Problem:
I’m running webhooks and shellhooks to trigger on host_updated
event and want to use the previous_revision
function to compare which parameters were changed.
But when I run previous_revision(@object)
in my webhook template I get an exception:
ERF42-4338 [Foreman::Exception]: Host::Managed is not auditable
Backtrace (snippet):
2025-01-23T13:28:58 [E|bac|681622e4] ERF42-4338 [Foreman::Exception]: Host::Managed is not auditable (Foreman::Exception)
681622e4 | /usr/share/foreman/app/services/foreman/renderer/scope/macros/base.rb:441:in `rescue in previous_revision'
681622e4 | /usr/share/foreman/app/services/foreman/renderer/scope/macros/base.rb:437:in `previous_revision'
681622e4 | test_prev_record:5:in `block in get_binding'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:40:in `block (2 levels) in each_record'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:40:in `each'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:40:in `block in each_record'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches.rb:245:in `block in in_batches'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches.rb:229:in `loop'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches.rb:229:in `in_batches'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:39:in `each'
681622e4 | /usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/relation/batches/batch_enumerator.rb:39:in `each_record'
681622e4 | test_prev_record:4:in `get_binding'
681622e4 | /usr/share/ruby/erb.rb:905:in `eval'
681622e4 | /usr/share/ruby/erb.rb:905:in `result'
681622e4 | /usr/share/foreman/app/services/foreman/renderer/unsafe_mode_renderer.rb:7:in `render'
681622e4 | /usr/share/foreman/app/services/foreman/renderer/base_renderer.rb:18:in `render'
681622e4 | /usr/share/foreman/app/services/foreman/renderer.rb:46:in `render'
681622e4 | /usr/share/foreman/app/models/template.rb:173:in `render'
681622e4 | /usr/share/foreman/app/models/report_composer.rb:241:in `render'
Any ideas?
Foreman and Proxy versions:
Foreman 3.13
Distribution and version:
RHEL 9.5
This only seem to happen with new hosts, when I update an existing host the previous_revision
works as expected.
Is there some condition to when Host::Managed
is considered auditable or not?
The example above is actually from using a report template, I noted now that the backtrace when using a webhook template which is triggered during install is a bit more extensive:
2025-01-23T07:43:59 [E|tem|149fdd55] <ActiveModel::MissingAttributeError> can't write unknown attribute `puppet_attributes`
/usr/share/gems/gems/activemodel-6.1.7.10/lib/active_model/attribute.rb:207:in `with_value_from_database'
/usr/share/gems/gems/activemodel-6.1.7.10/lib/active_model/attribute_set.rb:51:in `write_from_user'
/usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/attribute_methods/write.rb:34:in `write_attribute'
/usr/share/gems/gems/activerecord-6.1.7.10/lib/active_record/attribute_methods.rb:345:in `[]='
/usr/share/gems/gems/audited-5.7.0/lib/audited/audit.rb:163:in `block in assign_revision_attributes'
/usr/share/gems/gems/audited-5.7.0/lib/audited/audit.rb:158:in `each'
/usr/share/gems/gems/audited-5.7.0/lib/audited/audit.rb:158:in `assign_revision_attributes'
/usr/share/gems/gems/audited-5.7.0/lib/audited/auditor.rb:216:in `block in revision_with'
<internal:kernel>:90:in `tap'
/usr/share/gems/gems/audited-5.7.0/lib/audited/auditor.rb:208:in `revision_with'
/usr/share/foreman/lib/audit_associations/associations_changes.rb:16:in `revision_with'
/usr/share/gems/gems/audited-5.7.0/lib/audited/auditor.rb:163:in `revision'
/usr/share/foreman/app/services/foreman/renderer/scope/macros/base.rb:438:in `previous_revision'
host_updated:11:in `get_binding'
(The host is put into build
which triggers a webhook which updates a host parameter which in turn triggers the host_updated
webhook event, which fails.)
Further debugging shows that hosts that are created after a certain date (~6 months ago) does not work with previous_revision
, but older hosts does. I can’t relate this cutoff-date to any specific changes or updates in our Foreman environment and the host objects look identical to me so at the moment I’m a bit at a loss.
Hoping someone can provide some insight!
Mystery somewhat solved, we expire audits after 180 days. So for hosts older than that the previous_revision
call works since the audit record from the create
event has been removed.
This audit record contains a Puppet attributes
value, which is what causes the error.
If I hack the revision_with
function in /usr/share/foreman/lib/audit_associations/associations_changes.rb
to explicitly remove the puppet_attributes
attribute from the attrs
hash it works.
I however don’t understand how previous_revision
is supposed to work if it can’t handle the audit record from create
? Is this a bug or am I using it wrong?
@adam.winberg, just to complete the picture: have you tried to remove foreman_puppet plugin at some point? Does this plugin still listed in the About page?
No, I have not removed it and it is listed in the About page.