foreman_openbolt 1.1.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 19c30e74d249eacf814179dac70292c3e42182b39477cab06adf304885298587
-  data.tar.gz: bbc28cd01be2a7f100d1ec015c92aff471584e7445468184e7ef1bd97c485b27
+  metadata.gz: 3747d57bc5198327d01255ec665724e38a46dbfd91fd1e5bd764d6cf3ddd3bb3
+  data.tar.gz: ad67d388a524680a567ffdf020e35bbb364471bd190cbdfc597c25d88928a4d2
 SHA512:
-  metadata.gz: 2b40018885e22e7d3690b13c524787dadbf8ad2fe8fa5af2e82e5eb4fd99d65a56a7015cbd02717573c5cd12395d1a157130c16257fa94a5b3f28ef78470fd55
-  data.tar.gz: 753476abd475f3de15ad928874048c9772d4a55534129f35b9d4c032beb5c0f787e8ba6aed271763bb59d66383986360cbf8d0438618aefdb9f2175790b959c7
+  metadata.gz: 1570a5623355cd514276d9e25aece89f2b3f5970bde5efa80db4f9cbe1c4e59eb030b4b5194906d9e9b93f6ec62ac3059e9ed1671cfd612b025d805e3cff7f8e
+  data.tar.gz: b335d7b62ff7c6a6d93e39d2ae12c8357ca32b36299313ecc28a23ecc9190d74016a60f03e61f8bacbbf2ba7583cfb15b96b31acf5c21590d59dafc70934fb84

data/README.md

@@ -252,7 +252,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 ### Version locations
 
-Update the version in these files:
+The version is maintained in two files:
 
 1. `lib/foreman_openbolt/version.rb` -- the gem version (authoritative source)
 2. `package.json` -- the npm package version (must match)
@@ -260,23 +260,17 @@ Update the version in these files:
 If the minimum Foreman version changes, also update:
 
 3. `lib/foreman_openbolt/engine.rb` -- `requires_foreman '>= X.Y.Z'`
-4. `foreman_openbolt.spec.erb` -- `%global foreman_min_version X.Y.Z`
-5. `.github/workflows/build.yml` -- default `foreman_version` and `foreman_packaging_ref` inputs
+4. `.github/workflows/build.yml` -- default `foreman_version` and `foreman_packaging_ref` inputs
 
 ### Release steps
 
-1. Bump the version in the two files listed above
-2. Generate the changelog:
-   ```bash
-   CHANGELOG_GITHUB_TOKEN=github_pat_... bundle exec rake changelog
-   ```
-3. Create a PR with the version bump and changelog, get it reviewed and merged
-4. Create and push a tag matching the version:
-   ```bash
-   git tag 1.1.0
-   git push origin 1.1.0
-   ```
-5. The [release workflow](.github/workflows/release.yml) runs automatically on tag push and:
+1. Go to [Actions > Prepare Release](../../actions/workflows/prepare_release.yml) and run the workflow with the version to release (e.g. `1.2.0`)
+2. The workflow bumps the version in `version.rb` and `package.json`, generates the changelog, and opens a PR with the `skip-changelog` label
+3. Review and merge the PR
+4. Go to [Actions > Release](../../actions/workflows/release.yml) and run the workflow with the same version
+5. The release workflow:
+   - Verifies the version in `version.rb` matches the input
+   - Creates and pushes a git tag
    - Builds the gem
    - Creates a GitHub Release with auto-generated notes and the gem attached
    - Publishes the gem to GitHub Packages

data/lib/foreman_openbolt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ForemanOpenbolt
-  VERSION = '1.1.0'
+  VERSION = '1.1.1'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_openbolt",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "OpenBolt integration into Foreman",
   "main": "index.js",
   "scripts": {

