From 8309bff34438d4c8a87963cd5273de0fa14b220f Mon Sep 17 00:00:00 2001 From: Jeremy Clerc Date: Mon, 8 Apr 2024 23:25:31 +0200 Subject: [PATCH] Support license installation Via system property path so we do not require a restart on new install or upgrade as the license will be directly loaded. cf: https://help.sonatype.com/en/installing-and-updating-licenses.html#installing-or-updating-a-license-using-a-system-property But also via the API directly for when the license needs to be updated as the system property path does not care about the license file being updated if a license is already installed. --- .gitignore | 1 + .rubocop.yml | 6 ++-- resources/default.rb | 40 ++++++++++++++++++++++++--- resources/license.rb | 39 ++++++++++++++++++++++++++ spec/unit/resource_validation_spec.rb | 2 +- 5 files changed, 80 insertions(+), 8 deletions(-) create mode 100644 resources/license.rb diff --git a/.gitignore b/.gitignore index 8565eae..15fae0f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ Gemfile.lock .kitchen/ .kitchen.local.yml .bundle/ +bundle/ diff --git a/.rubocop.yml b/.rubocop.yml index 4596586..e8ecb6d 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -7,13 +7,13 @@ AllCops: Layout/LineLength: Max: 150 -Layout/MethodLength: +Metrics/MethodLength: Max: 60 -Layout/AbcSize: +Metrics/AbcSize: Max: 60 -Layout/BlockLength: +Metrics/BlockLength: Max: 130 Naming/FileName: diff --git a/resources/default.rb b/resources/default.rb index fb34a91..8848870 100644 --- a/resources/default.rb +++ b/resources/default.rb @@ -17,6 +17,8 @@ property :properties_variables, Hash, default: lazy { node['nexus3']['properties_variables'] } property :vmoptions_variables, Hash, default: lazy { node['nexus3']['vmoptions_variables'] } property :outbound_proxy, [Hash, NilClass], sensitive: true, default: lazy { node['nexus3']['outbound_proxy'] } +property :license_fingerprint, [String, NilClass], default: lazy { node['nexus3']['license_fingerprint'] } +property :license, [String, NilClass], sensitive: true, default: lazy { node['nexus3']['license'] } property :plugins, Hash, default: lazy { node['nexus3']['plugins'] } property :logback_variables, Hash, default: lazy { node['nexus3']['logback_variables'] } @@ -140,6 +142,30 @@ end end + license_file_path = new_resource.properties_variables['nexus.licenseFile'] + license_already_installed = !license_file_path.nil? && ::File.exist?(license_file_path) + + directory "license directory for #{new_resource.instance_name}" do + path(lazy { ::File.dirname(license_file_path) }) + recursive true + owner 'root' + group 'root' + mode '0755' + only_if { !new_resource.license.nil? && !license_file_path.nil? } + end + + file "license for #{new_resource.instance_name}" do + action :create + path license_file_path + owner 'root' + group new_resource.nexus3_group + mode '0640' + sensitive true + content(lazy { ::Base64.decode64(new_resource.license) }) + notifies :update, 'nexus3_license[update installed license]', :delayed if license_already_installed + only_if { !new_resource.license.nil? && !license_file_path.nil? } + end + link new_resource.nexus3_home do to install_dir owner new_resource.nexus3_user @@ -162,9 +188,9 @@ wait_until_ready!(::Nexus3::Api.endpoint(port), node['nexus3']['api']['wait']) end action :nothing - notifies :create, "nexus3_api[#{pwchanger}]" - notifies :run, "nexus3_api[#{pwchanger}]" - notifies new_resource.outbound_proxy ? :create : :delete, 'nexus3_outbound_proxy[default]' + notifies :create, "nexus3_api[#{pwchanger}]", :delayed + notifies :run, "nexus3_api[#{pwchanger}]", :delayed + notifies new_resource.outbound_proxy ? :create : :delete, 'nexus3_outbound_proxy[default]', :delayed end passwd_file = ::File.join(new_resource.data, 'admin.password') @@ -176,7 +202,7 @@ api_client(lazy { ::Nexus3::Api.local(port, 'admin', ::File.read(passwd_file)) }) only_if { ::File.exist? passwd_file } action :nothing - notifies :delete, "file[#{passwd_file}]" + notifies :delete, "file[#{passwd_file}]", :delayed end file passwd_file do @@ -189,6 +215,12 @@ config new_resource.outbound_proxy unless new_resource.outbound_proxy.nil? api_client(lazy { ::Nexus3::Api.local(port, 'admin', new_resource.nexus3_password) }) end + + nexus3_license 'update installed license' do + action :nothing + fingerprint new_resource.license_fingerprint + license new_resource.license + end end action_class do diff --git a/resources/license.rb b/resources/license.rb new file mode 100644 index 0000000..8caaa63 --- /dev/null +++ b/resources/license.rb @@ -0,0 +1,39 @@ +property :fingerprint, String, default: lazy { node['nexus3']['license_fingerprint'] } +property :license, String, sensitive: true, default: lazy { node['nexus3']['license'] } +property :api_client, ::Nexus3::Api, identity: true, desired_state: false, default: lazy { ::Nexus3::Api.default(node) } + +load_current_value do |_desired| + begin + config = api_client.request(:get, 'system/license') + current_value_does_not_exist! if config.nil? + fingerprint JSON.parse(config)['fingerprint'] + # Nexus returns a 402 Payment Required when there is no license installed, we get an ApiError + rescue ::LoadError, ::Nexus3::ApiError => e + ::Chef::Log.warn "A '#{e.class}' occured: #{e.message}" + current_value_does_not_exist! + end +end + +action :update do + converge_if_changed :fingerprint do + converge_by('Uploading license') do + new_resource.api_client.request( + :post, 'system/license', data: ::Base64.decode64(new_resource.license), content_type: 'application/octet-stream' + ) + end + end +end + +action :delete do + unless current_resource.nil? + converge_by('Unregistering license') do + new_resource.api_client.request(:delete, 'system/license') + end + end +end + +action_class do + def whyrun_supported? + true + end +end diff --git a/spec/unit/resource_validation_spec.rb b/spec/unit/resource_validation_spec.rb index 0186ea7..3a38031 100644 --- a/spec/unit/resource_validation_spec.rb +++ b/spec/unit/resource_validation_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe 'nexus3_resources_test::default' do - NON_TESTED_RESOURCES = %w[service_systemd service_windows default service_sysvinit].freeze + NON_TESTED_RESOURCES = %w[default license service_systemd service_sysvinit service_windows].freeze cached(:chef_run) do ::ChefSpec::SoloRunner.new(platform: 'centos', version: CENTOS_VERSION).converge(described_recipe) end