Release 4.2.0

.github/workflows/main.yml

@@ -80,7 +80,7 @@ jobs:
       - name: prepare a redhat-uep.pem, even if we run on Ubuntu
         run: sudo mkdir -p /etc/rhsm/ca/ && sudo curl -o /etc/rhsm/ca/redhat-uep.pem https://ftp.redhat.com/redhat/convert2rhel/redhat-uep.pem
       - name: Install required collections for ansible-base (2.10+)
-        run: ansible-galaxy collection install community.docker
+        run: ansible-galaxy collection install https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-docker-3.12.0.tar.gz
         if: matrix.ansible != 'v2.9.17'
       - name: Run crud tests
         run: make test-crud

CHANGELOG.rst

@@ -6,6 +6,22 @@ redhat.satellite Release Notes
 
 This changelog describes changes after version 0.8.1.
 
+v4.2.0
+======
+
+Minor Changes
+-------------
+
+- content_export_* - document that ``chunk_size_gb`` parameter is only applicable for ``importable`` exports (https://github.com/theforeman/foreman-ansible-modules/issues/1738)
+- lifecycle_environments role - allow setting ``state`` for the LCE, allowing deletion of existing ones
+- location, locations role - add ``description`` parameter to set the description
+
+Bugfixes
+--------
+
+- callback plugin - correctly catch facts with vault data and replace it with ``ENCRYPTED_VAULT_VALUE_NOT_REPORTED``, preventing ``Object of type AnsibleVaultEncryptedUnicode is not JSON serializable`` errors
+- redhat_manifest - do not send empty JSON bodies in GET requests which confuse the portal sometimes (https://github.com/theforeman/foreman-ansible-modules/issues/1768)
+
 v4.1.0
 ======
 

Makefile

@@ -162,6 +162,7 @@ branding:
 	rm -rf tests/test_playbooks/snapshot* tests/test_playbooks/tasks/snapshot* tests/test_playbooks/fixtures/snapshot* plugins/modules/snapshot*.py tests/fixtures/apidoc/snapshot*.json
 	rm -rf tests/test_playbooks/*_deb.yml
 	rm -rf tests/test_playbooks/*_ostree.yml
+	rm -rf .packit.yaml
 	make $(RUNTIME_YML)
 
 FORCE:

changelogs/changelog.yaml

@@ -894,3 +894,24 @@ releases:
         name: content_import_version
         namespace: ''
     release_date: '2024-07-12'
+  4.2.0:
+    changes:
+      bugfixes:
+        - callback plugin - correctly catch facts with vault data and replace it with
+          ``ENCRYPTED_VAULT_VALUE_NOT_REPORTED``, preventing ``Object of type AnsibleVaultEncryptedUnicode
+          is not JSON serializable`` errors
+        - redhat_manifest - do not send empty JSON bodies in GET requests which confuse
+          the portal sometimes (https://github.com/theforeman/foreman-ansible-modules/issues/1768)
+      minor_changes:
+        - content_export_* - document that ``chunk_size_gb`` parameter is only applicable
+          for ``importable`` exports (https://github.com/theforeman/foreman-ansible-modules/issues/1738)
+        - lifecycle_environments role - allow setting ``state`` for the LCE, allowing
+          deletion of existing ones
+        - location, locations role - add ``description`` parameter to set the description
+    fragments:
+      - 1724-location_description.yml
+      - 1738-export_chunk_size.yml
+      - 1768-empty-get-body.yml
+      - 1769-callback-vault-facts.yml
+      - lce-role-state.yml
+    release_date: '2024-08-30'

galaxy.yml

@@ -70,12 +70,14 @@ authors:
   - "Partha Aji <[email protected]>"
   - "Patrick C. F. Ernzer <[email protected]>"
   - "Patrick Creech <[email protected]>"
+  - "Patrick Pfurtscheller <[email protected]>"
   - "Paul Armstrong <[email protected]>"
   - "Paul Belanger <[email protected]>"
   - "Paul Gration <[email protected]>"
   - "Peter Ondrejka <[email protected]>"
   - "Philipp <[email protected]>"
   - "Quirin Pamp <[email protected]>"
+  - "Richard J Osborne <[email protected]>"
   - "Richard Stempfl <[email protected]>"
   - "Richard Waax <[email protected]>"
   - "Sam <[email protected]>"
@@ -94,6 +96,7 @@ authors:
   - "alesc <[email protected]>"
   - "bob <[email protected]>"
   - "calvingsmith <[email protected]>"
+  - "cojmckee <[email protected]>"
   - "divialth <[email protected]>"
   - "furhouse <[email protected]>"
   - "gardar <[email protected]>"
@@ -105,7 +108,7 @@ authors:
   - "russianguppie <[email protected]>"
   - "willtome <[email protected]>"
   - "yuqo2450 <[email protected]>"
-version: "4.1.0"
+version: "4.2.0"
 license:
   - "GPL-3.0-or-later"
 tags:

