Bug 1982737 - OLM does not warn on invalid CSV
Summary: OLM does not warn on invalid CSV
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.9
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.11.0
Assignee: Per da Silva
QA Contact: kuiwang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-15 15:04 UTC by Jan Safranek
Modified: 2023-09-15 01:35 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-10 10:36:52 UTC
Target Upstream Version:
Embargoed:
jsafrane: needinfo-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift operator-framework-olm pull 307 0 None open Bug 1982737: Make malformed CSV fail nicely (#2673) 2022-05-13 12:20:47 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:37:19 UTC

Description Jan Safranek 2021-07-15 15:04:00 UTC 
When a CSV has invalid yaml (missing "apiVersion:" line in my case), I was able to build bundle + index image with it and installation of the operator in a cluster failed with cryptic "error creating service account" in InstallPlan status.

Version-Release number of selected component (if applicable):
Server Version: 4.9.0-0.nightly-2021-07-15-015134

How reproducible:
Always

Steps to Reproduce:
1. Use a CSV without "apiVersion:" line.
2. Build bundle image + index image. I don't use operator-sdk tooling for that, I use plain:

docker build -f ./bundle.Dockerfile -t quay.io/jsafrane/efs:bundle .
docker push quay.io/jsafrane/efs:bundle
opm index add --bundles quay.io/jsafrane/efs:bundle --tag quay.io/jsafrane/efs:index --container-tool docker
docker push quay.io/jsafrane/efs:index

3. Install the operator in an OCP cluster

Actual results:
InstallPlan shows weird message in its status:

    conditions:
      message: 'error creating service account: aws-efs-csi-driver-operator: ServiceAccount
        "aws-efs-csi-driver-operator" is invalid: metadata.ownerReferences.apiVersion:
        Invalid value: "": version must not be empty'
      reason: InstallComponentFailed
      status: "False"
      type: Installed

Expected results:

- "opm index add" fails nicely
- InstallPlan status shows "failed to parse CSV: <some nice message>".

Even message shown by "oc apply invalid-csv.yaml" is better than complaining about service account:

> no matches for kind "ClusterServiceVersion" in version ""
Comment 3 Per da Silva 2022-05-13 09:34:56 UTC 
Bug fix is being pulled down here: https://github.com/openshift/operator-framework-olm/pull/305
Comment 4 Per da Silva 2022-05-13 12:15:43 UTC 
Scratch that. I've created a bug PR: https://github.com/openshift/operator-framework-olm/pull/307
Comment 5 kuiwang 2022-05-16 02:48:19 UTC 
@jsafrane 

  Hi, per ticket description "When a CSV has invalid yaml (missing "apiVersion:" line in my case), I was able to build...", it seems the bad csv should be 
---
{
  "kind": "ClusterServiceVersion",
  "metadata": {
    "annotations": {
      "alm-examples": "[]",
      "capabilities": "Full Lifecycle",
      "categories": "Storage",
      "certified": "false",
      "containerImage": "quay.io/app-sre/aws-efs-operator:latest",
      "createdAt": "2020-04-18T21:43:33Z",
      "description": "Management of AWS EFS read-write-many mounts.",
      "operators.operatorframework.io/builder": "operator-sdk-v1.4.0+git",
      "operators.operatorframework.io/project_layout": "unknown",
      "repository": "https://github.com/openshift/local-storage-operator",
      "support": "Red Hat"
    },
    "name": "aws-efs-operator.v4.8.0",
    "namespace": "openshift-operators"
  },
...
--- 
which has no '  "apiVersion": "operators.coreos.com/v1alpha1",'

but after I unpack quay.io/jsafrane/efs:bundle, I find bad csv has apiVersion, but has no items (like apiVersion) in metadata.annotation.alm-examples which is 
---
{
  "apiVersion": "operators.coreos.com/v1alpha1",
  "kind": "ClusterServiceVersion",
  "metadata": {
    "annotations": {
      "alm-examples": "[]",
      "capabilities": "Full Lifecycle",
      "categories": "Storage",
      "certified": "false",
      "containerImage": "quay.io/app-sre/aws-efs-operator:latest",
      "createdAt": "2020-04-18T21:43:33Z",
      "description": "Management of AWS EFS read-write-many mounts.",
      "operators.operatorframework.io/builder": "operator-sdk-v1.4.0+git",
      "operators.operatorframework.io/project_layout": "unknown",
      "repository": "https://github.com/openshift/local-storage-operator",
      "support": "Red Hat"
    },
    "name": "aws-efs-operator.v4.8.0",
    "namespace": "openshift-operators"
  },
---

So, I want to double confirm with you what your bad csv means.
no `"apiVersion": "operators.coreos.com/v1alpha1"` or has `"apiVersion": "operators.coreos.com/v1alpha1"`, but no anything in alm-examples?

Thanks
Comment 7 kuiwang 2022-05-19 07:37:30 UTC 
@jsafrane 
could you please check the comment https://bugzilla.redhat.com/show_bug.cgi?id=1982737#c5? thanks
Comment 15 errata-xmlrpc 2022-08-10 10:36:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Comment 16 Red Hat Bugzilla 2023-09-15 01:35:04 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days
Note You need to log in before you can comment on or make changes to this bug.