RubyGems - foreman_openscap - Versions diffs - 4.0.2 → 4.1.2 - Mend

foreman_openscap 4.0.2 → 4.1.2

Files changed (22) hide show

checksums.yaml +4 -4
data/app/controllers/api/v2/compliance/scap_contents_controller.rb +32 -1
data/app/models/concerns/foreman_openscap/host_extensions.rb +5 -0
data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb +4 -12
data/app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb +0 -4
data/app/models/foreman_openscap/arf_report.rb +1 -5
data/app/models/foreman_openscap/compliance_status.rb +4 -0
data/app/models/foreman_openscap/policy.rb +8 -2
data/app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl +7 -0
data/config/routes.rb +3 -0
data/db/migrate/20201202110213_update_puppet_port_param_type.rb +28 -0
data/db/seeds.d/75-job_templates.rb +2 -2
data/lib/foreman_openscap/bulk_upload.rb +46 -20
data/lib/foreman_openscap/engine.rb +14 -14
data/lib/foreman_openscap/version.rb +1 -1
data/lib/tasks/foreman_openscap_tasks.rake +15 -3
data/test/factories/compliance_log_factory.rb +0 -6
data/test/functional/api/v2/compliance/arf_reports_controller_test.rb +4 -4
data/test/lib/foreman_openscap/bulk_upload_test.rb +48 -0
data/test/test_plugin_helper.rb +3 -3
data/test/unit/policy_test.rb +24 -0
metadata +6 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 66351b5753044871382c381df255b7666a31e08fea8512d1012a3a09b63e7378
-  data.tar.gz: 5a7a4cf20c67ae0a27365b5d6f9bdb5874aa4aa19cb792a8aaac348a477de104
+  metadata.gz: d2929e3c150fb1a79b7c30521092da065f2ec849441272e5189f0837ab0519c8
+  data.tar.gz: 3ead19515492a9f59a9af88ed6de9960f896383a491a194ae7b5703da6c26a77
 SHA512:
-  metadata.gz: 9e172a8489bd6a8df619438aeb1dafa2166241313d5770da82b889ce15193afad019dff653a4b86f014da6841bd3dfc06993fb2e72441091cd707c22907a2122
-  data.tar.gz: fc59f280bc4614e94dac5d27c7d1806f2cd79b458dce66300eea6f3038533b7a936953a51b91331680b86767846d0b1fcc0f134d45056c2d70284a1b43497bba
+  metadata.gz: df4322563c54efd0bb0e95adfa3b45278bddc14fa102469e509a2a102604a71af9d78e2a3213c1c0e855fe2e1dbb87c41f57df4c657e15394c8f1885d15fba56
+  data.tar.gz: 4963b73e1723874e352162493ec51a85de730734df6985df63f1a49045bae7a70b73e3aa43963b305ed6684f5b8cc1b29d1cf99cb689c453c049ef830c7dc553

data/app/controllers/api/v2/compliance/scap_contents_controller.rb CHANGED

@@ -1,3 +1,5 @@
+require 'foreman_openscap/bulk_upload'
 module Api::V2
   module Compliance
     class ScapContentsController < ::Api::V2::BaseController
@@ -5,7 +7,11 @@ module Api::V2
       include ForemanOpenscap::BodyLogExtensions
       include ForemanOpenscap::Api::V2::ScapApiControllerExtensions
-      before_action :find_resource, :except => %w[index create]
+      def self.bulk_upload_types
+        ['files', 'directory', 'default']
+      end
+      before_action :find_resource, :except => %w[index create bulk_upload]
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')
       param_group :search_and_pagination, ::Api::V2::BaseController
@@ -61,6 +67,29 @@ module Api::V2
         process_response @scap_content.destroy
       end
+      api :POST, '/compliance/scap_contents/bulk_upload', N_('Upload scap contents in bulk')
+      param :type, bulk_upload_types, :required => true, :desc => N_('Type of the upload')
+      param :files, Array, :desc => N_('File paths to upload when using "files" upload type')
+      param :directory, String, :desc => N_('Directory to upload when using "directory" upload type')
+      def bulk_upload
+        case params[:type]
+        when 'files'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_files(params[:files])
+        when 'directory'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_directory(params[:directory])
+        when 'default'
+          @result = ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
+        else
+          return render :json => {
+            :errors => [
+              _("Please specify import type, received: %{received}, expected one of: %{expected}") %
+                { :expected => self.class.bulk_upload_types.join(', '), :received => params[:type] }
+            ]
+          }, :status => :unprocessable_entity
+        end
+      end
       private
       def find_resource
@@ -70,6 +99,8 @@ module Api::V2
       def action_permission
         case params[:action]
+        when 'bulk_upload'
+          :create
         when 'xml'
           :view
         else

