License Enforcement Application (#3929)

* Implementation of license enforcement application Signed-off-by: jan shahid shaik <[email protected]> * Fixing pipeline issues Signed-off-by: jan shahid shaik <[email protected]> * Fixing pipeline issues Signed-off-by: jan shahid shaik <[email protected]> * License Caching and Add license enforcement to all APIs (#3919) License Caching and Add license enforcement to all APIs. Signed-off-by: jan shahid shaik <[email protected]> * Modified error message for license expiry case (#3926) Signed-off-by: jan shahid shaik <[email protected]> * Updated chef-server-ctl to handle invalid license + Added grace perio… (#3936) * Update Gemfile.lock to fix adhoc pipeline instability Signed-off-by: Lincoln Baker <[email protected]> * Updated chef-server-ctl to handle invalid license + Added grace period in X-Ops-License Signed-off-by: jan shahid shaik <[email protected]> * Added customer name in get_license method and license cache Signed-off-by: jan shahid shaik <[email protected]> --------- Signed-off-by: Lincoln Baker <[email protected]> Signed-off-by: jan shahid shaik <[email protected]> Co-authored-by: Lincoln Baker <[email protected]> * Change for customer Name (#3939) * adding company name and license-id from automate license. Signed-off-by: talktovikas <[email protected]> removing trailing space. Signed-off-by: talktovikas <[email protected]> fixing tests. Signed-off-by: talktovikas <[email protected]> fixing license test case. Signed-off-by: talktovikas <[email protected]> Fixing bug in condition statement Signed-off-by: talktovikas <[email protected]> debug statements Signed-off-by: talktovikas <[email protected]> adding the server url. Signed-off-by: talktovikas <[email protected]> assignment in case of standalone chef-server. Signed-off-by: talktovikas <[email protected]> adding licenseId in case of Automate-T data. Signed-off-by: talktovikas <[email protected]> fixing T-test cases. Signed-off-by: talktovikas <[email protected]> fixing tests. Signed-off-by: talktovikas <[email protected]> fixing tests. Signed-off-by: talktovikas <[email protected]> * remove debug logs Signed-off-by: talktovikas <[email protected]> * code review changes. Signed-off-by: talktovikas <[email protected]> --------- Signed-off-by: talktovikas <[email protected]> * Pedant test for the case if automate license is expired (#3941) * Updated chef-server-ctl to handle invalid license + Added grace period in X-Ops-License Signed-off-by: jan shahid shaik <[email protected]> * Added customer name in get_license method and license cache Signed-off-by: jan shahid shaik <[email protected]> * debug statements Signed-off-by: talktovikas <[email protected]> * case for expired license. Signed-off-by: talktovikas <[email protected]> making it 403 Signed-off-by: talktovikas <[email protected]> running cases only for automate. Signed-off-by: talktovikas <[email protected]> test for chef-zero Signed-off-by: talktovikas <[email protected]> test for /users Signed-off-by: talktovikas <[email protected]> adding env in docker Signed-off-by: talktovikas <[email protected]> fixing verify syntax. Signed-off-by: talktovikas <[email protected]> fixing placement of env variables. Signed-off-by: talktovikas <[email protected]> fixing placement of executor. Signed-off-by: talktovikas <[email protected]> test Signed-off-by: talktovikas <[email protected]> * adding config for expired license from vault. Signed-off-by: talktovikas <[email protected]> * Added few puts inside success licese case. Signed-off-by: sreepuramsudheer <[email protected]> * Added IS_AUTOMATE into environment variables. Signed-off-by: sreepuramsudheer <[email protected]> * Replaced hardcoded expired license with one received from vault. Signed-off-by: sreepuramsudheer <[email protected]> * Updated chef-server-ctl to handle invalid license + Added grace period in X-Ops-License Signed-off-by: jan shahid shaik <[email protected]> * Added customer name in get_license method and license cache Signed-off-by: jan shahid shaik <[email protected]> * removing debug logs Signed-off-by: talktovikas <[email protected]> * code review changes. Signed-off-by: talktovikas <[email protected]> * adding comment for the test case. Signed-off-by: talktovikas <[email protected]> --------- Signed-off-by: jan shahid shaik <[email protected]> Signed-off-by: talktovikas <[email protected]> Signed-off-by: sreepuramsudheer <[email protected]> Co-authored-by: jan shahid shaik <[email protected]> Co-authored-by: sreepuramsudheer <[email protected]> * fixing the sonarQube issue. Signed-off-by: talktovikas <[email protected]> --------- Signed-off-by: jan shahid shaik <[email protected]> Signed-off-by: Lincoln Baker <[email protected]> Signed-off-by: talktovikas <[email protected]> Signed-off-by: sreepuramsudheer <[email protected]> Co-authored-by: Lincoln Baker <[email protected]> Co-authored-by: Vikas Yadav <[email protected]> Co-authored-by: sreepuramsudheer <[email protected]> Co-authored-by: talktovikas <[email protected]>
chef · Nov 18, 2024 · c2d6e8e · c2d6e8e
1 parent 24a1d60
commit c2d6e8e
Show file tree

