Skip to content

ROX-19064: Scanner V4 Automated Tests (Groovy Foundation) #19640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dcaravel merged 3 commits into from
Mar 30, 2026
+34 −2
Merged

ROX-19064: Scanner V4 Automated Tests (Groovy Foundation) #19640

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5d39894
add scanner v4 enabled flag
dcaravel Mar 7, 2026
8e59e44
add null guard to enable retries waiting for image vulns
dcaravel Mar 24, 2026
07257dc
add ScannerV4Integration type, deletable trait, and update testabilit…
dcaravel Mar 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 27 additions & 1 deletion qa-tests-backend/src/main/groovy/objects/ImageIntegration.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,23 @@ package objects

import common.Constants
import io.stackrox.proto.storage.ImageIntegrationOuterClass
import services.FeatureFlagService
import services.ImageIntegrationService
import util.Env

trait ImageIntegration {
abstract static ImageIntegrationOuterClass.ImageIntegration.Builder getCustomBuilder(Map customArgs)

// Returns true for integrations that can be deleted, false otherwise.
static boolean isDeletable() { true }
}

class StackroxScannerIntegration implements ImageIntegration {

static String name() { Constants.AUTO_REGISTERED_STACKROX_SCANNER_INTEGRATION }

static Boolean isTestable() {
return true
return !FeatureFlagService.isFeatureFlagEnabled("ROX_SCANNER_V4")
}

static String createDefaultIntegration() {
Expand Down Expand Up @@ -428,6 +432,28 @@ class GoogleArtifactRegistry implements ImageIntegration {
}
}

class ScannerV4Integration implements ImageIntegration {

static String name() { "Scanner V4" }

static Boolean isTestable() {
return FeatureFlagService.isFeatureFlagEnabled("ROX_SCANNER_V4")
}

static boolean isDeletable() { false }

// The Scanner V4 integration is auto-registered and cannot be deleted.
// createDefaultIntegration() looks up the existing integration rather than creating one.
static String createDefaultIntegration() {
ImageIntegrationOuterClass.ImageIntegration existing =
ImageIntegrationService.getImageIntegrationByName(name())
if (!existing) {
return ""
}
return existing.id
}
Comment on lines +445 to +454
Copy link
Copy Markdown
Contributor

@BradLugo BradLugo Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this different from the StackroxScannerIntegration version of this function? I didn't dig into it too much, but I would expect these functions to be nearly identical.

Copy link
Copy Markdown
Contributor Author

@dcaravel dcaravel Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Scanner V4 variation doesn't try to create a new ACS integration - it uses the default one created at install time. The Scanner V4 integration is not something that can be created or deleted via the API - which is why the implementation differs from all the other integrations.

Copy link
Copy Markdown
Contributor

@BradLugo BradLugo Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you're saying the StackRox Scanner (Scanner V2) integration can be created and deleted via the API?

Copy link
Copy Markdown
Contributor Author

@dcaravel dcaravel Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct.

}

class GCRImageIntegration implements ImageIntegration {

static String name() { "GCR Registry+Scanner" }
Expand Down
6 changes: 6 additions & 0 deletions qa-tests-backend/src/test/groovy/BaseSpecification.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import objects.K8sServiceAccount
import objects.Secret
import services.BaseService
import services.ClusterService
import services.FeatureFlagService
import services.ImageIntegrationService
import services.MetadataService
import services.RoleService
Expand Down Expand Up @@ -73,6 +74,8 @@ class BaseSpecification extends Specification {

public static String coreImageIntegrationId = null

public static boolean scannerV4Enabled = false

private static synchronizedGlobalSetup() {
synchronized(BaseSpecification) {
globalSetup()
Expand Down Expand Up @@ -128,6 +131,9 @@ class BaseSpecification extends Specification {
}
}

scannerV4Enabled = FeatureFlagService.isFeatureFlagEnabled("ROX_SCANNER_V4")
LOG.info "Scanner V4 enabled: ${scannerV4Enabled}"

if (ClusterService.isOpenShift4()) {
assert Env.mustGetOrchestratorType() == OrchestratorTypes.OPENSHIFT,
"Set CLUSTER=OPENSHIFT when testing OpenShift"
Expand Down
2 changes: 1 addition & 1 deletion qa-tests-backend/src/test/groovy/Services.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,7 @@ class Services extends BaseService {
Timer t = new Timer(retries, interval)
while (t.IsValid()) {
def found = ImageService.getImages().find { it.name.endsWith(imageName) }
if (found.hasCves() || found.hasFixableCves()) {
if (found?.hasCves() || found?.hasFixableCves()) {
LOG.info "SR found vulnerabilities for the image ${imageName} within ${t.SecondsSince()}s"
return true
}
Expand Down
Loading