osbuild · croissanne · Sep 6, 2024 · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024
diff --git a/go.mod b/go.mod
@@ -46,7 +46,7 @@ require (
 	github.com/labstack/gommon v0.4.2
 	github.com/openshift-online/ocm-sdk-go v0.1.438
 	github.com/oracle/oci-go-sdk/v54 v54.0.0
-	github.com/osbuild/images v0.82.0
+	github.com/osbuild/images v0.83.0
 	github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d
 	github.com/osbuild/pulp-client v0.1.0
 	github.com/prometheus/client_golang v1.20.2

diff --git a/go.sum b/go.sum
@@ -510,8 +510,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.438 h1:tsLCCUzbLCTL4RZG02y9RuopmGCXp
 github.com/openshift-online/ocm-sdk-go v0.1.438/go.mod h1:CiAu2jwl3ITKOxkeV0Qnhzv4gs35AmpIzVABQLtcI2Y=
 github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4=
 github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc=
-github.com/osbuild/images v0.82.0 h1:bWfcGHHQR6pYZnv4jAxmLWxEkw669Zb6C2ADcyuf49g=
-github.com/osbuild/images v0.82.0/go.mod h1:1kJyvTtEbJfRv00phwd9Dlkai4/V05JhNACglxFTxS8=
+github.com/osbuild/images v0.83.0 h1:TFz9/nlueUK0dI3HpRCeUuT+2CeNTnejR/vGlzel1lE=
+github.com/osbuild/images v0.83.0/go.mod h1:1kJyvTtEbJfRv00phwd9Dlkai4/V05JhNACglxFTxS8=
 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d h1:r9BFPDv0uuA9k1947Jybcxs36c/pTywWS1gjeizvtcQ=
 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d/go.mod h1:zR1iu/hOuf+OQNJlk70tju9IqzzM4ycq0ectkFBm94U=
 github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8=

diff --git a/internal/blueprint/customizations.go b/internal/blueprint/customizations.go
@@ -122,6 +122,7 @@ type OpenSCAPCustomization struct {
 	ProfileID     string                               `json:"profile_id,omitempty" toml:"profile_id,omitempty"`
 	Tailoring     *OpenSCAPTailoringCustomizations     `json:"tailoring,omitempty" toml:"tailoring,omitempty"`
 	JSONTailoring *OpenSCAPJSONTailoringCustomizations `json:"json_tailoring,omitempty" toml:"json_tailoring,omitempty"`
+	PolicyID      string                               `json:"policy_id,omitempty" toml:"policy_id,omitempty"`
 }
 
 type OpenSCAPTailoringCustomizations struct {

diff --git a/internal/cloudapi/v2/compose.go b/internal/cloudapi/v2/compose.go
@@ -8,6 +8,8 @@ import (
 	"math/big"
 	"reflect"
 
+	"github.com/google/uuid"
+
 	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/distrofactory"
@@ -231,6 +233,11 @@ func (request *ComposeRequest) GetCustomizationsFromBlueprintRequest() (*bluepri
 		oscap := &blueprint.OpenSCAPCustomization{
 			ProfileID: rbpc.Openscap.ProfileId,
 		}
+
+		if rbpc.Openscap.PolicyId != nil {
+			oscap.PolicyID = *rbpc.Openscap.PolicyId
+		}
+
 		if rbpc.Openscap.Datastream != nil {
 			oscap.DataStream = *rbpc.Openscap.Datastream
 		}
@@ -739,6 +746,11 @@ func (request *ComposeRequest) GetBlueprintFromCustomizations() (blueprint.Bluep
 		openSCAPCustomization := &blueprint.OpenSCAPCustomization{
 			ProfileID: request.Customizations.Openscap.ProfileId,
 		}
+
+		if request.Customizations.Openscap.PolicyId != nil {
+			openSCAPCustomization.PolicyID = *request.Customizations.Openscap.PolicyId
+		}
+
 		if request.Customizations.Openscap.Tailoring != nil && request.Customizations.Openscap.JsonTailoring != nil {
 			return bp, fmt.Errorf("OpenSCAP customization error: choose one option between OpenSCAP tailoring and OpenSCAP json tailoring")
 		}
@@ -1163,6 +1175,19 @@ func (request *ComposeRequest) GetImageRequests(distroFactory *distrofactory.Fac
 			imageOptions.Facts = &facts.ImageOptions{
 				APIType: facts.CLOUDV2_APITYPE,
 			}
+			oscap := bp.Customizations.GetOpenSCAP()
+			if oscap != nil {
+				if oscap.ProfileID != "" {
+					imageOptions.Facts.OpenSCAPProfileID = oscap.ProfileID
+				}
+				if oscap.PolicyID != "" {
+					policyID, err := uuid.Parse(oscap.PolicyID)
+					if err != nil {
+						return nil, fmt.Errorf("Unable to parse %s as a uuid: %w", oscap.PolicyID, err)
+					}
+					imageOptions.Facts.CompliancePolicyID = policyID
+				}
+			}
 		}
 
