`previous_revision` yields `Host::Managed is not auditable`

Problem:
I’m running webhooks and shellhooks to trigger on host_updated event and want to use the previous_revision function to compare which parameters were changed.

But when I run previous_revision(@object) in my webhook template I get an exception:
ERF42-4338 [Foreman::Exception]: Host::Managed is not auditable

Backtrace (snippet):

2025-01-23T13:28:58 [E|bac|681622e4] ERF42-4338 [Foreman::Exception]: Host::Managed is not auditable (Foreman::Exception)
 681622e4 | /usr/share/foreman/app/services/foreman/renderer/scope/macros/base.rb:441:in `rescue in previous_revision'
 681622e4 | /usr/share/foreman/app/services/foreman/renderer/scope/macros/base.rb:437:in `previous_revision'
 681622e4 | test_prev_record:5:in `block in get_binding'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:40:in `block (2 levels) in each_record'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:40:in `each'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:40:in `block in each_record'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches.rb:245:in `block in in_batches'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches.rb:229:in `loop'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches.rb:229:in `in_batches'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:39:in `each'
 681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:39:in `each_record'
 681622e4 | test_prev_record:4:in `get_binding'
 681622e4 | /usr/share/ruby/erb.rb:905:in `eval'
 681622e4 | /usr/share/ruby/erb.rb:905:in `result'
 681622e4 | /usr/share/foreman/app/services/foreman/renderer/unsafe_mode_renderer.rb:7:in `render'
 681622e4 | /usr/share/foreman/app/services/foreman/renderer/base_renderer.rb:18:in `render'
 681622e4 | /usr/share/foreman/app/services/foreman/renderer.rb:46:in `render'
 681622e4 | /usr/share/foreman/app/models/template.rb:173:in `render'
 681622e4 | /usr/share/foreman/app/models/report_composer.rb:241:in `render'

Any ideas?

Foreman and Proxy versions:
Foreman 3.13

Distribution and version:
RHEL 9.5

This only seem to happen with new hosts, when I update an existing host the previous_revision works as expected.
Is there some condition to when Host::Managed is considered auditable or not?

The example above is actually from using a report template, I noted now that the backtrace when using a webhook template which is triggered during install is a bit more extensive:

2025-01-23T07:43:59 [E|tem|149fdd55] <ActiveModel::MissingAttributeError> can't write unknown attribute `puppet_attributes`
        /usr/share/gems/gems/activemodel-6.1.7.10/lib/active_model/attribute.rb:207:in `with_value_from_database'
        /usr/share/gems/gems/activemodel-6.1.7.10/lib/active_model/attribute_set.rb:51:in `write_from_user'
        /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/attribute_methods/write.rb:34:in `write_attribute'
        /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/attribute_methods.rb:345:in `[]='
        /usr/share/gems/gems/audited-5.7.0/lib/audited/audit.rb:163:in `block in assign_revision_attributes'
        /usr/share/gems/gems/audited-5.7.0/lib/audited/audit.rb:158:in `each'
        /usr/share/gems/gems/audited-5.7.0/lib/audited/audit.rb:158:in `assign_revision_attributes'
        /usr/share/gems/gems/audited-5.7.0/lib/audited/auditor.rb:216:in `block in revision_with'
        <internal:kernel>:90:in `tap'
        /usr/share/gems/gems/audited-5.7.0/lib/audited/auditor.rb:208:in `revision_with'
        /usr/share/foreman/lib/audit_associations/associations_changes.rb:16:in `revision_with'
        /usr/share/gems/gems/audited-5.7.0/lib/audited/auditor.rb:163:in `revision'
        /usr/share/foreman/app/services/foreman/renderer/scope/macros/base.rb:438:in `previous_revision'
        host_updated:11:in `get_binding'

(The host is put into build which triggers a webhook which updates a host parameter which in turn triggers the host_updated webhook event, which fails.)

Further debugging shows that hosts that are created after a certain date (~6 months ago) does not work with previous_revision, but older hosts does. I can’t relate this cutoff-date to any specific changes or updates in our Foreman environment and the host objects look identical to me so at the moment I’m a bit at a loss.

Hoping someone can provide some insight!

Mystery somewhat solved, we expire audits after 180 days. So for hosts older than that the previous_revision call works since the audit record from the create event has been removed.
This audit record contains a Puppet attributes value, which is what causes the error.

If I hack the revision_with function in /usr/share/foreman/lib/audit_associations/associations_changes.rb to explicitly remove the puppet_attributes attribute from the attrs hash it works.

I however don’t understand how previous_revision is supposed to work if it can’t handle the audit record from create? Is this a bug or am I using it wrong?

@adam.winberg, just to complete the picture: have you tried to remove foreman_puppet plugin at some point? Does this plugin still listed in the About page?

No, I have not removed it and it is listed in the About page.