Cached scap_content on proxy is not updated
foreman_scap_client downloads scap_content from proxy by calling '/compliance/policies/:policy_id/content' and the content is cached on the proxy. The proxy_id is the only thing identifying the scap_content and we only check for file presence/absence on the proxy, so when a scap_content is changed for policy (or policy's scap_content is updated with a new scap_file), proxy has now way of telling the scap_content changed and serves the stale file.
Steps to reproduce:
1) create a policy, assign to a host(group), run foreman_scap_client
2) create a new scap_content with different scap_file than what the scap_content currently assigned to policy has
3) check what is in contentdir/:policy_id on the proxy
4) assign newly created scap_content to policy, run puppet agent -t on client, there will be changes applied to /etc/foreman_scap_client/config.yml
5) run foreman_scap_client
6) compare the old and new scap_file in /var/lib/openscap/content on client. Even though they have the different hash as a name, they are identical.
6) repeat the step 3, notice there was no change
#14 Updated by Ondřej Pražák over 2 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset smart_proxy_openscap|4c185cd24615b3586425a4d17d96acdccc49844b.