openshift
diff --git a/‎staging/operator-lifecycle-manager/pkg/controller/operators/olm/operator.go
Lines changed: 41 additions & 0 deletions b/‎staging/operator-lifecycle-manager/pkg/controller/operators/olm/operator.go
Lines changed: 41 additions & 0 deletions
diff --git a/‎staging/operator-lifecycle-manager/test/e2e/csv_e2e_test.go
Lines changed: 3 additions & 0 deletions b/‎staging/operator-lifecycle-manager/test/e2e/csv_e2e_test.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go
Lines changed: 21 additions & 1 deletion b/‎staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go
Lines changed: 21 additions & 1 deletion
diff --git a/‎staging/operator-registry/alpha/declcfg/write.go
Lines changed: 137 additions & 35 deletions b/‎staging/operator-registry/alpha/declcfg/write.go
Lines changed: 137 additions & 35 deletions
diff --git a/‎staging/operator-registry/alpha/declcfg/write_test.go
Lines changed: 2 additions & 1 deletion b/‎staging/operator-registry/alpha/declcfg/write_test.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎staging/operator-registry/alpha/veneer/semver/README.md
Lines changed: 18 additions & 1 deletion b/‎staging/operator-registry/alpha/veneer/semver/README.md
Lines changed: 18 additions & 1 deletion
diff --git a/‎staging/operator-registry/cmd/opm/alpha/cmd.go
Lines changed: 2 additions & 0 deletions b/‎staging/operator-registry/cmd/opm/alpha/cmd.go
Lines changed: 2 additions & 0 deletions
@@ -11,6 +11,7 @@ import (
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	extinf "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -1121,6 +1122,46 @@ func (a *Operator) handleClusterServiceVersionDeletion(obj interface{}) {
 			logger.WithError(err).Warnf("failed to requeue gc event: %v", webhook)
 		}
 	}
+
+	// Conversion webhooks are defined within a CRD.
+	// In an effort to prevent customer dataloss, OLM does not delete CRDs associated with a CSV when it is deleted.
+	// Deleting a CSV that introduced a conversion webhook removes the deployment that serviced the conversion webhook calls.
+	// If a conversion webhook is defined and the service isn't available, all requests against the CR associated with the CRD will fail.
+	// This ultimately breaks kubernetes garbage collection and prevents OLM from reinstalling the CSV as CR validation against the new CRD's
+	// openapiv3 schema fails.
+	// As such, when a CSV is deleted OLM will check if it is being replaced. If the CSV is not being replaced, OLM will remove the conversion
+	// webhook from the CRD definition.
+	csvs, err := a.lister.OperatorsV1alpha1().ClusterServiceVersionLister().ClusterServiceVersions(clusterServiceVersion.GetNamespace()).List(labels.Everything())
+	if err != nil {
+		logger.Errorf("error listing csvs: %v\n", err)
+	}
+	for _, csv := range csvs {
+		if csv.Spec.Replaces == clusterServiceVersion.GetName() {
+			return
+		}
+	}
+
+	for _, desc := range clusterServiceVersion.Spec.WebhookDefinitions {
+		if desc.Type != v1alpha1.ConversionWebhook || len(desc.ConversionCRDs) == 0 {
+			continue
+		}
+
+		for i, crdName := range desc.ConversionCRDs {
+			crd, err := a.lister.APIExtensionsV1().CustomResourceDefinitionLister().Get(crdName)
+			if err != nil {
+				logger.Errorf("error getting CRD %v which was defined in CSVs spec.WebhookDefinition[%d]: %v\n", crdName, i, err)
+				continue
+			}
+
+			copy := crd.DeepCopy()
+			copy.Spec.Conversion.Strategy = apiextensionsv1.NoneConverter
+			copy.Spec.Conversion.Webhook = nil
+
+			if _, err = a.opClient.ApiextensionsInterface().ApiextensionsV1().CustomResourceDefinitions().Update(context.TODO(), copy, metav1.UpdateOptions{}); err != nil {
+				logger.Errorf("error updating conversion strategy for CRD %v: %v\n", crdName, err)
+			}
+		}
+	}
 }
 
 func (a *Operator) removeDanglingChildCSVs(csv *v1alpha1.ClusterServiceVersion) error {
 
