Bug: 2 ansiblejobs were created when disabled policy, "Disabled+Manua…

…l" mode Solution: Add resourceV verification Signed-off-by: Yi Rae Kim <yikim@redhat.com>
open-cluster-management-io · Jun 20, 2023 · 0f36dc0 · 0f36dc0
1 parent 80bd403
commit 0f36dc0
Show file tree

Hide file tree

Showing 3 changed files with 310 additions and 146 deletions.
diff --git a/controllers/automation/policyautomation_controller.go b/controllers/automation/policyautomation_controller.go
@@ -302,6 +302,20 @@ func (r *PolicyAutomationReconciler) Reconcile(
 	}
 
 	if policyAutomation.Annotations["policy.open-cluster-management.io/rerun"] == "true" {
+		AjExist, err := common.MatchPAResouceV(policyAutomation,
+			r.DynamicClient, policyAutomation.GetResourceVersion())
+		if err != nil {
+			log.Error(err, "Failed to compare Ansible job's resourceVersion")
+
+			return reconcile.Result{}, err
+		}
+
+		if AjExist {
+			log.Info("Ansiblejob already exist under this policyautomation resourceVersion")
+
+			return reconcile.Result{}, nil
+		}
+
 		targetList := common.FindNonCompliantClustersForPolicy(policy)
 		log.Info(
 			"Creating an Ansible job", "mode", "manual",

diff --git a/controllers/common/ansible.go b/controllers/common/ansible.go
@@ -24,6 +24,8 @@ const (
 	ControllerName             string = "policy-automation"
 	PolicyAutomationLabel      string = "policy.open-cluster-management.io/policyautomation-name"
 	PolicyAutomationGeneration string = "policy.open-cluster-management.io/policyautomation-generation"
+	// policyautomation-ResouceVersion
+	PolicyAutomationResouceV string = "policy.open-cluster-management.io/policyautomation-resource-version"
 )
 
 var log = ctrl.Log.WithName(ControllerName)
@@ -49,12 +51,6 @@ func MatchPAGeneration(policyAutomation *policyv1beta1.PolicyAutomation,
 		return false, err
 	}
 
-	ansiblejobLen := len(ansiblejobList.Items)
-	// Check whether new PolicyAutomation
-	if ansiblejobLen == 0 {
-		return false, nil
-	}
-
 	s := strconv.FormatInt(generation, 10)
 
 	for _, aj := range ansiblejobList.Items {
@@ -67,6 +63,32 @@ func MatchPAGeneration(policyAutomation *policyv1beta1.PolicyAutomation,
 	return false, nil
 }
 
+// Check any ansiblejob is made by current resourceVersion number
+// Returning "true" means the policy automation already created ansiblejob with this resourceVersion
+func MatchPAResouceV(policyAutomation *policyv1beta1.PolicyAutomation,
+	dynamicClient dynamic.Interface, resourceVersion string,
+) (bool, error) {
+	ansiblejobList, err := dynamicClient.Resource(ansibleJobRes).Namespace(policyAutomation.GetNamespace()).List(
+		context.TODO(), metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%s=%s", PolicyAutomationLabel, policyAutomation.GetName()),
+		},
+	)
+	if err != nil {
+		log.Error(err, "Failed to get ansiblejob list")
+
+		return false, err
+	}
+
+	for _, aj := range ansiblejobList.Items {
+		annotations := aj.GetAnnotations()
+		if annotations[PolicyAutomationResouceV] == resourceVersion {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
 // CreateAnsibleJob creates ansiblejob with given PolicyAutomation
 func CreateAnsibleJob(policyAutomation *policyv1beta1.PolicyAutomation,
 	dynamicClient dynamic.Interface, mode string, violationContext policyv1beta1.ViolationContext,
@@ -79,6 +101,7 @@ func CreateAnsibleJob(policyAutomation *policyv1beta1.PolicyAutomation,
 				"annotations": map[string]interface{}{
 					PolicyAutomationGeneration: strconv.
 						FormatInt(policyAutomation.GetGeneration(), 10),
+					PolicyAutomationResouceV: policyAutomation.GetResourceVersion(),
 				},
 			},
 			"spec": map[string]interface{}{