Merge branch 'revert-7790ae68' into 'master'

Remove admin password reset from license fabrication See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167131 Merged-by: Tiffany Rea <trea@gitlab.com> Approved-by: Tiffany Rea <trea@gitlab.com> Co-authored-by: Andrejs Cunskis <acunskis@gitlab.com>

Merge branch 'revert-7790ae68' into 'master'
cf542a2f · Tiffany Rea · GitLab · 5d534163 · bba43d5b · cf542a2f
--- a/qa/qa/ce/strategy.rb
+++ b/qa/qa/ce/strategy.rb
@@ -3,49 +3,76 @@
 module QA
  module CE
    module Strategy
-      extend self
-
-      # Perform global setup
-      #
-      # @return [Boolean] returns true if hooks were performed successfully
-      def perform_before_hooks
-        if QA::Runtime::Env.admin_personal_access_token.present?
-          QA::Resource::PersonalAccessTokenCache.set_token_for_username(
-            QA::Runtime::User.admin_username,
-            QA::Runtime::Env.admin_personal_access_token
-          )
+      class << self
+        # Perform global setup
+        #
+        # @return [Boolean] returns true if hooks were performed successfully
+        def perform_before_hooks
+          cache_tokens!
+          log_browser_versions
+
+          if Runtime::Env.rspec_retried?
+            Runtime::Logger.info('Skipping global hooks due to retry process')
+            return false
+          end
+
+          QA::Support::Retrier.retry_on_exception do
+            QA::Runtime::Browser.visit(:gitlab, QA::Page::Main::Login)
+          end
+
+          # Reset admin password if admin token is present but can't be used due to expired password
+          reset_admin_password!
+
+          if Runtime::Env.allow_local_requests?
+            Runtime::ApplicationSettings.set_application_settings(
+              allow_local_requests_from_web_hooks_and_services: true
+            )
+          end
+
+          true
        end

-        if QA::Runtime::Env.personal_access_token.present? && QA::Runtime::Env.user_username.present?
-          QA::Resource::PersonalAccessTokenCache.set_token_for_username(
-            QA::Runtime::Env.user_username,
-            QA::Runtime::Env.personal_access_token
+        private
+
+        def cache_tokens!
+          if Runtime::Env.admin_personal_access_token.present?
+            Resource::PersonalAccessTokenCache.set_token_for_username(
+              Runtime::User.admin_username,
+              Runtime::Env.admin_personal_access_token
+            )
+          end
+
+          return unless Runtime::Env.personal_access_token.present? && Runtime::Env.user_username.present?
+
+          Resource::PersonalAccessTokenCache.set_token_for_username(
+            Runtime::Env.user_username,
+            Runtime::Env.personal_access_token
          )
        end

-        QA::Runtime::Logger.info("Using Browser: #{QA::Runtime::Env.browser}")
+        def log_browser_versions
+          Runtime::Logger.info("Using Browser: #{Runtime::Env.browser}")
+          return unless Runtime::Env.use_selenoid?

-        if QA::Runtime::Env.use_selenoid?
-          QA::Runtime::Logger.info("Using Selenoid Browser version: #{QA::Runtime::Env.selenoid_browser_version}")
+          Runtime::Logger.info("Using Selenoid Browser version: #{Runtime::Env.selenoid_browser_version}")
        end

-        if Runtime::Env.rspec_retried?
-          Runtime::Logger.info('Skipping global hooks due to retry process')
-          return false
-        end
+        def reset_admin_password!
+          return unless Runtime::Env.admin_personal_access_token.present?

