foreman_rh_cloud 11.4.2 → 11.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aee9954c5e119c527132dcbe1325928f7fce1902da38f0116497e97b8addd6d1
-  data.tar.gz: 36a38ad9e923bb9c7aa4e4cfd587946ea2a4c16a5a85a7a005c276b35d6ba77a
+  metadata.gz: a69803d7adc37a51cb851a218a60b2150a56503eccece90e30b688f1ec8a1ae6
+  data.tar.gz: 1d79759ed6f0095579f485ead899d8708f151920f9c33e979797672ab78b1585
 SHA512:
-  metadata.gz: 05ef9f3e97082434f41d44be69d4d965acc3e2429416b2aaf931b7c140dfcbc3f9dd277f9d2d5157bad8b5f088d4f5dcf8a3565ae766b6b981ecccaf949c26a9
-  data.tar.gz: 74ffc33f7cdddaf3e67099a7b8102b3b7ebc99672183fd442bc4a8d01f14139eb04b6e10fa8d3cd928ab0b008f2b473e46687e384e7a55f0927d30ec62f48646
+  metadata.gz: a6b24e9d002cebdbfd00e74d08fbb04cfe8b413648d9e0ec3b60c1eb2222b652dbe14e5379cd5fbf9927b707144d7b4d61204ee490397cae187189012a153d67
+  data.tar.gz: d63ecaa47ba66a4078b15367092840a44f219f1e99a5cb619bbc7fe7fe3f40569ac8068de89b98c08e2b1f7f4e0ff98502ce8b5a473b635367d80a1f077959e4

data/README.md

@@ -15,7 +15,7 @@ for how to install Foreman plugins
 
 #### Inventory upload
 
-In UI: Configure -> Inventory Upload -> Generate and upload report 
+In UI: Insights -> Inventory Upload -> select the organization -> Generate and upload report
 
 From command-line:
 
@@ -38,7 +38,7 @@ From command-line:
 
 #### Fetch hosts remediation data
 
-In UI: Configure -> Insights -> Sync now
+In UI: Insights -> Recommendations -> Sync recommendations (under the vertical ellipsis)
 
 From command-line:
 
@@ -46,7 +46,7 @@ From command-line:
 
 #### Synchronize inventory status
 
-In UI: Configure -> Inventory Upload -> Sync all inventory status
+In UI: Insights -> Inventory Upload -> Sync all inventory status
 
 From command-line:
 

data/app/controllers/insights_cloud/api/machine_telemetries_controller.rb

@@ -18,35 +18,39 @@ module InsightsCloud::Api
       certs = candlepin_id_cert @organization
       begin
         @cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, certs)
-      rescue RestClient::Exception => e
-        logger.info("Forwarding request failed with exception: #{e}")
-        return render json: { error: e }, status: :bad_gateway
-      rescue RestClient::Timeout => e
-        logger.info("Forwarding request failed with timeout: #{e}")
-        return render json: { error: e }, status: :gateway_timeout
-      end
-
-      return render json: { message: @cloud_response.to_s }, status: :gateway_timeout if @cloud_response.is_a?(RestClient::Exceptions::OpenTimeout)
+      rescue RestClient::Exceptions::Timeout => e
+        response_obj = e.response.presence || e.exception
+        return render json: { message: response_obj.to_s, error: response_obj.to_s }, status: :gateway_timeout
+      rescue RestClient::Unauthorized => e
+        logger.info("Forwarding request auth error: #{e}")
+        message = 'Authentication to the Insights Service failed.'
+        return render json: { message: message, error: message }, status: :unauthorized
+      rescue RestClient::NotModified => e
+        logger.info("Forwarding request not modified: #{e}")
+        message = 'Cloud request not modified'
+        return render json: { message: message, error: message }, status: :not_modified
+      rescue RestClient::ExceptionWithResponse => e
+        response_obj = e.response.presence || e.exception
+        code = response_obj.try(:code) || response_obj.try(:http_code) || 500
+        message = 'Cloud request failed'
 
-      if @cloud_response.code == 401
         return render json: {
-          :message => 'Authentication to the Insights Service failed.',
+          :message => message,
+          :error => response_obj.to_s,
           :headers => {},
-        }, status: :bad_gateway
-      end
-
-      if @cloud_response.code >= 300
-        return render json: {
-          :message => 'Cloud request failed',
-          :headers => {},
-          :response => @cloud_response,
-        }, status: @cloud_response.code
+          :response => response_obj,
+        }, status: code
+      rescue StandardError => e
+        # Catch any other exceptions here, such as Errno::ECONNREFUSED
+        logger.info("Cloud request failed with exception: #{e}")
+        return render json: { error: e }, status: :bad_gateway
       end
 
       # Append redhat-specific headers
       @cloud_response.headers.each do |key, value|
         assign_header(response, @cloud_response, key, false) if key.to_s.start_with?('x_rh_')
       end
+
       # Append general headers
       assign_header(response, @cloud_response, :x_resource_count, true)
       headers[Rack::ETAG] = @cloud_response.headers[:etag]
@@ -56,8 +60,8 @@ module InsightsCloud::Api
         # content type
         send_data @cloud_response, disposition: @cloud_response.headers[:content_disposition], type: @cloud_response.headers[:content_type]
       elsif @cloud_response.headers[:content_type] =~ /zip/
-        # if there is no Content-Disposition, but the content type is binary according the content type,
-        # forward the request as binry too
+        # If there is no Content-Disposition, but the content type is binary according to Content-Type, send the raw data
+        # with proper content type
         send_data @cloud_response, type: @cloud_response.headers[:content_type]
       else
         render json: @cloud_response, status: @cloud_response.code

data/app/services/foreman_rh_cloud/cloud_request.rb

@@ -17,8 +17,14 @@ module ForemanRhCloud
       logger.debug("Response headers for request url #{final_params[:url]} are: #{response.headers}")
 
       response
-    rescue RestClient::Exception => ex
-      logger.debug("Failed response with code #{ex.http_code} headers for request url #{final_params[:url]} are: #{ex.http_headers} and body: #{ex.http_body}")
+    rescue RestClient::Exceptions::Timeout => ex
+      logger.debug("Timeout exception raised for request url #{final_params[:url]}: #{ex}")
+      raise ex
+    rescue RestClient::ExceptionWithResponse => ex
+      logger.debug("Response headers for request url #{final_params[:url]} with status code #{ex.http_code} are: #{ex.http_headers} and body: #{ex.http_body}")
+      raise ex
+    rescue StandardError => ex
+      logger.debug("Exception raised for request url #{final_params[:url]}: #{ex}")
       raise ex
     end
   end

data/app/services/foreman_rh_cloud/cloud_request_forwarder.rb

@@ -17,8 +17,6 @@ module ForemanRhCloud
       logger.debug("Sending request to: #{request_opts[:url]}")
 
       execute_cloud_request(request_opts)
-    rescue RestClient::ExceptionWithResponse => error_response
-      error_response.response.presence || error_response.exception
     end
 
     def prepare_request_opts(original_request, forward_payload, forward_params, certs)

data/lib/foreman_inventory_upload/generators/fact_helpers.rb

@@ -57,17 +57,39 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_hostname?(host)
+        # Returns true if hostname obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for hostname obfuscation.
+        return true if Setting[:obfuscate_inventory_hostnames]
+
         insights_client_setting = fact_value(host, 'insights_client::obfuscate_hostname_enabled')
         insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
 
-        Setting[:obfuscate_inventory_hostnames]
+        # 2. host fact reported by insights_client
+        # 3. if neither of the above, don't obfuscate.
+        insights_client_setting.nil? ? false : insights_client_setting
       end
 
       def fqdn(host)
-        return host.fqdn unless obfuscate_hostname?(host)
-
-        fact_value(host, 'insights_client::hostname') || obfuscate_fqdn(host.fqdn)
+        if obfuscate_hostname?(host)
+          # If obfuscation is enabled, attempt to retrieve an already obfuscated hostname
+          # from the 'insights_client::obfuscated_hostname' fact.
+          # Example format of `parsed_insights_array`:
+          # [{"original"=>"host.example.com", "obfuscated"=>"0dd449d0a027.example.com"},
+          #  {"original"=>"satellite.example.com", "obfuscated"=>"host2.example.com"}]
+          begin
+            parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_hostname') || '[]')
+          rescue JSON::ParserError
+            parsed_insights_array = []
+          end
+          # Obfuscate using the following hierarchy:
+          # 1. the obfuscated_hostname fact sent by insights_client
+          parsed_insights_item = parsed_insights_array.find { |item| item['original'] == host.fqdn }
+          # 2. our own helper method
+          parsed_insights_item&.[]('obfuscated') || obfuscate_fqdn(host.fqdn)
+        else
+          # If hostname obfuscation is not enabled for this host, return the host's original FQDN.
+          host.fqdn
+        end
       end
 
       def obfuscate_fqdn(fqdn)
@@ -75,35 +97,65 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_ips?(host)
-        insights_client_setting = fact_value(host, 'insights_client::obfuscate_ip_enabled')
-        insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
+        # Returns true if IP obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for IP obfuscation.
+        return true if Setting[:obfuscate_inventory_ips]
 
-        Setting[:obfuscate_inventory_ips]
+        insights_client_ipv4_setting = fact_value(host, 'insights_client::obfuscate_ipv4_enabled')
+        insights_client_ipv6_setting = fact_value(host, 'insights_client::obfuscate_ipv6_enabled')
+
+        cast_ipv4_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv4_setting)
+        cast_ipv6_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv6_setting)
+
+        # 2. The host's IPv4 or IPv6 obfuscation fact value is true
+        # 3. If neither of the above, don't obfuscate.
+        cast_ipv4_setting || cast_ipv6_setting || false
       end
 
       def host_ips(host)
+        # Determines and returns the IP addresses associated with a host, applying obfuscation if enabled.
+
+        # If IP obfuscation is enabled for the host return a representation of obfuscated IP addresses.
         return obfuscated_ips(host) if obfuscate_ips?(host)
 
-        # return a pass through proxy hash in case no obfuscation needed
+        # If IP obfuscation is NOT needed, return a special kind of Hash.
+        # where when you try to access a key in it
+        # if the key doesn't exist, it simply returns the key itself.
+        # This is useful because it means if you try to get an IP from this hash,
+        # you'll just get the original IP back. It allows the calling code to
+        # use the same interface whether obfuscation is applied or not.
         Hash.new { |h, k| k }
       end
 
       def obfuscated_ips(host)
-        insights_client_ips = JSON.parse(fact_value(host, 'insights_client::ips') || '[]')
+        # Example format of `parsed_insights_array`:
+        # [{"original": "192.168.1.10", "obfuscated": "10.230.230.1"},
+        #  {"original": "192.168.1.11", "obfuscated": "10.230.230.2"}]
+        begin
+          parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_ipv4') || '[]')
+        rescue JSON::ParserError
+          parsed_insights_array = []
+        end
 
+        # Create a new Hash to store the mapping from original IP addresses to their obfuscated versions.
+        # where the 'original' IP is the key and the 'obfuscated' IP is the value.
         obfuscated_ips = Hash[
-          insights_client_ips.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
+          parsed_insights_array.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
         ]
 
+        # Sets a default proc for the obfuscated_ips hash.
+        # When a key is accessed that does not exist in the hash, this proc is called.
+        # It assigns the result of obfuscate_ip(key, hash) to the missing key in the hash.
+        # This ensures that any missing IP address key will be obfuscated and stored automatically.
         obfuscated_ips.default_proc = proc do |hash, key|
           hash[key] = obfuscate_ip(key, hash)
         end
-
         obfuscated_ips
       end
 
       def obfuscate_ip(ip, ips_dict)
+        # Produce a new, unique obfuscated IP that is
+        # numerically one greater than the highest existing obfuscated IP
         max_obfuscated = ips_dict.values.map { |v| IPAddr.new(v).to_i }.max || IPAddr.new('10.230.230.0').to_i
 
         IPAddr.new(max_obfuscated + 1, Socket::AF_INET).to_s

data/lib/foreman_inventory_upload/generators/queries.rb

@@ -24,9 +24,11 @@ module ForemanInventoryUpload
               'dmi::system::product_name',
               'dmi::chassis::asset_tag',
               'insights_client::obfuscate_hostname_enabled',
-              'insights_client::obfuscate_ip_enabled',
-              'insights_client::hostname',
-              'insights_client::ips',
+              'insights_client::obfuscate_ipv4_enabled',
+              'insights_client::obfuscate_ipv6_enabled',
+              'insights_client::obfuscated_ipv4',
+              'insights_client::obfuscated_ipv6',
+              'insights_client::obfuscated_hostname',
               'insights_id',
               'conversions::activity',
               'conversions::packages::0::nevra',

data/lib/foreman_inventory_upload/generators/slice.rb

@@ -149,7 +149,6 @@ module ForemanInventoryUpload
         ) { |v| os_release_value(*v) }
         @stream.simple_field('os_kernel_version', fact_value(host, 'uname::release'))
         @stream.simple_field('arch', host.architecture&.name)
-        @stream.simple_field('katello_agent_running', false)
         @stream.simple_field(
           'infrastructure_type',
           ActiveModel::Type::Boolean.new.cast(fact_value(host, 'virt::is_guest')) ? 'virtual' : 'physical'

data/lib/foreman_rh_cloud/version.rb

@@ -1,3 +1,3 @@
 module ForemanRhCloud
-  VERSION = '11.4.2'.freeze
+  VERSION = '11.4.4'.freeze
 end

data/lib/tasks/hybrid_cloud.rake

@@ -1,64 +1,122 @@
 require 'io/console'
+require 'uri'
 
-namespace :rh_cloud do |args|
-  desc 'Register Satellite Organization with Hybrid Cloud API. \
-        Specify org_id=x replace your organization ID with x. \
-        Specify SATELLITE_RH_CLOUD_URL=https://x with the Hybrid Cloud endpoint you are connecting to.'
+def logger
+  @logger ||= Logger.new(STDOUT)
+end
+
+namespace :rh_cloud do
+  desc 'Register Satellite Organization with Hybrid Cloud API.'
+  # This task registers the Satellite Organization with the Hybrid Cloud API.
+  # It requires the user to input their organization ID, Insights URL, and token.
+  # The task will then send a POST request to the Hybrid Cloud API to register the organization.
+  # The response will be logged, and any errors will be caught and logged as well.
+  # The task will exit with an error message if the organization does not have a manifest imported or if the token is not entered.
+  # The task will also log a warning if the custom URL is not set and the default one is used.
   task hybridcloud_register: [:environment] do
     include ::ForemanRhCloud::CertAuth
     include ::InsightsCloud::CandlepinCache
 
-    def logger
-      @logger ||= Logger.new(STDOUT)
+    # Helper method to get the registrations URL, with a warning for default usage
+    def registrations_url(custom_url)
+      if custom_url.empty?
+        logger.warn("Custom url is not set, using the default one: #{ForemanRhCloud.base_url}")
+        URI.join(ForemanRhCloud.base_url, '/api/identity/certificate/registrations').to_s
+      else
+        URI.join(custom_url, '/api/identity/certificate/registrations').to_s
+      end
     end
 
