Skip to content

OCPBUGS-60380: Backporting NetworkPolicy support for OLM bundles #429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-4.19
Choose a base branch
from
Open

OCPBUGS-60380: Backporting NetworkPolicy support for OLM bundles #429

wants to merge 1 commit into from
+11 −0

Conversation

anik120
Copy link
Contributor

@anik120 anik120 commented Aug 11, 2025
edited
Loading

This is a hack to backport "NetworkPolicy object kind in bundles" support from operator-framework/operator-registry#1675 The feature was introduced in OCP 4.20 with a operator-registry bump to v1.55.0. Ref:

  1. operator-registry v1.55.0 release: https://github.com/operator-framework/operator-registry/releases/tag/v1.55.0
  2. operator-registry bump in OCP 4.20: OPRUN-3928, OCPBUGS-60260: ✨ Update operator-registry to v1.55.0 operator-framework/operator-controller#1981

Because the upstream PR is not being backported in operator-registry to older tags (with new z stream releases), this achieves a downstream-only backport for this feature.

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 11, 2025
@openshift-ci-robot
Copy link

@anik120: This pull request references Jira Issue OCPBUGS-60260, which is invalid:

  • expected the bug to target either version "4.19." or "openshift-4.19.", but it targets "4.20" instead
  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-60260 to depend on a bug targeting a version in 4.20.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is a hack to backport "NetworkPolicy object kind in bundles" support from operator-framework/operator-registry#1675 The feature was introduced in OCP 4.20 with a operator-registry bump to v1.55.0. Ref:

  1. operator-registry v1.55.0 release: https://github.com/operator-framework/operator-registry/releases/tag/v1.55.0
  2. operator-registry bump in OCP 4.20: OPRUN-3928, OCPBUGS-60260: ✨ Update operator-registry to v1.55.0 operator-framework/operator-controller#1981 Because the upstream PR is not being backported in operator-registry to older tags (with new z stream releases), this achieves a downstream-only backport for this feature.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@anik120 anik120 changed the title OCPBUGS-60260: Backporting NetworkPolicy support for OLM bundles OCPBUGS-60380: Backporting NetworkPolicy support for OLM bundles Aug 11, 2025
@openshift-ci-robot
Copy link

@anik120: This pull request references Jira Issue OCPBUGS-60380, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-60380 to depend on a bug targeting a version in 4.20.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is a hack to backport "NetworkPolicy object kind in bundles" support from operator-framework/operator-registry#1675 The feature was introduced in OCP 4.20 with a operator-registry bump to v1.55.0. Ref:

  1. operator-registry v1.55.0 release: https://github.com/operator-framework/operator-registry/releases/tag/v1.55.0
  2. operator-registry bump in OCP 4.20: OPRUN-3928, OCPBUGS-60260: ✨ Update operator-registry to v1.55.0 operator-framework/operator-controller#1981 Because the upstream PR is not being backported in operator-registry to older tags (with new z stream releases), this achieves a downstream-only backport for this feature.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@anik120
Copy link
Contributor Author

anik120 commented Aug 11, 2025

/jira refresh

@openshift-ci-robot
Copy link

@anik120: This pull request references Jira Issue OCPBUGS-60380, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-60380 to depend on a bug targeting a version in 4.20.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@anik120
Copy link
Contributor Author

anik120 commented Aug 11, 2025

/jira refresh

@openshift-ci-robot
Copy link

@anik120: This pull request references Jira Issue OCPBUGS-60380, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@anik120
Copy link
Contributor Author

anik120 commented Aug 11, 2025

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 11, 2025
@openshift-ci-robot
Copy link

@anik120: This pull request references Jira Issue OCPBUGS-60380, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.19.z) matches configured target version for branch (4.19.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • release note type set to "Release Note Not Required"
  • dependent bug Jira Issue OCPBUGS-60260 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
  • dependent Jira Issue OCPBUGS-60260 targets the "4.20.0" version, which is one of the valid target versions: 4.20.0
  • bug has dependents

Requesting review from QA contact:
/cc @Xia-Zhao-rh

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from Xia-Zhao-rh August 11, 2025 19:46
@anik120 anik120 force-pushed the backport-networkpolicy-support branch from 21de341 to b8409b0 Compare August 11, 2025 19:48
@anik120
UPSTREAM: 1981: Backporting NetworkPolicy support for OLM bundles
406020c 
This is a hack to backport "NetworkPolicy object kind in bundles" support from
operator-framework/operator-registry#1675
The feature was introduced in OCP 4.20 with a operator-registry bump to v1.55.0.
Ref:
1. operator-registry v1.55.0 release: https://github.com/operator-framework/operator-registry/releases/tag/v1.55.0
2. operator-registry bump in OCP 4.20: operator-framework/operator-controller#1981
Because the upstream PR is not being backported in operator-registry to older tags (with new z stream releases),
this achieves a downstream-only backport for this feature.
@anik120 anik120 force-pushed the backport-networkpolicy-support branch from b8409b0 to 406020c Compare August 11, 2025 19:50
@openshift-ci-robot
Copy link

@anik120: This pull request references Jira Issue OCPBUGS-60380, which is valid.

7 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.19.z) matches configured target version for branch (4.19.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
  • release note type set to "Release Note Not Required"
  • dependent bug Jira Issue OCPBUGS-60260 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
  • dependent Jira Issue OCPBUGS-60260 targets the "4.20.0" version, which is one of the valid target versions: 4.20.0
  • bug has dependents

Requesting review from QA contact:
/cc @Xia-Zhao-rh

In response to this:

This is a hack to backport "NetworkPolicy object kind in bundles" support from operator-framework/operator-registry#1675 The feature was introduced in OCP 4.20 with a operator-registry bump to v1.55.0. Ref:

  1. operator-registry v1.55.0 release: https://github.com/operator-framework/operator-registry/releases/tag/v1.55.0
  2. operator-registry bump in OCP 4.20: OPRUN-3928, OCPBUGS-60260: ✨ Update operator-registry to v1.55.0 operator-framework/operator-controller#1981

Because the upstream PR is not being backported in operator-registry to older tags (with new z stream releases), this achieves a downstream-only backport for this feature.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@tmshort
Copy link
Contributor

tmshort commented Aug 11, 2025

/approve

I'd want someone else to also review this method.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 11, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anik120, tmshort

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 11, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 11, 2025

@anik120: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@oceanc80
Copy link
Contributor

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Aug 12, 2025
camilamacedo86
camilamacedo86 reviewed Aug 12, 2025
View reviewed changes
internal/operator-controller/rukpak/convert/registryv1.go
// Because the upstream PR is not being backported in operator-registry to older tags (with new z stream releases),
// this achieves a downstream-only backport for this feature.
if obj.GetKind() == "NetworkPolicy" {
supported, namespaced = true, true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think it will not work well to add directly here.

It should be added in: https://github.com/operator-framework/operator-controller/blob/3d6a33b60dab6aedec2b676eba3a7631d3961340/internal/operator-controller/rukpak/render/registryv1/generators/generators.go#L282-L298

@tmshort ^ WDYT?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think adding it to generators.go replaces this. But I agree that it looks like there are multiple places where operator-registry's bundle.IsSupported is used and we need to patch all of those places or make one function where we add the new validation and then use that everywhere that operator-registry's bundle.IsSupported is used.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hold on what commit are you looking at @camilamacedo86 coz I don't see the rukpak/render folder in the release-4.19 branch

https://github.com/openshift/operator-framework-operator-controller/tree/release-4.19/internal/operator-controller/rukpak

I did a search in the 4.19 release branch and only one place popped up that's using isSupported(), and that's patched in this PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh you're looking at upstream @camilamacedo86.

Please see the downstream repo in its 4.19 release, there's only this one occurrence.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, sorry, I didn't catch this before. @camilamacedo86 linked the upstream code. This change is downstream only.

oceanc80
oceanc80 reviewed Aug 12, 2025
View reviewed changes
Copy link
Contributor

@oceanc80 oceanc80 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we'll need to reformat the commit message to be a CARRY commit so it doesn't get dropped going forward.

@anik120
Copy link
Contributor Author

anik120 commented Aug 12, 2025

I think we'll need to reformat the commit message to be a CARRY commit so it doesn't get dropped going forward.

I went with the PR number based on this conversation with Todd: https://redhat-internal.slack.com/archives/C03MFMLT8TY/p1744830832493459?thread_ts=1744830637.432549&cid=C03MFMLT8TY

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oceanc80 oceanc80 oceanc80 left review comments

@camilamacedo86 camilamacedo86 camilamacedo86 left review comments

@rashmigottipati rashmigottipati Awaiting requested review from rashmigottipati

@Xia-Zhao-rh Xia-Zhao-rh Awaiting requested review from Xia-Zhao-rh

Assignees

@bandrade bandrade

@jianzhangbjz jianzhangbjz

@emmajiafan emmajiafan

@kuiwang02 kuiwang02

@Xia-Zhao-rh Xia-Zhao-rh

@KeenonLee KeenonLee

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.