foreman_rh_cloud 11.4.3 → 11.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 541ff74a97d4bb59af8e835360a62fa7a3b346d6bed9c9d656c40349d4868bb9
-  data.tar.gz: ed004b4c72d0da64e92b6a4cf983fd4b77d9fb054fdbd8f192dc1555618c989d
+  metadata.gz: a69803d7adc37a51cb851a218a60b2150a56503eccece90e30b688f1ec8a1ae6
+  data.tar.gz: 1d79759ed6f0095579f485ead899d8708f151920f9c33e979797672ab78b1585
 SHA512:
-  metadata.gz: e7fe51a950deae4b0093048db11ee7eef4695c4d713c3d0861ea46da5ba83ba2a21dbfde9ab7f1bc9727e4e26e366a1ebdcb2d9abc66a3e893373884a3646db6
-  data.tar.gz: 5f94192b51c29e2a11ee8c04913e937a8cfb731363dc783ebeb78c9dcf813aba3ccb72efc9e699475604901ec2ee8381e24ddbaacbe24e1f8558de5843b745c3
+  metadata.gz: a6b24e9d002cebdbfd00e74d08fbb04cfe8b413648d9e0ec3b60c1eb2222b652dbe14e5379cd5fbf9927b707144d7b4d61204ee490397cae187189012a153d67
+  data.tar.gz: d63ecaa47ba66a4078b15367092840a44f219f1e99a5cb619bbc7fe7fe3f40569ac8068de89b98c08e2b1f7f4e0ff98502ce8b5a473b635367d80a1f077959e4

data/README.md

@@ -15,7 +15,7 @@ for how to install Foreman plugins
 
 #### Inventory upload
 
-In UI: Configure -> Inventory Upload -> Generate and upload report 
+In UI: Insights -> Inventory Upload -> select the organization -> Generate and upload report
 
 From command-line:
 
@@ -38,7 +38,7 @@ From command-line:
 
 #### Fetch hosts remediation data
 
-In UI: Configure -> Insights -> Sync now
+In UI: Insights -> Recommendations -> Sync recommendations (under the vertical ellipsis)
 
 From command-line:
 
@@ -46,7 +46,7 @@ From command-line:
 
 #### Synchronize inventory status
 
-In UI: Configure -> Inventory Upload -> Sync all inventory status
+In UI: Insights -> Inventory Upload -> Sync all inventory status
 
 From command-line:
 

data/app/controllers/insights_cloud/api/machine_telemetries_controller.rb

@@ -18,35 +18,39 @@ module InsightsCloud::Api
       certs = candlepin_id_cert @organization
       begin
         @cloud_response = ::ForemanRhCloud::CloudRequestForwarder.new.forward_request(request, controller_name, @branch_id, certs)
-      rescue RestClient::Exception => e
-        logger.info("Forwarding request failed with exception: #{e}")
-        return render json: { error: e }, status: :bad_gateway
-      rescue RestClient::Timeout => e
-        logger.info("Forwarding request failed with timeout: #{e}")
-        return render json: { error: e }, status: :gateway_timeout
-      end
-
-      return render json: { message: @cloud_response.to_s }, status: :gateway_timeout if @cloud_response.is_a?(RestClient::Exceptions::OpenTimeout)
+      rescue RestClient::Exceptions::Timeout => e
+        response_obj = e.response.presence || e.exception
+        return render json: { message: response_obj.to_s, error: response_obj.to_s }, status: :gateway_timeout
+      rescue RestClient::Unauthorized => e
+        logger.info("Forwarding request auth error: #{e}")
+        message = 'Authentication to the Insights Service failed.'
+        return render json: { message: message, error: message }, status: :unauthorized
+      rescue RestClient::NotModified => e
+        logger.info("Forwarding request not modified: #{e}")
+        message = 'Cloud request not modified'
+        return render json: { message: message, error: message }, status: :not_modified
+      rescue RestClient::ExceptionWithResponse => e
+        response_obj = e.response.presence || e.exception
+        code = response_obj.try(:code) || response_obj.try(:http_code) || 500
+        message = 'Cloud request failed'
 