data/app/models/concerns/foreman_openscap/host_extensions.rb CHANGED

@@ -81,6 +81,11 @@ module ForemanOpenscap
       }
       base.send :extend, ClassMethods
+      base.apipie :class do
+        property :policies_enc, String, desc: 'Returns JSON string containing policies for the host'
+        property :policies_enc_raw, array_of: Hash, desc: 'Returns a list with key:value objects containing policies for the host'
+      end
     end
     def inherited_attributes

data/app/models/concerns/foreman_openscap/hostgroup_extensions.rb CHANGED

@@ -22,18 +22,10 @@ module ForemanOpenscap
     end
     def inherited_openscap_proxy_id
-      inherited_ancestry_attribute(:openscap_proxy_id)
-    end
-    unless defined?(Katello::System)
-      private
-      def inherited_ancestry_attribute(attribute)
-        if ancestry.present?
-          self[attribute] || self.class.sort_by_ancestry(ancestors.where("#{attribute} is not NULL")).last.try(attribute)
-        else
-          self.send(attribute)
-        end
+      if ancestry.present?
+        self[:openscap_proxy_id] || self.class.sort_by_ancestry(ancestors.where.not(openscap_proxy_id: nil)).last.try(:openscap_proxy_id)
+      else
+        self.send(:openscap_proxy_id)
       end
     end
   end

data/app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb CHANGED

@@ -33,10 +33,6 @@ module ForemanOpenscap
       end
     end
-    def inherited_openscap_proxy_id
-      inherited_ancestry_attribute(:openscap_proxy_id)
-    end
     private
     def scap_client_lookup_values_for(lookup_keys, model_match)

data/app/models/foreman_openscap/arf_report.rb CHANGED

@@ -125,11 +125,9 @@ module ForemanOpenscap
               msg = Log.where(:source_id => src.id).order(:id => :desc).first.message
               update_msg_with_changes(msg, log)
             else
-              digest = Digest::SHA1.hexdigest(log[:title])
-              if (msg = Message.find_by(:digest => digest))
+              if (msg = Message.find_by(:value => log[:title]))
                 msg.attributes = {
                   :value => N_(log[:title]),
-                  :digest => digest,
                   :severity => log[:severity],
                   :description => newline_to_space(log[:description]),
                   :rationale => newline_to_space(log[:rationale]),
@@ -137,7 +135,6 @@ module ForemanOpenscap
                 }
               else
                 msg = Message.new(:value => N_(log[:title]),
-                                  :digest => digest,
                                   :severity => log[:severity],
                                   :description => newline_to_space(log[:description]),
                                   :rationale => newline_to_space(log[:rationale]),
@@ -233,7 +230,6 @@ module ForemanOpenscap
       msg.value = incoming_data['title']
       return unless msg.changed?
-      msg.digest = Digest::SHA1.hexdigest(msg.value) if msg.value_changed?
       msg.save
     end
   end

