Handling of http_proxy, ssl_ca_cert, ssl_client_cert, ssl_client_key in repositories

[gvde]

SUMMARY

Running against a katello 4.3 or 4.4 server my playbook always wants to remove

-            "http_proxy_id": null,
...
-            "ssl_ca_cert_id": null,
-            "ssl_client_cert_id": null,
-            "ssl_client_key_id": null,

to all of my repositories. I don't use http_proxy not ssl client certs, it's not supposed to be set and isn't.

ANSIBLE VERSION

$ ansible --version
ansible 2.9.27
  config file = /home/k/k111111/git/foreman-ansible/ansible.cfg
  configured module search path = ['/home/k/k111111/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Nov 17 2021, 16:10:06) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]

COLLECTION VERSION

$ ansible-galaxy collection list
usage: ansible-galaxy collection [-h] COLLECTION_ACTION ...
ansible-galaxy collection: error: argument COLLECTION_ACTION: invalid choice: 'list' (choose from 'init', 'build', 'publish', 'install')

Well, initially I have used the rpm ansible-collection-theforeman-foreman-3.1.0-2.el8.noarch, then I have tried the latest version from ansible-galaxy.

KATELLO/FOREMAN VERSION

katello-4.4.0-1.el8.noarch
foreman-3.2.0-1.el8.noarch

STEPS TO REPRODUCE

Set any repository using theforeman.foreman.repository.

EXPECTED RESULTS

Don't suggest any changes.

ACTUAL RESULTS

It keeps changing this, for example:

--- before
+++ after
@@ -5,17 +5,14 @@
             "content_type": "yum",
             "download_policy": "immediate",
             "gpg_key_id": 5,
-            "http_proxy_id": null,
             "http_proxy_policy": "global_default_http_proxy",
             "id": 112,
             "label": "puppet6_el8_x86_64",
+            "mirror_on_sync": true,
             "name": "Puppet 6 Repository el 8 - x86_64",
             "organization_id": 1,
             "os_versions": [],
             "product_id": 131,
-            "ssl_ca_cert_id": null,
-            "ssl_client_cert_id": null,
-            "ssl_client_key_id": null,
             "unprotected": true,
             "url": "http://yum.puppetlabs.com/puppet6/el/8/x86_64/",
             "verify_ssl_on_sync": true

[evgeni]

Would you mind checking if this goes away once the mirror_on_sync fix from #1392 is in?

[gvde]

Would you mind checking if this goes away once the mirror_on_sync fix from #1392 is in?

Yes, it does. I guess I don't need to understand why fixing mirror_on_sync removes the other differences?

[evgeni]

Yes, it does. I guess I don't need to understand why fixing mirror_on_sync removes the other differences?

Well, as you asked, I'll try to explain. ;-)

When we submit a change to the Foreman API, it returns a JSON representation of the now-modified object. In your case the repository doesn't have a Proxy or SSL certs set, so those parameters are null. Now our code goes an compares the reply with what was actually set, but you didn't set Proxy or SSL to null and thus there is a "difference".

If you now ask "but why isn't this reported always as a difference", in the case where mirror_on_sync didn't have to be changed, we didn't end up performing a diff at all.

It would probably be correct to strip all null entries from the replied JSON before doing the comparison, but right now we do not do that.

[gvde]

Yes, it does. I guess I don't need to understand why fixing mirror_on_sync removes the other differences?

Well, as you asked, I'll try to explain. ;-)

Thanks for the explanation. Makes sense.

So I close this issue as it's not really an issue but just a side effect of the mirror_of_sync setting which has been solved with #1392

[evgeni]

I've still opened #1398 as I think this is a valuable change to make ;)