Skip to content

CMP-3870: Add ROSA test for node profiles without PLATFORM env#75

Open
taimurhafeez wants to merge 1 commit intoComplianceAsCode:mainfrom
taimurhafeez:CMP-3870
Open

CMP-3870: Add ROSA test for node profiles without PLATFORM env#75
taimurhafeez wants to merge 1 commit intoComplianceAsCode:mainfrom
taimurhafeez:CMP-3870

Conversation

@taimurhafeez
Copy link
Copy Markdown
Collaborator

@taimurhafeez taimurhafeez commented Apr 1, 2026
edited
Loading

It validates that Compliance Operator works on ROSA HCP clusters when installed WITHOUT the PLATFORM environment variable in the subscription.

Test validates:

  • Subscription has no PLATFORM env variable configured
  • ProfileBundles (ocp4, rhcos4) are VALID
  • Node profiles are available (ocp4-cis-node, ocp4-pci-dss-node, etc.)
  • Platform profiles are NOT available (ocp4-cis correctly excluded)
  • Scans execute successfully on worker-only ROSA HCP cluster
  • 116 compliance checks run and return results

tested on ROSA 4.20:

oc get nodes
NAME                         STATUS   ROLES    AGE     VERSION
ip-10-0-1-101.ec2.internal   Ready    worker   9m45s   v1.33.8
ip-10-0-1-229.ec2.internal   Ready    worker   8m44s   v1.33.8

go test -v -run "^TestRosaNodeProfilesWithoutPlatformEnv$" \
  -platform=rosa \
  -install-operator=false \
  -timeout=30m
2026/04/01 14:41:31 Created temporary directory: /tmp/content-2438885171
2026/04/01 14:41:31 Executing: git clone https://github.com/ComplianceAsCode/content.git /tmp/content-2438885171
2026/04/01 14:41:40 Successfully cloned ComplianceAsCode/content repository
2026/04/01 14:41:40 Executing: git -C /tmp/content-2438885171 rev-parse HEAD
2026/04/01 14:41:40 Cloned repository git SHA: 0bb5f8a1f27e67a314d3b6b18d4db286c356c290
2026/04/01 14:41:40 Using default content image: quay.io/redhat-user-workloads/ocp-isc-tenant/compliance-operator-content-dev:master
2026/04/01 14:41:40 ProfileBundle ocp4 is valid
2026/04/01 14:41:40 ProfileBundle rhcos4 is valid
2026/04/01 14:41:41 Setup completed successfully
=== RUN   TestRosaNodeProfilesWithoutPlatformEnv
    e2e_test.go:540: Verifying subscription has no PLATFORM environment variable set
    e2e_test.go:548: Subscription has no PLATFORM env variable (as expected)
    e2e_test.go:551: Verifying ProfileBundles are VALID
2026/04/01 14:41:41 ProfileBundle ocp4 has status VALID
2026/04/01 14:41:41 ProfileBundle rhcos4 has status VALID
    e2e_test.go:560: ProfileBundles (ocp4, rhcos4) are VALID
    e2e_test.go:563: Verifying node profiles are available
2026/04/01 14:41:41 Found profile ocp4-cis-node
2026/04/01 14:41:42 Found profile ocp4-pci-dss-node
2026/04/01 14:41:42 Found profile ocp4-high-node
2026/04/01 14:41:42 Found profile ocp4-moderate-node
2026/04/01 14:41:42 Found profile ocp4-nerc-cip-node
2026/04/01 14:41:42 Found profile ocp4-stig-node
2026/04/01 14:41:42 Found profile rhcos4-e8
2026/04/01 14:41:42 Found profile rhcos4-high
2026/04/01 14:41:42 Found profile rhcos4-moderate
2026/04/01 14:41:42 Found profile rhcos4-nerc-cip
2026/04/01 14:41:42 Found profile rhcos4-stig
    e2e_test.go:583: Verified 11 node profiles exist
    e2e_test.go:586: Verifying platform profile ocp4-cis does NOT exist
    e2e_test.go:591: Platform profile ocp4-cis does not exist (as expected)
    e2e_test.go:594: Creating ScanSettingBinding with ocp4-cis-node and ocp4-pci-dss-node profiles
2026/04/01 14:41:43 Created new ScanSettingBinding rosa-node-profiles-test with profiles: ocp4-cis-node, ocp4-pci-dss-node
    e2e_test.go:599:  Created ScanSettingBinding
    e2e_test.go:602: Waiting for ComplianceSuite to complete
2026/04/01 14:41:43 ComplianceSuite rosa-node-profiles-test is not DONE: no statuses available yet
2026/04/01 14:41:48 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:41:53 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:41:58 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:42:03 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:42:08 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:42:13 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:42:19 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is RUNNING
2026/04/01 14:42:24 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is AGGREGATING
2026/04/01 14:42:29 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is AGGREGATING
2026/04/01 14:42:34 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is AGGREGATING
2026/04/01 14:42:39 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-cis-node-worker is AGGREGATING
2026/04/01 14:42:44 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-pci-dss-node-worker is AGGREGATING
2026/04/01 14:42:49 ComplianceSuite rosa-node-profiles-test is not DONE: suite rosa-node-profiles-test scan ocp4-pci-dss-node-worker is AGGREGATING
2026/04/01 14:42:54 ComplianceSuite rosa-node-profiles-test is DONE
    e2e_test.go:607:  ComplianceSuite completed
    e2e_test.go:610: Retrieving scan results
2026/04/01 14:42:54 Created result map with 116 rules for suite rosa-node-profiles-test
2026/04/01 14:42:54 Saved YAML data to /logs/artifacts/rosa-node-profiles-test-results.yaml
    e2e_test.go:628:  Scan completed with 116 check results
    e2e_test.go:653:  ROSA node profile test passed successfully when Compliance Operator installed without PLATFORM env variable
    e2e_test.go:528: Cleaning up test resources
2026/04/01 14:42:55 Deleted ScanSettingBinding rosa-node-profiles-test
2026/04/01 14:42:55 Waiting for ComplianceSuite and results cleanup for rosa-node-profiles-test
2026/04/01 14:42:55 Still waiting for cleanup after 5s: 116 ComplianceCheckResults still exist for suite rosa-node-profiles-test
2026/04/01 14:43:00 Scan cleanup completed for rosa-node-profiles-test
--- PASS: TestRosaNodeProfilesWithoutPlatformEnv (79.15s)
PASS
ok  	github.com/ComplianceAsCode/ocp4e2e	89.594s

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 1, 2026

@taimurhafeez: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ocp4-cis a1de2a3 link true /test e2e-aws-ocp4-cis
ci/prow/e2e-aws-ocp4-stig a1de2a3 link true /test e2e-aws-ocp4-stig
ci/prow/e2e-aws-rhcos4-moderate a1de2a3 link true /test e2e-aws-rhcos4-moderate

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@taimurhafeez