data/app/models/foreman_openscap/compliance_status.rb CHANGED

@@ -8,6 +8,10 @@ module ForemanOpenscap
       N_('Compliance')
     end
+    def status_link
+      host.arf_reports_path(:search => "host = #{host.name}")
+    end
     def self.bit_mask(status)
       "#{ArfReport::BIT_NUM * ArfReport::METRIC.index(status)} & #{ArfReport::MAX}"
     end

data/app/models/foreman_openscap/policy.rb CHANGED

@@ -174,8 +174,14 @@ module ForemanOpenscap
     end
     def unassign_hosts(hosts)
-      host_asset_ids = ForemanOpenscap::Asset.where(:assetable_type => 'Host::Base', :assetable_id => hosts.map(&:id)).pluck(:id)
-      self.asset_ids = self.asset_ids - host_asset_ids
+      policy_host_assets = ForemanOpenscap::Asset.joins(:asset_policies).where(
+        :assetable_type => 'Host::Base',
+        :assetable_id => hosts.map(&:id),
+        :foreman_openscap_asset_policies => { :policy_id => id }
+      ).pluck(:id)
+      self.asset_ids = self.asset_ids - policy_host_assets
+      ForemanOpenscap::Asset.where(:id => policy_host_assets).destroy_all
     end
     def to_enc

data/app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl ADDED

@@ -0,0 +1,7 @@
+object @result
+attributes :errors
+child :results => :results do
+  extends 'api/v2/compliance/scap_contents/index'
+end

data/config/routes.rb CHANGED

@@ -64,6 +64,9 @@ Rails.application.routes.draw do
           member do
             get 'xml'
           end
+          collection do
+            post 'bulk_upload'
+          end
         end
         resources :scap_content_profiles, :only => %i[index]

data/db/migrate/20201202110213_update_puppet_port_param_type.rb ADDED

@@ -0,0 +1,28 @@
+class UpdatePuppetPortParamType < ActiveRecord::Migration[6.0]
+  def up
+    update_port_type :to_i
+  end
+  def down
+    update_port_type :to_s
+  end
+  private
+  def update_port_type(method)
+    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
+    return unless puppet_class
+    port_key = puppet_class.class_params.find_by :key => 'port'
+    return unless port_key
+    def_value = port_key.default_value
+    if method == :to_i
+      port_key.key_type =  "integer"
+      port_key.default_value = def_value.to_i
+    else
+      port_key.key_type == "string"
+      port_key.default_value = port_key.default_value.to_s
+    end
+    port_key.save!
+  end
+end

data/db/seeds.d/75-job_templates.rb CHANGED

@@ -7,9 +7,9 @@ if ForemanOpenscap.with_remote_execution?
         sync = !Rails.env.test? && Setting[:remote_execution_sync_templates]
         # import! was renamed to import_raw! around 1.3.1
         if JobTemplate.respond_to?('import_raw!')
-          template = JobTemplate.import_raw!(File.read(template), :default => true, :locked => true, :update => sync)
+          template = JobTemplate.import_raw!(File.read(template), :default => true, :lock => true, :update => sync)
         else
-          template = JobTemplate.import!(File.read(template), :default => true, :locked => true, :update => sync)
+          template = JobTemplate.import!(File.read(template), :default => true, :lock => true, :update => sync)
         end
         template.organizations = organizations if SETTINGS[:organizations_enabled] && template.present?
         template.locations = locations if SETTINGS[:locations_enabled] && template.present?

