CMP-3869: Added new test for HyperShift clusters can be properly scanned for PCI-DSS compliance

[taimurhafeez]

The objective of TestScanHyperShiftHostedClusterPCIDSS is to verify scanning the platform with PCI-DSS profile on HyperShift works.

Can be executed using:
make e2e-serial E2E_GO_TEST_FLAGS="-v -run TestScanHyperShiftHostedClusterPCIDSS" E2E_ARGS="-root=your path/to/compliance-operator -globalMan=tests/_setup/crd.yaml -namespacedMan=tests/_setup/deploy_rbac.yaml -cleanupOnError=false -platform=HyperShift"

Output on AWS OCP 4.21:

=== RUN   TestScanHyperShiftHostedClusterPCIDSS
2026/02/26 14:03:21 TailoredProfile ready (READY)
2026/02/26 14:03:27 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:03:32 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:03:37 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:03:42 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:03:47 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:03:52 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:03:57 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:02 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:07 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:12 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:17 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:22 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:27 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:32 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:37 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:42 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:47 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:52 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:04:57 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:02 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:07 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:12 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:17 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:22 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:27 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:32 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:37 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:42 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:47 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:52 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: RUNNING
2026/02/26 14:05:57 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: AGGREGATING
2026/02/26 14:06:02 waiting until suite test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s reaches target status 'DONE'. Current status: AGGREGATING
2026/02/26 14:06:12 ComplianceScan ready (DONE)
2026/02/26 14:06:17 ComplianceScan ready (DONE)
2026/02/26 14:06:22 ComplianceScan ready (DONE)
2026/02/26 14:06:22 All scans in ComplianceSuite have finished (test-scan-hyper-shift-hosted-cluster-p-c-i-d-s-s)
    main_test.go:2340: ComplianceCheckResult test-hypershift-pci-dss-tailored-profile-configure-network-policies-namespaces status: FAIL
    main_test.go:2366: ComplianceCheckResult test-hypershift-pci-dss-tailored-profile-kubeadmin-removed status: FAIL
    main_test.go:2400: Found 58 ComplianceCheckResults for scan test-hypershift-pci-dss-tailored-profile
    main_test.go:2398: Warning: No ComplianceCheckResults found for scan ocp4-pci-dss-node
--- PASS: TestScanHyperShiftHostedClusterPCIDSS (187.04s)
PASS

Assisted by Claude.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: taimurhafeez

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [taimurhafeez]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@taimurhafeez: This pull request references CMP-3869 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[github-actions]

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:1095-b08674132a51bf5ca5ab774a441711f3ccec7e62

[openshift-ci]

@taimurhafeez: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-rosa	b086741	link	true	/test e2e-rosa
ci/prow/e2e-aws-serial-arm	b086741	link	true	/test e2e-aws-serial-arm
ci/prow/e2e-aws-parallel	b086741	link	true	/test e2e-aws-parallel

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.