[CP] Katello 4.12.0 Release Cherry Picks (#10944)

* Refs #37148 - Remove removed_widgets override (#10927)

(cherry picked from commit 40a70ce)

* Fixes #35215 - Handle cloned hostgroups in hosts_and_hostgroups_helper (#10894)

(cherry picked from commit e3d46c6)

* Fixes #36979 - Remove cdn_ssl_version setting

This was originally added to allow downgrading the CDN connection
SSL version for compatibility with much older proxy servers. That
should be less of a concern now.

We do still set a value of TLS v1.2 for the min_version, but only
because ruby/openssl#709 prevents using
the system-wide crypto policy for now. In the future, that can be
removed as well, restoring control to the user at the OS level.

(cherry picked from commit 78fcba9)

* Fixes #37277 - Fix ACS randomly failing VCR tests (#10941)

(cherry picked from commit 6d93801)

* Fixes #37240 - Fix CCV duplicate repo warning (#10928)

(cherry picked from commit 02fc313)

---------

Co-authored-by: Jeremy Lenz <jlenz@redhat.com>
Co-authored-by: William Bradford Clark <wclark@redhat.com>
Co-authored-by: Ian Ballou <ianballou67@gmail.com>
Co-authored-by: Markus Bucher <bucher@atix.de>

app/helpers/katello/concerns/dashboard_helper_extensions.rb

@@ -8,16 +8,6 @@ def host_query
       def total_host_count
         host_query.size
       end
-
-      def removed_widgets
-        widgets = super
-
-        if Organization.current&.simple_content_access?
-          widgets.reject! { |widget| ::Widget.singleton_class::SUBSCRIPTION_TEMPLATES.include? widget[:template] }
-        end
-
-        widgets
-      end
     end
   end
 end

app/helpers/katello/hosts_and_hostgroups_helper.rb

@@ -72,19 +72,31 @@ def kickstart_repository_id(host, options = {})
     def fetch_lifecycle_environment(host_or_hostgroup, options = {})
       return host_or_hostgroup.single_lifecycle_environment if host_or_hostgroup.try(:single_lifecycle_environment)
       return host_or_hostgroup.lifecycle_environment if host_or_hostgroup.try(:lifecycle_environment)
+      if host_or_hostgroup.is_a?(::Hostgroup) && host_or_hostgroup.content_facet.present?
+        # to handle cloned hostgroups that are new records
+        return host_or_hostgroup.content_facet.lifecycle_environment
+      end
       selected_host_group = options.fetch(:selected_host_group, nil)
       return selected_host_group.lifecycle_environment if selected_host_group.present?
     end
 
     def fetch_content_view(host_or_hostgroup, options = {})
       return host_or_hostgroup.single_content_view if host_or_hostgroup.try(:single_content_view)
       return host_or_hostgroup.content_view if host_or_hostgroup.try(:content_view)
+      if host_or_hostgroup.is_a?(::Hostgroup) && host_or_hostgroup.content_facet.present?
+        # to handle cloned hostgroups that are new records
+        return host_or_hostgroup.content_facet.content_view
+      end
       selected_host_group = options.fetch(:selected_host_group, nil)
       return selected_host_group.content_view if selected_host_group.present?
     end
 
-    def fetch_content_source(host, options = {})
-      return host.content_source if host.try(:content_source_id)
+    def fetch_content_source(host_or_hostgroup, options = {})
+      return host_or_hostgroup.content_source if host_or_hostgroup.content_source_id&.present? && host_or_hostgroup.persisted?
+      if host_or_hostgroup.is_a?(::Hostgroup) && host_or_hostgroup.content_facet.present?
+        # to handle cloned hostgroups that are new records
+        return host_or_hostgroup.content_facet.content_source
+      end
       selected_host_group = options.fetch(:selected_host_group, nil)
       return selected_host_group.content_source if selected_host_group.present?
     end

app/lib/katello/resources/cdn.rb

@@ -1,8 +1,6 @@
 module Katello
   module Resources
     module CDN
-      SUPPORTED_SSL_VERSIONS = ['SSLv23', 'TLSv1'].freeze
-
       class Utils
         # takes releasever from contentUrl (e.g. 6Server, 6.0, 6.1)
         # returns hash e.g. {:major => 6, :minor => "6.1"}
@@ -24,11 +22,6 @@ def substitutor
         end
 
         def initialize(url, options = {})
-          @ssl_version = Setting[:cdn_ssl_version]
-          if @ssl_version && !SUPPORTED_SSL_VERSIONS.include?(@ssl_version)
-            fail("Invalid SSL version specified. Check the 'CDN SSL Version' setting")
-          end
-
           options.reverse_merge!(:verify_ssl => 9)
           options.assert_valid_keys(:ssl_client_key,
                                     :ssl_client_cert,
@@ -106,12 +99,10 @@ def http_downloader
             net.cert_store = @cert_store
           end
 
-          # NOTE: This was added because some proxies dont support SSLv23 and do not handle TLS 1.2
-          # Valid values in ruby 1.9.3 are 'SSLv23' or 'TLSV1'
-          # Run the following command in rails console to figure out other
-          # valid constants in other ruby versions
-          # "OpenSSL::SSL::SSLContext::METHODS"
-          net.ssl_version = @ssl_version
+          # NOTE: This is only here due to https://github.com/ruby/openssl/issues/709, otherwise the
+          # system-wide crypto policy could be used. Enforcing TLS version >= 1.2  will prevent using
+          # very old infrastructure for now, but that was considered better than having an insecure default.
+          net.min_version = OpenSSL::SSL::TLS1_2_VERSION
 
           if (@options[:verify_ssl] == false) || (@options[:verify_ssl] == OpenSSL::SSL::VERIFY_NONE)
             net.verify_mode = OpenSSL::SSL::VERIFY_NONE

app/services/katello/pulp3/alternate_content_source.rb

@@ -108,7 +108,7 @@ def create
           if acs.content_type == ::Katello::Repository::FILE_TYPE && acs.subpaths.present?
             paths = insert_pulp_manifest!(paths)
           end
-          response = api.alternate_content_source_api.create(name: generate_backend_object_name, paths: paths,
+          response = api.alternate_content_source_api.create(name: generate_backend_object_name, paths: paths.sort,
                                                              remote: smart_proxy_acs.remote_href)
           smart_proxy_acs.update!(alternate_content_source_href: response.pulp_href)
           return response
@@ -125,7 +125,7 @@ def update
         if acs.content_type == ::Katello::Repository::FILE_TYPE && acs.subpaths.present?
           paths = insert_pulp_manifest!(paths)
         end
-        api.alternate_content_source_api.update(href, name: generate_backend_object_name, paths: paths, remote: smart_proxy_acs.remote_href)
+        api.alternate_content_source_api.update(href, name: generate_backend_object_name, paths: paths.sort, remote: smart_proxy_acs.remote_href)
       end
 
       def delete_alternate_content_source

lib/katello/plugin.rb

@@ -373,13 +373,6 @@ def katello_template_setting_values(name)
         collection: proc { http_proxy_select },
         include_blank: N_("no global default")
 
-      setting 'cdn_ssl_version',
-        type: :string,
-        default: nil,
-        full_name: N_('CDN SSL version'),
-        description: N_("SSL version used to communicate with the CDN"),
-        collection: proc { hashify_parameters(Katello::Resources::CDN::SUPPORTED_SSL_VERSIONS) }
-
       setting 'katello_default_provision',
         type: :string,
         default: 'Kickstart default',

test/controllers/api/v2/content_view_versions_controller_test.rb

@@ -173,10 +173,10 @@ def test_promote_multiple
     def test_bad_promote_out_of_sequence
       version = @library_dev_staging_view.versions.first
       @controller.expects(:async_task).with(::Actions::Katello::ContentView::Promote, version, [@beta], false, nil).
-          raises(::Katello::HttpErrors::BadRequest)
+          raises(::Katello::HttpErrors::BadRequest.new('Cannot promote environment out of sequence. Use force to bypass restriction.'))
       post :promote, params: { :id => version.id, :environment_ids => [@beta.id] }
 
-      assert_response 500
+      assert_response 400
     end
 
     def test_promote_out_of_sequence_force