RubyGems - foreman_rh_cloud - Versions diffs - 12.1.3 → 12.1.5 - Mend

foreman_rh_cloud 12.1.3 → 12.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

data/test/unit/fact_helpers_test.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'test_plugin_helper'
+require 'digest'
 class FactHelpersTest < ActiveSupport::TestCase
   class FactsHelpersTestStub
@@ -29,7 +30,7 @@ class FactHelpersTest < ActiveSupport::TestCase
   test 'obfuscates ips with insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
       '[{"obfuscated": "10.230.230.1", "original": "224.0.0.1"}, {"obfuscated": "10.230.230.255", "original": "224.0.0.251"}]'
     )
@@ -41,11 +42,275 @@ class FactHelpersTest < ActiveSupport::TestCase
   test 'obfuscates ips without insights-client data' do
     host = mock('host')
-    @instance.expects(:fact_value).with(host, 'insights_client::ips').returns(nil)
+    @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
     actual = @instance.obfuscated_ips(host)
     assert_equal '10.230.230.1', actual['224.0.0.1']
     assert_equal '10.230.230.2', actual['224.0.0.2']
   end
+  describe 'obfuscate_hostname?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(true)
+      host = mock('host')
+      result = @instance.obfuscate_hostname?(host)
+      assert result
+    end
+    test 'returns false when global setting is disabled and no host-specific setting' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns(nil)
+      result = @instance.obfuscate_hostname?(host)
+      refute result
+    end
+    test 'returns true when host-specific setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('true')
+      result = @instance.obfuscate_hostname?(host)
+      assert result
+    end
+    test 'returns false when host-specific setting is disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_hostnames).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_hostname_enabled').returns('false')
+      result = @instance.obfuscate_hostname?(host)
+      refute result
+    end
+  end
+  describe 'fqdn' do
+    test 'returns original fqdn when obfuscation is disabled' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(false)
+      result = @instance.fqdn(host)
+      assert_equal 'test.example.com', result
+    end
+    test 'returns obfuscated hostname from insights_client fact when available' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').once
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "test.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+      result = @instance.fqdn(host)
+      assert_equal 'abc123.example.com', result
+    end
+    test 'returns dynamically obfuscated hostname when insights_client fact is not available' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(nil)
+      result = @instance.fqdn(host)
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+    test 'returns dynamically obfuscated hostname when insights_client fact does not contain matching host' do
+      host = mock('host')
+      host.expects(:fqdn).returns('test.example.com').twice
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns(
+        '[{"original": "other.example.com", "obfuscated": "abc123.example.com"}]'
+      )
+      @instance.expects(:obfuscate_fqdn).with('test.example.com').returns('dynamically_obfuscated.example.com')
+      result = @instance.fqdn(host)
+      assert_equal 'dynamically_obfuscated.example.com', result
+    end
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('invalid json')
+      result = @instance.fqdn(host)
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      host.stubs(:fqdn).returns('test.example.com')
+      @instance.expects(:obfuscate_hostname?).with(host).returns(true)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_hostname').returns('[]')
+      result = @instance.fqdn(host)
+      expected = "#{Digest::SHA1.hexdigest('test.example.com')}.example.com"
+      assert_equal expected, result
+    end
+  end
+  describe 'obfuscate_ips?' do
+    test 'returns true when global setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(true)
+      host = mock('host')
+      result = @instance.obfuscate_ips?(host)
+      assert result
+    end
+    test 'returns false when global setting is disabled and no host-specific settings' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+      result = @instance.obfuscate_ips?(host)
+      refute result
+    end
+    test 'returns true when host-specific IPv4 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns(nil)
+      result = @instance.obfuscate_ips?(host)
+      assert result
+    end
+    test 'returns true when host-specific IPv6 setting is enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns(nil)
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+      result = @instance.obfuscate_ips?(host)
+      assert result
+    end
+    test 'returns true when both IPv4 and IPv6 settings are enabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('true')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('true')
+      result = @instance.obfuscate_ips?(host)
+      assert result
+    end
+    test 'returns false when both IPv4 and IPv6 settings are disabled' do
+      Setting.expects(:[]).with(:obfuscate_inventory_ips).returns(false)
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv4_enabled').returns('false')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscate_ipv6_enabled').returns('false')
+      result = @instance.obfuscate_ips?(host)
+      refute result
+    end
+  end
+  describe 'obfuscate_ip' do
+    test 'generates first IP when no existing obfuscated IPs' do
+      ips_dict = {}
+      result = @instance.obfuscate_ip('192.168.1.1', ips_dict)
+      assert_equal '10.230.230.1', result
+    end
+    test 'generates next sequential IP when existing obfuscated IPs present' do
+      ips_dict = { '192.168.1.1' => '10.230.230.5', '192.168.1.2' => '10.230.230.10' }
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+      assert_equal '10.230.230.11', result
+    end
+    test 'handles mixed IP ranges correctly' do
+      ips_dict = { '192.168.1.1' => '10.230.230.255', '192.168.1.2' => '10.230.230.1' }
+      result = @instance.obfuscate_ip('192.168.1.3', ips_dict)
+      assert_equal '10.230.231.0', result
+    end
+    test 'generates valid IP addresses' do
+      ips_dict = {}
+      result = @instance.obfuscate_ip('any.ip.address', ips_dict)
+      assert_match(/\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/, result)
+      assert_nothing_raised { IPAddr.new(result) }
+    end
+  end
+  describe 'obfuscated_ips' do
+    test 'handles invalid JSON in insights_client fact gracefully' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('invalid json')
+      result = @instance.obfuscated_ips(host)
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+    test 'handles empty insights_client fact' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns('[]')
+      result = @instance.obfuscated_ips(host)
+      assert_equal '10.230.230.1', result['192.168.1.1']
+    end
+    test 'preserves existing obfuscated IPs and generates new ones' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(
+        '[{"original": "192.168.1.1", "obfuscated": "10.230.230.5"}]'
+      )
+      result = @instance.obfuscated_ips(host)
+      assert_equal '10.230.230.5', result['192.168.1.1']
+      assert_equal '10.230.230.6', result['192.168.1.2']
+    end
+    test 'default_proc generates unique sequential IPs' do
+      host = mock('host')
+      @instance.expects(:fact_value).with(host, 'insights_client::obfuscated_ipv4').returns(nil)
+      result = @instance.obfuscated_ips(host)
+      ip1 = result['192.168.1.1']
+      ip2 = result['192.168.1.2']
+      ip3 = result['192.168.1.3']
+      assert_equal '10.230.230.1', ip1
+      assert_equal '10.230.230.2', ip2
+      assert_equal '10.230.230.3', ip3
+    end
+  end
 end

data/test/unit/services/foreman_rh_cloud/cloud_request_forwarder_test.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require 'puma/null_io'
 class CloudRequestForwarderTest < ActiveSupport::TestCase
   include MockCerts
+  include KatelloCVEHelper
   setup do
     @forwarder = ::ForemanRhCloud::CloudRequestForwarder.new
@@ -10,6 +11,22 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
     ForemanRhCloud.stubs(:base_url).returns('https://cloud.example.com')
     ForemanRhCloud.stubs(:cert_base_url).returns('https://cert.cloud.example.com')
     ForemanRhCloud.stubs(:legacy_insights_url).returns('https://cert-api.access.example.com')
+    UpstreamOnlySettingsTestHelper.set_if_available('allow_multiple_content_views')
+    env = FactoryBot.create(:katello_k_t_environment)
+    env2 = FactoryBot.create(:katello_k_t_environment, organization: env.organization)
+    @host = FactoryBot.create(
+      :host,
+      :with_subscription,
+      :with_content,
+      :with_hostgroup,
+      :with_parameter,
+      content_view_environments: [make_cve(lifecycle_environment: env), make_cve(lifecycle_environment: env2)],
+      organization: env.organization
+    )
+    @host.subscription_facet.pools << FactoryBot.create(:katello_pool, account_number: '5678', cp_id: 1)
   end
   test 'should prepare correct cloud url' do
@@ -25,7 +42,7 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
     }
     paths.each do |key, value|
-      actual_params = @forwarder.path_params(key, generate_certs_hash)
+      actual_params = @forwarder.path_params(key)
       assert_equal value, actual_params[:url]
     end
   end
@@ -150,7 +167,7 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
       'action_dispatch.request.query_parameters' => params
     )
-    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, generate_certs_hash)
+    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, @host)
     assert_match /foo/, actual[:headers][:user_agent]
     assert_match /bar/, actual[:headers][:user_agent]
@@ -175,7 +192,7 @@ class CloudRequestForwarderTest < ActiveSupport::TestCase
       'action_dispatch.request.query_parameters' => params
     )
-    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, generate_certs_hash)
+    actual = @forwarder.prepare_request_opts(req, 'TEST PAYLOAD', params, @host)
     assert_match /text\/html/, actual[:headers][:content_type]
   end

data/test/unit/services/foreman_rh_cloud/insights_api_forwarder_test.rb ADDED Viewed

@@ -0,0 +1,176 @@
+require 'test_plugin_helper'
+require 'puma/null_io'
+class UIRequestForwarderTest < ActiveSupport::TestCase
+  include MockCerts
+  setup do
+    @forwarder = ::ForemanRhCloud::InsightsApiForwarder.new
+    @user = FactoryBot.build(:user)
+    @organization = FactoryBot.build(:organization)
+    @location = FactoryBot.build(:location)
+    setup_certs_expectation do
+      @forwarder.stubs(:foreman_certificates)
+    end
+    ForemanRhCloud.stubs(:cert_base_url).returns('https://cert.cloud.example.com')
+  end
+  test 'should scope GET requests with proper tags' do
+    user_agent = { :foo => :bar }
+    params = {}
+    req = ActionDispatch::Request.new(
+      'REQUEST_URI' => '/api/vulnerability/v1/cves/abc-123/affected_systems',
+      'REQUEST_METHOD' => 'GET',
+      'HTTP_USER_AGENT' => user_agent,
+      'rack.input' => ::Puma::NullIO.new,
+      'action_dispatch.request.query_parameters' => params
+    )
+    ::ForemanRhCloud::TagsAuth.any_instance.expects(:update_tag)
+    @forwarder.expects(:execute_cloud_request).with do |actual_params|
+      actual = actual_params[:headers][:params]
+      assert_equal "U:\"#{@user.login}\"O:\"#{@organization.name}\"L:\"#{@location.name}\"", tag_value(actual.find { |param| param[0] == :tag && tag_name(param[1]) =~ /#{ForemanRhCloud::TagsAuth::TAG_NAME}/ }[1])
+      true
+    end
+    @forwarder.forward_request(req, '/api/vulnerability/v1/cves/abc-123/affected_systems', 'test_controller', @user, @organization, @location)
+    # This test asserts the parameters that are sent to the execute_cloud_request method.
+    # This is done by setting the expectation before the actual call.
+  end
+  test 'should not scope GET requests for unknown uris' do
+    user_agent = { :foo => :bar }
+    params = {}
+    req = ActionDispatch::Request.new(
+      'REQUEST_URI' => '/api/vulnerability/foo/bar',
+      'REQUEST_METHOD' => 'GET',
+      'HTTP_USER_AGENT' => user_agent,
+      'rack.input' => ::Puma::NullIO.new,
+      'action_dispatch.request.query_parameters' => params
+    )
+    ::ForemanRhCloud::TagsAuth.any_instance.expects(:update_tag).never
+    @forwarder.expects(:execute_cloud_request).with do |actual_params|
+      actual = actual_params[:headers][:params]
+      assert_equal 0, actual.count
+      true
+    end
+    @forwarder.forward_request(req, '/api/vulnerability/foo/bar', 'test_controller', @user, @organization, @location)
+    # This test asserts the parameters that are sent to the execute_cloud_request method.
+    # This is done by setting the expectation before the actual call.
+  end
+  test 'should merge URI params in GET requests' do
+    user_agent = { :foo => :bar }
+    params = { :page => 5, :per_page => 42 }
+    req = ActionDispatch::Request.new(
+      'REQUEST_URI' => '/api/vulnerability/v1/cves/abc-123/affected_systems',
+      'REQUEST_METHOD' => 'GET',
+      'HTTP_USER_AGENT' => user_agent,
+      'rack.input' => ::Puma::NullIO.new,
+      'action_dispatch.request.query_parameters' => params
+    )
+    ::ForemanRhCloud::TagsAuth.any_instance.expects(:update_tag)
+    @forwarder.expects(:execute_cloud_request).with do |actual_params|
+      actual = actual_params[:headers][:params]
+      assert_equal "U:\"#{@user.login}\"O:\"#{@organization.name}\"L:\"#{@location.name}\"", tag_value(actual.find { |param| param[0] == :tag && tag_name(param[1]) =~ /#{ForemanRhCloud::TagsAuth::TAG_NAME}/ }[1])
+      assert_equal 5, actual.find { |param| param[0] == :page }[1]
+      assert_equal 42, actual.find { |param| param[0] == :per_page }[1]
+      true
+    end
+    @forwarder.forward_request(req, '/api/vulnerability/v1/cves/abc-123/affected_systems', 'test_controller', @user, @organization, @location)
+    # This test asserts the parameters that are sent to the execute_cloud_request method.
+    # This is done by setting the expectation before the actual call.
+  end
+  test 'should not scope POST requests' do
+    post_data = 'Random POST data'
+    req = ActionDispatch::Request.new(
+      'REQUEST_URI' => '/foo/bar',
+      'REQUEST_METHOD' => 'POST',
+      'rack.input' => ::Puma::NullIO.new,
+      'RAW_POST_DATA' => post_data
+    )
+    ::ForemanRhCloud::TagsAuth.any_instance.expects(:update_tag).never
+    @forwarder.expects(:execute_cloud_request).with do |actual_params|
+      actual = actual_params[:headers][:params]
+      assert_equal 0, actual.count
+      true
+    end
+    @forwarder.forward_request(req, '/api/vulnerability/v1/cves', 'test_controller', @user, @organization, @location)
+    # This test asserts the parameters that are sent to the execute_cloud_request method.
+    # This is done by setting the expectation before the actual call.
+  end
+  test 'should not scope PUT requests' do
+    put_data = 'Random PUT data'
+    req = ActionDispatch::Request.new(
+      'REQUEST_URI' => '/foo/bar',
+      'REQUEST_METHOD' => 'PUT',
+      'rack.input' => ::Puma::NullIO.new,
+      'RAW_POST_DATA' => put_data
+    )
+    ::ForemanRhCloud::TagsAuth.any_instance.expects(:update_tag).never
+    @forwarder.expects(:execute_cloud_request).with do |actual_params|
+      actual = actual_params[:headers][:params]
+      assert_equal 0, actual.count
+      true
+    end
+    @forwarder.forward_request(req, '/api/vulnerability/v1/cves', 'test_controller', @user, @organization, @location)
+    # This test asserts the parameters that are sent to the execute_cloud_request method.
+    # This is done by setting the expectation before the actual call.
+  end
+  test 'should not scope PATCH requests' do
+    post_data = 'Random PATCH data'
+    req = ActionDispatch::Request.new(
+      'REQUEST_URI' => '/foo/bar',
+      'REQUEST_METHOD' => 'PATCH',
+      'rack.input' => ::Puma::NullIO.new,
+      'RAW_POST_DATA' => post_data,
+      "action_dispatch.request.path_parameters" => { :format => "json" }
+    )
+    ::ForemanRhCloud::TagsAuth.any_instance.expects(:update_tag).never
+    @forwarder.expects(:execute_cloud_request).with do |actual_params|
+      actual = actual_params[:headers][:params]
+      assert_equal 0, actual.count
+      true
+    end
+    @forwarder.forward_request(req, '/api/vulnerability/v1/cves', 'test_controller', @user, @organization, @location)
+    # This test asserts the parameters that are sent to the execute_cloud_request method.
+    # This is done by setting the expectation before the actual call.
+  end
+  def tag_value(param_value)
+    return param_value unless param_value.is_a?(String)
+    tag_string = CGI.unescape(param_value)
+    tag_string.split('=')[1]
+  end
+  def tag_name(param_value)
+    return param_value unless param_value.is_a?(String)
+    tag_string = CGI.unescape(param_value)
+    tag_string.split('=')[0]
+  end
+end

data/test/unit/services/foreman_rh_cloud/tags_auth_test.rb ADDED Viewed

@@ -0,0 +1,29 @@
+require 'test_plugin_helper'
+require 'json'
+class TagsAuthTest < ActiveSupport::TestCase
+  setup do
+    @user = FactoryBot.build(:user)
+    @logger = Logger.new(IO::NULL)
+    @org = FactoryBot.build(:organization)
+    @loc = FactoryBot.build(:location)
+    @auth = ::ForemanRhCloud::TagsAuth.new(@user, @org, @loc, @logger)
+  end
+  test 'Generates tags update request' do
+    uuid1 = 'test_uuid1'
+    uuid2 = 'test_uuid2'
+    @auth.expects(:allowed_hosts).returns([uuid1, uuid2])
+    @auth.expects(:execute_cloud_request).with do |actual_params|
+      actual = JSON.parse(actual_params[:payload])
+      assert_includes actual['host_id_list'], uuid1
+      assert_includes actual['host_id_list'], uuid2
+      assert_equal ForemanRhCloud::TagsAuth::TAG_SHORT_NAME, actual['tags'].first['key']
+      assert_equal ForemanRhCloud::TagsAuth::TAG_NAMESPACE, actual['tags'].first['namespace']
+      assert_equal "U:\"#{@user.login}\"O:\"#{@org.name}\"L:\"#{@loc.name}\"", actual['tags'].first['value']
+    end
+    @auth.update_tag
+  end
+end

data/test/unit/slice_generator_test.rb CHANGED Viewed

@@ -64,9 +64,10 @@ class SliceGeneratorTest < ActiveSupport::TestCase
       'dmi::system::product_name',
       'dmi::chassis::asset_tag',
       'insights_client::obfuscate_hostname_enabled',
+      'insights_client::obfuscated_hostname',
+      'insights_client::obfuscate_ipv4_enabled',
+      'insights_client::obfuscated_ipv4',
       'insights_client::hostname',
-      'insights_client::obfuscate_ip_enabled',
-      'insights_client::ips',
       'insights_id',
     ]
   end
@@ -418,14 +419,38 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
-  test 'generates obfuscated ip_address fields with inisghts-client' do
+  test 'does not obfuscate fqdn when insights_client obfuscate_hostname_enabled fact is missing and obfuscate_inventory_hostnames setting is false' do
+    # Create a host and obfuscated_hostname fact, but do NOT create the obfuscate_hostname_enabled fact
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
+    FactoryBot.create(:fact_value,
+      fact_name: fact_names['insights_client::obfuscated_hostname'],
+      value: obfuscated_hostname_value,
+      host: @host)
+    # Do NOT create the 'insights_client::obfuscate_hostname_enabled' fact
+    batch = Host.where(id: @host.id).in_batches.first
+    generator = create_generator(batch)
+    json_str = generator.render
+    actual = JSON.parse(json_str.join("\n"))
+    assert_not_nil(actual_host = actual['hosts'].first)
+    assert_equal @host.fqdn, actual_host['fqdn'], "FQDN should not be obfuscated when obfuscate_hostname_enabled is missing and setting is false"
+    assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
+    assert_not_equal true, actual_facts['is_hostname_obfuscated']
+  end
+  test 'generates obfuscated ip_address fields when insights-client facts are present' do
     nic = FactoryBot.build(:nic_managed)
     @host.interfaces << nic
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_ip_enabled'], value: 'true', host: @host)
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_ipv4_enabled'], value: 'true', host: @host)
     FactoryBot.create(
       :fact_value,
-      fact_name: fact_names['insights_client::ips'],
+      fact_name: fact_names['insights_client::obfuscated_ipv4'],
       value: "[{\"obfuscated\": \"10.230.230.100\", \"original\": \"#{nic.ip}\"}]",
       host: @host
     )
@@ -448,9 +473,17 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
-  test 'obfuscates fqdn when instructed by insights-client' do
+  test 'obfuscates fqdn when insights-client facts are present' do
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+      { 'original' => 'satellite.theforeman.org', 'obfuscated' => 'host2.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
+    FactoryBot.create(:fact_value,
+      fact_name: fact_names['insights_client::obfuscated_hostname'],
+      value: obfuscated_hostname_value,
+      host: @host)
     FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_hostname_enabled'], value: 'true', host: @host)
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: 'obfuscated_name', host: @host)
     batch = Host.where(id: @host.id).in_batches.first
     generator = create_generator(batch)
@@ -460,7 +493,7 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal '00000000-0000-0000-0000-000000000000', actual['report_slice_id']
     assert_not_nil(actual_host = actual['hosts'].first)
-    assert_equal 'obfuscated_name', actual_host['fqdn']
+    assert_equal obfuscated_hostname_data.first['obfuscated'], actual_host['fqdn']
     assert_equal '1234', actual_host['account']
     assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
     assert_equal true, actual_facts['is_hostname_obfuscated']
@@ -487,9 +520,35 @@ class SliceGeneratorTest < ActiveSupport::TestCase
     assert_equal 1, generator.hosts_count
   end
-  test 'does not obfuscate fqdn when insights-client sets to false' do
+  test 'obfuscates host fqdn with insights-client when setting set' do
+    Setting[:obfuscate_inventory_hostnames] = true
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: @host.fqdn, host: @host)
+    batch = Host.where(id: @host.id).in_batches.first
+    generator = create_generator(batch)
+    json_str = generator.render
+    actual = JSON.parse(json_str.join("\n"))
+    obfuscated_fqdn = Digest::SHA1.hexdigest(@host.fqdn) + '.example.com'
+    assert_equal '00000000-0000-0000-0000-000000000000', actual['report_slice_id']
+    assert_not_nil(actual_host = actual['hosts'].first)
+    assert_equal obfuscated_fqdn, actual_host['fqdn']
+    assert_equal '1234', actual_host['account']
+    assert_not_nil(actual_facts = actual_host['facts'].first['facts'])
+    assert_equal true, actual_facts['is_hostname_obfuscated']
+    assert_equal 1, generator.hosts_count
+  end
+  test 'does not obfuscate fqdn when host fact from insights-client has a value of false' do
+    obfuscated_hostname_data = [
+      { 'original' => @host.fqdn, 'obfuscated' => '0dd449d0a027.example.com' },
+      { 'original' => 'satellite.theforeman.org', 'obfuscated' => 'host2.example.com' },
+    ]
+    obfuscated_hostname_value = JSON.generate(obfuscated_hostname_data)
     FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscate_hostname_enabled'], value: 'false', host: @host)
-    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::hostname'], value: 'obfuscated_name', host: @host)
+    FactoryBot.create(:fact_value, fact_name: fact_names['insights_client::obfuscated_hostname'], value: obfuscated_hostname_value, host: @host)
     batch = Host.where(id: @host.id).in_batches.first
     generator = create_generator(batch)