@@ -4206,6 +4206,9 @@ func findLastEvent(events *corev1.EventList) (event corev1.Event) {
 func buildCSVCleanupFunc(c operatorclient.ClientInterface, crc versioned.Interface, csv operatorsv1alpha1.ClusterServiceVersion, namespace string, deleteCRDs, deleteAPIServices bool) cleanupFunc {
 	return func() {
 		err := crc.OperatorsV1alpha1().ClusterServiceVersions(namespace).Delete(context.TODO(), csv.GetName(), metav1.DeleteOptions{})
+		if err != nil && apierrors.IsNotFound(err) {
+			err = nil
+		}
 		Expect(err).ShouldNot(HaveOccurred())
 
 		if deleteCRDs {
 
@@ -639,6 +639,7 @@ var _ = Describe("CSVs with a Webhook", func() {
 		}).Should(Equal(2))
 	})
 	When("Installed from a catalog Source", func() {
+		const csvName = "webhook-operator.v0.0.1"
 		var cleanupCSV cleanupFunc
 		var cleanupCatSrc cleanupFunc
 		var cleanupSubscription cleanupFunc
@@ -687,7 +688,7 @@ var _ = Describe("CSVs with a Webhook", func() {
 			defer cleanupSubscription()
 
 			// Wait for webhook-operator v2 csv to succeed
-			csv, err := awaitCSV(crc, source.GetNamespace(), "webhook-operator.v0.0.1", csvSucceededChecker)
+			csv, err := awaitCSV(crc, source.GetNamespace(), csvName, csvSucceededChecker)
 			require.NoError(GinkgoT(), err)
 
 			cleanupCSV = buildCSVCleanupFunc(c, crc, *csv, source.GetNamespace(), true, true)
@@ -775,6 +776,25 @@ var _ = Describe("CSVs with a Webhook", func() {
 			require.True(GinkgoT(), ok, "Unable to get spec.conversion.valid of v2 object")
 			require.True(GinkgoT(), v2SpecConversionMutate)
 			require.True(GinkgoT(), v2SpecConversionValid)
+
+			// Check that conversion strategies are disabled after uninstalling the operator.
+			err = crc.OperatorsV1alpha1().ClusterServiceVersions(generatedNamespace.GetName()).Delete(context.TODO(), csvName, metav1.DeleteOptions{})
+			require.NoError(GinkgoT(), err)
+
+			Eventually(func() error {
+				crd, err := c.ApiextensionsInterface().ApiextensionsV1().CustomResourceDefinitions().Get(context.TODO(), "webhooktests.webhook.operators.coreos.io", metav1.GetOptions{})
+				if err != nil {
+					return err
+				}
+
+				if crd.Spec.Conversion.Strategy != apiextensionsv1.NoneConverter {
+					return fmt.Errorf("conversion strategy is not NoneConverter")
+				}
+				if crd.Spec.Conversion.Webhook != nil {
+					return fmt.Errorf("webhook is not nil")
+				}
+				return nil
+			}).Should(Succeed())
 		})
 	})
 	When("WebhookDescription has conversionCRDs field", func() {
 
@@ -8,67 +8,90 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/blang/semver/v4"
+	"github.com/operator-framework/operator-registry/alpha/property"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"sigs.k8s.io/yaml"
 )
 
 // writes out the channel edges of the declarative config graph in a mermaid format capable of being pasted into
 // mermaid renderers like github, mermaid.live, etc.
 // output is sorted lexicographically by package name, and then by channel name
+// if provided, minEdgeName will be used as the lower bound for edges in the output graph
 //
 // NB:  Output has wrapper comments stating the skipRange edge caveat in HTML comment format, which cannot be parsed by mermaid renderers.
-//      This is deliberate, and intended as an explicit acknowledgement of the limitations, instead of requiring the user to notice the missing edges upon inspection.
+//
+//	This is deliberate, and intended as an explicit acknowledgement of the limitations, instead of requiring the user to notice the missing edges upon inspection.
 //
 // Example output:
 // <!-- PLEASE NOTE:  skipRange edges are not currently displayed -->
 // graph LR
-//   %% package "neuvector-certified-operator-rhmp"
-//   subgraph "neuvector-certified-operator-rhmp"
-//      %% channel "beta"
-//      subgraph neuvector-certified-operator-rhmp-beta["beta"]
-// 	      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.8["neuvector-operator.v1.2.8"]
-// 	      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.9["neuvector-operator.v1.2.9"]
-// 	      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.3.0["neuvector-operator.v1.3.0"]
-// 	      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.3.0["neuvector-operator.v1.3.0"]-- replaces --> neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.8["neuvector-operator.v1.2.8"]
-// 	      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.3.0["neuvector-operator.v1.3.0"]-- skips --> neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.9["neuvector-operator.v1.2.9"]
-//     end
-//   end
+//
+//	  %% package "neuvector-certified-operator-rhmp"
+//	  subgraph "neuvector-certified-operator-rhmp"
+//	     %% channel "beta"
+//	     subgraph neuvector-certified-operator-rhmp-beta["beta"]
+//		      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.8["neuvector-operator.v1.2.8"]
+//		      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.9["neuvector-operator.v1.2.9"]
+//		      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.3.0["neuvector-operator.v1.3.0"]
+//		      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.3.0["neuvector-operator.v1.3.0"]-- replaces --> neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.8["neuvector-operator.v1.2.8"]
+//		      neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.3.0["neuvector-operator.v1.3.0"]-- skips --> neuvector-certified-operator-rhmp-beta-neuvector-operator.v1.2.9["neuvector-operator.v1.2.9"]
+//	    end
+//	  end
+//
 // end
 // <!-- PLEASE NOTE:  skipRange edges are not currently displayed -->
-func WriteMermaidChannels(cfg DeclarativeConfig, out io.Writer) error {
+func WriteMermaidChannels(cfg DeclarativeConfig, out io.Writer, minEdgeName string) error {
 	pkgs := map[string]*strings.Builder{}
 
 	sort.Slice(cfg.Channels, func(i, j int) bool {
 		return cfg.Channels[i].Name < cfg.Channels[j].Name
 	})
 
-	for _, c := range cfg.Channels {
-		pkgBuilder, ok := pkgs[c.Package]
-		if !ok {
-			pkgBuilder = &strings.Builder{}
-			pkgs[c.Package] = pkgBuilder
+	versionMap, err := getBundleVersions(&cfg)
+	if err != nil {
+		return err
+	}
+
+	if _, ok := versionMap[minEdgeName]; !ok {
+		if minEdgeName != "" {
+			return fmt.Errorf("unknown minimum edge name: %q", minEdgeName)
 		}
-		channelID := fmt.Sprintf("%s-%s", c.Package, c.Name)
-		pkgBuilder.WriteString(fmt.Sprintf("    %%%% channel %q\n", c.Name))
-		pkgBuilder.WriteString(fmt.Sprintf("    subgraph %s[%q]\n", channelID, c.Name))
-
-		for _, ce := range c.Entries {
-			entryId := fmt.Sprintf("%s-%s", channelID, ce.Name)
-			pkgBuilder.WriteString(fmt.Sprintf("      %s[%q]\n", entryId, ce.Name))
-
-			// no support for SkipRange yet
-			if len(ce.Replaces) > 0 {
-				replacesId := fmt.Sprintf("%s-%s", channelID, ce.Replaces)
-				pkgBuilder.WriteString(fmt.Sprintf("      %s[%q]-- %s --> %s[%q]\n", entryId, ce.Name, "replaces", replacesId, ce.Replaces))
+	}
+
+	for _, c := range cfg.Channels {
+		filteredChannel := filterChannel(&c, versionMap, minEdgeName)
+		if filteredChannel != nil {
+			pkgBuilder, ok := pkgs[c.Package]
+			if !ok {
+				pkgBuilder = &strings.Builder{}
+				pkgs[c.Package] = pkgBuilder
 			}
-			if len(ce.Skips) > 0 {
-				for _, s := range ce.Skips {
-					skipsId := fmt.Sprintf("%s-%s", channelID, s)
-					pkgBuilder.WriteString(fmt.Sprintf("      %s[%q]-- %s --> %s[%q]\n", entryId, ce.Name, "skips", skipsId, s))
+
+			channelID := fmt.Sprintf("%s-%s", filteredChannel.Package, filteredChannel.Name)
+			pkgBuilder.WriteString(fmt.Sprintf("    %%%% channel %q\n", filteredChannel.Name))
+			pkgBuilder.WriteString(fmt.Sprintf("    subgraph %s[%q]\n", channelID, filteredChannel.Name))
+
+			for _, ce := range filteredChannel.Entries {
+				if versionMap[ce.Name].GE(versionMap[minEdgeName]) {
+					entryId := fmt.Sprintf("%s-%s", channelID, ce.Name)
+					pkgBuilder.WriteString(fmt.Sprintf("      %s[%q]\n", entryId, ce.Name))
+
+					// no support for SkipRange yet
+					if len(ce.Replaces) > 0 {
+						replacesId := fmt.Sprintf("%s-%s", channelID, ce.Replaces)
+						pkgBuilder.WriteString(fmt.Sprintf("      %s[%q]-- %s --> %s[%q]\n", entryId, ce.Name, "replaces", replacesId, ce.Replaces))
+					}
+					if len(ce.Skips) > 0 {
+						for _, s := range ce.Skips {
+							skipsId := fmt.Sprintf("%s-%s", channelID, s)
+							pkgBuilder.WriteString(fmt.Sprintf("      %s[%q]-- %s --> %s[%q]\n", entryId, ce.Name, "skips", skipsId, s))
+						}
+					}
 				}
 			}
+			pkgBuilder.WriteString("    end\n")
 		}
-		pkgBuilder.WriteString("    end\n")
 	}
 
