Support license installation

Via system property path so we do not require a restart on new install or upgrade: cf: https://help.sonatype.com/en/installing-and-updating-licenses.html#installing-or-updating-a-license-using-a-system-property But also via the API directly for when the license needs to be updated as the system property path does not care if about a new license if there is already on installed
criteo-cookbooks · Apr 17, 2024 · 8f65d4b · 8f65d4b
1 parent ee404d5
commit 8f65d4b
Show file tree

Hide file tree

Showing 5 changed files with 99 additions and 16 deletions.
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@ Gemfile.lock
 .kitchen/
 .kitchen.local.yml
 .bundle/
+bundle/
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -7,13 +7,13 @@ AllCops:
 Layout/LineLength:
   Max: 150
 
-Layout/MethodLength:
+Metrics/MethodLength:
   Max: 60
 
-Layout/AbcSize:
+Metrics/AbcSize:
   Max: 60
 
-Layout/BlockLength:
+Metrics/BlockLength:
   Max: 130
 
 Naming/FileName:

diff --git a/resources/default.rb b/resources/default.rb
@@ -1,3 +1,5 @@
+unified_mode true
+
 property :instance_name, String, name_property: true
 property :nexus3_user, [String, NilClass], default: lazy { node['nexus3']['user'] }
 property :nexus3_uid, [String, Integer, NilClass], default: lazy { node['nexus3']['uid'] }
@@ -17,6 +19,8 @@
 property :properties_variables, Hash, default: lazy { node['nexus3']['properties_variables'] }
 property :vmoptions_variables, Hash, default: lazy { node['nexus3']['vmoptions_variables'] }
 property :outbound_proxy, [Hash, NilClass], sensitive: true, default: lazy { node['nexus3']['outbound_proxy'] }
+property :license_fingerprint, [String, NilClass], default: lazy { node['nexus3']['license_fingerprint'] }
+property :license, [String, NilClass], sensitive: true, default: lazy { node['nexus3']['license'] }
 property :plugins, Hash, default: lazy { node['nexus3']['plugins'] }
 property :logback_variables, Hash, default: lazy { node['nexus3']['logback_variables'] }
 
@@ -77,8 +81,8 @@
     owner new_resource.nexus3_user
     group new_resource.nexus3_group
     cookbook 'nexus3'
-    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :delayed
-    notifies :run, "ruby_block[#{blocker}]", :delayed
+    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :immediately
+    notifies :run, "ruby_block[#{blocker}]", :immediately
   end
 
   vars = new_resource.vmoptions_variables.dup
@@ -96,17 +100,17 @@
     group new_resource.nexus3_group
     mode '0644'
     content vmoptions.join
-    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :delayed
-    notifies :run, "ruby_block[#{blocker}]", :delayed
+    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :immediately
+    notifies :run, "ruby_block[#{blocker}]", :immediately
   end
 
   file ::File.join(new_resource.data, 'etc', 'nexus.properties') do
     content new_resource.properties_variables.map { |k, v| "#{k}=#{v}" }.join("\n")
     mode '0644'
     user new_resource.nexus3_user
     group new_resource.nexus3_group
-    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :delayed
-    notifies :run, "ruby_block[#{blocker}]", :delayed
+    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :immediately
+    notifies :run, "ruby_block[#{blocker}]", :immediately
   end
 
   directory ::File.join(new_resource.data, 'etc', 'logback') do
@@ -122,8 +126,8 @@
     owner new_resource.nexus3_user
     group new_resource.nexus3_group
     variables(config: new_resource.logback_variables['config'])
-    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :delayed
-    notifies :run, "ruby_block[#{blocker}]", :delayed
+    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :immediately
+    notifies :run, "ruby_block[#{blocker}]", :immediately
     not_if { new_resource.logback_variables.empty? }
   end
 
@@ -135,17 +139,34 @@
       checksum config['checksum']
       owner new_resource.nexus3_user
       action((config['action'] || :create).to_sym)
-      notifies :restart, "nexus3_service[#{new_resource.service_name}]", :delayed
-      notifies :run, "ruby_block[#{blocker}]", :delayed
+      notifies :restart, "nexus3_service[#{new_resource.service_name}]", :immediately
+      notifies :run, "ruby_block[#{blocker}]", :immediately
     end
   end
 
+  license_file_path = new_resource.properties_variables['nexus.licenseFile']
+  restart_for_license = license_file_path && !::File.exist?(license_file_path)
+
+  nexus3_license 'install license' do
+    action :install
+    path license_file_path
+    nexus3_group new_resource.nexus3_group
+    license_fingerprint new_resource.license_fingerprint
+    license new_resource.license
+    notifies :restart, "nexus3_service[#{new_resource.service_name}]", :immediately if restart_for_license
+    notifies :run, "ruby_block[#{blocker}]", :immediately if restart_for_license
+    notifies :update, 'nexus3_license[install license]', :delayed
+    only_if { new_resource.license && license_file_path }
+  end
+
   link new_resource.nexus3_home do
     to install_dir
     owner new_resource.nexus3_user
     group new_resource.nexus3_group
   end
 
+  # With unified mode, always make sure this resource is kept between install steps (conf files, ...) and
+  # steps depending on a running instance, so we can have a "restart point".
   nexus3_service new_resource.service_name.to_s do
     install_dir install_dir
     nexus3_user new_resource.nexus3_user
@@ -164,7 +185,7 @@
     action :nothing
     notifies :create, "nexus3_api[#{pwchanger}]"
     notifies :run, "nexus3_api[#{pwchanger}]"
-    notifies new_resource.outbound_proxy ? :create : :delete, 'nexus3_outbound_proxy[default]'
+    notifies new_resource.outbound_proxy ? :create : :delete, 'nexus3_outbound_proxy[default]', :immediately
   end
 
   passwd_file = ::File.join(new_resource.data, 'admin.password')
@@ -176,7 +197,7 @@
     api_client(lazy { ::Nexus3::Api.local(port, 'admin', ::File.read(passwd_file)) })
     only_if { ::File.exist? passwd_file }
     action :nothing
-    notifies :delete, "file[#{passwd_file}]"
+    notifies :delete, "file[#{passwd_file}]", :immediately
   end
 
   file passwd_file do

diff --git a/resources/license.rb b/resources/license.rb
@@ -0,0 +1,61 @@
+property :path, [String, NilClass], default: lazy { node['nexus3']['properties_variables']['nexus.licenseFile'] }
+property :nexus3_group, [String, NilClass], default: lazy { node['nexus3']['group'] }
+property :fingerprint, String, default: lazy { node['nexus3']['license_fingerprint'] }
+property :license, String, sensitive: true, default: lazy { node['nexus3']['license'] }
+property :api_client, ::Nexus3::Api, identity: true, desired_state: false, default: lazy { ::Nexus3::Api.default(node) }
+
+#    def request(method, path, content_type: 'application/json', data: nil, query: nil)
+load_current_value do |_desired|
+  begin
+    config = api_client.request(:get, 'system/license')
+    current_value_does_not_exist! if config.nil?
+    fingerprint config['fingerprint']
+  # Nexus returns a 402 Payment Required when there is no license installed, we get an ApiError
+  rescue ::LoadError, ::Nexus3::ApiError => e
+    ::Chef::Log.warn "A '#{e.class}' occured: #{e.message}"
+    current_value_does_not_exist!
+  end
+end
+
+action :install do
+  directory "license directory for #{new_resource.instance_name}" do
+    path(lazy { ::File.dirname(new_resource.path) })
+    recursive true
+    owner     'root'
+    group     'root'
+    mode      '0755'
+    only_if { new_resource.license && new_resource.path }
+  end
+
+  file "license for #{new_resource.instance_name}" do
+    action    :create
+    owner     'root'
+    group     new_resource.nexus3_group
+    mode      '0640'
+    sensitive true
+    content(lazy { ::Base64.decode64(new_resource.license) })
+    only_if { new_resource.license && new_resource.path }
+  end
+end
+
+action :update do
+  converge_if_changed :fingerprint do
+    converge_by('Uploading license') do
+      new_resource.api_client.request(:post, 'system/license', data: new_resource.license, content_type: 'application/octet-stream')
+    end
+  end
+end
+
+action :delete do
+  unless current_resource.nil?
+    converge_by('Unregistering license') do
+      new_resource.api_client.request(:delete, 'system/license')
+    end
+  end
+end
+
+action_class do
+  def whyrun_supported?
+    true
+  end
+end
diff --git a/spec/unit/resource_validation_spec.rb b/spec/unit/resource_validation_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe 'nexus3_resources_test::default' do
-  NON_TESTED_RESOURCES = %w[service_systemd service_windows default service_sysvinit].freeze
+  NON_TESTED_RESOURCES = %w[default license service_systemd service_sysvinit service_windows].freeze
   cached(:chef_run) do
     ::ChefSpec::SoloRunner.new(platform: 'centos', version: CENTOS_VERSION).converge(described_recipe)
   end