[licenses] resolve license for private:true packages (#17537)

* [licenses] resolve license for private:true packages

* [licenses] remove outdated test

* [licenses] fix test

.gitignore

@@ -5,6 +5,7 @@
 .DS_Store
 .node_binaries
 node_modules
+!/tasks/lib/packages/__tests__/fixtures/fixture1/node_modules
 trash
 /optimize
 target
@@ -26,7 +27,7 @@ target
 disabledPlugins
 webpackstats.json
 /config/*
-/!config/kibana.yml
+!/config/kibana.yml
 coverage
 selenium
 .babelcache.json

tasks/lib/licenses/__tests__/valid.js

@@ -15,16 +15,6 @@ const PACKAGE = {
   relative: 'node_modules/@elastic/httpolyglot',
 };
 
-const INTERNAL_PACKAGE = {
-  name: '@kbn/internal',
-  version: '1.0.0',
-  // `license-checker` marks `private: true` packages as "unlicensed" _even_ if
-  // you add a `license` field to its `package.json`
-  licenses: ['UNLICENSED'],
-  directory: resolve(ROOT, 'packages/kbn-internal'),
-  relative: 'packages/kbn-internal',
-};
-
 describe('tasks/lib/licenses', () => {
   describe('assertLicensesValid()', () => {
     it('returns undefined when package has valid license', () => {
@@ -34,13 +24,6 @@ describe('tasks/lib/licenses', () => {
       })).to.be(undefined);
     });
 
-    it('returns undefined if internal package that is marked as "UNLICENSED"', () => {
-      expect(assertLicensesValid({
-        packages: [INTERNAL_PACKAGE],
-        validLicenses: ['MIT', 'Apache-2.0']
-      })).to.be(undefined);
-    });
-
     it('throw an error when the packages license is invalid', () => {
       expect(() => {
         assertLicensesValid({

tasks/lib/licenses/valid.js

@@ -33,20 +33,11 @@ export function assertLicensesValid(options = {}) {
     licenses.filter(license => !validLicenses.includes(license))
   );
 
-  // If a package is not located in `node_modules`, we know it's a package from
-  // within the Kibana repo. The reason we need to exclude these when checking
-  // for valid licenses , is that our `license-checker` dependency marks all
-  // packages that have `private: true` in their `package.json` as "UNLICENSED".
-  const isInternalPackage = pkg => (
-    !pkg.relative.includes('node_modules/')
-  );
-
   const isPackageInvalid = pkg => (
     !pkg.licenses.length || getInvalid(pkg.licenses).length > 0
   );
 
   const invalidMsgs = packages
-    .filter(pkg => !isInternalPackage(pkg))
     .filter(isPackageInvalid)
     .map(describeInvalidLicenses(getInvalid));
 

tasks/lib/packages/__tests__/fixtures/fixture1/node_modules/privatedep/index.js

@@ -0,0 +1 @@
+console.log('I am dep 1');

tasks/lib/packages/__tests__/fixtures/fixture1/node_modules/privatedep/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "privatedep",
+  "version": "0.0.2",
+  "license": "Apache-2.0",
+  "private": true,
+  "repository": {
+    "type": "git",
+    "url": "http://github.com/mycorp/privatedep.git"
+  }
+}

tasks/lib/packages/__tests__/fixtures/fixture1/package.json

@@ -3,6 +3,7 @@
   "version": "0.0.1",
   "license": "MIT",
   "dependencies": {
-    "dep1": "0.0.2"
+    "dep1": "0.0.2",
+    "privatedep": "0.0.2"
   }
 }

tasks/lib/packages/__tests__/installed_packages.js

@@ -43,6 +43,14 @@ describe('tasks/lib/packages', () => {
           repository: 'https://github.com/mycorp/dep1',
           directory: resolve(FIXTURE1_ROOT, 'node_modules/dep1'),
           relative: 'node_modules/dep1',
+        },
+        {
+          name: 'privatedep',
+          version: '0.0.2',
+          repository: 'https://github.com/mycorp/privatedep',
+          licenses: [ 'Apache-2.0' ],
+          directory: resolve(FIXTURE1_ROOT, 'node_modules/privatedep'),
+          relative: 'node_modules/privatedep'
         }
       ]);
     });

tasks/lib/packages/installed_packages.js

@@ -1,7 +1,37 @@
-import { relative } from 'path';
+import { relative, resolve } from 'path';
+import { readFileSync } from 'fs';
 
 import { callLicenseChecker } from './license_checker';
 
+function resolveLicense(licenseInfo, key, licenseOverrides) {
+  const {
+    private: isPrivate,
+    licenses: detectedLicenses,
+    realPath,
+  } = licenseInfo[key];
+
+  // `license-checker` marks all packages that have `private: true`
+  // in their `package.json` as "UNLICENSED", so we try to lookup the
+  // actual license by reading the license field from their package.json
+  if (isPrivate && detectedLicenses === 'UNLICENSED') {
+    try {
+      const pkg = JSON.parse(readFileSync(resolve(realPath, 'package.json')));
+      if (!pkg.license) {
+        throw new Error('no license field');
+      }
+      return [pkg.license];
+    } catch (error) {
+      throw new Error(`Unable to detect license for \`"private": true\` package at ${realPath}: ${error.message}`);
+    }
+  }
+
+  return [].concat(
+    licenseOverrides[key]
+      ? licenseOverrides[key]
+      : detectedLicenses
+  );
+}
+
 /**
  *  Get a list of objects with details about each installed
  *  NPM package.
@@ -32,17 +62,9 @@ export async function getInstalledPackages(options = {}) {
       const keyParts = key.split('@');
       const name = keyParts.slice(0, -1).join('@');
       const version = keyParts[keyParts.length - 1];
-      const {
-        licenses: detectedLicenses,
-        realPath,
-        repository
-      } = licenseInfo[key];
 
-      const licenses = [].concat(
-        licenseOverrides[key]
-          ? licenseOverrides[key]
-          : detectedLicenses
-      );
+      const licenses = resolveLicense(licenseInfo, key, licenseOverrides);
+      const { realPath, repository } = licenseInfo[key];
 
       return {
         name,