ansible / awx-resource-operator

42 stars 34 forks source link

Updating a Job Template Resource does not take the changes #115

Open rlopez133 opened 1 year ago

rlopez133 commented 1 year ago

Currently if I created a Job Template as such on the first attempt this would create as expected.

apiVersion: tower.ansible.com/v1alpha1
kind: JobTemplate
metadata:
  name: rocketchat-volsync-template
  namespace: aap
spec:
  job_template_inventory: ACM Cluster Inventory
  job_template_name: RocketChatVolSync
  job_template_playbook: volsync/playbook.yml
  job_template_project: VolSync Demo
  tower_auth_secret: aap2-cred
  job_template_credentials:
  - "ACM Hub"

If I wanted to make a change and say remove the job_template_credentials from the Job Template if I went ahead removed this piece and gave another unique metadata.name , when you apply, you don't see the changes to the Job Template where the template credential is removed. It's exactly the same as the initial creation.

apiVersion: tower.ansible.com/v1alpha1
kind: JobTemplate
metadata:
  name: rocketchat-volsync-template
  namespace: aap
spec:
  job_template_inventory: ACM Cluster Inventory
  job_template_name: RocketChatVolSync
  job_template_playbook: volsync/playbook.yml
  job_template_project: VolSync Demo
  tower_auth_secret: aap2-cred
rooftopcellist commented 1 year ago

Fixing that may be as simple as adding:

  watchDependentResources: True

Here:

That way when you modify a JobTemplate resource, it will kick off the reconciliation lop again, which will run the awx.awx.job_template task to update the JobTemplate.

We just have to make sure that there aren't other knock-on effects to this change that are unwanted.

cooktheryan commented 1 year ago

/assign

rooftopcellist commented 1 year ago

I think that if we do this, we should make it possible to configure whether the state described in the CR for resources should be maintained or just created once. This could be an environment variable set on the operator deployment (for all resources) or it could be configurable on each resource.

Maybe we could call it create_only: true ? That was just the first think I thought of, I'm definitely open to other param names.

This would allow users to either: A) Create the resources once when deploying AWX, then modify them further using the AWX UI B) OR, Create the resources and re-run the reconciliation loop if any changes are made to the resources, which will update those resources accordingly. (Ideally with a strategic merge so that changes made from the UI that don't conflict would not be overwritten).

@cooktheryan Another thing is that we may want to make it possible to optionally configure a custom reconciliation interval, this way an AWX admin could enforce that changes made by users in the AWX UI were overwritten regularly if that is the desired behavior. That is how many configuration as code Jenkins instances are set up.

cooktheryan commented 1 year ago

@rooftopcellist so all of the items except jobtemplate and workflowtemplate I have working. The problem seems to exist that with the field @rlopez133 specified the underlying ansible playbook does not attempt to remediate those values. For example

apiVersion: tower.ansible.com/v1alpha1
kind: JobTemplate
metadata:
  name: rocketchat-volsync-template
spec:
  job_template_inventory: Demo Inventory
  job_template_name: RocketChatVolSync
  job_template_playbook: hello_world.yml
  job_template_project: Demo Project
  tower_auth_secret: awxaccess

Changing the value of the playbook causes the underlying playbook to make the change

apiVersion: tower.ansible.com/v1alpha1
kind: JobTemplate
metadata:
  name: rocketchat-volsync-template
spec:
  job_template_inventory: Demo Inventory
  job_template_name: RocketChatVolSync
  job_template_playbook: hello_world2.yml
  job_template_project: Demo Project
  tower_auth_secret: awxaccess

So I'm wondering if this is something that would need to happen in the job_template official playbook rather than this operator. Unless we wanted to remove objects if they already exist. I can modify the job_template_playbook as well as the job_template_project and the underlying playbook will make the change.

PR #129