data/lib/foreman_openscap/bulk_upload.rb CHANGED

@@ -1,48 +1,74 @@
 require 'digest/sha2'
+require 'ostruct'
 module ForemanOpenscap
   class BulkUpload
-    attr_accessor :from_scap_security_guide
-    def initialize(from_scap_security_guide = false)
-      @from_scap_security_guide = from_scap_security_guide
+    def initialize
+      @result = OpenStruct.new(:errors => [], :results => [])
+    end
+    def files_from_guide
+      `rpm -ql scap-security-guide | grep ds.xml`.split
     end
-    def generate_scap_default_content
-      return unless @from_scap_security_guide
+    def scap_guide_installed?
+      `rpm -qa | grep scap-security-guide`.present?
+    end
-      if `rpm -qa | grep scap-security-guide`.empty?
-        Rails.logger.debug "Can't find scap-security-guide RPM"
-        return
+    def upload_from_scap_guide
+      unless scap_guide_installed?
+        @result.errors.push("Can't find scap-security-guide RPM, are you sure it is installed on your server?")
+        return @result
       end
-      files_array = `rpm -ql scap-security-guide | grep ds.xml`.split
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_from_guide, true)
     end
-    def upload_from_files(files_array)
+    def upload_from_files(files_array, from_scap_guide = false)
+      unless files_array.is_a? Array
+        @result.errors.push("Expected an array of files to upload, got: #{files_array}.")
+        return @result
+      end
       files_array.each do |datastream|
+        if File.directory?(datastream)
+          @result.errors.push("#{datastream} is a directory, expecting file.")
+          next
+        end
+        unless File.file?(datastream)
+          @result.errors.push("#{datastream} does not exist, skipping.")
+          next
+        end
         file = File.open(datastream, 'rb').read
         digest = Digest::SHA2.hexdigest(datastream)
-        title = content_name(datastream)
+        title = content_name(datastream, from_scap_guide)
         filename = original_filename(datastream)
         scap_content = ScapContent.where(:title => title, :digest => digest).first_or_initialize
         next if scap_content.persisted?
         scap_content.scap_file = file
         scap_content.original_filename = filename
-        scap_content.location_ids = Location.all.map(&:id) if SETTINGS[:locations_enabled]
-        scap_content.organization_ids = Organization.all.map(&:id) if SETTINGS[:organizations_enabled]
+        scap_content.location_ids = Location.all.map(&:id)
+        scap_content.organization_ids = Organization.all.map(&:id)
-        next puts "## SCAP content is invalid: #{scap_content.errors.full_messages.uniq.join(',')} ##" unless scap_content.valid?
         if scap_content.save
-          puts "Saved #{datastream} as #{scap_content.title}"
+          @result.results.push(scap_content)
         else
-          puts "Failed saving #{datastream}"
+          @result.errors.push("Failed saving #{datastream}: #{scap_content.errors.full_messages.uniq.join(',')}")
         end
       end
+      @result
     end
     def upload_from_directory(directory_path)
+      unless directory_path && Dir.exist?(directory_path)
+        @result[:errors].push("No such directory: #{directory_path}. Please check the path you have provided.")
+        return @result
+      end
       files_array = Dir["#{directory_path}/*-ds.xml"]
-      upload_from_files(files_array) unless files_array.empty?
+      upload_from_files(files_array)
     end
     private
@@ -57,9 +83,9 @@ module ForemanOpenscap
       file.split('/').last
     end
-    def content_name(datastream)
+    def content_name(datastream, from_scap_guide)
       os_name = extract_name_from_file(datastream)
-      @from_scap_security_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
+      from_scap_guide ? "Red Hat #{os_name} default content" : "#{os_name} content"
     end
   end
 end