-      if @cloud_response.code == 401
         return render json: {
-          :message => 'Authentication to the Insights Service failed.',
+          :message => message,
+          :error => response_obj.to_s,
           :headers => {},
-        }, status: :bad_gateway
-      end
-
-      if @cloud_response.code >= 300
-        return render json: {
-          :message => 'Cloud request failed',
-          :headers => {},
-          :response => @cloud_response,
-        }, status: @cloud_response.code
+          :response => response_obj,
+        }, status: code
+      rescue StandardError => e
+        # Catch any other exceptions here, such as Errno::ECONNREFUSED
+        logger.info("Cloud request failed with exception: #{e}")
+        return render json: { error: e }, status: :bad_gateway
       end
 
       # Append redhat-specific headers
       @cloud_response.headers.each do |key, value|
         assign_header(response, @cloud_response, key, false) if key.to_s.start_with?('x_rh_')
       end
+
       # Append general headers
       assign_header(response, @cloud_response, :x_resource_count, true)
       headers[Rack::ETAG] = @cloud_response.headers[:etag]
@@ -56,8 +60,8 @@ module InsightsCloud::Api
         # content type
         send_data @cloud_response, disposition: @cloud_response.headers[:content_disposition], type: @cloud_response.headers[:content_type]
       elsif @cloud_response.headers[:content_type] =~ /zip/
-        # if there is no Content-Disposition, but the content type is binary according the content type,
-        # forward the request as binry too
+        # If there is no Content-Disposition, but the content type is binary according to Content-Type, send the raw data
+        # with proper content type
         send_data @cloud_response, type: @cloud_response.headers[:content_type]
       else
         render json: @cloud_response, status: @cloud_response.code

data/app/services/foreman_rh_cloud/cloud_request.rb

@@ -17,8 +17,14 @@ module ForemanRhCloud
       logger.debug("Response headers for request url #{final_params[:url]} are: #{response.headers}")
 
       response
-    rescue RestClient::Exception => ex
-      logger.debug("Failed response with code #{ex.http_code} headers for request url #{final_params[:url]} are: #{ex.http_headers} and body: #{ex.http_body}")
+    rescue RestClient::Exceptions::Timeout => ex
+      logger.debug("Timeout exception raised for request url #{final_params[:url]}: #{ex}")
+      raise ex
+    rescue RestClient::ExceptionWithResponse => ex
+      logger.debug("Response headers for request url #{final_params[:url]} with status code #{ex.http_code} are: #{ex.http_headers} and body: #{ex.http_body}")
+      raise ex
+    rescue StandardError => ex
+      logger.debug("Exception raised for request url #{final_params[:url]}: #{ex}")
       raise ex
     end
   end

data/app/services/foreman_rh_cloud/cloud_request_forwarder.rb

@@ -17,8 +17,6 @@ module ForemanRhCloud
       logger.debug("Sending request to: #{request_opts[:url]}")
 
       execute_cloud_request(request_opts)
-    rescue RestClient::ExceptionWithResponse => error_response
-      error_response.response.presence || error_response.exception
     end
 
     def prepare_request_opts(original_request, forward_payload, forward_params, certs)

data/lib/foreman_inventory_upload/generators/fact_helpers.rb

@@ -57,17 +57,39 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_hostname?(host)
+        # Returns true if hostname obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for hostname obfuscation.
+        return true if Setting[:obfuscate_inventory_hostnames]
+
         insights_client_setting = fact_value(host, 'insights_client::obfuscate_hostname_enabled')
         insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
 
-        Setting[:obfuscate_inventory_hostnames]
+        # 2. host fact reported by insights_client
+        # 3. if neither of the above, don't obfuscate.
+        insights_client_setting.nil? ? false : insights_client_setting
       end
 
       def fqdn(host)
-        return host.fqdn unless obfuscate_hostname?(host)
-
-        fact_value(host, 'insights_client::hostname') || obfuscate_fqdn(host.fqdn)
+        if obfuscate_hostname?(host)
+          # If obfuscation is enabled, attempt to retrieve an already obfuscated hostname
+          # from the 'insights_client::obfuscated_hostname' fact.
+          # Example format of `parsed_insights_array`:
+          # [{"original"=>"host.example.com", "obfuscated"=>"0dd449d0a027.example.com"},
+          #  {"original"=>"satellite.example.com", "obfuscated"=>"host2.example.com"}]
+          begin
+            parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_hostname') || '[]')
+          rescue JSON::ParserError
+            parsed_insights_array = []
+          end
+          # Obfuscate using the following hierarchy:
+          # 1. the obfuscated_hostname fact sent by insights_client
+          parsed_insights_item = parsed_insights_array.find { |item| item['original'] == host.fqdn }
+          # 2. our own helper method
+          parsed_insights_item&.[]('obfuscated') || obfuscate_fqdn(host.fqdn)
+        else
+          # If hostname obfuscation is not enabled for this host, return the host's original FQDN.
+          host.fqdn
+        end
       end
 
