🌱 Descriptive Upgrade Constraint Policy constants (#1233)

* more descriptive upgrade contstraint policy constants

* change match labels to olm.operatorframework.io/metadata.name

fix unintentional override due to error in rebase

Co-authored-by: Joe Lanford <[email protected]>

---------

Co-authored-by: Joe Lanford <[email protected]>

Author: skattoju

api/v1alpha1/clusterextension_types.go

@@ -33,15 +33,15 @@ type CRDUpgradeSafetyPolicy string
 const (
 	// The extension will only upgrade if the new version satisfies
 	// the upgrade constraints set by the package author.
-	UpgradeConstraintPolicyEnforce UpgradeConstraintPolicy = "Enforce"
+	UpgradeConstraintPolicyCatalogProvided UpgradeConstraintPolicy = "CatalogProvided"
 
 	// Unsafe option which allows an extension to be
 	// upgraded or downgraded to any available version of the package and
 	// ignore the upgrade path designed by package authors.
 	// This assumes that users independently verify the outcome of the changes.
 	// Use with caution as this can lead to unknown and potentially
 	// disastrous results such as data loss.
-	UpgradeConstraintPolicyIgnore UpgradeConstraintPolicy = "Ignore"
+	UpgradeConstraintPolicySelfCertified UpgradeConstraintPolicy = "SelfCertified"
 )
 
 // ClusterExtensionSpec defines the desired state of ClusterExtension
@@ -323,22 +323,22 @@ type CatalogSource struct {
 	// the upgrade path(s) defined in the catalog are enforced for the package
 	// referenced in the packageName field.
 	//
-	// Allowed values are: ["Enforce", "Ignore"].
+	// Allowed values are: ["CatalogProvided", "SelfCertified"].
 	//
-	// When this field is set to "Enforce", automatic upgrades will only occur
+	// When this field is set to "CatalogProvided", automatic upgrades will only occur
 	// when upgrade constraints specified by the package author are met.
 	//
-	// When this field is set to "Ignore", the upgrade constraints specified by
+	// When this field is set to "SelfCertified", the upgrade constraints specified by
 	// the package author are ignored. This allows for upgrades and downgrades to
 	// any version of the package. This is considered a dangerous operation as it
 	// can lead to unknown and potentially disastrous outcomes, such as data
 	// loss. It is assumed that users have independently verified changes when
 	// using this option.
 	//
-	// If unspecified, the default value is "Enforce".
+	// If unspecified, the default value is "CatalogProvided".
 	//
-	//+kubebuilder:validation:Enum:=Enforce;Ignore
-	//+kubebuilder:default:=Enforce
+	//+kubebuilder:validation:Enum:=CatalogProvided;SelfCertified
+	//+kubebuilder:default:=CatalogProvided
 	//+optional
 	UpgradeConstraintPolicy UpgradeConstraintPolicy `json:"upgradeConstraintPolicy,omitempty"`
 }

config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml

@@ -334,28 +334,28 @@ spec:
                         type: object
                         x-kubernetes-map-type: atomic
                       upgradeConstraintPolicy:
-                        default: Enforce
+                        default: CatalogProvided
                         description: |-
                           upgradeConstraintPolicy is an optional field that controls whether
                           the upgrade path(s) defined in the catalog are enforced for the package
                           referenced in the packageName field.
 
-                          Allowed values are: ["Enforce", "Ignore"].
+                          Allowed values are: ["CatalogProvided", "SelfCertified"].
 
-                          When this field is set to "Enforce", automatic upgrades will only occur
+                          When this field is set to "CatalogProvided", automatic upgrades will only occur
                           when upgrade constraints specified by the package author are met.
 
-                          When this field is set to "Ignore", the upgrade constraints specified by
+                          When this field is set to "SelfCertified", the upgrade constraints specified by
                           the package author are ignored. This allows for upgrades and downgrades to
                           any version of the package. This is considered a dangerous operation as it
                           can lead to unknown and potentially disastrous outcomes, such as data
                           loss. It is assumed that users have independently verified changes when
                           using this option.
 
