Skip to content

Commit

Permalink
🌱 Descriptive Upgrade Constraint Policy constants (#1233)
Browse files Browse the repository at this point in the history
* more descriptive upgrade contstraint policy constants

* change match labels to olm.operatorframework.io/metadata.name

fix unintentional override due to error in rebase

Co-authored-by: Joe Lanford <[email protected]>

---------

Co-authored-by: Joe Lanford <[email protected]>
  • Loading branch information
skattoju and joelanford authored Sep 11, 2024
1 parent 9491b59 commit 78a6c00
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 58 deletions.
16 changes: 8 additions & 8 deletions api/v1alpha1/clusterextension_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@ type CRDUpgradeSafetyPolicy string
const (
// The extension will only upgrade if the new version satisfies
// the upgrade constraints set by the package author.
UpgradeConstraintPolicyEnforce UpgradeConstraintPolicy = "Enforce"
UpgradeConstraintPolicyCatalogProvided UpgradeConstraintPolicy = "CatalogProvided"

// Unsafe option which allows an extension to be
// upgraded or downgraded to any available version of the package and
// ignore the upgrade path designed by package authors.
// This assumes that users independently verify the outcome of the changes.
// Use with caution as this can lead to unknown and potentially
// disastrous results such as data loss.
UpgradeConstraintPolicyIgnore UpgradeConstraintPolicy = "Ignore"
UpgradeConstraintPolicySelfCertified UpgradeConstraintPolicy = "SelfCertified"
)

// ClusterExtensionSpec defines the desired state of ClusterExtension
Expand Down Expand Up @@ -323,22 +323,22 @@ type CatalogSource struct {
// the upgrade path(s) defined in the catalog are enforced for the package
// referenced in the packageName field.
//
// Allowed values are: ["Enforce", "Ignore"].
// Allowed values are: ["CatalogProvided", "SelfCertified"].
//
// When this field is set to "Enforce", automatic upgrades will only occur
// When this field is set to "CatalogProvided", automatic upgrades will only occur
// when upgrade constraints specified by the package author are met.
//
// When this field is set to "Ignore", the upgrade constraints specified by
// When this field is set to "SelfCertified", the upgrade constraints specified by
// the package author are ignored. This allows for upgrades and downgrades to
// any version of the package. This is considered a dangerous operation as it
// can lead to unknown and potentially disastrous outcomes, such as data
// loss. It is assumed that users have independently verified changes when
// using this option.
//
// If unspecified, the default value is "Enforce".
// If unspecified, the default value is "CatalogProvided".
//
//+kubebuilder:validation:Enum:=Enforce;Ignore
//+kubebuilder:default:=Enforce
//+kubebuilder:validation:Enum:=CatalogProvided;SelfCertified
//+kubebuilder:default:=CatalogProvided
//+optional
UpgradeConstraintPolicy UpgradeConstraintPolicy `json:"upgradeConstraintPolicy,omitempty"`
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -334,28 +334,28 @@ spec:
type: object
x-kubernetes-map-type: atomic
upgradeConstraintPolicy:
default: Enforce
default: CatalogProvided
description: |-
upgradeConstraintPolicy is an optional field that controls whether
the upgrade path(s) defined in the catalog are enforced for the package
referenced in the packageName field.
Allowed values are: ["Enforce", "Ignore"].
Allowed values are: ["CatalogProvided", "SelfCertified"].
When this field is set to "Enforce", automatic upgrades will only occur
When this field is set to "CatalogProvided", automatic upgrades will only occur
when upgrade constraints specified by the package author are met.
When this field is set to "Ignore", the upgrade constraints specified by
When this field is set to "SelfCertified", the upgrade constraints specified by
the package author are ignored. This allows for upgrades and downgrades to
any version of the package. This is considered a dangerous operation as it
can lead to unknown and potentially disastrous outcomes, such as data
loss. It is assumed that users have independently verified changes when
using this option.
If unspecified, the default value is "Enforce".
If unspecified, the default value is "CatalogProvided".
enum:
- Enforce
- Ignore
- CatalogProvided
- SelfCertified
type: string
version:
description: |-
Expand Down
16 changes: 8 additions & 8 deletions docs/drafts/upgrade-support.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,17 +42,17 @@ spec:
packageName: <package_name>
serviceAccount:
name: <service_account>
upgradeConstraintPolicy: Ignore
upgradeConstraintPolicy: SelfCertified
version: "<version_or_version_range>"
```

where setting the `upgradeConstraintPolicy` to:

`Ignore`
`SelfCertified`
: Does not limit the next version to the set of successors, and instead allows for any downgrade, sidegrade, or upgrade.

`Enforce`
: Only allows the next version to come from the successors list. This is the default value. If the `upgradeConstraintPolicy` parameter is not defined in an extension's CR, then the policy is set to `Enforce` by default.
`CatalogProvided`
: Only allows the next version to come from the successors list. This is the default value. If the `upgradeConstraintPolicy` parameter is not defined in an extension's CR, then the policy is set to `CatalogProvided` by default.

## Upgrades

Expand All @@ -74,11 +74,11 @@ You must verify and perform upgrades manually in cases where automatic upgrades

**Warning:** If you want to force an upgrade manually, you must thoroughly verify the outcome before applying any changes to production workloads. Failure to test and verify the upgrade might lead to catastrophic consequences such as data loss.

As a package admin, if you must upgrade or downgrade to version that might be incompatible with the currently installed version, you can set the `.spec.upgradeConstraintPolicy` field to `Ignore` on the relevant `ClusterExtension` resource.
As a package admin, if you must upgrade or downgrade to version that might be incompatible with the currently installed version, you can set the `.spec.upgradeConstraintPolicy` field to `SelfCertified` on the relevant `ClusterExtension` resource.

If you set the field to `Ignore`, no upgrade constraints are set on the package. As a result, you can change the version to any version available in the catalogs for a given package.
If you set the field to `SelfCertified`, no upgrade constraints are set on the package. As a result, you can change the version to any version available in the catalogs for a given package.

Example `ClusterExtension` with `.spec.upgradeConstraintPolicy` field set to `Ignore`:
Example `ClusterExtension` with `.spec.upgradeConstraintPolicy` field set to `SelfCertified`:

