Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-6780: Add a test to expose cleanup issue with SSBs #295

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+117 −0
Open

OCPBUGS-6780: Add a test to expose cleanup issue with SSBs #295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions tests/e2e/framework/common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1000,6 +1000,26 @@ func (f *Framework) AssertScanHasValidPVCReferenceWithSize(scanName, size, names
return nil
}

func (f *Framework) AssertScanDoesNotExists(scanName, namespace string) error {
cs := &compv1alpha1.ComplianceScan{}
defer f.logContainerOutput(namespace, scanName)
err := f.Client.Get(context.TODO(), types.NamespacedName{Name: scanName, Namespace: namespace}, cs)
if !apierrors.IsNotFound(err) {
return fmt.Errorf("found unexpected ComplianceScan %s", scanName)
}
return nil
}

func (f *Framework) AssertScanExists(scanName, namespace string) error {
cs := &compv1alpha1.ComplianceScan{}
defer f.logContainerOutput(namespace, scanName)
err := f.Client.Get(context.TODO(), types.NamespacedName{Name: scanName, Namespace: namespace}, cs)
if err != nil {
return err
}
return nil
}

func (f *Framework) ScanHasWarnings(scanName, namespace string) error {
cs := &compv1alpha1.ComplianceScan{}
err := f.Client.Get(context.TODO(), types.NamespacedName{Name: scanName, Namespace: namespace}, cs)
Expand Down Expand Up @@ -1451,3 +1471,28 @@ func (f *Framework) AssertHasCheck(suiteName, scanName string, check compv1alpha

return nil
}

func (f *Framework) ReRunScan(scanName, namespace string) error {
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will conflict with a couple other patches I have that need this. Just a heads up for the rebase.

scanKey := types.NamespacedName{Name: scanName, Namespace: namespace}
err := backoff.Retry(func() error {
foundScan := &compv1alpha1.ComplianceScan{}
geterr := f.Client.Get(context.TODO(), scanKey, foundScan)
if geterr != nil {
return geterr
}

scapCopy := foundScan.DeepCopy()
if scapCopy.Annotations == nil {
scapCopy.Annotations = make(map[string]string)
}
scapCopy.Annotations[compv1alpha1.ComplianceScanRescanAnnotation] = ""
return f.Client.Update(context.TODO(), scapCopy)
}, defaultBackoff)

if err != nil {
return fmt.Errorf("couldn't update scan to re-launch it: %w", err)
}

log.Printf("Scan re-launched")
return nil
}
72 changes: 72 additions & 0 deletions tests/e2e/parallel/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2795,3 +2795,75 @@ func TestScheduledSuiteTimeoutFail(t *testing.T) {
t.Fatal("The scan should have the timeout annotation")
}
}

func TestUpdateScanSettingBindingRemovesScans(t *testing.T) {
f := framework.Global
t.Parallel()
bindingName := framework.GetObjNameFromTest(t)
cisProfileName := "ocp4-cis"
moderateProfileName := "ocp4-moderate"

// create a ssb with two profiles "ocp4-cis" and "ocp4-moderate"
scanSettingBinding := compv1alpha1.ScanSettingBinding{
ObjectMeta: metav1.ObjectMeta{
Name: bindingName,
Namespace: f.OperatorNamespace,
},
Profiles: []compv1alpha1.NamedObjectReference{
{
Name: cisProfileName,
Kind: "Profile",
APIGroup: "compliance.openshift.io/v1alpha1",
},
{
Name: moderateProfileName,
Kind: "Profile",
APIGroup: "compliance.openshift.io/v1alpha1",
},
},
SettingsRef: &compv1alpha1.NamedObjectReference{
Name: "default",
Kind: "ScanSetting",
APIGroup: "compliance.openshift.io/v1alpha1",
},
}
err := f.Client.Create(context.TODO(), &scanSettingBinding, nil)
if err != nil {
t.Fatal(err)
}
defer f.Client.Delete(context.TODO(), &scanSettingBinding)

err = f.WaitForSuiteScansStatus(f.OperatorNamespace, scanSettingBinding.Name, compv1alpha1.PhaseDone, compv1alpha1.ResultNonCompliant)
if err != nil {
t.Fatal(err)
}

f.AssertScanExists(cisProfileName, f.OperatorNamespace)
f.AssertScanExists(moderateProfileName, f.OperatorNamespace)

update := &compv1alpha1.ScanSettingBinding{}
err = f.Client.Get(context.TODO(), types.NamespacedName{Namespace: f.OperatorNamespace, Name: scanSettingBinding.Name}, update)
if err != nil {
t.Fatal(err)
}
update.Profiles = []compv1alpha1.NamedObjectReference{
{
Name: cisProfileName,
Kind: "Profile",
APIGroup: "compliance.openshift.io/v1alpha1",
},
}
err = f.Client.Update(context.TODO(), update)
if err != nil {
t.Fatal(err)
}

// We might need a different utility to rerun a suite instead of scan
err = f.ReRunScan(scanSettingBinding.Name, f.OperatorNamespace)
Copy link
Author

@rhmdnd rhmdnd Apr 15, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fails because the scan name isn't the binding name. Need to find a better way to assert this...

Or maybe we just go right into the assertions below about the scans. I guess it depends on where the cleanup happens. If it happens in the SSB controller, we probably won't need to rescan.

I'm open to recommendations here.

if err != nil {
t.Fatal(err)
}

f.AssertScanExists(cisProfileName, f.OperatorNamespace)
f.AssertScanDoesNotExists(moderateProfileName, f.OperatorNamespace)
}