-    def registrations_url
-      logger.warn("Custom url is not set, using the default one: #{ForemanRhCloud.base_url}") if ENV['SATELLITE_RH_CLOUD_URL'].empty?
-      ForemanRhCloud.base_url + '/api/identity/certificate/registrations'
+    # --- Input Collection ---
+    puts "Paste in your organization ID, this can be retrieved with the command: hammer organization list"
+    loop do
+      input = STDIN.gets.chomp
+      if input.match?(/^\d+$/) # Checks if input consists only of digits
+        @user_org_id = input.to_i
+        break
+      else
+        puts "Invalid input. Please enter a numeric organization ID."
+      end
     end
 
-    if ENV['org_id'].nil?
-      logger.error('ERROR: org_id needs to be specified.')
-      exit(1)
-    end
+    puts "\n" + "-" * 50 + "\n\n"
+    puts 'Paste in your Custom Insights URL. If nothing is entered, the default will be used.'
+    insights_user_input = STDIN.gets.chomp
 
-    @organization = Organization.find_by(id: ENV['org_id'].to_i) # saw this coming in as a string, so making sure it gets passed as an integer.
-    @uid = cp_owner_id(@organization)
-    @hostname = ForemanRhCloud.foreman_host_name
-    logger.error('Organization provided does not have a manifest imported.') + exit(1) if @uid.nil?
+    # --- Data Preparation ---
 
-    puts 'Paste your token, output will be hidden.'
-    @token = STDIN.noecho(&:gets).chomp
-    logger.error('Token was not entered.') + exit(1) if @token.empty?
+    organization = Organization.find_by(id: @user_org_id)
 
-    def headers
-      {
-        Authorization: "Bearer #{@token}",
-      }
+    if organization.nil?
+      logger.error("Organization with ID '#{@user_org_id}' not found.")
+      exit(1)
     end
 
-    def payload
-      {
-        "uid": @uid,
-        "display_name": "#{@hostname}+#{@organization.label}",
-      }
+    uid = cp_owner_id(organization)
+    if uid.nil?
+      logger.error('Organization provided does not have a manifest imported.')
+      exit(1)
     end
 
-    def method
-      :post
+    hostname = ForemanRhCloud.foreman_host_name
+    insights_url = registrations_url(insights_user_input)
+
+    puts "\n" + "-" * 50 + "\n\n"
+    puts 'Paste in your Hybrid Cloud API token, output will be hidden.'
+    puts 'This token can be retrieved from the Hybrid Cloud console.'
+    token = STDIN.noecho(&:gets).chomp
+
+    if token.empty?
+      logger.error('Token was not entered.')
+      exit(1)
     end
 
+    # --- API Request Configuration ---
+
+    headers = {
+      Authorization: "Bearer #{token}",
+    }
+
+    payload = {
+      'uid': uid,
+      "display_name": "#{hostname}+#{organization.label}",
+    }
+
+    # --- Execute Request ---
+
     begin
       response = execute_cloud_request(
-        organization: @organization,
-        method: method,
-        url: registrations_url,
+        organization: organization,
+        method: :post,
+        url: insights_url,
         headers: headers,
         payload: payload.to_json
       )
-      logger.debug(response)
+      logger.debug("Cloud request completed: status=#{response.code}, body_preview=#{response.body&.slice(0, 200)}")
+    # Add a more specific rescue for 401 Unauthorized errors
+    rescue RestClient::Unauthorized => _ex
+      logger.error('Registration failed: Your token is invalid or unauthorized. Please check your token and try again.')
+      # Optionally, you can still log the full debug info if helpful for advanced troubleshooting
+      # logger.debug(ex.backtrace.join("\n"))
+      exit(1)
+    rescue RestClient::ExceptionWithResponse => ex
+      # This catches any RestClient exception that has a response (like 400, 403, 404, 500, etc.)
+      status_code = begin
+        ex.response.code
+      rescue StandardError
+        "unknown"
+      end
+      logger.error("Registration failed with HTTP status #{status_code}: #{ex.message}")
+      logger.debug("Response body (if available): #{ex.response.body}")
+      # logger.debug(ex.backtrace.join("\n"))
+      exit(1)
     rescue StandardError => ex
-      logger.error(ex)
+      # This is the catch-all for any other unexpected errors
+      logger.error("An unexpected error occurred during registration: #{ex.message}")
+      # logger.debug(ex.backtrace.join("\n")) # Log backtrace for more info
+      exit(1)
     end
+
+    logger.info("Satellite Organization '#{organization.label}' (ID: #{@user_org_id}) successfully registered.")
   end
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_rh_cloud",
-  "version": "11.4.2",
+  "version": "11.4.4",
   "description": "Inventory Upload =============",
   "main": "index.js",
   "scripts": {