```yaml
apiVersion: olm.operatorframework.io/v1alpha1
Expand All @@ -91,7 +91,7 @@ spec:
catalog:
packageName: argocd-operator
version: 0.6.0
upgradeConstraintPolicy: Ignore
upgradeConstraintPolicy: SelfCertified
install:
namespace: argocd
serviceAccout:
Expand Down
6 changes: 3 additions & 3 deletions docs/refs/api/operator-controller-api-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ _Appears in:_
| `version` _string_ | version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed.<br /><br />Acceptable version ranges are no longer than 64 characters.<br />Version ranges are composed of comma- or space-delimited values and one or<br />more comparison operators, known as comparison strings. Additional<br />comparison strings can be added using the OR operator (\|\|).<br /><br /># Range Comparisons<br /><br />To specify a version range, you can use a comparison string like ">=3.0,<br /><3.6". When specifying a range, automatic updates will occur within that<br />range. The example comparison string means "install any version greater than<br />or equal to 3.0.0 but less than 3.6.0.". It also states intent that if any<br />upgrades are available within the version range after initial installation,<br />those upgrades should be automatically performed.<br /><br /># Pinned Versions<br /><br />To specify an exact version to install you can use a version range that<br />"pins" to a specific version. When pinning to a specific version, no<br />automatic updates will occur. An example of a pinned version range is<br />"0.6.0", which means "only install version 0.6.0 and never<br />upgrade from this version".<br /><br /># Basic Comparison Operators<br /><br />The basic comparison operators and their meanings are:<br /> - "=", equal (not aliased to an operator)<br /> - "!=", not equal<br /> - "<", less than<br /> - ">", greater than<br /> - ">=", greater than OR equal to<br /> - "<=", less than OR equal to<br /><br /># Wildcard Comparisons<br /><br />You can use the "x", "X", and "*" characters as wildcard characters in all<br />comparison operations. Some examples of using the wildcard characters:<br /> - "1.2.x", "1.2.X", and "1.2.*" is equivalent to ">=1.2.0, < 1.3.0"<br /> - ">= 1.2.x", ">= 1.2.X", and ">= 1.2.*" is equivalent to ">= 1.2.0"<br /> - "<= 2.x", "<= 2.X", and "<= 2.*" is equivalent to "< 3"<br /> - "x", "X", and "*" is equivalent to ">= 0.0.0"<br /><br /># Patch Release Comparisons<br /><br />When you want to specify a minor version up to the next major version you<br />can use the "~" character to perform patch comparisons. Some examples:<br /> - "~1.2.3" is equivalent to ">=1.2.3, <1.3.0"<br /> - "~1" and "~1.x" is equivalent to ">=1, <2"<br /> - "~2.3" is equivalent to ">=2.3, <2.4"<br /> - "~1.2.x" is equivalent to ">=1.2.0, <1.3.0"<br /><br /># Major Release Comparisons<br /><br />You can use the "^" character to make major release comparisons after a<br />stable 1.0.0 version is published. If there is no stable version published, // minor versions define the stability level. Some examples:<br /> - "^1.2.3" is equivalent to ">=1.2.3, <2.0.0"<br /> - "^1.2.x" is equivalent to ">=1.2.0, <2.0.0"<br /> - "^2.3" is equivalent to ">=2.3, <3"<br /> - "^2.x" is equivalent to ">=2.0.0, <3"<br /> - "^0.2.3" is equivalent to ">=0.2.3, <0.3.0"<br /> - "^0.2" is equivalent to ">=0.2.0, <0.3.0"<br /> - "^0.0.3" is equvalent to ">=0.0.3, <0.0.4"<br /> - "^0.0" is equivalent to ">=0.0.0, <0.1.0"<br /> - "^0" is equivalent to ">=0.0.0, <1.0.0"<br /><br /># OR Comparisons<br />You can use the "\|\|" character to represent an OR operation in the version<br />range. Some examples:<br /> - ">=1.2.3, <2.0.0 \|\| >3.0.0"<br /> - "^0 \|\| ^3 \|\| ^5"<br /><br />For more information on semver, please see https://semver.org/ | | MaxLength: 64 <br />Pattern: `^(\s*(=\|\|!=\|>\|<\|>=\|=>\|<=\|=<\|~\|~>\|\^)\s*(v?(0\|[1-9]\d*\|[x\|X\|\*])(\.(0\|[1-9]\d*\|x\|X\|\*]))?(\.(0\|[1-9]\d*\|x\|X\|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+\|,\s*\|\s*\\|\\|\s*)(=\|\|!=\|>\|<\|>=\|=>\|<=\|=<\|~\|~>\|\^)\s*(v?(0\|[1-9]\d*\|x\|X\|\*])(\.(0\|[1-9]\d*\|x\|X\|\*))?(\.(0\|[1-9]\d*\|x\|X\|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$` <br /> |
