Handle CSV approvals with unconventional package names

jan-law · jan-law · commit 3d1cff2f25ce · 2025-08-19T12:55:15.000-07:00
ref: https://issues.redhat.com/browse/ACM-20500 When approving multiple CSVs in an install plan, lookup the required package for each CSV. Removed the original logic assuming the CSV name matched the format of <package name>.v<version> Signed-off-by: Janelle Law <jalaw@redhat.com>
diff --git a/controllers/operatorpolicy_controller.go b/controllers/operatorpolicy_controller.go
@@ -2252,12 +2252,12 @@ func getApprovedCSVs(
 	approvedCSVs := sets.Set[string]{}
 	approvedCSVs.Insert(subscriptionCSV)
 
+	packageToCSV := getPackageToCSVMapping(installPlan)
+
 	// Approve all CSVs that are dependencies of the subscription CSV.
 	for _, packageDependency := range packageDependencies.UnsortedList() {
-		for _, csvName := range installPlan.Spec.ClusterServiceVersionNames {
-			if strings.HasPrefix(csvName, packageDependency+".v") {
-				approvedCSVs.Insert(csvName)
-			}
+		if csvName, ok := packageToCSV[packageDependency]; ok {
+			approvedCSVs.Insert(csvName)
 		}
 	}
 
@@ -2337,6 +2337,50 @@ func getBundleDependencies(
 	return packageDependencies
 }
 
+// getPackageToCSVMapping creates a map from olm package names to their CSV identifiers using bundle lookups
+func getPackageToCSVMapping(installPlan *operatorv1alpha1.InstallPlan) map[string]string {
+	packageToCSV := make(map[string]string, len(installPlan.Status.BundleLookups))
+
+	for _, bundle := range installPlan.Status.BundleLookups {
+		props := map[string]interface{}{}
+
+		err := json.Unmarshal([]byte(bundle.Properties), &props)
+		if err != nil {
+			continue
+		}
+
+		propsList, ok := props["properties"].([]interface{})
+		if !ok {
+			continue
+		}
+
+		for _, prop := range propsList {
+			propMap, ok := prop.(map[string]interface{})
+			if !ok {
+				continue
+			}
+
+			if propMap["type"] != "olm.package" {
+				continue
+			}
+
+			propValue, ok := propMap["value"].(map[string]interface{})
+			if !ok {
+				continue
+			}
+
+			packageName, ok := propValue["packageName"].(string)
+			if !ok || packageName == "" {
+				continue
+			}
+
+			packageToCSV[packageName] = bundle.Identifier
+		}
+	}
+
+	return packageToCSV
+}
+
 func (r *OperatorPolicyReconciler) mustnothaveInstallPlan(
 	policy *policyv1beta1.OperatorPolicy,
 	latestInstallPlan *unstructured.Unstructured,
diff --git a/controllers/operatorpolicy_controller_test.go b/controllers/operatorpolicy_controller_test.go
@@ -334,6 +334,53 @@ func TestGetApprovedCSVs(t *testing.T) {
 	}
 }
 
+func TestGetApprovedCSVsBundleLookup(t *testing.T) {
+	mtcOadpIPRaw, err := os.ReadFile("../test/resources/unit/mtc-oadp-installplan.yaml")
+	if err != nil {
+		t.Fatalf("Encountered an error when reading the mtc-oadp-installplan.yaml: %v", err)
+	}
+
+	installPlan := &operatorv1alpha1.InstallPlan{}
+
+	err = yaml.Unmarshal(mtcOadpIPRaw, installPlan)
+	if err != nil {
+		t.Fatalf("Encountered an error when unmarshaling the mtc-oadp-installplan.yaml: %v", err)
+	}
+
+	policy := &policyv1beta1.OperatorPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "mtc-operator",
+		},
+		Spec: policyv1beta1.OperatorPolicySpec{
+			RemediationAction: "enforce",
+			ComplianceType:    "musthave",
+			Severity:          "medium",
+			UpgradeApproval:   "Automatic",
+			Versions:          []string{"mtc-operator.v1.8.9"},
+		},
+	}
+
+	subscription := &operatorv1alpha1.Subscription{
+		Status: operatorv1alpha1.SubscriptionStatus{
+			CurrentCSV: "mtc-operator.v1.8.9",
+		},
+	}
+
+	csvs := getApprovedCSVs(policy, subscription, installPlan)
+
+	expectedCSVs := sets.Set[string]{}
+	expectedCSVs.Insert("mtc-operator.v1.8.9")
+	expectedCSVs.Insert("oadp-operator.v1.5.0")
+
+	if !csvs.Equal(expectedCSVs) {
+		t.Fatalf(
+			"Expected both MTC and OADP CSVs to be approved. Got: %s, Expected: %s",
+			strings.Join(csvs.UnsortedList(), ", "),
+			strings.Join(expectedCSVs.UnsortedList(), ", "),
+		)
+	}
+}
+
 func TestCanonicalizeVersions(t *testing.T) {
 	policy := &policyv1beta1.OperatorPolicy{
 		Spec: policyv1beta1.OperatorPolicySpec{
diff --git a/test/resources/unit/mtc-oadp-installplan.yaml b/test/resources/unit/mtc-oadp-installplan.yaml
@@ -0,0 +1,18 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: InstallPlan
+metadata:
+  name: install-mtc-oadp
+  namespace: openshift-adp
+spec:
+  approval: Manual
+  approved: false
+  clusterServiceVersionNames:
+  - mtc-operator.v1.8.9
+  - oadp-operator.v1.5.0
+  generation: 1
+status:
+  bundleLookups:
+  - identifier: oadp-operator.v1.5.0
+    properties: '{"properties":[{"type":"olm.gvk","value":{"group":"oadp.openshift.io","kind":"CloudStorage","version":"v1alpha1"}},{"type":"olm.package","value":{"packageName":"redhat-oadp-operator","version":"1.5.0"}}]}'
+  - identifier: mtc-operator.v1.8.9
+    properties: '{"properties":[{"type":"olm.gvk","value":{"group":"migration.openshift.io","kind":"DirectImageMigration","version":"v1alpha1"}},{"type":"olm.package","value":{"packageName":"mtc-operator","version":"1.8.9"}},{"type":"olm.package.required","value":{"packageName":"redhat-oadp-operator","versionRange":">=1.2.3"}}]}' 
