Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1974438

Summary: ServiceAccount ownerReferences not updated to include new version during upgrade
Product: OpenShift Container Platform Reporter: Ben Luddy <bluddy>
Component: OLMAssignee: Kevin Rizza <krizza>
OLM sub component: OLM QA Contact: Jian Zhang <jiazha>
Status: CLOSED WONTFIX Docs Contact:
Severity: high    
Priority: high CC: cpassare, zzhao
Version: 4.7   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-28 17:43:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Luddy 2021-06-21 17:07:21 UTC 
Description of problem:

Opened based on https://github.com/operator-framework/operator-lifecycle-manager/issues/2193, which was reported on OpenShift.

Version-Release number of selected component (if applicable): 4.7.13 / df08e59d3168b3c657c97ec45c5aebcbc9109f71

How reproducible: ?

Steps to Reproduce: 

1. Upgrade an installed operator (per reports, either by changing the CatalogSource image or the Subscription channel, if relevant).

Actual results:

ServiceAccount's ownerReferences only include the original CSV, which blocks the new CSV from becoming healthy and completing the upgrade.

Expected results:

ServiceAccount's ownerReferences temporarily include both the old and the new CSV. The new CSV will become healthy, which completes the upgrade and removes the old CSV. The owner reference to the old CSV is removed after the old CSV is removed.
Comment 3 Kevin Rizza 2021-06-28 17:43:13 UTC 
It appears that the resolution to this problem is to just not include a service account that matches the generated service account that is created as part of the CSV reconciler. There isn't a trivial backwards compatible way for us to introduce any explicit on cluster validation to resolve this, so I am going to close this as WONTFIX. It seems reasonable for the upstream project to introduce validation to ensure that bundles being built in the registry+v1 format do not run into this problem.
Comment 4 tflannag 2021-08-03 15:23:17 UTC 
*** Bug 1989456 has been marked as a duplicate of this bug. ***