From cebbc5e6aa6c2df9c37d51080bac46484c419ed0 Mon Sep 17 00:00:00 2001
From: Vikas Yadav <139783200+talktovikas@users.noreply.github.com>
Date: Thu, 14 Nov 2024 15:01:22 +0530
Subject: [PATCH] Pedant test for the case if automate license is expired
 (#3941)

* Updated chef-server-ctl to handle invalid license + Added grace period in X-Ops-License

Signed-off-by: jan shahid shaik <jashaik@progress.com>

* Added customer name in get_license method and license cache

Signed-off-by: jan shahid shaik <jashaik@progress.com>

* debug statements

Signed-off-by: talktovikas <vikas.yadav@progress.com>

* case for expired license.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

making it 403

Signed-off-by: talktovikas <vikas.yadav@progress.com>

running cases only for automate.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

test for chef-zero

Signed-off-by: talktovikas <vikas.yadav@progress.com>

test for /users

Signed-off-by: talktovikas <vikas.yadav@progress.com>

adding env in docker

Signed-off-by: talktovikas <vikas.yadav@progress.com>

fixing verify syntax.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

fixing placement of env variables.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

fixing placement of executor.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

test

Signed-off-by: talktovikas <vikas.yadav@progress.com>

* adding config for expired license from vault.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

* Added few puts inside success licese case.

Signed-off-by: sreepuramsudheer <ssudheer@progress.com>

* Added IS_AUTOMATE into environment variables.

Signed-off-by: sreepuramsudheer <ssudheer@progress.com>

* Replaced hardcoded expired license with one received from vault.

Signed-off-by: sreepuramsudheer <ssudheer@progress.com>

* Updated chef-server-ctl to handle invalid license + Added grace period in X-Ops-License

Signed-off-by: jan shahid shaik <jashaik@progress.com>

* Added customer name in get_license method and license cache

Signed-off-by: jan shahid shaik <jashaik@progress.com>

* removing debug logs

Signed-off-by: talktovikas <vikas.yadav@progress.com>

* code review changes.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

* adding comment for the test case.

Signed-off-by: talktovikas <vikas.yadav@progress.com>

---------

Signed-off-by: jan shahid shaik <jashaik@progress.com>
Signed-off-by: talktovikas <vikas.yadav@progress.com>
Signed-off-by: sreepuramsudheer <ssudheer@progress.com>
Co-authored-by: jan shahid shaik <jashaik@progress.com>
Co-authored-by: sreepuramsudheer <ssudheer@progress.com>
---
 .expeditor/verify.pipeline.yml                | 46 ++++++++++----
 .../spec/api/server_license_spec.rb           | 61 +++++++++++++++++++
 2 files changed, 96 insertions(+), 11 deletions(-)
 create mode 100644 oc-chef-pedant/spec/api/server_license_spec.rb

diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml
index 482ff466e2..7c7d3cc809 100644
--- a/.expeditor/verify.pipeline.yml
+++ b/.expeditor/verify.pipeline.yml
@@ -154,6 +154,7 @@ steps:
           - USE_OMNIBUS_FILES=0
           - PEDANT_OPTS="--skip-oc_id"
           - BUNDLE_GEMFILE=/workdir/oc-chef-pedant/Gemfile
+          - IS_AUTOMATE=false
 
 - label: With ChefFS=1
   command:
@@ -174,6 +175,7 @@ steps:
           - PEDANT_OPTS="--skip-oc_id"
           - CHEF_FS=1
           - BUNDLE_GEMFILE=/workdir/oc-chef-pedant/Gemfile
+          - IS_AUTOMATE=false
 
 - label: automate_build
   command:
@@ -214,39 +216,61 @@ steps:
 - label: "chef server"
   command:
     - .expeditor/chef_server.sh
+  env:
+    IS_AUTOMATE: true
   timeout_in_minutes: 30 # longer timeout for chef-server
   expeditor:
-    executor:
-      linux:
-        privileged: true
     secrets:
       A2_LICENSE:
         path: secret/a2/license
         field: license
+      A2_EXPIRED_LICENSE:
+        path: secret/a2/license
+        field: expLicense
+    executor:
+      linux:
+        privileged: true
+        environment:
+          - IS_AUTOMATE=true
 
