1945261 – Operator dependency not consistently chosen from default channel

Bug 1945261 - Operator dependency not consistently chosen from default channel

Summary: Operator dependency not consistently chosen from default channel

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	OLM
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Ben Luddy
QA Contact:	kuiwang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1945702
TreeView+	depends on / blocked

Reported:	2021-03-31 14:52 UTC by Ben Luddy
Modified:	2021-07-27 22:57 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: During a redundant internal processing step, operator dependency selection arbitrarily picks an operator candidate by name. There may be two candidates with the same name but different update channels. Consequence: Operator dependencies should always be satisfied by candidates from a default channel (unless there are no valid candidates in a default channel). If a candidate operator is both in its package's default channel AND in a non-default channel, catalog-operator may generate a subscription that arbitrarily specifies either of the two channels. Fix: Remove the ambiguous selection logic. It was redundant as well as ambiguous. Result: Operator dependencies are always satisfied by candidates from a default channel (unless there are no valid candidates in a default channel).
Clone Of:
Environment:
Last Closed:	2021-07-27 22:56:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	operator-framework operator-lifecycle-manager pull 2068	0	None	closed	Bug 1945261: Fix inconsistent dependency candidate order.	2021-04-05 13:36:05 UTC
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 22:57:03 UTC

Description Ben Luddy 2021-03-31 14:52:04 UTC

Description of problem:

Operator dependencies should always be satisfied by candidates from a default channel (unless there are no valid candidates in a default channel). If a candidate operator is both in its package's default channel AND in a non-default channel, catalog-operator may generate a subscription that arbitrarily specifies either of the two channels.

Originally reported upstream in https://github.com/operator-framework/operator-lifecycle-manager/issues/2067.

Version-Release number of selected component (if applicable): 4.6+

How reproducible: Not always, but maybe at least 50% of the time. Probably more likely to occur if the candidate appears in more channels.

Steps to Reproduce:

1. Create the following resources:

apiVersion: v1
kind: Namespace
metadata:
  name: test-namespace
---
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: test-namespace
spec:
  image: quay.io/bluddy/foo:defchn-a
  sourceType: grpc
---
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: opencloud-operators
  namespace: test-namespace
spec:
  image: quay.io/bluddy/foo:defchn-b
  sourceType: grpc
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: test-operators
  namespace: test-namespace
spec: {}
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: test-subscription
  namespace: test-namespace
spec:
  name: ibm-automation-core
  channel: v1.0
  source: ibm-operator-catalog
  sourceNamespace: test-namespace

2. Wait for installation to finish, then run "kubectl get -n test-namespace subscription". If you see:

$ kubectl get -n test-namespace subscription
NAME                PACKAGE               SOURCE                 CHANNEL
test-subscription   ibm-automation-core   ibm-operator-catalog   v1.0
ibm-common-service-operator-v3-opencloud-operators-test-namespace   ibm-common-service-operator   opencloud-operators    v3

then run "kubectl delete namespace test-namespace" and go back to step (1).

Actual results:

$ kubectl get -n test-namespace subscription
NAME                PACKAGE               SOURCE                 CHANNEL
test-subscription   ibm-automation-core   ibm-operator-catalog   v1.0
ibm-common-service-operator-beta-opencloud-operators-test-namespace   ibm-common-service-operator   opencloud-operators    beta


Expected results:

$ kubectl get -n test-namespace subscription
NAME                PACKAGE               SOURCE                 CHANNEL
test-subscription   ibm-automation-core   ibm-operator-catalog   v1.0
ibm-common-service-operator-v3-opencloud-operators-test-namespace   ibm-common-service-operator   opencloud-operators    v3

Comment 7 errata-xmlrpc 2021-07-27 22:56:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.