Bug 1387288

Summary: atomic scan enhancement proposal: exit code should better reflect scan outcome
Product: Red Hat Enterprise Linux 7 Reporter: Matus Marhefka <mmarhefk>
Component: atomicAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED CURRENTRELEASE QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: bbaude, myllynen
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-05 14:44:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Matus Marhefka 2016-10-20 14:34:51 UTC 
Description of problem:
Currently `atomic scan' exit codes only inform user about its successful/unsuccessful termination. For better utilization, mainly in automated scripts, it should add one more exit code, for example:

0 - successful, scan pass
1 - unsuccessful, some error occured
2 - successful, scan failed [THIS IS CURRENTLY MISSING]

This would also reflect the exit codes of the oscap(8) which uses exit codes in the following way:
Normally, the exit status is 0 when operation finished successfully and 1 otherwise. In cases when oscap performs evaluation of the system it may return 2 indicating success of the operation but incompliance of the assessed system.

This would probably need to be implemented in `oscapd-evaluate' (part of openscap-daemon RPM) as `atomic scan' only serves as a wrapper for `oscapd-evaluate' command (which is run in openscap-docker container) and exits with the exact same exit code as `oscapd-evaluate'. Anyway, it would have to be documented also for `atomic scan'.


Version-Release number of selected component (if applicable):
atomic-1.12.5-2.el7
openscap-daemon-0.1.6-1.el7


How reproducible:
Always when `atomic scan' is successful but scan failed (incompliance of the assessed system was found).


Steps to Reproduce:
1. atomic scan IMAGE/CONTAINER
2. echo $?


Actual results:


Expected results:


Additional info:
Comment 2 Brent Baude 2017-02-28 14:36:30 UTC 
I have added return codes 0 and 1 to reflect a successful or failed scan to the master branch with https://github.com/projectatomic/atomic/pull/919