CMP-3863: Added new test TestMustGatherImageWorksAsExpected to cover 75670 test from downstream#1023
CMP-3863: Added new test TestMustGatherImageWorksAsExpected to cover 75670 test from downstream#1023taimurhafeez wants to merge 5 commits intoComplianceAsCode:masterfrom
Conversation
|
@taimurhafeez: This pull request references CMP-3846 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Hi @taimurhafeez. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
taimurhafeez
changed the title
|
@taimurhafeez: This pull request references CMP-3863 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
tests/e2e/serial/main_test.go
Outdated
|
|
||
| // Wait for the ComplianceSuite scans to complete | ||
| log.Printf("Waiting for ComplianceSuite scans to complete...") | ||
| err = f.WaitForSuiteScansStatus(f.OperatorNamespace, scanSettingBindingName, compv1alpha1.PhaseDone, compv1alpha1.ResultNonCompliant) |
There was a problem hiding this comment.
Potential improvement here would be to consider implementing a backwards compatible change to WaitForSuiteScansStatus to accept a list of acceptable statues. That would allow us to say "wait for NonCompliant or Inconsistent - either are fine".
tests/e2e/serial/main_test.go
Outdated
| crdPath := fmt.Sprintf("%s/%s", complianceNamespaceDir, crd) | ||
| if _, err := os.Stat(crdPath); err == nil { | ||
| log.Printf("Found CRD directory: %s", crd) | ||
| foundCRD = true |
There was a problem hiding this comment.
This will only get set on the first occurrence, so if we have compliance scans but not a compliance suite, for example. Since we're using a binding, all three should certainly exist.
tests/e2e/serial/main_test.go
Outdated
| if !foundCRD { | ||
| // Check if there are CRD directories at the parent level (timestampDir) | ||
| // The gather script collects CRDs across all namespaces at lines 8-20 | ||
| log.Printf("Checking for CRD directories at the parent level...") | ||
| for _, crd := range complianceCRDs { | ||
| crdPath := fmt.Sprintf("%s/%s", timestampDir, crd) | ||
| if _, err := os.Stat(crdPath); err == nil { | ||
| log.Printf("Found CRD directory at parent level: %s", crd) | ||
| foundCRD = true | ||
| } | ||
| } | ||
| } | ||
|
|
||
| if !foundCRD { | ||
| // Check in other namespace directories (e.g., test namespace osdk-e2e-*) | ||
| // Scans may be created in the test namespace, not openshift-compliance | ||
| log.Printf("Checking for CRD directories in other namespace directories...") | ||
| timestampEntries, err := os.ReadDir(timestampDir) | ||
| if err == nil { | ||
| for _, entry := range timestampEntries { | ||
| if entry.IsDir() && entry.Name() != "openshift-compliance" && entry.Name() != "gather.logs" { | ||
| for _, crd := range complianceCRDs { | ||
| crdPath := fmt.Sprintf("%s/%s/%s", timestampDir, entry.Name(), crd) | ||
| if _, err := os.Stat(crdPath); err == nil { | ||
| log.Printf("Found CRD directory in %s: %s", entry.Name(), crd) | ||
| foundCRD = true | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| if !foundCRD { | ||
| // CRD directories are created by gather_compliance script at lines 8-20 | ||
| // They may not exist if the script encounters errors or if CRDs are not found | ||
| // This is a warning but not a failure since core must-gather functionality works | ||
| t.Logf("WARNING: No compliance CRD directories found in any namespace") | ||
| t.Logf("This may indicate the gather script failed to collect CRD data - check gather.logs") | ||
| log.Printf("WARNING: No compliance CRD directories found, but core must-gather data was collected successfully") | ||
| } |
There was a problem hiding this comment.
Could these be consolidated into a single conditional?
There was a problem hiding this comment.
I think it has been addressed.
rhmdnd
left a comment
rhmdnd
left a comment
There was a problem hiding this comment.
A few suggestions/questions inline.
tests/e2e/framework/common.go
Outdated
| }) | ||
| if createErr != nil { | ||
| return fmt.Errorf("failed to create Machine Config Pool %s: %w", n, createErr) | ||
| //return fmt.Errorf("failed to create Machine Config Pool %s: %w", n, createErr) |
There was a problem hiding this comment.
