Merge pull request #1247 from SUSE/sle-micro-sles-access

Allow SLE Micro system to access free SLES repositories
SUSE · Nov 29, 2024 · 3f7266c · 3f7266c
2 parents 5b0a2d5 + a7e6212
commit 3f7266c
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 2 deletions.
diff --git a/app/controllers/api/connect/v3/systems/products_controller.rb b/app/controllers/api/connect/v3/systems/products_controller.rb
@@ -12,7 +12,13 @@ def activate
   end
 
   def show
-    if @system.products.include? @product
+    if @product.identifier.casecmp?('sles')
+      # if system has SLE Micro
+      # it should access to SLES products
+      sle_micro = @system.products.any? { |p| p.identifier.downcase.include?('sle-micro') }
+      sle_micro_same_arch = @system.products.pluck(:arch).include?(@product.arch) if sle_micro
+    end
+    if @system.products.include?(@product) || sle_micro_same_arch
       respond_with(
         @product,
         serializer: ::V3::ProductSerializer,

diff --git a/.../strict_authentication/app/controllers/strict_authentication/authentication_controller.rb b/.../strict_authentication/app/controllers/strict_authentication/authentication_controller.rb
@@ -28,6 +28,8 @@ def path_allowed?(headers)
       all_allowed_paths(headers).find { |allowed_path| path =~ /^#{Regexp.escape(allowed_path)}/ }
     end
 
+    # rubocop:disable Metrics/CyclomaticComplexity
+    # rubocop:disable Metrics/PerceivedComplexity
     def all_allowed_paths(headers)
       # return all versions of the same product and arch
       # (that the system has available with that subscription)
@@ -37,6 +39,20 @@ def all_allowed_paths(headers)
       # to them or verify paths
       all_product_versions = @system.products.map { |p| Product.where(identifier: p.identifier, arch: p.arch) }.flatten
       allowed_paths = all_product_versions.map { |prod| prod.repositories.pluck(:local_path) }.flatten
+      # Allow SLE Micro to access all free SLES repositories
+      sle_micro = @system.products.any? { |p| p.identifier.downcase.include?('sle-micro') }
+      if sle_micro
+        system_products_archs = @system.products.pluck(:arch)
+        product_free_sles_modules_only = Product.where(
+          "(lower(identifier) like 'sle-module%' or lower(identifier) like 'packagehub')
+           and lower(identifier) not like '%sap%'
+           and arch = '#{system_products_archs.first}'
+           and free = 1"
+          )
+      end
+      same_arch = product_free_sles_modules_only.any? { |p| system_products_archs.include?(p.arch) } if product_free_sles_modules_only.present?
+      allowed_paths += product_free_sles_modules_only.map { |prod| prod.repositories.pluck(:local_path) }.flatten if same_arch
+
       # for the SUMa PAYG offers, RMT access verification code allows access
       # to the SUMa Client Tools channels and SUMa Proxy channels
       # when product is SUMA_Server and PAYG or SUMA_Server and used as SCC proxy
@@ -57,5 +73,7 @@ def all_allowed_paths(headers)
       end
       allowed_paths
     end
+    # rubocop:enable Metrics/CyclomaticComplexity
+    # rubocop:enable Metrics/PerceivedComplexity
   end
 end
diff --git a/...rict_authentication/spec/requests/strict_authentication/authentication_controller_spec.rb b/...rict_authentication/spec/requests/strict_authentication/authentication_controller_spec.rb
@@ -5,7 +5,7 @@ module StrictAuthentication
   RSpec.describe AuthenticationController, type: :request do
     subject { response }
 
-    let(:system) { FactoryBot.create(:system, :with_activated_product) }
+    let(:system) { FactoryBot.create(:system, :with_activated_product_sle_micro) }
 
     describe '#check' do
       context 'without authentication' do
@@ -39,6 +39,36 @@ module StrictAuthentication
             its(:code) { is_expected.to eq '403' }
           end
 
+          context 'when requesting a file in an activated SLES repo on a SLE Micro system' do
+            let(:free_product) do
+              prod = FactoryBot.create(
+                :product, :module, :with_mirrored_repositories
+                )
+              prod.identifier = 'sle-module-foo'
+              prod.arch = system.products.first.arch
+              prod.save!
+              prod
+            end
+            let(:requested_uri) { '/repo' + free_product.repositories.first[:local_path] + '/repodata/repomd.xml' }
+
+            its(:code) { is_expected.to eq '200' }
+          end
+
+          context 'when requesting a file in an activated SLES SAP repo on a SLE Micro system' do
+            let(:free_product) do
+              prod = FactoryBot.create(
+                :product, :module, :with_mirrored_repositories
+                )
+              prod.identifier = 'sle-module-foo-sap'
+              prod.arch = system.products.first.arch
+              prod.save!
+              prod
+            end
+            let(:requested_uri) { '/repo' + free_product.repositories.first[:local_path] + '/repodata/repomd.xml' }
+
+            its(:code) { is_expected.to eq '403' }
+          end
+
           context 'when requesting a file in an activated repo' do
             let(:requested_uri) { '/repo' + system.repositories.first[:local_path] + '/repodata/repomd.xml' }
 

diff --git a/spec/factories/products.rb b/spec/factories/products.rb
@@ -90,6 +90,22 @@
       friendly_version { '15 SP3' }
     end
 
+    trait :product_sle_micro do
+      identifier { 'SLE-Micro' }
+      name { 'SUSE Linux Enterprise Server' }
+      description { 'SUSE Linux Enterprise offers a comprehensive suite of products...' }
+      shortname { 'SLES15-SP6' }
+      former_identifier { 'SUSE_SLES_MICRO' }
+      product_type { :base }
+      release_type { nil }
+      release_stage { 'released' }
+      version { '15.6' }
+      arch { 'x86_64' }
+      free { false }
+      cpe { 'cpe:/o:suse:sles_sap:15:sp6' }
+      friendly_version { '15 SP6' }
+    end
+
     trait :extension do
       product_type { 'extension' }
     end

diff --git a/spec/factories/systems.rb b/spec/factories/systems.rb
@@ -57,6 +57,17 @@
       end
     end
 
+    trait :with_activated_product_sle_micro do
+      transient do
+        product { create(:product, :product_sle_micro, :with_mirrored_repositories) }
+        subscription { nil }
+      end
+
+      after :create do |system, evaluator|
+        create(:activation, system: system, service: evaluator.product.service, subscription: evaluator.subscription)
+      end
+    end
+
     trait :with_system_information do
       system_information do
         {

diff --git a/spec/requests/api/connect/v3/systems/products_controller_spec.rb b/spec/requests/api/connect/v3/systems/products_controller_spec.rb
@@ -246,6 +246,33 @@
       end
     end
 
+    context 'when SLE Micro product is activated' do
+      let(:system) { FactoryBot.create(:system, :with_activated_product_sle_micro) }
+      let(:product) { FactoryBot.create(:product, :product_sles, :with_mirrored_repositories) }
+      let(:payload) do
+        {
+          identifier: product.identifier,
+          version: product.version,
+          arch: system.products.first.arch
+        }
+      end
+      let(:serialized_json) do
+        V3::ProductSerializer.new(
+          product,
+          base_url: URI::HTTP.build({ scheme: response.request.scheme, host: response.request.host }).to_s
+        ).to_json
+      end
+
+      describe 'response' do
+        subject { response }
+
+        before { get url, headers: headers, params: payload }
+
+        its(:code) { is_expected.to eq('200') }
+        its(:body) { is_expected.to eq(serialized_json) }
+      end
+    end
+
     context 'with eula_url' do
       subject { response }