update_repo_certs.rake

namespace :katello do
  task :update_repo_certs => %w(environment) do
    User.current = User.anonymous_admin

    begin
      ssl_cert = File.read(File.open(ENV['SSL_CERT_PATH']))
      ssl_key = File.read(File.open(ENV['SSL_KEY_PATH']))
    rescue
      raise("SSL_CERT_PATH or SSL_KEY_PATH could not be read")
    end

    root_repos = Katello::RootRepository.yum_type.joins(:product).merge(Katello::Product.redhat).distinct

    root_repos.each do |root_repo|
      library_repo = root_repo.library_instance
      importer = library_repo.importers.first

      unless importer&.dig(:id)
        Rails.logger.warn("update_repo_certs: No importer for repository_id=#{library_repo.id}") unless importer
        next
      end

      if importer[:config][:ssl_client_cert] == ssl_cert && importer[:config][:ssl_client_key] == ssl_key
        Rails.logger.info("update_repo_certs: repository_id=#{library_repo.id} already has this cert and key")
        next
      end

      config = {
        :ssl_client_cert => ssl_cert,
        :ssl_client_key => ssl_key
      }
      # This is SmartProxy.pulp_primary in 6.8 and later
      SmartProxy.pulp_master.pulp_api.resources.repository.update_importer(library_repo.pulp_id, importer[:id], config)
      Rails.logger.info("update_repo_certs: repository_id=#{library_repo.id} updated")
    rescue => e
      Rails.logger.error("update_repo_certs: Couldn't update certs for repository_id=#{library_repo.id}")
      Rails.logger.error("update_repo_certs: The error was #{e.message}")
    end
  end
end