foreman_rh_cloud 14.1.2 → 14.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8561ef219578d2be3678f2576fba36e1cb3f2a91aab82b5438369aa08ddd0a05
-  data.tar.gz: 6abcf201d049e27b6dc90fef6f5094a0f6f72d337f49aa6cdf328d8aa92e3516
+  metadata.gz: 91157d5050744236651134413110454e4d595e1e25644eb1676d58e4990476d1
+  data.tar.gz: acb8689d93c1d2aedf280049ff18075ad7989693ef75fea5a8b1babef63b447c
 SHA512:
-  metadata.gz: cf0448da7b88a0ddca0e2726805b9c0fb6e5356651e64ac09d0a18cd16d05a393dab07f4a19c445948a39fd1a4111e17c275c8ffaf33df974cc80a9af1693ba0
-  data.tar.gz: 7e780f06f64dc1f5042a10ec48f3c397d5b767bc5b6ac2c08ac7d9cc059518df4415ee442b37216777a471a0286d59a73a56142a6b80cb10b04213d477a9c4d7
+  metadata.gz: 5f2378f058fde9220f4fa8ca17a094dfe6e32f3f33456304c0178ca3b5023abf8b6bfd09fdcbff064e914e063c4fc6a9b66536d6703e259a4f28569202c37813
+  data.tar.gz: 1d0adbd1839a3e73eada13ca910522407af5a66e838934ad327f8c36cb41058f5693c7d5d646caa3b7b1fba71670e184f24df1ee90b122d4fdd7f05338a845de

data/app/services/foreman_rh_cloud/insights_api_forwarder.rb

@@ -8,6 +8,30 @@ module ForemanRhCloud
     #
     # Foreman Permission   | Paths
     # ---------------------|--------------------------------------------------
+    # view_compliance      | GET /api/inventory/v1/hosts(/*)
+    # view_compliance      | GET /api/compliance/v2/systems
+    # view_compliance      | GET /api/compliance/v2/systems/{system_id}
+    # view_compliance      | GET /api/compliance/v2/systems/os_versions
+    # view_compliance      | GET /api/compliance/v2/systems/{system_id}/policies
+    # view_compliance      | GET /api/compliance/v2/systems/{system_id}/reports
+    # view_compliance      | GET /api/compliance/v2/reports/{report_id}/systems
+    # view_compliance      | GET /api/compliance/v2/reports/{report_id}/systems/{system_id}
+    # view_compliance      | GET /api/compliance/v2/reports/{report_id}/systems/os_versions
+    # view_compliance      | GET /api/compliance/v2/policies/{policy_id}/systems/os_versions
+    # view_compliance      | GET /api/compliance/v2/*
+    # edit_compliance      | POST /api/compliance/v2/policies
+    # edit_compliance      | DELETE /api/compliance/v2/policies/{policy_id}
+    # edit_compliance      | PATCH /api/compliance/v2/policies/{policy_id}
+    # edit_compliance      | POST /api/compliance/v2/policies/{policy_id}/systems
+    # edit_compliance      | DELETE /api/compliance/v2/policies/{policy_id}/systems/{system_id}
+    # edit_compliance      | PATCH /api/compliance/v2/policies/{policy_id}/systems/{system_id}
+    # edit_compliance      | POST /api/compliance/v2/policies/{policy_id}/tailorings
+    # edit_compliance      | PATCH /api/compliance/v2/policies/{policy_id}/tailorings/{tailoring_id}
+    # edit_compliance      | POST /api/compliance/v2/policies/{policy_id}/tailorings/{tailoring_id}/rules
+    # edit_compliance      | DELETE /api/compliance/v2/policies/{policy_id}/tailorings/{tailoring_id}/rules/{rule_id}
+    # edit_compliance      | PATCH /api/compliance/v2/policies/{policy_id}/tailorings/{tailoring_id}/rules/{rule_id}
+    # edit_compliance      | DELETE /api/compliance/v2/reports/{report_id}
+    #
     # view_vulnerability   | GET /api/inventory/v1/hosts(/*)
     # view_vulnerability   | GET /api/vulnerability/v1/*
     #                      | POST /api/vulnerability/v1/vulnerabilities/cves
@@ -24,12 +48,140 @@ module ForemanRhCloud
     #                      | POST /api/insights/v1/rule/{rule_id}/unack_hosts/
     #
     SCOPED_REQUESTS = [
-      # Inventory hosts - requires view_vulnerability for GET
+      # Inventory hosts - shared dependency;
+      #                 - requires view_compliance or view_vulnerability for GET
       {
         test: %r{api/inventory/v1/hosts(/.*)?$},
         tag_name: :tags,
         permissions: {
-          'GET' => :view_vulnerability,
+          'GET' => [:view_compliance, :view_vulnerability],
+        },
+      },
+      # Policies - requires view_compliance for GET, edit_compliance for POST/DELETE/PATCH
+      {
+        test: %r{api/compliance/v2/policies(/[^/]*)?$},
+        permissions: {
+          'GET' => :view_compliance,
+          'POST' => :edit_compliance,
+          'DELETE' => :edit_compliance,
+          'PATCH' => :edit_compliance,
+        },
+      },
+      # System and policies assigned to them - requires view_compliance for GET, edit_compliance for POST/DELETE/PATCH
+      {
+        test: %r{api/compliance/v2/policies/[^/]+/systems(/[^/]*)?$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+          'POST' => :edit_compliance,
+          'DELETE' => :edit_compliance,
+          'PATCH' => :edit_compliance,
+        },
+      },
+      # Tailorings of assigned policies - requires view_compliance for GET, edit_compliance for POST/PATCH
+      {
+        test: %r{api/compliance/v2/policies/[^/]+/tailorings(/[^/]*)?$},
+        permissions: {
+          'GET' => :view_compliance,
+          'POST' => :edit_compliance,
+          'PATCH' => :edit_compliance,
+        },
+      },
+      # Rules of Tailorings - requires view_compliance for GET, edit_compliance for POST/DELETE/PATCH
+      {
+        test: %r{api/compliance/v2/policies/[^/]+/tailorings/[^/]+/rules(/[^/]*)?$},
+        permissions: {
+          'GET' => :view_compliance,
+          'POST' => :edit_compliance,
+          'DELETE' => :edit_compliance,
+          'PATCH' => :edit_compliance,
+        },
+      },
+      # Compliance Reports - requires view_compliance for GET, edit_compliance for DELETE
+      {
+        test: %r{api/compliance/v2/reports(/[^/]*)?$},
+        permissions: {
+          'GET' => :view_compliance,
+          'DELETE' => :edit_compliance,
+        },
+      },
+      # Systems assigned to a report - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/reports/[^/]+/systems$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # Individual system in a report - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/reports/[^/]+/systems/[^/]+$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # OS versions for systems in a report - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/reports/[^/]+/systems/os_versions$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # OS versions for systems in a policy - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/policies/[^/]+/systems/os_versions$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # Compliance Systems list - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/systems$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # Individual compliance system - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/systems/[^/]+$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # OS versions for all systems - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/systems/os_versions$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # Policies for a specific system - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/systems/[^/]+/policies$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # Reports for a specific system - requires view_compliance for GET
+      {
+        test: %r{api/compliance/v2/systems/[^/]+/reports$},
+        tag_name: :tags,
+        permissions: {
+          'GET' => :view_compliance,
+        },
+      },
+      # Other compliance endpoints - GET requires view_compliance
+      {
+        test: %r{api/compliance/v2/.*},
+        permissions: {
+          'GET' => :view_compliance,
         },
       },
       # Vulnerability CVEs list - POST requires view_vulnerability (no tags support per OpenAPI spec)
@@ -136,9 +288,9 @@ module ForemanRhCloud
 
     def forward_request(original_request, path, controller_name, user, organization, location)
       # Check permissions before forwarding
-      permission = required_permission_for(path, original_request.request_method)
-      if permission && !user&.can?(permission)
-        logger.warn("User #{user&.login || 'anonymous'} lacks permission #{permission} for #{original_request.request_method} #{path}")
+      permissions = required_permission_for(path, original_request.request_method)
+      if permissions && Array(permissions).none? { |p| user&.can?(p) }
+        logger.warn("User #{user&.login || 'anonymous'} lacks permissions #{Array(permissions).join(', ')} for #{original_request.request_method} #{path}")
         raise ::Foreman::PermissionMissingException.new(N_("You do not have permission to perform this action"))
       end
 

data/lib/foreman_inventory_upload/generators/fact_helpers.rb

@@ -106,6 +106,7 @@ module ForemanInventoryUpload
 
       def host_ips(host)
         # Determines and returns the IP addresses associated with a host, applying obfuscation if enabled.
+        return {} if host.nil?
 
         # If IP obfuscation is enabled for the host return a representation of obfuscated IP addresses.
         return obfuscated_ips(host) if obfuscate_ips?(host)
@@ -155,10 +156,29 @@ module ForemanInventoryUpload
 
       def hostname_match
         bash_hostname = `uname -n`.chomp
-        foreman_hostname = ForemanRhCloud.foreman_host&.name
-        if bash_hostname == foreman_hostname
-          fqdn(ForemanRhCloud.foreman_host)
-        elsif Setting[:obfuscate_inventory_hostnames]
+        foreman_host = ForemanRhCloud.foreman_host
+
+        # If bash hostname matches foreman_host, use fqdn
+        if foreman_host && bash_hostname == foreman_host.name
+          return fqdn(foreman_host)
+        end
+
+        # If no foreman_host, try foreman_host_name from Setting[:foreman_url]
+        unless foreman_host
+          foreman_hostname_from_setting = ForemanRhCloud.foreman_host_name
+          if foreman_hostname_from_setting
+            # Apply obfuscation if enabled
+            return obfuscate_fqdn(foreman_hostname_from_setting) if Setting[:obfuscate_inventory_hostnames]
+
+            return foreman_hostname_from_setting
+          end
+          # Otherwise fall through to bash_hostname below
+          # NOTE: Containerized foremanctl setups must configure Setting[:foreman_url]
+          # as bash hostname may not be available or meaningful in containers
+        end
+
+        # Fallback to bash hostname (with obfuscation if enabled)
+        if Setting[:obfuscate_inventory_hostnames]
           obfuscate_fqdn(bash_hostname)
         else
           bash_hostname
@@ -166,6 +186,8 @@ module ForemanInventoryUpload
       end
 
       def bios_uuid(host)
+        return nil if host.nil?
+
         value = fact_value(host, 'dmi::system::uuid') || ''
         uuid_value(value)
       end

data/lib/foreman_inventory_upload.rb

@@ -96,7 +96,14 @@ module ForemanInventoryUpload
   end
 
   def self.inventory_self_url
-    inventory_base_url + "?hostname_or_id=#{ForemanRhCloud.foreman_host.fqdn}"
+    host = ForemanRhCloud.foreman_host
+    hostname = host ? host.fqdn : ForemanRhCloud.foreman_host_name
+    if hostname.nil?
+      Rails.logger.warn("Cannot determine Foreman hostname for inventory sync. " \
+                        "Please configure Setting[:foreman_url]. " \
+                        "Containerized setups must explicitly set this.")
+    end
+    inventory_base_url + "?hostname_or_id=#{hostname}"
   end
 
   def self.host_by_id_url(host_uuid)

data/lib/foreman_rh_cloud/plugin.rb

@@ -71,6 +71,17 @@ module ForemanRhCloud
             :control_organization_insights,
             'insights_cloud/settings': [:set_org_parameter]
           )
+          # Insights Compliance permissions
+          permission(
+            :view_compliance,
+            {},
+            :resource_type => 'ForemanRhCloud'
+          )
+          permission(
+            :edit_compliance,
+            {},
+            :resource_type => 'ForemanRhCloud'
+          )
           # Insights Vulnerability permissions
           permission(
             :view_vulnerability,
@@ -98,19 +109,19 @@ module ForemanRhCloud
         # Core RH Cloud permissions for inventory upload and sync
         rh_cloud_permissions = [:view_foreman_rh_cloud, :generate_foreman_rh_cloud, :view_insights_hits, :dispatch_cloud_requests, :control_organization_insights]
 
-        # Insights application permissions (Vulnerability, Advisor)
-        insights_permissions = [:view_vulnerability, :edit_vulnerability, :view_advisor, :edit_advisor]
+        # Insights application permissions (Compliance, Vulnerability, Advisor)
+        insights_permissions = [:view_compliance, :edit_compliance, :view_vulnerability, :edit_vulnerability, :view_advisor, :edit_advisor]
 
         plugin_permissions = rh_cloud_permissions + insights_permissions
 
-        read_only_permissions = [:view_foreman_rh_cloud, :view_insights_hits, :view_vulnerability, :view_advisor]
+        read_only_permissions = [:view_foreman_rh_cloud, :view_insights_hits, :view_compliance, :view_vulnerability, :view_advisor]
 
         role 'ForemanRhCloud', plugin_permissions, 'Role granting permissions to view the hosts inventory,
                                                     generate a report, upload it to the cloud, download it locally,
-                                                    and manage Insights Vulnerability and Advisor features'
+                                                    and manage Insights Compliance, Vulnerability and Advisor features'
 
         role 'ForemanRhCloud Read Only', read_only_permissions, 'Role granting read-only permissions to view
-                                                                 Insights Vulnerability, Advisor, and host inventory'
+                                                                 Insights Compliance, Vulnerability, Advisor, and host inventory'
 
         add_permissions_to_default_roles Role::ORG_ADMIN => plugin_permissions,
           Role::MANAGER => plugin_permissions,

data/lib/foreman_rh_cloud/version.rb

@@ -1,3 +1,3 @@
 module ForemanRhCloud
-  VERSION = '14.1.2'.freeze
+  VERSION = '14.2.0'.freeze
 end

data/lib/foreman_rh_cloud.rb

@@ -84,23 +84,50 @@ module ForemanRhCloud
 
   # For testing purposes we can override the default hostname with an environment variable SATELLITE_RH_CLOUD_FOREMAN_HOST
   def self.foreman_host
-    @foreman_host ||= begin
-      fullname = foreman_host_name
-      ::Host.unscoped.friendly.find(fullname)
-    rescue ActiveRecord::RecordNotFound
-      # fullname didn't work. Let's try shortname
+    return @foreman_host if defined?(@foreman_host)
+
+    fullname = foreman_host_name
+    return @foreman_host = nil unless fullname
+
+    # Try fullname first
+    host = ::Host.unscoped.friendly.where(name: fullname).first
+
+    # If not found, try shortname
+    if host.nil?
       shortname = /(?<shortname>[^\.]*)\.?.*/.match(fullname)[:shortname]
-      ::Host.unscoped.friendly.find(shortname)
+      host = ::Host.unscoped.friendly.where(name: shortname).first
     end
+
+    @foreman_host = host
   end
 
   def self.foreman_host_name
-    ENV['SATELLITE_RH_CLOUD_FOREMAN_HOST'] || marked_foreman_host&.name || ::SmartProxy.default_capsule.name
+    ENV['SATELLITE_RH_CLOUD_FOREMAN_HOST'] || marked_foreman_host&.name || foreman_url_hostname
+  end
+
+  def self.foreman_url_hostname
+    return nil unless Setting[:foreman_url]
+
+    begin
+      # Ensure setting is a string to avoid TypeError from URI.parse
+      url = Setting[:foreman_url].to_s
+      URI.parse(url).host
+    rescue URI::InvalidURIError, ArgumentError, TypeError => e
+      Rails.logger.warn("Invalid foreman_url setting: #{e.message}")
+      nil
+    end
   end
 
   def self.marked_foreman_host
-    ::Host.unscoped.search_for('infrastructure_facet.foreman = true').first
-  rescue ScopedSearch::QueryNotSupported
+    # Find host with infrastructure_facet.foreman_instance = true
+    # Facets use a special mechanism in Foreman, so we query the facet table directly
+    return nil unless defined?(HostFacets::InfrastructureFacet)
+
+    facet = HostFacets::InfrastructureFacet.find_by(foreman_instance: true)
+    facet&.host
+  rescue ActiveRecord::StatementInvalid => e
+    # Table might not exist yet during migrations
+    Rails.logger.debug("Could not query marked foreman host: #{e.message}")
     nil
   end
 

data/lib/insights_cloud/async/insights_generate_notifications.rb

@@ -13,7 +13,16 @@ module InsightsCloud
       end
 
       def add_satellite_notifications
-        hits_count = InsightsHit.where(host_id: foreman_host.id).count
+        host = foreman_host
+
+        # Skip if no Foreman host record exists
+        unless host
+          logger.debug("Skipping Insights notifications: no Foreman host record found")
+          blueprint&.notifications&.destroy_all
+          return
+        end
+
+        hits_count = InsightsHit.where(host_id: host.id).count
 
         # Remove stale notifications
         blueprint.notifications.destroy_all

data/lib/inventory_sync/async/inventory_self_host_sync.rb

@@ -4,7 +4,14 @@ module InventorySync
       set_callback :step, :around, :create_facets
 
       def plan
-        super(ForemanRhCloud.foreman_host.organization)
+        host = ForemanRhCloud.foreman_host
+
+        if host.nil?
+          logger.warn("Skipping self-host inventory sync: no Foreman host record found.")
+          return
+        end
+
+        super(host.organization)
       end
 
       def create_facets
@@ -22,7 +29,10 @@ module InventorySync
       private
 
       def add_missing_insights_facet(uuids_hash)
-        facet = InsightsFacet.find_or_create_by(host_id: ForemanRhCloud.foreman_host.id) do |facet|
+        host = ForemanRhCloud.foreman_host
+        return unless host # Guard against nil
+
+        facet = InsightsFacet.find_or_create_by(host_id: host.id) do |facet|
           facet.uuid = uuids_hash.values.first
         end
 

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "foreman_rh_cloud",
-  "version": "14.1.2",
+  "version": "14.2.0",
   "description": "Inventory Upload =============",
   "main": "index.js",
   "scripts": {

data/test/jobs/insights_generate_notifications_test.rb

@@ -0,0 +1,26 @@
+require 'test_plugin_helper'
+require 'foreman_tasks/test_helpers'
+
+class InsightsGenerateNotificationsTest < ActiveSupport::TestCase
+  include Dynflow::Testing::Factories
+
+  setup do
+    User.current = User.find_by(login: 'secret_admin')
+  end
+
+  test 'skips notifications when foreman_host is nil' do
+    ForemanRhCloud.stubs(:foreman_host).returns(nil)
+
+    # Ensure blueprint exists or create it
+    NotificationBlueprint.find_or_create_by(name: 'insights_satellite_hits') do |bp|
+      bp.message = 'Test message'
+      bp.level = 'info'
+      bp.expires_in = 7.days
+    end
+
+    plan = ForemanTasks.sync_task(InsightsCloud::Async::InsightsGenerateNotifications)
+
+    # Should not raise an error, task completes successfully
+    assert_includes ['success', 'stopped'], plan.state, "Task should complete without error"
+  end
+end

data/test/jobs/inventory_self_host_sync_test.rb

@@ -106,4 +106,13 @@ class InventorySelfHostSyncTest < ActiveSupport::TestCase
 
     assert_equal @host1_inventory_id, @host1.insights.uuid
   end
+
+  test 'skips sync when foreman_host is nil' do
+    ForemanRhCloud.stubs(:foreman_host).returns(nil)
+
+    plan = ForemanTasks.sync_task(InventorySync::Async::InventorySelfHostSync)
+
+    # Task should be stopped (not executed) when host is nil, not failed
+    assert_equal 'stopped', plan.state
+  end
 end

data/test/unit/foreman_rh_cloud_self_host_test.rb

@@ -2,8 +2,9 @@ require 'test_plugin_helper'
 
 class ForemanRhCloudSelfHostTest < ActiveSupport::TestCase
   setup do
-    # reset cached value
-    ForemanRhCloud.instance_variable_set(:@foreman_host, nil)
+    # reset cached value - must remove the variable entirely, not just set to nil
+    ForemanRhCloud.remove_instance_variable(:@foreman_host) if ForemanRhCloud.instance_variable_defined?(:@foreman_host)
+    ENV.delete('SATELLITE_RH_CLOUD_FOREMAN_HOST')
   end
 
   test 'finds host by fullname' do
@@ -32,4 +33,51 @@ class ForemanRhCloudSelfHostTest < ActiveSupport::TestCase
 
     assert_equal @host, actual
   end
+
+  test 'returns nil when host does not exist' do
+    ForemanRhCloud.expects(:foreman_host_name).returns('nonexistent.example.com')
+
+    actual = ForemanRhCloud.foreman_host
+
+    assert_nil actual
+  end
+
+  test 'returns nil and does not query Host when foreman_host_name is nil' do
+    ForemanRhCloud.stubs(:foreman_host_name).returns(nil)
+    ::Host.unscoped.friendly.expects(:where).never
+
+    assert_nil ForemanRhCloud.foreman_host
+  end
+
+  test 'caches nil value to avoid repeated lookups' do
+    ForemanRhCloud.expects(:foreman_host_name).once.returns('nonexistent.example.com')
+
+    2.times { ForemanRhCloud.foreman_host }
+  end
+
+  test 'extracts hostname from foreman_url setting' do
+    Setting[:foreman_url] = 'https://satellite.example.com'
+
+    actual = ForemanRhCloud.foreman_url_hostname
+
+    assert_equal 'satellite.example.com', actual
+  end
+
+  test 'handles invalid foreman_url gracefully' do
+    # Stub Setting to return invalid URL without validation
+    Setting.stubs(:[]).with(:foreman_url).returns('not a valid url')
+
+    actual = ForemanRhCloud.foreman_url_hostname
+
+    assert_nil actual
+  end
+
+  test 'foreman_host_name uses foreman_url when marked_foreman_host is nil' do
+    ForemanRhCloud.expects(:marked_foreman_host).returns(nil)
+    ForemanRhCloud.expects(:foreman_url_hostname).returns('satellite.example.com')
+
+    actual = ForemanRhCloud.foreman_host_name
+
+    assert_equal 'satellite.example.com', actual
+  end
 end

data/test/unit/metadata_generator_test.rb

@@ -2,7 +2,8 @@ require 'test_plugin_helper'
 
 class MetadataGeneratorTest < ActiveSupport::TestCase
   setup do
-    ForemanRhCloud.instance_variable_set(:@foreman_host, nil)
+    # reset cached value - must remove the variable entirely, not just set to nil
+    ForemanRhCloud.remove_instance_variable(:@foreman_host) if ForemanRhCloud.instance_variable_defined?(:@foreman_host)
   end
 
   test 'generates an empty report' do
@@ -64,4 +65,26 @@ class MetadataGeneratorTest < ActiveSupport::TestCase
     assert_not_nil(slice = slices['test_12345'])
     assert_equal 3, slice['number_hosts']
   end
+
+  test 'generates metadata when foreman_host is nil' do
+    ForemanRhCloud.stubs(:foreman_host).returns(nil)
+    ForemanRhCloud.stubs(:foreman_host_name).returns('satellite.example.com')
+
+    generator = ForemanInventoryUpload::Generators::Metadata.new
+
+    # Should not raise an error
+    json_str = nil
+    assert_nothing_raised do
+      json_str = generator.render do
+      end
+    end
+
+    # Verify hostname is from foreman_host_name
+    actual = JSON.parse(json_str.join("\n"))
+    assert_equal 'satellite.example.com', actual['reporting_host_name']
+    # Verify IP and BIOS UUID fields are nil when host is nil
+    # This is acceptable per SAT-25889 - cloud services don't rely on these fields
+    assert_nil actual['reporting_host_ips']
+    assert_nil actual['reporting_host_bios_uuid']
+  end
 end