       def obfuscate_fqdn(fqdn)
@@ -75,35 +97,65 @@ module ForemanInventoryUpload
       end
 
       def obfuscate_ips?(host)
-        insights_client_setting = fact_value(host, 'insights_client::obfuscate_ip_enabled')
-        insights_client_setting = ActiveModel::Type::Boolean.new.cast(insights_client_setting)
-        return insights_client_setting unless insights_client_setting.nil?
+        # Returns true if IP obfuscation should be applied for a given host, based on hierarchy:
+        # 1. Global setting for IP obfuscation.
+        return true if Setting[:obfuscate_inventory_ips]
 
-        Setting[:obfuscate_inventory_ips]
+        insights_client_ipv4_setting = fact_value(host, 'insights_client::obfuscate_ipv4_enabled')
+        insights_client_ipv6_setting = fact_value(host, 'insights_client::obfuscate_ipv6_enabled')
+
+        cast_ipv4_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv4_setting)
+        cast_ipv6_setting = ActiveModel::Type::Boolean.new.cast(insights_client_ipv6_setting)
+
+        # 2. The host's IPv4 or IPv6 obfuscation fact value is true
+        # 3. If neither of the above, don't obfuscate.
+        cast_ipv4_setting || cast_ipv6_setting || false
       end
 
       def host_ips(host)
+        # Determines and returns the IP addresses associated with a host, applying obfuscation if enabled.
+
+        # If IP obfuscation is enabled for the host return a representation of obfuscated IP addresses.
         return obfuscated_ips(host) if obfuscate_ips?(host)
 
-        # return a pass through proxy hash in case no obfuscation needed
+        # If IP obfuscation is NOT needed, return a special kind of Hash.
+        # where when you try to access a key in it
+        # if the key doesn't exist, it simply returns the key itself.
+        # This is useful because it means if you try to get an IP from this hash,
+        # you'll just get the original IP back. It allows the calling code to
+        # use the same interface whether obfuscation is applied or not.
         Hash.new { |h, k| k }
       end
 
       def obfuscated_ips(host)
-        insights_client_ips = JSON.parse(fact_value(host, 'insights_client::ips') || '[]')
+        # Example format of `parsed_insights_array`:
+        # [{"original": "192.168.1.10", "obfuscated": "10.230.230.1"},
+        #  {"original": "192.168.1.11", "obfuscated": "10.230.230.2"}]
+        begin
+          parsed_insights_array = JSON.parse(fact_value(host, 'insights_client::obfuscated_ipv4') || '[]')
+        rescue JSON::ParserError
+          parsed_insights_array = []
+        end
 
+        # Create a new Hash to store the mapping from original IP addresses to their obfuscated versions.
+        # where the 'original' IP is the key and the 'obfuscated' IP is the value.
         obfuscated_ips = Hash[
-          insights_client_ips.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
+          parsed_insights_array.map { |ip_record| [ip_record['original'], ip_record['obfuscated']] }
         ]
 
+        # Sets a default proc for the obfuscated_ips hash.
+        # When a key is accessed that does not exist in the hash, this proc is called.
+        # It assigns the result of obfuscate_ip(key, hash) to the missing key in the hash.
+        # This ensures that any missing IP address key will be obfuscated and stored automatically.
         obfuscated_ips.default_proc = proc do |hash, key|
           hash[key] = obfuscate_ip(key, hash)
         end
-
         obfuscated_ips
       end
 
       def obfuscate_ip(ip, ips_dict)
+        # Produce a new, unique obfuscated IP that is
+        # numerically one greater than the highest existing obfuscated IP
         max_obfuscated = ips_dict.values.map { |v| IPAddr.new(v).to_i }.max || IPAddr.new('10.230.230.0').to_i
 
