepCopy() *PKI { - if in == nil { - return nil - } - out := new(PKI) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { *out = *in @@ -5357,28 +5405,6 @@ func (in *PlatformStatus) DeepCopy() *PlatformStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) - if in.SignedIdentity != nil { - in, out := &in.SignedIdentity, &out.SignedIdentity - *out = new(PolicyIdentity) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) { *out = *in @@ -5458,17 +5484,17 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { *out = *in if in.PublicKey != nil { in, out := &in.PublicKey, &out.PublicKey - *out = new(PublicKey) + *out = new(ImagePolicyPublicKeyRootOfTrust) (*in).DeepCopyInto(*out) } if in.FulcioCAWithRekor != nil { in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor - *out = new(FulcioCAWithRekor) + *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust) (*in).DeepCopyInto(*out) } if in.PKI != nil { in, out := &in.PKI, &out.PKI - *out = new(PKI) + *out = new(ImagePolicyPKIRootOfTrust) (*in).DeepCopyInto(*out) } return @@ -5784,32 +5810,6 @@ func (in *ProxyStatus) DeepCopy() *ProxyStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKey) DeepCopyInto(out *PublicKey) { - *out = *in - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey. -func (in *PublicKey) DeepCopy() *PublicKey { - if in == nil { - return nil - } - out := new(PublicKey) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryLocation) DeepCopyInto(out *RegistryLocation) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 05e411182..e465cd1c8 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1214,17 +1214,6 @@ func (ImageDigestMirrors) SwaggerDoc() map[string]string { return map_ImageDigestMirrors } -var map_FulcioCAWithRekor = map[string]string{ - "": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "fulcioCAData": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. ", - "rekorKeyData": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", - "fulcioSubject": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", -} - -func (FulcioCAWithRekor) SwaggerDoc() map[string]string { - return map_FulcioCAWithRekor -} - var map_ImagePolicy = map[string]string{ "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1236,6 +1225,17 @@ func (ImagePolicy) SwaggerDoc() map[string]string { return map_ImagePolicy } +var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{ + "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "fulcioCAData": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters. ", + "rekorKeyData": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", + "fulcioSubject": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", +} + +func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyFulcioCAWithRekorRootOfTrust +} + var map_ImagePolicyList = map[string]string{ "": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1246,6 +1246,27 @@ func (ImagePolicyList) SwaggerDoc() map[string]string { return map_ImagePolicyList } +var map_ImagePolicyPKIRootOfTrust = map[string]string{ + "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", + "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", + "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +} + +func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyPKIRootOfTrust +} + +var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{ + "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "keyData": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters. ", + "rekorKeyData": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", +} + +func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyPublicKeyRootOfTrust +} + var map_ImagePolicySpec = map[string]string{ "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "scopes": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -1264,15 +1285,14 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string { return map_ImagePolicyStatus } -var map_PKI = map[string]string{ - "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", - "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", - "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +var map_ImageSigstoreVerificationPolicy = map[string]string{ + "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "rootOfTrust": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "signedIdentity": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", } -func (PKI) SwaggerDoc() map[string]string { - return map_PKI +func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string { + return map_ImageSigstoreVerificationPolicy } var map_PKICertificateSubject = map[string]string{ @@ -1285,16 +1305,6 @@ func (PKICertificateSubject) SwaggerDoc() map[string]string { return map_PKICertificateSubject } -var map_Policy = map[string]string{ - "": "Policy defines the verification policy for the items in the scopes list.", - "rootOfTrust": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", - "signedIdentity": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", -} - -func (Policy) SwaggerDoc() map[string]string { - return map_Policy -} - var map_PolicyFulcioSubject = map[string]string{ "": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "oidcIssuer": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", @@ -1345,16 +1355,6 @@ func (PolicyRootOfTrust) SwaggerDoc() map[string]string { return map_PolicyRootOfTrust } -var map_PublicKey = map[string]string{ - "": "PublicKey defines the root of trust based on a sigstore public key.", - "keyData": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters. ", - "rekorKeyData": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters. ", -} - -func (PublicKey) SwaggerDoc() map[string]string { - return map_PublicKey -} - var map_ImageTagMirrorSet = map[string]string{ "": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index 107b9e29a..e8d7603d7 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -51,7 +51,7 @@ type ClusterImagePolicySpec struct { // policy contains configuration to allow scopes to be verified, and defines how // images not matching the verification policy will be treated. // +required - Policy Policy `json:"policy"` + Policy ImageSigstoreVerificationPolicy `json:"policy"` } // +k8s:deepcopy-gen=true diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index 64a89e4a6..977ca3dde 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -50,7 +50,7 @@ type ImagePolicySpec struct { // policy contains configuration to allow scopes to be verified, and defines how // images not matching the verification policy will be treated. // +required - Policy Policy `json:"policy"` + Policy ImageSigstoreVerificationPolicy `json:"policy"` } // +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" @@ -59,8 +59,8 @@ type ImagePolicySpec struct { // +kubebuilder:validation:MaxLength=512 type ImageScope string -// Policy defines the verification policy for the items in the scopes list. -type Policy struct { +// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. +type ImageSigstoreVerificationPolicy struct { // rootOfTrust specifies the root of trust for the policy. // +required RootOfTrust PolicyRootOfTrust `json:"rootOfTrust"` @@ -84,16 +84,16 @@ type PolicyRootOfTrust struct { PolicyType PolicyType `json:"policyType"` // publicKey defines the root of trust based on a sigstore public key. // +optional - PublicKey *PublicKey `json:"publicKey,omitempty"` + PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"` // fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. // For more information about Fulcio and Rekor, please refer to the document at: // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor // +optional - FulcioCAWithRekor *FulcioCAWithRekor `json:"fulcioCAWithRekor,omitempty"` + FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"` // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. // +optional // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI - PKI *PKI `json:"pki,omitempty"` + PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"` } // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor @@ -106,8 +106,8 @@ const ( PKIRootOfTrust PolicyType = "PKI" ) -// PublicKey defines the root of trust based on a sigstore public key. -type PublicKey struct { +// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. +type ImagePolicyPublicKeyRootOfTrust struct { // keyData contains inline base64-encoded data for the PEM format public key. // KeyData must be at most 8192 characters. // +required @@ -120,8 +120,8 @@ type PublicKey struct { RekorKeyData []byte `json:"rekorKeyData,omitempty"` } -// FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. -type FulcioCAWithRekor struct { +// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. +type ImagePolicyFulcioCAWithRekorRootOfTrust struct { // fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. // fulcioCAData must be at most 8192 characters. // +required @@ -151,8 +151,8 @@ type PolicyFulcioSubject struct { SignedEmail string `json:"signedEmail"` } -// PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type PKI struct { +// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. +type ImagePolicyPKIRootOfTrust struct { // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. // +required // +kubebuilder:validation:MaxLength=8192 diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 6549f6cbe..9ead6aba2 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -429,33 +429,6 @@ func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) { - *out = *in - if in.FulcioCAData != nil { - in, out := &in.FulcioCAData, &out.FulcioCAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.FulcioSubject = in.FulcioSubject - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FulcioCAWithRekor. -func (in *FulcioCAWithRekor) DeepCopy() *FulcioCAWithRekor { - if in == nil { - return nil - } - out := new(FulcioCAWithRekor) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { *out = *in @@ -510,6 +483,33 @@ func (in *ImagePolicy) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) { + *out = *in + if in.FulcioCAData != nil { + in, out := &in.FulcioCAData, &out.FulcioCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.FulcioSubject = in.FulcioSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust. +func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyFulcioCAWithRekorRootOfTrust) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { *out = *in @@ -543,6 +543,59 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) { + *out = *in + if in.CertificateAuthorityRootsData != nil { + in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.CertificateAuthorityIntermediatesData != nil { + in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + out.PKICertificateSubject = in.PKICertificateSubject + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust. +func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyPKIRootOfTrust) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) { + *out = *in + if in.KeyData != nil { + in, out := &in.KeyData, &out.KeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust. +func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust { + if in == nil { + return nil + } + out := new(ImagePolicyPublicKeyRootOfTrust) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { *out = *in @@ -588,6 +641,24 @@ func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) { + *out = *in + in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) + in.SignedIdentity.DeepCopyInto(&out.SignedIdentity) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy. +func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy { + if in == nil { + return nil + } + out := new(ImageSigstoreVerificationPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { *out = *in @@ -727,33 +798,6 @@ func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKI) DeepCopyInto(out *PKI) { - *out = *in - if in.CertificateAuthorityRootsData != nil { - in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CertificateAuthorityIntermediatesData != nil { - in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.PKICertificateSubject = in.PKICertificateSubject - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. -func (in *PKI) DeepCopy() *PKI { - if in == nil { - return nil - } - out := new(PKI) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { *out = *in @@ -803,24 +847,6 @@ func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Policy) DeepCopyInto(out *Policy) { - *out = *in - in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) - in.SignedIdentity.DeepCopyInto(&out.SignedIdentity) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. -func (in *Policy) DeepCopy() *Policy { - if in == nil { - return nil - } - out := new(Policy) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) { *out = *in @@ -900,17 +926,17 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { *out = *in if in.PublicKey != nil { in, out := &in.PublicKey, &out.PublicKey - *out = new(PublicKey) + *out = new(ImagePolicyPublicKeyRootOfTrust) (*in).DeepCopyInto(*out) } if in.FulcioCAWithRekor != nil { in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor - *out = new(FulcioCAWithRekor) + *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust) (*in).DeepCopyInto(*out) } if in.PKI != nil { in, out := &in.PKI, &out.PKI - *out = new(PKI) + *out = new(ImagePolicyPKIRootOfTrust) (*in).DeepCopyInto(*out) } return @@ -926,32 +952,6 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PublicKey) DeepCopyInto(out *PublicKey) { - *out = *in - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKey. -func (in *PublicKey) DeepCopy() *PublicKey { - if in == nil { - return nil - } - out := new(PublicKey) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 6ba6ad11f..59a5b3708 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -226,17 +226,6 @@ func (UserDefinedMonitoring) SwaggerDoc() map[string]string { return map_UserDefinedMonitoring } -var map_FulcioCAWithRekor = map[string]string{ - "": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", -} - -func (FulcioCAWithRekor) SwaggerDoc() map[string]string { - return map_FulcioCAWithRekor -} - var map_ImagePolicy = map[string]string{ "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -248,6 +237,17 @@ func (ImagePolicy) SwaggerDoc() map[string]string { return map_ImagePolicy } +var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{ + "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", +} + +func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyFulcioCAWithRekorRootOfTrust +} + var map_ImagePolicyList = map[string]string{ "": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -257,6 +257,27 @@ func (ImagePolicyList) SwaggerDoc() map[string]string { return map_ImagePolicyList } +var map_ImagePolicyPKIRootOfTrust = map[string]string{ + "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", + "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", + "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +} + +func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyPKIRootOfTrust +} + +var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{ + "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", + "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", +} + +func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string { + return map_ImagePolicyPublicKeyRootOfTrust +} + var map_ImagePolicySpec = map[string]string{ "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -275,15 +296,14 @@ func (ImagePolicyStatus) SwaggerDoc() map[string]string { return map_ImagePolicyStatus } -var map_PKI = map[string]string{ - "": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", - "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", - "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +var map_ImageSigstoreVerificationPolicy = map[string]string{ + "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", + "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", } -func (PKI) SwaggerDoc() map[string]string { - return map_PKI +func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string { + return map_ImageSigstoreVerificationPolicy } var map_PKICertificateSubject = map[string]string{ @@ -296,16 +316,6 @@ func (PKICertificateSubject) SwaggerDoc() map[string]string { return map_PKICertificateSubject } -var map_Policy = map[string]string{ - "": "Policy defines the verification policy for the items in the scopes list.", - "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", - "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", -} - -func (Policy) SwaggerDoc() map[string]string { - return map_Policy -} - var map_PolicyFulcioSubject = map[string]string{ "": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "oidcIssuer": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", @@ -356,16 +366,6 @@ func (PolicyRootOfTrust) SwaggerDoc() map[string]string { return map_PolicyRootOfTrust } -var map_PublicKey = map[string]string{ - "": "PublicKey defines the root of trust based on a sigstore public key.", - "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", -} - -func (PublicKey) SwaggerDoc() map[string]string { - return map_PublicKey -} - var map_GatherConfig = map[string]string{ "": "gatherConfig provides data gathering configuration options.", "dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", diff --git a/vendor/github.com/openshift/api/openapi/openapi.json b/vendor/github.com/openshift/api/openapi/openapi.json index 4683af727..c9a1a8d9a 100644 --- a/vendor/github.com/openshift/api/openapi/openapi.json +++ b/vendor/github.com/openshift/api/openapi/openapi.json @@ -5484,7 +5484,7 @@ "policy": { "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Policy" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" }, "scopes": { "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -6850,32 +6850,6 @@ } } }, - "com.github.openshift.api.config.v1.FulcioCAWithRekor": { - "description": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "type": "object", - "required": [ - "fulcioCAData", - "rekorKeyData", - "fulcioSubject" - ], - "properties": { - "fulcioCAData": { - "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "fulcioSubject": { - "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyFulcioSubject" - }, - "rekorKeyData": { - "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - } - } - }, "com.github.openshift.api.config.v1.GCPPlatformSpec": { "description": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object" @@ -7846,6 +7820,32 @@ } } }, + "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust": { + "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "type": "object", + "required": [ + "fulcioCAData", + "rekorKeyData", + "fulcioSubject" + ], + "properties": { + "fulcioCAData": { + "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "type": "string", + "format": "byte" + }, + "fulcioSubject": { + "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyFulcioSubject" + }, + "rekorKeyData": { + "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + } + } + }, "com.github.openshift.api.config.v1.ImagePolicyList": { "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", @@ -7877,6 +7877,50 @@ } } }, + "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust": { + "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "type": "object", + "required": [ + "caRootsData", + "pkiCertificateSubject" + ], + "properties": { + "caIntermediatesData": { + "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", + "type": "string", + "format": "byte" + }, + "caRootsData": { + "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", + "type": "string", + "format": "byte" + }, + "pkiCertificateSubject": { + "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PKICertificateSubject" + } + } + }, + "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust": { + "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "type": "object", + "required": [ + "keyData" + ], + "properties": { + "keyData": { + "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + }, + "rekorKeyData": { + "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + } + } + }, "com.github.openshift.api.config.v1.ImagePolicySpec": { "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "type": "object", @@ -7888,7 +7932,7 @@ "policy": { "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Policy" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" }, "scopes": { "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -7918,6 +7962,24 @@ } } }, + "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy": { + "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "type": "object", + "required": [ + "rootOfTrust" + ], + "properties": { + "rootOfTrust": { + "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyRootOfTrust" + }, + "signedIdentity": { + "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyIdentity" + } + } + }, "com.github.openshift.api.config.v1.ImageSpec": { "type": "object", "properties": { @@ -10047,31 +10109,6 @@ } } }, - "com.github.openshift.api.config.v1.PKI": { - "description": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "type": "object", - "required": [ - "caRootsData", - "pkiCertificateSubject" - ], - "properties": { - "caIntermediatesData": { - "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", - "type": "string", - "format": "byte" - }, - "caRootsData": { - "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", - "type": "string", - "format": "byte" - }, - "pkiCertificateSubject": { - "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PKICertificateSubject" - } - } - }, "com.github.openshift.api.config.v1.PKICertificateSubject": { "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", "type": "object", @@ -10257,24 +10294,6 @@ } } }, - "com.github.openshift.api.config.v1.Policy": { - "description": "Policy defines the verification policy for the items in the scopes list.", - "type": "object", - "required": [ - "rootOfTrust" - ], - "properties": { - "rootOfTrust": { - "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyRootOfTrust" - }, - "signedIdentity": { - "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyIdentity" - } - } - }, "com.github.openshift.api.config.v1.PolicyFulcioSubject": { "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "type": "object", @@ -10367,20 +10386,20 @@ "properties": { "fulcioCAWithRekor": { "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "$ref": "#/definitions/com.github.openshift.api.config.v1.FulcioCAWithRekor" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" }, "pki": { "description": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PKI" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" }, "policyType": { - "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", "type": "string", "default": "" }, "publicKey": { "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PublicKey" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" } }, "x-kubernetes-unions": [ @@ -10713,25 +10732,6 @@ } } }, - "com.github.openshift.api.config.v1.PublicKey": { - "description": "PublicKey defines the root of trust based on a sigstore public key.", - "type": "object", - "required": [ - "keyData" - ], - "properties": { - "keyData": { - "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "rekorKeyData": { - "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - } - } - }, "com.github.openshift.api.config.v1.RegistryLocation": { "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", @@ -12313,7 +12313,7 @@ "policy": { "description": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Policy" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy" }, "scopes": { "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -12474,32 +12474,6 @@ } } }, - "com.github.openshift.api.config.v1alpha1.FulcioCAWithRekor": { - "description": "FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "type": "object", - "required": [ - "fulcioCAData", - "rekorKeyData", - "fulcioSubject" - ], - "properties": { - "fulcioCAData": { - "description": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "fulcioSubject": { - "description": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - } - } - }, "com.github.openshift.api.config.v1alpha1.GatherConfig": { "description": "gatherConfig provides data gathering configuration options.", "type": "object", @@ -12554,6 +12528,32 @@ } } }, + "com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": { + "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "type": "object", + "required": [ + "fulcioCAData", + "rekorKeyData", + "fulcioSubject" + ], + "properties": { + "fulcioCAData": { + "description": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "type": "string", + "format": "byte" + }, + "fulcioSubject": { + "description": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject" + }, + "rekorKeyData": { + "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + } + } + }, "com.github.openshift.api.config.v1alpha1.ImagePolicyList": { "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12584,6 +12584,50 @@ } } }, + "com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust": { + "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "type": "object", + "required": [ + "caRootsData", + "pkiCertificateSubject" + ], + "properties": { + "caIntermediatesData": { + "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", + "type": "string", + "format": "byte" + }, + "caRootsData": { + "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", + "type": "string", + "format": "byte" + }, + "pkiCertificateSubject": { + "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKICertificateSubject" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust": { + "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "type": "object", + "required": [ + "keyData" + ], + "properties": { + "keyData": { + "description": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + }, + "rekorKeyData": { + "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + } + } + }, "com.github.openshift.api.config.v1alpha1.ImagePolicySpec": { "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "type": "object", @@ -12595,7 +12639,7 @@ "policy": { "description": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Policy" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy" }, "scopes": { "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", @@ -12625,6 +12669,25 @@ } } }, + "com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy": { + "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "type": "object", + "required": [ + "rootOfTrust" + ], + "properties": { + "rootOfTrust": { + "description": "rootOfTrust specifies the root of trust for the policy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust" + }, + "signedIdentity": { + "description": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyIdentity" + } + } + }, "com.github.openshift.api.config.v1alpha1.InsightsDataGather": { "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12757,31 +12820,6 @@ } } }, - "com.github.openshift.api.config.v1alpha1.PKI": { - "description": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "type": "object", - "required": [ - "caRootsData", - "pkiCertificateSubject" - ], - "properties": { - "caIntermediatesData": { - "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", - "type": "string", - "format": "byte" - }, - "caRootsData": { - "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", - "type": "string", - "format": "byte" - }, - "pkiCertificateSubject": { - "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKICertificateSubject" - } - } - }, "com.github.openshift.api.config.v1alpha1.PKICertificateSubject": { "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", "type": "object", @@ -12828,25 +12866,6 @@ } } }, - "com.github.openshift.api.config.v1alpha1.Policy": { - "description": "Policy defines the verification policy for the items in the scopes list.", - "type": "object", - "required": [ - "rootOfTrust" - ], - "properties": { - "rootOfTrust": { - "description": "rootOfTrust specifies the root of trust for the policy.