Fixes #37567 - Remove OVAL related permissions from DB

theforeman · Jun 20, 2024 · b7f6bec · b7f6bec
1 parent a4230aa
commit b7f6bec
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/db/migrate/20240617105409_remove_oval_permissions.rb b/db/migrate/20240617105409_remove_oval_permissions.rb
@@ -0,0 +1,24 @@
+class RemoveOvalPermissions < ActiveRecord::Migration[6.1]
+  def up
+    ['ForemanOpenscap::OvalPolicy', 'ForemanOpenscap::OvalContent', 'ForemanOpenscap::Cve'].each do |resource_type|
+      Permission.where(resource_type: resource_type).each do |permission|
+        # Filter has before_destroy check if it belongs to a locked role (e.g. default one). Since this is a cleanup, we don't care.
+        permission.filters.delete_all
+        # Permission should remove Filterings on destroy
+        permission.destroy
+      end
+    end
+    # Not a permission, but still a leftover from OVAL removal
+    if ForemanOpenscap.with_remote_execution?
+      oval_feature = RemoteExecutionFeature.find_by(label: 'foreman_openscap_run_oval_scans')
+      oval_scan_template = Template.find_by(name: 'Run OVAL scans')
+      if oval_scan_template
+        TemplateInvocation.where(template_id: oval_scan_template.id).delete_all
+        TemplateInput.where(template_id: oval_scan_template.id).delete_all
+      end
+      JobInvocation.where(remote_execution_feature_id: oval_feature.id).delete_all if oval_feature
+      oval_feature&.destroy
+      oval_scan_template&.delete
+    end
+  end
+end