foreman_openscap 4.3.1 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 279a2b2f763e2b1f7c333a66e812b359f02c67a91626577e6212b4d69f093e08
-  data.tar.gz: 4d2116542474424bb0c7918c7c877b626bf725420e3b704794d401a68688b73f
+  metadata.gz: 0deaa4503a6ab004120595983e5b6fac947691d57e7b8da5d38a0aed3316f1a6
+  data.tar.gz: 7447310d905705fbf71ca93f1cca7b2314e7d13827e90ce9c3a8b321cfcba411
 SHA512:
-  metadata.gz: ee9601dfb4fc7ea3a6f88ad3ec238824aa30e169e5d74e6177e4d926cf60f5e715fe17faea13c0d2119ae5a28b91ac9b8c4ccb3b6e52228fa66ffb7462b3d388
-  data.tar.gz: c04a455c484bd2bc6dfc631626f0f8dc3ef88c727695eaf0af2f8cde5c8c033bf6ce5094f5a14c140fdde006a1769b87095754f1fa9c3f40328161b926daafff
+  metadata.gz: 192e4e96375311fbf3225aa5e715eed99797338a8ba2be9d5b19cdf3f49dcae9ff5a78cb0136df175744360dbcc5ffc2ce453058ac31839a71f0373e79fa22cc
+  data.tar.gz: 2b231f618e80bc0bd187417328afae0c2b7f4c7a10d0954dc26ff554fd4ad34c67073b252cdc6f86ae6194d9a9d7c53c5c08bb00ba7348d884e334baac82f1fe

data/app/controllers/api/v2/compliance/arf_reports_controller.rb

@@ -140,12 +140,6 @@ module Api
             super
           end
         end
-
-        protected
-
-        def assign_lone_taxonomies
-          # do not assign lone taxonomies to arf report
-        end
       end
     end
   end

data/app/controllers/api/v2/compliance/oval_policies_controller.rb

@@ -75,7 +75,7 @@ module Api::V2
         assign _('hosts'), params["host_ids"], ::Host::Managed
       end
 
-      api :GET, '/compliance/oval_policies/:id/oval_content', N_("Show a policy's SCAP content")
+      api :GET, '/compliance/oval_policies/:id/oval_content', N_("Show a policy's OVAL content")
       param :id, :identifier, :required => true
 
       def oval_content

data/app/graphql/mutations/oval_contents/delete.rb

@@ -0,0 +1,9 @@
+module Mutations
+  module OvalContents
+    class Delete < DeleteMutation
+      graphql_name 'DeleteOvalContentMutation'
+      description 'Deletes an OVAL Content'
+      resource_class ::ForemanOpenscap::OvalContent
+    end
+  end
+end

data/app/graphql/mutations/oval_policies/delete.rb

@@ -0,0 +1,9 @@
+module Mutations
+  module OvalPolicies
+    class Delete < DeleteMutation
+      graphql_name 'DeleteOvalPolicyMutation'
+      description 'Deletes an OVAL Policy'
+      resource_class ::ForemanOpenscap::OvalPolicy
+    end
+  end
+end

data/app/graphql/mutations/oval_policies/update.rb

@@ -0,0 +1,15 @@
+module Mutations
+  module OvalPolicies
+    class Update < UpdateMutation
+      graphql_name 'UpdateOvalPolicyMutation'
+      description 'Updates an OVAL Policy'
+      resource_class ::ForemanOpenscap::OvalPolicy
+
+      argument :name, String, required: false
+      argument :description, String, required: false
+      argument :cron_line, String, required: false
+
+      field :oval_policy, ::Types::OvalPolicy, 'The OVAL policy.', null: true
+    end
+  end
+end

data/app/graphql/types/oval_check.rb

@@ -0,0 +1,11 @@
+module Types
+  class OvalCheck < GraphQL::Schema::Object
+    description 'A check that contains information about whether a particual prerequisite for OVAL policy deployment is configured correctly'
+
+    field :id, String, null: false
+    field :title, String, null: false
+    field :fail_msg, String, null: true
+    field :errors, ::Types::RawJson, null: true
+    field :result, String, null: false
+  end
+end

data/app/graphql/types/oval_content.rb

@@ -3,6 +3,8 @@ module Types
     description 'An OVAL Content'
     model_class ::ForemanOpenscap::OvalContent
 
