Remove admin password reset from license fabrication

bba43d5b · Andrejs Cunskis · 4b0c6a1b · bba43d5b · bba43d5b · bba43d5b
--- a/qa/qa/ce/strategy.rb
+++ b/qa/qa/ce/strategy.rb
@@ -3,49 +3,76 @@
 module QA
  module CE
    module Strategy
-      extend self
+      class << self
+        # Perform global setup
-      # Perform global setup
+        #
-      #
+        # @return [Boolean] returns true if hooks were performed successfully
-      # @return [Boolean] returns true if hooks were performed successfully
+        def perform_before_hooks
-      def perform_before_hooks
+          cache_tokens!
-        if QA::Runtime::Env.admin_personal_access_token.present?
+          log_browser_versions
-          QA::Resource::PersonalAccessTokenCache.set_token_for_username(
-            QA::Runtime::User.admin_username,
+          if Runtime::Env.rspec_retried?
-            QA::Runtime::Env.admin_personal_access_token
+            Runtime::Logger.info('Skipping global hooks due to retry process')
-          )
+            return false
+          end
+          QA::Support::Retrier.retry_on_exception do
+            QA::Runtime::Browser.visit(:gitlab, QA::Page::Main::Login)
+          end
+          # Reset admin password if admin token is present but can't be used due to expired password
+          reset_admin_password!
+          if Runtime::Env.allow_local_requests?
+            Runtime::ApplicationSettings.set_application_settings(
+              allow_local_requests_from_web_hooks_and_services: true
+            )
+          end
+          true
        end
-        if QA::Runtime::Env.personal_access_token.present? && QA::Runtime::Env.user_username.present?
+        private
-          QA::Resource::PersonalAccessTokenCache.set_token_for_username(
-            QA::Runtime::Env.user_username,
+        def cache_tokens!
-            QA::Runtime::Env.personal_access_token
+          if Runtime::Env.admin_personal_access_token.present?
+            Resource::PersonalAccessTokenCache.set_token_for_username(
+              Runtime::User.admin_username,
+              Runtime::Env.admin_personal_access_token
+            )
+          end
+          return unless Runtime::Env.personal_access_token.present? && Runtime::Env.user_username.present?
+          Resource::PersonalAccessTokenCache.set_token_for_username(
+            Runtime::Env.user_username,
+            Runtime::Env.personal_access_token
          )
        end
-        QA::Runtime::Logger.info("Using Browser: #{QA::Runtime::Env.browser}")
+        def log_browser_versions
+          Runtime::Logger.info("Using Browser: #{Runtime::Env.browser}")
+          return unless Runtime::Env.use_selenoid?
-        if QA::Runtime::Env.use_selenoid?
+          Runtime::Logger.info("Using Selenoid Browser version: #{Runtime::Env.selenoid_browser_version}")
-          QA::Runtime::Logger.info("Using Selenoid Browser version: #{QA::Runtime::Env.selenoid_browser_version}")
        end
-        if Runtime::Env.rspec_retried?
+        def reset_admin_password!
-          Runtime::Logger.info('Skipping global hooks due to retry process')
+          return unless Runtime::Env.admin_personal_access_token.present?
-          return false
-        end
-        # The login page could take some time to load the first time it is visited.
+          response = Support::API.get(Runtime::API::Request.new(Runtime::API::Client.as_admin, "/user").url)
-        # We visit the login page and wait for it to properly load only once before the tests.
+          return unless response.code == 403 && response.body.include?("Your password expired")
-        QA::Runtime::Logger.info("Performing sanity check for environment!")
-        QA::Support::Retrier.retry_on_exception do
-          QA::Runtime::Browser.visit(:gitlab, QA::Page::Main::Login)
-        end
-        if QA::Runtime::Env.allow_local_requests?
+          # Mostly issue with gdk where default seeded password for admin user will be expired
-          Runtime::ApplicationSettings.set_application_settings(allow_local_requests_from_web_hooks_and_services: true)
+          Runtime::Logger.warn(
-        end
+            "Admin password must be reset before the configured access token can be used. Setting password now..."
+          )
-        true
+          Runtime::Browser.visit(:gitlab, Page::Main::Login)
+          Page::Main::Login.perform(&:sign_in_using_admin_credentials)
+          Page::Main::Login.perform(&:set_up_new_admin_password_if_required)
+          Page::Main::Menu.perform(&:sign_out_if_signed_in)
+        end
      end
    end
  end

--- a/qa/qa/ee/resource/license.rb
+++ b/qa/qa/ee/resource/license.rb
@@ -40,6 +40,7 @@ def initialize
        end
        def fabricate!
+          QA::Page::Main::Menu.perform(&:sign_out_if_signed_in)
          QA::Page::Main::Login.perform(&:sign_in_using_admin_credentials)
          QA::Page::Main::Menu.perform(&:go_to_admin_area)
          QA::Page::Main::Login.perform(&:set_up_new_admin_password_if_required)
@@ -83,18 +84,8 @@ def fabricate_via_api!
            api_post.tap { QA::Runtime::Logger.info("Successfully added license key. Details:\n#{license_info}") }
          rescue RuntimeError => e
-            unless e.message.include?('Your password expired')
+            QA::Runtime::Logger.error("Following license fabrication failed: #{base_license_info}")
-              QA::Runtime::Logger.error("Following license fabrication failed: #{base_license_info}")
+            raise(e)
-              raise(e)
-            end
-            QA::Runtime::Logger.warn('Admin password must be reset before the default access token can be used. ' \
-                                     'Setting password now...')
-            QA::Page::Main::Login.perform(&:sign_in_using_admin_credentials)
-            QA::Page::Main::Login.perform(&:set_up_new_admin_password_if_required)
-            retry
          end
        end

--- a/qa/qa/ee/strategy.rb
+++ b/qa/qa/ee/strategy.rb
@@ -12,23 +12,20 @@ def perform_before_hooks
        if QA::Runtime::Env.ee_license.present?
          QA::Runtime::Logger.info("Performing initial license fabrication!")
-          QA::Page::Main::Menu.perform(&:sign_out_if_signed_in)
          EE::Resource::License.fabricate! do |resource|
            resource.license = QA::Runtime::Env.ee_license
          end
        end
-        unless QA::Runtime::Env.running_on_dot_com?
+        return if QA::Runtime::Env.running_on_dot_com?
-          QA::Runtime::Logger.info("Disabling sync with External package metadata database")
-          # we can't pass [] here, otherwise it causes a validation error, because the value we pass
-          # must be a valid purl_type. Instead, we pass the `deb` purl_type which is only used for
-          # container scanning advisories, which are not yet supported/ingested, so this is effectively
-          # the same thing as disabling the sync.
-          QA::Runtime::ApplicationSettings.set_application_settings(package_metadata_purl_types: [DEB_PURL_TYPE])
-        end
-        QA::Page::Main::Menu.perform(&:sign_out_if_signed_in)
+        QA::Runtime::Logger.info("Disabling sync with External package metadata database")
+        # we can't pass [] here, otherwise it causes a validation error, because the value we pass
+        # must be a valid purl_type. Instead, we pass the `deb` purl_type which is only used for
+        # container scanning advisories, which are not yet supported/ingested, so this is effectively
+        # the same thing as disabling the sync.
+        QA::Runtime::ApplicationSettings.set_application_settings(package_metadata_purl_types: [DEB_PURL_TYPE])
      end
    end
  end