data/lib/foreman_openscap/engine.rb CHANGED

@@ -92,7 +92,7 @@ module ForemanOpenscap
                                             'api/v2/compliance/scap_contents' => [:update] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :create_scap_contents, { :scap_contents => %i[new create],
-                                              'api/v2/compliance/scap_contents' => [:create] },
+                                              'api/v2/compliance/scap_contents' => %i[create bulk_upload] },
                      :resource_type => 'ForemanOpenscap::ScapContent'
           permission :destroy_scap_contents, { :scap_contents => [:destroy],
                                                'api/v2/compliance/scap_contents' => [:destroy] },
@@ -180,19 +180,6 @@ module ForemanOpenscap
                         :description => proxy_description,
                         :api_description => N_('ID of OpenSCAP Proxy')
-        if ForemanOpenscap.with_remote_execution?
-          options = {
-            :description => N_("Run OpenSCAP scan"),
-            :provided_inputs => "policies"
-          }
-          if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
-            options[:host_action_button] = true
-          end
-          RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
-        end
         add_controller_action_scope('Api::V2::HostsController', :index) do |base_scope|
           base_scope.preload(:policies)
         end
@@ -231,6 +218,19 @@ module ForemanOpenscap
       Log.send(:include, ForemanOpenscap::LogExtensions)
       BookmarkControllerValidator.send(:prepend, ForemanOpenscap::BookmarkControllerValidatorExtensions)
       ProxyStatus.status_registry.add(ProxyStatus::OpenscapSpool)
+      if ForemanOpenscap.with_remote_execution?
+        options = {
+          :description => N_("Run OpenSCAP scan"),
+          :provided_inputs => "policies"
+        }
+        if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
+          options[:host_action_button] = true
+        end
+        RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
+      end
     end
     rake_tasks do

data/lib/foreman_openscap/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "4.0.2".freeze
+  VERSION = "4.1.2".freeze
 end

data/lib/tasks/foreman_openscap_tasks.rake CHANGED

@@ -6,23 +6,26 @@ namespace :foreman_openscap do
   namespace :bulk_upload do
     desc 'Bulk upload SCAP content from directory'
     task :directory, [:directory] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       abort("# No such directory, please check the path you have provided. #") unless args[:directory].blank? || Dir.exist?(args[:directory])
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_directory(args[:directory])
     end
     task :files, [:files] => [:environment] do |task, args|
+      deprecate_upload_from_rake
       files_array = args[:files].split(' ')
       files_array.each do |file|
         abort("# #{file} is a directory, expecting file. Try using 'rake foreman_openscap:bulk_upload:directory' with this directory. #") if File.directory?(file)
       end
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_files(files_array)
     end
     task :default => [:environment] do
+      deprecate_upload_from_rake
       User.current = User.anonymous_admin
-      ForemanOpenscap::BulkUpload.new(true).generate_scap_default_content
+      print_upload_result ForemanOpenscap::BulkUpload.new.upload_from_scap_guide
     end
   end
@@ -67,6 +70,15 @@ namespace :foreman_openscap do
   end
 end
+def deprecate_upload_from_rake
+  puts 'DEPRECATION WARNING: Uploading scap contents using rake task is deprecated and will be removed in a future version. Please use API or CLI.'
+end
+def print_upload_result(result)
+  puts result.errors.join(' ') if result.errors.present?
+  puts result.results.map { |sc| "Saved #{sc.original_filename} as #{sc.title}" }.join("\n") if result.results.present?
+end
 # Tests
 namespace :test do
   desc "Test ForemanOpenscap"

data/test/factories/compliance_log_factory.rb CHANGED

@@ -9,15 +9,9 @@ FactoryBot.define do
   factory :compliance_message, :class => :message do
     sequence(:value) { |n| "message#{n}" }
-    after(:build) do |msg|
-      msg.digest = Digest::SHA1.hexdigest(msg.value)
-    end
   end
   factory :compliance_source, :class => :source do
     sequence(:value) { |n| "source#{n}" }
-    after(:build) do |source|
-      source.digest = Digest::SHA1.hexdigest(source.value)
-    end
   end
 end