+    include ::Types::Concerns::MetaField
+
     global_id_field :id
     timestamps
     field :name, String

data/app/graphql/types/oval_policy.rb

@@ -3,6 +3,8 @@ module Types
     description 'An OVAL Policy'
     model_class ::ForemanOpenscap::OvalPolicy
 
+    include ::Types::Concerns::MetaField
+
     global_id_field :id
     timestamps
     field :name, String
@@ -12,6 +14,7 @@ module Types
     field :day_of_month, String
     field :cron_line, String
     belongs_to :oval_content, ::Types::OvalContent
+
     has_many :hostgroups, ::Types::Hostgroup
 
     def self.graphql_definition

data/app/helpers/arf_report_dashboard_helper.rb

@@ -6,11 +6,9 @@ module ArfReportDashboardHelper
   }.freeze
 
   def breakdown_chart_data(categories, report, colors = COLORS)
-    data = categories.reduce([]) do |memo, (key, value)|
+    categories.reduce([]) do |memo, (key, value)|
       memo << [value, report[key], colors[key]]
     end
-
-    data.to_json
   end
 
   def donut_breakdown_chart_data(report)
@@ -27,6 +25,6 @@ module ArfReportDashboardHelper
       :data => status.to_a,
       :yAxisLabel => _("Number of Events"),
       :xAxisLabel => _("Rule Results"),
-    }.to_json
+    }
   end
 end

data/app/helpers/compliance_hosts_helper.rb

@@ -16,7 +16,7 @@ module ComplianceHostsHelper
       [_("Othered"), othered, ArfReportDashboardHelper::COLORS[:othered]],
       ['dates', date, nil]
     ]
-    { :data => data, :xAxisDataLabel => 'dates', :config => 'timeseries' }.to_json
+    { :data => data, :xAxisDataLabel => 'dates', :config => 'timeseries' }
   end
 
   def compliance_host_multiple_actions

data/app/helpers/policies_helper.rb

@@ -41,7 +41,7 @@ module PoliciesHelper
   end
 
   def deploy_by_radio_checked(policy, tool)
-    type = policy.deploy_by ? policy.deploy_by.to_sym : :puppet
+    type = policy.deploy_by ? policy.deploy_by.to_sym : :manual
     tool.type == type
   end
 

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -50,12 +50,6 @@ module ForemanOpenscap
       base.scoped_search :on => :id, :rename => :removed_from_policy,
                          :only_explicit => true, :operators => ['= '], :ext_method => :search_by_removed_from_policy
 
-      base.after_update :puppetrun!, :if => ->(host) do
-        Setting[:puppetrun] &&
-        host.changed.include?('openscap_proxy_id') &&
-        (host.individual_puppetclasses + host.parent_classes).pluck(:name).include?(ClientConfig::Puppet.new.puppetclass_name)
-      end
-
       base.scope :comply_with, lambda { |policy|
         joins(:arf_reports).merge(ArfReport.latest_of_policy(policy)).merge(ArfReport.passed)
       }

data/app/models/concerns/foreman_openscap/oval_facet_hostgroup_extensions.rb

@@ -6,10 +6,25 @@ module ForemanOpenscap
 
     included do
       has_many :oval_policies, :through => :oval_facet, :class_name => 'ForemanOpenscap::OvalPolicy'
+
+      scoped_search :relation => :oval_policies,
+                    :on => :id,
+                    :rename => :oval_policy_id,
+                    :complete_value => false,
+                    :ext_method => :find_by_oval_policy_id,
+                    :operators => ['= ']
     end
 
     def inherited_oval_policies
       find_inherited_policies :oval_policies
     end
+
+    module ClassMethods
+      def find_by_oval_policy_id(_key, operator, value)
+        conditions = sanitize_sql_for_conditions(["#{::ForemanOpenscap::HostgroupOvalFacetOvalPolicy.table_name}.oval_policy_id #{operator} ?", value])
+        hg_ids = ::ForemanOpenscap::Hostgroup::OvalFacet.joins(:hostgroup_oval_facet_oval_policies).where(conditions).pluck(:hostgroup_id)
+        { :conditions => ::Hostgroup.arel_table[:id].in(hg_ids).to_sql }
+      end
+    end
   end
 end

data/app/models/foreman_openscap/oval_content.rb

@@ -5,6 +5,8 @@ module ForemanOpenscap
     include Taxonomix
     include ScapFileContent
 