 	out.Write([]byte("<!-- PLEASE NOTE:  skipRange edges are not currently displayed -->\n"))
@@ -91,6 +114,85 @@ func WriteMermaidChannels(cfg DeclarativeConfig, out io.Writer) error {
 	return nil
 }
 
+// filters the channel edges to include only those which are greater-than-or-equal to the edge named by startVersion
+// returns a nil channel if all edges are filtered out
+func filterChannel(c *Channel, versionMap map[string]semver.Version, minEdgeName string) *Channel {
+	// short-circuit if no specified startVersion
+	if minEdgeName == "" {
+		return c
+	}
+	// convert the edge name to the version so we don't have to duplicate the lookup
+	minVersion := versionMap[minEdgeName]
+
+	out := &Channel{Name: c.Name, Package: c.Package, Properties: c.Properties, Entries: []ChannelEntry{}}
+	for _, ce := range c.Entries {
+		filteredCe := ChannelEntry{Name: ce.Name}
+		// short-circuit to take the edge name (but no references to earlier versions)
+		if ce.Name == minEdgeName {
+			out.Entries = append(out.Entries, filteredCe)
+			continue
+		}
+		// if len(ce.SkipRange) > 0 {
+		// }
+		if len(ce.Replaces) > 0 {
+			if versionMap[ce.Replaces].GTE(minVersion) {
+				filteredCe.Replaces = ce.Replaces
+			}
+		}
+		if len(ce.Skips) > 0 {
+			filteredSkips := []string{}
+			for _, s := range ce.Skips {
+				if versionMap[s].GTE(minVersion) {
+					filteredSkips = append(filteredSkips, s)
+				}
+			}
+			if len(filteredSkips) > 0 {
+				filteredCe.Skips = filteredSkips
+			}
+		}
+		if len(filteredCe.Replaces) > 0 || len(filteredCe.Skips) > 0 {
+			out.Entries = append(out.Entries, filteredCe)
+		}
+	}
+
+	if len(out.Entries) > 0 {
+		return out
+	} else {
+		return nil
+	}
+}
+
+func parseVersionProperty(b *Bundle) (*semver.Version, error) {
+	props, err := property.Parse(b.Properties)
+	if err != nil {
+		return nil, fmt.Errorf("parse properties for bundle %q: %v", b.Name, err)
+	}
+	if len(props.Packages) != 1 {
+		return nil, fmt.Errorf("bundle %q has multiple %q properties, expected exactly 1", b.Name, property.TypePackage)
+	}
+	v, err := semver.Parse(props.Packages[0].Version)
+	if err != nil {
+		return nil, fmt.Errorf("bundle %q has invalid version %q: %v", b.Name, props.Packages[0].Version, err)
+	}
+
+	return &v, nil
+}
+
+func getBundleVersions(cfg *DeclarativeConfig) (map[string]semver.Version, error) {
+	entries := make(map[string]semver.Version)
+	for index := range cfg.Bundles {
+		if _, ok := entries[cfg.Bundles[index].Name]; !ok {
+			ver, err := parseVersionProperty(&cfg.Bundles[index])
+			if err != nil {
+				return entries, err
+			}
+			entries[cfg.Bundles[index].Name] = *ver
+		}
+	}
+
+	return entries, nil
+}
+
 func WriteJSON(cfg DeclarativeConfig, w io.Writer) error {
 	enc := json.NewEncoder(w)
 	enc.SetIndent("", "    ")
 
