Merge pull request #614 from jpeeler/jeff-533

Verify CRD's condition to ensure it's registered with k8s API (rebased)

Author: openshift-merge-robot

pkg/api/apis/operators/v1alpha1/clusterserviceversion_types.go

@@ -254,8 +254,10 @@ const (
 	RequirementStatusReasonPresent             StatusReason = "Present"
 	RequirementStatusReasonNotPresent          StatusReason = "NotPresent"
 	RequirementStatusReasonPresentNotSatisfied StatusReason = "PresentNotSatisfied"
-	DependentStatusReasonSatisfied             StatusReason = "Satisfied"
-	DependentStatusReasonNotSatisfied          StatusReason = "NotSatisfied"
+	// The CRD is present but the Established condition is False (not available)
+	RequirementStatusReasonNotAvailable StatusReason = "PresentNotAvailable"
+	DependentStatusReasonSatisfied      StatusReason = "Satisfied"
+	DependentStatusReasonNotSatisfied   StatusReason = "NotSatisfied"
 )
 
 // DependentStatus is the status for a dependent requirement (to prevent infinite nesting)
@@ -274,6 +276,7 @@ type RequirementStatus struct {
 	Kind       string            `json:"kind"`
 	Name       string            `json:"name"`
 	Status     StatusReason      `json:"status"`
+	Message    string            `json:"message"`
 	UUID       string            `json:"uuid,omitempty"`
 	Dependents []DependentStatus `json:"dependents,omitempty"`
 }
@@ -445,3 +448,4 @@ func (csv ClusterServiceVersion) GetOwnedAPIServiceDescriptions() []APIServiceDe
 
 	return descs
 }
+

pkg/controller/operators/olm/operator_test.go

@@ -131,7 +131,7 @@ func NewFakeOperator(clientObjs []runtime.Object, k8sObjs []runtime.Object, extO
 	}
 
 	// Create the new operator
-	queueOperator, err := queueinformer.NewOperatorFromClient(opClientFake, logrus.New())
+	queueOperator, err := queueinformer.NewOperatorFromClient(opClientFake, logrus.StandardLogger())
 	op := &Operator{
 		Operator:  queueOperator,
 		client:    clientFake,
@@ -566,6 +566,18 @@ func crd(name string, version string) *v1beta1.CustomResourceDefinition {
 				Kind: name,
 			},
 		},
+		Status: v1beta1.CustomResourceDefinitionStatus{
+			Conditions: []v1beta1.CustomResourceDefinitionCondition{
+				{
+					Type:   v1beta1.Established,
+					Status: v1beta1.ConditionTrue,
+				},
+				{
+					Type:   v1beta1.NamesAccepted,
+					Status: v1beta1.ConditionTrue,
+				},
+			},
+		},
 	}
 }
 
@@ -2103,6 +2115,7 @@ func TestTransitionCSV(t *testing.T) {
 }
 
 func TestSyncOperatorGroups(t *testing.T) {
+	logrus.SetLevel(logrus.DebugLevel)
 	nowTime := metav1.Date(2006, time.January, 2, 15, 4, 5, 0, time.FixedZone("MST", -7*3600))
 	timeNow = func() metav1.Time { return nowTime }
 
@@ -2171,6 +2184,7 @@ func TestSyncOperatorGroups(t *testing.T) {
 			Kind:    "CustomResourceDefinition",
 			Name:    crd.GetName(),
 			Status:  v1alpha1.RequirementStatusReasonPresent,
+			Message: "CRD is present and Established condition is true",
 		},
 		{
 			Group:   "",

pkg/controller/operators/olm/requirements.go

@@ -9,6 +9,7 @@ import (
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators/v1alpha1"
 	olmErrors "github.com/operator-framework/operator-lifecycle-manager/pkg/controller/errors"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -29,36 +30,61 @@ func (a *Operator) requirementStatus(strategyDetailsDeployment *install.Strategy
 		// check if CRD exists - this verifies group, version, and kind, so no need for GVK check via discovery
 		crd, err := a.lister.APIExtensionsV1beta1().CustomResourceDefinitionLister().Get(r.Name)
 		if err != nil {
-			a.Log.Debugf("Setting 'met' to false, %v with err: %v", r.Name, err)
 			status.Status = v1alpha1.RequirementStatusReasonNotPresent
+			status.Message = "CRD is not present"
+			a.Log.Debugf("Setting 'met' to false, %v with status %v, with err: %v", r.Name, status, err)
 			met = false
 			statuses = append(statuses, status)
 			continue
 		}
 
-		if crd.Spec.Version == r.Version {
-			status.Status = v1alpha1.RequirementStatusReasonPresent
-			status.UUID = string(crd.GetUID())
-			statuses = append(statuses, status)
-			continue
+		if crd.Spec.Version != r.Version {
+			served := false
+			for _, version := range crd.Spec.Versions {
+				if version.Name == r.Version {
+					if version.Served {
+						served = true
+					}
+					break
+				}
+			}
+
+			if !served {
+				status.Status = v1alpha1.RequirementStatusReasonNotPresent
+				status.Message = "CRD version not served"
+				a.Log.Debugf("Setting 'met' to false, %v with status %v, CRD version %v not found", r.Name, status, r.Version)
+				met = false
+				statuses = append(statuses, status)
+				continue
+			}
 		}
 
-		served := false
-		for _, version := range crd.Spec.Versions {
-			if version.Name == r.Version {
-				if version.Served {
-					status.Status = v1alpha1.RequirementStatusReasonPresent
-					status.UUID = string(crd.GetUID())
-					statuses = append(statuses, status)
-					served = true
+		// Check if CRD has successfully registered with k8s API
+		established := false
+		namesAccepted := false
+		for _, cdt := range crd.Status.Conditions {
+			switch cdt.Type {
+			case v1beta1.Established:
+				if cdt.Status == v1beta1.ConditionTrue {
+					established = true
+				}
+			case v1beta1.NamesAccepted:
+				if cdt.Status == v1beta1.ConditionTrue {
+					namesAccepted = true
 				}
-				break
 			}
 		}
 
-		if !served {
-			status.Status = v1alpha1.RequirementStatusReasonNotPresent
+		if established && namesAccepted {
+			status.Status = v1alpha1.RequirementStatusReasonPresent
+			status.Message = "CRD is present and Established condition is true"
+			status.UUID = string(crd.GetUID())
+			statuses = append(statuses, status)
+		} else {
+			status.Status = v1alpha1.RequirementStatusReasonNotAvailable
+			status.Message = "CRD is present but the Established condition is False (not available)"
 			met = false
+			a.Log.Debugf("Setting 'met' to false, %v with status %v, established=%v, namesAccepted=%v", r.Name, status, established, namesAccepted)
 			statuses = append(statuses, status)
 		}
 	}
@@ -139,11 +165,13 @@ func (a *Operator) requirementStatus(strategyDetailsDeployment *install.Strategy
 
 		if err := a.isGVKRegistered(r.Group, r.Version, r.Kind); err != nil {
 			status.Status = v1alpha1.RequirementStatusReasonNotPresent
+			status.Message = "Native API does not exist"
 			met = false
 			statuses = append(statuses, status)
 			continue
 		} else {
 			status.Status = v1alpha1.RequirementStatusReasonPresent
+			status.Message = "Native API exists"
 			statuses = append(statuses, status)
 			continue
 		}
@@ -181,6 +209,7 @@ func (a *Operator) permissionStatus(strategyDetailsDeployment *install.StrategyD
 			if err != nil {
 				met = false
 				status.Status = v1alpha1.RequirementStatusReasonNotPresent
+				status.Message = "Service account does not exist"
 				statusesSet[saName] = status
 				continue
 			}
@@ -216,6 +245,7 @@ func (a *Operator) permissionStatus(strategyDetailsDeployment *install.StrategyD
 					met = false
 					dependent.Status = v1alpha1.DependentStatusReasonNotSatisfied
 					status.Status = v1alpha1.RequirementStatusReasonPresentNotSatisfied
+					status.Message = "Policy rule not satisfied for service account"
 				} else {
 					dependent.Status = v1alpha1.DependentStatusReasonSatisfied
 				}