+    before_destroy ActiveRecord::Base::EnsureNotUsedBy.new(:oval_policies)
+
     scoped_search :on => :name, :complete_value => true
 
     has_many :oval_policies

data/app/services/foreman_openscap/client_config/base.rb

@@ -38,6 +38,7 @@ module ForemanOpenscap
       end
 
       def find_config_item(scope = config_item_class_name.constantize)
+        return unless scope
         return scope.find_by :name => config_item_name if scope.respond_to?(:find_by)
         # all_puppetclasses, all_ansible_roles methods return Array, not ActiveRecord::Relation
         scope.find { |item| item.name == config_item_name }

data/app/services/foreman_openscap/client_config/puppet.rb

@@ -10,7 +10,7 @@ module ForemanOpenscap
       end
 
       def available?
-        defined?(Puppetclass)
+        defined?(ForemanPuppet)
       end
 
       def inline_help
@@ -21,13 +21,17 @@ module ForemanOpenscap
         }
       end
 
+      def collection_method
+        :puppetclasses
+      end
+
       def constants
         OpenStruct.new(
           :server_param => 'server',
           :port_param => 'port',
           :policies_param => 'policies',
           :puppetclass_name => 'foreman_scap_client',
-          :config_item_class_name => 'Puppetclass',
+          :config_item_class_name => 'ForemanPuppet::Puppetclass',
           :override_method_name => 'class_params',
           :msg_name => _('Puppet class'),
           :lookup_key_plural_name => _('Smart Class Parameters'),

data/app/services/foreman_openscap/oval/configure.rb

@@ -58,7 +58,7 @@ module ForemanOpenscap
           memo.add_check(
             SetupCheck.new(
               :title => (_("Was %s configured successfully?") % item.class.name),
-              :fail_msg => ->(_) { _("Assign openscap_proxy to %s before proceeding.") % item.name }
+              :fail_msg => (_("Assign openscap_proxy to %s before proceeding.") % item.name)
             ).fail!
           )
         end

data/app/services/foreman_openscap/oval/setup.rb

@@ -59,12 +59,12 @@ module ForemanOpenscap
           {
             :id => :foreman_ansible_present,
             :title => _("Is foreman_ansible present?"),
-            :fail_msg => ->(hash) { _("foreman_ansible plugin not found, please install it before running this action again.") }
+            :fail_msg => _("foreman_ansible plugin not found, please install it before running this action again.")
           },
           {
             :id => :foreman_scap_client_role_present,
             :title => _("Is theforeman.foreman_scap_client present?"),
-            :fail_msg => ->(hash) { @config.ansible_role_missing_msg }
+            :fail_msg => @config.ansible_role_missing_msg
           },
           {
             :id => :foreman_scap_client_vars_present,
@@ -74,17 +74,17 @@ module ForemanOpenscap
           {
             :id => :foreman_scap_client_server_overriden,
             :title => _("Is %s param set to be overriden?") % @config.server_param,
-            :fail_msg => ->(hash) { override_msg }
+            :fail_msg => override_msg
           },
           {
             :id => :foreman_scap_client_port_overriden,
             :title => _("Is %s param set to be overriden?") % @config.port_param,
-            :fail_msg => ->(hash) { override_msg }
+            :fail_msg => override_msg
           },
           {
             :id => :foreman_scap_client_policies_overriden,
             :title => _("Is %s param set to be overriden?") % @config.policies_param,
-            :fail_msg => ->(hash) { override_msg }
+            :fail_msg => override_msg
           }
         ]
       end

data/app/services/foreman_openscap/oval/setup_check.rb

@@ -1,7 +1,7 @@
 module ForemanOpenscap
   module Oval
     class SetupCheck
-      attr_reader :result, :id
+      attr_reader :result, :id, :errors
 
       def initialize(hash)
         @id = hash[:id]
@@ -17,6 +17,7 @@ module ForemanOpenscap
       end
 
       def fail!
+        raise 'Cannot fail a check that expects fail message data, use fail_with! method instead' if @fail_msg.respond_to?(:call) && @fail_msg_data.empty?
         @result = :fail
         self
       end
@@ -39,7 +40,9 @@ module ForemanOpenscap
       end
 
       def fail_msg
-        @fail_msg.call @fail_msg_data if @fail_msg
+        return unless failed?
+        return @fail_msg.call(@fail_msg_data) if @fail_msg.respond_to?(:call) && @fail_msg_data
+        @fail_msg
       end
 
