Bug 1989704 - Invalid olm.maxOpenShiftVersion properties have unclear/undefined behavior in OLM
Summary: Invalid olm.maxOpenShiftVersion properties have unclear/undefined behavior in...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.9
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.0
Assignee: Nick Hale
QA Contact: Jian Zhang
URL:
Whiteboard:
: 1986753 (view as bug list)
Depends On:
Blocks: 1989711
TreeView+ depends on / blocked
 
Reported: 2021-08-03 18:30 UTC by Nick Hale
Modified: 2021-10-18 17:44 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1989711 (view as bug list)
Environment:
Last Closed: 2021-10-18 17:44:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift operator-framework-olm pull 154 0 None None None 2021-08-04 03:12:55 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:44:29 UTC

Description Nick Hale 2021-08-03 18:30:57 UTC
Description of problem:

The behavior of OLM when installed operators specify olm.maxOpenShiftVersion:

- with an empty value
- with a poorly formed value; e.g. bad semver
- more than once; ambiguous max

is ill-defined and inconsistent; silently allowing upgrades in the face of invalid values.

Version-Release number of selected component (if applicable): 

OpenShift: 4.9.0-0.nightly-2021-07-27-125952
OLM: version: 0.18.3, git commit: 3475b1d5d8d481394ba90b2823645bed0fb2b076

How reproducible: Always

Steps to Reproduce:

1. Write an operator that specifies an invalid, empty, and/or multiple olm.maxOpenShiftVersion properties
2. Install that operator on a cluster

(Here's a demo that walks through configuring properties, building bundles, and installing on a cluster: https://youtu.be/pa2-YKo07cw?list=PLw471UtJC4H39vNAduRz6CixDetHwljKs)

Expected results:

OLM should set the Upgradeable condition of the operator-lifecycle-manager ClusterOperator resource to False -- i.e. block cluster upgrades -- whenever:

- an installed operator has an invalid olm.maxOpenShiftVersion property; e.g. empty or malformed semver
- an installed operator has declared more than one olm.MaxOpenShiftVersion property
- cluster information is unavailable; e.g. the desired version of the cluster is undefined (non-functional requirement)

Additionally, the message of that condition should identify the operator(s) (and reason for) blocking an upgrade.

Additional info:

This behavior was undefined but originally assumed to fail-open; i.e. invalid properties should be ignored (see https://bugzilla.redhat.com/show_bug.cgi?id=1986753). However, it was decided during review that failing-closed (i.e. invalid properties should block upgrades) with appropriate error messages leaves OpenShift upgrades less susceptible to operator publishing errors.

Upstream PR (merged): https://github.com/operator-framework/operator-lifecycle-manager/pull/2302

Comment 1 Nick Hale 2021-08-03 18:35:18 UTC
*** Bug 1986753 has been marked as a duplicate of this bug. ***

Comment 5 Jian Zhang 2021-08-06 09:56:03 UTC
[cloud-user@preserve-olm-env jian]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2021-08-06-020133   True        False         4h20m   Cluster version is 4.9.0-0.nightly-2021-08-06-020133

[cloud-user@preserve-olm-env jian]$ oc exec deploy/catalog-operator -- olm --version
OLM version: 0.18.3
git commit: 3a21821b786493b59da83ab4ce16d6ed16dcccad

For detailed steps/results, please refer to https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-43101
Looks good to me, verify it.

Comment 8 errata-xmlrpc 2021-10-18 17:44:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.