-                          If unspecified, the default value is "Enforce".
+                          If unspecified, the default value is "CatalogProvided".
                         enum:
-                        - Enforce
-                        - Ignore
+                        - CatalogProvided
+                        - SelfCertified
                         type: string
                       version:
                         description: |-

docs/drafts/upgrade-support.md

@@ -42,17 +42,17 @@ spec:
   packageName: <package_name>
   serviceAccount:
     name: <service_account>
-  upgradeConstraintPolicy: Ignore
+  upgradeConstraintPolicy: SelfCertified
   version: "<version_or_version_range>"
 ```
 
 where setting the `upgradeConstraintPolicy` to:
 
-`Ignore`
+`SelfCertified`
 :   Does not limit the next version to the set of successors, and instead allows for any downgrade, sidegrade, or upgrade.
 
-`Enforce`
-:   Only allows the next version to come from the successors list. This is the default value. If the `upgradeConstraintPolicy` parameter is not defined in an extension's CR, then the policy is set to `Enforce` by default.
+`CatalogProvided`
+:   Only allows the next version to come from the successors list. This is the default value. If the `upgradeConstraintPolicy` parameter is not defined in an extension's CR, then the policy is set to `CatalogProvided` by default.
 
 ## Upgrades
 
@@ -74,11 +74,11 @@ You must verify and perform upgrades manually in cases where automatic upgrades
 
 **Warning:** If you want to force an upgrade manually, you must thoroughly verify the outcome before applying any changes to production workloads. Failure to test and verify the upgrade might lead to catastrophic consequences such as data loss.
 
-As a package admin, if you must upgrade or downgrade to version that might be incompatible with the currently installed version, you can set the `.spec.upgradeConstraintPolicy` field to `Ignore` on the relevant `ClusterExtension` resource.
+As a package admin, if you must upgrade or downgrade to version that might be incompatible with the currently installed version, you can set the `.spec.upgradeConstraintPolicy` field to `SelfCertified` on the relevant `ClusterExtension` resource.
 
-If you set the field to `Ignore`, no upgrade constraints are set on the package. As a result, you can change the version to any version available in the catalogs for a given package.
+If you set the field to `SelfCertified`, no upgrade constraints are set on the package. As a result, you can change the version to any version available in the catalogs for a given package.
 
-Example `ClusterExtension` with `.spec.upgradeConstraintPolicy` field set to `Ignore`:
+Example `ClusterExtension` with `.spec.upgradeConstraintPolicy` field set to `SelfCertified`:
 
 ```yaml
 apiVersion: olm.operatorframework.io/v1alpha1
@@ -91,7 +91,7 @@ spec:
     catalog:
       packageName: argocd-operator
       version: 0.6.0
-      upgradeConstraintPolicy: Ignore
+      upgradeConstraintPolicy: SelfCertified
   install:
     namespace: argocd
     serviceAccout:

docs/refs/api/operator-controller-api-reference.md

@@ -82,7 +82,7 @@ _Appears in:_
 | `version` _string_ | version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed.<br /><br />Acceptable version ranges are no longer than 64 characters.<br />Version ranges are composed of comma- or space-delimited values and one or<br />more comparison operators, known as comparison strings. Additional<br />comparison strings can be added using the OR operator (\|\|).<br /><br /># Range Comparisons<br /><br />To specify a version range, you can use a comparison string like ">=3.0,<br /><3.6". When specifying a range, automatic updates will occur within that<br />range. The example comparison string means "install any version greater than<br />or equal to 3.0.0 but less than 3.6.0.". It also states intent that if any<br />upgrades are available within the version range after initial installation,<br />those upgrades should be automatically performed.<br /><br /># Pinned Versions<br /><br />To specify an exact version to install you can use a version range that<br />"pins" to a specific version. When pinning to a specific version, no<br />automatic updates will occur. An example of a pinned version range is<br />"0.6.0", which means "only install version 0.6.0 and never<br />upgrade from this version".<br /><br /># Basic Comparison Operators<br /><br />The basic comparison operators and their meanings are:<br />  - "=", equal (not aliased to an operator)<br />  - "!=", not equal<br />  - "<", less than<br />  - ">", greater than<br />  - ">=", greater than OR equal to<br />  - "<=", less than OR equal to<br /><br /># Wildcard Comparisons<br /><br />You can use the "x", "X", and "*" characters as wildcard characters in all<br />comparison operations. Some examples of using the wildcard characters:<br />  - "1.2.x", "1.2.X", and "1.2.*" is equivalent to ">=1.2.0, < 1.3.0"<br />  - ">= 1.2.x", ">= 1.2.X", and ">= 1.2.*" is equivalent to ">= 1.2.0"<br />  - "<= 2.x", "<= 2.X", and "<= 2.*" is equivalent to "< 3"<br />  - "x", "X", and "*" is equivalent to ">= 0.0.0"<br /><br /># Patch Release Comparisons<br /><br />When you want to specify a minor version up to the next major version you<br />can use the "~" character to perform patch comparisons. Some examples:<br />  - "~1.2.3" is equivalent to ">=1.2.3, <1.3.0"<br />  - "~1" and "~1.x" is equivalent to ">=1, <2"<br />  - "~2.3" is equivalent to ">=2.3, <2.4"<br />  - "~1.2.x" is equivalent to ">=1.2.0, <1.3.0"<br /><br /># Major Release Comparisons<br /><br />You can use the "^" character to make major release comparisons after a<br />stable 1.0.0 version is published. If there is no stable version published, // minor versions define the stability level. Some examples:<br />  - "^1.2.3" is equivalent to ">=1.2.3, <2.0.0"<br />  - "^1.2.x" is equivalent to ">=1.2.0, <2.0.0"<br />  - "^2.3" is equivalent to ">=2.3, <3"<br />  - "^2.x" is equivalent to ">=2.0.0, <3"<br />  - "^0.2.3" is equivalent to ">=0.2.3, <0.3.0"<br />  - "^0.2" is equivalent to ">=0.2.0, <0.3.0"<br />  - "^0.0.3" is equvalent to ">=0.0.3, <0.0.4"<br />  - "^0.0" is equivalent to ">=0.0.0, <0.1.0"<br />  - "^0" is equivalent to ">=0.0.0, <1.0.0"<br /><br /># OR Comparisons<br />You can use the "\|\|" character to represent an OR operation in the version<br />range. Some examples:<br />  - ">=1.2.3, <2.0.0 \|\| >3.0.0"<br />  - "^0 \|\| ^3 \|\| ^5"<br /><br />For more information on semver, please see https://semver.org/ |  | MaxLength: 64 <br />Pattern: `^(\s*(=\|\|!=\|>\|<\|>=\|=>\|<=\|=<\|~\|~>\|\^)\s*(v?(0\|[1-9]\d*\|[x\|X\|\*])(\.(0\|[1-9]\d*\|x\|X\|\*]))?(\.(0\|[1-9]\d*\|x\|X\|\*))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)((?:\s+\|,\s*\|\s*\\|\\|\s*)(=\|\|!=\|>\|<\|>=\|=>\|<=\|=<\|~\|~>\|\^)\s*(v?(0\|[1-9]\d*\|x\|X\|\*])(\.(0\|[1-9]\d*\|x\|X\|\*))?(\.(0\|[1-9]\d*\|x\|X\|\*]))?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)\s*)*$` <br /> |
 | `channels` _string array_ | channels is an optional reference to a set of channels belonging to<br />the package specified in the packageName field.<br /><br />A "channel" is a package author defined stream of updates for an extension.<br /><br />When specified, it is used to constrain the set of installable bundles and<br />the automated upgrade path. This constraint is an AND operation with the<br />version field. For example:<br />  - Given channel is set to "foo"<br />  - Given version is set to ">=1.0.0, <1.5.0"<br />  - Only bundles that exist in channel "foo" AND satisfy the version range comparison will be considered installable<br />  - Automatic upgrades will be constrained to upgrade edges defined by the selected channel<br /><br />When unspecified, upgrade edges across all channels will be used to identify valid automatic upgrade paths.<br /><br />This field follows the DNS subdomain name standard as defined in [RFC<br />1123]. This means that valid entries:<br />  - Contain no more than 253 characters<br />  - Contain only lowercase alphanumeric characters, '-', or '.'<br />  - Start with an alphanumeric character<br />  - End with an alphanumeric character<br /><br />Some examples of valid values are:<br />  - 1.1.x<br />  - alpha<br />  - stable<br />  - stable-v1<br />  - v1-stable<br />  - dev-preview<br />  - preview<br />  - community<br /><br />Some examples of invalid values are:<br />  - -some-channel<br />  - some-channel-<br />  - thisisareallylongchannelnamethatisgreaterthanthemaximumlength<br />  - original_40<br />  - --default-channel<br /><br />[RFC 1123]: https://tools.ietf.org/html/rfc1123 |  |  |
 | `selector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v/#labelselector-v1-meta)_ | selector is an optional field that can be used<br />to filter the set of ClusterCatalogs used in the bundle<br />selection process.<br /><br />When unspecified, all ClusterCatalogs will be used in<br />the bundle selection process. |  |  |
-| `upgradeConstraintPolicy` _[UpgradeConstraintPolicy](#upgradeconstraintpolicy)_ | upgradeConstraintPolicy is an optional field that controls whether<br />the upgrade path(s) defined in the catalog are enforced for the package<br />referenced in the packageName field.<br /><br />Allowed values are: ["Enforce", "Ignore"].<br /><br />When this field is set to "Enforce", automatic upgrades will only occur<br />when upgrade constraints specified by the package author are met.<br /><br />When this field is set to "Ignore", the upgrade constraints specified by<br />the package author are ignored. This allows for upgrades and downgrades to<br />any version of the package. This is considered a dangerous operation as it<br />can lead to unknown and potentially disastrous outcomes, such as data<br />loss. It is assumed that users have independently verified changes when<br />using this option.<br /><br />If unspecified, the default value is "Enforce". | Enforce | Enum: [Enforce Ignore] <br /> |
+| `upgradeConstraintPolicy` _[UpgradeConstraintPolicy](#upgradeconstraintpolicy)_ | upgradeConstraintPolicy is an optional field that controls whether<br />the upgrade path(s) defined in the catalog are enforced for the package<br />referenced in the packageName field.<br /><br />Allowed values are: ["CatalogProvided", "SelfCertified"].<br /><br />When this field is set to "CatalogProvided", automatic upgrades will only occur<br />when upgrade constraints specified by the package author are met.<br /><br />When this field is set to "SelfCertified", the upgrade constraints specified by<br />the package author are ignored. This allows for upgrades and downgrades to<br />any version of the package. This is considered a dangerous operation as it<br />can lead to unknown and potentially disastrous outcomes, such as data<br />loss. It is assumed that users have independently verified changes when<br />using this option.<br /><br />If unspecified, the default value is "CatalogProvided". | CatalogProvided | Enum: [CatalogProvided SelfCertified] <br /> |
 
