katello 4.9.1 → 4.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2725e254c69e3a52955ec2e85605097ad13751770b46de79a14bb6153451e5b7
-  data.tar.gz: a59ffe3ac6b743b36ac2207a44c333dc504975b54d23efb2d9d04aa13741c575
+  metadata.gz: feee4d277c7c10e872fb0a6b78e3b1c3c774f108b5c6d2dd715bfc5519e9e2be
+  data.tar.gz: 91fa39a6da658fa21bb51ca6eab3c4080d8098654ae731194861457f7e7ce9cc
 SHA512:
-  metadata.gz: 78951d090b4e05283c65ebb11d2c18475ffc2afa26cb2c1f981a425f18cd85bf9a82c84c06e33dc8c05348a1b9f8af845adb482fd0075116f75da85c847e5d31
-  data.tar.gz: 5c2acdd95ed253669357a68142f42c8b09ba5b34603bfa9acf1e029cdc32c9696d1edb40a8e616e032747c6771110ca54bd048b4108a342d755b1d000270766c
+  metadata.gz: 70fc4051a751c9f8df528de6a4acf4ca9588a60cecc7297dd7a826b01adfc22f5ea3994457a535e4b8405f5873d7307e4e6e126c8413e4f061c7cc39a11aa926
+  data.tar.gz: '09b5eb9678d9028bfb96fe4a293ecad609b2d01b9889a1f4dda6002f27bb8db0259229560bc7b42f18a9ea7e2a52404f9b6f2c5e295c74a00bc515e9eb7ec5f6'

data/app/controllers/katello/api/v2/host_subscriptions_controller.rb

@@ -81,7 +81,7 @@ module Katello
     def create
       rhsm_params = params_to_rhsm_params
 
-      host = Katello::RegistrationManager.process_registration(rhsm_params, @content_view_environment)
+      host = Katello::RegistrationManager.process_registration(rhsm_params, [@content_view_environment])
       host.reload
       ::Katello::Host::SubscriptionFacet.update_facts(host, rhsm_params[:facts]) unless rhsm_params[:facts].blank?
 

data/app/controllers/katello/api/v2/products_controller.rb

@@ -17,10 +17,10 @@ module Katello
 
     def_param_group :product do
       param :description, String, :desc => N_("Product description")
-      param :gpg_key_id, :number, :desc => N_("Identifier of the GPG key")
-      param :ssl_ca_cert_id, :number, :desc => N_("Idenifier of the SSL CA Cert")
-      param :ssl_client_cert_id, :number, :desc => N_("Identifier of the SSL Client Cert")
-      param :ssl_client_key_id, :number, :desc => N_("Identifier of the SSL Client Key")
+      param :gpg_key_id, :number, :desc => N_("Identifier of the GPG key"), :allow_nil => true
+      param :ssl_ca_cert_id, :number, :desc => N_("Idenifier of the SSL CA Cert"), :allow_nil => true
+      param :ssl_client_cert_id, :number, :desc => N_("Identifier of the SSL Client Cert"), :allow_nil => true
+      param :ssl_client_key_id, :number, :desc => N_("Identifier of the SSL Client Key"), :allow_nil => true
       param :sync_plan_id, :number, :desc => N_("Plan numeric identifier"), :allow_nil => true
     end
 

data/app/controllers/katello/api/v2/repositories_bulk_actions_controller.rb

@@ -7,7 +7,7 @@ module Katello
     def destroy_repositories
       deletion_authorized_repositories = @repositories.deletable
       unpromoted_repos = deletion_authorized_repositories.reject { |repo| repo.promoted? && repo.content_views.generated_for_none.exists? }
-
+      unpromoted_repos_non_last_affected_repo = unpromoted_repos.reject { |repo| repo.filters.any? { |filter| filter.repositories.size == 1 } }
       messages1 = format_bulk_action_messages(
           :success    => "",
           :error      => _("You do not have permissions to delete %s"),
@@ -17,16 +17,23 @@ module Katello
 
       messages2 = format_bulk_action_messages(
           :success    => "",
-          :error      => _("Repository %s cannot be deleted since it has already been included in a published Content View."),
+          :error      => _("Repository %s cannot be deleted since it has already been included in a published Content View. Use repository details page to delete"),
           :models     => deletion_authorized_repositories,
           :authorized => unpromoted_repos
       )
 
