foreman_openscap 4.0.1 → 4.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: afb07ec68598ddfebdea1a16d50489cb5ca88cd7e5e0eb0294591704ac41d06d
-  data.tar.gz: 2c9aeed9bd9244263002370796e1439801dbe29183f4f19c99bc33d5aa5168b3
+  metadata.gz: 416db64a783e7876de13cd98e57b7daea2c0ac9f228f52f85fcb54d4db18e75f
+  data.tar.gz: c5b5c5f22113c4842a83d3255880af2632e12ccd26f1cc8779a36f4ae1910745
 SHA512:
-  metadata.gz: 93afb936e476d4b8ddc3c616ec5820b7609cf8fefc59478ac7011b78edef1e33946d194ba4a47dde89acf19dcbc6d6fd74f6e5ba501502ae9a1ef7663e1b77ed
-  data.tar.gz: c5aeec2a9ceee0c88d40e279dda82316e4a13eeb5e4b31856fa2625b20e994cf10e13b338286b5550e6d9ba107c78de0049d6587610404c31d2c3d5ecbc7b85f
+  metadata.gz: e92cbdf9359cc67bb7e7ed1e40da8b78789fbc9daecb7c8559853d1fce03eaa5d2953f8d810ee5176f7f4288f57115c213099ce798229837c1568a09b3a2e1be
+  data.tar.gz: 91263d9e014cadff61bca46fe792cd2584e3c4de5ba828cd5f7e7b46e0e5d4c890e5fdd4894d19566bee31b5cb479ed21dd0b65be2bd499d15251c4d90b58920

data/app/controllers/api/v2/compliance/scap_contents_controller.rb

@@ -5,7 +5,11 @@ module Api::V2
       include ForemanOpenscap::BodyLogExtensions
       include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
 
-      before_action :find_resource, :except => %w[index create]
+      def self.bulk_upload_types
+        ['files', 'directory', 'default']
+      end
+
+      before_action :find_resource, :except => %w[index create bulk_upload]
 
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController
@@ -61,6 +65,29 @@ module Api::V2
         process_response @scap_content.destroy
       end
 
+      api :POST, '/compliance/scap_contents/bulk_upload', N_('Upload scap contents in bulk')
+      param :type, bulk_upload_types, :required => true, :desc => N_('Type of the upload')
+      param :files, Array, :desc => N_('File paths to upload when using "files" upload type')
+      param :directory, String, :desc => N_('Directory to upload when using "directory" upload type')
+
+      def bulk_upload
+        case params[:type]
+        when 'files'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_files(params[:files])
+        when 'directory'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_directory(params[:directory])
+        when 'default'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
+        else
+          return render :json => {
+            :errors => [
+              _("Please specify import type, received: %{received}, expected one of: %{expected}") %
+                { :expected => self.class.bulk_upload_types.join(', '), :received => params[:type] }
+            ]
+          }, :status => :unprocessable_entity
+        end
+      end
+
       private
 
       def find_resource
@@ -70,6 +97,8 @@ module Api::V2
 
       def action_permission
         case params[:action]
+        when 'bulk_upload'
+          :create
         when 'xml'
           :view
         else

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -81,6 +81,11 @@ module ForemanOpenscap
       }
 
       base.send :extend, ClassMethods
+
+      base.apipie :class do
+        property :policies_enc, String, desc: 'Returns JSON string containing policies for the host'
+        property :policies_enc_raw, array_of: Hash, desc: 'Returns a list with key:value objects containing policies for the host'
+      end
     end
 
     def inherited_attributes

data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb

@@ -22,18 +22,10 @@ module ForemanOpenscap
     end
 
     def inherited_openscap_proxy_id
-      inherited_ancestry_attribute(:openscap_proxy_id)
-    end
-
-    unless defined?(Katello::System)
-      private
-
-      def inherited_ancestry_attribute(attribute)
-        if ancestry.present?
-          self[attribute] || self.class.sort_by_ancestry(ancestors.where("#{attribute} is not NULL")).last.try(attribute)
-        else
-          self.send(attribute)
-        end
+      if ancestry.present?
+        self[:openscap_proxy_id] || self.class.sort_by_ancestry(ancestors.where.not(openscap_proxy_id: nil)).last.try(:openscap_proxy_id)
+      else
+        self.send(:openscap_proxy_id)
       end
     end
   end

data/app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb

@@ -33,10 +33,6 @@ module ForemanOpenscap
       end
     end
 
-    def inherited_openscap_proxy_id
-      inherited_ancestry_attribute(:openscap_proxy_id)
-    end
-
     private
 
     def scap_client_lookup_values_for(lookup_keys, model_match)

data/app/models/foreman_openscap/arf_report.rb

@@ -125,11 +125,9 @@ module ForemanOpenscap
               msg = Log.where(:source_id => src.id).order(:id => :desc).first.message
               update_msg_with_changes(msg, log)
             else
-              digest = Digest::SHA1.hexdigest(log[:title])
-              if (msg = Message.find_by(:digest => digest))
+              if (msg = Message.find_by(:value => log[:title]))
                 msg.attributes = {
                   :value => N_(log[:title]),
-                  :digest => digest,
                   :severity => log[:severity],
                   :description => newline_to_space(log[:description]),
                   :rationale => newline_to_space(log[:rationale]),
@@ -137,7 +135,6 @@ module ForemanOpenscap
                 }
               else
                 msg = Message.new(:value => N_(log[:title]),
-                                  :digest => digest,
                                   :severity => log[:severity],
                                   :description => newline_to_space(log[:description]),
                                   :rationale => newline_to_space(log[:rationale]),
@@ -233,7 +230,6 @@ module ForemanOpenscap
       msg.value = incoming_data['title']
 
       return unless msg.changed?
-      msg.digest = Digest::SHA1.hexdigest(msg.value) if msg.value_changed?
       msg.save
     end
   end

data/app/models/foreman_openscap/compliance_status.rb

@@ -8,6 +8,10 @@ module ForemanOpenscap
       N_('Compliance')
     end
 
+    def status_link
+      host.arf_reports_path(:search => "host = #{host.name}")
+    end
+
     def self.bit_mask(status)
       "#{ArfReport::BIT_NUM * ArfReport::METRIC.index(status)} & #{ArfReport::MAX}"
     end

data/app/models/foreman_openscap/policy.rb

@@ -174,8 +174,14 @@ module ForemanOpenscap
     end
 
     def unassign_hosts(hosts)
-      host_asset_ids = ForemanOpenscap::Asset.where(:assetable_type => 'Host::Base', :assetable_id => hosts.map(&:id)).pluck(:id)
-      self.asset_ids = self.asset_ids - host_asset_ids
+      policy_host_assets = ForemanOpenscap::Asset.joins(:asset_policies).where(
+        :assetable_type => 'Host::Base',
+        :assetable_id => hosts.map(&:id),
+        :foreman_openscap_asset_policies => { :policy_id => id }
+      ).pluck(:id)
+
+      self.asset_ids = self.asset_ids - policy_host_assets
+      ForemanOpenscap::Asset.where(:id => policy_host_assets).destroy_all
     end
 
     def to_enc
@@ -312,7 +318,7 @@ module ForemanOpenscap
     end
 
     def assign_ids(ids, class_name)
-      new_assets = ids.reject { |id| id.respond_to?(:empty?) && id.empty? }.reduce([]) do |memo, id|
+      new_assets = ids.uniq.reject { |id| id.respond_to?(:empty?) && id.empty? }.reduce([]) do |memo, id|
         memo << assets.where(:assetable_type => class_name, :assetable_id => id).first_or_initialize
       end
       complimentary_class_name = class_name == 'Host::Base' ? 'Hostgroup' : 'Host::Base'

data/app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl

@@ -0,0 +1,7 @@
+object @result
+
+attributes :errors
+
+child :results => :results do
+  extends 'api/v2/compliance/scap_contents/index'
+end

data/config/routes.rb

@@ -64,6 +64,9 @@ Rails.application.routes.draw do
           member do
             get 'xml'
           end
+          collection do
+            post 'bulk_upload'
+          end
         end
         resources :scap_content_profiles, :only => %i[index]
 

data/db/migrate/20200803065041_migrate_port_overrides_for_ansible.rb

@@ -0,0 +1,34 @@
+class MigratePortOverridesForAnsible < ActiveRecord::Migration[6.0]
+  def up
+    transform_lookup_values :to_i
+  end
+
+  def down
+    transform_lookup_values :to_s
+  end
+
+  private
+
+  def transform_lookup_values(method)
+    return unless defined?(ForemanAnsible)
+    role = AnsibleRole.find_by :name => 'theforeman.foreman_scap_client'
+    return unless role
+    port_key = role.ansible_variables.find_by :key => 'foreman_scap_client_port'
+    return unless port_key
+    if method == :to_i
+      port_key.key_type =  "integer"
+      port_key.default_value = 8080
+    else
+      port_key.key_type == "string"
+      port_key.default_value = ""
+    end
+
+    port_key.save
+    port_key.lookup_values.in_batches do |batch|
+      batch.each do |lookup_value|
+        lookup_value.value = lookup_value.value.send(method)
+        lookup_value.save
+      end
+    end
+  end
+end

data/db/migrate/20201202110213_update_puppet_port_param_type.rb

@@ -0,0 +1,28 @@
+class UpdatePuppetPortParamType < ActiveRecord::Migration[6.0]
+  def up
+    update_port_type :to_i
+  end
+
+  def down
+    update_port_type :to_s
+  end
+
+  private
+
+  def update_port_type(method)
+    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
+    return unless puppet_class
+    port_key = puppet_class.class_params.find_by :key => 'port'
+    return unless port_key
+    def_value = port_key.default_value
+
+    if method == :to_i
+      port_key.key_type =  "integer"
+      port_key.default_value = def_value.to_i
+    else
+      port_key.key_type == "string"
+      port_key.default_value = port_key.default_value.to_s
+    end
+    port_key.save!
+  end
+end

data/db/seeds.d/75-job_templates.rb

@@ -7,9 +7,9 @@ if ForemanOpenscap.with_remote_execution?
         sync = !Rails.env.test? && Setting[:remote_execution_sync_templates]
         # import! was renamed to import_raw! around 1.3.1
         if JobTemplate.respond_to?('import_raw!')
-          template = JobTemplate.import_raw!(File.read(template), :default => true, :locked => true, :update => sync)
+          template = JobTemplate.import_raw!(File.read(template), :default => true, :lock => true, :update => sync)
         else
-          template = JobTemplate.import!(File.read(template), :default => true, :locked => true, :update => sync)
+          template = JobTemplate.import!(File.read(template), :default => true, :lock => true, :update => sync)
         end
         template.organizations = organizations if SETTINGS[:organizations_enabled] && template.present?
         template.locations = locations if SETTINGS[:locations_enabled] && template.present?

data/lib/foreman_openscap/bulk_upload.rb

@@ -1,48 +1,74 @@
 require 'digest/sha2'
+require 'ostruct'
+
 module ForemanOpenscap
   class BulkUpload
-    attr_accessor :from_scap_security_guide
-    def initialize(from_scap_security_guide = false)
-      @from_scap_security_guide = from_scap_security_guide
+    def initialize
+      @result = OpenStruct.new(:errors => [], :results => [])
+    end
+
+    def files_from_guide
+      `rpm -ql scap-security-guide | grep ds.xml`.split
     end
 
-    def generate_scap_default_content
-      return unless @from_scap_security_guide
+    def scap_guide_installed?
+      `rpm -qa | grep scap-security-guide`.present?
+    end
 
-      if `rpm -qa | grep scap-security-guide`.empty?
-        Rails.logger.debug "Can't find scap-security-guide RPM"
-        return
+    def upload_from_scap_guide
+      unless scap_guide_installed?
+        @result.errors.push("Can't find scap-security-guide RPM, are you sure it is installed on your server?")
+        return @result
       end
 
-      files_array = `rpm -ql scap-security-guide | grep ds.xml`.split
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_from_guide, true)
     end
 
-    def upload_from_files(files_array)
+    def upload_from_files(files_array, from_scap_guide = false)
+      unless files_array.is_a? Array
+        @result.errors.push("Expected an array of files to upload, got: #{files_array}.")
+        return @result
+      end
+
       files_array.each do |datastream|
+        if File.directory?(datastream)
+          @result.errors.push("#{datastream} is a directory, expecting file.")
+          next
+        end
+
+        unless File.file?(datastream)
+          @result.errors.push("#{datastream} does not exist, skipping.")
+          next
+        end
+
         file = File.open(datastream, 'rb').read
         digest = Digest::SHA2.hexdigest(datastream)
-        title = content_name(datastream)
+        title = content_name(datastream, from_scap_guide)
         filename = original_filename(datastream)
         scap_content = ScapContent.where(:title => title, :digest => digest).first_or_initialize
         next if scap_content.persisted?
         scap_content.scap_file = file
         scap_content.original_filename = filename
-        scap_content.location_ids = Location.all.map(&:id) if SETTINGS[:locations_enabled]
-        scap_content.organization_ids = Organization.all.map(&:id) if SETTINGS[:organizations_enabled]
+        scap_content.location_ids = Location.all.map(&:id)
+        scap_content.organization_ids = Organization.all.map(&:id)
 
-        next puts "## SCAP content is invalid: #{scap_content.errors.full_messages.uniq.join(',')} ##" unless scap_content.valid?
         if scap_content.save
-          puts "Saved #{datastream} as #{scap_content.title}"
+          @result.results.push(scap_content)
         else
-          puts "Failed saving #{datastream}"
+          @result.errors.push("Failed saving #{datastream}: #{scap_content.errors.full_messages.uniq.join(',')}")
         end
       end
+      @result
     end
 
     def upload_from_directory(directory_path)
+      unless directory_path && Dir.exist?(directory_path)
+        @result[:errors].push("No such directory: #{directory_path}. Please check the path you have provided.")
+        return @result
+      end
+
       files_array = Dir["#{directory_path}/*-ds.xml"]
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_array)
     end
 
     private
@@ -57,9 +83,9 @@ module ForemanOpenscap
       file.split('/').last
     end
 
-    def content_name(datastream)
+    def content_name(datastream, from_scap_guide)
       os_name = extract_name_from_file(datastream)
-      @from_scap_security_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
+      from_scap_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
     end
   end
 end

data/lib/foreman_openscap/engine.rb

@@ -92,7 +92,7 @@ module ForemanOpenscap
                                             'api/v2/compliance/scap_contents' => [:update] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :create_scap_contents, { :scap_contents => %i[new create],
-                                              'api/v2/compliance/scap_contents' => [:create] },
+                                              'api/v2/compliance/scap_contents' => %i[create bulk_upload] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :destroy_scap_contents, { :scap_contents => [:destroy],
                                                'api/v2/compliance/scap_contents' => [:destroy] },
@@ -180,19 +180,6 @@ module ForemanOpenscap
                         :description => proxy_description,
                         :api_description => N_('ID of OpenSCAP Proxy')
 
-        if ForemanOpenscap.with_remote_execution?
-          options = {
-            :description => N_("Run OpenSCAP scan"),
-            :provided_inputs => "policies"
-          }
-
-          if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
-            options[:host_action_button] = true
-          end
-
-          RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
-        end
-
         add_controller_action_scope('Api::V2::HostsController', :index) do |base_scope|
           base_scope.preload(:policies)
         end
@@ -231,6 +218,19 @@ module ForemanOpenscap
       Log.send(:include, ForemanOpenscap::LogExtensions)
       BookmarkControllerValidator.send(:prepend, ForemanOpenscap::BookmarkControllerValidatorExtensions)
       ProxyStatus.status_registry.add(ProxyStatus::OpenscapSpool)
+
+      if ForemanOpenscap.with_remote_execution?
+        options = {
+          :description => N_("Run OpenSCAP scan"),
+          :provided_inputs => "policies"
+        }
+
+        if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
+          options[:host_action_button] = true
+        end
+
+        RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
+      end
     end
 
     rake_tasks do

data/lib/foreman_openscap/version.rb

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "4.0.1".freeze
+  VERSION = "4.1.1".freeze
 end

data/lib/tasks/foreman_openscap_tasks.rake

@@ -6,23 +6,26 @@ namespace :foreman_openscap do
   namespace :bulk_upload do
     desc 'Bulk upload SCAP content from directory'
     task :directory, [:directory] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       abort("# No such directory, please check the path you have provided. #") unless args[:directory].blank? || Dir.exist?(args[:directory])
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
     end
 
     task :files, [:files] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       files_array = args[:files].split(' ')
       files_array.each do |file|
         abort("# #{file} is a directory, expecting file. Try using 'rake foreman_openscap:bulk_upload:directory' with this directory. #") if File.directory?(file)
       end
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
     end
 
     task :default => [:environment] do
+      deprecate_upload_from_rake
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new(true).generate_scap_default_content
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
     end
   end
 
@@ -67,6 +70,15 @@ namespace :foreman_openscap do
   end
 end
 
+def deprecate_upload_from_rake
+  puts 'DEPRECATION WARNING: Uploading scap contents using rake task is deprecated and will be removed in a future version. Please use API or CLI.'
+end
+
+def print_upload_result(result)
+  puts result.errors.join(' ') if result.errors.present?
+  puts result.results.map { |sc| "Saved #{sc.original_filename} as #{sc.title}" }.join("\n") if result.results.present?
+end
+
 # Tests
 namespace :test do
   desc "Test ForemanOpenscap"

data/test/factories/compliance_log_factory.rb

@@ -9,15 +9,9 @@ FactoryBot.define do
 
   factory :compliance_message, :class => :message do
     sequence(:value) { |n| "message#{n}" }
-    after(:build) do |msg|
-      msg.digest = Digest::SHA1.hexdigest(msg.value)
-    end
   end
 
   factory :compliance_source, :class => :source do
     sequence(:value) { |n| "source#{n}" }
-    after(:build) do |source|
-      source.digest = Digest::SHA1.hexdigest(source.value)
-    end
   end
 end

data/test/functional/api/v2/compliance/arf_reports_controller_test.rb

@@ -139,7 +139,7 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
                                      :date => dates[1].to_i,
                                      :openscap_proxy_name => @proxy.name),
          :session => set_session_user
-    assert_equal Message.where(:digest => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.digest).count, 1
+    assert_equal Message.where(:value => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.value).count, 1
   end
 
   test "should recognize changes in messages" do
@@ -187,12 +187,12 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
 
     reports = ForemanOpenscap::ArfReport.unscoped.all
     assert_equal reports.count, 2
-
-    new_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    msg_value = "Disable Firefox Configuration File ROT-13 Encoding Changed For Test"
+    new_msgs = Message.where(:value => msg_value)
     old_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding")
     assert_equal new_msgs.count, 1
     assert_equal old_msgs.count, 0
-    assert_equal new_msgs.first.digest, Digest::SHA1.hexdigest("Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    assert_equal new_msgs.first.value, msg_value
   end
 
   test "should find reports by policy name" do

data/test/lib/foreman_openscap/bulk_upload_test.rb

@@ -3,6 +3,7 @@ require 'test_plugin_helper'
 class BulkUploadTest < ActiveSupport::TestCase
   setup do
     require 'foreman_openscap/bulk_upload'
+    ForemanOpenscap::ScapContent.all.map(&:destroy)
   end
 
   test 'upload_from_files should create only one scap content' do
@@ -13,4 +14,51 @@ class BulkUploadTest < ActiveSupport::TestCase
       end
     end
   end
+
+  test 'upload_from_files should not crash when scap files are not array' do
+    scap_files = '/tmp/foo'
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files(scap_files)
+    assert_equal "Expected an array of files to upload, got: #{scap_files}.", res.errors.first
+  end
+
+  test 'upload_from_files should skip directories' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([dir])
+    assert_equal "#{dir} is a directory, expecting file.", res.errors.first
+  end
+
+  test 'upload_from_files should skip files that does not exist' do
+    file = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo-ds.xml"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([file])
+    assert_equal "#{file} does not exist, skipping.", res.errors.first
+  end
+
+  test 'upload_from_directory should check if directory exists' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    assert_equal "No such directory: #{dir}. Please check the path you have provided.", res.errors.first
+  end
+
+  test 'upload_from_directory should upload from directory' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    end
+  end
+
+  test 'should handle case when scap security guide is not installed' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(false)
+    res = upload.upload_from_scap_guide
+    assert_equal "Can't find scap-security-guide RPM, are you sure it is installed on your server?", res.errors.first
+  end
+
+  test 'should upload files from guide' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(true)
+    upload.stubs(:files_from_guide).returns(["#{ForemanOpenscap::Engine.root}/test/files/scap_contents/ssg-fedora-ds.xml"])
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      upload.upload_from_scap_guide
+    end
+  end
 end

data/test/test_plugin_helper.rb

@@ -11,9 +11,9 @@ module ScapClientPuppetclass
     Puppetclass.find_by(:name => puppet_config.puppetclass_name)&.destroy
 
     puppet_class = FactoryBot.create(:puppetclass, :name => puppet_config.puppetclass_name)
-    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :puppetclass_id => puppet_class.id)
-    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :puppetclass_id => puppet_class.id)
-    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :puppetclass_id => puppet_class.id)
+    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :default_value => nil)
+    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :default_value => nil)
+    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :default_value => nil)
 
     env = FactoryBot.create :environment
 

data/test/unit/policy_test.rb

@@ -37,6 +37,39 @@ class PolicyTest < ActiveSupport::TestCase
     assert_equal hostgroup, policy.hostgroups.first
   end
 
+  test "should not raise when assiging same host by id" do
+    host1 = FactoryBot.create(:compliance_host)
+    asset = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    policy = FactoryBot.create(:policy, :assets => [asset], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy.host_ids = [host1, host1].map(&:id)
+    policy.save!
+    assert_equal 1, policy.hosts.count
+  end
+
+  test "should delete assets when unassigning hosts" do
+    host1 = FactoryBot.create(:compliance_host)
+    host2 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host2.id, :assetable_type => 'Host::Base')
+    policy = FactoryBot.create(:policy, :assets => [asset1, asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy.unassign_hosts([host1, host2])
+
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+
+  test "should delete assets only for selected policy when unassigning host" do
+    host1 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    policy1 = FactoryBot.create(:policy, :assets => [asset1], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy2 = FactoryBot.create(:policy, :assets => [asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy1.unassign_hosts([host1])
+
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_not_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+
   test "should remove associated hostgroup" do
     hg = FactoryBot.create(:hostgroup)
     asset = FactoryBot.create(:asset, :assetable_id => hg.id, :assetable_type => 'Hostgroup')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 4.0.1
+  version: 4.1.1
 platform: ruby
 authors:
 - slukasik@redhat.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-13 00:00:00.000000000 Z
+date: 2020-12-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -130,6 +130,7 @@ files:
 - app/views/api/v2/compliance/scap_content_profiles/index.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/main.json.rabl
 - app/views/api/v2/compliance/scap_contents/base.json.rabl
+- app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl
 - app/views/api/v2/compliance/scap_contents/create.json.rabl
 - app/views/api/v2/compliance/scap_contents/index.json.rabl
 - app/views/api/v2/compliance/scap_contents/main.json.rabl
@@ -244,6 +245,8 @@ files:
 - db/migrate/20171016125613_add_content_title_unique_constraint.foreman_openscap.rb
 - db/migrate/20190103093409_add_deployment_option_to_policy.foreman_openscap.rb
 - db/migrate/20200117135424_migrate_port_overrides_to_int.rb
+- db/migrate/20200803065041_migrate_port_overrides_for_ansible.rb
+- db/migrate/20201202110213_update_puppet_port_param_type.rb
 - db/seeds.d/75-job_templates.rb
 - db/seeds.d/openscap_feature.rb
 - db/seeds.d/openscap_policy_notification.rb
@@ -356,10 +359,10 @@ test_files:
 - test/factories/arf_report_factory.rb
 - test/factories/asset_factory.rb
 - test/factories/compliance_host_factory.rb
-- test/factories/compliance_log_factory.rb
 - test/factories/policy_arf_report_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
+- test/factories/compliance_log_factory.rb
 - test/files/arf_report/arf_report.bz2
 - test/files/arf_report/arf_report.html
 - test/files/arf_report/arf_report.json
@@ -368,11 +371,11 @@ test_files:
 - test/files/scap_contents/ssg-fedora-ds.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring.xml
-- test/functional/api/v2/compliance/arf_reports_controller_test.rb
 - test/functional/api/v2/compliance/policies_controller_test.rb
 - test/functional/api/v2/compliance/scap_content_profiles_controller_test.rb
 - test/functional/api/v2/compliance/scap_contents_controller_test.rb
 - test/functional/api/v2/compliance/tailoring_files_controller_test.rb
+- test/functional/api/v2/compliance/arf_reports_controller_test.rb
 - test/functional/api/v2/hosts_controller_test.rb
 - test/functional/arf_reports_controller_test.rb
 - test/functional/openscap_proxies_controller_test.rb