Bug 1776521

Summary: Replacing (updating) operator creates duplicate secrets for the operator's ServiceAccount
Product: OpenShift Container Platform Reporter: Bowen Song <bsong>
Component: OLMAssignee: Bowen Song <bsong>
OLM sub component: OLM QA Contact: Jian Zhang <jiazha>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: bsong, jiazha, nhale, nmalik, pbergene, rrati
Version: 4.3.0   
Target Milestone: ---   
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1769030 Environment:
Last Closed: 2020-01-23 11:14:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1769030    
Bug Blocks: 1769561    

Comment 2 Jian Zhang 2019-12-04 09:23:03 UTC
Steps as below:
Cluster version is 4.3.0-0.nightly-2019-12-04-054458
mac:~ jianzhang$ oc exec catalog-operator-c6694c8bf-c5tg6 -- olm --version
OLM version: 0.13.0
git commit: ceec83c8e02496f09943db75d125c3b50a6a5556


mac:example-operator jianzhang$ oc create -R -f install/openshift-4.1/
namespace/example-operator created
catalogsource.operators.coreos.com/example-operator-registry created
operatorgroup.operators.coreos.com/example-operators created
subscription.operators.coreos.com/example-operator created
mac:example-operator jianzhang$ oc get sub -A
NAMESPACE          NAME               PACKAGE            SOURCE                      CHANNEL
example-operator   example-operator   example-operator   example-operator-registry   alpha
mac:example-operator jianzhang$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-75f6bf5586-zgfpd   1/1   Running   0     41s
mac:example-operator jianzhang$ oc -n example-operator get secrets | grep example-operator
example-operator-dockercfg-x8j48   kubernetes.io/dockercfg               1      2m12s
example-operator-token-7rz2c       kubernetes.io/service-account-token   4      2m12s
example-operator-token-hwvm2       kubernetes.io/service-account-token   4      2m12s

mac:example-operator jianzhang$ oc -n example-operator get catalogsource example-operator-registry -o json | jq -r '.spec.image = "quay.io/nmalik/example-operator-registry:0.0.2"' | oc replace -f -
catalogsource.operators.coreos.com/example-operator-registry replaced
mac:example-operator jianzhang$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-75f6bf5586-zgfpd   1/1   Running             0     3m2s
example-operator-7f5c69848f-cxp6l   0/1   ContainerCreating   0     15s
mac:example-operator jianzhang$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-7f5c69848f-cxp6l   1/1   Running   0     46s

After update, no extra secrets generated. LGTM, verify it.
mac:example-operator jianzhang$ oc -n example-operator get secrets | grep example-operator
example-operator-dockercfg-x8j48   kubernetes.io/dockercfg               1      4m15s
example-operator-token-7rz2c       kubernetes.io/service-account-token   4      4m15s
example-operator-token-hwvm2       kubernetes.io/service-account-token   4      4m15s

Comment 4 errata-xmlrpc 2020-01-23 11:14:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062