ROX-24660: install Compliance Operator on integration (#1885)

dp-terraform/helm/rhacs-terraform/Chart.lock

@@ -20,5 +20,8 @@ dependencies:
 - name: vertical-pod-autoscaler
   repository: ""
   version: 0.1.0
-digest: sha256:d935785f613711e133ef1b0e340d5ac480f54b31c586f94abdda4955593c936a
-generated: "2024-05-02T17:11:35.093988-04:00"
+- name: compliance-operator
+  repository: ""
+  version: 0.1.0
+digest: sha256:324d9c58d59b0f51e3d547e8825c9bb8415f90d47b5e75ef90d76e844d41a772
+generated: "2024-06-12T12:15:47.378422393+02:00"

dp-terraform/helm/rhacs-terraform/Chart.yaml

@@ -46,3 +46,6 @@ dependencies:
   - name: vertical-pod-autoscaler
     version: "0.1.0"
     condition: verticalPodAutoscaler.enabled
+  - name: compliance-operator
+    version: "0.1.0"
+    condition: complianceOperator.enabled

dp-terraform/helm/rhacs-terraform/charts/compliance-operator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

dp-terraform/helm/rhacs-terraform/charts/compliance-operator/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: compliance-operator
+description: "Chart to install compliance operator"
+type: application
+version: "0.1.0"
+appVersion: "0.1.0"

dp-terraform/helm/rhacs-terraform/charts/compliance-operator/README.md

@@ -0,0 +1,13 @@
+# Compliance Operator
+
+Compliance Operator is used to run compliance checks, e.g. NIST or CIS we use it in ACSCS
+for testing purposes in our dogfooding instances.
+Starting at version 1.5.0 the operator is upgraded automatically.
+If the operator breaks it can easily be uninstalled / paused by disabling the flag without production impact.
+
+Value to disable the operator:
+
+```
+complianceOperator:
+  enabled: false
+```

dp-terraform/helm/rhacs-terraform/charts/compliance-operator/templates/01-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-compliance

dp-terraform/helm/rhacs-terraform/charts/compliance-operator/templates/02-subscription.yaml

@@ -0,0 +1,12 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: compliance-operator
+  namespace: openshift-compliance
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: compliance-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: compliance-operator.v1.5.0

dp-terraform/helm/rhacs-terraform/charts/compliance-operator/templates/03-operator-group.yaml

@@ -0,0 +1,9 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: compliance-operator
+  namespace: openshift-compliance
+spec:
+  targetNamespaces:
+    - openshift-compliance
+  upgradeStrategy: Default

dp-terraform/helm/rhacs-terraform/values.yaml

@@ -275,6 +275,9 @@ secretStore:
 verticalPodAutoscaler:
   enabled: true
 
+complianceOperator:
+  enabled: false
+
 global:
   secretStore:
     aws: