katello 4.0.1.1 → 4.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 943bafeb68534380121b087474c963f223f8073c5d76cb340a3e2d079993c58b
-  data.tar.gz: d9177822addd44a16bfb9c545cf8336f0aebbd17ec480fb8b841a51b4e17da5c
+  metadata.gz: bce7f44a7f2b8e7a0eda1ca43fc7835ff63a4e13f37dc989b34e5902a1aed53a
+  data.tar.gz: 9347b0be58ab615b998c47b00ec3db414e21a0802072c1abd1b0d09ebe45b46d
 SHA512:
-  metadata.gz: 61aa94ae8e7b27ca51b9ecf14927ee7dc7962e1376114457ea4dbb141a446dd86f9ed5dbe4576d80b33c6899c593c656c672e88e0dec219633a8869c9f869e34
-  data.tar.gz: f8b1bd7effcb6d477c872461f34e36c88823b2d44fbe09e97c2f5aae7418794d8ad206d9f2094dc2f10df239be29c117bba7361d0fc9b70f5f74e8e0754144dc
+  metadata.gz: 302db8a69576d6ede5e7b76a2a68d1ec255490bfe6d08748f503b43b3b57d2930ab872e7cb5f2bc26330fd08781650eab35e05bf1adab85505090f471886cc32
+  data.tar.gz: ca2ec5c259ed700896a7509da48bf7ccb814e273e9391210d96473c7ae37563904a1291062e2b04adb1afe1bbf8f50394d4d05edc199a5843148612e8a5c57f3

data/app/controllers/katello/api/registry/registry_proxies_controller.rb

@@ -106,7 +106,7 @@ module Katello
       return nil unless params[:repository]
       repository = Repository.docker_type.find_by(container_repository_name: params[:repository])
       if require_user_authorization?(repository)
-        repository = readable_repositories.docker_type.find_by(container_repository_name: params[:repository])
+        repository = Repository.readable_docker_catalog.find_by(container_repository_name: params[:repository])
       end
       repository
     end
@@ -331,7 +331,7 @@ module Katello
       params[:per_page] = params[:n] || 25
       params[:search] = params[:q]
 
-      search_results = scoped_search(readable_repositories.docker_type.distinct,
+      search_results = scoped_search(Repository.readable_docker_catalog.distinct,
                                      :container_repository_name, :asc, options)
 
       results = {
@@ -345,7 +345,7 @@ module Katello
     end
 
     def catalog
-      repositories = readable_repositories.docker_type.collect do |repository|
+      repositories = Repository.readable_docker_catalog.collect do |repository|
         repository.container_repository_name
       end
       render json: { repositories: repositories }

data/app/controllers/katello/api/v2/repositories_controller.rb

@@ -95,6 +95,7 @@ module Katello
           :required => false
     param :with_content, RepositoryTypeManager.enabled_content_types, :desc => N_("only repositories having at least one of the specified content type ex: rpm , erratum")
     param :download_policy, ::Runcible::Models::YumImporter::DOWNLOAD_POLICIES, :desc => N_("limit to only repositories with this download policy")
+    param :username, String, :desc => N_("only show the repositories readable by this user with this username")
     param_group :search, Api::V2::ApiController
     add_scoped_search_description_for(Repository)
     def index

data/app/lib/actions/katello/capsule_content/sync.rb

@@ -39,7 +39,7 @@ module Actions
             end
 
             if smart_proxy.has_feature?(SmartProxy::PULP3_FEATURE)
-              plan_action(Actions::Pulp3::CapsuleContent::RefreshContentGuard, smart_proxy)
+              plan_action(Actions::Pulp3::ContentGuard::Refresh, smart_proxy)
               plan_action(Actions::Pulp3::Orchestration::Repository::RefreshRepos, smart_proxy, refresh_options)
             end
             plan_action(SyncCapsule, smart_proxy, refresh_options)

data/app/lib/actions/katello/capsule_content/sync_capsule.rb

@@ -35,15 +35,53 @@ module Actions
               end
             end
           end
-          update_unauthenticated_repo_list(smart_proxy) if smart_proxy.has_feature?("Container_Gateway")
+          sync_container_gateway(smart_proxy)
         end
 
-        def update_unauthenticated_repo_list(smart_proxy)
-          unauthenticated_repo_list =
-            ::Katello::SmartProxyHelper.new(smart_proxy).combined_repos_available_to_capsule.select do |repo|
-              repo.docker? && repo.environment.registry_unauthenticated_pull
+        def sync_container_gateway(smart_proxy)
+          if smart_proxy.has_feature?(::SmartProxy::CONTAINER_GATEWAY_FEATURE)
+            update_container_repo_list(smart_proxy)
+            users = smart_proxy.container_gateway_users
+            update_user_container_repo_mapping(smart_proxy, users) if users.any?
+          end
+        end
+
+        def unauthenticated_container_repositories
+          ::Katello::Repository.joins(:environment).where("#{::Katello::KTEnvironment.table_name}.registry_unauthenticated_pull" => true).select(:id).pluck(:id)
+        end
+
+        def update_container_repo_list(smart_proxy)
+          # [{ repository: "repoA", auth_required: false }]
+          repo_list = []
+          ::Katello::SmartProxyHelper.new(smart_proxy).combined_repos_available_to_capsule.each do |repo|
+            if repo.docker? && !repo.container_repository_name.nil?
+              repo_list << { repository: repo.container_repository_name,
+                             auth_required: !unauthenticated_container_repositories.include?(repo.id) }
             end
-          smart_proxy.update_unauthenticated_repo_list(unauthenticated_repo_list.map(&:container_repository_name))
+          end
+          smart_proxy.update_container_repo_list(repo_list)
+        end
+
+        def update_user_container_repo_mapping(smart_proxy, users)
+          # Example user-repo mapping:
+          # { users:
+          #   [
+          #     'user a' => [{ repository: 'repo 1', auth_required: true }]
+          #   ]
+          # }
+
+          user_repo_map = { users: [] }
+          users.each do |user|
+            inner_repo_list = []
+            repositories = ::Katello::Repository.readable_docker_catalog_as(user)
+            repositories.each do |repo|
+              next if repo.container_repository_name.nil?
+              inner_repo_list << { repository: repo.container_repository_name,
+                                   auth_required: !unauthenticated_container_repositories.include?(repo.id) }
+            end
+            user_repo_map[:users] << { user.login => inner_repo_list }
+          end
+          smart_proxy.update_user_container_repo_mapping(user_repo_map)
         end
 
         def repos_to_sync(smart_proxy, environment, content_view, repository, skip_metatadata_check = false)

data/app/lib/actions/katello/content_view_version/incremental_update.rb

@@ -19,7 +19,8 @@ module Actions
 
         # rubocop:disable Metrics/MethodLength
         # rubocop:disable Metrics/AbcSize
-        def plan(old_version, environments, options = {}) # rubocop:disable Metrics/CyclomaticComplexity
+        # rubocop:disable Metrics/CyclomaticComplexity
+        def plan(old_version, environments, options = {})
           dep_solve = options.fetch(:resolve_dependencies, true)
           description = options.fetch(:description, '')
           content = options.fetch(:content, {})
@@ -72,8 +73,15 @@ module Actions
                 unit_map = pulp3_content_mapping(content)
 
                 unless extended_repo_mapping.empty? || unit_map.values.flatten.empty?
-                  copy_action_outputs << plan_action(Pulp3::Repository::MultiCopyUnits, extended_repo_mapping, unit_map,
-                                                     dependency_solving: dep_solve).output
+                  sequence do
+                    copy_action_outputs << plan_action(Pulp3::Repository::MultiCopyUnits, extended_repo_mapping, unit_map,
+                                                       dependency_solving: dep_solve).output
+                    repos_to_clone.each do |source_repos|
+                      if separated_repo_map[:pulp3_yum].keys.include?(source_repos)
+                        copy_repos(repository_mapping[source_repos])
+                      end
+                    end
+                  end
                 end
               end
 
@@ -150,15 +158,9 @@ module Actions
           end
         end
 
-        def copy_repos(new_repo, new_version, content, dep_solve)
+        def copy_repos(new_repo, _new_version = nil, _content = nil, _dep_solve = nil)
           copy_output = []
           sequence do
-            solve_dependencies = new_version.content_view.solve_dependencies || dep_solve
-            copy_output += copy_deb_content(new_repo, solve_dependencies, content[:deb_ids])
-            copy_output += copy_yum_content(new_repo, solve_dependencies,
-                                            content[:package_ids],
-                                            content[:errata_ids])
-
             plan_action(Katello::Repository::MetadataGenerate, new_repo)
             plan_action(Katello::Repository::IndexContent, id: new_repo.id)
           end

data/app/lib/actions/katello/orphan_cleanup/remove_orphans.rb

@@ -1,13 +1,13 @@
 module Actions
   module Katello
     module OrphanCleanup
-      class RemoveOrphans < Pulp::Abstract
+      class RemoveOrphans < Actions::Base
         input_format do
           param :capsule_id
         end
         def plan(proxy)
           sequence do
-            plan_action(Actions::Pulp::Orchestration::OrphanCleanup::RemoveOrphans, proxy)
+            plan_action(Actions::Pulp::Orchestration::OrphanCleanup::RemoveOrphans, proxy) if (proxy.has_feature?(SmartProxy::PULP_FEATURE) || proxy.has_feature?(SmartProxy::PULP_NODE_FEATURE))
             if proxy.pulp3_enabled?
               plan_action(
                 Actions::Pulp3::Orchestration::OrphanCleanup::RemoveOrphans,

data/app/lib/actions/katello/repository/check_matching_content.rb

@@ -13,6 +13,7 @@ module Actions
         def run
           source_repo = ::Katello::Repository.find(input[:source_repo_id])
           target_repo = ::Katello::Repository.find(input[:target_repo_id])
+          target_repo_published = target_repo.backend_service(SmartProxy.pulp_primary).published?
 
           if source_repo.content_type == ::Katello::Repository::YUM_TYPE
             srpms_match = srpms_match?(source_repo, target_repo)
@@ -23,16 +24,14 @@ module Actions
             yum_metadata_files = yum_metadata_files_match?(source_repo, target_repo)
             checksum_match = (target_repo.saved_checksum_type == source_repo.saved_checksum_type)
 
-            published = target_repo.backend_service(SmartProxy.pulp_primary).published?
-
             output[:checksum_match] = checksum_match
-            output[:matching_content] = yum_metadata_files && srpms_match && rpms && errata && package_groups && distributions && published && checksum_match
+            output[:matching_content] = yum_metadata_files && srpms_match && rpms && errata && package_groups && distributions && target_repo_published && checksum_match
           end
 
           if source_repo.content_type == ::Katello::Repository::DEB_TYPE
             debs = debs_match?(source_repo, target_repo)
 
-            output[:matching_content] = debs && target_repo.published?
+            output[:matching_content] = debs && target_repo_published
           end
         end
 

data/app/lib/actions/pulp3/content_guard/refresh.rb

@@ -2,16 +2,12 @@ module Actions
   module Pulp3
     module ContentGuard
       class Refresh < Pulp3::Abstract
-        def plan(smart_proxy, options = {})
-          return if (::Katello::Pulp3::ContentGuard.count > 0 || options.try(:[], :update))
-          content_guard_api = ::Katello::Pulp3::Api::ContentGuard.new(smart_proxy)
-          if options.try(:[], :update)
-            content_guard_href = ::Katello::Pulp3::ContentGuard.first.href
-            content_guard_api.partial_update content_guard_href
-          else
-            content_guard_api.create
-            ::Katello::Pulp3::ContentGuard.import(smart_proxy)
-          end
+        def plan(smart_proxy)
+          plan_self(smart_proxy_id: smart_proxy.id)
+        end
+
+        def run
+          ::Katello::Pulp3::Api::ContentGuard.new(smart_proxy).refresh
         end
       end
     end

data/app/lib/actions/pulp3/orchestration/orphan_cleanup/remove_orphans.rb

@@ -2,7 +2,7 @@ module Actions
   module Pulp3
     module Orchestration
       module OrphanCleanup
-        class RemoveOrphans < Pulp::Abstract
+        class RemoveOrphans < Pulp3::Abstract
           def plan(proxy)
             if proxy.pulp3_enabled?
               sequence do

data/app/lib/katello/errors.rb

@@ -53,7 +53,7 @@ module Katello
 
     class PulpcoreMissingCapabilities < StandardError
       def message
-        _("A smart proxy seems to have been refreshed without pulpcore being running.  You may want to ")
+        _("A smart proxy seems to have been refreshed without pulpcore being running. Please refresh the smart proxy after ensuring that pulpcore services are running.")
       end
     end
 

data/app/lib/katello/qpid/connection.rb

@@ -74,11 +74,13 @@ module Katello
       def initialize(url:, ssl_cert_file:, ssl_key_file:, ssl_ca_file:)
         @url = url
         ssl_domain = ::Qpid::Proton::SSLDomain.new(::Qpid::Proton::SSLDomain::MODE_CLIENT)
+        ssl_domain.peer_authentication(::Qpid::Proton::SSLDomain::VERIFY_PEER_NAME)
         ssl_domain.credentials(ssl_cert_file, ssl_key_file, nil) if ssl_cert_file && ssl_key_file
         ssl_domain.trusted_ca_db(ssl_ca_file) if ssl_ca_file
         @connection_options = {
           ssl_domain: ssl_domain,
-          sasl_allowed_mechs: 'external'
+          sasl_allowed_mechs: 'external',
+          virtual_host: URI.parse(url).host
         }
       end
 

data/app/lib/katello/util/hostgroup_facets_helper.rb

@@ -0,0 +1,126 @@
+# Used exclusively by fix_hostgroup_facets.rake task
+module Katello
+  module Util
+    class HostgroupFacetsHelper
+      def initialize
+        @logger = Logger.new($stdout)
+      end
+
+      def interested_hostgroups
+        groups = ::Hostgroup.unscoped.where(
+                    id: Katello::Hostgroup::ContentFacet.
+                        where(content_source_id: nil,
+                              kickstart_repository_id: nil,
+                              content_view_id: nil,
+                              lifecycle_environment_id: nil).select(:hostgroup_id))
+        parents = groups.select { |group| group.parent.blank? }
+        children = groups.reject { |group| group.parent.blank? }
+        # we want the parents to get created before the children
+        # hence the order
+        parents + children
+      end
+
+      def pick_facet_values(hg)
+        # This call looks at the audit logs for a host group.
+        # Pries out information related to lce, ks, cv and content_source_id from the audit logs.
+        # The audit logs typically only contain updates.
+        # So if the user changed  just the content_view_id, then that is the only thing marked as audited_changes.
+        # Hence we need to go through all the audit logs until we have information on lce, ks, cv and cs.
+        # If there was only one audit log and that was during the creation of hostgroup
+        # the audited changes look like this
+        # ```ruby
+        # {
+        #  content_view_id: 10,
+        #  kickstart_repository_id: 1000
+        #  ......
+        # }
+        # ```
+        # However if you updated the hostgroup and set the kickstart_repository_id, or
+        # content_view_id then audited changes look like
+        # ```ruby
+        # {
+        #  content_view_id: [10, 11],
+        #  kickstart_repository_id: [1000, 1200]
+        #  ......
+        # }
+        # ```
+        # So the code says "if the attribute value is an array pick the last value else just keep the value as it is "
+
+        # Further along it is to be noted that `hostgroup.audits` returns the audits ordered by the version number in ascending order, so the latest audit will be `hostgroup.audits.last`
+
+        # We want to iterate though each audit from latest audit to start, and as soon as we find a  content_view_id key or kickstart_repository_id key or lifecycle environment_id key  or content_source_id key we want it to be set once.
+
+        # So if I had an audit history like
+        # ``` ruby
+        # {
+        #  content_view_id: 10,
+        #  kickstart_repository_id: 1000,
+        #  version:1
+        #  ......
+        # },
+        # {
+        #  content_view_id: [10, 11],
+        #  kickstart_repository_id: [1000, 1200],
+        #   version: 2
+        #  ......
+        # }
+        # ```
+
+        # The code would start at version 2, notice that cv_id and ks_repo were set there
+        # and keep them as the final.
+        # So when it goes to version 1 since cv_id and ks_repo are already set,
+        # it will ignore. It will finally
+        # return {content_view_id: 11, kickstart_repository_id: 1200}
+        facet_values = {}
+        hg.audits.reverse_each do |audit|
+          hg_changes = audit.audited_changes.slice("lifecycle_environment_id",
+                                                   "kickstart_repository_id",
+                                                   "content_view_id",
+                                                   "content_source_id")
+          facet_values = hg_changes.merge(facet_values)
+        end
+
+        values = facet_values.map do |k, v|
+          v = v[-1] if v.is_a? Array
+          [k, v]
+        end
+        values.to_h.with_indifferent_access
+      end
+
+      def main
+        bad_hgs = []
+        good_hgs = []
+
+        groups = interested_hostgroups.each do |hg|
+          facet = hg.content_facet
+          values = pick_facet_values(hg)
+          if !values.empty? && facet.update(values)
+            good_hgs << { hostgroup: hg, facet_values: values }
+          else
+            bad_hgs << { hostgroup: hg, facet_values: values }
+            facet.save(validate: false)
+          end
+        end
+
+        unless bad_hgs.empty?
+          @logger.warn "Some of the hostgroups reported a validation error. "\
+                        "The hostgroups have been updated. "\
+                        "Check via the Web UI."
+
+          bad_hgs.each do |bad_group|
+            @logger.warn "Hostgroup #{bad_group[:hostgroup]}"
+            @logger.warn "Facet Values #{bad_group[:facet_values]}"
+          end
+        end
+        unless good_hgs.empty?
+          @logger.info "Following hostgroups were succesfully updated."
+          good_hgs.each do |good_group|
+            @logger.info "Hostgroup #{good_group[:hostgroup]}"
+            @logger.info "Facet Values #{good_group[:facet_values]}"
+          end
+        end
+        @logger.info("#{groups.count} Hostgroup(s) were updated.")
+      end
+    end
+  end
+end

data/app/models/katello/authorization/content_view.rb

@@ -33,6 +33,18 @@ module Katello
         authorized(:view_content_views)
       end
 
+      def creatable
+        authorized(:view_content_views)
+      end
+
+      def importable?
+        creatable? && publishable?
+      end
+
+      def readable_as(user)
+        authorized_as(user, :view_content_views)
+      end
+
       def readable?
         ::User.current.can?(:view_content_views)
       end

data/app/models/katello/authorization/repository.rb

@@ -27,6 +27,24 @@ module Katello
         joins(:root).where("#{Repository.table_name}.id in (?) or #{self.table_name}.id in (?) or #{self.table_name}.id in (?) or #{self.table_name}.id in (?)", in_products, in_content_views, in_versions, in_environments)
       end
 
+      def readable_as(user)
+        in_products = Repository.in_product(Katello::Product.authorized_as(user, :view_products)).select(:id)
+        in_environments = Repository.where(:environment_id => Katello::KTEnvironment.authorized_as(user, :view_lifecycle_environments)).select(:id)
+        in_content_views = Repository.joins(:content_view_repositories).where("#{ContentViewRepository.table_name}.content_view_id" => Katello::ContentView.readable_as(user)).select(:id)
+        in_versions = Repository.joins(:content_view_version).where("#{Katello::ContentViewVersion.table_name}.content_view_id" => Katello::ContentView.readable_as(user)).select(:id)
+        joins(:root).where("#{Repository.table_name}.id in (?) or #{self.table_name}.id in (?) or #{self.table_name}.id in (?) or #{self.table_name}.id in (?)", in_products, in_content_views, in_versions, in_environments)
+      end
+
+      def readable_docker_catalog
+        readable_docker_catalog_as(User.current)
+      end
+
+      def readable_docker_catalog_as(user)
+        table_name = Repository.table_name
+        in_unauth_environments = Repository.joins(:environment).where("#{Katello::KTEnvironment.table_name}.registry_unauthenticated_pull" => true).select(:id)
+        Repository.readable_as(user).or(Repository.joins(:root).where("#{table_name}.id in (?)", in_unauth_environments)).non_archived.docker_type
+      end
+
       def exportable
         in_product(Katello::Product.exportable)
       end

data/app/models/katello/concerns/host_managed_extensions.rb

@@ -233,10 +233,15 @@ module Katello
         new_ids = new_available_module_streams.keys - old_associated_ids
         new_ids.each do |new_id|
           module_stream = new_available_module_streams[new_id]
+          status = module_stream["status"]
+          # Set status to "unknown" only if the active field is in use and set to false and the module is enabled
+          if enabled_module_stream_inactive?(module_stream)
+            status = "unknown"
+          end
           self.host_available_module_streams.create!(host_id: self.id,
                                                      available_module_stream_id: new_id,
                                                      installed_profiles: module_stream["installed_profiles"],
-                                                     status: module_stream["status"])
+                                                     status: status)
         end
 
         upgradable_streams.each do |hams|
@@ -246,6 +251,10 @@ module Katello
           if hams.attributes.slice(*shared_keys) != module_stream_data
             hams.update!(module_stream_data)
           end
+          # Set status to "unknown" only if the active field is in use and set to false and the module is enabled
+          if enabled_module_stream_inactive?(module_stream)
+            hams.update!(status: "unknown")
+          end
         end
       end
 
@@ -365,6 +374,10 @@ module Katello
         self.get_status(::Katello::TraceStatus).refresh!
         self.refresh_global_status!
       end
+
+      def enabled_module_stream_inactive?(module_stream)
+        !module_stream["active"].nil? && module_stream["active"] == false && module_stream["status"] == "enabled"
+      end
     end
   end
 end

data/app/models/katello/concerns/hostgroup_extensions.rb

@@ -107,7 +107,9 @@ module Katello
         return true unless operatingsystem
 
         if operatingsystem.respond_to? :kickstart_repos
-          return operatingsystem.kickstart_repos(self).any? { |repo| repo[:id] == (content_facet&.kickstart_repository_id || content_facet&.kickstart_repository&.id) }
+          operatingsystem.kickstart_repos(self, content_facet: content_facet).any? do |repo|
+            repo[:id] == (content_facet&.kickstart_repository_id || content_facet&.kickstart_repository&.id)
+          end
         end
       end
 

data/app/models/katello/concerns/redhat_extensions.rb

@@ -10,8 +10,15 @@ module Katello
           minor ||= '' # treat minor versions as empty string to not confuse with nil
           os = ::Redhat.where(:name => os_name, :major => major, :minor => minor).try(:first)
           return os if os
-          description = "#{os_name}-#{repo.distribution_version}"
-          create_os = lambda { ::Redhat.create!(:name => os_name, :major => major, :minor => minor, :description => description) }
+
+          if ::Redhat.where(:title => "#{os_name} #{repo.distribution_version}").present?
+            description = "#{os_name} #{repo.distribution_version} #{SecureRandom.uuid}"
+            create_os = lambda do
+              ::Redhat.create!(:name => os_name, :major => major, :minor => minor, :description => description)
+            end
+          else
+            create_os = lambda { ::Redhat.create!(:name => os_name, :major => major, :minor => minor) }
+          end
 
           begin
             create_os.call
@@ -42,10 +49,11 @@ module Katello
         end
       end
 
-      def kickstart_repos(host)
-        distros = distribution_repositories(host).where(distribution_bootable: true)
-        if distros && host&.content_facet&.content_source
-          distros.map { |distro| distro.to_hash(host.content_facet.content_source) }
+      def kickstart_repos(host, content_facet: nil)
+        distros = distribution_repositories(host, content_facet: content_facet).where(distribution_bootable: true)
+        content_facet ||= host.content_facet
+        if distros && content_facet&.content_source
+          distros.map { |distro| distro.to_hash(content_facet.content_source) }
         else
           []
         end
@@ -62,10 +70,10 @@ module Katello
         end
       end
 
-      def distribution_repositories(host)
-        content_view = host.try(:content_facet).try(:content_view) || host.try(:content_view)
-        lifecycle_environment = host.try(:content_facet).try(:lifecycle_environment) || host.try(:lifecycle_environment)
-
+      def distribution_repositories(host, content_facet: nil)
+        content_facet ||= host.content_facet
+        content_view = content_facet.try(:content_view) || host.try(:content_view)
+        lifecycle_environment = content_facet.try(:lifecycle_environment) || host.try(:lifecycle_environment)
         if content_view && lifecycle_environment && host.os && host.architecture
           Katello::Repository.in_environment(lifecycle_environment).in_content_views([content_view]).
               where(:distribution_arch => host.architecture.name).

data/app/models/katello/concerns/smart_proxy_extensions.rb

@@ -18,6 +18,7 @@ module Katello
       PULP3_FEATURE = "Pulpcore".freeze
       PULP_FEATURE = "Pulp".freeze
       PULP_NODE_FEATURE = "Pulp Node".freeze
+      CONTAINER_GATEWAY_FEATURE = "Container_Gateway".freeze
 
       DOWNLOAD_INHERIT = 'inherit'.freeze
       DOWNLOAD_POLICIES = ::Runcible::Models::YumImporter::DOWNLOAD_POLICIES + [DOWNLOAD_INHERIT]
@@ -89,6 +90,10 @@ module Katello
         end
 
         def self.with_environment(environment, include_default = false)
+          (pulp2_proxies_with_environment(environment, include_default) + pulpcore_proxies_with_environment(environment)).try(:uniq)
+        end
+
+        def self.pulp2_proxies_with_environment(environment, include_default = false)
           features = [PULP_NODE_FEATURE]
           features << PULP_FEATURE if include_default
 
@@ -96,6 +101,11 @@ module Katello
               where(katello_capsule_lifecycle_environments: { lifecycle_environment_id: environment.id })
         end
 
+        def self.pulpcore_proxies_with_environment(environment)
+          unscoped.where(id: unscoped.select { |p| p.pulp_mirror? }.pluck(:id)).joins(:capsule_lifecycle_environments).
+              where(katello_capsule_lifecycle_environments: { lifecycle_environment_id: environment.id })
+        end
+
         def self.sync_needed?(environment)
           Setting[:foreman_proxy_content_auto_sync] && unscoped.with_environment(environment).any?
         end
@@ -119,6 +129,19 @@ module Katello
         path
       end
 
+      def update_container_repo_list(repo_list)
+        ProxyAPI::ContainerGateway.new(url: self.url).repository_list({ repositories: repo_list })
+      end
+
+      def update_user_container_repo_mapping(user_repo_map)
+        ProxyAPI::ContainerGateway.new(url: self.url).user_repository_mapping(user_repo_map)
+      end
+
+      def container_gateway_users
+        usernames = ProxyAPI::ContainerGateway.new(url: self.url).users
+        ::User.where(login: usernames['users'])
+      end
+
       def pulp_url
         uri = URI.parse(url)
         "#{uri.scheme}://#{uri.host}/pulp/api/v2/"

data/app/models/katello/glue/pulp/repo.rb

@@ -74,11 +74,6 @@ module Katello
         pulp_repo_facts['content_unit_counts']['srpm']
       end
 
-      def uri
-        uri = URI.parse(SETTINGS[:katello][:pulp][:url])
-        "https://#{uri.host}/pulp/content/#{relative_path}"
-      end
-
       def to_hash
         pulp_repo_facts.merge(as_json).merge(:sync_state => sync_state)
       end
@@ -364,19 +359,5 @@ module Katello
         end
       end
     end
-
-    def full_path(smart_proxy = nil, force_http = false)
-      pulp_uri = URI.parse(smart_proxy ? smart_proxy.url : SETTINGS[:katello][:pulp][:url])
-      scheme = force_http ? 'http' : 'https'
-      if docker?
-        "#{pulp_uri.host.downcase}/#{container_repository_name}"
-      elsif ostree?
-        "#{scheme}://#{pulp_uri.host.downcase}/pulp/content/web/#{relative_path}"
-      elsif ansible_collection?
-        "#{scheme}://#{pulp_uri.host.downcase}/pulp_ansible/galaxy/#{relative_path}/api"
-      else
-        "#{scheme}://#{pulp_uri.host.downcase}/pulp/content/#{relative_path}/"
-      end
-    end
   end
 end

data/app/models/katello/ping.rb

@@ -5,17 +5,10 @@ module Katello
     PACKAGES = %w(katello candlepin pulp qpid foreman tfm hammer).freeze
 
     class << self
-      def pulpcore_enabled # for downstream 6.9, remove in 6.10
-        SETTINGS[:katello][:use_pulp_2_for_content_type].nil? || (!SETTINGS[:katello][:use_pulp_2_for_content_type][:yum] &&
-        !SETTINGS[:katello][:use_pulp_2_for_content_type][:docker] &&
-        !SETTINGS[:katello][:use_pulp_2_for_content_type][:file]) ||
-        system('systemctl is-enabled pulpcore-api.service &>/dev/null')
-      end
-
       def services(capsule_id = nil)
         proxy = fetch_proxy(capsule_id)
-        services = [:candlepin, :candlepin_auth, :foreman_tasks, :katello_events, :candlepin_events, :katello_agent]
-        services += [:pulp3] if proxy&.pulp3_enabled? && pulpcore_enabled
+        services = [:candlepin, :candlepin_auth, :foreman_tasks, :katello_events, :candlepin_events]
+        services += [:pulp3] if proxy&.pulp3_enabled?
         if proxy.nil? || proxy.has_feature?(SmartProxy::PULP_NODE_FEATURE) || proxy.has_feature?(SmartProxy::PULP_FEATURE)
           services += [:pulp, :pulp_auth]
         end

data/app/models/katello/repository.rb

@@ -395,6 +395,20 @@ module Katello
       all_instances
     end
 
+    def full_path(smart_proxy = nil, force_http = false)
+      pulp_uri = URI.parse(smart_proxy ? smart_proxy.url : ::SmartProxy.pulp_primary.url)
+      scheme = force_http ? 'http' : 'https'
+      if docker?
+        "#{pulp_uri.host.downcase}/#{container_repository_name}"
+      elsif ostree?
+        "#{scheme}://#{pulp_uri.host.downcase}/pulp/content/web/#{relative_path}"
+      elsif ansible_collection?
+        "#{scheme}://#{pulp_uri.host.downcase}/pulp_ansible/galaxy/#{relative_path}/api"
+      else
+        "#{scheme}://#{pulp_uri.host.downcase}/pulp/content/#{relative_path}/"
+      end
+    end
+
     def to_hash(content_source = nil, force_http = false)
       {id: id, name: label, url: full_path(content_source, force_http)}
     end

data/app/services/cert/certs.rb

@@ -8,6 +8,10 @@ module Cert
       File.open(Setting[:ssl_ca_file], 'r').read
     end
 
+    def self.candlepin_client_ca_cert
+      File.read(SETTINGS[:katello][:candlepin][:ca_cert_file])
+    end
+
     def self.ssl_client_cert
       @ssl_client_cert ||= OpenSSL::X509::Certificate.new(File.open(ssl_client_cert_filename, 'r').read)
     end

data/app/services/katello/applicability/applicable_content_helper.rb

@@ -92,7 +92,8 @@ module Katello
         ::Katello::ModuleStream.
           joins("inner join katello_available_module_streams on
             katello_module_streams.name = katello_available_module_streams.name and
-            katello_module_streams.stream = katello_available_module_streams.stream").
+            katello_module_streams.stream = katello_available_module_streams.stream and
+            katello_module_streams.context = katello_available_module_streams.context").
           joins("inner join katello_host_available_module_streams on
             katello_available_module_streams.id = katello_host_available_module_streams.available_module_stream_id").
           where("katello_host_available_module_streams.host_id = :content_facet_id and

data/app/services/katello/pulp3/api/content_guard.rb

@@ -4,6 +4,10 @@ module Katello
   module Pulp3
     module Api
       class ContentGuard < Core
+        def default_name
+          'RHSMCertGuard'
+        end
+
         def self.client_module
           PulpCertguardClient
         end
@@ -20,19 +24,49 @@ module Katello
           PulpCertguardClient::ContentguardsRhsmApi.new(api_client)
         end
 
-        def create(name = "RHSMCertGuard", ca_certificate = Cert::Certs.ca_cert)
-          data = PulpCertguardClient::CertguardRHSMCertGuard.new(name: name, ca_certificate: ca_certificate)
+        def ca_cert
+          Cert::Certs.candlepin_client_ca_cert
+        end
+
+        def refresh
+          found = list(name: default_name).results.first
+          if found && found.ca_certificate != ca_cert
+            partial_update(found.pulp_href)
+          else
+            found = create
+          end
+          persist_if_needed(found.pulp_href)
+        end
+
+        def persist_if_needed(href)
+          return if self.smart_proxy.pulp_mirror?
+          Katello::Util::Support.active_record_retry do
+            found = Katello::Pulp3::ContentGuard.find_by(:name => default_name)
+            if found
+              found.update(pulp_href: href)
+            else
+              Katello::Pulp3::ContentGuard.create(name: default_name, pulp_href: href)
+            end
+          end
+        end
+
+        def create(name = default_name)
+          data = PulpCertguardClient::CertguardRHSMCertGuard.new(name: name, ca_certificate: ca_cert)
           rhsm_api_client.create(data)
         rescue self.class.api_exception_class => e
-          raise e unless list&.results&.first
+          if (found = list&.results&.first) #check for possible race condition
+            found
+          else
+            raise e
+          end
         end
 
         def list(options = {})
           rhsm_api_client.list options
         end
 
-        def partial_update(href, ca_certificate = Cert::Certs.ca_cert)
-          data = PulpCertguardClient::CertguardRHSMCertGuard.new(ca_certificate: ca_certificate)
+        def partial_update(href)
+          data = PulpCertguardClient::CertguardRHSMCertGuard.new(ca_certificate: ca_cert)
           rhsm_api_client.partial_update(href, data)
         end
 

data/app/services/katello/pulp3/migration.rb

@@ -204,7 +204,7 @@ module Katello
 
           if to_find
             found = migrated_repo_items.find { |migrated_repo| migrated_repo.pulp2_repo_id == to_find.pulp_id }
-            import_repo(yum_repo, found)
+            import_repo(yum_repo, found) if found
           end
         end
       end

data/app/services/katello/pulp3/migration_plan.rb

@@ -64,6 +64,8 @@ module Katello
       def library_migration_for(root)
         repo = root.library_instance
 
+        return nil unless library_repo_safe_to_migrate?(repo)
+
         migration = {
           name: repo.pulp_id,
           repository_versions: [
@@ -77,10 +79,49 @@ module Katello
         migration
       end
 
+      def library_repo_safe_to_migrate?(repo)
+        publish_tasks = ForemanTasks::Task.where(label: 'Actions::Katello::ContentView::Publish')
+        publishing_repo_ids = publish_tasks.where(state: ['scheduled', 'running']).collect do |task|
+          ::Katello::ContentViewVersion.find(task.input[:content_view_version_id]).library_repos.pluck(:id)
+        end
+        publishing_repo_ids = publishing_repo_ids.flatten
+
+        if publishing_repo_ids.include?(repo.id)
+          warn_string = "Library repository with ID #{repo.id} and name #{repo.name} unmigrated due to being "\
+            "associated with an actively-publishing content view.  The migration will need to be run again."
+          Rails.logger.warn(warn_string)
+          return false
+        end
+
+        create_root_tasks = ForemanTasks::Task.where(label: 'Actions::Katello::Repository::CreateRoot')
+        active_creation_task = create_root_tasks.where(state: ['scheduled', 'running']).detect do |task|
+          task.input[:repository][:id] == repo.id
+        end
+
+        if active_creation_task.present?
+          warn_string = "Repository with ID #{repo.id} and name #{repo.name} unmigrated due to being "\
+            "created during the Pulp 3 migration.  The migration will need to be run again."
+          Rails.logger.warn(warn_string)
+          return false
+        end
+        true
+      end
+
       def content_view_migrations_for(root)
+        publish_tasks = ForemanTasks::Task.where(label: 'Actions::Katello::ContentView::Publish')
+        publishing_cv_ids = publish_tasks.where(state: ['scheduled', 'running']).collect do |task|
+          task.input[:content_view_id]
+        end
+
         plans = []
         ContentView.non_default.published_with_repositories(root).sort_by(&:label).each do |cv|
-          plans << content_view_migration(cv, root)
+          if publishing_cv_ids.include?(cv.id)
+            warn_string = "Repositories belonging to Content View with ID #{cv.id} and name #{cv.name} unmigrated "\
+              "due to being created during the Pulp 3 migration.  The migration will need to be run again."
+            Rails.logger.warn(warn_string)
+          else
+            plans << content_view_migration(cv, root)
+          end
         end
         plans
       end

data/app/services/katello/ui_notifications/pulp/proxy_disk_space.rb

@@ -5,6 +5,7 @@ module Katello
         class << self
           def deliver!
             SmartProxy.unscoped.with_content.each do |proxy|
+              percentage = proxy.pulp_disk_usage[0]['percentage']
               if percentage < 90 && notification_already_exists?(proxy)
                 blueprint.notifications.where(subject: proxy).destroy_all
               elsif update_notifications(proxy).empty? && percentage > 90

data/app/views/overrides/smart_proxies/_download_policy.erb

@@ -1,3 +1,3 @@
-<% if @smart_proxy.has_feature?(SmartProxy::PULP_NODE_FEATURE) %>
+<% if @smart_proxy.pulp_mirror? %>
   <%= select_f(f, :download_policy, download_policies, :label, :name, :size => "col-md-8" ) %>
 <% end %>

data/db/migrate/20200514092553_move_katello_fields_from_hostgroups.katello.rb

@@ -46,7 +46,7 @@ class MoveKatelloFieldsFromHostgroups < ActiveRecord::Migration[6.0]
         content_facet.kickstart_repository_id = kickstart_repository_id
         content_facet.content_view_id = content_view_id
         content_facet.lifecycle_environment_id = lifecycle_environment_id
-        unless content_facet.save
+        unless content_facet.save(validate: false)
           Rails.logger.warn("Unable to save content facet hostgroup for #{content_facet.inspect} ")
           Rails.logger.warn(content_facet.errors.full_messages.join("\n"))
         end

data/db/migrate/20210119162528_delete_puppet_and_ostree_repos.rb

@@ -24,30 +24,43 @@ class DeletePuppetAndOstreeRepos < ActiveRecord::Migration[6.0]
     self.table_name = 'katello_ostree_branches'
   end
 
+  def puppet_repositories
+    puppet_query = "SELECT \"katello_repositories\".* FROM \"katello_repositories\"" \
+      " INNER JOIN \"katello_root_repositories\" ON \"katello_root_repositories\".\"id\" =" \
+      " \"katello_repositories\".\"root_id\" WHERE \"katello_root_repositories\".\"content_type\" = 'puppet'"
+    ::Katello::Repository.find_by_sql(puppet_query)
+  end
+
   def up
-    if Katello::Repository.ostree_type.any? || Katello::Repository.puppet_type.any?
-      User.as_anonymous_admin do
-        FakeContentViewPuppetModule.delete_all
-        FakeContentViewPuppetEnvironmentPuppetModule.delete_all
-        FakeRepositoryPuppetModule.delete_all
+    FakeContentViewPuppetModule.delete_all
+    FakeContentViewPuppetEnvironmentPuppetModule.delete_all
+    FakeRepositoryPuppetModule.delete_all
 
-        FakeContentViewPuppetEnvironment.delete_all
-        FakePuppetModule.delete_all
+    FakeContentViewPuppetEnvironment.delete_all
+    FakePuppetModule.delete_all
 
-        Katello::Repository.puppet_type.delete_all
+    if puppet_repositories.any?
+      User.as_anonymous_admin do
+        ::Katello::Repository.delete(puppet_repositories)
+        ::Katello::RootRepository.where(content_type: 'puppet').destroy_all
+      end
+    end
 
-        FakeRepositoryOstreeBranch.delete_all
-        FakeOstreeBranch.delete_all
+    FakeRepositoryOstreeBranch.delete_all
+    FakeOstreeBranch.delete_all
+
+    if Katello::Repository.ostree_type.any?
+      User.as_anonymous_admin do
         Katello::Repository.ostree_type.where.not(:library_instance_id => nil, :environment_id => nil).destroy_all #CV LCE repos
         Katello::Repository.ostree_type.where.not(:library_instance_id => nil).destroy_all # archive repos
         Katello::Repository.ostree_type.destroy_all #all the rest (should just be library repos)
-
-        Katello::ContentViewVersion.where.not(:content_counts => nil).each do |version|
-          version.content_counts.except!('ostree', 'puppet_module')
-          version.save
-        end
       end
     end
+
+    Katello::ContentViewVersion.where.not(:content_counts => nil).each do |version|
+      version.content_counts.except!('ostree', 'puppet_module')
+      version.save
+    end
   end
 
   def down

data/db/migrate/20210512192745_fix_red_hat_root_repository_arch.rb

@@ -0,0 +1,11 @@
+class FixRedHatRootRepositoryArch < ActiveRecord::Migration[6.0]
+  def up
+    ::Katello::RootRepository.
+      joins("INNER JOIN katello_contents ON katello_contents.cp_content_id = katello_root_repositories.content_id").
+      where.not(arch: 'noarch').where.not("katello_contents.content_url ILIKE '%$basearch%'").update(arch: 'noarch')
+  end
+
+  def down
+    fail ActiveRecord::IrreversibleMigration
+  end
+end

data/lib/katello/engine.rb

@@ -34,7 +34,6 @@ module Katello
         },
         :pulp => {
           :default_login => 'admin',
-          :url => 'https://localhost/pulp/api/v2/',
           :bulk_load_size => 2000,
           :skip_checksum_validation => false,
           :upload_chunk_size => 1_048_575, # upload size in bytes to pulp. see SSLRenegBufferSize in apache

data/lib/katello/tasks/fix_hostgroup_facets.rake

@@ -0,0 +1,8 @@
+namespace :katello do
+  desc "This task collates hostgroup content facts that were missed during the upgrade from audit.\
+        It then updates the hostgroup content_facet accordingly."
+  task :fix_hostgroup_facets => :environment do
+    User.current = User.anonymous_admin
+    ::Katello::Util::HostgroupFacetsHelper.new.main
+  end
+end

data/lib/katello/tasks/upgrades/4.0/remove_ostree_puppet_content.rake

@@ -5,11 +5,13 @@ namespace :katello do
       task :remove_ostree_puppet_content => ["environment", "check_ping"] do
         contents = Katello::Content.where(content_type: ['ostree', 'puppet'])
         contents.each do |content|
-          Katello::Resources::Candlepin::Content.destroy(content.organization.label, content.cp_content_id)
+          unless content.products.any?(&:redhat?)
+            Katello::Resources::Candlepin::Content.destroy(content.organization.label, content.cp_content_id)
+            content.destroy
+          end
         rescue RestClient::NotFound
           #skip content not found
         end
-        contents.destroy_all
       end
     end
   end

data/lib/katello/version.rb

@@ -1,3 +1,3 @@
 module Katello
-  VERSION = "4.0.1.1".freeze
+  VERSION = "4.0.3".freeze
 end

data/lib/katello.rb

@@ -28,6 +28,6 @@ module Katello
   require "katello/engine"
 
   def self.pulp_server
-    Katello::Pulp::Server.config(SETTINGS[:katello][:pulp][:url], User.remote_user)
+    Katello::Pulp::Server.config(::SmartProxy.pulp_primary.url + '/pulp/api/v2/', User.remote_user)
   end
 end

data/lib/proxy_api/container_gateway.rb

@@ -1,21 +1,32 @@
 module ProxyAPI
   class ContainerGateway < ::ProxyAPI::Resource
     def initialize(args)
-      @url = args[:url] + "/container_gateway/v2"
+      @url = args[:url] + "/container_gateway"
       super args
     end
 
-    def unauthenticated_repository_list(args = {})
-      # get '/v2/unauthenticated_repository_list/?'
-      # put '/v2/unauthenticated_repository_list/?'
-      @url += "/unauthenticated_repository_list"
-      if args.empty?
-        @unauthenticated_repo_list = parse get
-      else
-        parse put(args)
-      end
+    def repository_list(args)
+      # put '/v2/repository_list/?'
+      @url += "/repository_list"
+      parse put(args)
     rescue => e
-      raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to perform unauthenticated repository list operation"))
+      raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to update the repository list"))
+    end
+
+    def user_repository_mapping(args)
+      # put '/v2/user_repository_mapping/?'
+      @url += "/user_repository_mapping"
+      parse put(args)
+    rescue => e
+      raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to update the user-repository mapping"))
+    end
+
+    def users
+      # get '/v2/users/?'
+      @url += "/users"
+      @users = parse get
+    rescue => e
+      raise ::ProxyAPI::ProxyException.new(url, e, N_("Unable to get users"))
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: katello
 version: !ruby/object:Gem::Version
-  version: 4.0.1.1
+  version: 4.0.3
 platform: ruby
 authors:
 - N/A
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-21 00:00:00.000000000 Z
+date: 2021-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -84,16 +84,30 @@ dependencies:
   name: foreman-tasks
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: foreman-tasks-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 0.3.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 0.3.5
 - !ruby/object:Gem::Dependency
   name: foreman_remote_execution
   requirement: !ruby/object:Gem::Requirement
@@ -115,6 +129,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -122,6 +139,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: activerecord-import
   requirement: !ruby/object:Gem::Requirement
@@ -1075,7 +1095,6 @@ files:
 - app/lib/actions/pulp3/abstract.rb
 - app/lib/actions/pulp3/abstract_async_task.rb
 - app/lib/actions/pulp3/capsule_content/generate_metadata.rb
-- app/lib/actions/pulp3/capsule_content/refresh_content_guard.rb
 - app/lib/actions/pulp3/capsule_content/refresh_distribution.rb
 - app/lib/actions/pulp3/capsule_content/sync.rb
 - app/lib/actions/pulp3/content_guard/refresh.rb
@@ -1205,6 +1224,7 @@ files:
 - app/lib/katello/util/docker_manifest_clause_generator.rb
 - app/lib/katello/util/errata.rb
 - app/lib/katello/util/filter_clause_generator.rb
+- app/lib/katello/util/hostgroup_facets_helper.rb
 - app/lib/katello/util/http_proxy.rb
 - app/lib/katello/util/model.rb
 - app/lib/katello/util/module_stream_clause_generator.rb
@@ -2166,6 +2186,7 @@ files:
 - db/migrate/20210201163238_migrate_background_download_policy_to_migrate.rb
 - db/migrate/20210208213920_add_available_module_stream_context.rb
 - db/migrate/20210218214048_change_default_content_view_version_export_history.rb
+- db/migrate/20210512192745_fix_red_hat_root_repository_arch.rb
 - db/seeds.d/101-locations.rb
 - db/seeds.d/102-organizations.rb
 - db/seeds.d/104-proxy.rb
@@ -4520,6 +4541,7 @@ files:
 - lib/katello/tasks/clean_old_file_repos.rake
 - lib/katello/tasks/clean_published_repo_directories.rake
 - lib/katello/tasks/delete_orphaned_content.rake
+- lib/katello/tasks/fix_hostgroup_facets.rake
 - lib/katello/tasks/import_applicability.rake
 - lib/katello/tasks/import_subscriptions.rake
 - lib/katello/tasks/jenkins.rake

data/app/lib/actions/pulp3/capsule_content/refresh_content_guard.rb

@@ -1,17 +0,0 @@
-module Actions
-  module Pulp3
-    module CapsuleContent
-      class RefreshContentGuard < Pulp3::AbstractAsyncTask
-        def plan(smart_proxy, options = {})
-          content_guard_api = ::Katello::Pulp3::Api::ContentGuard.new(smart_proxy)
-          content_guard_href = content_guard_api.list&.results&.first&.pulp_href
-          if content_guard_href && options.try(:[], :update)
-            content_guard_api.partial_update content_guard_href
-          else
-            content_guard_api.create
-          end
-        end
-      end
-    end
-  end
-end