 - label: "chef server only"
   command:
     - .expeditor/chef_server_only.sh
+  env:
+    IS_AUTOMATE: true
   timeout_in_minutes: 20
   expeditor:
-    executor:
-      linux:
-        privileged: true
     secrets:
       A2_LICENSE:
         path: secret/a2/license
         field: license
+      A2_EXPIRED_LICENSE:
+        path: secret/a2/license
+        field: expLicense
+    executor:
+      linux:
+        privileged: true
+        environment:
+          - IS_AUTOMATE=true
+
 
 - label: "ha chef server"
   command:
     - .expeditor/ha_chef_server.sh
+  env:
+    IS_AUTOMATE: true
   timeout_in_minutes: 35
   expeditor:
-    executor:
-      linux:
-        single-use: true
-        privileged: true
     secrets:
       A2_LICENSE:
         path: secret/a2/license
-        field: license
\ No newline at end of file
+        field: license
+      A2_EXPIRED_LICENSE:
+        path: secret/a2/license
+        field: expLicense
+    executor:
+      linux:
+        privileged: true
+        single-use: true
+        environment:
+          - IS_AUTOMATE=true
diff --git a/oc-chef-pedant/spec/api/server_license_spec.rb b/oc-chef-pedant/spec/api/server_license_spec.rb
new file mode 100644
index 0000000000..1b5e6136a5
--- /dev/null
+++ b/oc-chef-pedant/spec/api/server_license_spec.rb
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+require 'pedant/rspec/common'
+
+describe "server license testing", :license do
+
+  # Pedant has configurable test users.
+  # Selects Pedant users that are marked as associated
+  let(:default_pedant_user_names) { platform.users.select(&:associate).map(&:name).sort }
+  let(:default_users_body)        { default_pedant_user_names.map { |user| {"user" => {"username" => user} } } }
+
+  # context "/users endpoint", automate: true do
+  context "/users endpoint" do
+    let(:request_url) { "#{platform.server}/users" }
+    let(:status_url) { "#{platform.server}/_status" }
+
+    let(:users_body) do
+      {
+        # There are other users, but these are ours, so they should always be
+        # somewhere in the userspace soup.
+        "pivotal" => "#{request_url}/pivotal",
+        platform.bad_user.name => "#{request_url}/#{platform.bad_user.name}",
+        platform.admin_user.name => "#{request_url}/#{platform.admin_user.name}",
+        platform.non_admin_user.name => "#{request_url}/#{platform.non_admin_user.name}",
+      }
+    end
+
+    context "when having valid license" do
+      it "can get all users and since the license is valid, they should show 200 as return", :smoke do
+        get(request_url, platform.superuser).should look_like({
+            :status => 200,
+            :body => users_body
+          })
+      end
+    end
+
+    # In case of Embedded chef-server in Automate, If the license of automate is Expired in that case all requests reaching to chef-server should return 403
+    context "when not having valid license",  if: ENV["IS_AUTOMATE"] == "true" do
+      before(:all) do
+        puts "applying expired license"
+        puts ENV['A2_EXPIRED_LICENSE']
+        system("chef-automate license apply -f \"${A2_EXPIRED_LICENSE}\"")
+        system("sleep 50")
+        puts "expired license applied"
+        puts system("chef-automate license status")
+      end
+      after(:all) do
+        system("chef-automate license apply \"$A2_LICENSE\"")
+        system("sleep 50")
+        puts "valid license applied"
+        puts system("chef-automate license status")
+      end
+
+      it "returns 403", :smoke  do
+        puts get(request_url, platform.superuser)
+        get(request_url, platform.superuser).should look_like({
+            :status => 403
+          })
+      end
+    end
+  end # context /users/<name> endpoint
+end # describe users
\ No newline at end of file