         IPAddr.new(max_obfuscated + 1, Socket::AF_INET).to_s

data/lib/foreman_inventory_upload/generators/queries.rb

@@ -24,9 +24,11 @@ module ForemanInventoryUpload
               'dmi::system::product_name',
               'dmi::chassis::asset_tag',
               'insights_client::obfuscate_hostname_enabled',
-              'insights_client::obfuscate_ip_enabled',
-              'insights_client::hostname',
-              'insights_client::ips',
+              'insights_client::obfuscate_ipv4_enabled',
+              'insights_client::obfuscate_ipv6_enabled',
+              'insights_client::obfuscated_ipv4',
+              'insights_client::obfuscated_ipv6',
+              'insights_client::obfuscated_hostname',
               'insights_id',
               'conversions::activity',
               'conversions::packages::0::nevra',

data/lib/foreman_inventory_upload/generators/slice.rb

@@ -149,7 +149,6 @@ module ForemanInventoryUpload
         ) { |v| os_release_value(*v) }
         @stream.simple_field('os_kernel_version', fact_value(host, 'uname::release'))
         @stream.simple_field('arch', host.architecture&.name)
-        @stream.simple_field('katello_agent_running', false)
         @stream.simple_field(
           'infrastructure_type',
           ActiveModel::Type::Boolean.new.cast(fact_value(host, 'virt::is_guest')) ? 'virtual' : 'physical'

data/lib/foreman_rh_cloud/version.rb

@@ -1,3 +1,3 @@
 module ForemanRhCloud
-  VERSION = '11.4.3'.freeze
+  VERSION = '11.4.4'.freeze
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_rh_cloud",
-  "version": "11.4.3",
+  "version": "11.4.4",
   "description": "Inventory Upload =============",
   "main": "index.js",
   "scripts": {

data/test/controllers/insights_cloud/api/machine_telemetries_controller_test.rb

@@ -98,13 +98,25 @@ module InsightsCloud::Api
         assert_equal net_http_resp[:content_type], @response.headers['Content-Type']
       end
 
+      test "should handle 304 cloud" do
+        net_http_resp = Net::HTTPResponse.new(1.0, 304, "Not Modified")
+        res = RestClient::Response.create(@body, net_http_resp, @http_req)
+
+        ::ForemanRhCloud::CloudRequestForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::NotModified.new(res))
+
+        get :forward_request, params: { "path" => "platform/module-update-router/v1/channel" }
+        assert_equal 304, @response.status
+        assert_equal 'Cloud request not modified', JSON.parse(@response.body)['message']
+      end
+
       test "should handle failed authentication to cloud" do
         net_http_resp = Net::HTTPResponse.new(1.0, 401, "Unauthorized")
         res = RestClient::Response.create(@body, net_http_resp, @http_req)
-        ::ForemanRhCloud::CloudRequestForwarder.any_instance.stubs(:forward_request).returns(res)
+
+        ::ForemanRhCloud::CloudRequestForwarder.any_instance.stubs(:execute_cloud_request).raises(RestClient::Unauthorized.new(res))
 
         get :forward_request, params: { "path" => "platform/module-update-router/v1/channel" }
-        assert_equal 502, @response.status
+        assert_equal 401, @response.status
         assert_equal 'Authentication to the Insights Service failed.', JSON.parse(@response.body)['message']
       end
 

data/test/unit/fact_helpers_test.rb

@@ -1,4 +1,5 @@
 require 'test_plugin_helper'
+require 'digest'
 
 class FactHelpersTest < ActiveSupport::TestCase
   class FactsHelpersTestStub
@@ -29,7 +30,7 @@ class FactHelpersTest < ActiveSupport::TestCase
 
   test 'obfuscates ips with insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
       '[{"obfuscated": "10.230.230.1", "original": "224.0.0.1"}, {"obfuscated": "10.230.230.255", "original": "224.0.0.251"}]'
     )
 
@@ -41,11 +42,275 @@ class FactHelpersTest < ActiveSupport::TestCase
 
   test 'obfuscates ips without insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(nil)
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
 
     actual = @instance.obfuscated_ips(host)
 
