From f126c1e12ae1bdbff647973275a867c62fc6972e Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Thu, 21 Nov 2024 03:03:32 +0000 Subject: [PATCH 1/8] Azure basic images do not get access to LTSS --- .../providers/example.rb | 4 + .../v3/systems/products_controller_spec.rb | 4 +- engines/scc_proxy/lib/scc_proxy/engine.rb | 9 ++ .../v3/systems/products_controller_spec.rb | 117 +++++++++++++++++- spec/factories/products.rb | 17 +++ spec/factories/systems.rb | 13 ++ 6 files changed, 160 insertions(+), 4 deletions(-) diff --git a/engines/instance_verification/lib/instance_verification/providers/example.rb b/engines/instance_verification/lib/instance_verification/providers/example.rb index b773d7855..1d49f92d9 100644 --- a/engines/instance_verification/lib/instance_verification/providers/example.rb +++ b/engines/instance_verification/lib/instance_verification/providers/example.rb @@ -49,4 +49,8 @@ def payg_billing_code?(iid, identifier) return true if (identifier.casecmp('sles').zero? && instance_billing_info[:billing_product] == SLES_PRODUCT_IDENTIFIER) return true if (identifier.casecmp('sles_sap').zero? && SLES4SAP_PRODUCT_IDENTIFIER.include?(instance_billing_info[:marketplace_code])) end + + def basic? + false + end end diff --git a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb index 9ccbcb1c2..f3e2940c6 100644 --- a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -123,7 +123,7 @@ context 'when system has hw_info' do let(:instance_data) { 'dummy_instance_data' } - let(:system) { FactoryBot.create(:system, :payg, :with_system_information, instance_data: instance_data) } + let(:system) { FactoryBot.create(:system, :payg, :with_system_information_az, instance_data: instance_data) } let(:serialized_service_json) do V3::ServiceSerializer.new( product.service, @@ -188,7 +188,7 @@ let(:instance_data) { 'dummy_instance_data' } let(:system) do FactoryBot.create( - :system, :payg, :with_system_information, :with_activated_product, product: base_product, instance_data: instance_data + :system, :payg, :with_system_information_az, :with_activated_product, product: base_product, instance_data: instance_data ) end let(:serialized_service_json) do diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index e684dc910..d89967837 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -372,6 +372,15 @@ def has_no_regcode?(auth_header) protected def scc_activate_product + if (@system.system_information && + JSON.parse(@system.system_information)['cloud_provider'].casecmp('microsoft').zero? && + @product.product_class.downcase.include?('ltss') && + InstanceVerification.provider.new(logger, request, nil, @system.instance_data).basic? + ) + error = ActionController::TranslatedError.new(N_('Product not supported for this instance')) + error.status = :forbidden + raise error + end mode = find_mode unless mode.nil? # if system is byos or hybrid and there is a token diff --git a/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb index 0ff8417f3..6494c9bd7 100644 --- a/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -349,12 +349,12 @@ context 'when system is connected to SCC' do let(:system_payg) do - FactoryBot.create(:system, :payg, :with_system_information, :with_activated_base_product, instance_data: instance_data, + FactoryBot.create(:system, :payg, :with_system_information_az, :with_activated_base_product, instance_data: instance_data, system_token: new_system_token) end let(:product) do FactoryBot.create( - :product, :product_sles, :extension, :with_mirrored_repositories, :with_mirrored_extensions, + :product, :product_sles_ltss, :extension, :with_mirrored_repositories, :with_mirrored_extensions, base_products: [system_payg.products.first] ) end @@ -415,7 +415,120 @@ allow(File).to receive(:directory?) allow(FileUtils).to receive(:mkdir_p) allow(FileUtils).to receive(:touch) + allow(InstanceVerification::Providers::Example).to receive(:new).and_return(plugin_double) + allow(plugin_double).to receive(:basic?).and_return(false) + allow(InstanceVerification).to receive(:write_cache_file).twice.with( + Rails.application.config.repo_cache_dir, "127.0.0.1-#{system_payg.login}-#{product.id}" + ) + allow(InstanceVerification).to receive(:write_cache_file).twice.with( + Rails.application.config.registry_cache_dir, "127.0.0.1-#{system_payg.login}" + ) + allow(plugin_double).to receive(:instance_valid?).and_return(true) + end + + context 'when LTSS not allowed' do + before do + allow(plugin_double).to receive(:basic?).and_return(true) + end + + it 'raises an error' do + stub_request(:post, scc_register_system_url) + .to_return(status: 403, body: { ok: 'OK' }.to_json, headers: {}) + + post url, params: payload, headers: headers + data = JSON.parse(response.body) + expect(data['error']).to include('Product not supported for this instance') + end + end + end + end + end + + context 'when system has hw_info' do + let(:instance_data) { '{"instanceId": "dummy_instance_data"}' } + let(:new_system_token) { 'BBBBBBBB-BBBB-4BBB-9BBB-BBBBBBBBBBBB' } + let(:serialized_service_json) do + V3::ServiceSerializer.new( + product.service, + base_url: URI::HTTP.build({ scheme: response.request.scheme, host: response.request.host }).to_s + ).to_json + end + + let(:serialized_service_sap_json) do + V3::ServiceSerializer.new( + product_sap.service, + base_url: URI::HTTP.build({ scheme: response.request.scheme, host: response.request.host }).to_s + ).to_json + end + + context 'when system is connected to SCC' do + let(:system_payg) do + FactoryBot.create(:system, :payg, :with_system_information_az, :with_activated_base_product, instance_data: instance_data, + system_token: new_system_token) + end + let(:product) do + FactoryBot.create( + :product, :product_sles_ltss, :extension, :with_mirrored_repositories, :with_mirrored_extensions, + base_products: [system_payg.products.first] + ) + end + let(:subscription_response) do + { + id: 4206714, + regcode: 'bar', + name: 'SUSE Employee subscription for SUSE Linux Enterprise Server for SAP Applications', + type: 'internal', + status: 'ACTIVE', + starts_at: '2019-03-20T09:48:52.658Z', + expires_at: '2024-03-20T09:48:52.658Z', + system_limit: '100', + systems_count: '156', + virtual_count: nil, + product_classes: [ + 'AiO', + '7261', + 'SLE-HAE-X86', + '7261-BETA', + 'SLE-HAE-X86-BETA', + 'AiO-BETA', + '7261-ALPHA', + 'SLE-HAE-X86-ALPHA', + 'AiO-ALPHA' + ], + product_ids: [ + 1959, + 1421 + ], + skus: [], + systems: [ + { + id: 3021957, + login: 'SCC_foo', + password: '5ee7273ac6ac4d7f', + last_seen_at: '2019-03-20T14:01:05.424Z' + } + ] + } + end + + before do + allow(plugin_double).to( + receive(:instance_valid?) + .and_raise(InstanceVerification::Exception, 'Custom plugin error') + ) + end + context 'with a valid registration code' do + before do + stub_request(:post, scc_activate_url) + .to_return( + status: 201, + body: { id: 'bar' }.to_json, + headers: {} + ) + allow(File).to receive(:directory?) + allow(FileUtils).to receive(:mkdir_p) + allow(FileUtils).to receive(:touch) allow(InstanceVerification).to receive(:write_cache_file).twice.with( Rails.application.config.repo_cache_dir, "127.0.0.1-#{system_payg.login}-#{product.id}" ) diff --git a/spec/factories/products.rb b/spec/factories/products.rb index 30532e1fc..e11965e7a 100644 --- a/spec/factories/products.rb +++ b/spec/factories/products.rb @@ -57,6 +57,23 @@ friendly_version { '15 SP3' } end + trait :product_sles_ltss do + identifier { 'SLES-LTSS' } + name { 'SUSE Linux Enterprise Server LTSS' } + description { 'SUSE Linux Enterprise offers a comprehensive suite of products...' } + shortname { 'SLES15-SP3-LTSS' } + former_identifier { 'SLES_LTSS' } + product_type { 'extension' } + product_class { 'LTSS' } + release_type { nil } + release_stage { 'released' } + version { '15.3' } + arch { 'x86_64' } + free { false } + cpe { 'cpe:/o:suse:sles:15:sp3' } + friendly_version { '15 SP3' } + end + trait :product_sles_sap do identifier { 'SLES_SAP' } name { 'SUSE Linux Enterprise Server' } diff --git a/spec/factories/systems.rb b/spec/factories/systems.rb index 8fb81aa38..2f3197f36 100644 --- a/spec/factories/systems.rb +++ b/spec/factories/systems.rb @@ -70,6 +70,19 @@ end end + trait :with_system_information_az do + system_information do + { + cpus: 2, + sockets: 1, + hypervisor: nil, + arch: 'x86_64', + uuid: SecureRandom.uuid, + cloud_provider: 'Microsoft' + }.to_json + end + end + trait :with_system_token do sequence(:system_token) { |n| "00000000-0000-4000-9000-#{n.to_s.rjust(12, '0')}" } end From 50d74dc426f4888c436727829d74e6731f6895bd Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Thu, 21 Nov 2024 03:10:57 +0000 Subject: [PATCH 2/8] Fix rubocop --- engines/scc_proxy/lib/scc_proxy/engine.rb | 2 ++ .../requests/api/connect/v3/systems/products_controller_spec.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index d89967837..8a744a036 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -307,6 +307,7 @@ def scc_upgrade(auth, product, system_login, mode, logger) end end + # rubocop:disable Metrics/ClassLength class Engine < ::Rails::Engine isolate_namespace SccProxy config.generators.api_only = true @@ -549,5 +550,6 @@ def get_system(systems) end end end + # rubocop:enable Metrics/ClassLength end # rubocop:enable Metrics/ModuleLength diff --git a/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb index 6494c9bd7..1e11f91e9 100644 --- a/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -444,7 +444,7 @@ end end - context 'when system has hw_info' do + context 'when system has hw info' do let(:instance_data) { '{"instanceId": "dummy_instance_data"}' } let(:new_system_token) { 'BBBBBBBB-BBBB-4BBB-9BBB-BBBBBBBBBBBB' } let(:serialized_service_json) do From 91552ef18baafa52d82605482d18b169cf1b3a6e Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Thu, 21 Nov 2024 17:53:33 +0000 Subject: [PATCH 3/8] Allow extension no CSP specific Prepare the condition for any CSPs Rename method to be generic --- .../providers/example.rb | 6 +++-- .../v3/systems/products_controller_spec.rb | 25 ++++++++++++------- engines/scc_proxy/lib/scc_proxy/engine.rb | 7 ++---- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/engines/instance_verification/lib/instance_verification/providers/example.rb b/engines/instance_verification/lib/instance_verification/providers/example.rb index 1d49f92d9..46bca7fc0 100644 --- a/engines/instance_verification/lib/instance_verification/providers/example.rb +++ b/engines/instance_verification/lib/instance_verification/providers/example.rb @@ -50,7 +50,9 @@ def payg_billing_code?(iid, identifier) return true if (identifier.casecmp('sles_sap').zero? && SLES4SAP_PRODUCT_IDENTIFIER.include?(instance_billing_info[:marketplace_code])) end - def basic? - false + def allowed_extension? + # method to check if a product (extension) meet the criteria + # to be acivated on SCC or not, i.e. LTSS in Azure Basic VM + true end end diff --git a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb index f3e2940c6..da9f6bc4a 100644 --- a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -38,7 +38,7 @@ it 'class instance verification provider' do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, nil).and_call_original + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, nil).and_call_original.at_least(:once) allow(File).to receive(:directory?) allow(Dir).to receive(:mkdir) allow(FileUtils).to receive(:touch) @@ -71,13 +71,17 @@ end context 'when verification provider returns false' do + # let(:plugin_double) { instance_double('InstanceVerification::Providers::Example') } + before do stub_request(:post, scc_activate_url) .to_return( status: 200, body: { error: 'Unexpected instance verification error has occurred' }.to_json, headers: {} - ) + ) + # allow(InstanceVerification::Providers::Example).to receive(:new).and_return(plugin_double) + # allow(plugin_double).to receive(:allowed_extension?).and_return(true) post url, params: payload, headers: headers end @@ -113,7 +117,7 @@ it 'class instance verification provider' do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, nil).and_call_original + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, nil).and_call_original.at_least(:once) allow(File).to receive(:directory?) allow(Dir).to receive(:mkdir) allow(FileUtils).to receive(:touch) @@ -123,7 +127,7 @@ context 'when system has hw_info' do let(:instance_data) { 'dummy_instance_data' } - let(:system) { FactoryBot.create(:system, :payg, :with_system_information_az, instance_data: instance_data) } + let(:system) { FactoryBot.create(:system, :payg, :with_system_information, instance_data: instance_data) } let(:serialized_service_json) do V3::ServiceSerializer.new( product.service, @@ -188,7 +192,7 @@ let(:instance_data) { 'dummy_instance_data' } let(:system) do FactoryBot.create( - :system, :payg, :with_system_information_az, :with_activated_product, product: base_product, instance_data: instance_data + :system, :payg, :with_system_information, :with_activated_product, product: base_product, instance_data: instance_data ) end let(:serialized_service_json) do @@ -340,8 +344,9 @@ before do allow(InstanceVerification::Providers::Example).to receive(:new) - .with(nil, nil, nil, instance_data).and_return(plugin_double) + .and_return(plugin_double) allow(plugin_double).to receive(:parse_instance_data).and_return({ InstanceId: 'foo' }) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) allow(InstanceVerification).to receive(:update_cache).with('127.0.0.1', system.login, product.id) FactoryBot.create(:subscription, product_classes: product_classes) @@ -380,8 +385,9 @@ before do allow(InstanceVerification::Providers::Example).to receive(:new) - .with(nil, nil, nil, instance_data).and_return(plugin_double) + .and_return(plugin_double) allow(plugin_double).to receive(:parse_instance_data).and_return({ InstanceId: 'foo' }) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) allow(InstanceVerification).to receive(:update_cache).with('127.0.0.1', system.login, product.id) FactoryBot.create(:subscription, product_classes: product_classes) @@ -414,7 +420,7 @@ it 'class instance verification provider' do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, nil).and_call_original + .and_call_original.at_least(:once) allow(File).to receive(:directory?) allow(Dir).to receive(:mkdir) allow(FileUtils).to receive(:touch) @@ -514,8 +520,9 @@ before do allow(InstanceVerification::Providers::Example).to receive(:new) - .with(nil, nil, nil, instance_data).and_return(plugin_double) + .and_return(plugin_double) allow(plugin_double).to receive(:parse_instance_data).and_return({ InstanceId: 'foo' }) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) FactoryBot.create(:subscription, product_classes: product_classes) stub_request(:post, scc_activate_url) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index 8a744a036..95be2a642 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -373,11 +373,8 @@ def has_no_regcode?(auth_header) protected def scc_activate_product - if (@system.system_information && - JSON.parse(@system.system_information)['cloud_provider'].casecmp('microsoft').zero? && - @product.product_class.downcase.include?('ltss') && - InstanceVerification.provider.new(logger, request, nil, @system.instance_data).basic? - ) + product_hash = @product.attributes.symbolize_keys.slice(:identifier, :version, :arch) + unless InstanceVerification.provider.new(logger, request, product_hash, @system.instance_data).allowed_extension? error = ActionController::TranslatedError.new(N_('Product not supported for this instance')) error.status = :forbidden raise error From f544bb04766999d1d7f7db8b28c5a3e7ab65fc35 Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 10:04:00 +0000 Subject: [PATCH 4/8] Update tests --- .../connect/v3/systems/products_controller_spec.rb | 8 ++++---- spec/factories/systems.rb | 13 ------------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb index 