Bug 2224122

Summary:	Cannot unset GPG keys from repositories
Product:	Red Hat Satellite	Reporter:	Ian Ballou <iballou>
Component:	Ansible Collection	Assignee:	Evgeni Golov <egolov>
Status:	CLOSED ERRATA	QA Contact:	Griffin Sullivan <gsulliva>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	6.14.0	CC:	egolov, ehelms, gsulliva, rlavi
Target Milestone:	6.15.0	Keywords:	Triaged
Target Release:	Unused
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	ansible-collection-redhat-satellite-3.13.0	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2024-04-23 17:11:46 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ian Ballou 2023-07-19 21:05:59 UTC

Description of problem:
Continuation of https://bugzilla.redhat.com/show_bug.cgi?id=2213777.

That BZ fixed unsetting products' GPG keys. Now, there is an issue with unsetting repositories' GPG keys.

The following error occurs:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to lookup scope ['organization'] while searching for content_credentials."}

Version-Release number of selected component (if applicable):
Satellite 6.14.0

How reproducible:
100%

Steps to Reproduce:
Run the following playbook:

[root@sat-6-14-qa-rhel8 ~]# cat playbook-bz-2213777.yml 
- name: issue 36497
  hosts: localhost
  become: no
  gather_facts: no
  tasks:
    - name: "create key"
      redhat.satellite.content_credential:
        username: "admin"
        password: "changeme"
        server_url: "https://sat-6-14-qa-rhel8.example.com/"
        validate_certs: false
        name: "RPM-GPG-KEY-my-repo"
        content_type: gpg_key
        organization: "Default Organization"
        content: "test"
    - name: product with key
      redhat.satellite.product:
        username: "admin"
        password: "changeme"
        server_url: "https://sat-6-14-qa-rhel8.example.com/"
        validate_certs: false
        name: "prod"
        organization: "Default Organization"
        gpg_key: "RPM-GPG-KEY-my-repo"
    - name: product without key
      redhat.satellite.product:
        username: "admin"
        password: "changeme"
        server_url: "https://sat-6-14-qa-rhel8.example.com/"
        validate_certs: false
        name: "prod"
        organization: "Default Organization"
        gpg_key: ""
    - name: repo with key
      redhat.satellite.repository:
        username: "admin"
        password: "changeme"
        server_url: "https://sat-6-14-qa-rhel8.example.com/"
        validate_certs: false
        name: "repo"
        organization: "Default Organization"
        product: "prod"
        content_type: "yum"
        gpg_key: "RPM-GPG-KEY-my-repo"
    - name: repo without key
      redhat.satellite.repository:
        username: "admin"
        password: "changeme"
        server_url: "https://sat-6-14-qa-rhel8.example.com/"
        validate_certs: false
        name: "repo"
        organization: "Default Organization"
        product: "prod"
        content_type: "yum"
        gpg_key: ""

Actual results:
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to lookup scope ['organization'] while searching for content_credentials."}

Expected results:
GPG key on the repository at the end is unset.

Additional info:
Copy-pasted from https://bugzilla.redhat.com/show_bug.cgi?id=2213777:

The issue I found on repositories appears to  be in foreman ansible modules itself:


831  ->	    def lookup_entity(self, key, params=None):
832  	        if key not in self.foreman_params:
833  	            return None
834  	
835  	        entity_spec = self.foreman_spec[key]
836  	        if _is_resolved(entity_spec, self.foreman_params[key]):
(Epdb) key
'organization'

(Epdb) self.foreman_params['organization']
*** KeyError: 'organization'

(Epdb) self.foreman_params['entity']['organization']
{'name': 'Default Organization', 'label': 'Default_Organization', 'id': 1}

The organization is in the body of the request from Katello:

2023-07-19T20:41:07 [D|app|42104fc2] With body:   {"relative_path":"Default_Organization/Library/custom/prod/repo","promoted":false,"content_view_version_id":1,"library_instance_id":null,"last_contents_changed":"2023-07-19 19:08:38 UTC","organization_id":1,"organization":{"name":"Default Organization","label":"Default_Organization","id":1},...

It looks like the foreman ansible modules might be filtering out the organization somehow.  The organization is in self.foreman_params['entity'] but not self.foreman_params, which is causing it to not be found.

Comment 4 Evgeni Golov 2023-08-23 07:47:17 UTC

I've prepared packaging at https://gitlab.cee.redhat.com/satellite/satellite-packaging/-/merge_requests/7424

Comment 5 Brad Buckingham 2023-10-30 11:29:29 UTC

Bulk setting Target Milestone = 6.15.0 where sat-6.15.0+ is set.

Comment 6 Griffin Sullivan 2024-01-02 14:40:15 UTC

Verified on 6.15.0 snap 3 with collection version 3.14.0

Users can set and unset GPG keys for both products and repositories.

Comment 9 errata-xmlrpc 2024-04-23 17:11:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.15.0 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2010