From a77a60ada45d261f9590348f83967bd8fe0d0774 Mon Sep 17 00:00:00 2001
From: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com>
Date: Thu, 6 Apr 2023 11:23:51 -0400
Subject: [PATCH] Add refetch before updating status

Especially when DeleteIfCreated is in use, if the status update fails,
the controller is no longer aware it created resources. A refetch
prevents the status update from failing due to conflicts.

Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com>
(cherry picked from commit f0e15dddb1f9015bbaaad59110064f16adf0357a)
---
 controllers/configurationpolicy_controller.go | 24 ++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
index 4f985c57..7458e482 100644
--- a/controllers/configurationpolicy_controller.go
+++ b/controllers/configurationpolicy_controller.go
@@ -2756,9 +2756,27 @@ func (r *ConfigurationPolicyReconciler) updatePolicyStatus(
 		"Updating configurationPolicy status", "status", policy.Status.ComplianceState, "policy", policy.GetName(),
 	)
 
-	err := r.Status().Update(context.TODO(), policy)
-	if err != nil {
-		return err
+	updatedStatus := policy.Status
+
+	maxRetries := 3
+	for i := 1; i <= maxRetries; i++ {
+		err := r.Get(context.TODO(), types.NamespacedName{Namespace: policy.Namespace, Name: policy.Name}, policy)
+		if err != nil {
+			log.Info(fmt.Sprintf("Failed to refresh policy; using previously fetched version: %s", err))
+		} else {
+			policy.Status = updatedStatus
+		}
+
+		err = r.Status().Update(context.TODO(), policy)
+		if err != nil {
+			if i == maxRetries {
+				return err
+			}
+
+			log.Info(fmt.Sprintf("Failed to update policy status. Retrying (attempt %d/%d): %s", i, maxRetries, err))
+		} else {
+			break
+		}
 	}
 
 	if sendEvent {