data/test/controllers/insights_cloud/api/machine_telemetries_controller_test.rb

@@ -98,13 +98,25 @@ module InsightsCloud::Api
         assert_equal net_http_resp[:content_type], @response.headers['Content-Type']
       end
 
+      test "should handle 304 cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 304, "Not Modified")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+
+        ::ForemanRhCloud::CloudRequestForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::NotModified.new(res))
+
+        get :forward_request, params: { "path" => "platform/module-update-router/v1/channel" }
+        assert_equal 304, @response.status
+        assert_equal 'Cloud request not modified', JSON.parse(@response.body)['message']
+      end
+
       test "should handle failed authentication to cloud" do
         net_http_resp = Net::HTTPResponse.new(1.0, 401, "Unauthorized")
         res = RestClient::Response.create(@body, net_http_resp, @http_req)
-        ::ForemanRhCloud::CloudRequestForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        ::ForemanRhCloud::CloudRequestForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::Unauthorized.new(res))
 
         get :forward_request, params: { "path" => "platform/module-update-router/v1/channel" }
-        assert_equal 502, @response.status
+        assert_equal 401, @response.status
         assert_equal 'Authentication to the Insights Service failed.', JSON.parse(@response.body)['message']
       end
 

data/test/unit/fact_helpers_test.rb

@@ -1,4 +1,5 @@
 require 'test_plugin_helper'
+require 'digest'
 
 class FactHelpersTest < ActiveSupport::TestCase
   class FactsHelpersTestStub
@@ -29,7 +30,7 @@ class FactHelpersTest < ActiveSupport::TestCase
 
   test 'obfuscates ips with insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
       '[{"obfuscated": "10.230.230.1", "original": "224.0.0.1"}, {"obfuscated": "10.230.230.255", "original": "224.0.0.251"}]'
     )
 
@@ -41,11 +42,275 @@ class FactHelpersTest < ActiveSupport::TestCase
 
   test 'obfuscates ips without insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(nil)
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
 
     actual = @instance.obfuscated_ips(host)
 