-      errors = messages1[:error] + messages2[:error]
+      messages3 = format_bulk_action_messages(
+        :success    => "",
+        :error      => _("Repository %s cannot be deleted since it is the last affected repository in a filter. Use repository details page to delete."),
+        :models     => unpromoted_repos,
+        :authorized => unpromoted_repos_non_last_affected_repo
+      )
+
+      errors = messages1[:error] + messages2[:error] + messages3[:error]
 
       task = nil
-      if unpromoted_repos.any?
-        task = async_task(::Actions::BulkAction, ::Actions::Katello::Repository::Destroy, unpromoted_repos)
+      if unpromoted_repos_non_last_affected_repo.any?
+        task = async_task(::Actions::BulkAction, ::Actions::Katello::Repository::Destroy, unpromoted_repos_non_last_affected_repo)
       else
         status = 400
       end

data/app/controllers/katello/api/v2/repositories_controller.rb

@@ -41,12 +41,12 @@ module Katello
 
     def_param_group :repo do
       param :url, String, :desc => N_("repository source url")
-      param :os_versions, Array,
-            :desc => N_("Identifies whether the repository should be disabled on a client with a non-matching OS version. Pass [] to enable regardless of OS version. Maximum length 1; allowed tags are: %s") % Katello::RootRepository::ALLOWED_OS_VERSIONS.join(', ')
-      param :gpg_key_id, :number, :desc => N_("id of the gpg key that will be assigned to the new repository")
-      param :ssl_ca_cert_id, :number, :desc => N_("Identifier of the content credential containing the SSL CA Cert")
-      param :ssl_client_cert_id, :number, :desc => N_("Identifier of the content credential containing the SSL Client Cert")
-      param :ssl_client_key_id, :number, :desc => N_("Identifier of the content credential containing the SSL Client Key")
+      param :os_versions, Array, :desc => N_("Identifies whether the repository should be unavailable on a client with a non-matching OS version.
+Pass [] to make repo available for clients regardless of OS version. Maximum length 1; allowed tags are: %s") % Katello::RootRepository::ALLOWED_OS_VERSIONS.join(', ')
+      param :gpg_key_id, :number, :desc => N_("id of the gpg key that will be assigned to the new repository"), :allow_nil => true
+      param :ssl_ca_cert_id, :number, :desc => N_("Identifier of the content credential containing the SSL CA Cert"), :allow_nil => true
+      param :ssl_client_cert_id, :number, :desc => N_("Identifier of the content credential containing the SSL Client Cert"), :allow_nil => true
+      param :ssl_client_key_id, :number, :desc => N_("Identifier of the content credential containing the SSL Client Key"), :allow_nil => true
       param :unprotected, :bool, :desc => N_("true if this repository can be published via HTTP")
       param :checksum_type, String, :desc => N_("Checksum of the repository, currently 'sha1' & 'sha256' are supported")
       param :docker_upstream_name, String, :desc => N_("Name of the upstream docker repository")
@@ -416,9 +416,12 @@ module Katello
     api :DELETE, "/repositories/:id", N_("Destroy a custom repository")
     param :id, :number, :required => true
     param :remove_from_content_view_versions, :bool, :required => false, :desc => N_("Force delete the repository by removing it from all content view versions")
+    param :delete_empty_repo_filters, :bool, :required => false, :desc => N_("Delete content view filters that have this repository as the last associated repository. Defaults to true. If false, such filters will now apply to all repositories in the content view.")
     def destroy
       sync_task(::Actions::Katello::Repository::Destroy, @repository,
-        remove_from_content_view_versions: ::Foreman::Cast.to_bool(params.fetch(:remove_from_content_view_versions, false)))
+                remove_from_content_view_versions: ::Foreman::Cast.to_bool(params.fetch(:remove_from_content_view_versions, false)),
+                delete_empty_repo_filters: ::Foreman::Cast.to_bool(params.fetch(:delete_empty_repo_filters, true))
+                )
       respond_for_destroy
     end
 

data/app/controllers/katello/concerns/content_facet_hosts_controller_extensions.rb

@@ -6,17 +6,15 @@ module Katello
         before_action :set_up_content_view_environment, only: [:update]
 
         def set_up_content_view_environment
-          return unless params[:host] && params[:host][:content_facet_attributes]
+          return unless @host&.content_facet.present? && params[:host]&.[](:content_facet_attributes)&.present?
           cv_id = params[:host][:content_facet_attributes].delete(:content_view_id)
           env_id = params[:host][:content_facet_attributes].delete(:lifecycle_environment_id)
-          Rails.logger.info "set_up_content_view_environment: cv_id=#{cv_id}, env_id=#{env_id}"
-          if (cv_id.present? && env_id.present?)
-            @host.content_facet.assign_single_environment(
-              lifecycle_environment_id: env_id,
-              content_view_id: cv_id
-            )
-            Rails.logger.info "set_up_content_view_environment: done"
-          end
+          Rails.logger.info "#{__method__}: cv_id=#{cv_id}, env_id=#{env_id}"
+          @host.content_facet.assign_single_environment(
+            lifecycle_environment_id: env_id,
+            content_view_id: cv_id
+          )
+          Rails.logger.info "#{__method__}: done"
         end
       end
     end

data/app/helpers/katello/hosts_and_hostgroups_helper.rb

@@ -4,6 +4,18 @@ module Katello
       "kt_activation_keys"
     end
 
+    def edit_action?
+      params[:action] == 'edit'
+    end
+
+    def cv_lce_disabled?
+      edit_action? && !using_discovered_hosts_page?
+    end
+
+    def using_discovered_hosts_page?
+      controller.controller_name == "discovered_hosts"
+    end
+
     def using_hostgroups_page?
       controller.controller_name == "hostgroups"
     end
@@ -164,7 +176,7 @@ module Katello
 
       views = []
       if lifecycle_environment
-        views = Katello::ContentView.in_environment(lifecycle_environment).readable.order(:name)
+        views = Katello::ContentView.in_environment(lifecycle_environment).ignore_generated.readable.order(:name)
         views |= [content_view] if content_view.present? && content_view.in_environment?(lifecycle_environment)
       elsif content_view
         views = [content_view]

data/app/lib/actions/katello/agent_action.rb

@@ -14,8 +14,10 @@ module Actions
 
       def plan(host, options)
         action_subject(host, :hostname => host.name, :content => options[:content])
-
-        dispatch_history_id = options.dig(:dispatch_histories, host.id.to_s) || ::Katello::Agent::Dispatcher.create_histories(
+        # options[:dispatch_histories] keys might be strings or integers
+        dispatch_history_id = options.dig(:dispatch_histories, host.id.to_s) ||
+        options.dig(:dispatch_histories, host.id.to_i) ||
+          ::Katello::Agent::Dispatcher.create_histories(
           host_ids: [host.id]
         ).first.id
 
@@ -44,7 +46,6 @@ module Actions
             history.dynflow_execution_plan_id = suspended_action.execution_plan_id
             history.dynflow_step_id = suspended_action.step_id
             history.save!
-
             dispatch_message(history) unless input[:bulk]
 
             schedule_timeout(timeout, optional: true)

data/app/lib/actions/katello/bulk_agent_action.rb

@@ -21,7 +21,10 @@ module Actions
 
       def spawn_plans
         args = input[:args].first
-        histories = ::Katello::Agent::DispatchHistory.where(id: args[:dispatch_histories].slice(*current_batch.map(&:to_s)).values)
+        # args[:dispatch_histories] keys are numeric host ids; they may be integer or string
+        # Hash#slice will return a filtered hash only with the specified keys, and ignore keys that don't exist
+        possible_keys = [*current_batch.map(&:to_i), *current_batch.map(&:to_s)]
+        histories = ::Katello::Agent::DispatchHistory.where(id: args[:dispatch_histories].slice(*possible_keys).values)
         ::Katello::Agent::Dispatcher.dispatch(
           args[:type].to_sym,
           histories,

data/app/lib/actions/katello/content_view_environment/destroy.rb

@@ -8,19 +8,20 @@ module Actions
           content_view = cv_env.content_view
           environment = cv_env.environment
           content_view.check_remove_from_environment!(environment) unless organization_destroy
-
+          docker_cleanup = false
           sequence do
             concurrence do
               unless skip_repo_destroy
                 content_view.repos(environment).each do |repo|
                   # no need to update the content view environment since it's
                   # getting destroyed so skip_environment_update
-                  plan_action(Repository::Destroy, repo, skip_environment_update: true)
+                  plan_action(Repository::Destroy, repo, skip_environment_update: true, docker_cleanup: false)
+                  docker_cleanup ||= repo.docker?
                 end
               end
             end
             plan_action(Candlepin::Environment::Destroy, cp_id: cv_env.cp_id) unless organization_destroy
-            plan_self(:id => cv_env.id)
+            plan_self(:id => cv_env.id, :docker_cleanup => docker_cleanup)
           end
         end
 
@@ -31,6 +32,7 @@ module Actions
           else
             cv_env.destroy!
           end
+          ::Katello::DockerMetaTag.cleanup_tags if input[:docker_cleanup]
         end
       end
     end

data/app/lib/actions/katello/content_view_version/destroy.rb

@@ -7,22 +7,26 @@ module Actions
 
           destroy_env_content = !options.fetch(:skip_destroy_env_content, false)
           repos = destroy_env_content ? version.repositories : version.archived_repos
+          docker_cleanup = false
 
           sequence do
             concurrence do
               repos.each do |repo|
                 repo_options = options.clone
+                repo_options[:docker_cleanup] = false
                 plan_action(Repository::Destroy, repo, repo_options)
+                docker_cleanup ||= repo.docker?
               end
             end
           end
 
-          plan_self(:id => version.id)
+          plan_self(:id => version.id, :docker_cleanup => docker_cleanup)
         end
 
         def finalize
           version = ::Katello::ContentViewVersion.find_by(id: input[:id])
           version&.destroy!
+          ::Katello::DockerMetaTag.cleanup_tags if input[:docker_cleanup]
         end
       end
     end

data/app/lib/actions/katello/host/update_content_view.rb

@@ -4,8 +4,10 @@ module Actions
       class UpdateContentView < Actions::EntryAction
         def plan(host, content_view_id, lifecycle_environment_id)
           if host.content_facet
-            host.content_facet.content_view = ::Katello::ContentView.find(content_view_id)
-            host.content_facet.lifecycle_environment = ::Katello::KTEnvironment.find(lifecycle_environment_id)
+            host.content_facet.assign_single_environment(
+              content_view_id: content_view_id,
+              lifecycle_environment_id: lifecycle_environment_id
+            )
             host.update_candlepin_associations
             plan_self(:hostname => host.name)
           else

data/app/lib/actions/katello/product/destroy.rb

@@ -2,21 +2,11 @@ module Actions
   module Katello
     module Product
       class Destroy < Actions::EntryAction
-        # rubocop:disable Metrics/MethodLength
         def plan(product, options = {})
           organization_destroy = options.fetch(:organization_destroy, false)
           skip_environment_update = options.fetch(:skip_environment_update, false) ||
               options.fetch(:organization_destroy, false)
-
-          unless organization_destroy || product.user_deletable?
-            if product.redhat?
-              fail _("Cannot delete Red Hat product: %{product}") % { :product => product.name }
-            elsif !product.published_content_view_versions.not_ignorable.empty?
-              fail _("Cannot delete product with repositories published in a content view.  Product: %{product}, %{view_versions}") %
-                       { :product => product.name, :view_versions => view_versions(product) }
-            end
-          end
-
+          check_ready_to_delete(product, organization_destroy)
           action_subject(product)
 
           # Candlepin::Product::ContentRemove is called with Katello::Repository::Destroy, so we only want to run ContentRemove
@@ -99,6 +89,20 @@ module Actions
           end
           results.join(', ')
         end
+
+        def check_ready_to_delete(product, organization_destroy)
+          unless organization_destroy || product.user_deletable?
+            if product.redhat?
+              fail _("Cannot delete Red Hat product: %{product}") % { :product => product.name }
+            elsif !product.published_content_view_versions.not_ignorable.empty?
+              fail _("Cannot delete product with repositories published in a content view.  Product: %{product}, %{view_versions}") %
+                     { :product => product.name, :view_versions => view_versions(product) }
+            elsif product.repositories.any? { |repo| repo.filters.any? { |filter| filter.repositories.size == 1 } }
+              fail _("Cannot delete product: %{product} with repositories that are the last affected repository in content view filters. Delete these repositories before deleting product.") %
+                     { :product => product.name }
+            end
+          end
+        end
       end
     end
   end

data/app/lib/actions/katello/repository/destroy.rb

@@ -15,6 +15,8 @@ module Actions
               options.fetch(:organization_destroy, false)
           destroy_content = options.fetch(:destroy_content, true)
           remove_from_content_view_versions = options.fetch(:remove_from_content_view_versions, false)
+          delete_empty_repo_filters = options.fetch(:delete_empty_repo_filters, true)
+          docker_cleanup = options.fetch(:docker_cleanup, true)
           action_subject(repository)
           check_destroyable!(repository, remove_from_content_view_versions)
           remove_generated_content_views(repository)
@@ -29,8 +31,9 @@ module Actions
 
           handle_acs_product_removal(repository)
           handle_alternate_content_sources(repository)
+          delete_empty_repo_filters(repository) if delete_empty_repo_filters
 
-          plan_self(:user_id => ::User.current.id, :affected_cvv_ids => affected_cvv_ids)
+          plan_self(:user_id => ::User.current.id, :affected_cvv_ids => affected_cvv_ids, :docker_cleanup => docker_cleanup)
           sequence do
             if repository.redhat?
               handle_redhat_content(repository) unless skip_environment_update
@@ -45,7 +48,7 @@ module Actions
         def finalize
           repository = ::Katello::Repository.find_by(id: input[:repository][:id])
           if repository
-            docker_cleanup = repository.content_type == ::Katello::Repository::DOCKER_TYPE
+            docker_cleanup = repository.docker? && input[:docker_cleanup]
             delete_record(repository, {docker_cleanup: docker_cleanup})
 
             if (affected_cvv_ids = input[:affected_cvv_ids]).any?
@@ -81,6 +84,11 @@ module Actions
           end
         end
 
+        def delete_empty_repo_filters(repository)
+          filters_to_delete = repository.filters.select { |filter| filter.repositories.size == 1 }
+          ::Katello::ContentViewFilter.where(id: filters_to_delete).destroy_all
+        end
+
         def handle_custom_content(repository, remove_from_content_view_versions)
           #if this is the last instance of a custom repo, destroy the content
           if remove_from_content_view_versions || repository.root.repositories.where.not(id: repository.id).empty?

data/app/lib/actions/katello/repository/index_content.rb

@@ -20,7 +20,6 @@ module Actions
 
           if input[:force_index] || (repo.last_contents_changed >= repo.last_indexed)
             repo.index_content(source_repository: source_repository, full_index: input[:full_index].present?)
-            repo.update(:last_indexed => DateTime.now)
           else
             output[:index_skipped] = true
           end

data/app/lib/actions/katello/repository/sync.rb

@@ -26,7 +26,6 @@ module Actions
 
           validate_repo!(repo: repo,
                         source_url: source_url,
-                        validate_contents: validate_contents,
                         skip_metadata_check: skip_metadata_check,
                         skip_candlepin_check: options.fetch(:skip_candlepin_check, false))
 
@@ -81,9 +80,8 @@ module Actions
           end
         end
 
-        def validate_repo!(repo:, source_url:, validate_contents:, skip_metadata_check:, skip_candlepin_check:)
+        def validate_repo!(repo:, source_url:, skip_metadata_check:, skip_candlepin_check:)
           fail ::Katello::Errors::InvalidActionOptionError, _("Unable to sync repo. This repository does not have a feed url.") if repo.url.blank? && source_url.blank?
-          fail ::Katello::Errors::InvalidActionOptionError, _("Cannot validate contents on non-yum/deb repositories.") if validate_contents && !repo.yum? && !repo.deb?
           fail ::Katello::Errors::InvalidActionOptionError, _("Cannot skip metadata check on non-yum/deb repositories.") if skip_metadata_check && !repo.yum? && !repo.deb?
           ::Katello::Util::CandlepinRepositoryChecker.check_repository_for_sync!(repo) if repo.yum? && !skip_candlepin_check
         end

data/app/lib/actions/katello/repository/verify_checksum.rb

@@ -6,19 +6,11 @@ module Actions
 
         def plan(repo)
           action_subject(repo)
-
-          if SmartProxy.pulp_primary.pulp3_support?(repo)
-            plan_action(Actions::Pulp3::Repository::Repair, repo.id, SmartProxy.pulp_primary)
-          else
-            options = {}
-            options[:validate_contents] = true
-            plan_action(Actions::Katello::Repository::Sync, repo, options)
-          end
+          plan_action(Actions::Pulp3::Repository::Repair, repo.id, SmartProxy.pulp_primary)
         end
 
         def presenter
-          found = all_planned_actions(Katello::Repository::Sync)
-          found = all_planned_actions(Pulp3::Repository::Repair) if found.empty?
+          found = all_planned_actions(Pulp3::Repository::Repair)
           Helpers::Presenter::Delegated.new(self, found)
         end
       end

data/app/lib/actions/pulp3/orchestration/repository/generate_metadata.rb

@@ -14,6 +14,8 @@ module Actions
                 plan_self(source_repository_id: options[:source_repository].id, target_repository_id: repository.id, smart_proxy_id: smart_proxy.id)
               elsif publication_content_type && (force_publication || repository.publication_href.nil? || !repository.using_mirrored_metadata?)
                 plan_action(Actions::Pulp3::Repository::CreatePublication, repository, smart_proxy, options)
+              elsif !publication_content_type
+                plan_self(target_repository_id: repository.id, contents_changed: options[:contents_changed], skip_publication: true)
               end
               plan_action(Actions::Pulp3::ContentGuard::Refresh, smart_proxy) unless repository.unprotected
               plan_action(Actions::Pulp3::Repository::RefreshDistribution, repository, smart_proxy, :contents_changed => options[:contents_changed]) if Setting[:distribute_archived_cvv] || repository.environment
@@ -21,13 +23,18 @@ module Actions
           end
 
           def run
-            #we don't have to actually generate a publication, we can reuse the old one
             target_repo = ::Katello::Repository.find(input[:target_repository_id])
-            source_repo = ::Katello::Repository.find(input[:source_repository_id])
-            if (target_repo.publication_href != source_repo.publication_href && smart_proxy.pulp_primary?)
-              target_repo.clear_smart_proxy_sync_histories
+            if input[:skip_publication]
+              #Need to clear smart proxy sync histories for non-publication content_types: docker, ansible collection
+              target_repo.clear_smart_proxy_sync_histories if input[:contents_changed]
+            else
+              #we don't have to actually generate a publication, we can reuse the old one
+              source_repo = ::Katello::Repository.find(input[:source_repository_id])
+              if (target_repo.publication_href != source_repo.publication_href && smart_proxy.pulp_primary?)
+                target_repo.clear_smart_proxy_sync_histories
+              end
+              target_repo.update!(publication_href: source_repo.publication_href)
             end
-            target_repo.update!(publication_href: source_repo.publication_href)
           end
         end
       end

data/app/models/katello/candlepin/repository_mapper.rb

@@ -56,6 +56,7 @@ module Katello
       end
 
       def substitutor
+        fail _("Manifest does not have a valid subscription") if product.cdn_resource.nil?
         product.cdn_resource.substitutor
       end
 

data/app/models/katello/concerns/host_managed_extensions.rb

@@ -1,22 +1,40 @@
 module Katello
   module Concerns
+    # rubocop:disable Metrics/ModuleLength
     module HostManagedExtensions
       extend ActiveSupport::Concern
       include Katello::KatelloUrlsHelper
       include ForemanTasks::Concerns::ActionSubject
 
       module Overrides
-        def update(attrs)
+        def check_cve_attributes(attrs)
           if attrs[:content_facet_attributes]
             cv_id = attrs[:content_facet_attributes].delete(:content_view_id)
             lce_id = attrs[:content_facet_attributes].delete(:lifecycle_environment_id)
+            # Running validations on a host will clear out any existing errors, and then
+            # validate all attributes. As we know, running update or save will run validations.
+            # Since we've just removed two attributes that may
+            # have caused an error, we need to save those so we can explicitly validate
+            # them below in add_back_cve_errors.
+            @pending_cve_attrs = { content_view_id: cv_id, lifecycle_environment_id: lce_id }
             if cv_id && lce_id
-              content_facet.assign_single_environment(content_view_id: cv_id, lifecycle_environment_id: lce_id)
+              cve = content_facet&.assign_single_environment(content_view_id: cv_id, lifecycle_environment_id: lce_id)
+              Rails.logger.warn "Couldn't assign content view environment; host has no content facet" if cve.blank?
+              @pending_cve_attrs = {}
             end
             if (cv_id.present? && lce_id.blank?) || (cv_id.blank? && lce_id.present?)
-              fail "content_view_id and lifecycle_environment_id must be provided together"
+              errors.add(:base, _("Content view and lifecycle environment must be provided together"))
             end
           end
+        end
+
+        def attributes=(attrs)
+          check_cve_attributes(attrs)
+          super
+        end
+
+        def update(attrs)
+          check_cve_attributes(attrs) unless self.content_facet.blank?
           super
         end
 
@@ -30,6 +48,28 @@ module Katello
           inherited_attrs
         end
 
+        def apply_inherited_attributes(attributes, initialized = true)
+          attributes = super(attributes, initialized) || {}
+          facet_attrs = attributes&.[]('content_facet_attributes')
+          return attributes if facet_attrs.blank?
+          cv_id = facet_attrs['content_view_id']
+          lce_id = facet_attrs['lifecycle_environment_id']
+          if initialized && (cv_id.blank? || lce_id.blank?)
+            if cv_id.blank?
+              Rails.logger.info "Hostgroup has no content view assigned; using host's existing content view"
+              facet_attrs['content_view_id'] = content_facet&.single_content_view&.id
+            end
+            if lce_id.blank?
+              Rails.logger.info "Hostgroup has no lifecycle environment assigned; using host's existing lifecycle environment"
+              facet_attrs['lifecycle_environment_id'] = content_facet&.single_lifecycle_environment&.id
+            end
+            attributes['content_facet_attributes'] = facet_attrs
+          else
+            Rails.logger.debug "Hostgroup has content view and lifecycle environment assigned; using those"
+          end
+          attributes
+        end
+
         def smart_proxy_ids
           ids = super
           ids << content_source_id
@@ -90,6 +130,8 @@ module Katello
         has_many :hypervisor_pools, :class_name => '::Katello::Pool', :foreign_key => :hypervisor_id, :dependent => :nullify
 
         before_validation :correct_kickstart_repository
+        after_validation :add_back_cve_errors
+        after_update :clear_pending_cve_attributes
         before_update :check_host_registration, :if => proc { organization_id_changed? }
 
         after_validation :queue_reset_content_host_status
@@ -118,6 +160,16 @@ module Katello
 
         scoped_search relation: :pools, on: :pools_expiring_in_days, ext_method: :find_with_expiring_pools, only_explicit: true
 
+        def add_back_cve_errors
+          if @pending_cve_attrs&.[](:content_view_id).present? || @pending_cve_attrs&.[](:lifecycle_environment_id).present?
+            check_cve_attributes({ content_facet_attributes: @pending_cve_attrs })
+          end
+        end
+
+        def clear_pending_cve_attributes
+          @pending_cve_attrs = {}
+        end
+
         def self.find_with_expiring_pools(_key, _operator, days_from_now)
           host_ids = with_pools_expiring_in_days(days_from_now).ids
           if host_ids.any?

data/app/models/katello/content_view.rb

@@ -794,12 +794,20 @@ module Katello
       return last_publish_result.present? && last_publish_result == 'success'
     end
 
+    def cv_repo_indexed_after_last_published?
+      repositories.any? { |repo| repo.last_indexed && repo.last_indexed > latest_version_object.created_at }
+    end
+
     def needs_publish?
       #Returns
       # True:
       #     a) When content/repo/filter change audit records exist
       #     b) CV hasn't ever been published
       #     c) CV dependency_solving != latest_version.applied_filters.dependency_solving
+      #     d) If repo was indexed after cv publish. This can happen under 3 cases:
+      #       i) Index runs because last index(before publish) had failed and repo is picked up for index even if pulp publication hasn't changed.
+      #       ii) Complete sync runs or sync adds/removes new content (Already true because new pulp publication/version gets created)
+      #       iii) repo.index_content is run. (This doesn't necessarily indicate contents changed. Corner case where we play safe and return true)
       # nil:
       #     a) When CV version creation audit is missing(Indicating audit cleanup)
       #     b) Version doesn't have audited_filters set indicating
@@ -814,10 +822,11 @@ module Katello
       return nil unless last_publish_task_success?
       return composite_cv_components_changed? if composite?
       # return true if the audit records clearly show we have unpublished changes
-      return true if (audited_cv_repositories_since_last_publish.present? || audited_cv_repository_changed.present? ||
-        audited_cv_filters_changed.present? || audited_cv_filter_rules_changed.present?)
+      return true if audited_changes_present?
       # return true if the dependency solving changed for CV between last publish and now
       return true if dependency_solving_changed?
+      # return true if any child repo's indexed_at > last_version.created_at
+      return true if cv_repo_indexed_after_last_published?
       # if we didn't return `true` already, either the audit records show that we don't need to publish, or we may
       # have insufficient data to make the determination (either audits were cleaned, or never got created at all).
       # first, check for the `create` audit record; its absence indicates that audits were cleaned some time after
@@ -834,6 +843,11 @@ module Katello
       latest_version_object.applied_filters.nil? ? nil : false
     end
 
+    def audited_changes_present?
+      audited_cv_repositories_since_last_publish.present? || audited_cv_repository_changed.present? ||
+        audited_cv_filters_changed.present? || audited_cv_filter_rules_changed.present?
+    end
+
     def dependency_solving_changed?
       latest_version_object.applied_filters && solve_dependencies != latest_version_object.applied_filters['dependency_solving']
     end

data/app/models/katello/docker_meta_tag.rb

@@ -134,7 +134,9 @@ module Katello
     end
 
     def self.cleanup_tags
-      self.where("id not in (?) OR (schema2_id IS NULL AND schema1_id IS NULL)", Katello::RepositoryDockerMetaTag.pluck(:docker_meta_tag_id) + [0]).delete_all
+      #Cleanup RepositoryMetaTag for nil schema meta tags
+      RepositoryDockerMetaTag.where(docker_meta_tag: where(schema1: nil, schema2: nil)).delete_all
+      self.where.not(id: RepositoryDockerMetaTag.select(:docker_meta_tag_id)).or(where(schema1: nil, schema2: nil)).delete_all
     end
 
     def self.import_meta_tags(repositories)

data/app/models/katello/host/content_facet.rb

@@ -375,7 +375,9 @@ module Katello
       class Jail < ::Safemode::Jail
         allow :applicable_deb_count, :applicable_module_stream_count, :applicable_rpm_count, :content_source, :content_source_id, :content_source_name,
               :errata_counts, :id, :kickstart_repository, :kickstart_repository_id, :kickstart_repository_name,
-              :upgradable_deb_count, :upgradable_module_stream_count, :upgradable_rpm_count, :uuid
+              :upgradable_deb_count, :upgradable_module_stream_count, :upgradable_rpm_count, :uuid,
+              :installable_security_errata_count, :installable_bugfix_errata_count, :installable_enhancement_errata_count,
+              :single_content_view, :single_lifecycle_environment
       end
     end
   end

data/app/models/katello/kt_environment.rb

@@ -278,7 +278,7 @@ module Katello
       prop_group :katello_basic_props, Katello::Model, meta: { friendly_name: 'Katello Environment' }
     end
     class Jail < ::Safemode::Jail
-      allow :name, :label
+      allow :id, :name, :label
     end
 
     private