Hide file tree

Showing 19 changed files with 899 additions and 141 deletions.
diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml
@@ -154,6 +154,7 @@ steps:
           - USE_OMNIBUS_FILES=0
           - PEDANT_OPTS="--skip-oc_id"
           - BUNDLE_GEMFILE=/workdir/oc-chef-pedant/Gemfile
+          - IS_AUTOMATE=false
 
 - label: With ChefFS=1
   command:
@@ -174,6 +175,7 @@ steps:
           - PEDANT_OPTS="--skip-oc_id"
           - CHEF_FS=1
           - BUNDLE_GEMFILE=/workdir/oc-chef-pedant/Gemfile
+          - IS_AUTOMATE=false
 
 - label: automate_build
   command:
@@ -214,39 +216,61 @@ steps:
 - label: "chef server"
   command:
     - .expeditor/chef_server.sh
+  env:
+    IS_AUTOMATE: true
   timeout_in_minutes: 30 # longer timeout for chef-server
   expeditor:
-    executor:
-      linux:
-        privileged: true
     secrets:
       A2_LICENSE:
         path: secret/a2/license
         field: license
+      A2_EXPIRED_LICENSE:
+        path: secret/a2/license
+        field: expLicense
+    executor:
+      linux:
+        privileged: true
+        environment:
+          - IS_AUTOMATE=true
 
 - label: "chef server only"
   command:
     - .expeditor/chef_server_only.sh
+  env:
+    IS_AUTOMATE: true
   timeout_in_minutes: 20
   expeditor:
-    executor:
-      linux:
-        privileged: true
     secrets:
       A2_LICENSE:
         path: secret/a2/license
         field: license
+      A2_EXPIRED_LICENSE:
+        path: secret/a2/license
+        field: expLicense
+    executor:
+      linux:
+        privileged: true
+        environment:
+          - IS_AUTOMATE=true
+
 
 - label: "ha chef server"
   command:
     - .expeditor/ha_chef_server.sh
+  env:
+    IS_AUTOMATE: true
   timeout_in_minutes: 35
   expeditor:
-    executor:
-      linux:
-        single-use: true
-        privileged: true
     secrets:
       A2_LICENSE:
         path: secret/a2/license
-        field: license
+        field: license
+      A2_EXPIRED_LICENSE:
+        path: secret/a2/license
+        field: expLicense
+    executor:
+      linux:
+        privileged: true
+        single-use: true
+        environment:
+          - IS_AUTOMATE=true
diff --git a/oc-chef-pedant/spec/api/server_license_spec.rb b/oc-chef-pedant/spec/api/server_license_spec.rb
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+require 'pedant/rspec/common'
+
+describe "server license testing", :license do
+
+  # Pedant has configurable test users.
+  # Selects Pedant users that are marked as associated
+  let(:default_pedant_user_names) { platform.users.select(&:associate).map(&:name).sort }
+  let(:default_users_body)        { default_pedant_user_names.map { |user| {"user" => {"username" => user} } } }
+
+  # context "/users endpoint", automate: true do
+  context "/users endpoint" do
+    let(:request_url) { "#{platform.server}/users" }
+    let(:status_url) { "#{platform.server}/_status" }
+
+    let(:users_body) do
+      {
+        # There are other users, but these are ours, so they should always be
+        # somewhere in the userspace soup.
+        "pivotal" => "#{request_url}/pivotal",
+        platform.bad_user.name => "#{request_url}/#{platform.bad_user.name}",
+        platform.admin_user.name => "#{request_url}/#{platform.admin_user.name}",
+        platform.non_admin_user.name => "#{request_url}/#{platform.non_admin_user.name}",
+      }
+    end
+
+    context "when having valid license" do
+      it "can get all users and since the license is valid, they should show 200 as return", :smoke do
+        get(request_url, platform.superuser).should look_like({
+            :status => 200,
+            :body => users_body
+          })
+      end
+    end
+
+    # In case of Embedded chef-server in Automate, If the license of automate is Expired in that case all requests reaching to chef-server should return 403
+    context "when not having valid license",  if: ENV["IS_AUTOMATE"] == "true" do
+      before(:all) do
+        puts "applying expired license"
+        puts ENV['A2_EXPIRED_LICENSE']
+        system("chef-automate license apply -f \"${A2_EXPIRED_LICENSE}\"")
+        system("sleep 50")
+        puts "expired license applied"
+        puts system("chef-automate license status")
+      end
+      after(:all) do
+        system("chef-automate license apply \"$A2_LICENSE\"")
+        system("sleep 50")
+        puts "valid license applied"
+        puts system("chef-automate license status")
+      end
+
+      it "returns 403", :smoke  do
+        puts get(request_url, platform.superuser)
+        get(request_url, platform.superuser).should look_like({
+            :status => 403
+          })
+      end
+    end
+  end # context /users/<name> endpoint
+end # describe users