     assert_equal '10.230.230.1', actual['224.0.0.1']
     assert_equal '10.230.230.2', actual['224.0.0.2']
   end
+
+  describe 'obfuscate_hostname?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(true)
+      host = mock('host')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      assert result
+    end
+
+    test 'returns false when global setting is disabled and no host-specific setting' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns(nil)
+
+      result = @instance.obfuscate_hostname?(host)
+
+      refute result
+    end
+
+    test 'returns true when host-specific setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('true')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      assert result
+    end
+
+    test 'returns false when host-specific setting is disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('false')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      refute result
+    end
+  end
+
+  describe 'fqdn' do
+    test 'returns original fqdn when obfuscation is disabled' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(false)
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'test.example.com', result
+    end
+
+    test 'returns obfuscated hostname from insights_client fact when available' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').once
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "test.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'abc123.example.com', result
+    end
+
+    test 'returns dynamically obfuscated hostname when insights_client fact is not available' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(nil)
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+
+    test 'returns dynamically obfuscated hostname when insights_client fact does not contain matching host' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').twice
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "other.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+      @instance.expects(:obfuscate_fqdn).with('test.example.com').returns('dynamically_obfuscated.example.com')
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'dynamically_obfuscated.example.com', result
+    end
+
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('invalid json')
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('[]')
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+  end
+
+  describe 'obfuscate_ips?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(true)
+      host = mock('host')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns false when global setting is disabled and no host-specific settings' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+
+      result = @instance.obfuscate_ips?(host)
+
+      refute result
+    end
+
+    test 'returns true when host-specific IPv4 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns true when host-specific IPv6 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns true when both IPv4 and IPv6 settings are enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns false when both IPv4 and IPv6 settings are disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('false')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('false')
+
+      result = @instance.obfuscate_ips?(host)
+
+      refute result
+    end
+  end
+
+  describe 'obfuscate_ip' do
+    test 'generates first IP when no existing obfuscated IPs' do
+      ips_dict = {}
+
+      result = @instance.obfuscate_ip('192.168.1.1', ips_dict)
+
+      assert_equal '10.230.230.1', result
+    end
+
+    test 'generates next sequential IP when existing obfuscated IPs present' do
+      ips_dict = { '192.168.1.1' => '10.230.230.5', '192.168.1.2' => '10.230.230.10' }
+
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+
+      assert_equal '10.230.230.11', result
+    end
+
+    test 'handles mixed IP ranges correctly' do
+      ips_dict = { '192.168.1.1' => '10.230.230.255', '192.168.1.2' => '10.230.230.1' }
+
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+
+      assert_equal '10.230.231.0', result
+    end
+
+    test 'generates valid IP addresses' do
+      ips_dict = {}
+
+      result = @instance.obfuscate_ip('any.ip.address', ips_dict)
+
+      assert_match(/\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/, result)
+      assert_nothing_raised { IPAddr.new(result) }
+    end
+  end
+
+  describe 'obfuscated_ips' do
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('invalid json')
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('[]')
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+
+    test 'preserves existing obfuscated IPs and generates new ones' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
+        '[{"original": "192.168.1.1", "obfuscated": "10.230.230.5"}]'
+      )
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.5', result['192.168.1.1']
+      assert_equal '10.230.230.6', result['192.168.1.2']
+    end
+
+    test 'default_proc generates unique sequential IPs' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
+
+      result = @instance.obfuscated_ips(host)
+
+      ip1 = result['192.168.1.1']
+      ip2 = result['192.168.1.2']
+      ip3 = result['192.168.1.3']
+
+      assert_equal '10.230.230.1', ip1
+      assert_equal '10.230.230.2', ip2
+      assert_equal '10.230.230.3', ip3
+    end
+  end
 end

data/test/unit/slice_generator_test.rb

@@ -56,9 +56,10 @@ class SliceGeneratorTest < ActiveSupport::TestCase
       'dmi::system::product_name',
       'dmi::chassis::asset_tag',
       'insights_client::obfuscate_hostname_enabled',
+      'insights_client::obfuscated_hostname',
+      'insights_client::obfuscate_ipv4_enabled',
+      'insights_client::obfuscated_ipv4',
       'insights_client::hostname',
-      'insights_client::obfuscate_ip_enabled',
-      'insights_client::ips',
       'insights_id',
     ]
   end
@@ -210,14 +211,38 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
 
-  test 'generates obfuscated ip_address fields with inisghts-client' do
+  test 'does not obfuscate fqdn when insights_client obfuscate_hostname_enabled fact is missing and obfuscate_inventory_hostnames setting is false' do
+    # Create a host and obfuscated_hostname fact, but do NOT create the obfuscate_hostname_enabled fact
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
+    FactoryBot.create(:fact_value,
+      fact_name: fact_names['insights_client::obfuscated_hostname'],
+      value: obfuscated_hostname_value,
+      host: @host)
+    # Do NOT create the 'insights_client::obfuscate_hostname_enabled' fact
+
+    batch = Host.where(id: @host.id).in_batches.first
+    generator = create_generator(batch)
+
+    json_str = generator.render
+    actual = JSON.parse(json_str.join("\n"))
+
+    assert_not_nil(actual_host = actual['hosts'].first)
+    assert_equal @host.fqdn, actual_host['fqdn'], "FQDN should not be obfuscated when obfuscate_hostname_enabled is missing and setting is false"
+    assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
+    assert_not_equal true, actual_facts['is_hostname_obfuscated']
+  end
+
+  test 'generates obfuscated ip_address fields when insights-client facts are present' do
     nic = FactoryBot.build(:nic_managed)
     @host.interfaces << nic
 
