Bug: 2 ansiblejobs were created when disabled policy, "Disabled+Manual" mode

yiraeChristineKim · yiraeChristineKim · commit fb008f88ba80 · 2023-06-06T08:24:10.000-04:00
Solution:  Add resourceV verification

Signed-off-by: Yi Rae Kim &lt;yikim@redhat.com&gt;
diff --git a/controllers/automation/policyautomation_controller.go b/controllers/automation/policyautomation_controller.go
@@ -303,6 +303,20 @@ func (r *PolicyAutomationReconciler) Reconcile(
 	}
 
 	if policyAutomation.Annotations["policy.open-cluster-management.io/rerun"] == "true" {
+		AjExist, err := common.MatchPAResouceV(policyAutomation,
+			r.DynamicClient, policyAutomation.GetResourceVersion())
+		if err != nil {
+			log.Error(err, "Failed to compare Ansible job's resourceVersion")
+
+			return reconcile.Result{}, err
+		}
+
+		if AjExist {
+			log.Info("Ansiblejob already exist under this policyautomation resourceVersion")
+
+			return reconcile.Result{}, nil
+		}
+
 		targetList := common.FindNonCompliantClustersForPolicy(policy)
 		log.Info(
 			"Creating an Ansible job", "mode", "manual",
diff --git a/controllers/common/ansible.go b/controllers/common/ansible.go
@@ -24,6 +24,8 @@ const (
 	ControllerName             string = "policy-automation"
 	PolicyAutomationLabel      string = "policy.open-cluster-management.io/policyautomation-name"
 	PolicyAutomationGeneration string = "policy.open-cluster-management.io/policyautomation-generation"
+	// policyautomation-ResouceVersion
+	PolicyAutomationResouceV string = "policy.open-cluster-management.io/policyautomation-resource-version"
 )
 
 var log = ctrl.Log.WithName(ControllerName)
@@ -67,6 +69,38 @@ func MatchPAGeneration(policyAutomation *policyv1beta1.PolicyAutomation,
 	return false, nil
 }
 
+// Check any ansiblejob is made by input genteration number
+// Returning "true" means the policy automation already created ansiblejob with the generation
+func MatchPAResouceV(policyAutomation *policyv1beta1.PolicyAutomation,
+	dynamicClient dynamic.Interface, resourceVersion string,
+) (bool, error) {
+	ansiblejobList, err := dynamicClient.Resource(ansibleJobRes).Namespace(policyAutomation.GetNamespace()).List(
+		context.TODO(), metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%s=%s", PolicyAutomationLabel, policyAutomation.GetName()),
+		},
+	)
+	if err != nil {
+		log.Error(err, "Failed to get ansiblejob list")
+
+		return false, err
+	}
+
+	ansiblejobLen := len(ansiblejobList.Items)
+	// Check whether new PolicyAutomation
+	if ansiblejobLen == 0 {
+		return false, nil
+	}
+
+	for _, aj := range ansiblejobList.Items {
+		annotations := aj.GetAnnotations()
+		if annotations[PolicyAutomationResouceV] == resourceVersion {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
 // CreateAnsibleJob creates ansiblejob with given PolicyAutomation
 func CreateAnsibleJob(policyAutomation *policyv1beta1.PolicyAutomation,
 	dynamicClient dynamic.Interface, mode string, violationContext policyv1beta1.ViolationContext,
@@ -79,6 +113,7 @@ func CreateAnsibleJob(policyAutomation *policyv1beta1.PolicyAutomation,
 				"annotations": map[string]interface{}{
 					PolicyAutomationGeneration: strconv.
 						FormatInt(policyAutomation.GetGeneration(), 10),
+					PolicyAutomationResouceV: policyAutomation.GetResourceVersion(),
 				},
 			},
 			"spec": map[string]interface{}{
diff --git a/test/e2e/case5_policy_automation_test.go b/test/e2e/case5_policy_automation_test.go
