theforeman · parthaa · Oct 1, 2025 · Sep 15, 2025
diff --git a/app/services/foreman_rh_cloud/cert_auth.rb b/app/services/foreman_rh_cloud/cert_auth.rb
@@ -11,11 +11,21 @@ def cert_auth_available?(organization)
 
     def execute_cloud_request(params)
       organization = params.delete(:organization)
-      certs = ForemanRhCloud.with_iop_smart_proxy? ? foreman_certificate : candlepin_id_cert(organization)
-      final_params = {
+      # Cache the value of with_iop_smart_proxy? to avoid multiple calls to the database
+      with_iop_smart_proxy = ForemanRhCloud.with_iop_smart_proxy?
+      certs = with_iop_smart_proxy ? foreman_certificate : candlepin_id_cert(organization)
+      default_params = {
         ssl_client_cert: OpenSSL::X509::Certificate.new(certs[:cert]),
         ssl_client_key: OpenSSL::PKey.read(certs[:key]),
-      }.deep_merge(params)
+      }
+
+      if with_iop_smart_proxy && organization&.label
+        default_params[:headers] = {
+          'X-Org-Id' => organization&.label,
+        }
+      end
+
+      final_params = default_params.deep_merge(params)
 
       super(final_params)
     end

diff --git a/app/services/foreman_rh_cloud/gateway_request.rb b/app/services/foreman_rh_cloud/gateway_request.rb
diff --git a/app/services/foreman_rh_cloud/insights_api_forwarder.rb b/app/services/foreman_rh_cloud/insights_api_forwarder.rb
@@ -2,7 +2,7 @@
 
 module ForemanRhCloud
   class InsightsApiForwarder
-    include ForemanRhCloud::GatewayRequest
+    include ForemanRhCloud::CertAuth
 
     SCOPED_REQUESTS = [
       { test: %r{api/vulnerability/v1/vulnerabilities/cves}, tag_name: :tags },
@@ -26,6 +26,8 @@ def forward_request(original_request, path, controller_name, user, organization,
 
       request_opts = prepare_request_opts(original_request, path, forward_payload, forward_params)
 
+      request_opts[:organization] = organization
+
       logger.debug("Sending request to: #{request_opts[:url]}")
 
       execute_cloud_request(request_opts)

diff --git a/app/services/foreman_rh_cloud/tags_auth.rb b/app/services/foreman_rh_cloud/tags_auth.rb
@@ -1,6 +1,6 @@
 module ForemanRhCloud
   class TagsAuth
-    include GatewayRequest
+    include CertAuth
 
     TAG_NAMESPACE = 'sat_iam'.freeze
     TAG_SHORT_NAME = 'scope'.freeze
@@ -24,6 +24,7 @@ def update_tag
 
       payload = tags_query_payload
       params = {
+        organization: @org,
         method: :post,
         url: "#{InsightsCloud.gateway_url}/tags",
         headers: {

diff --git a/lib/foreman_inventory_upload/async/upload_report_job.rb b/lib/foreman_inventory_upload/async/upload_report_job.rb
@@ -48,7 +48,8 @@ def command
       def env
         env_vars = super.merge(
           'FILES' => filename,
-          'CER_PATH' => @cer_path
+          'CER_PATH' => @cer_path,
+          'ORG_ID' => organization.label
         )
 
         http_proxy_string = ForemanRhCloud.http_proxy_string

diff --git a/lib/foreman_inventory_upload/scripts/uploader.sh.erb b/lib/foreman_inventory_upload/scripts/uploader.sh.erb
@@ -27,6 +27,12 @@ else
         AUTH_VAL="\"$RH_USERNAME\":\"$RH_PASSWORD\""
 fi
 
+ORG_HEADER=()
+if [ -n "$ORG_ID" ]
+then
++        ORG_HEADER=("-H" "X-Org-Id: $ORG_ID")
+fi
+
 # /tmp/a b/x.pem
 # curl --cert /tmp/a\ b/x.pem
 
@@ -36,7 +42,7 @@ mkdir -p $DONE_DIR
 
 for f in $FILES
 do
-  curl -k -vvv -# --fail -F "file=@$f;type=application/vnd.redhat.qpc.tar+tgz" $DEST "$AUTH_KEY" "$AUTH_VAL"
+  curl -k -vvv -# --fail -F "file=@$f;type=application/vnd.redhat.qpc.tar+tgz" $DEST "$AUTH_KEY" "$AUTH_VAL" "${ORG_HEADER[@]}"
   status=$?
   if [ $status -eq 0 ]; then
     mv $f $DONE_DIR

diff --git a/lib/insights_cloud/async/vmaas_reposcan_sync.rb b/lib/insights_cloud/async/vmaas_reposcan_sync.rb
@@ -23,13 +23,16 @@ def plan(repo, *_args)
           return
         end
 
-        plan_self
+        organization_id = Katello::Repository.find(repo_id).organization_id
+
+        plan_self(organization_id: organization_id)
       end
 
       def run
         url = ::InsightsCloud.vmaas_reposcan_sync_url
 
         response = execute_cloud_request(
+          organization: organization,
           method: :put,
           url: url,
           headers: { 'Content-Type' => 'application/json' }
@@ -61,6 +64,10 @@ def rescue_strategy_for_self
         Dynflow::Action::Rescue::Skip
       end
 
+      def organization
+        @organization ||= Organization.find(input[:organization_id])
+      end
+
       private
 
       def logger

diff --git a/test/unit/lib/insights_cloud/async/vmaas_reposcan_sync_test.rb b/test/unit/lib/insights_cloud/async/vmaas_reposcan_sync_test.rb
@@ -5,7 +5,16 @@ class VmaasReposcanSyncTest < ActiveSupport::TestCase
   include ForemanTasks::TestHelpers::WithInThreadExecutor
 
   setup do
-    @repo_payload = { id: 123 }
+    @root = FactoryBot.build(:katello_root_repository, :fedora_17_x86_64_dev_root)
+    @root.save(validate: false)
+    @repo = FactoryBot.create(
+      :katello_repository,
+      :with_product,
+      distribution_family: 'Red Hat',
+      distribution_version: '7.5',
+      root: @root
+    )
+    @repo_payload = { id: @repo.id }
     @expected_url = 'https://example.com/api/v1/vmaas/reposcan/sync'
     InsightsCloud.stubs(:vmaas_reposcan_sync_url).returns(@expected_url)
     ForemanRhCloud.stubs(:with_iop_smart_proxy?).returns(true)
@@ -68,7 +77,8 @@ class VmaasReposcanSyncTest < ActiveSupport::TestCase
       params[:method] == :put &&
         params[:url] == @expected_url &&
         params[:headers].is_a?(Hash) &&
-        params[:headers]['Content-Type'] == 'application/json'
+        params[:headers]['Content-Type'] == 'application/json' &&
+        params[:organization] == @repo.organization
     end
                                            .returns(mock_response)