1e11f91e9..f023a15b9 100644 --- a/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/scc_proxy/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -349,7 +349,7 @@ context 'when system is connected to SCC' do let(:system_payg) do - FactoryBot.create(:system, :payg, :with_system_information_az, :with_activated_base_product, instance_data: instance_data, + FactoryBot.create(:system, :payg, :with_system_information, :with_activated_base_product, instance_data: instance_data, system_token: new_system_token) end let(:product) do @@ -416,7 +416,7 @@ allow(FileUtils).to receive(:mkdir_p) allow(FileUtils).to receive(:touch) allow(InstanceVerification::Providers::Example).to receive(:new).and_return(plugin_double) - allow(plugin_double).to receive(:basic?).and_return(false) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) allow(InstanceVerification).to receive(:write_cache_file).twice.with( Rails.application.config.repo_cache_dir, "127.0.0.1-#{system_payg.login}-#{product.id}" ) @@ -428,7 +428,7 @@ context 'when LTSS not allowed' do before do - allow(plugin_double).to receive(:basic?).and_return(true) + allow(plugin_double).to receive(:allowed_extension?).and_return(false) end it 'raises an error' do @@ -463,7 +463,7 @@ context 'when system is connected to SCC' do let(:system_payg) do - FactoryBot.create(:system, :payg, :with_system_information_az, :with_activated_base_product, instance_data: instance_data, + FactoryBot.create(:system, :payg, :with_system_information, :with_activated_base_product, instance_data: instance_data, system_token: new_system_token) end let(:product) do diff --git a/spec/factories/systems.rb b/spec/factories/systems.rb index 2f3197f36..8fb81aa38 100644 --- a/spec/factories/systems.rb +++ b/spec/factories/systems.rb @@ -70,19 +70,6 @@ end end - trait :with_system_information_az do - system_information do - { - cpus: 2, - sockets: 1, - hypervisor: nil, - arch: 'x86_64', - uuid: SecureRandom.uuid, - cloud_provider: 'Microsoft' - }.to_json - end - end - trait :with_system_token do sequence(:system_token) { |n| "00000000-0000-4000-9000-#{n.to_s.rjust(12, '0')}" } end From f7c3ae5d01d1fd68d57fe479dbfe310d97018d0f Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 11:26:36 +0000 Subject: [PATCH 5/8] Send the instance ID in the token for Azure When activating an extension, i.e. LTSS in Azure, the header must contain the the instance identifier This Fixes bsc#1233314 --- engines/scc_proxy/lib/scc_proxy/engine.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index e684dc910..10eede7bf 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -68,9 +68,10 @@ def get_instance_id(params) nil, params['instance_data'] ) - instance_id_key = INSTANCE_ID_KEYS[params['hwinfo']['cloud_provider'].downcase.to_sym] - iid = verification_provider.parse_instance_data - iid[instance_id_key] + csp = params['hwinfo']['cloud_provider'].downcase + instance_id_key = INSTANCE_ID_KEYS[csp.to_sym] + instance_data = verification_provider.parse_instance_data + csp.casecmp('microsoft').zero? ? instance_data['attestedData'][instance_id_key] : instance_data[instance_id_key] end def prepare_scc_announce_request(uri_path, auth, params) From ddcb893660e08ae49a81d66edaa55659d18ddfea Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 16:13:35 +0000 Subject: [PATCH 6/8] Add instance_identifier method In order to keep RMT implementation generic add a CSP specific method in the CSP instance verification class --- .../providers/example.rb | 8 ++++---- .../v3/systems/products_controller_spec.rb | 2 +- engines/scc_proxy/lib/scc_proxy/engine.rb | 20 ++++++------------- 3 files changed, 11 insertions(+), 19 deletions(-) diff --git a/engines/instance_verification/lib/instance_verification/providers/example.rb b/engines/instance_verification/lib/instance_verification/providers/example.rb index b773d7855..780c57884 100644 --- a/engines/instance_verification/lib/instance_verification/providers/example.rb +++ b/engines/instance_verification/lib/instance_verification/providers/example.rb @@ -27,10 +27,6 @@ def validate_instance_data(_instance_data) end def parse_instance_data - if @instance_data.include? '' - return { 'instance_data' => 'parsed_instance_data' } - end - if @instance_data.include?