data/test/functional/api/v2/compliance/arf_reports_controller_test.rb CHANGED

@@ -139,7 +139,7 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
                                      :date => dates[1].to_i,
                                      :openscap_proxy_name => @proxy.name),
          :session => set_session_user
-    assert_equal Message.where(:digest => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.digest).count, 1
+    assert_equal Message.where(:value => ForemanOpenscap::ArfReport.unscoped.last.logs.first.message.value).count, 1
   end
   test "should recognize changes in messages" do
@@ -187,12 +187,12 @@ class Api::V2::Compliance::ArfReportsControllerTest < ActionController::TestCase
     reports = ForemanOpenscap::ArfReport.unscoped.all
     assert_equal reports.count, 2
-    new_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    msg_value = "Disable Firefox Configuration File ROT-13 Encoding Changed For Test"
+    new_msgs = Message.where(:value => msg_value)
     old_msgs = Message.where(:value => "Disable Firefox Configuration File ROT-13 Encoding")
     assert_equal new_msgs.count, 1
     assert_equal old_msgs.count, 0
-    assert_equal new_msgs.first.digest, Digest::SHA1.hexdigest("Disable Firefox Configuration File ROT-13 Encoding Changed For Test")
+    assert_equal new_msgs.first.value, msg_value
   end
   test "should find reports by policy name" do

data/test/lib/foreman_openscap/bulk_upload_test.rb CHANGED

@@ -3,6 +3,7 @@ require 'test_plugin_helper'
 class BulkUploadTest < ActiveSupport::TestCase
   setup do
     require 'foreman_openscap/bulk_upload'
+    ForemanOpenscap::ScapContent.all.map(&:destroy)
   end
   test 'upload_from_files should create only one scap content' do
@@ -13,4 +14,51 @@ class BulkUploadTest < ActiveSupport::TestCase
       end
     end
   end
+  test 'upload_from_files should not crash when scap files are not array' do
+    scap_files = '/tmp/foo'
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files(scap_files)
+    assert_equal "Expected an array of files to upload, got: #{scap_files}.", res.errors.first
+  end
+  test 'upload_from_files should skip directories' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([dir])
+    assert_equal "#{dir} is a directory, expecting file.", res.errors.first
+  end
+  test 'upload_from_files should skip files that does not exist' do
+    file = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo-ds.xml"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_files([file])
+    assert_equal "#{file} does not exist, skipping.", res.errors.first
+  end
+  test 'upload_from_directory should check if directory exists' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents/foo"
+    res = ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    assert_equal "No such directory: #{dir}. Please check the path you have provided.", res.errors.first
+  end
+  test 'upload_from_directory should upload from directory' do
+    dir = "#{ForemanOpenscap::Engine.root}/test/files/scap_contents"
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      ForemanOpenscap::BulkUpload.new.upload_from_directory(dir)
+    end
+  end
+  test 'should handle case when scap security guide is not installed' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(false)
+    res = upload.upload_from_scap_guide
+    assert_equal "Can't find scap-security-guide RPM, are you sure it is installed on your server?", res.errors.first
+  end
+  test 'should upload files from guide' do
+    upload = ForemanOpenscap::BulkUpload.new
+    upload.stubs(:scap_guide_installed?).returns(true)
+    upload.stubs(:files_from_guide).returns(["#{ForemanOpenscap::Engine.root}/test/files/scap_contents/ssg-fedora-ds.xml"])
+    assert_difference('ForemanOpenscap::ScapContent.count', 1) do
+      upload.upload_from_scap_guide
+    end
+  end
 end

data/test/test_plugin_helper.rb CHANGED

@@ -11,9 +11,9 @@ module ScapClientPuppetclass
     Puppetclass.find_by(:name => puppet_config.puppetclass_name)&.destroy
     puppet_class = FactoryBot.create(:puppetclass, :name => puppet_config.puppetclass_name)
-    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :puppetclass_id => puppet_class.id)
-    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :puppetclass_id => puppet_class.id)
-    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :puppetclass_id => puppet_class.id)
+    server_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.server_param, :default_value => nil)
+    port_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.port_param, :default_value => nil)
+    policies_param = FactoryBot.create(:puppetclass_lookup_key, :key => puppet_config.policies_param, :default_value => nil)
     env = FactoryBot.create :environment

