Skip to content

fix(compliance): Store correct metadata of tailored profiles#19375

Open
guzalv wants to merge 2 commits intomaster-base/gualvare/ROX-31229-tailored-profiles-trackingfrom
master-base/gualvare/fix-compliance-use-tp-metadata-always
Open

fix(compliance): Store correct metadata of tailored profiles#19375
guzalv wants to merge 2 commits intomaster-base/gualvare/ROX-31229-tailored-profiles-trackingfrom
master-base/gualvare/fix-compliance-use-tp-metadata-always

Conversation

@guzalv
Copy link
Contributor

@guzalv guzalv commented Mar 11, 2026
edited
Loading

Description

Before this PR, the stored tailored profile (TP) annotations and labels as follows:

  • If TP had a base profile, we copied metadata from it
  • If TP didn't have a base profile, we used the TP's own metadata

The description was handled the other way around:

  • If TP had a description, we used it directly
  • Otherwise we used the base profile's description, if any

These approaches are not coherent and problematic because:

  • Using the metadata of the base profile alone leads to inconsistencies and bugs, as some tailored profiles don't have a base profile.

  • Using a fallback strategy (use base profile's metadata and otherwise fall back to tailored profile's metadata) adds inconsistencies around what data is stored depending on whether a TP extends a base profile.

  • UX is further hindered because our UI shows certain labels and annotations, and a conditional approach creates inconsistent representation of TPs even if they have the same metadata.

Therefore the correct approach is to store the TP metadata unconditionally. This has been verified with stakeholders.

Imagine TPs A and B, both with annotation owner=John, where only A extends a base profile X with annotation owner=Alice.

Before this PR, only TP A would be stored with owner=Alice, TP B would not have annotations.

A fallback strategy would result in TP A with owner=Alice and TP B with owner=John, which would be unintuitive. After this commit, both TPs A and B are stored with owner=John.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

CI, and I have deployed this into a cluster and verified it works as expected.

@guzalv
Copy link
Contributor Author

guzalv commented Mar 11, 2026
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

@openshift-ci
Copy link

openshift-ci bot commented Mar 11, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

sourcery-ai[bot]
sourcery-ai bot reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

This was referenced Mar 11, 2026
Merged
Open
Draft
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Mar 11, 2026
edited
Loading

Images are ready for the commit at 037619f.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-350-g037619f090.

@guzalv guzalv force-pushed the master-base/gualvare/ROX-31229-tailored-profiles-tracking branch from 6084289 to db00a0e Compare March 11, 2026 09:25
@codecov
Copy link

codecov bot commented Mar 11, 2026

Codecov Report

❌ Patch coverage is 20.00000% with 24 lines in your changes missing coverage. Please review.
✅ Project coverage is 49.64%. Comparing base (23ada13) to head (2f59fc9).
⚠️ Report is 6 commits behind head on master-base/gualvare/ROX-31229-tailored-profiles-tracking.

Files with missing lines Patch % Lines
.../dispatchers/complianceoperatortailoredprofiles.go 21.42% 21 Missing and 1 partial ⚠️
.../convert/storagetov2/compliance_profile_service.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@                                      Coverage Diff                                      @@
##           master-base/gualvare/ROX-31229-tailored-profiles-tracking   #19375      +/-   ##
=============================================================================================
- Coverage                                                      49.65%   49.64%   -0.01%     
=============================================================================================
  Files                                                           2698     2698              
  Lines                                                         203066   203089      +23     
=============================================================================================
- Hits                                                          100825   100817       -8     
- Misses                                                         94722    94750      +28     
- Partials                                                        7519     7522       +3
Flag Coverage Δ
go-unit-tests 49.64% <20.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@guzalv guzalv changed the title Store metadata of tailored profile objects rather than their base fix(compliance): Store metadata of tailored profile objects rather than their base Mar 11, 2026
@guzalv guzalv force-pushed the master-base/gualvare/ROX-31229-tailored-profiles-tracking branch 2 times, most recently from bff0fec to 9daeeeb Compare March 16, 2026 10:51
@guzalv guzalv force-pushed the master-base/gualvare/fix-compliance-use-tp-metadata-always branch from 2f59fc9 to 935fc33 Compare March 16, 2026 13:22
@guzalv guzalv marked this pull request as ready for review March 16, 2026 13:50
@guzalv guzalv requested a review from a team as a code owner March 16, 2026 13:50
sourcery-ai[bot]
sourcery-ai bot reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • In TestProcessEvent_ExtendsProfile, the inline comment // Description intentionally empty to test inheritance is now incorrect since the tailored profile sets a description; update or remove this to avoid confusion about what the test is validating.
  • Consider adding a test case where a tailored profile extends a base profile but omits its own description, to explicitly validate the new behavior that no description is stored (rather than inheriting from the base).
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- In `TestProcessEvent_ExtendsProfile`, the inline comment `// Description intentionally empty to test inheritance` is now incorrect since the tailored profile sets a description; update or remove this to avoid confusion about what the test is validating.
- Consider adding a test case where a tailored profile extends a base profile but omits its own description, to explicitly validate the new behavior that no description is stored (rather than inheriting from the base).
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@guzalv guzalv changed the title fix(compliance): Store metadata of tailored profile objects rather than their base fix(compliance): Store correct metadata of tailored profiles Mar 16, 2026
@guzalv guzalv mentioned this pull request Mar 16, 2026
Draft
9 tasks
@guzalv guzalv force-pushed the master-base/gualvare/ROX-31229-tailored-profiles-tracking branch from e7719e4 to d86f013 Compare March 16, 2026 20:06
guzalv added 2 commits March 16, 2026 23:18
@guzalv
Store metadata of tailored profile objects rather than their base
3dbc109 
Using the metadata of the base profile ledas to inconsistencies and bugs
because some tailored profiles don't have a base profile.

Using a fallback strategy (use base profile's metadata and otherwise
fall back to tailored profile's metadata) adds inconsistencies around
what data is stored depending on whether a TP extends a base profile.

UX is further hindered because our UI shows certain labels and
annotations, and a conditional approach creates inconsistent
representation of TPs even if they have the same metadata.

Therefore the correct approach is to store the TP metadata
unconditionally.

Imagine TPs A and B, both with annotation "owner=john", where only A extends
a base profile X with annotation "owner=alice". Before this commit, only TP
A would be stored with "owner=alice", TP B would not have annotations. A
fallback strategy would result in TP A with "owner=alice" and TP B with
"owner=john", which would be unintuitive. After this commit, both TPs A and
B are stored with "owner=john".
@guzalv
Split test
037619f
@guzalv guzalv force-pushed the master-base/gualvare/fix-compliance-use-tp-metadata-always branch from 935fc33 to 037619f Compare March 16, 2026 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

ai-review area/sensor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@guzalv @rhacs-bot