Skip to content

CMP-3789: Enhance TestScanProducesRemediations to cover remaining 28949 logic [WIP] #1015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Anna-Koudelkova wants to merge 1 commit into from
Closed

CMP-3789: Enhance TestScanProducesRemediations to cover remaining 28949 logic [WIP] #1015

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions tests/e2e/parallel/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -969,6 +969,27 @@ func TestScanProducesRemediations(t *testing.T) {
t.Fatal("expected all remediations are unapplied when scan finishes")
}
}

podList := &corev1.PodList{}
err = f.Client.List(context.TODO(), podList, client.InNamespace(f.OperatorNamespace), client.MatchingLabels(map[string]string{
"workload": "scanner",
}))
if err != nil {
t.Fatal(err)
}

expectedSuffix := "-api-checks-pod"
found := false
for _, pod := range podList.Items {
if strings.HasSuffix(pod.Name, expectedSuffix) {
found = true
break
}
}

if !found {
Copy link
Collaborator

@xiaojiey xiaojiey Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am a little confused why api-checks-pod scanner pod still exists after scan done. With default scansetting, all scanner pods should be deleted after scan done.

Copy link
Collaborator Author

@Anna-Koudelkova Anna-Koudelkova Dec 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am joining you in the confusion. The api-checks-pod scanner pod still exists in the end when I run the test case just with the defer lines commented so that the tp and ssb stays there:

$ oc get pods
NAME                                                              READY   STATUS      RESTARTS        AGE
aggregator-pod-test-scan-produces-remediations                    0/1     Completed   0               3m32s
compliance-operator-6fd5c47-ndlf2                                 1/1     Running     2 (6m34s ago)   6m37s
ocp4-osdk-e2e-5378635b-6de3-40a1-ae18-e07ac721bd4f-pp-5dfbbhfvb   1/1     Running     0               6m20s
rhcos4-osdk-e2e-5378635b-6de3-40a1-ae18-e07ac721bd4f-pp-5fnffxq   1/1     Running     0               6m20s
test-scan-produces-remediations-api-checks-pod                    0/2     Completed   0               3m59s

However, if I just create the tp and ssb using following yaml files, the pod gets deleted after the scan finishes like is expected:

$ cat tp.yaml 
apiVersion: compliance.openshift.io/v1alpha1
kind: TailoredProfile
metadata:
  name: test-scan-produces-remediations
  namespace: openshift-compliance
  annotations: 
    compliance.openshift.io/product-type: Platform
spec:
  description: TestScanProducesRemediations
  extends: ocp4-moderate
  title: TestScanProducesRemediations

$ cat ssb.yaml 
apiVersion: compliance.openshift.io/v1alpha1
kind: ScanSettingBinding
metadata:
  name: test-scan-produces-remediations
  namespace: openshift-compliance
profiles:
  - apiGroup: compliance.openshift.io/v1alpha1
    kind: TailoredProfile
    name: test-scan-produces-remediations
settingsRef:
  apiGroup: compliance.openshift.io/v1alpha1
  kind: ScanSetting
  name: default

$ oc get pods
NAME                                              READY   STATUS    RESTARTS        AGE
compliance-operator-6778cc566f-fcx5n              1/1     Running   2 (2m38s ago)   2m42s
ocp4-openshift-compliance-pp-976f8cc94-ctvnt      1/1     Running   0               2m22s
rhcos4-openshift-compliance-pp-7bd49b8974-xt2nr   1/1     Running   0               2m22s

I am still not sure what am I missing here

Copy link
Collaborator Author

@Anna-Koudelkova Anna-Koudelkova Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did not reproduce the issue with the latest released CO 1.8.0, the -api-checks-pod gets removed after the scan finishes, as expected.

Copy link
Collaborator

@xiaojiey xiaojiey Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the below code covers "When Debug: true is set, scanner pods should remain available even after scan completed". Maybe you can close this PR.
https://github.com/ComplianceAsCode/compliance-operator/blob/master/tests/e2e/parallel/main_test.go#L567-L591

t.Fatalf("Pod with suffix %s was not found", expectedSuffix)
}
}

func TestSingleScanWithStorageSucceeds(t *testing.T) {
Expand Down
Loading