       def to_h

data/app/views/api/v2/compliance/oval_contents/destroy.json.rabl

@@ -0,0 +1,3 @@
+object @oval_content
+
+extends "api/v2/compliance/oval_contents/base"

data/app/views/arf_reports/_metrics.html.erb

@@ -4,15 +4,15 @@
   <div class="col-md-5 scap-breakdown-chart-col">
     <div class="stats-well">
       <h4 class="ca" ><%= _('Report Metrics') %></h4>
-      <div id="arf-report-breakdown-chart" class="scap-breakdown-chart"></div>
-      <%= mount_react_component('DonutChart', "#arf-report-breakdown-chart", donut_breakdown_chart_data(metrics)) %>
+      <div class="scap-breakdown-chart">
+        <%= react_component('DonutChart', :data => donut_breakdown_chart_data(metrics)) %>
+      </div>
     </div>
   </div>
   <div class="col-md-5 arf-report-rule-chart-col">
     <div class="stats-well">
       <h4 class="ca" ><%= _('Report Status') %></h4>
-      <div id="arf-report-rule-chart"></div>
-      <%= mount_react_component('BarChart', "#arf-report-rule-chart", arf_report_status_chart_data(status), :flatten_data => true) %>
+      <%= react_component('BarChart', arf_report_status_chart_data(status)) %>
     </div>
   </div>
   <div class="col-md-2">

data/app/views/compliance_hosts/show.html.erb

@@ -17,18 +17,16 @@
                                                         hash_for_arf_report_path(:id => data.latest_report.id)
                                                           .merge(:auth_object => data.latest_report)) %></h4>
         <% report = data.report %>
-        <% id = "host-policy-breakdown-chart-#{policy.id}" %>
-        <div id="<%= id %>" class="scap-breakdown-chart"></div>
-        <%= mount_react_component('DonutChart', "##{id}", donut_breakdown_chart_data(report)) %>
+        <div class="scap-breakdown-chart">
+          <%= react_component('DonutChart', :data => donut_breakdown_chart_data(report)) %>
+        </div>
       </div>
     </div>
 
     <div class="col-md-8">
       <div class="stats-well">
         <h4 class="ca"><%= _("%s reports over time") % policy %></h4>
-        <% reports_graph_id = "arf-reports-over-time-#{policy.id}" %>
-        <div id="<%= reports_graph_id %>"></div>
-        <%= mount_react_component('LineChart', "##{reports_graph_id}", host_arf_reports_chart_data(policy.id), :flatten_data => true) %>
+        <%= react_component('LineChart', host_arf_reports_chart_data(policy.id)) %>
       </div>
     </div>
     <% else %>

data/app/views/dashboard/_compliance_reports_breakdown_widget.html.erb

@@ -1,4 +1,5 @@
 <h4 class="header ca"><%= _('Compliance Reports Breakdown') %></h4>
-<div id="compliance-reports-breakdown" class="host-configuration-chart"/>
-<% report = ForemanOpenscap::ReportDashboard::Data.new().report %>
-<%= mount_react_component('DonutChart', "#compliance-reports-breakdown", donut_breakdown_chart_data(report)) %>
+<div class="host-configuration-chart">
+  <% report = ForemanOpenscap::ReportDashboard::Data.new().report %>
+  <%= react_component('DonutChart', :data => donut_breakdown_chart_data(report)) %>
+</div>

data/app/views/policy_dashboard/_policy_chart_widget.html.erb

@@ -2,6 +2,7 @@
 
 <div id='status-chart'>
   <h4 class="header ca"><%= _('Host Breakdown Chart') %></h4>
-  <div id="policy-breakdown-chart" class="scap-breakdown-chart"></div>
-  <%= mount_react_component('DonutChart', "#policy-breakdown-chart", policy_breakdown_chart_data(@report)) %>
+  <div class="scap-breakdown-chart">
+    <%= react_component('DonutChart', :data => policy_breakdown_chart_data(@report)) %>
+  </div>
 </div>

data/db/migrate/20200117135424_migrate_port_overrides_to_int.rb

@@ -10,7 +10,8 @@ class MigratePortOverridesToInt < ActiveRecord::Migration[5.2]
   private
 
   def transform_lookup_values(method)
-    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
+    return unless defined?(ForemanPuppet)
+    puppet_class = ::ForemanPuppet::Puppetclass.find_by :name => 'foreman_scap_client'
     return unless puppet_class
     port_key = puppet_class.class_params.find_by :key => 'port'
     return unless port_key