('SUSE') if @instance_data.include?('SAP') return { 'billingProducts' => nil, 'marketplaceProductCodes' => ['6789_SUSE_SAP'] } @@ -49,4 +45,8 @@ def payg_billing_code?(iid, identifier) return true if (identifier.casecmp('sles').zero? && instance_billing_info[:billing_product] == SLES_PRODUCT_IDENTIFIER) return true if (identifier.casecmp('sles_sap').zero? && SLES4SAP_PRODUCT_IDENTIFIER.include?(instance_billing_info[:marketplace_code])) end + + def instance_identifier + 'foo' + end end diff --git a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb index 9ccbcb1c2..40b079e2f 100644 --- a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -341,7 +341,7 @@ before do allow(InstanceVerification::Providers::Example).to receive(:new) .with(nil, nil, nil, instance_data).and_return(plugin_double) - allow(plugin_double).to receive(:parse_instance_data).and_return({ InstanceId: 'foo' }) + allow(plugin_double).to receive(:instance_identifier).and_return('foo') allow(InstanceVerification).to receive(:update_cache).with('127.0.0.1', system.login, product.id) FactoryBot.create(:subscription, product_classes: product_classes) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index 10eede7bf..5da34dd14 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -43,7 +43,12 @@ class << self # rubocop:disable ThreadSafety/InstanceVariableInClassMethod def headers(auth, params) @instance_id = if params && params.class != String - get_instance_id(params) + InstanceVerification.provider.new( + nil, + nil, + nil, + params['instance_data'] + ).instance_identifier else # if it is not JSON, it is the system_token already # announce system has metadata @@ -61,19 +66,6 @@ def headers(auth, params) end # rubocop:enable ThreadSafety/InstanceVariableInClassMethod - def get_instance_id(params) - verification_provider = InstanceVerification.provider.new( - nil, - nil, - nil, - params['instance_data'] - ) - csp = params['hwinfo']['cloud_provider'].downcase - instance_id_key = INSTANCE_ID_KEYS[csp.to_sym] - instance_data = verification_provider.parse_instance_data - csp.casecmp('microsoft').zero? ? instance_data['attestedData'][instance_id_key] : instance_data[instance_id_key] - end - def prepare_scc_announce_request(uri_path, auth, params) scc_request = Net::HTTP::Post.new(uri_path, headers(auth, params)) From 40fb93f7803838d08a1b20614c71300d3eb4423b Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Mon, 25 Nov 2024 16:16:18 +0000 Subject: [PATCH 7/8] Remove variable as it will be CSP specific --- engines/scc_proxy/lib/scc_proxy/engine.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/engines/scc_proxy/lib/scc_proxy/engine.rb b/engines/scc_proxy/lib/scc_proxy/engine.rb index 5da34dd14..b6905d4a0 100644 --- a/engines/scc_proxy/lib/scc_proxy/engine.rb +++ b/engines/scc_proxy/lib/scc_proxy/engine.rb @@ -25,12 +25,6 @@ Net::HTTPRetriableError ].freeze -INSTANCE_ID_KEYS = { - amazon: 'instanceId', - google: 'instance_id', - microsoft: 'vmId' -}.freeze - # rubocop:disable Metrics/ModuleLength module SccProxy class << self From a778f30e302145ca2499cc2024a0c10c151db70f Mon Sep 17 00:00:00 2001 From: Jesus Bermudez Velazquez Date: Tue, 26 Nov 2024 10:00:14 +0000 Subject: [PATCH 8/8] Fix CI test --- .../v3/systems/products_controller_spec.rb | 33 ++++++++++++------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb index da9f6bc4a..5d121c8f5 100644 --- a/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb +++ b/engines/instance_verification/spec/requests/api/connect/v3/systems/products_controller_spec.rb @@ -71,7 +71,7 @@ end context 'when verification provider returns false' do - # let(:plugin_double) { instance_double('InstanceVerification::Providers::Example') } + let(:plugin_double) { instance_double('InstanceVerification::Providers::Example') } before