@@ -513,10 +513,11 @@ graph LR
 `,
 		},
 	}
+	startVersion := ""
 	for _, s := range specs {
 		t.Run(s.name, func(t *testing.T) {
 			var buf bytes.Buffer
-			err := WriteMermaidChannels(s.cfg, &buf)
+			err := WriteMermaidChannels(s.cfg, &buf, startVersion)
 			require.NoError(t, err)
 			require.Equal(t, s.expected, buf.String())
 		})
 
@@ -56,9 +56,10 @@ In this example, `Candidate` has the entire version range of bundles,  `Fast` ha
 ```
 % ./bin/opm alpha render-veneer semver -h
 Generate a file-based catalog from a single 'semver veneer' file
+When FILE is '-' or not provided, the veneer is read from standard input
 
 Usage:
-  opm alpha render-veneer semver <filename> [flags]
+  opm alpha render-veneer semver [FILE] [flags]
 
 Flags:
   -h, --help            help for semver
@@ -68,6 +69,22 @@ Global Flags:
       --skip-tls-verify   skip TLS certificate verification for container image registries while pulling bundles
       --use-http          use plain HTTP for container image registries while pulling bundles
 ```
+
+Example command usage:
+```
+# Example with file argument passed in
+opm alpha render-veneer semver infile.semver.veneer.yaml
+
+# Example with no file argument passed in
+opm alpha render-veneer semver -o yaml < infile.semver.veneer.yaml > outfile.yaml
+
+# Example with "-" as the file argument passed in
+cat infile.semver.veneer.yaml | opm alpha render-veneer semver -o mermaid -
+```
+Note that if the command is called without a file argument and nothing passed in on standard input,
+the command will hang indefinitely. Either a file argument or file information passed 
+in on standard input is required by the command.
+
 With the veneer attribute `GenerateMajorChannels: true` resulting major channels from the command are (skipping the rendered bundle image output):
 ```yaml
 ---
 
@@ -6,6 +6,7 @@ import (
 	"github.com/operator-framework/operator-registry/cmd/opm/alpha/bundle"
 	"github.com/operator-framework/operator-registry/cmd/opm/alpha/diff"
 	"github.com/operator-framework/operator-registry/cmd/opm/alpha/list"
+	rendergraph "github.com/operator-framework/operator-registry/cmd/opm/alpha/render-graph"
 	"github.com/operator-framework/operator-registry/cmd/opm/alpha/veneer"
 )
 
@@ -20,6 +21,7 @@ func NewCmd() *cobra.Command {
 	runCmd.AddCommand(
 		bundle.NewCmd(),
 		list.NewCmd(),
+		rendergraph.NewCmd(),
 		diff.NewCmd(),
 		veneer.NewCmd(),
 	)
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"github.com/operator-framework/operator-registry/cmd/opm/alpha/bundle"`
`7`	`7`	`"github.com/operator-framework/operator-registry/cmd/opm/alpha/diff"`
`8`	`8`	`"github.com/operator-framework/operator-registry/cmd/opm/alpha/list"`
	`9`	`+ rendergraph "github.com/operator-framework/operator-registry/cmd/opm/alpha/render-graph"`
`9`	`10`	`"github.com/operator-framework/operator-registry/cmd/opm/alpha/veneer"`
`10`	`11`	`)`
`11`	`12`
`@@ -20,6 +21,7 @@ func NewCmd() *cobra.Command {`
`20`	`21`	`runCmd.AddCommand(`
`21`	`22`	`bundle.NewCmd(),`
`22`	`23`	`list.NewCmd(),`
	`24`	`+ rendergraph.NewCmd(),`
`23`	`25`	`diff.NewCmd(),`
`24`	`26`	`veneer.NewCmd(),`
`25`	`27`	`)`