pkg/controller/operators/olm/requirements_test.go

@@ -453,6 +453,96 @@ func TestRequirementAndPermissionStatus(t *testing.T) {
 			},
 			expectedError: nil,
 		},
+		{
+			description: "RequirementNotMet/NotEstablishedCRDVersion",
+			csv: csv("csv1",
+				namespace,
+				"",
+				installStrategy("csv1-dep", nil, nil),
+				[]*v1beta1.CustomResourceDefinition{crd("c1", "version-not-found")},
+				nil,
+				v1alpha1.CSVPhasePending,
+			),
+			existingObjs: nil,
+			existingExtObjs: []runtime.Object{
+				crd("c1", "v2"),
+			},
+			met: false,
+			expectedRequirementStatuses: map[gvkn]v1alpha1.RequirementStatus{
+				{"apiextensions.k8s.io", "v1beta1", "CustomResourceDefinition", "c1group"}: {
+					Group:   "apiextensions.k8s.io",
+					Version: "v1beta1",
+					Kind:    "CustomResourceDefinition",
+					Name:    "c1group",
+					Status:  v1alpha1.RequirementStatusReasonNotAvailable,
+				},
+			},
+			expectedError: nil,
+		},
+		{
+			description: "RequirementNotMet/NamesConflictedCRD",
+			csv: csv("csv1",
+				namespace,
+				"",
+				installStrategy("csv1-dep", nil, nil),
+				[]*v1beta1.CustomResourceDefinition{crd("c1", "v2")},
+				nil,
+				v1alpha1.CSVPhasePending,
+			),
+			existingObjs: nil,
+			existingExtObjs: []runtime.Object{
+				func() *v1beta1.CustomResourceDefinition {
+					newCRD := crd("c1", "v2")
+					// condition order: established, name accepted
+					newCRD.Status.Conditions[0].Status = v1beta1.ConditionTrue
+					newCRD.Status.Conditions[1].Status = v1beta1.ConditionFalse
+					return newCRD
+				}(),
+			},
+			met: false,
+			expectedRequirementStatuses: map[gvkn]v1alpha1.RequirementStatus{
+				{"apiextensions.k8s.io", "v1beta1", "CustomResourceDefinition", "c1group"}: {
+					Group:   "apiextensions.k8s.io",
+					Version: "v1beta1",
+					Kind:    "CustomResourceDefinition",
+					Name:    "c1group",
+					Status:  v1alpha1.RequirementStatusReasonNotAvailable,
+				},
+			},
+			expectedError: nil,
+		},
+		{
+			description: "RequirementNotMet/CRDResourceInactive",
+			csv: csv("csv1",
+				namespace,
+				"",
+				installStrategy("csv1-dep", nil, nil),
+				[]*v1beta1.CustomResourceDefinition{crd("c1", "v2")},
+				nil,
+				v1alpha1.CSVPhasePending,
+			),
+			existingObjs: nil,
+			existingExtObjs: []runtime.Object{
+				func() *v1beta1.CustomResourceDefinition {
+					newCRD := crd("c1", "v2")
+					// condition order: established, name accepted
+					newCRD.Status.Conditions[0].Status = v1beta1.ConditionFalse
+					newCRD.Status.Conditions[1].Status = v1beta1.ConditionTrue
+					return newCRD
+				}(),
+			},
+			met: false,
+			expectedRequirementStatuses: map[gvkn]v1alpha1.RequirementStatus{
+				{"apiextensions.k8s.io", "v1beta1", "CustomResourceDefinition", "c1group"}: {
+					Group:   "apiextensions.k8s.io",
+					Version: "v1beta1",
+					Kind:    "CustomResourceDefinition",
+					Name:    "c1group",
+					Status:  v1alpha1.RequirementStatusReasonNotAvailable,
+				},
+			},
+			expectedError: nil,
+		},
 	}
 
 	for _, test := range tests {