data/test/acceptance/acceptance_helper.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require 'capybara'
+require 'capybara/dsl'
+require 'selenium-webdriver'
+require 'test/unit'
+
+# Base class for acceptance tests using Capybara + Selenium Chrome.
+# Connects to Foreman through a remote ChromeDriver container and
+# exercises the plugin UI as a real user would.
+class AcceptanceTestCase < Test::Unit::TestCase
+  include Capybara::DSL
+
+  # Chrome runs in a separate container and reaches Foreman via the Docker
+  # network service name. The test runner connects to ChromeDriver via the
+  # exposed port 4444 on the host.
+  FOREMAN_URL = ENV.fetch('FOREMAN_URL', 'https://foreman')
+  FOREMAN_USER = ENV.fetch('FOREMAN_USER', 'admin')
+  FOREMAN_PASS = ENV.fetch('FOREMAN_PASS', 'changeme')
+  CHROMEDRIVER_URL = ENV.fetch('CHROMEDRIVER_URL', 'http://localhost:4444')
+
+  def setup
+    Capybara.app_host = FOREMAN_URL
+    Capybara.run_server = false
+    Capybara.default_max_wait_time = 15
+
+    Capybara.register_driver :remote_chrome do |app|
+      options = Selenium::WebDriver::Chrome::Options.new
+      options.add_argument('--headless') unless ENV['HEADFUL']
+      options.add_argument('--no-sandbox')
+      options.add_argument('--disable-dev-shm-usage')
+      options.add_argument('--disable-gpu')
+      options.add_argument('--window-size=1280,720')
+      options.add_argument('--ignore-certificate-errors')
+
+      Capybara::Selenium::Driver.new(
+        app,
+        browser: :remote,
+        url: CHROMEDRIVER_URL,
+        options: options
+      )
+    end
+
+    Capybara.default_driver = :remote_chrome
+    Capybara.javascript_driver = :remote_chrome
+  end
+
+  def teardown
+    visit '/users/logout'
+    Capybara.reset_sessions!
+  end
+
+  def foreman_login(user: FOREMAN_USER, password: FOREMAN_PASS)
+    visit '/users/login'
+    fill_in 'login_login', with: user
+    fill_in 'login_password', with: password
+    click_button 'Log In'
+  end
+
+  # --- Launch page helpers ---
+
+  def select_first_proxy
+    assert_selector '#smart-proxy-input option', minimum: 2, wait: 15
+    proxy_option = first('#smart-proxy-input option:not([value=""])')
+    select proxy_option.text, from: 'smart-proxy-input'
+  end
+
+  def select_hosts_via_search(query)
+    find('[aria-label="Select host targeting method"]').click
+    find('[data-ouia-component-id="host_methods"]').find('li', text: 'Search query').click
+    search_input = find('.foreman-search-field input[type="text"]', wait: 10)
+    search_input.fill_in with: query
+  end
+
+  def launch_task_via_ui(task_name, targets: 'target', params: {})
+    visit '/foreman_openbolt/page_launch_task'
+    assert_selector '#smart-proxy-input', wait: 15
+
+    select_first_proxy
+    select_hosts_via_search(targets)
+
+    assert_selector '#task-name-input option', minimum: 2, wait: 15
+    select task_name, from: 'task-name-input'
+
+    params.each do |name, value|
+      assert_selector "#param_#{name}", wait: 10
+      fill_in "param_#{name}", with: value
+    end
+
+    click_button 'Launch Task'
+    assert_selector 'h1', text: 'Task Execution', wait: 15
+  end
+
+  def assert_task_completed
+    assert_selector '.pf-v5-c-label', text: /Success|Complete/i, wait: 120
+  end
+
+  def assert_task_failed
+    assert_selector '.pf-v5-c-label', text: /Failed|Failure|Error/i, wait: 120
+  end
+
+  def assert_result_contains(text)
+    assert_selector '.pf-v5-c-code-block__code', text: text, wait: 15
+  end
+
+  def assert_result_has_content
+    assert_no_selector '.pf-v5-c-empty-state', text: 'No result data', wait: 15
+    assert_selector '.pf-v5-c-code-block__code', wait: 15
+  end
+
+  def assert_log_contains(text)
+    # Click the "Log Output" tab to see the bolt command and log
+    find('.pf-v5-c-tabs__link', text: 'Log Output').click
+    assert_selector '.pf-v5-c-code-block__code', text: text, wait: 15
+  end
+
+  # OpenBolt options and task parameters both use param_ prefix for field IDs
+  def set_openbolt_option(name, value)
+    field = find("#param_#{name}", wait: 10)
+    if field.tag_name == 'select'
+      field.select value
+    elsif field['type'] == 'checkbox'
+      value ? field.check : field.uncheck
+    else
+      field.fill_in with: value
+    end
+  end
+
+  # --- Settings page helpers ---
+
+  # Update a Foreman setting through the /settings UI. Each setting row
+  # has an inline edit button with id=<setting_name> that reveals an
+  # input with id=setting-input-<setting_name> and a submit button with
+  # ouiaId=submit-edit-btn (see Foreman's SettingValueCell /
+  # SettingValueEdit components).
+  def update_foreman_setting(setting_name, new_value, category: 'openbolt')
+    visit '/settings'
+    find("a[href='##{category}_settings_tab']", wait: 10).click
+
+    within("##{category}_settings_tab", wait: 10) do
+      find("button##{setting_name}", wait: 10).click
+      find("#setting-input-#{setting_name}", wait: 10).fill_in with: new_value
+      find("[data-ouia-component-id='submit-edit-btn']").click
+    end
+  end
+end

