Skip to content

CMP-4475: Install OpenShift Virtualization operator for OCP-Virt e2e#78

Draft
Vincent056 wants to merge 1 commit into
ComplianceAsCode:mainfrom
Vincent056:cmp-4475-ocpvirt-e2e
Draft

CMP-4475: Install OpenShift Virtualization operator for OCP-Virt e2e#78
Vincent056 wants to merge 1 commit into
ComplianceAsCode:mainfrom
Vincent056:cmp-4475-ocpvirt-e2e

Conversation

@Vincent056

Copy link
Copy Markdown
Collaborator

What (draft)

First step toward an e2e suite for the CIS OpenShift Virtualization profiles.

  • Adds installVirtualizationOperator (helpers/virtualization.go): creates the openshift-cnv namespace, an OperatorGroup, a Subscription for kubevirt-hyperconverged, waits for the HyperConverged API, creates the HyperConverged CR, and waits until it is Available. Idempotent; leaves existing CNV in place.
  • New -install-virt flag (default false) gates it — existing runs are unchanged.
  • Called from helpers/Setup after the operator install, before profile-bundle setup.
  • Adds -cel-content-file plumbing for the CEL ProfileBundle.

Still TODO on this ticket (draft)

  • Wire -cel-content-file into the ocp4 ProfileBundle spec.celContentFile — requires bumping the vendored ComplianceAsCode/compliance-operator API to ≥ v1.9.0 (the release that added CELContentFile). Marked with a TODO(CMP-4475) in helpers/utilities.go.
  • Assertion generation for the CEL + mixed rule set (CEL platform + manual who-can + OpenSCAP node).
  • Make target / CI lane to run the cis-vm-extension profile.
  • Apply the scanner RBAC from CMP-4425 in the flow.

Testing

Compiles and gofmt clean. End-to-end run pending a CNV-capable test cluster; the CNV install path will be validated once a cluster is available.

Jira: https://issues.redhat.com/browse/CMP-4475

🤖 Generated with Claude Code

Add an optional setup step that installs the OpenShift Virtualization (CNV)
operator and creates the HyperConverged CR before the tests run, so the CIS
OpenShift Virtualization profiles can be scanned on a cluster that does not
already have CNV. Gated by the new -install-virt flag (default false) and
idempotent if CNV is already present.

Also adds an -install-virt and -cel-content-file config plumbing; wiring the
CEL ProfileBundle (spec.celContentFile) is marked as a follow-up TODO pending
a bump of the vendored compliance-operator API to >= v1.9.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant