Merge branch...

Merge branch 'mwaw/check_if_code_suggestion_subscription_is_active_in_xray_scan_endpoint' into 'master' XRay Scan endpoint scope subscription to active See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144480 Merged-by: Vitali Tatarintev <vtatarintev@gitlab.com> Approved-by: Allen Cook <acook@gitlab.com> Approved-by: Vitali Tatarintev <vtatarintev@gitlab.com> Co-authored-by: Mikolaj Wawrzyniak <mwawrzyniak@gitlab.com>

Merge branch...
29bbc318 · Vitali Tatarintev · GitLab · 6be27a0e · 23717cd7 · 29bbc318
--- a/ee/lib/api/internal/ai/x_ray/scan.rb
+++ b/ee/lib/api/internal/ai/x_ray/scan.rb
@@ -48,6 +48,7 @@ def code_suggestions_add_on?
                ::GitlabSubscriptions::AddOnPurchase
                  .for_code_suggestions
                  .by_namespace_id(current_namespace.id)
+                  .active
                  .any?
              else
                current_namespace.namespace_settings.code_suggestions?

--- a/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb
+++ b/ee/spec/requests/api/internal/ai/x_ray/scan_spec.rb
@@ -259,7 +259,7 @@
    end

    context 'when on SaaS instance', :saas do
-      before_all { create(:gitlab_subscription_add_on_purchase, namespace: namespace) }
+      let_it_be(:code_suggestion_add_on) { create(:gitlab_subscription_add_on, :code_suggestions) }

      let(:gitlab_realm) { "saas" }
      let(:namespace_workhorse_headers) do
@@ -268,6 +268,15 @@
        }
      end

+      before_all do
+        create(
+          :gitlab_subscription_add_on_purchase,
+          :active,
+          add_on: code_suggestion_add_on,
+          namespace: namespace
+        )
+      end
+
      before do
        allow_next_instance_of(::CloudConnector::AccessService) do |instance|
          allow(instance).to receive(:access_token).and_return(ai_gateway_token)
@@ -307,8 +316,36 @@

        it_behaves_like 'successful send request via workhorse'

+        context 'when add on subscription is expired' do
+          let(:namespace_without_expired_ai_access) { create(:group) }
+          let(:job_without_ai_access) { create(:ci_build, :running, namespace: namespace_without_expired_ai_access) }
+          let(:api_url) { "/internal/jobs/#{job_without_ai_access.id}/x_ray/scan" }
+
+          let(:params) do
+            {
+              token: job_without_ai_access.token,
+              prompt_components: [{ payload: "test" }]
+            }
+          end
+
+          before do
+            create(
+              :gitlab_subscription_add_on_purchase,
+              :expired,
+              add_on: code_suggestion_add_on,
+              namespace: namespace_without_expired_ai_access
+            )
+          end
+
+          it 'returns UNAUTHORIZED status' do
+            post_api
+
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+
        context 'when job does not have AI access' do
-          let(:namespace_without_ai_access) { create(:namespace_settings, code_suggestions: true).namespace }
+          let(:namespace_without_ai_access) { create(:group) }
          let(:job_without_ai_access) { create(:ci_build, :running, namespace: namespace_without_ai_access) }
          let(:api_url) { "/internal/jobs/#{job_without_ai_access.id}/x_ray/scan" }