Remove the comment, please
| // Wait for the ComplianceSuite scans to complete | ||
| log.Printf("Waiting for ComplianceSuite scans to complete...") | ||
| err = f.WaitForSuiteScansStatus(f.OperatorNamespace, scanSettingBindingName, compv1alpha1.PhaseDone, compv1alpha1.ResultNonCompliant) | ||
| if err != nil { |
There was a problem hiding this comment.
nested if statements here. How about below if statements?
suite := &compv1alpha1.ComplianceSuite{}
if suite.Status.Result != compv1alpha1.ResultNonCompliant && suite.Status.Result != compv1alpha1.ResultInconsistent {
t.Fatalf("Unexpected scan result: %v", suite.Status.Result)
}
tests/e2e/serial/main_test.go
Outdated
| t.Fatalf("Scan did not complete successfully: %v", err) | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Remove the empty line, please
|
/retest |
|
This can be rebased now that #960 landed. |
rhmdnd
left a comment
rhmdnd
left a comment
There was a problem hiding this comment.
A few suggestions, specifically for handling the CRD failure case.
tests/e2e/serial/main_test.go
Outdated
|
|
||
| // The must-gather data is written directly to the timestamped directory | ||
| // Verify openshift-compliance namespace directory exists | ||
| complianceNamespaceDir := fmt.Sprintf("%s/openshift-compliance", timestampDir) |
There was a problem hiding this comment.
We could use f.OperatorNamespace if we pass the framework in, or at the very least pass in the namespace (especially if we don't need the whole framework object).
tests/e2e/serial/main_test.go
Outdated
| // Returns an error if CSV doesn't exist or doesn't have the must-gather image | ||
| func getMustGatherImageFromCSV(f *framework.Framework) (string, error) { | ||
| // First, try to get the CSV name | ||
| csvName, err := runOCandGetOutput([]string{ |
There was a problem hiding this comment.
Could we just use the CSV API directly instead of using oc?
tests/e2e/serial/main_test.go
Outdated
| // Verify that compliance resources exist before running must-gather | ||
| log.Printf("Verifying compliance resources exist in namespace %s...", f.OperatorNamespace) | ||
| scansOutput, err := runOCandGetOutput([]string{ | ||
| "get", "compliancescans,compliancesuites,compliancecheckresults", |
There was a problem hiding this comment.
We could grab these using the API like we do elsewhere in the tests, right?
tests/e2e/serial/main_test.go
Outdated
| "-n", f.OperatorNamespace, | ||
| }) | ||
| if err != nil { | ||
| log.Printf("Warning: Failed to check for compliance resources: %v", err) |
There was a problem hiding this comment.
If we can't verify that the CRDs exist, we might want to fail hard. I'm wondering if it would be valuable to continue running the tests in the event the CRDs aren't present, when the must-gather functionality is going to be looking for them anyway, right?
tests/e2e/serial/main_test.go
Outdated
|
|
||
| // Try to get from CSV if it exists (for OLM deployments) | ||
| csvImage, err := getMustGatherImageFromCSV(f) | ||
| if err == nil && csvImage != "" { |
There was a problem hiding this comment.
Doesn't look like we do anything with this err if it is set to something. We could log it, but in cases where OLM isn't on the cluster, we'd always be emitting a log about that, which could get noisy.
Might be an opportunity to be more deterministic if OLM is present, and short-circuit entirely if it isn't there.
| // Execute must-gather | ||
| log.Printf("Executing must-gather with image %s to directory %s...", mustGatherImage, mustGatherDir) | ||
| _, err = runOCandGetOutput([]string{ | ||
| "adm", "must-gather", |
There was a problem hiding this comment.
This makes sense for shelling out to oc since I don't think there is a client for must-gather.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: taimurhafeez The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@taimurhafeez: This pull request references CMP-3863 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
…cation, Detect OLM presence, Extract must-gather image from CSV , Support dynamic operator namespace, Fail early if required compliance resources are missing
Thanks, Lance. I have addressed most comments, except the one where I replied and asked for your suggestion. |
|
🤖 To deploy this PR, run the following command: |
rhmdnd
left a comment
rhmdnd
left a comment
There was a problem hiding this comment.
Looks like CI tripped on infrastructure issues that also affected other PRs over the weekend.
/retest
| csvItem := &csvList.Items[i] | ||
| if name := csvItem.GetName(); name != "" { | ||
| // CSVs typically have names like "compliance-operator.vX.Y.Z" | ||
| if len(name) >= 18 && name[:18] == "compliance-operator" { |
There was a problem hiding this comment.
Are we off by one here?
| missingCRDs = append(missingCRDs, crd) | ||
| } | ||
| } | ||
| t.Logf("WARNING: Not all compliance CRD directories found. Missing: %v", missingCRDs) |
There was a problem hiding this comment.
If these directories are missing - don't we have a bug in the must-gather image? Shouldn't we fail the test if we hit this?
|
/retest-required |
|
@taimurhafeez: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
4 participants
This TestMustGatherImageWorksAsExpected e2e test verifies that the must-gather debugging tool works correctly for the compliance-operator.
To run it:
make e2e-serial E2E_GO_TEST_FLAGS="-v -run TestMustGatherImageWorksAsExpected"Expected Output on OCP 4.21: