CMP-3831: Add test for namespace exemption test for resource limit checks

[taimurhafeez]

Implements test case to validate that namespace exemption variables work correctly for resource limit compliance rules. The test creates workloads without resource limits in exempted namespaces and verifies that the exemption regex patterns properly exclude them from failing the daemonset, deployment, and statefulset resource limit checks.

Test it using:
go test -v -timeout 60m -test-type platform -run TestNamespaceExemptionVariables -content-directory /your/path/to/content/repo -install-operator=true -log-dir ./logs
On OCP:

2026/03/24 16:47:54 Using default content image: quay.io/redhat-user-workloads/ocp-isc-tenant/compliance-operator-content-dev:master
2026/03/24 16:47:54 ProfileBundle ocp4 is valid
2026/03/24 16:47:55 ProfileBundle rhcos4 is valid
2026/03/24 16:47:55 Setup completed successfully
=== RUN   TestNamespaceExemptionVariables
    e2e_test.go:528: Created test namespace: ns-76797-test-1
    e2e_test.go:528: Created test namespace: ns-76797-test-2
    e2e_test.go:543: Created test workloads without resource limits in ns-76797-test-1
    e2e_test.go:563: Created TailoredProfile: ns-exemption-test-profile with exemption pattern: ^ns-76797-test-.*$
2026/03/24 16:48:02 Created new ScanSettingBinding ns-exemption-scan-binding
    e2e_test.go:576: Created ScanSettingBinding: ns-exemption-scan-binding
2026/03/24 16:48:02 ComplianceSuite ns-exemption-scan-binding doesn't exist yet, waiting for it to be created
2026/03/24 16:48:02 ComplianceSuite ns-exemption-scan-binding is not DONE: no statuses available yet
2026/03/24 16:48:07 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:12 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:18 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:23 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:28 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:33 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:38 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:43 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is RUNNING
2026/03/24 16:48:48 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is AGGREGATING
2026/03/24 16:48:53 ComplianceSuite ns-exemption-scan-binding is not DONE: suite ns-exemption-scan-binding scan ns-exemption-test-profile is AGGREGATING
2026/03/24 16:48:59 ComplianceSuite ns-exemption-scan-binding is DONE
2026/03/24 16:48:59 Created result map with 3 rules for suite ns-exemption-scan-binding
    e2e_test.go:591: Found 3 results:
    e2e_test.go:593:   - ns-exemption-test-profile-resource-requests-limits-in-statefulset: PASS
    e2e_test.go:593:   - ns-exemption-test-profile-resource-requests-limits-in-daemonset: PASS
    e2e_test.go:593:   - ns-exemption-test-profile-resource-requests-limits-in-deployment: PASS
    e2e_test.go:616: ✓ Rule resource-requests-limits-in-statefulset: PASS (namespace exemption working correctly)
    e2e_test.go:616: ✓ Rule resource-requests-limits-in-daemonset: PASS (namespace exemption working correctly)
    e2e_test.go:616: ✓ Rule resource-requests-limits-in-deployment: PASS (namespace exemption working correctly)
2026/03/24 16:48:59 Saved YAML data to logs/namespace-exemption-test-results.yaml
    e2e_test.go:630: Namespace exemption test passed successfully - all exempted workloads passed the resource limit checks
--- PASS: TestNamespaceExemptionVariables (64.06s)
PASS
ok  	github.com/ComplianceAsCode/ocp4e2e	66.103s

Assisted by Claude.

[openshift-ci]

Hi @taimurhafeez. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[taimurhafeez]

/ok-to-test

[openshift-ci]

@taimurhafeez: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ocp4-stig	9a54826	link	true	/test e2e-aws-ocp4-stig
ci/prow/e2e-aws-ocp4-cis	9a54826	link	true	/test e2e-aws-ocp4-cis
ci/prow/e2e-aws-rhcos4-moderate	9a54826	link	true	/test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-openshift-node-compliance	9a54826	link	true	/test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.