Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add upgradeApproval field to OperatorPolicy #249

Merged
merged 1 commit into from
May 23, 2024
Merged

Add upgradeApproval field to OperatorPolicy #249

merged 1 commit into from
May 23, 2024

Conversation

JustinKuli
Copy link
Member

Breaking change: setting InstallPlanApproval on the subscription is invalid, and will result in a noncompliant policy that does not perform any other actions. Previously, not setting that field was invalid.

Being able to set InstallPlanApproval in the policy was somewhat confusing, because the controller would override the supplied value in many cases, in order to have control over which upgrades would be approved. Additionally, there was a desire to separate the approval for the initial installation from the approval for later upgrades.

The new field addresses these concerns. Initial installs will be approved whenever the policy is enforced (as long as it matches the policy's specified allowed versions), and upgrades will only be approved when upgradeApproval is set to Automatic.

Refs:

@JustinKuli JustinKuli marked this pull request as ready for review May 21, 2024 21:05
@openshift-ci openshift-ci bot requested review from dhaiducek and gparvin May 21, 2024 21:05
yiraeChristineKim
yiraeChristineKim previously approved these changes May 22, 2024
View reviewed changes
Copy link
Contributor

@yiraeChristineKim yiraeChristineKim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good to me

@openshift-ci openshift-ci bot added the lgtm label May 22, 2024
@yiraeChristineKim
Copy link
Contributor

/hold for Gus comments

@JustinKuli
Add upgradeApproval field to OperatorPolicy
2390970 
Breaking change: setting `InstallPlanApproval` on the subscription is
invalid, and will result in a noncompliant policy that does not perform
any other actions. Previously, *not* setting that field was invalid.

Being able to set `InstallPlanApproval` in the policy was somewhat
confusing, because the controller would override the supplied value in
many cases, in order to have control over which upgrades would be
approved. Additionally, there was a desire to separate the approval for
the initial installation from the approval for later upgrades.

The new field addresses these concerns. Initial installs will be
approved whenever the policy is enforced (as long as it matches the
policy's specified allowed versions), and upgrades will only be approved
when `upgradeApproval` is set to Automatic.

Refs:
 - https://issues.redhat.com/browse/ACM-11268

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@JustinKuli JustinKuli force-pushed the 11268-upgrade-approval-field branch from aa46c6c to 2390970 Compare May 22, 2024 20:13
@openshift-ci openshift-ci bot removed the lgtm label May 22, 2024
@openshift-ci openshift-ci bot added the lgtm label May 23, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gparvin, JustinKuli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@JustinKuli
Copy link
Member Author

/unhold

@openshift-merge-bot openshift-merge-bot bot merged commit 5b60de6 into open-cluster-management-io:main May 23, 2024
9 checks passed
This was referenced May 28, 2024
Merged
Closed
JustinKuli added a commit to stolostron/governance-policy-framework that referenced this pull request May 29, 2024
@JustinKuli
Update OperatorPolicy tests for upgradeApproval
a2350bf 
Per a recent change in the controller, it is now invalid to specify
installPlanApproval in an OperatorPolicy, and it is necessary to specify
upgradeApproval.

Refs:
 - open-cluster-management-io/config-policy-controller#249

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@JustinKuli JustinKuli mentioned this pull request May 29, 2024
Merged
@dhaiducek dhaiducek mentioned this pull request May 29, 2024
Merged
openshift-merge-bot bot pushed a commit to stolostron/governance-policy-framework that referenced this pull request May 29, 2024
@JustinKuli @openshift-merge-bot
Update OperatorPolicy tests for upgradeApproval
c128d83 
Per a recent change in the controller, it is now invalid to specify
installPlanApproval in an OperatorPolicy, and it is necessary to specify
upgradeApproval.

Refs:
 - open-cluster-management-io/config-policy-controller#249

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@JustinKuli JustinKuli deleted the 11268-upgrade-approval-field branch July 25, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gparvin gparvin gparvin approved these changes

@yiraeChristineKim yiraeChristineKim yiraeChristineKim left review comments

@dhaiducek dhaiducek Awaiting requested review from dhaiducek

Assignees

@gparvin gparvin

@yiraeChristineKim yiraeChristineKim

Labels
approved dco-signoff: yes lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JustinKuli @yiraeChristineKim @gparvin