foreman::cli::manage_root_config doesn't work because "replace => false"

[emperortomato]

The foreman::cli class is configured not to replace /root/.hammer/cli.modules.d/foreman.yml, even if $manage_root_config is set to true, because replace => false:

  if $manage_root_config {
    ...
    file { '/root/.hammer/cli.modules.d/foreman.yml':
      ensure  => file,
      owner   => 'root',
      group   => 'root',
      mode    => '0600',
      replace => false,
      content => template('foreman/hammer_root.yml.erb'),
    }
    ...
  }

I think this is confusing and contradictory; I know I was confused about why it wasn't working until I took a closer look at the module. I think if $manage_root_config is set to true then this file should automatically be updated with the specified config.

[ekohl]

The reason we do this is that in the foreman class we set the initial username and password, but have no guarantee that they remain the same. I know this is ugly and at a parameter for this would make sense.

[neomilium]

Maybe a rework of parameters, behavior, etc. of CLI setup could be a good way.

• I already started to fix a strange behavior about refresh_cache and request_timeout: CLI: make refresh_cache and request_timeout params global #884
• IMHO, manage_root_config should not exist or at least have a default to false (because if we want a powerful auditable application, we should help users to do not use root or admin account, a goal that already produce the depreciation of some rake tasks)
• I would like to add use_sessions parameter to ease administration using CLI with a regular unix user, without Foreman password disclosure if its stored in plain-text file, for obvious security concern: opus-codium@2e232b2

I'm OK to rework this part, if someone purpose a global approach.