operator-lifecycle-manager icon indicating copy to clipboard operation
operator-lifecycle-manager copied to clipboard
verified publisher icon operator-framework

CSV doesn't create the clusterrole if we use verbs: bind, escalate

Open prafull01 opened this issue 4 years ago • 1 comments

Bug Report

What did you do? Installed the latest OLM with operator-sdk olm install and tried to install our operator on OLM

What did you expect to see? I expect my operator to be installed successfully

What did you see instead? Under which circumstances? InstallPlan is in failed state with following error:

- lastTransitionTime: "2021-02-24T05:07:37Z"
      lastUpdateTime: "2021-02-24T05:07:37Z"
      message: 'error creating csv k8s-triliovault-stable.v1.0.1: ClusterServiceVersion.operators.coreos.com
        "k8s-triliovault-stable.v1.0.1" is invalid: [: Invalid value: "": "spec.install"
        must validate one and only one schema (oneOf). Found none valid, spec.install.spec.clusterPermissions.rules.verbs:
        Unsupported value: "bind": supported values: "*", "assign", "get", "list",
        "watch", "create", "update", "patch", "put", "post", "delete", "deletecollection",
        "initialize", "use"]'
      reason: InstallComponentFailed
      status: "False"
      type: Installed
    phase: Failed

The reason for this failure is ClusterServiceVersion CRD doesn't accept bind/escalate input in the spec.install.spec.clusterPermissions.rules.verbs

Environment

  • operator-lifecycle-manager version:

Latest

  • Kubernetes version information:*
prafull@EMPID18004:~/Downloads$ kubectl version 
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.0", GitCommit:"9e991415386e4cf155a24b1da15becaa390438d8", GitTreeState:"clean", BuildDate:"2020-03-25T14:58:59Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17+", GitVersion:"v1.17.16-gke.1600", GitCommit:"e68636cfa1f22582957abefcc274c576d87e69b3", GitTreeState:"clean", BuildDate:"2021-01-12T09:19:41Z", GoVersion:"go1.13.15b4", Compiler:"gc", Platform:"linux/amd64"}
  • Kubernetes cluster kind: * GKE Possible Solution Need to update the ClusterServiceVersion CSV to accept these two parameters as well

/kind bug

prafull01 avatar Feb 24 '21 06:02 prafull01

ClusterRoles on the CSV should support any custom verbs and used to do so -- seems like we may have regressed at some point, potentially when bumping the OpenAPI schema when moving up kube versions.

That being said, if ClusterRoles or Roles do not support custom verbs then potentially this is not something we want to fix.

exdx avatar May 27 '21 14:05 exdx