     assert_equal '10.230.230.1', actual['224.0.0.1']
     assert_equal '10.230.230.2', actual['224.0.0.2']
   end
+
+  describe 'obfuscate_hostname?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(true)
+      host = mock('host')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      assert result
+    end
+
+    test 'returns false when global setting is disabled and no host-specific setting' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns(nil)
+
+      result = @instance.obfuscate_hostname?(host)
+
+      refute result
+    end
+
+    test 'returns true when host-specific setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('true')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      assert result
+    end
+
+    test 'returns false when host-specific setting is disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('false')
+
+      result = @instance.obfuscate_hostname?(host)
+
+      refute result
+    end
+  end
+
+  describe 'fqdn' do
+    test 'returns original fqdn when obfuscation is disabled' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(false)
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'test.example.com', result
+    end
+
+    test 'returns obfuscated hostname from insights_client fact when available' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').once
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "test.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'abc123.example.com', result
+    end
+
+    test 'returns dynamically obfuscated hostname when insights_client fact is not available' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(nil)
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+
+    test 'returns dynamically obfuscated hostname when insights_client fact does not contain matching host' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').twice
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "other.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+      @instance.expects(:obfuscate_fqdn).with('test.example.com').returns('dynamically_obfuscated.example.com')
+
+      result = @instance.fqdn(host)
+
+      assert_equal 'dynamically_obfuscated.example.com', result
+    end
+
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('invalid json')
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('[]')
+
+      result = @instance.fqdn(host)
+
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+  end
+
+  describe 'obfuscate_ips?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(true)
+      host = mock('host')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns false when global setting is disabled and no host-specific settings' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+
+      result = @instance.obfuscate_ips?(host)
+
+      refute result
+    end
+
+    test 'returns true when host-specific IPv4 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns true when host-specific IPv6 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns true when both IPv4 and IPv6 settings are enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+
+      result = @instance.obfuscate_ips?(host)
+
+      assert result
+    end
+
+    test 'returns false when both IPv4 and IPv6 settings are disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('false')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('false')
+
+      result = @instance.obfuscate_ips?(host)
+
+      refute result
+    end
+  end
+
+  describe 'obfuscate_ip' do
+    test 'generates first IP when no existing obfuscated IPs' do
+      ips_dict = {}
+
+      result = @instance.obfuscate_ip('192.168.1.1', ips_dict)
+
+      assert_equal '10.230.230.1', result
+    end
+
+    test 'generates next sequential IP when existing obfuscated IPs present' do
+      ips_dict = { '192.168.1.1' => '10.230.230.5', '192.168.1.2' => '10.230.230.10' }
+
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+
+      assert_equal '10.230.230.11', result
+    end
+
+    test 'handles mixed IP ranges correctly' do
+      ips_dict = { '192.168.1.1' => '10.230.230.255', '192.168.1.2' => '10.230.230.1' }
+
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+
+      assert_equal '10.230.231.0', result
+    end
+
+    test 'generates valid IP addresses' do
+      ips_dict = {}
+
+      result = @instance.obfuscate_ip('any.ip.address', ips_dict)
+
+      assert_match(/\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/, result)
+      assert_nothing_raised { IPAddr.new(result) }
+    end
+  end
+
+  describe 'obfuscated_ips' do
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('invalid json')
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('[]')
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+
+    test 'preserves existing obfuscated IPs and generates new ones' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
+        '[{"original": "192.168.1.1", "obfuscated": "10.230.230.5"}]'
+      )
+
+      result = @instance.obfuscated_ips(host)
+
+      assert_equal '10.230.230.5', result['192.168.1.1']
+      assert_equal '10.230.230.6', result['192.168.1.2']
+    end
+
+    test 'default_proc generates unique sequential IPs' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
+
+      result = @instance.obfuscated_ips(host)
+
+      ip1 = result['192.168.1.1']
+      ip2 = result['192.168.1.2']
+      ip3 = result['192.168.1.3']
+
+      assert_equal '10.230.230.1', ip1
+      assert_equal '10.230.230.2', ip2
+      assert_equal '10.230.230.3', ip3
+    end
+  end
 end

data/test/unit/slice_generator_test.rb

@@ -56,9 +56,10 @@ class SliceGeneratorTest < ActiveSupport::TestCase
       'dmi::system::product_name',
       'dmi::chassis::asset_tag',
       'insights_client::obfuscate_hostname_enabled',
+      'insights_client::obfuscated_hostname',
+      'insights_client::obfuscate_ipv4_enabled',
+      'insights_client::obfuscated_ipv4',
       'insights_client::hostname',
-      'insights_client::obfuscate_ip_enabled',
-      'insights_client::ips',
       'insights_id',
     ]
   end
@@ -210,14 +211,38 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
 