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust" - }, - "signedIdentity": { - "description": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyIdentity" - } - } - }, "com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject": { "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "type": "object", @@ -12939,11 +12958,11 @@ "properties": { "fulcioCAWithRekor": { "description": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.FulcioCAWithRekor" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust" }, "pki": { "description": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKI" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust" }, "policyType": { "description": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", @@ -12952,7 +12971,7 @@ }, "publicKey": { "description": "publicKey defines the root of trust based on a sigstore public key.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PublicKey" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust" } }, "x-kubernetes-unions": [ @@ -12966,25 +12985,6 @@ } ] }, - "com.github.openshift.api.config.v1alpha1.PublicKey": { - "description": "PublicKey defines the root of trust based on a sigstore public key.", - "type": "object", - "required": [ - "keyData" - ], - "properties": { - "keyData": { - "description": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - } - } - }, "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", "type": "object", diff --git a/vendor/modules.txt b/vendor/modules.txt index 3ebcde5a0..47a5b97db 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -62,7 +62,7 @@ github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 ## explicit github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7 +# github.com/openshift/api v0.0.0-20260107103503-6d35063ca179 ## explicit; go 1.24.0 github.com/openshift/api github.com/openshift/api/apiextensions From 263086da5ce7ccd9a12f6c48abc15dcb81428566 Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Wed, 7 Jan 2026 10:13:37 -0500 Subject: [PATCH 2/2] make update --- .../config/v1/clusterimagepolicyspec.go | 6 +- ...magepolicyfulciocawithrekorrootoftrust.go} | 16 +- .../{pki.go => imagepolicypkirootoftrust.go} | 16 +- ....go => imagepolicypublickeyrootoftrust.go} | 14 +- .../config/v1/imagepolicyspec.go | 6 +- ....go => imagesigstoreverificationpolicy.go} | 14 +- .../config/v1/policyrootoftrust.go | 14 +- .../config/v1alpha1/clusterimagepolicyspec.go | 6 +- ...magepolicyfulciocawithrekorrootoftrust.go} | 16 +- .../{pki.go => imagepolicypkirootoftrust.go} | 16 +- ....go => imagepolicypublickeyrootoftrust.go} | 14 +- .../config/v1alpha1/imagepolicyspec.go | 6 +- ....go => imagesigstoreverificationpolicy.go} | 14 +- .../config/v1alpha1/policyrootoftrust.go | 14 +- .../applyconfigurations/internal/internal.go | 202 +++++++++--------- config/applyconfigurations/utils.go | 32 +-- 16 files changed, 203 insertions(+), 203 deletions(-) rename config/applyconfigurations/config/v1/{fulciocawithrekor.go => imagepolicyfulciocawithrekorrootoftrust.go} (57%) rename config/applyconfigurations/config/v1/{pki.go => imagepolicypkirootoftrust.go} (65%) rename config/applyconfigurations/config/v1/{publickey.go => imagepolicypublickeyrootoftrust.go} (54%) rename config/applyconfigurations/config/v1/{policy.go => imagesigstoreverificationpolicy.go} (52%) rename config/applyconfigurations/config/v1alpha1/{fulciocawithrekor.go => imagepolicyfulciocawithrekorrootoftrust.go} (57%) rename config/applyconfigurations/config/v1alpha1/{pki.go => imagepolicypkirootoftrust.go} (65%) rename config/applyconfigurations/config/v1alpha1/{publickey.go => imagepolicypublickeyrootoftrust.go} (54%) rename config/applyconfigurations/config/v1alpha1/{policy.go => imagesigstoreverificationpolicy.go} (52%) diff --git a/config/applyconfigurations/config/v1/clusterimagepolicyspec.go b/config/applyconfigurations/config/v1/clusterimagepolicyspec.go index 6c86d66d4..8cee680f2 100644 --- a/config/applyconfigurations/config/v1/clusterimagepolicyspec.go +++ b/config/applyconfigurations/config/v1/clusterimagepolicyspec.go @@ -9,8 +9,8 @@ import ( // ClusterImagePolicySpecApplyConfiguration represents a declarative configuration of the ClusterImagePolicySpec type for use // with apply. type ClusterImagePolicySpecApplyConfiguration struct { - Scopes []configv1.ImageScope `json:"scopes,omitempty"` - Policy *PolicyApplyConfiguration `json:"policy,omitempty"` + Scopes []configv1.ImageScope `json:"scopes,omitempty"` + Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` } // ClusterImagePolicySpecApplyConfiguration constructs a declarative configuration of the ClusterImagePolicySpec type for use with @@ -32,7 +32,7 @@ func (b *ClusterImagePolicySpecApplyConfiguration) WithScopes(values ...configv1 // WithPolicy sets the Policy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Policy field is set to the value of the last call. -func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration { +func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration { b.Policy = value return b } diff --git a/config/applyconfigurations/config/v1/fulciocawithrekor.go b/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go similarity index 57% rename from config/applyconfigurations/config/v1/fulciocawithrekor.go rename to config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go index 48b553580..a4c831fca 100644 --- a/config/applyconfigurations/config/v1/fulciocawithrekor.go +++ b/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go @@ -2,24 +2,24 @@ package v1 -// FulcioCAWithRekorApplyConfiguration represents a declarative configuration of the FulcioCAWithRekor type for use +// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use // with apply. -type FulcioCAWithRekorApplyConfiguration struct { +type ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration struct { FulcioCAData []byte `json:"fulcioCAData,omitempty"` RekorKeyData []byte `json:"rekorKeyData,omitempty"` FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"` } -// FulcioCAWithRekorApplyConfiguration constructs a declarative configuration of the FulcioCAWithRekor type for use with +// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use with // apply. -func FulcioCAWithRekor() *FulcioCAWithRekorApplyConfiguration { - return &FulcioCAWithRekorApplyConfiguration{} +func ImagePolicyFulcioCAWithRekorRootOfTrust() *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { + return &ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} } // WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the FulcioCAData field. -func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *FulcioCAWithRekorApplyConfiguration { +func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioCAData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { for i := range values { b.FulcioCAData = append(b.FulcioCAData, values[i]) } @@ -29,7 +29,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) * // WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *FulcioCAWithRekorApplyConfiguration { +func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { for i := range values { b.RekorKeyData = append(b.RekorKeyData, values[i]) } @@ -39,7 +39,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) * // WithFulcioSubject sets the FulcioSubject field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FulcioSubject field is set to the value of the last call. -func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *FulcioCAWithRekorApplyConfiguration { +func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { b.FulcioSubject = value return b } diff --git a/config/applyconfigurations/config/v1/pki.go b/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go similarity index 65% rename from config/applyconfigurations/config/v1/pki.go rename to config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go index 65f27edf8..9a0c257b7 100644 --- a/config/applyconfigurations/config/v1/pki.go +++ b/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go @@ -2,24 +2,24 @@ package v1 -// PKIApplyConfiguration represents a declarative configuration of the PKI type for use +// ImagePolicyPKIRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPKIRootOfTrust type for use // with apply. -type PKIApplyConfiguration struct { +type ImagePolicyPKIRootOfTrustApplyConfiguration struct { CertificateAuthorityRootsData []byte `json:"caRootsData,omitempty"` CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` PKICertificateSubject *PKICertificateSubjectApplyConfiguration `json:"pkiCertificateSubject,omitempty"` } -// PKIApplyConfiguration constructs a declarative configuration of the PKI type for use with +// ImagePolicyPKIRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPKIRootOfTrust type for use with // apply. -func PKI() *PKIApplyConfiguration { - return &PKIApplyConfiguration{} +func ImagePolicyPKIRootOfTrust() *ImagePolicyPKIRootOfTrustApplyConfiguration { + return &ImagePolicyPKIRootOfTrustApplyConfiguration{} } // WithCertificateAuthorityRootsData adds the given value to the CertificateAuthorityRootsData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the CertificateAuthorityRootsData field. -func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *PKIApplyConfiguration { +func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { for i := range values { b.CertificateAuthorityRootsData = append(b.CertificateAuthorityRootsData, values[i]) } @@ -29,7 +29,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte // WithCertificateAuthorityIntermediatesData adds the given value to the CertificateAuthorityIntermediatesData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the CertificateAuthorityIntermediatesData