data/test/acceptance/docker/docker-compose.yml

@@ -0,0 +1,69 @@
+name: foreman-openbolt-acceptance
+
+services:
+  foreman:
+    container_name: foreman-openbolt-test
+    hostname: foreman.example.com
+    image: ${FOREMAN_IMAGE:-foreman-openbolt:3.18}
+    pull_policy: never
+    platform: linux/amd64
+    privileged: true
+    ports:
+      - "443:443"
+      - "8443:8443"
+    entrypoint: /entrypoint.sh
+    volumes:
+      # Entrypoint script (prepares SSH keys, fixtures, then starts systemd)
+      - ./foreman/entrypoint.sh:/entrypoint.sh:ro
+      # Plugin RPMs built by rake build:rpm
+      - ../../../pkg:/opt/pkg:ro
+      # Fixture modules for acceptance tasks
+      - ../fixtures/modules:/opt/fixtures/modules:ro
+      # SSH private key for bolt to connect to targets
+      - ../fixtures/keys/id_rsa:/tmp/ssh/id_rsa:ro
+      # OpenBolt plugin config for smart-proxy
+      - ../fixtures/openbolt.yml:/etc/foreman-proxy/settings.d/openbolt.yml:ro
+    depends_on:
+      - target1
+      - target2
+    tmpfs:
+      - /run
+      - /tmp:rw,exec,nosuid
+    healthcheck:
+      test: ["CMD", "curl", "-sk", "https://localhost/api/v2/status"]
+      interval: 10s
+      timeout: 10s
+      retries: 30
+      start_period: 60s
+
+  chrome:
+    container_name: foreman-openbolt-chrome
+    image: ${SELENIUM_IMAGE:-selenium/standalone-chrome:latest}
+    shm_size: 2g
+    ports:
+      - "4444:4444"
+      - "7900:7900"
+    depends_on:
+      - foreman
+
+  target1:
+    container_name: foreman-openbolt-target1
+    hostname: target1.example.com
+    image: foreman-openbolt-target
+    pull_policy: never
+    build:
+      context: .
+      dockerfile: target/Dockerfile
+    volumes:
+      - ../fixtures/keys/id_rsa.pub:/tmp/id_rsa.pub:ro
+
+  target2:
+    container_name: foreman-openbolt-target2
+    hostname: target2.example.com
+    image: foreman-openbolt-target
+    pull_policy: never
+    build:
+      context: .
+      dockerfile: target/Dockerfile
+    volumes:
+      - ../fixtures/keys/id_rsa.pub:/tmp/id_rsa.pub:ro

data/test/acceptance/docker/foreman/Dockerfile

@@ -0,0 +1,45 @@
+# Foreman base image for acceptance testing.
+# This Dockerfile only installs packages. foreman-installer is run
+# separately via `docker run --hostname` (see Rakefile) because it
+# requires a valid FQDN and systemd, neither of which are available
+# during `docker build`.
+#
+# The final image is created by committing the container after
+# foreman-installer completes. Plugin RPMs are installed at runtime
+# via setup.sh.
+FROM --platform=linux/amd64 rockylinux:9
+
+ARG FOREMAN_VERSION=3.18
+
+# Locale
+RUN dnf install -y glibc-langpack-en && dnf clean all
+ENV LANG=en_US.UTF-8
+ENV PATH="$PATH:/opt/puppetlabs/bin:/opt/puppetlabs/server/bin"
+
+# Enable module streams
+RUN dnf -y module enable nodejs:22 postgresql:16
+
+# Add Foreman and OpenVox repos
+RUN dnf install -y \
+      "https://yum.theforeman.org/releases/${FOREMAN_VERSION}/el9/x86_64/foreman-release.rpm" \
+      https://yum.voxpupuli.org/openvox8-release-el-9.noarch.rpm && \
+    dnf clean all
+
+# Install foreman-installer, OpenBolt, and OpenVox (agent + server)
+RUN dnf install -y \
+      foreman-installer \
+      jq \
+      openbolt \
+      openssh-clients \
+      openvox-agent \
+      openvox-server && \
+    dnf clean all
+
+# Fix NSS for container environment. Rocky 9 defaults to "sss files systemd"
+# but sssd isn't running, causing getpwuid(0) to fail in JRuby/puppetserver.
+RUN sed -i 's/^passwd:.*/passwd:     files/' /etc/nsswitch.conf && \
+    sed -i 's/^shadow:.*/shadow:     files/' /etc/nsswitch.conf && \
+    sed -i 's/^group:.*/group:      files/' /etc/nsswitch.conf
+
+
+CMD ["/usr/sbin/init"]

data/test/acceptance/docker/foreman/entrypoint.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# Prepare the Foreman container for acceptance testing.
+# This runs before systemd (PID 1) takes over.
+set -e
+
+# Proxy log directory
+mkdir -p /var/log/foreman-proxy/openbolt
+chown -R foreman-proxy:foreman-proxy /var/log/foreman-proxy
+
+# SSH key for proxy to reach targets
+if [ -f /tmp/ssh/id_rsa ]; then
+  mkdir -p /opt/foreman-proxy/.ssh
+  chown foreman-proxy:foreman-proxy /opt/foreman-proxy /opt/foreman-proxy/.ssh
+  cp /tmp/ssh/id_rsa /opt/foreman-proxy/.ssh/id_rsa
+  chown foreman-proxy:foreman-proxy /opt/foreman-proxy/.ssh/id_rsa
+  chmod 600 /opt/foreman-proxy/.ssh/id_rsa
+fi
+
+# Deploy fixture modules for acceptance tasks
+if [ -d /opt/fixtures/modules ]; then
+  mkdir -p /etc/puppetlabs/code/environments/production/modules
+  cp -r /opt/fixtures/modules/* /etc/puppetlabs/code/environments/production/modules/
+fi
+
+# Hand off to systemd
+exec /usr/sbin/init

data/test/acceptance/docker/target/Dockerfile

@@ -0,0 +1,29 @@
+FROM rockylinux:9
+
+ARG OPENVOX_RELEASE=8
+
+RUN dnf install -y \
+      openssh-server \
+      openssh-clients \
+      sudo \
+      jq \
+      https://yum.voxpupuli.org/openvox${OPENVOX_RELEASE}-release-el-9.noarch.rpm && \
+    dnf install -y openvox-agent && \
+    dnf clean all
+
+RUN useradd -m openbolt && \
+    echo 'openbolt:openbolt' | chpasswd && \
+    usermod -aG wheel openbolt && \
+    echo 'openbolt ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/openbolt
+
+RUN mkdir -p /home/openbolt/.ssh && \
+    chmod 700 /home/openbolt/.ssh && \
+    chown -R openbolt:openbolt /home/openbolt
+
+RUN ssh-keygen -A
+
+COPY target/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 22
+ENTRYPOINT ["/entrypoint.sh"]

data/test/acceptance/docker/target/entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+# Copy the bind-mounted public key into the openbolt user's authorized_keys
+# with correct ownership and permissions. sshd refuses keys when the
+# file or parent directory is writable by anyone other than the owner.
+set -e
+
+cp /tmp/id_rsa.pub /home/openbolt/.ssh/authorized_keys
+chown openbolt:openbolt /home/openbolt/.ssh/authorized_keys
+chmod 600 /home/openbolt/.ssh/authorized_keys
+
+exec /usr/sbin/sshd -D

data/test/acceptance/fixtures/modules/acceptance/tasks/complex_params.json

@@ -0,0 +1,30 @@
+{
+  "input_method": "environment",
+  "description": "A task with multiple parameter types for testing command building",
+  "parameters": {
+    "required_string": {
+      "type": "String",
+      "description": "A required string parameter"
+    },
+    "optional_string": {
+      "type": "Optional[String]",
+      "description": "An optional string parameter"
+    },
+    "array_param": {
+      "type": "Array",
+      "description": "An array parameter"
+    },
+    "with_default": {
+      "type": "String",
+      "description": "A parameter with a default value",
+      "default": "default_value"
+    },
+    "hash_param": {
+      "type": "Optional[Hash]",
+      "description": "An optional hash parameter"
+    }
+  },
+  "implementations": [
+    {"name": "complex_params.sh", "requirements": ["shell"]}
+  ]
+}

data/test/acceptance/fixtures/modules/acceptance/tasks/complex_params.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+# Echo back all parameters as JSON so the test can verify they arrived correctly.
+# PT_array_param arrives as a JSON string from bolt, so we pass it through as raw JSON.
+jq -n \
+  --arg required "$PT_required_string" \
+  --arg optional "$PT_optional_string" \
+  --argjson array "${PT_array_param:-null}" \
+  --arg default_val "$PT_with_default" \
+  --argjson hash "${PT_hash_param:-null}" \
+  '{
+    required_string: $required,
+    optional_string: (if $optional == "" then null else $optional end),
+    array_param: $array,
+    with_default: $default_val,
+    hash_param: $hash
+  }'

data/test/acceptance/fixtures/modules/acceptance/tasks/echo.json

@@ -0,0 +1,13 @@
+{
+  "input_method": "environment",
+  "description": "Echo a message back with the hostname",
+  "parameters": {
+    "message": {
+      "type": "String",
+      "description": "The message to echo back"
+    }
+  },
+  "implementations": [
+    {"name": "echo.sh", "requirements": ["shell"]}
+  ]
+}

data/test/acceptance/fixtures/modules/acceptance/tasks/echo.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+jq -n --arg msg "$PT_message" --arg host "$(hostname)" \
+  '{"message": $msg, "hostname": $host}'

data/test/acceptance/fixtures/modules/acceptance/tasks/failing_task.json

@@ -0,0 +1,8 @@
+{
+  "input_method": "environment",
+  "description": "A task that always fails",
+  "parameters": {},
+  "implementations": [
+    {"name": "failing_task.sh", "requirements": ["shell"]}
+  ]
+}

data/test/acceptance/fixtures/modules/acceptance/tasks/failing_task.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+echo '{"status": "failure", "error": "This task always fails"}' >&2
+exit 1

data/test/acceptance/fixtures/modules/acceptance/tasks/noop_task.json

@@ -0,0 +1,8 @@
+{
+  "input_method": "environment",
+  "description": "A no-op task that returns a status",
+  "parameters": {},
+  "implementations": [
+    {"name": "noop_task.sh", "requirements": ["shell"]}
+  ]
+}

data/test/acceptance/fixtures/modules/acceptance/tasks/noop_task.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+echo '{"status": "ok"}'

data/test/acceptance/fixtures/modules/acceptance/tasks/slow_task.json

@@ -0,0 +1,14 @@
+{
+  "input_method": "environment",
+  "description": "A task that sleeps for a specified number of seconds",
+  "parameters": {
+    "seconds": {
+      "type": "Integer",
+      "description": "Number of seconds to sleep",
+      "default": 5
+    }
+  },
+  "implementations": [
+    {"name": "slow_task.sh", "requirements": ["shell"]}
+  ]
+}