 
 #### ClusterExtension
@@ -275,7 +275,7 @@ _Appears in:_
 
 | Field | Description |
 | --- | --- |
-| `Enforce` | The extension will only upgrade if the new version satisfies<br />the upgrade constraints set by the package author.<br /> |
-| `Ignore` | Unsafe option which allows an extension to be<br />upgraded or downgraded to any available version of the package and<br />ignore the upgrade path designed by package authors.<br />This assumes that users independently verify the outcome of the changes.<br />Use with caution as this can lead to unknown and potentially<br />disastrous results such as data loss.<br /> |
+| `CatalogProvided` | The extension will only upgrade if the new version satisfies<br />the upgrade constraints set by the package author.<br /> |
+| `SelfCertified` | Unsafe option which allows an extension to be<br />upgraded or downgraded to any available version of the package and<br />ignore the upgrade path designed by package authors.<br />This assumes that users independently verify the outcome of the changes.<br />Use with caution as this can lead to unknown and potentially<br />disastrous results such as data loss.<br /> |
 
 

internal/resolve/catalog.go

@@ -83,7 +83,7 @@ func (r *CatalogResolver) Resolve(ctx context.Context, ext *ocv1alpha1.ClusterEx
 			predicates = append(predicates, filter.InMastermindsSemverRange(versionRangeConstraints))
 		}
 
-		if ext.Spec.Source.Catalog.UpgradeConstraintPolicy != ocv1alpha1.UpgradeConstraintPolicyIgnore && installedBundle != nil {
+		if ext.Spec.Source.Catalog.UpgradeConstraintPolicy != ocv1alpha1.UpgradeConstraintPolicySelfCertified && installedBundle != nil {
 			successorPredicate, err := filter.SuccessorsOf(installedBundle, packageFBC.Channels...)
 			if err != nil {
 				return fmt.Errorf("error finding upgrade edges: %w", err)