Project

General

Profile

Bug #27259

Deletion of hostgroup will not remove connection between hostgroup and OpenScap policies

Added by Ondřej Pražák almost 3 years ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Description of problem: When is deleted hostgroup with associated OpenScap policies, policies are not cleaned properly which end with failing API and hammer calls

Version-Release number of selected component (if applicable):

Steps to Reproduce:
1. Create hostgroup x,y,z
2. Create scap content a,b,c
3. Create scap policy d,e,f
4. Edit policy d,e,f and attach hostgroups x,y,z
5. Delete hostgroups x,y,z
6. hammer policy info --name d

Actual results:
Couldn't find all Hostgroups with 'id': (1, 2, 3) (found 0 results, but was looking for 3).

Expected results:
Id: 1
Name: d
Created at: 2019-01-01 00:00:00 UTC
Period: weekly
Weekday: monday
Day of month:
Cron line:
SCAP content Id: 1
SCAP Content profile Id: 1
Tailoring file Id:
Tailoring file profile Id:
Locations:
Default Location
Organizations:
Default Organization
Hostgroups:

Additional info:

In Database records are staying.

select * from foreman_openscap_assets;
id | created_at | updated_at | assetable_type | assetable_id
----+----------------------------+----------------------------+----------------+--------------
1 | 2019-07-09 07:51:27.390499 | 2019-07-09 07:51:27.390499 | Hostgroup | 1
2 | 2019-07-09 07:51:27.470928 | 2019-07-09 07:51:27.470928 | Hostgroup | 2
3 | 2019-07-09 07:51:27.474601 | 2019-07-09 07:51:27.474601 | Hostgroup | 3
4 | 2019-07-09 07:51:38.68147 | 2019-07-09 07:51:38.68147 | Hostgroup | 1
5 | 2019-07-09 07:51:38.698747 | 2019-07-09 07:51:38.698747 | Hostgroup | 2
6 | 2019-07-09 07:51:38.702891 | 2019-07-09 07:51:38.702891 | Hostgroup | 3

select * from foreman_openscap_asset_policies;
asset_id | policy_id
----------+-----------
1 | 1
2 | 1
3 | 1
4 | 2
5 | 2
6 | 2
7 | 3
8 | 3
9 | 3

Those records should be properly cleaned during hostgroup deletion.

History

#1 Updated by Pavel Moravec 7 months ago

  • Subject changed from Deletion of hostgroup will not remove connection between hostgroup and OpenScap policies to Deletion of hostgroup will not remove connection between hostgroup and OpenScap policies

Here is a reproducer (copied from the RHBZ):

Basic idea: assign a Hostgroup to more Policies and then delete the HG. Second (and third etc., I expect) associated Policy will have invalid reference to the deleted HG.

Particular steps:
0) Create two policies (I use names 'SCAP-policy-test' with id=1 and 'SCAP-policy-test2' with id=2 below)

1) Have reproducer script reproducer_for_HG_Policy.sh :

HGNAME="HostGroup_$((RANDOM%100))"
hmr="echo "

$hmr policy update --name 'SCAP-policy-test'
$hmr policy update --name 'SCAP-policy-test2'

$hmr hostgroup create --name $HGNAME
$hmr policy update --hostgroups $HGNAME --id 1
$hmr policy update --hostgroups $HGNAME --id 2
$hmr hostgroup delete --name $HGNAME
$hmr policy update --name 'SCAP-policy-test'
$hmr policy update --name 'SCAP-policy-test2'

$hmr policy update --id 1
$hmr policy update --id 2
$hmr hostgroup create --name ${HGNAME}_2
$hmr policy update --hostgroups ${HGNAME}_2 --id 1
$hmr policy update --hostgroups ${HGNAME}_2 --id 2
$hmr hostgroup delete --name ${HGNAME}_2
$hmr policy update --id 1
$hmr policy update --id 2

2) Execute it:
./reproducer_for_HG_Policy.sh | hammer shell

3) See the results:
hammer> policy update --name SCAP-policy-test
Policy updated
hammer> policy update --name SCAP-policy-test2
Policy updated
hammer> hostgroup create --name HostGroup_88
Hostgroup created.
hammer> policy update --hostgroups HostGroup_88 --id 1
Policy updated
hammer> policy update --hostgroups HostGroup_88 --id 2
Policy updated
hammer> hostgroup delete --name HostGroup_88
Hostgroup deleted.
hammer> policy update --name SCAP-policy-test
Policy updated
hammer> policy update --name SCAP-policy-test2
Could not update the policy:
Couldn't find Hostgroup with 'id'=26
hammer> policy update --id 1
Policy updated
hammer> policy update --id 2
Policy updated
hammer> hostgroup create --name HostGroup_88_2
Hostgroup created.
hammer> policy update --hostgroups HostGroup_88_2 --id 1
Policy updated
hammer> policy update --hostgroups HostGroup_88_2 --id 2
Policy updated
hammer> hostgroup delete --name HostGroup_88_2
Hostgroup deleted.
hammer> policy update --id 1
Policy updated
hammer> policy update --id 2
Policy updated
hammer>

Surprisingly, "policy update --id .." does work well, byt "policy update --name .." does not work . Don't ask me why :) I have no clue. But at least "policy update --id .." is a workaround (that keeps orphaned records in DB, such that e.g. "policy list" does not work).

Also available in: Atom PDF