data/test/unit/policy_test.rb CHANGED

@@ -46,6 +46,30 @@ class PolicyTest < ActiveSupport::TestCase
     assert_equal 1, policy.hosts.count
   end
+  test "should delete assets when unassigning hosts" do
+    host1 = FactoryBot.create(:compliance_host)
+    host2 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host2.id, :assetable_type => 'Host::Base')
+    policy = FactoryBot.create(:policy, :assets => [asset1, asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy.unassign_hosts([host1, host2])
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
+  test "should delete assets only for selected policy when unassigning host" do
+    host1 = FactoryBot.create(:compliance_host)
+    asset1 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    asset2 = FactoryBot.create(:asset, :assetable_id => host1.id, :assetable_type => 'Host::Base')
+    policy1 = FactoryBot.create(:policy, :assets => [asset1], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy2 = FactoryBot.create(:policy, :assets => [asset2], :scap_content => @scap_content, :scap_content_profile => @scap_profile)
+    policy1.unassign_hosts([host1])
+    assert_nil ForemanOpenscap::Asset.find_by(:id => asset1.id)
+    assert_not_nil ForemanOpenscap::Asset.find_by(:id => asset2.id)
+  end
   test "should remove associated hostgroup" do
     hg = FactoryBot.create(:hostgroup)
     asset = FactoryBot.create(:asset, :assetable_id => hg.id, :assetable_type => 'Hostgroup')

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_openscap
 version: !ruby/object:Gem::Version
-  version: 4.0.2
+  version: 4.1.2
 platform: ruby
 authors:
 - slukasik@redhat.com
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-13 00:00:00.000000000 Z
+date: 2020-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -130,6 +130,7 @@ files:
 - app/views/api/v2/compliance/scap_content_profiles/index.json.rabl
 - app/views/api/v2/compliance/scap_content_profiles/main.json.rabl
 - app/views/api/v2/compliance/scap_contents/base.json.rabl
+- app/views/api/v2/compliance/scap_contents/bulk_upload.json.rabl
 - app/views/api/v2/compliance/scap_contents/create.json.rabl
 - app/views/api/v2/compliance/scap_contents/index.json.rabl
 - app/views/api/v2/compliance/scap_contents/main.json.rabl
@@ -245,6 +246,7 @@ files:
 - db/migrate/20190103093409_add_deployment_option_to_policy.foreman_openscap.rb
 - db/migrate/20200117135424_migrate_port_overrides_to_int.rb
 - db/migrate/20200803065041_migrate_port_overrides_for_ansible.rb
+- db/migrate/20201202110213_update_puppet_port_param_type.rb
 - db/seeds.d/75-job_templates.rb
 - db/seeds.d/openscap_feature.rb
 - db/seeds.d/openscap_policy_notification.rb
@@ -357,10 +359,10 @@ test_files:
 - test/factories/arf_report_factory.rb
 - test/factories/asset_factory.rb
 - test/factories/compliance_host_factory.rb
-- test/factories/compliance_log_factory.rb
 - test/factories/policy_arf_report_factory.rb
 - test/factories/policy_factory.rb
 - test/factories/scap_content_related.rb
+- test/factories/compliance_log_factory.rb
 - test/files/arf_report/arf_report.bz2
 - test/files/arf_report/arf_report.html
 - test/files/arf_report/arf_report.json
@@ -369,11 +371,11 @@ test_files:
 - test/files/scap_contents/ssg-fedora-ds.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring-2.xml
 - test/files/tailoring_files/ssg-firefox-ds-tailoring.xml
-- test/functional/api/v2/compliance/arf_reports_controller_test.rb
 - test/functional/api/v2/compliance/policies_controller_test.rb
 - test/functional/api/v2/compliance/scap_content_profiles_controller_test.rb
 - test/functional/api/v2/compliance/scap_contents_controller_test.rb
 - test/functional/api/v2/compliance/tailoring_files_controller_test.rb
+- test/functional/api/v2/compliance/arf_reports_controller_test.rb
 - test/functional/api/v2/hosts_controller_test.rb
 - test/functional/arf_reports_controller_test.rb
 - test/functional/openscap_proxies_controller_test.rb