All repo-roles: UserAuth should be implemented more strict

[markuslf]

As of today, all repo-roles add username={{ repo_... }} and password={{ repo_... }}, even when the original public vendor repo is used.

Wrong:

[grafana]
name=grafana
{% if repo_grafana__mirror_url is defined and repo_grafana__mirror_url | length %}
baseurl={{ repo_grafana__mirror_url }}/grafana
{% else %}
baseurl=https://rpm.grafana.com
{% endif %}
...
{% if repo_grafana__basic_auth_login is defined and repo_grafana__basic_auth_login | length %}
username={{ repo_grafana__basic_auth_login["username"] }}
password={{ repo_grafana__basic_auth_login["password"] }}
{% endif %}

Fixed by checking if we defined a private mirror (https://github.com/Linuxfabrik/lfops/commit/6c2bf8f0b810f290c34a84f752523a779c030b70):

[grafana]
name=grafana
{% if repo_grafana__mirror_url is defined and repo_grafana__mirror_url | length %}
baseurl={{ repo_grafana__mirror_url }}/grafana
{% else %}
baseurl=https://rpm.grafana.com
{% endif %}
...
{% if repo_grafana__mirror_url is defined and repo_grafana__mirror_url | length and repo_grafana__basic_auth_login is defined and repo_grafana__basic_auth_login | length %}
username={{ repo_grafana__basic_auth_login["username"] }}
password={{ repo_grafana__basic_auth_login["password"] }}
{% endif %}

Should be fixed in all repo templates. Otherwise some repos return:

Errors during downloading metadata for repository 'grafana':
  - Status code: 403 for https://rpm.grafana.com/repodata/repomd.xml (IP: 151.101.194.217)
Error: Failed to download metadata for repo 'grafana': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

[NavidSassan]

There are also upstream repositories that require authentication, for example the Icinga Repo for RHEL8+. IMO the admin should just unset repo_grafana__basic_auth_login when it is not needed, same as they did with repo_grafana__mirror_url.

[markuslf]

Yeah, sounds better. I will revert my changes.