moose-inventory 1.0.9 → 2.0

data/lib/moose_inventory/version.rb

@@ -2,6 +2,6 @@ module Moose
   ##
   # The Moose-Tools dynamic inventory management library
   module Inventory
-    VERSION = '1.0.9'.freeze
+    VERSION = '2.0'.freeze
   end
 end

data/moose-inventory.gemspec

@@ -53,8 +53,11 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'thor', '>= 1.3', '< 2'
 
   spec.add_development_dependency 'bundler', '>= 2.2.33', '< 3'
+  spec.add_development_dependency 'bundler-audit', '>= 0.9', '< 1'
+  spec.add_development_dependency 'parallel', '>= 1.10', '< 2.0'
   spec.add_development_dependency 'rake', '>= 13.0', '< 14'
   spec.add_development_dependency 'rspec', '~> 3'
+  spec.add_development_dependency 'rubocop', '>= 1.72', '< 2'
   spec.add_development_dependency 'simplecov', '~> 0'
 
 end

data/scripts/check.sh

@@ -2,7 +2,9 @@
 set -euo pipefail
 
 bundle exec rspec --format progress
+scripts/ci/check_rubocop.sh
 git diff --check
 scripts/ci/check_permissions.sh
 scripts/ci/check_security.sh
+scripts/ci/check_secrets.sh
 scripts/ci/package_sanity.sh

data/scripts/ci/check_permissions.sh

@@ -5,7 +5,10 @@ allowed_executables=(
   "bin/moose-inventory"
   "scripts/check.sh"
   "scripts/ci/check_permissions.sh"
+  "scripts/ci/check_rubocop.sh"
+  "scripts/ci/check_secrets.sh"
   "scripts/ci/check_security.sh"
+  "scripts/ci/install_security_tools.sh"
   "scripts/ci/package_sanity.sh"
   "scripts/files.rb"
   "scripts/install_dependencies.sh"

data/scripts/ci/check_rubocop.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -euo pipefail
+
+bundle exec rubocop \
+  lib/moose_inventory/inventory_context.rb \
+  lib/moose_inventory/operations/add_hosts.rb \
+  lib/moose_inventory/operations/add_groups.rb \
+  lib/moose_inventory/operations/add_associations.rb \
+  lib/moose_inventory/operations/remove_associations.rb \
+  lib/moose_inventory/operations/group_cleanup.rb \
+  lib/moose_inventory/operations/group_child_relations.rb \
+  lib/moose_inventory/operations/remove_groups.rb \
+  lib/moose_inventory/cli/helpers.rb \
+  lib/moose_inventory/cli/host_add.rb \
+  lib/moose_inventory/cli/group_add.rb \
+  lib/moose_inventory/cli/host_addgroup.rb \
+  lib/moose_inventory/cli/group_addhost.rb \
+  lib/moose_inventory/cli/host_rmgroup.rb \
+  lib/moose_inventory/cli/group_rmhost.rb \
+  lib/moose_inventory/cli/group_addchild.rb \
+  lib/moose_inventory/cli/group_rmchild.rb \
+  lib/moose_inventory/cli/group_rm.rb \
+  spec/lib/moose_inventory/operations/add_hosts_spec.rb \
+  spec/lib/moose_inventory/operations/add_groups_spec.rb \
+  spec/lib/moose_inventory/operations/add_associations_spec.rb \
+  spec/lib/moose_inventory/operations/remove_associations_spec.rb \
+  spec/lib/moose_inventory/operations/group_child_relations_spec.rb \
+  spec/lib/moose_inventory/operations/remove_groups_spec.rb

data/scripts/ci/check_secrets.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+set -euo pipefail
+
+BIN_DIR="${MOOSE_INVENTORY_SECURITY_TOOLS_BIN:-$PWD/tmp/security-tools/bin}"
+if command -v gitleaks >/dev/null 2>&1; then
+  GITLEAKS=(gitleaks)
+elif [ -x "$BIN_DIR/gitleaks" ]; then
+  GITLEAKS=("$BIN_DIR/gitleaks")
+else
+  if [ "${MOOSE_INVENTORY_REQUIRE_SECURITY_TOOLS:-0}" = "1" ]; then
+    echo "gitleaks is required but was not found. Run scripts/ci/install_security_tools.sh first." >&2
+    exit 2
+  fi
+  echo "gitleaks not found; skipping dedicated secret scan."
+  exit 0
+fi
+
+"${GITLEAKS[@]}" detect \
+  --no-git \
+  --source . \
+  --config .gitleaks.toml \
+  --redact \
+  --no-banner \
+  --log-level warn
+
+echo "Gitleaks secret scan passed."

data/scripts/ci/check_security.sh

@@ -48,3 +48,21 @@ if findings:
         print(f'- {name} {version}: {vuln_id} {summary}', file=sys.stderr)
     sys.exit(1)
 PY
+
+bundle exec bundle-audit check --update
+
+BIN_DIR="${MOOSE_INVENTORY_SECURITY_TOOLS_BIN:-$PWD/tmp/security-tools/bin}"
+if command -v osv-scanner >/dev/null 2>&1; then
+  OSV_SCANNER=(osv-scanner)
+elif [ -x "$BIN_DIR/osv-scanner" ]; then
+  OSV_SCANNER=("$BIN_DIR/osv-scanner")
+else
+  if [ "${MOOSE_INVENTORY_REQUIRE_SECURITY_TOOLS:-0}" = "1" ]; then
+    echo "osv-scanner is required but was not found. Run scripts/ci/install_security_tools.sh first." >&2
+    exit 2
+  fi
+  echo "osv-scanner not found; skipping osv-scanner lockfile scan."
+  exit 0
+fi
+
+"${OSV_SCANNER[@]}" scan source --lockfile Gemfile.lock .

data/scripts/ci/install_security_tools.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -euo pipefail
+
+# Installs optional security audit CLIs used by CI. They are kept out of the
+# gem runtime/development bundle because they are Go command-line tools, not
+# Ruby dependencies.
+
+BIN_DIR="${MOOSE_INVENTORY_SECURITY_TOOLS_BIN:-$PWD/tmp/security-tools/bin}"
+GITLEAKS_VERSION="${GITLEAKS_VERSION:-v8.30.0}"
+OSV_SCANNER_VERSION="${OSV_SCANNER_VERSION:-v2.2.3}"
+
+mkdir -p "$BIN_DIR"
+
+if ! command -v go >/dev/null 2>&1; then
+  echo "Go is required to install gitleaks/osv-scanner. Install Go or use a prebuilt package." >&2
+  exit 2
+fi
+
+install_go_tool() {
+  local name="$1"
+  local module="$2"
+  local version="$3"
+
+  if command -v "$name" >/dev/null 2>&1; then
+    echo "$name already available at $(command -v "$name")"
+    return
+  fi
+
+  if [ -x "$BIN_DIR/$name" ]; then
+    echo "$name already installed at $BIN_DIR/$name"
+    return
+  fi
+
+  echo "Installing $name $version into $BIN_DIR"
+  GOBIN="$BIN_DIR" go install "$module@$version"
+}
+
+install_go_tool gitleaks github.com/zricethezav/gitleaks/v8 "$GITLEAKS_VERSION"
+install_go_tool osv-scanner github.com/google/osv-scanner/v2/cmd/osv-scanner "$OSV_SCANNER_VERSION"
+
+if [ -n "${GITHUB_PATH:-}" ]; then
+  echo "$BIN_DIR" >> "$GITHUB_PATH"
+fi
+
+export PATH="$BIN_DIR:$PATH"
+gitleaks version || true
+osv-scanner --version

data/scripts/install_dependencies.sh

@@ -4,6 +4,8 @@ set -euo pipefail
 sudo dnf groupinstall -y "C Development Tools and Libraries" "Development Tools"
 sudo dnf install -y \
             ansible \
+            gitleaks \
+            golang \
             ruby \
             ruby-devel \
             rubygem-bundler \

data/spec/lib/moose_inventory/cli/group_rm_spec.rb

@@ -241,5 +241,45 @@ RSpec.describe Moose::Inventory::Cli::Group do
       groups = @db.models[:group].all
       expect(groups.count).to eq(1)
     end
+
+    #---------------
+    it 'GROUP --recursive ... should remove orphaned child groups recursively' do
+      runner { @app.start(%w(group add parent)) }
+      runner { @app.start(%w(group add child --hosts child-host)) }
+      runner { @app.start(%w(group add grandchild)) }
+      runner { @app.start(%w(group addchild parent child)) }
+      runner { @app.start(%w(group addchild child grandchild)) }
+
+      actual = runner { @app.start(%w(group rm --recursive parent)) }
+
+      expect(actual[:unexpected]).to eq(false)
+      expect(actual[:aborted]).to eq(false)
+      expect(actual[:STDOUT]).to include("- Recursively delete orphaned group 'child'...\n")
+      expect(actual[:STDOUT]).to include("- Recursively delete orphaned group 'grandchild'...\n")
+
+      %w(parent child grandchild).each do |name|
+        expect(@db.models[:group].find(name: name)).to be_nil
+      end
+
+      host = @db.models[:host].find(name: 'child-host')
+      expect(host.groups_dataset[name: 'ungrouped']).not_to be_nil
+    end
+
+    #---------------
+    it 'GROUP --recursive ... should not remove child groups with another parent' do
+      runner { @app.start(%w(group add parent other-parent)) }
+      runner { @app.start(%w(group addchild parent child)) }
+      runner { @app.start(%w(group addchild other-parent child)) }
+
+      actual = runner { @app.start(%w(group rm --recursive parent)) }
+
+      expect(actual[:unexpected]).to eq(false)
+      expect(actual[:aborted]).to eq(false)
+      expect(@db.models[:group].find(name: 'parent')).to be_nil
+
+      child = @db.models[:group].find(name: 'child')
+      expect(child).not_to be_nil
+      expect(child.parents_dataset[name: 'other-parent']).not_to be_nil
+    end
   end
 end

data/spec/lib/moose_inventory/cli/group_rmchild_spec.rb

@@ -169,5 +169,50 @@ RSpec.describe Moose::Inventory::Cli::Group do
 
       expected(actual, desired)
     end
+
+    #------------------------
+    it 'GROUP CHILDGROUP --delete-orphans ... should delete orphaned child groups recursively' do
+      runner { @app.start(%w(group add parent)) }
+      runner { @app.start(%w(group add child --hosts child-host)) }
+      runner { @app.start(%w(group add grandchild)) }
+      runner { @app.start(%w(group addchild parent child)) }
+      runner { @app.start(%w(group addchild child grandchild)) }
+
+      actual = runner do
+        @app.start(%w(group rmchild --delete-orphans parent child))
+      end
+
+      expect(actual[:unexpected]).to eq(false)
+      expect(actual[:aborted]).to eq(false)
+      expect(actual[:STDOUT]).to include("- Recursively delete orphaned group 'child'...\n")
+      expect(actual[:STDOUT]).to include("- Recursively delete orphaned group 'grandchild'...\n")
+
+      expect(@db.models[:group].find(name: 'parent')).not_to be_nil
+      %w(child grandchild).each do |name|
+        expect(@db.models[:group].find(name: name)).to be_nil
+      end
+
+      host = @db.models[:host].find(name: 'child-host')
+      expect(host.groups_dataset[name: 'ungrouped']).not_to be_nil
+    end
+
+    #------------------------
+    it 'GROUP CHILDGROUP --delete-orphans ... should preserve child groups with another parent' do
+      runner { @app.start(%w(group add parent other-parent)) }
+      runner { @app.start(%w(group addchild parent child)) }
+      runner { @app.start(%w(group addchild other-parent child)) }
+
+      actual = runner do
+        @app.start(%w(group rmchild --delete-orphans parent child))
+      end
+
+      expect(actual[:unexpected]).to eq(false)
+      expect(actual[:aborted]).to eq(false)
+
+      child = @db.models[:group].find(name: 'child')
+      expect(child).not_to be_nil
+      expect(child.parents_dataset[name: 'parent']).to be_nil
+      expect(child.parents_dataset[name: 'other-parent']).not_to be_nil
+    end
   end
 end

data/spec/lib/moose_inventory/db/db_spec.rb

@@ -190,6 +190,59 @@ RSpec.describe 'Moose::Inventory::DB' do
       end
     end
 
+    it 'raises a Moose DB exception when password and password_env are missing' do
+      with_db_config(
+        adapter: 'mysql',
+        host: 'localhost',
+        database: 'moose_inventory_test',
+        user: 'moose'
+      ) do
+        expect { @db.init_mysql }.to raise_error(
+          Moose::Inventory::DB::MooseDBException,
+          /Expected key password or password_env missing in mysql configuration/
+        )
+      end
+    end
+
+    it 'uses a mysql password from the configured environment variable' do
+      saved_db = @db.instance_variable_get(:@db)
+      saved_settings = @config._settings.dup
+      saved_password = ENV['MOOSE_INVENTORY_MYSQL_PASSWORD']
+      mysql_config = {
+        adapter: 'mysql',
+        host: 'localhost',
+        database: 'moose_inventory_test',
+        user: 'moose',
+        password_env: 'MOOSE_INVENTORY_MYSQL_PASSWORD',
+      }
+
+      begin
+        ENV['MOOSE_INVENTORY_MYSQL_PASSWORD'] = 'env-secret'
+        @db.instance_variable_set(:@db, nil)
+        @config._settings.clear
+        @config._settings[:config] = { db: mysql_config }
+
+        expect(Sequel).to receive(:mysql2).with(
+          user: 'moose',
+          password: 'env-secret',
+          host: 'localhost',
+          database: 'moose_inventory_test'
+        ).and_return(:mysql2_connection)
+
+        @db.init_mysql
+        expect(@db.db).to eq(:mysql2_connection)
+      ensure
+        if saved_password.nil?
+          ENV.delete('MOOSE_INVENTORY_MYSQL_PASSWORD')
+        else
+          ENV['MOOSE_INVENTORY_MYSQL_PASSWORD'] = saved_password
+        end
+        @db.instance_variable_set(:@db, saved_db)
+        @config._settings.clear
+        @config._settings.merge!(saved_settings)
+      end
+    end
+
     it 'uses the mysql2 Sequel adapter with configured connection settings' do
       saved_db = @db.instance_variable_get(:@db)
       saved_settings = @config._settings.dup
@@ -238,6 +291,67 @@ RSpec.describe 'Moose::Inventory::DB' do
       end
     end
 
+    it 'raises a Moose DB exception when password_env points to an unset variable' do
+      saved_password = ENV['MOOSE_INVENTORY_POSTGRES_PASSWORD']
+      ENV.delete('MOOSE_INVENTORY_POSTGRES_PASSWORD')
+
+      begin
+        with_db_config(
+          adapter: 'postgresql',
+          host: 'localhost',
+          database: 'moose_inventory_test',
+          user: 'moose',
+          password_env: 'MOOSE_INVENTORY_POSTGRES_PASSWORD'
+        ) do
+          expect { @db.init_postgresql }.to raise_error(
+            Moose::Inventory::DB::MooseDBException,
+            /Environment variable MOOSE_INVENTORY_POSTGRES_PASSWORD is not set for postgresql password/
+          )
+        end
+      ensure
+        ENV['MOOSE_INVENTORY_POSTGRES_PASSWORD'] = saved_password unless saved_password.nil?
+      end
+    end
+
+    it 'uses a postgresql password from the configured environment variable' do
+      saved_db = @db.instance_variable_get(:@db)
+      saved_settings = @config._settings.dup
+      saved_password = ENV['MOOSE_INVENTORY_POSTGRES_PASSWORD']
+      postgresql_config = {
+        adapter: 'postgresql',
+        host: 'localhost',
+        database: 'moose_inventory_test',
+        user: 'moose',
+        password_env: 'MOOSE_INVENTORY_POSTGRES_PASSWORD',
+      }
+
+      begin
+        ENV['MOOSE_INVENTORY_POSTGRES_PASSWORD'] = 'env-secret'
+        @db.instance_variable_set(:@db, nil)
+        @config._settings.clear
+        @config._settings[:config] = { db: postgresql_config }
+
+        expect(Sequel).to receive(:postgres).with(
+          user: 'moose',
+          password: 'env-secret',
+          host: 'localhost',
+          database: 'moose_inventory_test'
+        ).and_return(:postgresql_connection)
+
+        @db.init_postgresql
+        expect(@db.db).to eq(:postgresql_connection)
+      ensure
+        if saved_password.nil?
+          ENV.delete('MOOSE_INVENTORY_POSTGRES_PASSWORD')
+        else
+          ENV['MOOSE_INVENTORY_POSTGRES_PASSWORD'] = saved_password
+        end
+        @db.instance_variable_set(:@db, saved_db)
+        @config._settings.clear
+        @config._settings.merge!(saved_settings)
+      end
+    end
+
     it 'uses the postgres Sequel adapter with configured connection settings' do
       saved_db = @db.instance_variable_get(:@db)
       saved_settings = @config._settings.dup
@@ -402,5 +516,53 @@ RSpec.describe 'Moose::Inventory::DB' do
 
       expect(count[:final]).to eq(count[:initial])
     end
+
+    it 'prints concise Moose DB transaction errors by default' do
+      saved_trace = @config._confopts[:trace]
+      @config._confopts[:trace] = false
+
+      begin
+        actual = runner do
+          @db.transaction do
+            fail @db.exceptions[:moose], 'Trace regression target'
+          end
+        end
+      ensure
+        @config._confopts[:trace] = saved_trace
+      end
+
+      expect(actual[:unexpected]).to eq(false)
+      expect(actual[:aborted]).to eq(true)
+      expect(actual[:STDERR]).to eq(
+        "An error occurred during a transaction, any changes have been rolled back.\n" \
+        "ERROR: Trace regression target\n"
+      )
+    end
+
+    it 'prints the Moose DB exception backtrace when trace is enabled' do
+      saved_trace = @config._confopts[:trace]
+      @config._confopts[:trace] = true
+
+      begin
+        actual = runner do
+          @db.transaction do
+            fail @db.exceptions[:moose], 'Trace regression target'
+          end
+        end
+      ensure
+        @config._confopts[:trace] = saved_trace
+      end
+
+      expect(actual[:unexpected]).to eq(false)
+      expect(actual[:aborted]).to eq(true)
+      expect(actual[:STDERR]).to include(
+        "An error occurred during a transaction, any changes have been rolled back.\n"
+      )
+      expect(actual[:STDERR]).to include('Moose::Inventory::DB::MooseDBException')
+      expect(actual[:STDERR]).to include('Trace regression target')
+      expect(actual[:STDERR]).to include('spec/lib/moose_inventory/db/db_spec.rb')
+      expect(actual[:STDERR]).to include("ERROR: Trace regression target\n")
+      expect(actual[:STDERR]).not_to include('NoMethodError')
+    end
   end
 end

data/spec/lib/moose_inventory/operations/add_associations_spec.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'inventory_context'
+require 'operations/add_associations'
+
+RSpec.describe Moose::Inventory::Operations::AddAssociations do
+  before(:all) do
+    @mockargs = [
+      '--config', File.join(spec_root, 'config/config.yml'),
+      '--format', 'yaml',
+      '--env', 'test'
+    ]
+
+    Moose::Inventory::Config.init(@mockargs)
+    @db = Moose::Inventory::DB
+    @db.init if @db.db.nil?
+  end
+
+  before(:each) do
+    @db.reset
+  end
+
+  def operation
+    described_class.new(
+      context: Moose::Inventory::InventoryContext.new(db: @db)
+    )
+  end
+
+  it 'adds groups to an existing host and reports creation/duplicate events' do
+    host = @db.models[:host].create(name: 'host1')
+    ungrouped = @db.models[:group].find_or_create(name: 'ungrouped')
+    host.add_group(ungrouped)
+    existing_group = @db.models[:group].create(name: 'existing')
+    host.add_group(existing_group)
+
+    result = operation.host_to_groups(
+      host: host,
+      host_name: 'host1',
+      group_names: %w[existing created]
+    )
+
+    expect(result.warning_count).to eq(2)
+    expect(result.events.map(&:type)).to include(
+      :host_group_association_exists,
+      :group_missing_created,
+      :removing_automatic_group
+    )
+    expect(host.groups_dataset[name: 'created']).not_to be_nil
+    expect(host.groups_dataset[name: 'ungrouped']).to be_nil
+  end
+
+  it 'adds hosts to an existing group and reports creation/duplicate events' do
+    group = @db.models[:group].create(name: 'group1')
+    duplicate_host = @db.models[:host].create(name: 'host1')
+    existing_host = @db.models[:host].create(name: 'host3')
+    ungrouped = @db.models[:group].find_or_create(name: 'ungrouped')
+    duplicate_host.add_group(ungrouped)
+    existing_host.add_group(ungrouped)
+    group.add_host(duplicate_host)
+
+    result = operation.group_to_hosts(
+      group: group,
+      group_name: 'group1',
+      host_names: %w[host1 host2 host3]
+    )
+
+    expect(result.warning_count).to eq(2)
+    expect(result.events.map(&:type)).to include(
+      :group_host_association_exists,
+      :host_missing_created,
+      :removing_automatic_group
+    )
+    expect(group.hosts_dataset[name: 'host2']).not_to be_nil
+    expect(existing_host.groups_dataset[name: 'ungrouped']).to be_nil
+  end
+end

data/spec/lib/moose_inventory/operations/add_groups_spec.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'inventory_context'
+require 'operations/add_groups'
+
+RSpec.describe Moose::Inventory::Operations::AddGroups do
+  before(:all) do
+    @mockargs = [
+      '--config', File.join(spec_root, 'config/config.yml'),
+      '--format', 'yaml',
+      '--env', 'test'
+    ]
+
+    Moose::Inventory::Config.init(@mockargs)
+    @db = Moose::Inventory::DB
+    @db.init if @db.db.nil?
+  end
+
+  before(:each) do
+    @db.reset
+  end
+
+  def operation
+    described_class.new(
+      context: Moose::Inventory::InventoryContext.new(db: @db)
+    )
+  end
+
+  it 'adds a group and returns structured events without rendering output' do
+    actual = runner do
+      @result = operation.call(names: ['testgroup'], hosts: [])
+    end
+
+    expected(actual, STDOUT: '', STDERR: '')
+    expect(@result.warning_count).to eq(0)
+    expect(@result.events.map(&:type)).to eq(%i[group_started creating_group ok group_complete])
+
+    group = @db.models[:group].find(name: 'testgroup')
+    expect(group).not_to be_nil
+  end
+
+  it 'reports existing groups, created hosts, duplicate associations, and ungrouped removal as events' do
+    host = @db.models[:host].create(name: 'testhost')
+    ungrouped = @db.models[:group].find_or_create(name: 'ungrouped')
+    host.add_group(ungrouped)
+    group = @db.models[:group].create(name: 'testgroup')
+    group.add_host(host)
+
+    @result = operation.call(
+      names: ['testgroup'],
+      hosts: %w[testhost newhost]
+    )
+
+    expect(@result.warning_count).to eq(3)
+    expect(@result.events.map(&:type)).to include(
+      :group_exists,
+      :association_exists,
+      :host_missing_created,
+      :removing_automatic_group
+    )
+    expect(@db.models[:host].find(name: 'newhost')).not_to be_nil
+    expect(host.groups_dataset[name: 'ungrouped']).to be_nil
+  end
+end

data/spec/lib/moose_inventory/operations/add_hosts_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Moose::Inventory::Operations::AddHosts do
+  before(:all) do
+    @mockargs = [
+      '--config', File.join(spec_root, 'config/config.yml'),
+      '--format', 'yaml',
+      '--env', 'test'
+    ]
+
+    Moose::Inventory::Config.init(@mockargs)
+    @db = Moose::Inventory::DB
+    @db.init if @db.db.nil?
+  end
+
+  before(:each) do
+    @db.reset
+  end
+
+  def operation
+    described_class.new(
+      context: Moose::Inventory::InventoryContext.new(db: @db)
+    )
+  end
+
+  describe '#call' do
+    it 'adds a host and returns structured events without rendering output' do
+      actual = runner do
+        @result = operation.call(names: ['testhost'], groups: [])
+      end
+
+      expected(actual, STDOUT: '', STDERR: '')
+      expect(@result.events.map(&:type)).to eq(
+        %i[host_started creating_host ok adding_automatic_group ok host_complete]
+      )
+      expect(@result.events[0].payload).to eq(name: 'testhost')
+      expect(@result.events[3].payload).to eq(host: 'testhost', group: 'ungrouped')
+
+      host = @db.models[:host].find(name: 'testhost')
+      expect(host).not_to be_nil
+      expect(host.groups_dataset[name: 'ungrouped']).not_to be_nil
+    end
+
+    it 'reports existing hosts, missing groups, and duplicate associations as events' do
+      host = @db.models[:host].create(name: 'testhost')
+      group = @db.models[:group].create(name: 'existinggroup')
+      host.add_group(group)
+
+      @result = operation.call(
+        names: ['testhost'],
+        groups: %w[existinggroup missinggroup]
+      )
+
+      expect(@result.events.map(&:type)).to include(
+        :host_exists,
+        :association_exists,
+        :group_missing_created
+      )
+      expect(@result.events.find { |event| event.type == :host_exists }.payload).to eq(name: 'testhost')
+      expect(@result.events.find { |event| event.type == :association_exists }.payload).to eq(
+        host: 'testhost',
+        group: 'existinggroup'
+      )
+      expect(@db.models[:group].find(name: 'missinggroup')).not_to be_nil
+    end
+  end
+end