plugins/callback/foreman.py

@@ -118,6 +118,7 @@
     HAS_REQUESTS = False
 
 from ansible.module_utils._text import to_text
+from ansible.module_utils.common.json import AnsibleJSONEncoder
 from ansible.module_utils.parsing.convert_bool import boolean as to_bool
 from ansible.plugins.callback import CallbackBase
 
@@ -172,6 +173,15 @@ def get_now():
     return datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S+00:00")
 
 
+class AnsibleNoVaultJSONEncoder(AnsibleJSONEncoder):
+    def default(self, o):
+        if getattr(o, '__ENCRYPTED__', False):
+            value = 'ENCRYPTED_VAULT_VALUE_NOT_REPORTED'
+        else:
+            value = super(AnsibleNoVaultJSONEncoder, self).default(o)
+        return value
+
+
 class CallbackModule(CallbackBase):
     CALLBACK_VERSION = 2.0
     CALLBACK_TYPE = 'notification'
@@ -243,14 +253,17 @@ def _send_data(self, data_type, report_type, host, data):
         else:
             self._display.warning(u'Unknown report_type: {rt}'.format(rt=report_type))
 
+        json_data = json.dumps(data, indent=2, sort_keys=True, cls=AnsibleNoVaultJSONEncoder)
+
         if len(self.dir_store) > 0:
-            filename = u'{host}.json'.format(host=to_text(host))
+            filename = u'{host}-{dt}.json'.format(host=to_text(host), dt=data_type)
             filename = os.path.join(self.dir_store, filename)
             with open(filename, 'w') as f:
-                json.dump(data, f, indent=2, sort_keys=True)
+                f.write(json_data)
         else:
             try:
-                response = self.session.post(url=url, json=data)
+                headers = {'content-type': 'application/json'}
+                response = self.session.post(url=url, data=json_data, headers=headers)
                 response.raise_for_status()
             except requests.exceptions.RequestException as err:
                 self._display.warning(u'Sending data to Foreman at {url} failed for {host}: {err}'.format(

plugins/doc_fragments/foreman.py

@@ -392,6 +392,7 @@ class ModuleDocFragment(object):
   chunk_size_gb:
     description:
       - Split the exported content into archives no greater than the specified size in gigabytes.
+      - Only applicable for C(format=importable). C(syncable) exports can't be split.
     required: false
     type: int
   format:

plugins/module_utils/foreman_helper.py

@@ -1585,6 +1585,9 @@ def run(self, **kwargs):
         if self.params.get('from_history_id') and incremental is not True:
             self.fail_json(msg='from_history_id is only valid for incremental exports')
 
+        if 'chunk_size_gb' in self.foreman_params and self.foreman_params['format'] == 'syncable':
+            self.fail_json(msg='chunk_size_gb is only valid for importable exports')
+
         self.auto_lookup_entities()
 
         payload = _flatten_entity(self.foreman_params, self.foreman_spec)

plugins/modules/location.py

@@ -34,6 +34,12 @@
       - Name of the Location
     required: true
     type: str
+  description:
+    description:
+      - Description of the Location
+    required: false
+    type: str
+    version_added: 4.2.0
   parent:
     description:
       - Title of a parent Location for nesting
@@ -123,6 +129,7 @@ def main():
     module = ForemanLocationModule(
         foreman_spec=dict(
             name=dict(required=True),
+            description=dict(required=False),
             parent=dict(type='entity'),
             organizations=dict(type='entity_list'),
             ignore_types=dict(type='list', elements='str', required=False, aliases=['select_all_types']),

plugins/modules/redhat_manifest.py

@@ -146,24 +146,24 @@
 
 
 def fetch_portal(module, path, method, data=None, accept_header='application/json'):
-    if data is None:
-        data = {}
+    headers = {'accept': accept_header}
+    if data is not None:
+        data = json.dumps(data)
+        headers['content-type'] = 'application/json'
     url = module.params['portal'] + path
-    headers = {'accept': accept_header,
-               'content-type': 'application/json'}
     fetch_kwargs = {'timeout': 30}
     if os.path.exists(REDHAT_UEP):
         fetch_kwargs['ca_path'] = REDHAT_UEP
     try:
-        resp, info = fetch_url(module, url, json.dumps(data), headers, method, **fetch_kwargs)
+        resp, info = fetch_url(module, url, data, headers, method, **fetch_kwargs)
     except TypeError:
         # ca_path was added in Ansible 2.9 and backported to 2.8 in 2.8.6
         # older Ansible releases don't support that and we have to omit the CA cert here
         if module.params['validate_certs']:
             module.warn("Your Ansible version does not support providing custom CA certificates for HTTP requests. "
                         "Talking to the Red Hat portal might fail without validate_certs=False. Please update.")
         del fetch_kwargs['ca_path']
-        resp, info = fetch_url(module, url, json.dumps(data), headers, method, **fetch_kwargs)
+        resp, info = fetch_url(module, url, data, headers, method, **fetch_kwargs)
     if resp is None or info["status"] >= 400:
         try:
             error = json.loads(info['body'])['displayMessage']

plugins/modules/sync_plan.py

@@ -57,7 +57,8 @@
     type: bool
   sync_date:
     description:
-      - Start date and time of the first synchronization
+      - Start date and time of the first synchronization.
+      - Multiple formats are accepted, but only C(YYYY-mm-dd HH:MM:SS +z) (e.g. C(2024-08-01 00:00:00 +0000)) will be idempotent.
     required: true
     type: str
   cron_expression:

roles/activation_keys/README.md

@@ -77,3 +77,19 @@ Define two Activation Keys. The first registers hosts in the "ACME" organization
 ```
 
 Following the second example, a Host which is registered using `subscription-manager register --activationkey ACME_App_Key,ACME_RHEL7_Base_Test` will get the ACME_App subscription, Test LCE, RHEL7_Base Content View, and auto-attach any additional necessary subscriptions from ACME Organization to cover the Base OS and any other products which require an entitlement certificate.
+
+To delete multiple activation_keys
+```yaml
+- hosts: localhost
+  roles:
+    - role: redhat.satellite.activation_keys
+      vars:
+        satellite_server_url: https://satellite.example.com
+        satellite_username: "admin"
+        satellite_password: "changeme"
+        satellite_organization: "ACME"
+        satellite_activation_keys:
+          - name: "ACME_App_Key"
+            state: absent
+          - name: "ACME_OS_Key"
+            state: absent

roles/activation_keys/tasks/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: 'Create Activation Keys'  # noqa: args[module]
+- name: 'Create or Delete Activation Keys'  # noqa: args[module]
   redhat.satellite.activation_key:
     username: "{{ satellite_username | default(omit) }}"
     password: "{{ satellite_password | default(omit) }}"
@@ -21,6 +21,6 @@
     purpose_usage: "{{ item.purpose_usage | default(omit) }}"
     purpose_role: "{{ item.purpose_role | default(omit) }}"
     purpose_addons: "{{ item.purpose_addons | default(omit) }}"
-    state: present
+    state: "{{ item.state | default('present') }}"
   with_items:
     - "{{ satellite_activation_keys }}"

roles/lifecycle_environments/tasks/main.yml

@@ -10,6 +10,6 @@
     description: "{{ item.description | default(omit) }}"
     prior: "{{ item.prior }}"
     label: "{{ item.label | default(omit) }}"
-    state: present
+    state: "{{ item.state | default('present') }}"
   with_items:
     - "{{ satellite_lifecycle_environments }}"

roles/locations/tasks/main.yml

@@ -6,6 +6,7 @@
     server_url: "{{ satellite_server_url | default(omit) }}"
     validate_certs: "{{ satellite_validate_certs | default(omit) }}"
     name: "{{ item.name }}"
+    description: "{{ item.description | default(omit) }}"
     parent: "{{ item.parent | default(omit) }}"
     organizations: "{{ item.organizations | default(omit) }}"
     parameters: "{{ item.parameters | default(omit) }}"

roles/repositories/tasks/main.yml

@@ -39,9 +39,14 @@
     validate_certs: "{{ satellite_validate_certs | default(omit) }}"
     organization: "{{ satellite_organization }}"
     name: "{{ item.name }}"
+    description: "{{ item.description | default(omit) }}"
     label: "{{ item.label | default(omit) }}"
     gpg_key: "{{ item.gpg_key | default(omit) }}"
+    ssl_ca_cert: "{{ item.ssl_ca_cert | default(omit) }}"
+    ssl_client_cert: "{{ item.ssl_client_cert | default(omit) }}"
+    ssl_client_key: "{{ item.ssl_client_key | default(omit) }}"
     state: "{{ item.state | default(omit) }}"
+    sync_plan: "{{ item.sync_plan | default(omit) }}"
   with_items:
     - "{{ satellite_products | selectattr('repositories', 'defined') | map('combine', {'repositories': '[FILTERED]'}) | list }}"
 

tests/callback/three_hosts.yml

@@ -3,6 +3,13 @@
   gather_facts: false
   vars:
     foo: foo bar
+    crypt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62343962363339363461373565656663663734393265636161313466326163666638333735303061
+          6134346238366533616262663462396332363535363662660a323339326635373330633230336332
+          38363334373037356466383063616532656632303636333839313831626264386132386661303535
+          3864663564356332390a633631363962353163316236323038363861623763616265343762366435
+          6237
   tasks:
     - name: Changed task
       command: echo foo
@@ -34,6 +41,22 @@
       loop_control:
         label: foo-{{ item }}
 
+    - name: Vault command
+      command: echo {{ crypt }}
+
+    - name: Vault fact
+      set_fact:
+        geheim: "{{ crypt }}"
+        crypt: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              62343962363339363461373565656663663734393265636161313466326163666638333735303061
+              6134346238366533616262663462396332363535363662660a323339326635373330633230336332
+              38363334373037356466383063616532656632303636333839313831626264386132386661303535
+              3864663564356332390a633631363962353163316236323038363861623763616265343762366435
+              6237
+        unsafe: !unsafe |
+          THIS IS {{ crypt }}
+
   handlers:
     - name: Test handler 1
       command: echo foo

tests/callback/vault-pass

@@ -0,0 +1 @@
+changeme

tests/fixtures/apidoc/content_view_filter_deb.json

@@ -0,0 +1 @@
+katello.json

tests/fixtures/apidoc/content_view_filter_info_deb.json

@@ -0,0 +1 @@
+katello.json

tests/fixtures/apidoc/content_view_filter_rule_deb.json

@@ -0,0 +1 @@
+katello.json

tests/fixtures/apidoc/content_view_filter_rule_info_deb.json

@@ -0,0 +1 @@
+katello.json

tests/fixtures/callback/dir_store/foreman/testhost-facts.json

@@ -0,0 +1,12 @@
+{
+  "facts": {
+    "_timestamp": "2000-01-01 12:00:00+00:00",
+    "_type": "ansible",
+    "ansible_facts": {
+      "crypt": "ENCRYPTED_VAULT_VALUE_NOT_REPORTED",
+      "geheim": "admin",
+      "unsafe": "THIS IS {{ crypt }}\n"
+    }
+  },
+  "name": "testhost"
+}

tests/fixtures/callback/dir_store/foreman/testhost.json → tests/fixtures/callback/dir_store/foreman/testhost-report.json

@@ -58,6 +58,28 @@
           }
         }
       },
+      {
+        "log": {
+          "level": "notice",
+          "messages": {
+            "message": "{\"changed\": true, \"cmd\": [\"echo\", \"admin\"], \"delta\": \"12:00:00.0000\", \"end\": \"2000-01-01 12:00:00.0000\", \"failed\": false, \"invocation\": {\"module_args\": {\"_raw_params\": \"echo admin\", \"_uses_shell\": false, \"argv\": null, \"chdir\": null, \"creates\": null, \"executable\": null, \"removes\": null, \"stdin\": null, \"stdin_add_newline\": true, \"strip_empty_ends\": true}}, \"module\": \"command\", \"rc\": 0, \"start\": \"2000-01-01 12:00:00.0000\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"admin\", \"stdout_lines\": [\"admin\"]}"
+          },
+          "sources": {
+            "source": "Vault command"
+          }
+        }
+      },
+      {
+        "log": {
+          "level": "info",
+          "messages": {
+            "message": "{\"ansible_facts\": {\"geheim\": \"admin\"}, \"changed\": false, \"failed\": false, \"module\": \"set_fact\"}"
+          },
+          "sources": {
+            "source": "Vault fact"
+          }
+        }
+      },
       {
         "log": {
           "level": "notice",
@@ -100,7 +122,7 @@
     "reported_at": "2000-01-01 12:00:00+00:00",
     "reporter": "ansible",
     "status": {
-      "applied": 5,
+      "applied": 6,
       "failed": 0,
       "skipped": 1
     }