The foreman_scap_client was re-written in bash and is shipped via foreman_scap_client_bash package in satellite-client-6 repo. This package effectively replaces the rubygem-foreman_scap_client package.

The new bash-based `foreman_scap_client` binary needs improvement to handle blank lines properly. 

Example:

• Setup a satellite with scap stuff
• Have a system connected with satellite and associated with a HG that has SCAP policies assigned and openscap capsule selected. 
• Run the theforeman.foreman_scap_client role on the system 
• Check the command from /etc/cron.d/foreman_scap_client_cron of ciient host and run it on client host to confirm that it works fine.  ( say /usr/bin/foreman_scap_client ds 2 )
• Now edit /etc/foreman_scap_client/config.yaml and add a blank space after the policy id i.e. if you see 2: , then add a space after that and save it
• Re-run the "/usr/bin/foreman_scap_client ds 2" command and notice the error:

Actual Output:

# /usr/bin/foreman_scap_client ds 2
/usr/bin/foreman_scap_client: line 115: POLICY_2: command not found
/usr/bin/foreman_scap_client: line 116: POLICY_2: command not found
/usr/bin/foreman_scap_client: line 117: POLICY_2: command not found
/usr/bin/foreman_scap_client: line 118: POLICY_2: command not found
/usr/bin/foreman_scap_client: line 119: POLICY_2: command not found
File  is missing. Downloading it from proxy.
Download SCAP content xml from: https://satellite.exmaple.com:9090
SCAP content is missing and download failed with error: curl: (23) Failure writing output to destination

Debug output: To run the same command with bash -x

# bash -x /usr/bin/foreman_scap_client ds 2
..
..
POLICY_2 _PROFILE="'\''xccdf_org.ssgproject.content_profile_cis_server_l1'\''"
POLICY_2 _CONTENT_PATH="'\''/var/lib/openscap/content/5d420b764d7c13ef8ddb6e8f0c76094fa9df9848881be58a9361ddfb8e988824.xml'\''"
POLICY_2 _DOWNLOAD_PATH="/compliance/policies/2/content/5d420b764d7c13ef8ddb6e8f0c76094fa9df9848881be58a9361ddfb8e988824"
POLICY_2 _TAILORING_PATH=""
POLICY_2 _TAILORING_DOWNLOAD_PATH=""

.. 

As we can see a space is captured after POLICY_2 here and that is causing the issue. 

Even with this broken  /etc/foreman_scap_client/config.yaml  , if we downgrade the package back to rubygem-foreman_scap_client . it will start working again. 

Expected outcomes: 

The problem happens here in https://github.com/theforeman/foreman_scap_client_bash/blob/master/bin/foreman_scap_client#L85-L88 where we extract the ID of the policy from config:

    /^([0-9]+):/ {
      sub(/:/, "");
      current_policy_id=$1;
      if (current_policy_id == policy_id) { policy_found="true"; }
    }

We need to tweak it to make sure that it can strip any leading tabs or spaces as well. 

Example: 

   /^([0-9]+):/ {
      sub(/:\s+/, "");
      current_policy_id=$1;
      if (current_policy_id == policy_id) { policy_found="true"; }
    }

I am sure there are better ways to do this and hence the request just is to handle such problems more gracefully via the bash implementation of foreman_scap_client 

And couple of other problems also happens if we use single quotes with certain values e.g. 

With 

:ca_file: '/etc/rhsm/ca/katello-server-ca.pem'

the error we will see is 

Upload failed: curl: (77) error setting certificate file: '/etc/rhsm/ca/katello-server-ca.pem'

With all three pem or crt values placed within single-quotes ,

:ca_file: '/etc/rhsm/ca/katello-server-ca.pem'
:host_certificate: '/etc/pki/consumer/cert.pem'
:host_private_key: '/etc/pki/consumer/key.pem'

we will see this error

Upload failed: curl: (58) could not load PEM client certificate, OpenSSL error error:80000002:system library::No such file or directory, (no key found, wrong pass phrase, or wrong file format?)

The bash script should be improved further to handle this as well.