-  test 'generates obfuscated ip_address fields with inisghts-client' do
+  test 'does not obfuscate fqdn when insights_client obfuscate_hostname_enabled fact is missing and obfuscate_inventory_hostnames setting is false' do
+    # Create a host and obfuscated_hostname fact, but do NOT create the obfuscate_hostname_enabled fact
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
+    FactoryBot.create(:fact_value,
+      fact_name: fact_names['insights_client::obfuscated_hostname'],
+      value: obfuscated_hostname_value,
+      host: @host)
+    # Do NOT create the 'insights_client::obfuscate_hostname_enabled' fact
+
+    batch = Host.where(id: @host.id).in_batches.first
+    generator = create_generator(batch)
+
+    json_str = generator.render
+    actual = JSON.parse(json_str.join("\n"))
+
+    assert_not_nil(actual_host = actual['hosts'].first)
+    assert_equal @host.fqdn, actual_host['fqdn'], "FQDN should not be obfuscated when obfuscate_hostname_enabled is missing and setting is false"
+    assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
+    assert_not_equal true, actual_facts['is_hostname_obfuscated']
+  end
+
+  test 'generates obfuscated ip_address fields when insights-client facts are present' do
     nic = FactoryBot.build(:nic_managed)
     @host.interfaces << nic
 
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_ip_enabled'], value: 'true', host: @host)
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_ipv4_enabled'], value: 'true', host: @host)
     FactoryBot.create(
       :fact_value,
-      fact_name: fact_names['insights_client::ips'],
+      fact_name: fact_names['insights_client::obfuscated_ipv4'],
       value: "[{\"obfuscated\": \"10.230.230.100\", \"original\": \"#{nic.ip}\"}]",
       host: @host
     )
@@ -240,9 +265,17 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
 
-  test 'obfuscates fqdn when instructed by insights-client' do
+  test 'obfuscates fqdn when insights-client facts are present' do
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+      { 'original' => 'satellite.theforeman.org', 'obfuscated' => 'host2.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
+    FactoryBot.create(:fact_value,
+      fact_name: fact_names['insights_client::obfuscated_hostname'],
+      value: obfuscated_hostname_value,
+      host: @host)
     FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_hostname_enabled'], value: 'true', host: @host)
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: 'obfuscated_name', host: @host)
 
     batch = Host.where(id: @host.id).in_batches.first
     generator = create_generator(batch)
@@ -252,7 +285,7 @@ class SliceGeneratorTest < ActiveSupport::TestCase
 
     assert_equal '00000000-0000-0000-0000-000000000000', actual['report_slice_id']
     assert_not_nil(actual_host = actual['hosts'].first)
-    assert_equal 'obfuscated_name', actual_host['fqdn']
+    assert_equal obfuscated_hostname_data.first['obfuscated'], actual_host['fqdn']
     assert_equal '1234', actual_host['account']
     assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
     assert_equal true, actual_facts['is_hostname_obfuscated']
@@ -279,9 +312,35 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
 
-  test 'does not obfuscate fqdn when insights-client sets to false' do
+  test 'obfuscates host fqdn with insights-client when setting set' do
+    Setting[:obfuscate_inventory_hostnames] = true
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: @host.fqdn, host: @host)
+
+    batch = Host.where(id: @host.id).in_batches.first
+    generator = create_generator(batch)
+
+    json_str = generator.render
+    actual = JSON.parse(json_str.join("\n"))
+
+    obfuscated_fqdn = Digest::SHA1.hexdigest(@host.fqdn) + '.example.com'
+
+    assert_equal '00000000-0000-0000-0000-000000000000', actual['report_slice_id']
+    assert_not_nil(actual_host = actual['hosts'].first)
+    assert_equal obfuscated_fqdn, actual_host['fqdn']
+    assert_equal '1234', actual_host['account']
+    assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
+    assert_equal true, actual_facts['is_hostname_obfuscated']
+    assert_equal 1, generator.hosts_count
+  end
+
+  test 'does not obfuscate fqdn when host fact from insights-client has a value of false' do
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+      { 'original' => 'satellite.theforeman.org', 'obfuscated' => 'host2.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
     FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_hostname_enabled'], value: 'false', host: @host)
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: 'obfuscated_name', host: @host)
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscated_hostname'], value: obfuscated_hostname_value, host: @host)
 
     batch = Host.where(id: @host.id).in_batches.first
     generator = create_generator(batch)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: foreman_rh_cloud
 version: !ruby/object:Gem::Version
-  version: 11.4.3
+  version: 11.4.4
 platform: ruby
 authors:
 - Foreman Red Hat Cloud team