 		// Set Subscription from the compose request

diff --git a/internal/cloudapi/v2/openapi.v2.gen.go b/internal/cloudapi/v2/openapi.v2.gen.go
diff --git a/internal/cloudapi/v2/openapi.v2.yml b/internal/cloudapi/v2/openapi.v2.yml
@@ -975,6 +975,12 @@ components:
       required:
         - profile_id
       properties:
+        policy_id:
+          type: string
+          format: uuid
+          description: |
+            Puts a specified policy ID in the RHSM facts, so that any instances registered to
+            insights will be automatically connected to the compliance policy in the console.
         profile_id:
           type: string
         tailoring:
@@ -986,6 +992,12 @@ components:
       required:
         - profile_id
       properties:
+        policy_id:
+          type: string
+          format: uuid
+          description: |
+            Puts a specified policy ID in the RHSM facts, so that any instances registered to
+            insights will be automatically connected to the compliance policy in the console.
         profile_id:
           type: string
         datastream:

diff --git a/test/cases/api.sh b/test/cases/api.sh
@@ -409,6 +409,7 @@ case "${IMAGE_TYPE}" in
 ,
     "openscap": {
         "profile_id": "pci-dss",
+        "policy_id": "1af6cced-581c-452c-89cd-33b7bddb816a",
         "tailoring": {
           "unselected": [ "rpm_verify_permissions" ]
         }

diff --git a/test/cases/api/common/common.sh b/test/cases/api/common/common.sh
@@ -40,11 +40,24 @@ function _instanceCheck() {
 
     FACTS=$($_ssh sudo subscription-manager facts)
     if ! grep -q "image-builder.osbuild-composer.api-type: cloudapi-v2" <<< "$FACTS"; then
-        echo "System doesn't contain the expected osbuild facts"
+        echo "System doesn't contain the expected image-builder.osbuild-composer facts"
         echo "$FACTS" | grep image-builder
         exit 1
     fi
 
+    if [ -n "$OPENSCAP_CUSTOMIZATION_BLOCK" ]; then
+        if ! grep -q "image-builder.insights.openscap-profile-id: pci-dss" <<< "$FACTS"; then
+            echo "System doesn't contain the expected image-builder.insights facts (profile-id)"
+            echo "$FACTS"| grep image-builder
+            exit 1
+        fi
+        if ! grep -q "image-builder.insights.compliance-policy-id: 1af6cced-581c-452c-89cd-33b7bddb816a" <<< "$FACTS"; then
+            echo "System doesn't contain the expected image-builder.insights facts (policy-id)"
+            echo "$FACTS"| grep image-builder
+            exit 1
+        fi
+    fi
+
     # Unregister subscription
     $_ssh sudo subscription-manager unregister
   else

diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go
diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go
diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_live_installer.go
diff --git a/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go b/vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go
diff --git a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go