do stub_request(:post, scc_activate_url) @@ -80,8 +80,9 @@ body: { error: 'Unexpected instance verification error has occurred' }.to_json, headers: {} ) - # allow(InstanceVerification::Providers::Example).to receive(:new).and_return(plugin_double) - # allow(plugin_double).to receive(:allowed_extension?).and_return(true) + allow(InstanceVerification::Providers::Example).to receive(:new).and_return(plugin_double) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) + allow(plugin_double).to receive(:instance_valid?).and_return(false) post url, params: payload, headers: headers end @@ -145,8 +146,9 @@ context 'when verification provider returns false' do before do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double) + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double).at_least(:once) expect(plugin_double).to receive(:instance_valid?).and_return(false) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) post url, params: payload, headers: headers end @@ -159,8 +161,9 @@ context 'when verification provider raises an unhandled exception' do before do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double) + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double).at_least(:once) expect(plugin_double).to receive(:instance_valid?).and_raise('Custom plugin error') + allow(plugin_double).to receive(:allowed_extension?).and_return(true) post url, params: payload, headers: headers end @@ -175,9 +178,9 @@ before do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double) + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double).at_least(:once) expect(plugin_double).to receive(:instance_valid?).and_raise(InstanceVerification::Exception, 'Custom plugin error') - + allow(plugin_double).to receive(:allowed_extension?).and_return(true) post url, params: payload, headers: headers end @@ -231,9 +234,9 @@ end before do - allow(InstanceVerification::Providers::Example).to receive(:new) - .with(nil, nil, nil, instance_data).and_return(plugin_double) + allow(InstanceVerification::Providers::Example).to receive(:new).and_return(plugin_double) allow(plugin_double).to receive(:parse_instance_data).and_return({ InstanceId: 'foo' }) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) FactoryBot.create(:subscription, product_classes: product_classes) stub_request(:post, scc_activate_url) @@ -403,7 +406,7 @@ .to_return(status: 201, body: scc_response_body, headers: {}) expect(InstanceVerification).not_to receive(:update_cache).with('127.0.0.1', system.login, product.id) - + allow(plugin_double).to receive(:allowed_extension?).and_return(true) post url, params: payload_no_token, headers: headers end @@ -415,6 +418,10 @@ end context 'when the system is hybrid' do + before do + allow_any_instance_of(InstanceVerification::Providers::Example).to receive(:allowed_extension?).and_return(true) + end + context "when system doesn't have hw_info" do let(:system) { FactoryBot.create(:system, :hybrid) } @@ -448,7 +455,8 @@ context 'when verification provider returns false' do before do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double) + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double).at_least(:once) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) expect(plugin_double).to receive(:instance_valid?).and_return(false) post url, params: payload, headers: headers end @@ -462,7 +470,8 @@ context 'when verification provider raises an unhandled exception' do before do expect(InstanceVerification::Providers::Example).to receive(:new) - .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double) + .with(be_a(ActiveSupport::Logger), be_a(ActionDispatch::Request), payload, instance_data).and_return(plugin_double).at_least(:once) + allow(plugin_double).to receive(:allowed_extension?).and_return(true) expect(plugin_double).to receive(:instance_valid?).and_raise('Custom plugin error') post url, params: payload, headers: headers end