field. -func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *PKIApplyConfiguration { +func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { for i := range values { b.CertificateAuthorityIntermediatesData = append(b.CertificateAuthorityIntermediatesData, values[i]) } @@ -39,7 +39,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values // WithPKICertificateSubject sets the PKICertificateSubject field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PKICertificateSubject field is set to the value of the last call. -func (b *PKIApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *PKIApplyConfiguration { +func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *ImagePolicyPKIRootOfTrustApplyConfiguration { b.PKICertificateSubject = value return b } diff --git a/config/applyconfigurations/config/v1/publickey.go b/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go similarity index 54% rename from config/applyconfigurations/config/v1/publickey.go rename to config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go index c1073e882..a14457309 100644 --- a/config/applyconfigurations/config/v1/publickey.go +++ b/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go @@ -2,23 +2,23 @@ package v1 -// PublicKeyApplyConfiguration represents a declarative configuration of the PublicKey type for use +// ImagePolicyPublicKeyRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use // with apply. -type PublicKeyApplyConfiguration struct { +type ImagePolicyPublicKeyRootOfTrustApplyConfiguration struct { KeyData []byte `json:"keyData,omitempty"` RekorKeyData []byte `json:"rekorKeyData,omitempty"` } -// PublicKeyApplyConfiguration constructs a declarative configuration of the PublicKey type for use with +// ImagePolicyPublicKeyRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use with // apply. -func PublicKey() *PublicKeyApplyConfiguration { - return &PublicKeyApplyConfiguration{} +func ImagePolicyPublicKeyRootOfTrust() *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { + return &ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} } // WithKeyData adds the given value to the KeyData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the KeyData field. -func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyApplyConfiguration { +func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { for i := range values { b.KeyData = append(b.KeyData, values[i]) } @@ -28,7 +28,7 @@ func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyAppl // WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *PublicKeyApplyConfiguration) WithRekorKeyData(values ...byte) *PublicKeyApplyConfiguration { +func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { for i := range values { b.RekorKeyData = append(b.RekorKeyData, values[i]) } diff --git a/config/applyconfigurations/config/v1/imagepolicyspec.go b/config/applyconfigurations/config/v1/imagepolicyspec.go index b75165c8d..321196469 100644 --- a/config/applyconfigurations/config/v1/imagepolicyspec.go +++ b/config/applyconfigurations/config/v1/imagepolicyspec.go @@ -9,8 +9,8 @@ import ( // ImagePolicySpecApplyConfiguration represents a declarative configuration of the ImagePolicySpec type for use // with apply. type ImagePolicySpecApplyConfiguration struct { - Scopes []configv1.ImageScope `json:"scopes,omitempty"` - Policy *PolicyApplyConfiguration `json:"policy,omitempty"` + Scopes []configv1.ImageScope `json:"scopes,omitempty"` + Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` } // ImagePolicySpecApplyConfiguration constructs a declarative configuration of the ImagePolicySpec type for use with @@ -32,7 +32,7 @@ func (b *ImagePolicySpecApplyConfiguration) WithScopes(values ...configv1.ImageS // WithPolicy sets the Policy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Policy field is set to the value of the last call. -func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration { +func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration { b.Policy = value return b } diff --git a/config/applyconfigurations/config/v1/policy.go b/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go similarity index 52% rename from config/applyconfigurations/config/v1/policy.go rename to config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go index 3e29510bf..6f0d5d2e7 100644 --- a/config/applyconfigurations/config/v1/policy.go +++ b/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go @@ -2,23 +2,23 @@ package v1 -// PolicyApplyConfiguration represents a declarative configuration of the Policy type for use +// ImageSigstoreVerificationPolicyApplyConfiguration represents a declarative configuration of the ImageSigstoreVerificationPolicy type for use // with apply. -type PolicyApplyConfiguration struct { +type ImageSigstoreVerificationPolicyApplyConfiguration struct { RootOfTrust *PolicyRootOfTrustApplyConfiguration `json:"rootOfTrust,omitempty"` SignedIdentity *PolicyIdentityApplyConfiguration `json:"signedIdentity,omitempty"` } -// PolicyApplyConfiguration constructs a declarative configuration of the Policy type for use with +// ImageSigstoreVerificationPolicyApplyConfiguration constructs a declarative configuration of the ImageSigstoreVerificationPolicy type for use with // apply. -func Policy() *PolicyApplyConfiguration { - return &PolicyApplyConfiguration{} +func ImageSigstoreVerificationPolicy() *ImageSigstoreVerificationPolicyApplyConfiguration { + return &ImageSigstoreVerificationPolicyApplyConfiguration{} } // WithRootOfTrust sets the RootOfTrust field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the RootOfTrust field is set to the value of the last call. -func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *PolicyApplyConfiguration { +func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { b.RootOfTrust = value return b } @@ -26,7 +26,7 @@ func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApply // WithSignedIdentity sets the SignedIdentity field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SignedIdentity field is set to the value of the last call. -func (b *PolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *PolicyApplyConfiguration { +func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { b.SignedIdentity = value return b } diff --git a/config/applyconfigurations/config/v1/policyrootoftrust.go b/config/applyconfigurations/config/v1/policyrootoftrust.go index f1ff91ffb..6b3e46f47 100644 --- a/config/applyconfigurations/config/v1/policyrootoftrust.go +++ b/config/applyconfigurations/config/v1/policyrootoftrust.go @@ -9,10 +9,10 @@ import ( // PolicyRootOfTrustApplyConfiguration represents a declarative configuration of the PolicyRootOfTrust type for use // with apply. type PolicyRootOfTrustApplyConfiguration struct { - PolicyType *configv1.PolicyType `json:"policyType,omitempty"` - PublicKey *PublicKeyApplyConfiguration `json:"publicKey,omitempty"` - FulcioCAWithRekor *FulcioCAWithRekorApplyConfiguration `json:"fulcioCAWithRekor,omitempty"` - PKI *PKIApplyConfiguration `json:"pki,omitempty"` + PolicyType *configv1.PolicyType `json:"policyType,omitempty"` + PublicKey *ImagePolicyPublicKeyRootOfTrustApplyConfiguration `json:"publicKey,omitempty"` + FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration `json:"fulcioCAWithRekor,omitempty"` + PKI *ImagePolicyPKIRootOfTrustApplyConfiguration `json:"pki,omitempty"` } // PolicyRootOfTrustApplyConfiguration constructs a declarative configuration of the PolicyRootOfTrust type for use with @@ -32,7 +32,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPolicyType(value configv1.Poli // WithPublicKey sets the PublicKey field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PublicKey field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { +func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { b.PublicKey = value return b } @@ -40,7 +40,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyAppl // WithFulcioCAWithRekor sets the FulcioCAWithRekor field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FulcioCAWithRekor field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *FulcioCAWithRekorApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { +func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { b.FulcioCAWithRekor = value return b } @@ -48,7 +48,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *Fulci // WithPKI sets the PKI field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PKI field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *PKIApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { +func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *ImagePolicyPKIRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { b.PKI = value return b } diff --git a/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go b/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go index e4a3470c4..e1c4c630e 100644 --- a/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go +++ b/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go @@ -9,8 +9,8 @@ import ( // ClusterImagePolicySpecApplyConfiguration represents a declarative configuration of the ClusterImagePolicySpec type for use // with apply. type ClusterImagePolicySpecApplyConfiguration struct { - Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` - Policy *PolicyApplyConfiguration `json:"policy,omitempty"` + Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` + Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` } // ClusterImagePolicySpecApplyConfiguration constructs a declarative configuration of the ClusterImagePolicySpec type for use with @@ -32,7 +32,7 @@ func (b *ClusterImagePolicySpecApplyConfiguration) WithScopes(values ...configv1 // WithPolicy sets the Policy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Policy field is set to the value of the last call. -func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration { +func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration { b.Policy = value return b } diff --git a/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go b/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go similarity index 57% rename from config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go rename to config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go index 2a907a7e9..2fcaa3621 100644 --- a/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go +++ b/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go @@ -2,24 +2,24 @@ package v1alpha1 -// FulcioCAWithRekorApplyConfiguration represents a declarative configuration of the FulcioCAWithRekor type for use +// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use // with apply. -type FulcioCAWithRekorApplyConfiguration struct { +type ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration struct { FulcioCAData []byte `json:"fulcioCAData,omitempty"` RekorKeyData []byte `json:"rekorKeyData,omitempty"` FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"` } -// FulcioCAWithRekorApplyConfiguration constructs a declarative configuration of the FulcioCAWithRekor type for use with +// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use with // apply. -func FulcioCAWithRekor() *FulcioCAWithRekorApplyConfiguration { - return &FulcioCAWithRekorApplyConfiguration{} +func ImagePolicyFulcioCAWithRekorRootOfTrust() *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { + return &ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} } // WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the FulcioCAData field. -func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *FulcioCAWithRekorApplyConfiguration { +func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioCAData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { for i := range values { b.FulcioCAData = append(b.FulcioCAData, values[i]) } @@ -29,7 +29,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) * // WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *FulcioCAWithRekorApplyConfiguration { +func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { for i := range values { b.RekorKeyData = append(b.RekorKeyData, values[i]) } @@ -39,7 +39,7 @@ func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) * // WithFulcioSubject sets the FulcioSubject field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FulcioSubject field is set to the value of the last call. -func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *FulcioCAWithRekorApplyConfiguration { +func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { b.FulcioSubject = value return b } diff --git a/config/applyconfigurations/config/v1alpha1/pki.go b/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go similarity index 65% rename from config/applyconfigurations/config/v1alpha1/pki.go rename to config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go index 455abe02a..a218867ea 100644 --- a/config/applyconfigurations/config/v1alpha1/pki.go +++ b/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go @@ -2,24 +2,24 @@ package v1alpha1 -// PKIApplyConfiguration represents a declarative configuration of the PKI type for use +// ImagePolicyPKIRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPKIRootOfTrust type for use // with apply. -type PKIApplyConfiguration struct { +type ImagePolicyPKIRootOfTrustApplyConfiguration struct { CertificateAuthorityRootsData []byte `json:"caRootsData,omitempty"` CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` PKICertificateSubject *PKICertificateSubjectApplyConfiguration `json:"pkiCertificateSubject,omitempty"` } -// PKIApplyConfiguration constructs a declarative configuration of the PKI type for use with +// ImagePolicyPKIRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPKIRootOfTrust type for use with // apply. -func PKI() *PKIApplyConfiguration { - return &PKIApplyConfiguration{} +func ImagePolicyPKIRootOfTrust() *ImagePolicyPKIRootOfTrustApplyConfiguration { + return &ImagePolicyPKIRootOfTrustApplyConfiguration{} } // WithCertificateAuthorityRootsData adds the given value to the CertificateAuthorityRootsData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the CertificateAuthorityRootsData field. -func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *PKIApplyConfiguration { +func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { for i := range values { b.CertificateAuthorityRootsData = append(b.CertificateAuthorityRootsData, values[i]) } @@ -29,7 +29,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte // WithCertificateAuthorityIntermediatesData adds the given value to the CertificateAuthorityIntermediatesData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the CertificateAuthorityIntermediatesData field. -func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *PKIApplyConfiguration { +func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { for i := range values { b.CertificateAuthorityIntermediatesData = append(b.CertificateAuthorityIntermediatesData, values[i]) } @@ -39,7 +39,7 @@ func (b *PKIApplyConfiguration) WithCertificateAuthorityIntermediatesData(values // WithPKICertificateSubject sets the PKICertificateSubject field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PKICertificateSubject field is set to the value of the last call. -func (b *PKIApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *PKIApplyConfiguration { +func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *ImagePolicyPKIRootOfTrustApplyConfiguration { b.PKICertificateSubject = value return b } diff --git a/config/applyconfigurations/config/v1alpha1/publickey.go b/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go similarity index 54% rename from config/applyconfigurations/config/v1alpha1/publickey.go rename to config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go index 91665a90b..22513de62 100644 --- a/config/applyconfigurations/config/v1alpha1/publickey.go +++ b/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go @@ -2,23 +2,23 @@ package v1alpha1 -// PublicKeyApplyConfiguration represents a declarative configuration of the PublicKey type for use +// ImagePolicyPublicKeyRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use // with apply. -type PublicKeyApplyConfiguration struct { +type ImagePolicyPublicKeyRootOfTrustApplyConfiguration struct { KeyData []byte `json:"keyData,omitempty"` RekorKeyData []byte `json:"rekorKeyData,omitempty"` } -// PublicKeyApplyConfiguration constructs a declarative configuration of the PublicKey type for use with +// ImagePolicyPublicKeyRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use with // apply. -func PublicKey() *PublicKeyApplyConfiguration { - return &PublicKeyApplyConfiguration{} +func ImagePolicyPublicKeyRootOfTrust() *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { + return &ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} } // WithKeyData adds the given value to the KeyData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the KeyData field. -func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyApplyConfiguration { +func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { for i := range values { b.KeyData = append(b.KeyData, values[i]) } @@ -28,7 +28,7 @@ func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyAppl // WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *PublicKeyApplyConfiguration) WithRekorKeyData(values ...byte) *PublicKeyApplyConfiguration { +func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { for i := range values { b.RekorKeyData = append(b.RekorKeyData, values[i]) } diff --git a/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go b/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go index ac08e9cf4..84969b600 100644 --- a/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go +++ b/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go @@ -9,8 +9,8 @@ import ( // ImagePolicySpecApplyConfiguration represents a declarative configuration of the ImagePolicySpec type for use // with apply. type ImagePolicySpecApplyConfiguration struct { - Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` - Policy *PolicyApplyConfiguration `json:"policy,omitempty"` + Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` + Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` } // ImagePolicySpecApplyConfiguration constructs a declarative configuration of the ImagePolicySpec type for use with @@ -32,7 +32,7 @@ func (b *ImagePolicySpecApplyConfiguration) WithScopes(values ...configv1alpha1. // WithPolicy sets the Policy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Policy field is set to the value of the last call. -func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *PolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration { +func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration { b.Policy = value return b } diff --git a/config/applyconfigurations/config/v1alpha1/policy.go b/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go similarity index 52% rename from config/applyconfigurations/config/v1alpha1/policy.go rename to config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go index 61e485664..64f9760e8 100644 --- a/config/applyconfigurations/config/v1alpha1/policy.go +++ b/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go @@ -2,23 +2,23 @@ package v1alpha1 -// PolicyApplyConfiguration represents a declarative configuration of the Policy type for use +// ImageSigstoreVerificationPolicyApplyConfiguration represents a declarative configuration of the ImageSigstoreVerificationPolicy type for use // with apply. -type PolicyApplyConfiguration struct { +type ImageSigstoreVerificationPolicyApplyConfiguration struct { RootOfTrust *PolicyRootOfTrustApplyConfiguration `json:"rootOfTrust,omitempty"` SignedIdentity *PolicyIdentityApplyConfiguration `json:"signedIdentity,omitempty"` } -// PolicyApplyConfiguration constructs a declarative configuration of the Policy type for use with +// ImageSigstoreVerificationPolicyApplyConfiguration constructs a declarative configuration of the ImageSigstoreVerificationPolicy type for use with // apply. -func Policy() *PolicyApplyConfiguration { - return &PolicyApplyConfiguration{} +func ImageSigstoreVerificationPolicy() *ImageSigstoreVerificationPolicyApplyConfiguration { + return &ImageSigstoreVerificationPolicyApplyConfiguration{} } // WithRootOfTrust sets the RootOfTrust field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the RootOfTrust field is set to the value of the last call. -func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *PolicyApplyConfiguration { +func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { b.RootOfTrust = value return b } @@ -26,7 +26,7 @@ func (b *PolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApply // WithSignedIdentity sets the SignedIdentity field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the SignedIdentity field is set to the value of the last call. -func (b *PolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *PolicyApplyConfiguration { +func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { b.SignedIdentity = value return b } diff --git a/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go b/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go index 5de792be6..5122c82e0 100644 --- a/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go +++ b/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go @@ -9,10 +9,10 @@ import ( // PolicyRootOfTrustApplyConfiguration represents a declarative configuration of the PolicyRootOfTrust type for use // with apply. type PolicyRootOfTrustApplyConfiguration struct { - PolicyType *configv1alpha1.PolicyType `json:"policyType,omitempty"` - PublicKey *PublicKeyApplyConfiguration `json:"publicKey,omitempty"` - FulcioCAWithRekor *FulcioCAWithRekorApplyConfiguration `json:"fulcioCAWithRekor,omitempty"` - PKI *PKIApplyConfiguration `json:"pki,omitempty"` + PolicyType *configv1alpha1.PolicyType `json:"policyType,omitempty"` + PublicKey *ImagePolicyPublicKeyRootOfTrustApplyConfiguration `json:"publicKey,omitempty"` + FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration `json:"fulcioCAWithRekor,omitempty"` + PKI *ImagePolicyPKIRootOfTrustApplyConfiguration `json:"pki,omitempty"` } // PolicyRootOfTrustApplyConfiguration constructs a declarative configuration of the PolicyRootOfTrust type for use with @@ -32,7 +32,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPolicyType(value configv1alpha // WithPublicKey sets the PublicKey field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PublicKey field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { +func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { b.PublicKey = value return b } @@ -40,7 +40,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *PublicKeyAppl // WithFulcioCAWithRekor sets the FulcioCAWithRekor field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the FulcioCAWithRekor field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *FulcioCAWithRekorApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { +func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { b.FulcioCAWithRekor = value return b } @@ -48,7 +48,7 @@ func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *Fulci // WithPKI sets the PKI field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PKI field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *PKIApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { +func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *ImagePolicyPKIRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { b.PKI = value return b } diff --git a/config/applyconfigurations/internal/internal.go b/config/applyconfigurations/internal/internal.go index 0b620a0c1..f00417a5c 100644 --- a/config/applyconfigurations/internal/internal.go +++ b/config/applyconfigurations/internal/internal.go @@ -641,7 +641,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: policy type: - namedType: com.github.openshift.api.config.v1.Policy + namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy default: {} - name: scopes type: @@ -1340,19 +1340,6 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - version -- name: com.github.openshift.api.config.v1.FulcioCAWithRekor - map: - fields: - - name: fulcioCAData - type: - scalar: string - - name: fulcioSubject - type: - namedType: com.github.openshift.api.config.v1.PolicyFulcioSubject - default: {} - - name: rekorKeyData - type: - scalar: string - name: com.github.openshift.api.config.v1.GCPPlatformSpec map: elementType: @@ -1783,12 +1770,47 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.ImagePolicyStatus default: {} +- name: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust + map: + fields: + - name: fulcioCAData + type: + scalar: string + - name: fulcioSubject + type: + namedType: com.github.openshift.api.config.v1.PolicyFulcioSubject + default: {} + - name: rekorKeyData + type: + scalar: string +- name: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust + map: + fields: + - name: caIntermediatesData + type: + scalar: string + - name: caRootsData + type: + scalar: string + - name: pkiCertificateSubject + type: + namedType: com.github.openshift.api.config.v1.PKICertificateSubject + default: {} +- name: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust + map: + fields: + - name: keyData + type: + scalar: string + - name: rekorKeyData + type: + scalar: string - name: com.github.openshift.api.config.v1.ImagePolicySpec map: fields: - name: policy type: - namedType: com.github.openshift.api.config.v1.Policy + namedType: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy default: {} - name: scopes type: @@ -1807,6 +1829,16 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type +- name: com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy + map: + fields: + - name: rootOfTrust + type: + namedType: com.github.openshift.api.config.v1.PolicyRootOfTrust + default: {} + - name: signedIdentity + type: + namedType: com.github.openshift.api.config.v1.PolicyIdentity - name: com.github.openshift.api.config.v1.ImageSpec map: fields: @@ -2987,19 +3019,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: nodeDNSIP type: scalar: string -- name: com.github.openshift.api.config.v1.PKI - map: - fields: - - name: caIntermediatesData - type: - scalar: string - - name: caRootsData - type: - scalar: string - - name: pkiCertificateSubject - type: - namedType: com.github.openshift.api.config.v1.PKICertificateSubject - default: {} - name: com.github.openshift.api.config.v1.PKICertificateSubject map: fields: @@ -3123,16 +3142,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: vsphere type: namedType: com.github.openshift.api.config.v1.VSpherePlatformStatus -- name: com.github.openshift.api.config.v1.Policy - map: - fields: - - name: rootOfTrust - type: - namedType: com.github.openshift.api.config.v1.PolicyRootOfTrust - default: {} - - name: signedIdentity - type: - namedType: com.github.openshift.api.config.v1.PolicyIdentity - name: com.github.openshift.api.config.v1.PolicyFulcioSubject map: fields: @@ -3187,17 +3196,17 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: fulcioCAWithRekor type: - namedType: com.github.openshift.api.config.v1.FulcioCAWithRekor + namedType: com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust - name: pki type: - namedType: com.github.openshift.api.config.v1.PKI + namedType: com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust - name: policyType type: scalar: string default: "" - name: publicKey type: - namedType: com.github.openshift.api.config.v1.PublicKey + namedType: com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust unions: - discriminator: policyType fields: @@ -3382,15 +3391,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: noProxy type: scalar: string -- name: com.github.openshift.api.config.v1.PublicKey - map: - fields: - - name: keyData - type: - scalar: string - - name: rekorKeyData - type: - scalar: string - name: com.github.openshift.api.config.v1.RegistryLocation map: fields: @@ -4175,7 +4175,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: policy type: - namedType: com.github.openshift.api.config.v1alpha1.Policy + namedType: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy default: {} - name: scopes type: @@ -4273,19 +4273,6 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: com.github.openshift.api.config.v1alpha1.FulcioCAWithRekor - map: - fields: - - name: fulcioCAData - type: - scalar: string - - name: fulcioSubject - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject - default: {} - - name: rekorKeyData - type: - scalar: string - name: com.github.openshift.api.config.v1alpha1.GatherConfig map: fields: @@ -4322,12 +4309,47 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyStatus default: {} +- name: com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust + map: + fields: + - name: fulcioCAData + type: + scalar: string + - name: fulcioSubject + type: + namedType: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject + default: {} + - name: rekorKeyData + type: + scalar: string +- name: com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust + map: + fields: + - name: caIntermediatesData + type: + scalar: string + - name: caRootsData + type: + scalar: string + - name: pkiCertificateSubject + type: + namedType: com.github.openshift.api.config.v1alpha1.PKICertificateSubject + default: {} +- name: com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust + map: + fields: + - name: keyData + type: + scalar: string + - name: rekorKeyData + type: + scalar: string - name: com.github.openshift.api.config.v1alpha1.ImagePolicySpec map: fields: - name: policy type: - namedType: com.github.openshift.api.config.v1alpha1.Policy + namedType: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy default: {} - name: scopes type: @@ -4346,6 +4368,17 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type +- name: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy + map: + fields: + - name: rootOfTrust + type: + namedType: com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust + default: {} + - name: signedIdentity + type: + namedType: com.github.openshift.api.config.v1alpha1.PolicyIdentity + default: {} - name: com.github.openshift.api.config.v1alpha1.InsightsDataGather map: fields: @@ -4424,19 +4457,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: verbosity type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.PKI - map: - fields: - - name: caIntermediatesData - type: - scalar: string - - name: caRootsData - type: - scalar: string - - name: pkiCertificateSubject - type: - namedType: com.github.openshift.api.config.v1alpha1.PKICertificateSubject - default: {} - name: com.github.openshift.api.config.v1alpha1.PKICertificateSubject map: fields: @@ -4463,17 +4483,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: mountPath type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.Policy - map: - fields: - - name: rootOfTrust - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust - default: {} - - name: signedIdentity - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyIdentity - default: {} - name: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject map: fields: @@ -4528,17 +4537,17 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: fulcioCAWithRekor type: - namedType: com.github.openshift.api.config.v1alpha1.FulcioCAWithRekor + namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust - name: pki type: - namedType: com.github.openshift.api.config.v1alpha1.PKI + namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust - name: policyType type: scalar: string default: "" - name: publicKey type: - namedType: com.github.openshift.api.config.v1alpha1.PublicKey + namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust unions: - discriminator: policyType fields: @@ -4548,15 +4557,6 @@ var schemaYAML = typed.YAMLObject(`types: discriminatorValue: PKI - fieldName: publicKey discriminatorValue: PublicKey -- name: com.github.openshift.api.config.v1alpha1.PublicKey - map: - fields: - - name: keyData - type: - scalar: string - - name: rekorKeyData - type: - scalar: string - name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig map: fields: diff --git a/config/applyconfigurations/utils.go b/config/applyconfigurations/utils.go index 7bf9f7881..99cad8e20 100644 --- a/config/applyconfigurations/utils.go +++ b/config/applyconfigurations/utils.go @@ -172,8 +172,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.FeatureGateSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("FeatureGateStatus"): return &configv1.FeatureGateStatusApplyConfiguration{} - case v1.SchemeGroupVersion.WithKind("FulcioCAWithRekor"): - return &configv1.FulcioCAWithRekorApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("GatherConfig"): return &configv1.GatherConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("GathererConfig"): @@ -224,10 +222,18 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.ImageLabelApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImagePolicy"): return &configv1.ImagePolicyApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ImagePolicyFulcioCAWithRekorRootOfTrust"): + return &configv1.ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ImagePolicyPKIRootOfTrust"): + return &configv1.ImagePolicyPKIRootOfTrustApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ImagePolicyPublicKeyRootOfTrust"): + return &configv1.ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImagePolicySpec"): return &configv1.ImagePolicySpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImagePolicyStatus"): return &configv1.ImagePolicyStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ImageSigstoreVerificationPolicy"): + return &configv1.ImageSigstoreVerificationPolicyApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImageSpec"): return &configv1.ImageSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImageStatus"): @@ -352,16 +358,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.PersistentVolumeClaimReferenceApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PersistentVolumeConfig"): return &configv1.PersistentVolumeConfigApplyConfiguration{} - case v1.SchemeGroupVersion.WithKind("PKI"): - return &configv1.PKIApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PKICertificateSubject"): return &configv1.PKICertificateSubjectApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PlatformSpec"): return &configv1.PlatformSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PlatformStatus"): return &configv1.PlatformStatusApplyConfiguration{} - case v1.SchemeGroupVersion.WithKind("Policy"): - return &configv1.PolicyApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PolicyFulcioSubject"): return &configv1.PolicyFulcioSubjectApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("PolicyIdentity"): @@ -394,8 +396,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.ProxySpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ProxyStatus"): return &configv1.ProxyStatusApplyConfiguration{} - case v1.SchemeGroupVersion.WithKind("PublicKey"): - return &configv1.PublicKeyApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("RegistryLocation"): return &configv1.RegistryLocationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("RegistrySources"): @@ -496,16 +496,22 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.ContainerResourceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("EtcdBackupSpec"): return &configv1alpha1.EtcdBackupSpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("FulcioCAWithRekor"): - return &configv1alpha1.FulcioCAWithRekorApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("GatherConfig"): return &configv1alpha1.GatherConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicy"): return &configv1alpha1.ImagePolicyApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyFulcioCAWithRekorRootOfTrust"): + return &configv1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPKIRootOfTrust"): + return &configv1alpha1.ImagePolicyPKIRootOfTrustApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPublicKeyRootOfTrust"): + return &configv1alpha1.ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicySpec"): return &configv1alpha1.ImagePolicySpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyStatus"): return &configv1alpha1.ImagePolicyStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ImageSigstoreVerificationPolicy"): + return &configv1alpha1.ImageSigstoreVerificationPolicyApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGather"): return &configv1alpha1.InsightsDataGatherApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGatherSpec"): @@ -516,12 +522,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.PersistentVolumeClaimReferenceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PersistentVolumeConfig"): return &configv1alpha1.PersistentVolumeConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PKI"): - return &configv1alpha1.PKIApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PKICertificateSubject"): return &configv1alpha1.PKICertificateSubjectApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("Policy"): - return &configv1alpha1.PolicyApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PolicyFulcioSubject"): return &configv1alpha1.PolicyFulcioSubjectApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PolicyIdentity"): @@ -532,8 +534,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.PolicyMatchRemapIdentityApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PolicyRootOfTrust"): return &configv1alpha1.PolicyRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PublicKey"): - return &configv1alpha1.PublicKeyApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionNumberConfig"): return &configv1alpha1.RetentionNumberConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionPolicy"):