From 8a6d75715c0ac31b56d7125dc5bb4af90c0f84bc Mon Sep 17 00:00:00 2001
From: Valentina Birsan <vbirsan@redhat.com>
Date: Thu, 3 Oct 2024 14:02:38 -0400
Subject: [PATCH] check completion only when time matches

Signed-off-by: Valentina Birsan <vbirsan@redhat.com>
(cherry picked from commit f21b9b8216c8831bb1746e53a8fef6eaf1ada7af)
---
 .../policies/oadp-hdr-app-backup.yaml         | 59 +++++++------------
 1 file changed, 22 insertions(+), 37 deletions(-)

diff --git a/community/CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-backup.yaml b/community/CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-backup.yaml
index 35b3d5e0..faa55375 100644
--- a/community/CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-backup.yaml
+++ b/community/CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-backup.yaml
@@ -78,11 +78,6 @@ spec:
             {{hub end hub}}
           remediationAction: inform
           severity: high
-          customMessage:
-            compliant: |
-              The schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> phase is not FailedValidation.{{hub end hub}}
-            noncompliant: |
-              The schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> phase is FailedValidation. {{hub end hub}}
 
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
@@ -107,11 +102,6 @@ spec:
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: high
-          customMessage:
-            compliant: |
-              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having an Error phase.{{hub end hub}}
-            noncompliant: |
-              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has an Error phase. {{hub end hub}}
 
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
@@ -136,11 +126,6 @@ spec:
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: high
-          customMessage:
-            compliant: |
-              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having a FailedValidation phase.{{hub end hub}}
-            noncompliant: |
-              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has a FailedValidation phase. {{hub end hub}}
 
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
@@ -165,11 +150,6 @@ spec:
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: high
-          customMessage:
-            compliant: |
-              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having a PartiallyFailed phase.{{hub end hub}}
-            noncompliant: |
-              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has a PartiallyFailed phase. {{hub end hub}}
 
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
@@ -194,11 +174,6 @@ spec:
                   startTimestamp: '{{ (lookup "velero.io/v1" "Schedule" "{{hub $configMap.data.backupNS hub}}" "{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}{{hub end hub}}-{{hub (printf "%s" .ManagedClusterName) hub}}").status.lastBackup }}'
           remediationAction: inform
           severity: low
-          customMessage:
-            compliant: |
-              There is no Backup with a startTimestamp matching the schedule {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup and having an empty phase.{{hub end hub}}
-            noncompliant: |
-              The Backup with a startTimestamp matching the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.status.lastBackup was found and has an empty state. {{hub end hub}}
 
     - objectDefinition:
         apiVersion: policy.open-cluster-management.io/v1
@@ -207,24 +182,34 @@ spec:
           name: check-backup-completed
         spec:
           object-templates-raw: |
-            {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
+           {{hub $clusterName := (printf "%s" .ManagedClusterName) hub}}
+           {{hub $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}}
+           {{hub $backupNS := $configMap.data.backupNS hub}}
+           {{hub $backupPrefix := $configMap.data.backupPrefix hub}}
+           {{hub $backupVolumeSnapshotLocation := $configMap.data.backupVolumeSnapshotLocation hub}}
+           {{hub $scheduleName := ((cat $backupPrefix "-" $backupVolumeSnapshotLocation "-" $clusterName) | replace " " "") hub}}
+
+           {{- $scheduleObj := (lookup "velero.io/v1" "Schedule" "{{hub $backupNS hub}}" "{{hub $scheduleName hub}}") }}
+           {{- $scheduleObjName := $scheduleObj.metadata.name }}
+           {{- $scheduleExists := eq $scheduleObjName "{{hub $scheduleName hub}}" }}
+
+            {{- if $scheduleExists }}
+              {{- $scheduleObjLastBckTime := ($scheduleObj.status.lastBackup) }}
+              {{- range $backupList := (lookup "velero.io/v1" "Backup" "{{hub $backupNS hub}}" "").items }}
+                {{- $backupCreation := $backupList.status.startTimestamp  }}
+                {{- if eq $backupCreation $scheduleObjLastBckTime }}
+
             - complianceType: musthave
               objectDefinition:
                 apiVersion: velero.io/v1
                 kind: Backup
                 metadata:
-                  namespace: '{{hub $configMap.data.backupNS hub}}'
-                  labels:
-                    velero.io/schedule-name: '{{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-{{ fromClusterClaim "name" }}'
-                    cluster-id: '{{ fromClusterClaim "id.openshift.io" }}'
-                    cluster-name: '{{ fromClusterClaim "name" }}'
+                  namespace: '{{hub $backupNS hub}}'
+                  name: {{ $backupList.metadata.name }}
                 status:
                   phase: Completed
-              {{hub end hub}}
+                {{- end }}
+              {{- end }}
+            {{- end }}
           remediationAction: inform
           severity: high
-          customMessage:
-            compliant: |
-              There is at least one completed Backup generated by the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.{{hub end hub}}
-            noncompliant: |
-              There is no completed Backup generated by the {{hub with $configMap := (lookup "v1" "ConfigMap" "" "hdr-app-configmap") hub}} {{hub $configMap.data.backupPrefix hub}}-{{hub $configMap.data.backupVolumeSnapshotLocation hub}}-<clusterName> Schedule.{{hub end hub}}