Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🤖 Sync from open-cluster-management-io/config-policy-controller: #241 #855

Merged
merged 2 commits into from
May 7, 2024
Merged

🤖 Sync from open-cluster-management-io/config-policy-controller: #241 #855

merged 2 commits into from
May 7, 2024

Conversation

magic-mirror-bot[bot]
Copy link

@magic-mirror-bot magic-mirror-bot bot commented May 7, 2024
edited by JustinKuli
Loading

@JustinKuli
Add specific watches for some deleting resources
3fe07de 
It seems that watches that use a label selector do not always get
triggered when a resource is fully removed. In particular, this means
that CRDs and CSVs related to an OperatorPolicy can get stuck in the
status, even when they have been fully removed, because the policy is
not re-reconciled.

Since watches using a specific name seem to be unaffected, the
controller now creates new watches by name in that situation.

Refs:
 - https://issues.redhat.com/browse/ACM-11451

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
(cherry picked from commit 76ca0cd)
@magic-mirror-bot magic-mirror-bot bot mentioned this pull request May 7, 2024
Closed
@dhaiducek
Copy link
Contributor

Looks like the deployment didn't come up in time?

• [FAILED] [16.460 seconds]
Testing OperatorPolicy Testing CustomResourceDefinition reporting [It] Should generate conditions and relatedobjects of CRD
/home/runner/work/config-policy-controller/config-policy-controller/test/e2e/case38_install_operator_test.go:1396

  Timeline >>
  STEP: Waiting for a CRD to appear, which should indicate the operator is installing @ 05/07/24 17:23:23.873
  [FAILED] in [It] - /home/runner/work/config-policy-controller/config-policy-controller/test/e2e/case38_install_operator_test.go:1407 @ 05/07/24 17:23:29.899
  Debug info for failure.
  policy JSON: {
    "apiVersion": "policy.open-cluster-management.io/v1beta1",
    "kind": "OperatorPolicy",
    "metadata": {
      "annotations": {
        "policy.open-cluster-management.io/parent-policy-compliance-db-id": "124",
        "policy.open-cluster-management.io/policy-compliance-db-id": "64"
      },
      "creationTimestamp": "2024-05-07T17:23:15Z",
      "generation": 2,
      "name": "oppol-no-group",
      "namespace": "operator-policy-testns",
      "ownerReferences": [
        {
          "apiVersion": "policy.open-cluster-management.io/v1",
          "kind": "Policy",
          "name": "parent-policy",
          "uid": "30e0fda3-2296-4fbb-ad66-f0b117d3b074"
        }
      ],
      "resourceVersion": "7876",
      "uid": "71cee4cd-fd21-4252-8c08-dae4991c2ecb"
    },
    "spec": {
      "complianceType": "musthave",
      "remediationAction": "enforce",
      "removalBehavior": {
        "clusterServiceVersions": "Delete",
        "customResourceDefinitions": "Keep",
        "operatorGroups": "DeleteIfUnused",
        "subscriptions": "Delete"
      },
      "severity": "medium",
      "subscription": {
        "channel": "stable-3.10",
        "installPlanApproval": "Automatic",
        "name": "project-quay",
        "namespace": "operator-policy-testns",
        "source": "operatorhubio-catalog",
        "sourceNamespace": "olm",
        "startingCSV": "quay-operator.v3.10.0"
      },
      "versions": [
        "quay-operator.v3.10.0"
      ]
    },
    "status": {
      "compliant": "NonCompliant",
      "conditions": [
        {
          "lastTransitionTime": "2024-05-07T17:23:15Z",
          "message": "CatalogSource was found",
          "reason": "CatalogSourcesFound",
          "status": "False",
          "type": "CatalogSourcesUnhealthy"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:29Z",
          "message": "ClusterServiceVersion (quay-operator.v3.10.0) - installing: waiting for deployment quay-operator-tng to become ready: deployment \"quay-operator-tng\" not available: Deployment does not have minimum availability.",
          "reason": "InstallWaiting",
          "status": "False",
          "type": "ClusterServiceVersionCompliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:29Z",
          "message": "NonCompliant; the policy spec is valid, the OperatorGroup matches what is required by the policy, the Subscription matches what is required by the policy, a relevant InstallPlan is actively installing, ClusterServiceVersion (quay-operator.v3.10.0) - installing: waiting for deployment quay-operator-tng to become ready: deployment \"quay-operator-tng\" not available: Deployment does not have minimum availability., no CRDs were found for the operator, the deployments quay-operator-tng do not have their minimum availability, CatalogSource was found",
          "reason": "NonCompliant",
          "status": "False",
          "type": "Compliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:29Z",
          "message": "no CRDs were found for the operator",
          "reason": "RelevantCRDNotFound",
          "status": "True",
          "type": "CustomResourceDefinitionCompliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:29Z",
          "message": "the deployments quay-operator-tng do not have their minimum availability",
          "reason": "DeploymentsUnavailable",
          "status": "False",
          "type": "DeploymentCompliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:26Z",
          "message": "a relevant InstallPlan is actively installing",
          "reason": "InstallPlansInstalling",
          "status": "False",
          "type": "InstallPlanCompliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:23Z",
          "message": "the OperatorGroup matches what is required by the policy",
          "reason": "OperatorGroupMatches",
          "status": "True",
          "type": "OperatorGroupCompliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:23Z",
          "message": "the Subscription matches what is required by the policy",
          "reason": "SubscriptionMatches",
          "status": "True",
          "type": "SubscriptionCompliant"
        },
        {
          "lastTransitionTime": "2024-05-07T17:23:15Z",
          "message": "the policy spec is valid",
          "reason": "PolicyValidated",
          "status": "True",
          "type": "ValidPolicySpec"
        }
      ],
      "relatedObjects": [
        {
          "compliant": "Compliant",
          "object": {
            "apiVersion": "operators.coreos.com/v1alpha1",
            "kind": "CatalogSource",
            "metadata": {
              "name": "operatorhubio-catalog",
              "namespace": "olm"
            }
          },
          "reason": "Resource found as expected"
        },
        {
          "compliant": "NonCompliant",
          "object": {
            "apiVersion": "operators.coreos.com/v1alpha1",
            "kind": "ClusterServiceVersion",
            "metadata": {
              "name": "quay-operator.v3.10.0",
              "namespace": "operator-policy-testns"
            }
          },
          "properties": {
            "uid": "6dc3e0ad-d87f-443b-943b-20e79f19f0d0"
          },
          "reason": "InstallWaiting"
        },
        {
          "compliant": "Compliant",
          "object": {
            "apiVersion": "apiextensions.k8s.io/v1",
            "kind": "CustomResourceDefinition",
            "metadata": {
              "name": "-"
            }
          },
          "reason": "No relevant CustomResourceDefinitions found"
        },
        {
          "compliant": "NonCompliant",
          "object": {
            "apiVersion": "apps/v1",
            "kind": "Deployment",
            "metadata": {
              "name": "quay-operator-tng",
              "namespace": "operator-policy-testns"
            }
          },
          "properties": {
            "uid": "6d1d9a38-8fcd-4c72-8dac-d02d4feef43e"
          },
          "reason": "Deployment Unavailable"
        },
        {
          "compliant": "NonCompliant",
          "object": {
            "apiVersion": "operators.coreos.com/v1alpha1",
            "kind": "InstallPlan",
            "metadata": {
              "name": "install-lvf5d",
              "namespace": "operator-policy-testns"
            }
          },
          "properties": {
            "uid": "8d54b751-f2cb-4a3a-ba39-5d42cba89109"
          },
          "reason": "The InstallPlan is Installing"
        },
        {
          "compliant": "Compliant",
          "object": {
            "apiVersion": "operators.coreos.com/v1",
            "kind": "OperatorGroup",
            "metadata": {
              "name": "operator-policy-testns-cwxfm",
              "namespace": "operator-policy-testns"
            }
          },
          "properties": {
            "createdByPolicy": true,
            "uid": "368a5afa-667e-4091-8ffd-11bd72d7af19"
          },
          "reason": "Resource found as expected"
        },
        {
          "compliant": "Compliant",
          "object": {
            "apiVersion": "operators.coreos.com/v1alpha1",
            "kind": "Subscription",
            "metadata": {
              "name": "project-quay",
              "namespace": "operator-policy-testns"
            }
          },
          "properties": {
            "createdByPolicy": true,
            "uid": "74f2e104-9621-4e4e-8ab3-473ab066a207"
          },
          "reason": "Resource found as expected"
        }
      ]
    }
  }
  wanted related objects: [{Object:{Kind:CustomResourceDefinition APIVersion:apiextensions.k8s.io/v1 Metadata:{Name:quayregistries.quay.redhat.com Namespace:}} Compliant:Compliant Reason:Resource found as expected Properties:<nil>}]
  wanted condition: {Type:CustomResourceDefinitionCompliant Status:True ObservedGeneration:0 LastTransitionTime:0001-01-01 00:00:00 +0000 UTC Reason:RelevantCRDFound Message:there are CRDs present for the operator}