| `channels` _string array_ | channels is an optional reference to a set of channels belonging to<br />the package specified in the packageName field.<br /><br />A "channel" is a package author defined stream of updates for an extension.<br /><br />When specified, it is used to constrain the set of installable bundles and<br />the automated upgrade path. This constraint is an AND operation with the<br />version field. For example:<br /> - Given channel is set to "foo"<br /> - Given version is set to ">=1.0.0, <1.5.0"<br /> - Only bundles that exist in channel "foo" AND satisfy the version range comparison will be considered installable<br /> - Automatic upgrades will be constrained to upgrade edges defined by the selected channel<br /><br />When unspecified, upgrade edges across all channels will be used to identify valid automatic upgrade paths.<br /><br />This field follows the DNS subdomain name standard as defined in [RFC<br />1123]. This means that valid entries:<br /> - Contain no more than 253 characters<br /> - Contain only lowercase alphanumeric characters, '-', or '.'<br /> - Start with an alphanumeric character<br /> - End with an alphanumeric character<br /><br />Some examples of valid values are:<br /> - 1.1.x<br /> - alpha<br /> - stable<br /> - stable-v1<br /> - v1-stable<br /> - dev-preview<br /> - preview<br /> - community<br /><br />Some examples of invalid values are:<br /> - -some-channel<br /> - some-channel-<br /> - thisisareallylongchannelnamethatisgreaterthanthemaximumlength<br /> - original_40<br /> - --default-channel<br /><br />[RFC 1123]: https://tools.ietf.org/html/rfc1123 | | |
| `selector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v/#labelselector-v1-meta)_ | selector is an optional field that can be used<br />to filter the set of ClusterCatalogs used in the bundle<br />selection process.<br /><br />When unspecified, all ClusterCatalogs will be used in<br />the bundle selection process. | | |
| `upgradeConstraintPolicy` _[UpgradeConstraintPolicy](#upgradeconstraintpolicy)_ | upgradeConstraintPolicy is an optional field that controls whether<br />the upgrade path(s) defined in the catalog are enforced for the package<br />referenced in the packageName field.<br /><br />Allowed values are: ["Enforce", "Ignore"].<br /><br />When this field is set to "Enforce", automatic upgrades will only occur<br />when upgrade constraints specified by the package author are met.<br /><br />When this field is set to "Ignore", the upgrade constraints specified by<br />the package author are ignored. This allows for upgrades and downgrades to<br />any version of the package. This is considered a dangerous operation as it<br />can lead to unknown and potentially disastrous outcomes, such as data<br />loss. It is assumed that users have independently verified changes when<br />using this option.<br /><br />If unspecified, the default value is "Enforce". | Enforce | Enum: [Enforce Ignore] <br /> |
| `upgradeConstraintPolicy` _[UpgradeConstraintPolicy](#upgradeconstraintpolicy)_ | upgradeConstraintPolicy is an optional field that controls whether<br />the upgrade path(s) defined in the catalog are enforced for the package<br />referenced in the packageName field.<br /><br />Allowed values are: ["CatalogProvided", "SelfCertified"].<br /><br />When this field is set to "CatalogProvided", automatic upgrades will only occur<br />when upgrade constraints specified by the package author are met.<br /><br />When this field is set to "SelfCertified", the upgrade constraints specified by<br />the package author are ignored. This allows for upgrades and downgrades to<br />any version of the package. This is considered a dangerous operation as it<br />can lead to unknown and potentially disastrous outcomes, such as data<br />loss. It is assumed that users have independently verified changes when<br />using this option.<br /><br />If unspecified, the default value is "CatalogProvided". | CatalogProvided | Enum: [CatalogProvided SelfCertified] <br /> |


#### ClusterExtension
Expand Down Expand Up @@ -275,7 +275,7 @@ _Appears in:_

| Field | Description |
| --- | --- |
| `Enforce` | The extension will only upgrade if the new version satisfies<br />the upgrade constraints set by the package author.<br /> |
| `Ignore` | Unsafe option which allows an extension to be<br />upgraded or downgraded to any available version of the package and<br />ignore the upgrade path designed by package authors.<br />This assumes that users independently verify the outcome of the changes.<br />Use with caution as this can lead to unknown and potentially<br />disastrous results such as data loss.<br /> |
| `CatalogProvided` | The extension will only upgrade if the new version satisfies<br />the upgrade constraints set by the package author.<br /> |
| `SelfCertified` | Unsafe option which allows an extension to be<br />upgraded or downgraded to any available version of the package and<br />ignore the upgrade path designed by package authors.<br />This assumes that users independently verify the outcome of the changes.<br />Use with caution as this can lead to unknown and potentially<br />disastrous results such as data loss.<br /> |


2 changes: 1 addition & 1 deletion internal/resolve/catalog.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func (r *CatalogResolver) Resolve(ctx context.Context, ext *ocv1alpha1.ClusterEx
predicates = append(predicates, filter.InMastermindsSemverRange(versionRangeConstraints))
}

if ext.Spec.Source.Catalog.UpgradeConstraintPolicy != ocv1alpha1.UpgradeConstraintPolicyIgnore && installedBundle != nil {
if ext.Spec.Source.Catalog.UpgradeConstraintPolicy != ocv1alpha1.UpgradeConstraintPolicySelfCertified && installedBundle != nil {
successorPredicate, err := filter.SuccessorsOf(installedBundle, packageFBC.Channels...)
if err != nil {
return fmt.Errorf("error finding upgrade edges: %w", err)
Expand Down
Loading

0 comments on commit 78a6c00

Please sign in to comment.