-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #22687 - Add openscap report check and procedure #150
Conversation
module ForemanOpenscap | ||
class ReportAssociations < ForemanMaintain::Check | ||
metadata do | ||
label :report_associations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest using :openscap_
prefix in the label: it makes it easier when listing the checks in fm health list
command
description 'Check whether reports have correct associations' | ||
tags :pre_upgrade, :foreman_openscap, :report_associations | ||
|
||
confine do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When using for_feature
the confine
is not needed
@@ -0,0 +1,29 @@ | |||
module Checks | |||
module ForemanOpenscap | |||
class ReportAssociations < ForemanMaintain::Check |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The check should describe what's wrong about the state, if it fails: what about something like InvalidReportAssociations
@@ -0,0 +1,15 @@ | |||
module Procedures::ForemanOpenscap | |||
class ReportAssociations < ForemanMaintain::Procedure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly to the checks naming, I would suggest ClearReportAssociations
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made some initial generic comments. Rubocop is failing currently. I was not paying attention to the openscap part: leaving this for somebody from the scap area @ares?
|
I made changes as suggested. I am not entirely sure what causes the nil issue as I cannot reproduce, but I made an extra precaution for that as well. |
@xprazak2 I still see the same issue on sat62 and sat63. Let me know if you need setup.
|
module Procedures::ForemanOpenscap | ||
class InvalidReportAssociations < ForemanMaintain::Procedure | ||
metadata do | ||
param :ids_to_remove, 'Ids of reports to remove' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
param :ids_to_remove
is required to run this procedure so you could mention :required => true
to param declaration.
d269e3d
to
1640f11
Compare
The nil issue was caused by running the procedure directly through |
7477374
to
992ad5b
Compare
Tested on sat 6.2 :
Before performing upgrade, it asks to delete orphaned reports. But my concern is if we are handling the same in installer as well https://bugzilla.redhat.com/show_bug.cgi?id=1547607#c16 , @xprazak2 @iNecas shall we still have this check in foreman-maintain ? |
Partially, the migration in bz just removes reports without policy. Here we check for other associations as well. The migration runs as a part of upgrade and only once, having this in foreman_maintain provides value to users outside of upgrade scenario. |
@iNecas, any additional comments? |
Last question: should this apply to any upgrade with 'tfm-rubygem-foreman_openscap' >= '0.5.3', or is this specific let's say for sat6.3 -> sat6.4 but would not be applicable for sat6.4 -> sat6.5? |
People were having problems on 6.2, so this is mostly relevant for 6.2 -> 6.3. I do not expect this problem in later versions, steps were taken to prevent this from happening again. So not too relevant for the 6.3 -> 6.4 and later, but the check and procedure can be run manually as well if the users need it. |
Ok, let's pull it in then. Thanks @xprazak2 |
wip as I need to test in production