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_ip_enabled'], value: 'true', host: @host)
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_ipv4_enabled'], value: 'true', host: @host)
     FactoryBot.create(
       :fact_value,
-      fact_name: fact_names['insights_client::ips'],
+      fact_name: fact_names['insights_client::obfuscated_ipv4'],
       value: "[{\"obfuscated\": \"10.230.230.100\", \"original\": \"#{nic.ip}\"}]",
       host: @host
     )
@@ -240,9 +265,17 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
 
-  test 'obfuscates fqdn when instructed by insights-client' do
+  test 'obfuscates fqdn when insights-client facts are present' do
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+      { 'original' => 'satellite.theforeman.org', 'obfuscated' => 'host2.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
+    FactoryBot.create(:fact_value,
+      fact_name: fact_names['insights_client::obfuscated_hostname'],
+      value: obfuscated_hostname_value,
+      host: @host)
     FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_hostname_enabled'], value: 'true', host: @host)
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: 'obfuscated_name', host: @host)
 
     batch = Host.where(id: @host.id).in_batches.first
     generator = create_generator(batch)
@@ -252,7 +285,7 @@ class SliceGeneratorTest < ActiveSupport::TestCase
 
     assert_equal '00000000-0000-0000-0000-000000000000', actual['report_slice_id']
     assert_not_nil(actual_host = actual['hosts'].first)
-    assert_equal 'obfuscated_name', actual_host['fqdn']
+    assert_equal obfuscated_hostname_data.first['obfuscated'], actual_host['fqdn']
     assert_equal '1234', actual_host['account']
     assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
     assert_equal true, actual_facts['is_hostname_obfuscated']
@@ -279,9 +312,35 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
 
-  test 'does not obfuscate fqdn when insights-client sets to false' do
+  test 'obfuscates host fqdn with insights-client when setting set' do
+    Setting[:obfuscate_inventory_hostnames] = true
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: @host.fqdn, host: @host)
+
+    batch = Host.where(id: @host.id).in_batches.first
+    generator = create_generator(batch)
+
+    json_str = generator.render
+    actual = JSON.parse(json_str.join("\n"))
+
+    obfuscated_fqdn = Digest::SHA1.hexdigest(@host.fqdn) + '.example.com'
+
+    assert_equal '00000000-0000-0000-0000-000000000000', actual['report_slice_id']
+    assert_not_nil(actual_host = actual['hosts'].first)
+    assert_equal obfuscated_fqdn, actual_host['fqdn']
+    assert_equal '1234', actual_host['account']
+    assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
+    assert_equal true, actual_facts['is_hostname_obfuscated']
+    assert_equal 1, generator.hosts_count
+  end
+
+  test 'does not obfuscate fqdn when host fact from insights-client has a value of false' do
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+      { 'original' => 'satellite.theforeman.org', 'obfuscated' => 'host2.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
     FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_hostname_enabled'], value: 'false', host: @host)
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: 'obfuscated_name', host: @host)
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscated_hostname'], value: obfuscated_hostname_value, host: @host)
 
     batch = Host.where(id: @host.id).in_batches.first
     generator = create_generator(batch)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: foreman_rh_cloud
 version: !ruby/object:Gem::Version
-  version: 11.4.2
+  version: 11.4.4
 platform: ruby
 authors:
 - Foreman Red Hat Cloud team
@@ -697,7 +697,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Summary of ForemanRhCloud.
 test_files: