OLM Package

Check the spec.version value in the ClusterServiceVersion manifest of the OLM bundle uses a properly formatted semver.

Solution: Update the ClusterServiceVersion manifest of the OLM bundle to set the spec.version value to a valid semver.

Check the feature annotations in the ClusterServiceVersion manifest of the OLM bundle. All of required feature annotations must be present and set to either the string "true" or the string "false". The list of feature annotations can be customize via the required_olm_features_annotations rule data.

Solution: Update the ClusterServiceVersion manifest of the OLM bundle to set the feature annotations to the expected value.

Each image referenced by the OLM bundle should match an entry in the list of prefixes defined by the rule data key allowed_registry_prefixes in your policy configuration.

Solution: Use image from an allowed registry, or modify your policy configuration to include additional registry prefixes.

OLM bundle images should be built for a single architecture. They should not be OCI image indexes nor should they be Docker v2s2 manifest lists.

Solution: Rebuild your bundle image using a single architecture (e.g. linux/amd64). Do not create an image index for the OLM bundle.

Each image indicated as a related image should match an entry in the list of prefixes defined by the rule data key allowed_registry_prefixes in your policy configuration.

Solution: Use image from an allowed registry, or modify your policy configuration to include additional registry prefixes.

Confirm the required_olm_features_annotations rule data was provided, since it’s required by the policy rules in this package.

Check the value of the operators.openshift.io/valid-subscription annotation from the ClusterServiceVersion manifest is in the expected format, i.e. JSON encoded non-empty array of strings.

Solution: Update the ClusterServiceVersion manifest of the OLM bundle to set the subscription annotation to the expected value.

Check the input snapshot and make sure all the images are accessible.

Solution: Ensure all images in the input snapshot are valid.

Check the input image for the presence of related images. Ensure that all images are accessible.

Solution: Ensure all related images are available. The related images are defined by an file containing a json array attached to the validated image. The digest of the attached file is pulled from the RELATED_IMAGES_DIGEST result.

Check the OLM bundle image for the presence of unmapped image references. Unmapped image pull references are references to images found in varying locations that are either not in the RPA about to be released or not accessible already.

Solution: Add the missing image to the snapshot or check if the CSV pullspec is valid and accessible.

Check the OLM bundle image for the presence of unpinned image references. Unpinned image pull references are references to images found in varying locations that do not contain a digest — uniquely identifying the version of the image being pulled.

Solution: Update the OLM bundle replacing the unpinned image reference with pinned image reference. Pinned image reference contains the image digest.

Check the input snapshot for the presence of unpinned image references. Unpinned image pull references are references to images that do not contain a digest — uniquely identifying the version of the image being pulled.

Solution: Update the input snapshot replacing the unpinned image reference with pinned image reference. Pinned image reference contains the image digest.