ROX-34153: Don't return compliance profiles if filter matches nothing by guzalv · Pull Request #20048 · stackrox/stackrox

guzalv · 2026-04-16T12:58:57Z

Description

Before this PR, a filter matching 0 profiles in GET /v2/compliance/profiles/summary resulted in querying the database without a WHERE clause, so the API returned every profile in the database instead of none. Meanwhile totalCount was computed correctly as 0, contradicting the returned data.

This PR fixes the logic by adding an early return when a filter does not match.

A similar issue exists in /v2/compliance/scan/configurations/, addressed in #20044.

User-facing documentation

CHANGELOG.md is updated OR update is not needed

Testing and quality

the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
CI results are inspected

Automated testing

added unit tests

How I validated my change

By running in a live cluster and querying with a filter that matches nothing:

# Before (master)
$ curl -sku admin:admin "https://central/v2/compliance/profiles/summary?cluster_ids=$CLUSTER_1&query.query=Compliance+Profile+Name:nonexistent" | jq '.profiles[].name' | wc -l
52

# After
$ curl -sku admin:admin "https://central/v2/compliance/profiles/summary?cluster_ids=$CLUSTER_1&query.query=Compliance+Profile+Name:nonexistent" | jq '.profiles[].name' | wc -l
0

openshift-ci · 2026-04-16T12:59:02Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

github-actions · 2026-04-16T13:13:18Z

🚀 Build Images Ready

Images are ready for commit 63b7ca9. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-688-g63b7ca9a70

codecov · 2026-04-16T13:13:55Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.67%. Comparing base (602344f) to head (63b7ca9).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #20048   +/-   ##
=======================================
  Coverage   49.67%   49.67%           
=======================================
  Files        2765     2765           
  Lines      209049   209052    +3     
=======================================
+ Hits       103847   103850    +3     
  Misses      97523    97523           
  Partials     7679     7679

Flag	Coverage Δ
go-unit-tests	`49.67% <100.00%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

…hes nothing When GetProfilesNames returns nil (filter matches no profiles), the caller was passing nil into AddExactMatches which is a no-op, producing a query with no WHERE clause — causing SearchProfiles to return every profile in the database instead of an empty list. Fix: early-return before building the second query when the name list is empty. AI-assisted change.

The previous test sent a request with no filter, so GetProfilesNames returning nil simulated "cluster has no profiles", not "filter matches nothing". Add a Compliance Profile Name:nonexistent filter so the test exercises the intended scenario. AI-assisted change.

openshift-ci bot added the do-not-merge/work-in-progress label Apr 16, 2026

github-actions bot added the area/central label Apr 16, 2026

guzalv mentioned this pull request Apr 16, 2026

ROX-34163: Show "No data available" when no scans are configured #20044

Open

4 tasks

guzalv changed the title ~~ROX-34153: return empty list in ListProfileSummaries when filter matches nothing~~ ROX-34153: Return empty list of compliance profiles if filter matches nothing Apr 17, 2026

guzalv changed the title ~~ROX-34153: Return empty list of compliance profiles if filter matches nothing~~ ROX-34153: Don't return compliance profiles if filter matches nothing Apr 17, 2026

guzalv marked this pull request as ready for review April 17, 2026 13:38

openshift-ci bot removed the do-not-merge/work-in-progress label Apr 17, 2026

guzalv added 2 commits April 17, 2026 15:40

guzalv force-pushed the ROX-34153-profiles-summary-fix branch from 5593dd7 to 63b7ca9 Compare April 17, 2026 13:40

guzalv requested review from a team and dashrews78 April 17, 2026 13:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ROX-34153: Don't return compliance profiles if filter matches nothing#20048

ROX-34153: Don't return compliance profiles if filter matches nothing#20048
guzalv wants to merge 2 commits intomasterfrom
ROX-34153-profiles-summary-fix

guzalv commented Apr 16, 2026 •

edited

Loading

Uh oh!

openshift-ci bot commented Apr 16, 2026

Uh oh!

github-actions bot commented Apr 16, 2026 •

edited

Loading

Uh oh!

codecov bot commented Apr 16, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

guzalv commented Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

User-facing documentation

Testing and quality

Automated testing

How I validated my change

Uh oh!

openshift-ci bot commented Apr 16, 2026

Uh oh!

github-actions bot commented Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🚀 Build Images Ready

Uh oh!

codecov bot commented Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

guzalv commented Apr 16, 2026 •

edited

Loading

github-actions bot commented Apr 16, 2026 •

edited

Loading

codecov bot commented Apr 16, 2026 •

edited

Loading