stages/oscap.autotailor: make profile id required

According to `autotailor(8)` arguments passed in via the cli take
precedence over the JSON tailoring file contents.

Make the `new_profile` a required field for the json tailoring too and
pass it as an option to the `autotailor` command. This approach has some
trade-offs. It allows us to maintain the explicitness of the manifest
that is consumed by `osbuild`. The downside is that it will override the
profile id that is set by the user in the JSON tailoring file.

stages/org.osbuild.oscap.autotailor

@@ -20,15 +20,20 @@ def main(tree, options):
     if new_profile is not None:
         print("WARNING: use the `tailored_profile_id` option instead")
 
-    # make sure either profile & new_profile are set
+    # this is needed now since we have renamed the `new_profile` option
-    # or tailoring_filepath is set
+    # to `tailored_profile_id`
-    if not ((profile and tailored_profile_id) or tailoring_file):
+    if not tailored_profile_id:
-        raise ValueError("Either profile & new profile must be set or provide filepath to json tailoring file")
+        raise ValueError("The tailoring profile id option is a required field")
+
+    # make sure either profile or tailoring_file is set
+    if not (profile or tailoring_file):
+        raise ValueError("Either profile must be set or a filepath to json tailoring file must be provided")
 
     if tailoring_file:
         cmd = [
             "/usr/bin/autotailor",
             "--output", f"{tree}/{filepath.lstrip('/')}",
+            "--new-profile-id", tailored_profile_id,
             "--json-tailoring", f"{tree}/{tailoring_file.lstrip('/')}",
             datastream,
         ]

stages/org.osbuild.oscap.autotailor.meta.json

@@ -14,6 +14,7 @@
         "additionalProperties": false,
         "required": [
           "datastream",
+          "tailored_profile_id",
           "tailoring_file"
         ],
         "type": "object",
@@ -23,6 +24,10 @@
             "type": "string",
             "description": "The path to the datastream file"
           },
+          "tailored_profile_id": {
+            "type": "string",
+            "description": "The id of the new customized (tailored) OpenSCAP profile"
+          },
           "tailoring_file": {
             "type": "string",
             "description": "Path to the JSON file which contains tailoring options to be imported"

stages/test/test_autotailor.py

@@ -59,6 +59,7 @@ def fake_json_input_fixture():
             "filepath": "tailoring-output.xml",
             "config": {
                 "datastream": "some-datastream",
+                "tailored_profile_id": "some-new-profile",
                 "tailoring_file": "tailoring-file.json",
             }
         },
@@ -128,5 +129,6 @@ def test_oscap_autotailor_json_smoke(mock_subprocess_run, fake_json_input, stage
 
     assert mock_subprocess_run.call_args_list == [
         call(["/usr/bin/autotailor", "--output", "/some/sysroot/tailoring-output.xml",
+              "--new-profile-id", "some-new-profile",
               "--json-tailoring", "/some/sysroot/tailoring-file.json", "some-datastream"],
              encoding='utf8', stdout=sys.stderr, check=True)]

test/data/stages/oscap.autotailor-json/b.json

@@ -902,6 +902,7 @@
             "filepath": "/usr/share/osbuild/oscap/tailoring.xml",
             "config": {
               "datastream": "/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml",
+              "tailored_profile_id": "ospp_osbuild_tailoring",
               "tailoring_file": "/json-tailoring.json"
             }
           }

test/data/stages/oscap.autotailor-json/b.mpp.yaml

@@ -76,4 +76,5 @@ pipelines:
           filepath: /usr/share/osbuild/oscap/tailoring.xml
           config:
             datastream: /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
+            tailored_profile_id: "ospp_osbuild_tailoring"
             tailoring_file: /json-tailoring.json