-        # The login page could take some time to load the first time it is visited.
-        # We visit the login page and wait for it to properly load only once before the tests.
-        QA::Runtime::Logger.info("Performing sanity check for environment!")
-        QA::Support::Retrier.retry_on_exception do
-          QA::Runtime::Browser.visit(:gitlab, QA::Page::Main::Login)
-        end
+          response = Support::API.get(Runtime::API::Request.new(Runtime::API::Client.as_admin, "/user").url)
+          return unless response.code == 403 && response.body.include?("Your password expired")

-        if QA::Runtime::Env.allow_local_requests?
-          Runtime::ApplicationSettings.set_application_settings(allow_local_requests_from_web_hooks_and_services: true)
-        end
+          # Mostly issue with gdk where default seeded password for admin user will be expired
+          Runtime::Logger.warn(
+            "Admin password must be reset before the configured access token can be used. Setting password now..."
+          )

-        true
+          Runtime::Browser.visit(:gitlab, Page::Main::Login)
+          Page::Main::Login.perform(&:sign_in_using_admin_credentials)
+          Page::Main::Login.perform(&:set_up_new_admin_password_if_required)
+          Page::Main::Menu.perform(&:sign_out_if_signed_in)
+        end
      end
    end
  end

--- a/qa/qa/ee/resource/license.rb
+++ b/qa/qa/ee/resource/license.rb
@@ -40,6 +40,7 @@ def initialize
        end

        def fabricate!
+          QA::Page::Main::Menu.perform(&:sign_out_if_signed_in)
          QA::Page::Main::Login.perform(&:sign_in_using_admin_credentials)
          QA::Page::Main::Menu.perform(&:go_to_admin_area)
          QA::Page::Main::Login.perform(&:set_up_new_admin_password_if_required)
@@ -83,18 +84,8 @@ def fabricate_via_api!

            api_post.tap { QA::Runtime::Logger.info("Successfully added license key. Details:\n#{license_info}") }
          rescue RuntimeError => e
-            unless e.message.include?('Your password expired')
-              QA::Runtime::Logger.error("Following license fabrication failed: #{base_license_info}")
-              raise(e)
-            end
-
-            QA::Runtime::Logger.warn('Admin password must be reset before the default access token can be used. ' \
-                                     'Setting password now...')
-
-            QA::Page::Main::Login.perform(&:sign_in_using_admin_credentials)
-            QA::Page::Main::Login.perform(&:set_up_new_admin_password_if_required)
-
-            retry
+            QA::Runtime::Logger.error("Following license fabrication failed: #{base_license_info}")
+            raise(e)
          end
        end


--- a/qa/qa/ee/strategy.rb
+++ b/qa/qa/ee/strategy.rb
@@ -12,23 +12,20 @@ def perform_before_hooks

        if QA::Runtime::Env.ee_license.present?
          QA::Runtime::Logger.info("Performing initial license fabrication!")
-          QA::Page::Main::Menu.perform(&:sign_out_if_signed_in)

          EE::Resource::License.fabricate! do |resource|
            resource.license = QA::Runtime::Env.ee_license
          end
        end

-        unless QA::Runtime::Env.running_on_dot_com?
-          QA::Runtime::Logger.info("Disabling sync with External package metadata database")
-          # we can't pass [] here, otherwise it causes a validation error, because the value we pass
-          # must be a valid purl_type. Instead, we pass the `deb` purl_type which is only used for
-          # container scanning advisories, which are not yet supported/ingested, so this is effectively
-          # the same thing as disabling the sync.
-          QA::Runtime::ApplicationSettings.set_application_settings(package_metadata_purl_types: [DEB_PURL_TYPE])
-        end
+        return if QA::Runtime::Env.running_on_dot_com?

-        QA::Page::Main::Menu.perform(&:sign_out_if_signed_in)
+        QA::Runtime::Logger.info("Disabling sync with External package metadata database")
+        # we can't pass [] here, otherwise it causes a validation error, because the value we pass
+        # must be a valid purl_type. Instead, we pass the `deb` purl_type which is only used for
+        # container scanning advisories, which are not yet supported/ingested, so this is effectively
+        # the same thing as disabling the sync.
+        QA::Runtime::ApplicationSettings.set_application_settings(package_metadata_purl_types: [DEB_PURL_TYPE])
      end
    end
  end