data/test/acceptance/fixtures/modules/acceptance/tasks/slow_task.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+sleep "${PT_seconds:-5}"
+echo "{\"status\": \"ok\", \"slept\": ${PT_seconds:-5}}"

data/test/acceptance/fixtures/modules/acceptance/tasks/target_conditional.json

@@ -0,0 +1,13 @@
+{
+  "input_method": "environment",
+  "description": "A task that succeeds on target1 and fails on target2",
+  "parameters": {
+    "succeed_on": {
+      "type": "String",
+      "description": "Hostname prefix that should succeed"
+    }
+  },
+  "implementations": [
+    {"name": "target_conditional.sh", "requirements": ["shell"]}
+  ]
+}

data/test/acceptance/fixtures/modules/acceptance/tasks/target_conditional.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+hostname=$(hostname)
+if [[ "$hostname" == ${PT_succeed_on}* ]]; then
+  echo "{\"status\": \"success\", \"hostname\": \"$hostname\"}"
+  exit 0
+else
+  echo "{\"status\": \"failure\", \"hostname\": \"$hostname\"}" >&2
+  exit 1
+fi

data/test/acceptance/fixtures/openbolt.yml

@@ -0,0 +1,7 @@
+---
+:enabled: https
+:environment_path: /etc/puppetlabs/code/environments/production
+:workers: 5
+:concurrency: 20
+:connect_timeout: 30
+:log_dir: /var/log/foreman-proxy/openbolt

data/test/acceptance/tests/error_handling_test.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require_relative '../acceptance_helper'
+
+# Tests that errors are handled gracefully through the full stack.
+class ErrorHandlingTest < AcceptanceTestCase
+  def setup
+    super
+    foreman_login
+  end
+
+  def test_launch_button_disabled_with_no_matching_hosts
+    visit '/foreman_openbolt/page_launch_task'
+    assert_selector '#smart-proxy-input', wait: 15
+    select_first_proxy
+    select_hosts_via_search('nonexistent.example.com')
+
+    assert_selector '#task-name-input option', minimum: 2, wait: 15
+    select 'acceptance::echo', from: 'task-name-input'
+
+    assert_selector 'button[type="submit"][disabled]', text: 'Launch Task'
+  end
+
+  def test_failing_task_shows_error_in_result
+    launch_task_via_ui('acceptance::failing_task')
+    assert_task_failed
+    assert_result_contains 'This task always fails'
+  end
+
+  def test_mixed_target_results_show_per_host_status
+    launch_task_via_ui('acceptance::target_conditional',
+      params: { 'succeed_on' => 'target1' })
+
+    assert_task_failed
+    assert_result_has_content
+    # Result should contain output from both targets
+    assert_result_contains 'target1'
+    assert_result_contains 'target2'
+  end
+end

data/test/acceptance/tests/host_selector_test.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require_relative '../acceptance_helper'
+
+# Tests for HostSelector-specific affordances: the search query chip
+# and the "Clear all target selections" link.
+class HostSelectorTest < AcceptanceTestCase
+  def setup
+    super
+    foreman_login
+    visit '/foreman_openbolt/page_launch_task'
+    assert_selector '#smart-proxy-input', wait: 15
+    select_first_proxy
+  end
+
+  def test_clear_chips_link_empties_targets_and_removes_chip
+    select_hosts_via_search('target1')
+
+    # The Targets label is conditional on targets.length > 0
+    # (LaunchTask/index.js:230).
+    assert_selector '.pf-v5-c-label', text: /Targets:\s*\d+/, wait: 15
+
+    # Click the "Clear all target selections" button (ouiaId=clear-chips).
+    find('[data-ouia-component-id="clear-chips"]').click
+
+    # Targets label disappears and the clear-chips button itself
+    # unmounts once there are no selections.
+    assert_no_selector '.pf-v5-c-label', text: /Targets:/, wait: 10
+    assert_no_selector '[data-ouia-component-id="clear-chips"]', wait: 5
+  end
+end