Project

General

Profile

Bug #17464

Cached scap_content on proxy is not updated

Added by Ondřej Pražák about 2 years ago. Updated 5 months ago.


Description

foreman_scap_client downloads scap_content from proxy by calling '/compliance/policies/:policy_id/content' and the content is cached on the proxy. The proxy_id is the only thing identifying the scap_content and we only check for file presence/absence on the proxy, so when a scap_content is changed for policy (or policy's scap_content is updated with a new scap_file), proxy has now way of telling the scap_content changed and serves the stale file.

Steps to reproduce:
1) create a policy, assign to a host(group), run foreman_scap_client
2) create a new scap_content with different scap_file than what the scap_content currently assigned to policy has
3) check what is in contentdir/:policy_id on the proxy
4) assign newly created scap_content to policy, run puppet agent -t on client, there will be changes applied to /etc/foreman_scap_client/config.yml
5) run foreman_scap_client
6) compare the old and new scap_file in /var/lib/openscap/content on client. Even though they have the different hash as a name, they are identical.
6) repeat the step 3, notice there was no change


Related issues

Related to OpenSCAP - Refactor #17935: Remove deprecated endpoint for scap_content download on smart proxyNew2017-01-05

Associated revisions

Revision 3c0c94d5 (diff)
Added by Ondřej Pražák almost 2 years ago

Fixes #17464 - Use digest to detect scap_file changes

Revision 4c185cd2 (diff)
Added by Ondřej Pražák almost 2 years ago

Fixes #17464 - Use digest to detect scap_file changes

Revision 9688f25e
Added by Marek Hulán almost 2 years ago

Merge pull request #41 from xprazak2/stale-scap-file

Fixes #17464 - Use digest to detect scap_file changes

Revision 172d5aaf
Added by Marek Hulán almost 2 years ago

Merge pull request #232 from xprazak2/stale-scap-content

Fixes #17464 - Use digest to detect scap_file changes

History

#1 Updated by Marek Hulán about 2 years ago

  • Assignee set to Ondřej Pražák
  • Target version changed from 115 to 1.10.1

#2 Updated by Shlomi Zadok about 2 years ago

  • Assignee changed from Ondřej Pražák to Shlomi Zadok

#3 Updated by Shlomi Zadok about 2 years ago

  • Assignee changed from Shlomi Zadok to Ondřej Pražák

#4 Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_openscap/pull/228 added

#5 Updated by The Foreman Bot about 2 years ago

  • Pull request https://github.com/theforeman/smart_proxy_openscap/pull/40 added

#6 Updated by Marek Hulán almost 2 years ago

  • Target version changed from 1.10.1 to 1.10.2

#7 Updated by Ondřej Pražák almost 2 years ago

  • Pull request deleted (https://github.com/theforeman/smart_proxy_openscap/pull/40, https://github.com/theforeman/foreman_openscap/pull/228)

#8 Updated by The Foreman Bot almost 2 years ago

  • Pull request https://github.com/theforeman/smart_proxy_openscap/pull/40 added

#9 Updated by The Foreman Bot almost 2 years ago

  • Pull request https://github.com/theforeman/foreman_openscap/pull/228 added

#10 Updated by The Foreman Bot almost 2 years ago

  • Pull request https://github.com/theforeman/smart_proxy_openscap/pull/41 added

#11 Updated by The Foreman Bot almost 2 years ago

  • Pull request https://github.com/theforeman/foreman_openscap/pull/232 added

#12 Updated by Ondřej Pražák almost 2 years ago

  • Related to Refactor #17935: Remove deprecated endpoint for scap_content download on smart proxy added

#13 Updated by Marek Hulán almost 2 years ago

  • Target version changed from 1.10.2 to 1.11.2

#14 Updated by Ondřej Pražák almost 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#15 Updated by Marek Hulán almost 2 years ago

  • Legacy Backlogs Release (now unused) set to 225

requires smart_proxy_openscap 0.6.1+

#16 Updated by Marek Hulán almost 2 years ago

  • Bugzilla link set to 1420439

Also available in: Atom PDF