data/db/migrate/20201202110213_update_puppet_port_param_type.rb

@@ -10,7 +10,8 @@ class UpdatePuppetPortParamType < ActiveRecord::Migration[6.0]
   private
 
   def update_port_type(method)
-    puppet_class = Puppetclass.find_by :name => 'foreman_scap_client'
+    return unless defined?(ForemanPuppet)
+    puppet_class = ::ForemanPuppet::Puppetclass.find_by :name => 'foreman_scap_client'
     return unless puppet_class
     port_key = puppet_class.class_params.find_by :key => 'port'
     return unless port_key

data/db/migrate/20210819143316_drop_unused_tables.rb

@@ -0,0 +1,6 @@
+class DropUnusedTables < ActiveRecord::Migration[6.0]
+  def up
+    drop_table :foreman_openscap_arf_reports
+    drop_table :foreman_openscap_arf_report_raws
+  end
+end

data/lib/foreman_openscap/engine.rb

@@ -219,16 +219,14 @@ module ForemanOpenscap
         register_global_js_file 'global'
 
         register_graphql_query_field :oval_contents, '::Types::OvalContent', :collection_field
+        register_graphql_query_field :oval_content, '::Types::OvalContent', :record_field
         register_graphql_query_field :oval_policies, '::Types::OvalPolicy', :collection_field
         register_graphql_query_field :oval_policy, '::Types::OvalPolicy', :record_field
         register_graphql_query_field :cves, '::Types::Cve', :collection_field
 
-        # move to core
-        extend_graphql_type type: ::Types::Hostgroup do
-          field :descendants, Types::Hostgroup.connection_type, null: true, resolve: (proc do |object|
-            RecordLoader.for(model_class).load_many(object.descendant_ids)
-          end)
-        end
+        register_graphql_mutation_field :delete_oval_policy, ::Mutations::OvalPolicies::Delete
+        register_graphql_mutation_field :delete_oval_content, ::Mutations::OvalContents::Delete
+        register_graphql_mutation_field :update_oval_policy, ::Mutations::OvalPolicies::Update
 
         register_facet ForemanOpenscap::Host::OvalFacet, :oval_facet do
           configure_host do
@@ -283,7 +281,7 @@ module ForemanOpenscap
 
         if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
           options[:host_action_button] = true
-          oval_options[:host_action_button] = Setting[:lab_features]
+          oval_options[:host_action_button] = (!::Foreman.in_rake? && ActiveRecord::Base.connection.table_exists?(:settings)) ? (Setting.find_by(:name => 'lab_features')&.value || false) : false
         end
 
         RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)

data/lib/foreman_openscap/version.rb

@@ -1,3 +1,3 @@
 module ForemanOpenscap
-  VERSION = "4.3.1".freeze
+  VERSION = "5.1.0".freeze
 end

data/package.json

@@ -24,23 +24,20 @@
     "@theforeman/vendor": ">= 4.13.2"
   },
   "devDependencies": {
-    "@apollo/react-testing": "^4.0.0",
     "@babel/core": "^7.7.0",
-    "@testing-library/dom": "^7.30.4",
+    "@testing-library/dom": "^8.9.1",
     "@testing-library/jest-dom": "^5.11.9",
-    "@testing-library/react": "^11.2.5",
-    "@testing-library/user-event": "^13.1.2",
+    "@testing-library/user-event": "^13.2.1",
     "@theforeman/builder": "^8.4.1",
     "@theforeman/eslint-plugin-foreman": "8.4.1",
     "@theforeman/find-foreman": "^8.4.1",
     "@theforeman/stories": "^8.4.1",
-    "@theforeman/test": "^8.4.1",
+    "@theforeman/test": "^8.9.0",
     "@theforeman/vendor-dev": "^8.4.1",
     "babel-eslint": "^10.0.3",
     "eslint": "^6.7.2",
     "jed": "^1.1.1",
     "jest-svg-transformer": "^1.0.0",
-    "jest-transform-graphql": "^2.1.0",
     "prettier": "^1.13.5",
     "stylelint": "^9.3.0",
     "stylelint-config-standard": "^18.0.0"

data/test/functional/api/v2/compliance/oval_reports_controller_test.rb

@@ -20,7 +20,7 @@ class Api::V2::Compliance::OvalReportsControllerTest < ActionController::TestCas
 
   test 'should show host errors on CVEs upload' do
     proxy = FactoryBot.create(:smart_proxy)
-    host = FactoryBot.create(:host, :puppet_proxy => proxy, :environment => FactoryBot.create(:environment))
+    host = FactoryBot.create(:host, :puppet_proxy => proxy)
     SmartProxy.any_instance.stubs(:smart_proxy_features).returns([])
     post :create, :params => @params.merge(:cname => host.name), :session => set_session_user
 

data/test/functional/api/v2/compliance/policies_controller_test.rb

@@ -40,6 +40,7 @@ class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
   end
 
   test "should get index and show hostgroups" do
+    skip unless puppet_available?
     ForemanOpenscap::Policy.any_instance.stubs(:find_scap_puppetclass).returns(FactoryBot.create(:puppetclass, :name => 'foreman_scap_client'))
     ForemanOpenscap::Policy.any_instance.stubs(:populate_overrides)
     hostgroup = FactoryBot.create(:hostgroup)
@@ -61,6 +62,7 @@ class Api::V2::Compliance::PoliciesControllerTest < ActionController::TestCase
   end
 
   test "should show a policy hosts and hostgroups" do
+    skip unless puppet_available?
     ForemanOpenscap::Policy.any_instance.stubs(:find_scap_puppetclass).returns(FactoryBot.create(:puppetclass, :name => 'foreman_scap_client'))
     ForemanOpenscap::Policy.any_instance.stubs(:populate_overrides)
     hostgroup = FactoryBot.create(:hostgroup)

data/test/graphql/mutations/oval_policies/delete_mutation_test.rb

@@ -0,0 +1,63 @@
+require 'test_plugin_helper'
+
+module Mutations
+  module OvalPolicies
+    class DeleteMutationTest < ActiveSupport::TestCase
+      let(:policy) { FactoryBot.create(:oval_policy, :oval_content => FactoryBot.create(:oval_content)) }
+      let(:policy_id) { Foreman::GlobalId.for(policy) }
+      let(:variables) do
+        {
+          id: policy_id,
+        }
+      end
+      let(:query) do
+        <<-GRAPHQL
+        mutation DeleteOvalPolicyMutation($id:ID!){
+          deleteOvalPolicy(input:{id:$id}) {
+            id
+            errors {
+              message
+              path
+            }
+          }
+        }
+        GRAPHQL
+      end
+
+      context 'with admin user' do
+        let(:user) { FactoryBot.create(:user, :admin) }
+
+        test 'should delete oval policy' do
+          context = { current_user: user }
+
+          policy
+
+          assert_difference('::ForemanOpenscap::OvalPolicy.count', -1) do
+            result = ForemanGraphqlSchema.execute(query, variables: variables, context: context)
+            assert_empty result['errors']
+            assert_empty result['data']['deleteOvalPolicy']['errors']
+            assert_equal policy_id, result['data']['deleteOvalPolicy']['id']
+          end
+          assert_equal user.id, Audit.last.user_id
+        end
+      end
+
+      context 'with user with view permissions' do
+        setup do
+          policy
+          @user = setup_user 'view', 'oval_policies'
+        end
+
+        test 'should not delete oval policy' do
+          context = { current_user: @user }
+
+          assert_difference('ForemanOpenscap::OvalPolicy.count', 0) do
+            result = ForemanGraphqlSchema.execute(query, variables: variables, context: context)
+            assert_not_empty result['errors']
+            assert_includes result['errors'].map { |error| error['message'] }.to_sentence, 'Unauthorized.'
+          end
+        end
+      end
+    end
+  end
+end

data/test/graphql/queries/oval_content_query_test.rb

@@ -0,0 +1,29 @@
+require 'test_plugin_helper'
+
+module Queries
+  class OvalContentQueryTest < GraphQLQueryTestCase
+    let(:query) do
+      <<-GRAPHQL
+        query($id:String!) {
+          ovalContent(id: $id) {
+            id
+            name
+            originalFilename
+            url
+          }
+        }
+      GRAPHQL
+    end
+
+    let(:oval_content) { FactoryBot.create(:oval_content) }
+
+    let(:global_id) { Foreman::GlobalId.for(oval_content) }
+    let(:variables) { { id: global_id } }
+    let(:data) { result['data']['ovalContent'] }
+
+    test 'should return OVAL Content' do
+      assert_equal global_id, data['id']
+      assert_equal oval_content.name, data['name']
+    end
+  end
+end