  << Timeline

  [FAILED] Failed after 1.011s.
  The function passed to Consistently failed at /home/runner/work/config-policy-controller/config-policy-controller/test/e2e/case38_install_operator_test.go:122 with:
  Expected
      <bool>: false
  to be true
  In [It] at: /home/runner/work/config-policy-controller/config-policy-controller/test/e2e/case38_install_operator_test.go:1407 @ 05/07/24

@JustinKuli
Copy link
Contributor

JustinKuli commented May 7, 2024
edited
Loading

Yeah, weird. It looks like the CRD appeared, then the Eventually checking that part of the policy status passed, but then it failed in a Consistently... so maybe the status was unstable, because the operator was still installing? Since the deployment was not available yet.

@dhaiducek
Copy link
Contributor

Yeah, weird.

Shall I open an issue for it, then?

@JustinKuli
Copy link
Contributor

I'll just make another PR improving the test immediately, no issue required.

@JustinKuli JustinKuli mentioned this pull request May 7, 2024
Merged
@JustinKuli
Wait for deployment in CRD status test
ff0b0b9 
Refs:
 - https://issues.redhat.com/browse/ACM-11451

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
(cherry picked from commit d734b7a)
@JustinKuli
Copy link
Contributor

Added new commit, it might need an approval

@openshift-ci openshift-ci bot added the lgtm label May 7, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 7, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhaiducek, magic-mirror-bot[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label May 7, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 7, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@openshift-merge-bot openshift-merge-bot bot merged commit 2f5d62f into main May 7, 2024
13 checks passed
@openshift-merge-bot openshift-merge-bot bot deleted the magic-mirror-main-1715101843543 branch May 7, 2024 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhaiducek dhaiducek dhaiducek approved these changes

Assignees

@dhaiducek dhaiducek

@JustinKuli JustinKuli

Labels
approved dco-signoff: yes lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

😿 Failed to sync the upstream PRs: #241
2 participants
@dhaiducek @JustinKuli