Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1945261

Summary: Operator dependency not consistently chosen from default channel
Product: OpenShift Container Platform Reporter: Ben Luddy <bluddy>
Component: OLMAssignee: Ben Luddy <bluddy>
OLM sub component: OLM QA Contact: kuiwang
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: ankithom
Version: 4.6Keywords: Triaged
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: During a redundant internal processing step, operator dependency selection arbitrarily picks an operator candidate by name. There may be two candidates with the same name but different update channels. Consequence: Operator dependencies should always be satisfied by candidates from a default channel (unless there are no valid candidates in a default channel). If a candidate operator is both in its package's default channel AND in a non-default channel, catalog-operator may generate a subscription that arbitrarily specifies either of the two channels. Fix: Remove the ambiguous selection logic. It was redundant as well as ambiguous. Result: Operator dependencies are always satisfied by candidates from a default channel (unless there are no valid candidates in a default channel).
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 22:56:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1945702    

Description Ben Luddy 2021-03-31 14:52:04 UTC 
Description of problem:

Operator dependencies should always be satisfied by candidates from a default channel (unless there are no valid candidates in a default channel). If a candidate operator is both in its package's default channel AND in a non-default channel, catalog-operator may generate a subscription that arbitrarily specifies either of the two channels.

Originally reported upstream in https://github.com/operator-framework/operator-lifecycle-manager/issues/2067.

Version-Release number of selected component (if applicable): 4.6+

How reproducible: Not always, but maybe at least 50% of the time. Probably more likely to occur if the candidate appears in more channels.

Steps to Reproduce:

1. Create the following resources:

apiVersion: v1
kind: Namespace
metadata:
  name: test-namespace
---
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: test-namespace
spec:
  image: quay.io/bluddy/foo:defchn-a
  sourceType: grpc
---
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: opencloud-operators
  namespace: test-namespace
spec:
  image: quay.io/bluddy/foo:defchn-b
  sourceType: grpc
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: test-operators
  namespace: test-namespace
spec: {}
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: test-subscription
  namespace: test-namespace
spec:
  name: ibm-automation-core
  channel: v1.0
  source: ibm-operator-catalog
  sourceNamespace: test-namespace

2. Wait for installation to finish, then run "kubectl get -n test-namespace subscription". If you see:

$ kubectl get -n test-namespace subscription
NAME                PACKAGE               SOURCE                 CHANNEL
test-subscription   ibm-automation-core   ibm-operator-catalog   v1.0
ibm-common-service-operator-v3-opencloud-operators-test-namespace   ibm-common-service-operator   opencloud-operators    v3

then run "kubectl delete namespace test-namespace" and go back to step (1).

Actual results:

$ kubectl get -n test-namespace subscription
NAME                PACKAGE               SOURCE                 CHANNEL
test-subscription   ibm-automation-core   ibm-operator-catalog   v1.0
ibm-common-service-operator-beta-opencloud-operators-test-namespace   ibm-common-service-operator   opencloud-operators    beta


Expected results:

$ kubectl get -n test-namespace subscription
NAME                PACKAGE               SOURCE                 CHANNEL
test-subscription   ibm-automation-core   ibm-operator-catalog   v1.0
ibm-common-service-operator-v3-opencloud-operators-test-namespace   ibm-common-service-operator   opencloud-operators    v3
Comment 7 errata-xmlrpc 2021-07-27 22:56:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438