cleanup: remove unused sanitize_encrypted param from diff function

[VedantMadane]

Fixes #688. This PR removes the unused \sanitize_encrypted\ parameter from the \diff\ utility and its helper _sanitize_value, and corrects the return type in the docstring.

Summary by CodeRabbit

• Refactor
  • Diff/comparison now always detects and masks encrypted field values; the option to disable this sanitization has been removed.
  • Encryption-aware handling is applied uniformly to added, removed, and changed values in diffs.
  • Documentation updated to state diffs return a structured diff object instead of a generic dictionary.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 618d3356-edb6-4905-b634-d19f6afd3b59

📥 Commits

Reviewing files that changed from the base of the PR and between 3702eb5 and f069909.

📒 Files selected for processing (1)

• ansible_base/lib/utils/models.py

🚧 Files skipped from review as they are similar to previous changes (1)

• ansible_base/lib/utils/models.py

---

📝 Walkthrough

Walkthrough

Sanitization for encrypted fields in the models utility now always evaluates encryption status (via is_encrypted_field, instance._encrypted_field_names, and the $encrypted$ prefix). The sanitize_encrypted parameter was removed from _sanitize_value and diff, and diff docstring now documents returning a ModelDiff.

Changes

Cohort / File(s)

Summary

Models utility ansible_base/lib/utils/models.py

Removed sanitize_encrypted parameter from _sanitize_value(instance, model, field_name, value, ...) and from diff(...) signature; updated internal _sanitize_value calls to (instance, model, field_name, value); sanitization now always determines encryption using is_encrypted_field, instance._encrypted_field_names, and the $encrypted$ prefix; updated diff docstring to state it returns a ModelDiff object.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: removing the unused sanitize_encrypted parameter from the diff function.
Linked Issues check	✅ Passed	The PR fully addresses both objectives from issue #688: removes the unused sanitize_encrypted parameter and updates the docstring to reflect the actual ModelDiff return type.
Out of Scope Changes check	✅ Passed	All changes are directly related to the objectives in issue #688; no out-of-scope modifications were introduced.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[VedantMadane]

Rebased onto latest devel. I notice the DVCS check requires a Jira key (AAP-XXXXX). Is there an existing ticket this cleanup could be associated with, or would a maintainer be able to create one? Happy to update the PR title with the key.

[github-actions]

DVCS PR Check Results:

Could not find JIRA key(s) in PR title, branch name, or commit messages