coder
diff --git a/‎codersdk/deployment.go
Lines changed: 91 additions & 33 deletions b/‎codersdk/deployment.go
Lines changed: 91 additions & 33 deletions
diff --git a/‎enterprise/coderd/coderdenttest/coderdenttest.go
Lines changed: 44 additions & 3 deletions b/‎enterprise/coderd/coderdenttest/coderdenttest.go
Lines changed: 44 additions & 3 deletions
diff --git a/‎enterprise/coderd/license/license.go
Lines changed: 13 additions & 4 deletions b/‎enterprise/coderd/license/license.go
Lines changed: 13 additions & 4 deletions
@@ -45,9 +45,9 @@ func entitlementWeight(e Entitlement) int {
 	case EntitlementGracePeriod:
 		return 1
 	case EntitlementNotEntitled:
-		return 0
-	default:
 		return -1
+	default:
+		return -2
 	}
 }
 
@@ -177,6 +177,91 @@ type Feature struct {
 	Actual      *int64      `json:"actual,omitempty"`
 }
 
+// CompareFeatures compares two features and returns an integer representing
+// if the first feature is greater than, equal to, or less than the second feature.
+// "Greater than" means the first feature has more functionality than the
+// second feature. It is assumed the features are for the same FeatureName.
+//
+// A feature is considered greater than another feature if:
+// - Graceful & capable > Entitled & not capable
+// - The entitlement is greater
+// - The limit is greater
+// - Enabled is greater than disabled
+// - The actual is greater
+func CompareFeatures(a, b Feature) int {
+	if !a.Capable() || !b.Capable() {
+		// If either is incapable, then it is possible a grace period
+		// feature can be "greater" than an entitled.
+		// If either is "NotEntitled" then we can defer to a strict entitlement
+		// check.
+		if entitlementWeight(a.Entitlement) >= 0 && entitlementWeight(b.Entitlement) >= 0 {
+			if a.Capable() && !b.Capable() {
+				return 1
+			}
+			if b.Capable() && !a.Capable() {
+				return -1
+			}
+		}
+	}
+
+	entitlement := CompareEntitlements(a.Entitlement, b.Entitlement)
+	if entitlement > 0 {
+		return 1
+	}
+	if entitlement < 0 {
+		return -1
+	}
+
+	// If the entitlement is the same, then we can compare the limits.
+	if a.Limit == nil && b.Limit != nil {
+		return -1
+	}
+	if a.Limit != nil && b.Limit == nil {
+		return 1
+	}
+	if a.Limit != nil && b.Limit != nil {
+		difference := *a.Limit - *b.Limit
+		if *a.Limit-*b.Limit != 0 {
+			return int(difference)
+		}
+	}
+
+	// Enabled is better than disabled.
+	if a.Enabled && !b.Enabled {
+		return 1
+	}
+	if !a.Enabled && b.Enabled {
+		return -1
+	}
+
+	// Higher actual is better
+	if a.Actual == nil && b.Actual != nil {
+		return -1
+	}
+	if a.Actual != nil && b.Actual == nil {
+		return 1
+	}
+	if a.Actual != nil && b.Actual != nil {
+		difference := *a.Actual - *b.Actual
+		if *a.Actual-*b.Actual != 0 {
+			return int(difference)
+		}
+	}
+
+	return 0
+}
+
+// Capable is a helper function that returns if a given feature has a limit
+// that is greater than or equal to the actual.
+// If this condition is not true, then the feature is not capable of being used
+// since the limit is not high enough.
+func (f Feature) Capable() bool {
+	if f.Limit != nil && f.Actual != nil {
+		return *f.Limit >= *f.Actual
+	}
+	return true
+}
+
 type Entitlements struct {
 	Features         map[FeatureName]Feature `json:"features"`
 	Warnings         []string                `json:"warnings"`
@@ -193,48 +278,21 @@ type Entitlements struct {
 //
 // All features should be added as atomic items, and not merged in any way.
 // Merging entitlements could lead to unexpected behavior, like a larger user
-// limit in grace period merging with a smaller one in a grace period. This could
-// lead to the larger limit being extended as "entitled", which is not correct.
+// limit in grace period merging with a smaller one in an "entitled" state. This
+// could lead to the larger limit being extended as "entitled", which is not correct.
 func (e *Entitlements) AddFeature(name FeatureName, add Feature) {
 	existing, ok := e.Features[name]
 	if !ok {
 		e.Features[name] = add
 		return
 	}
 
-	comparison := CompareEntitlements(add.Entitlement, existing.Entitlement)
-	// If the new entitlement is greater than the existing entitlement, replace it.
-	// The edge case is if the previous entitlement is in a grace period with a
-	// higher value.
-	// TODO: Address the edge case.
+	// Compare the features, keep the one that is "better"
+	comparison := CompareFeatures(add, existing)
 	if comparison > 0 {
 		e.Features[name] = add
 		return
 	}
-
-	// If they have the same entitlement, then we can compare the limits.
-	if comparison == 0 {
-		if add.Limit != nil {
-			if existing.Limit == nil || *add.Limit > *existing.Limit {
-				e.Features[name] = add
-				return
-			}
-		}
-
-		// Enabled is better than disabled.
-		if add.Enabled && !existing.Enabled {
-			e.Features[name] = add
-			return
-		}
-
-		// If the actual value is greater than the existing actual value, replace it.
-		if add.Actual != nil {
-			if existing.Actual == nil || *add.Actual > *existing.Actual {
-				e.Features[name] = add
-				return
-			}
-		}
-	}
 }
 
 func (c *Client) Entitlements(ctx context.Context) (Entitlements, error) {
 
@@ -146,15 +146,55 @@ func NewWithAPI(t *testing.T, options *Options) (
 	return client, provisionerCloser, coderAPI, user
 }
 
+// LicenseOptions is used to generate a license for testing.
+// It supports the builder pattern for easy customization.
 type LicenseOptions struct {
 	AccountType   string
 	AccountID     string
 	DeploymentIDs []string
 	Trial         bool
+	FeatureSet    codersdk.FeatureSet
 	AllFeatures   bool
-	GraceAt       time.Time
-	ExpiresAt     time.Time
-	Features      license.Features
+	// GraceAt is the time at which the license will enter the grace period.
+	GraceAt time.Time
+	// ExpiresAt is the time at which the license will hard expire.
+	// ExpiresAt should always be greater then GraceAt.
+	ExpiresAt time.Time
+	Features  license.Features
+}
+
+func (opts *LicenseOptions) Expired(now time.Time) *LicenseOptions {
+	opts.ExpiresAt = now.Add(time.Hour * 24 * -2)
+	opts.GraceAt = now.Add(time.Hour * 24 * -3)
+	return opts
+}
+
+func (opts *LicenseOptions) GracePeriod(now time.Time) *LicenseOptions {
+	opts.ExpiresAt = now.Add(time.Hour * 24)
+	opts.GraceAt = now.Add(time.Hour * 24 * -1)
+	return opts
+}
+
+func (opts *LicenseOptions) Valid(now time.Time) *LicenseOptions {
+	opts.ExpiresAt = now.Add(time.Hour * 24 * 60)
+	opts.GraceAt = now.Add(time.Hour * 24 * 53)
+	return opts
+}
+
+func (opts *LicenseOptions) UserLimit(limit int64) *LicenseOptions {
+	return opts.Feature(codersdk.FeatureUserLimit, limit)
+}
+
+func (opts *LicenseOptions) Feature(name codersdk.FeatureName, value int64) *LicenseOptions {
+	if opts.Features == nil {
+		opts.Features = license.Features{}
+	}
+	opts.Features[name] = value
+	return opts
+}
+
+func (opts *LicenseOptions) Generate(t *testing.T) string {
+	return GenerateLicense(t, *opts)
 }
 
 // AddFullLicense generates a license with all features enabled.
@@ -195,6 +235,7 @@ func GenerateLicense(t *testing.T, options LicenseOptions) string {
 		Trial:          options.Trial,
 		Version:        license.CurrentVersion,
 		AllFeatures:    options.AllFeatures,
+		FeatureSet:     options.FeatureSet,
 		Features:       options.Features,
 	}
 	tok := jwt.NewWithClaims(jwt.SigningMethodEdDSA, c)
 
@@ -135,6 +135,11 @@ func LicensesEntitlements(
 
 		// Add all features from the feature set defined.
 		for _, featureName := range claims.FeatureSet.Features() {
+			if featureName == codersdk.FeatureUserLimit {
+				// FeatureUserLimit is unique in that it must be specifically defined
+				// in the license. There is no default meaning if no "limit" is set.
+				continue
+			}
 			entitlements.AddFeature(featureName, codersdk.Feature{
 				Entitlement: entitlement,
 				Enabled:     enablements[featureName] || featureName.AlwaysEnable(),
@@ -212,11 +217,15 @@ func LicensesEntitlements(
 	}
 
 	if entitlements.HasLicense {
-		userLimit := entitlements.Features[codersdk.FeatureUserLimit].Limit
-		if userLimit != nil && featureArguments.ActiveUserCount > *userLimit {
+		userLimit := entitlements.Features[codersdk.FeatureUserLimit]
+		if userLimit.Limit != nil && featureArguments.ActiveUserCount > *userLimit.Limit {
 			entitlements.Warnings = append(entitlements.Warnings, fmt.Sprintf(
 				"Your deployment has %d active users but is only licensed for %d.",
-				featureArguments.ActiveUserCount, *userLimit))
+				featureArguments.ActiveUserCount, *userLimit.Limit))
+		} else if userLimit.Limit != nil && userLimit.Entitlement == codersdk.EntitlementGracePeriod {
+			entitlements.Warnings = append(entitlements.Warnings, fmt.Sprintf(
+				"Your deployment has %d active users but the license with the limit %d is expired.",
+				featureArguments.ActiveUserCount, *userLimit.Limit))
 		}
 
 		// Add a warning for every feature that is enabled but not entitled or
@@ -298,7 +307,7 @@ type Claims struct {
 	FeatureSet    codersdk.FeatureSet `json:"feature_set"`
 	// AllFeatures represents 'FeatureSet = FeatureSetEnterprise'
 	// Deprecated: AllFeatures is deprecated in favor of FeatureSet.
-	AllFeatures      bool     `json:"all_features"`
+	AllFeatures      bool     `json:"all_features,omitempty"`
 	Version          uint64   `json:"version"`
 	Features         Features `json:"features"`
 	RequireTelemetry bool     `json:"require_telemetry,omitempty"`