Retry policy evaluation when object changed during evaluation

This is important for the dry-run to not send a noncompliant error because the dry-run failed due to an object conflict. On the normal update case, it saves the time it takes for the policy to be evaluated again. Signed-off-by: mprahl <mprahl@users.noreply.github.com>
open-cluster-management-io · Nov 3, 2023 · d2a4e04 · d2a4e04
1 parent ffc115c
commit d2a4e04
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
@@ -2631,6 +2631,18 @@ func (r *ConfigurationPolicyReconciler) checkAndUpdateResource(
 					return true, "", false, false
 				}
 
+				// If it's a conflict, refetch the object and try again.
+				if k8serrors.IsConflict(err) {
+					log.Info("The object updating during the evaluation. Trying again.")
+
+					rv, getErr := res.Get(context.TODO(), obj.existingObj.GetName(), metav1.GetOptions{})
+					if getErr == nil {
+						obj.existingObj = rv
+
+						return r.checkAndUpdateResource(obj, complianceType, mdComplianceType, remediation)
+					}
+				}
+
 				message := getUpdateErrorMsg(err, obj.existingObj.GetKind(), obj.name)
 				if message == "" {
 					message = fmt.Sprintf(
@@ -2668,6 +2680,17 @@ func (r *ConfigurationPolicyReconciler) checkAndUpdateResource(
 			FieldValidation: metav1.FieldValidationStrict,
 		})
 		if err != nil {
+			if k8serrors.IsConflict(err) {
+				log.Info("The object updating during the evaluation. Trying again.")
+
+				rv, getErr := res.Get(context.TODO(), obj.existingObj.GetName(), metav1.GetOptions{})
+				if getErr == nil {
+					obj.existingObj = rv
+
+					return r.checkAndUpdateResource(obj, complianceType, mdComplianceType, remediation)
+				}
+			}
+
 			message := getUpdateErrorMsg(err, obj.existingObj.GetKind(), obj.name)
 			if message == "" {
 				message = fmt.Sprintf("Error updating the object `%v`, the error is `%v`", obj.name, err)