feat: adapt license for poc (#3594)

* support free license for admin user

.gitignore

@@ -20,3 +20,4 @@ vendor
 .vscode/
 pkg/registry/save/testdata/registry
 .dummy.report.md
+deploy/cloud/tars

controllers/licenseissuer/deploy/Kubefile

@@ -7,10 +7,10 @@ COPY manifests manifests
 
 ENV canConnectToExternalNetwork "true"
 ENV enableMonitor "true"
-ENV CollectorURL "https://license.sealos.io/collector",
-ENV NotificationURL "https://license.sealos.io/notify",
-ENV RegisterURL "https://license.sealos.io/register",
-ENV CloudSyncURL "https://license.sealos.io/datasync",
+ENV CollectorURL "https://license.sealos.io/collector"
+ENV NotificationURL "https://license.sealos.io/notify"
+ENV RegisterURL "https://license.sealos.io/register"
+ENV CloudSyncURL "https://license.sealos.io/datasync"
 ENV LicenseMonitorURL "https://license.sealos.io/license"
 
 CMD ["kubectl apply -f manifests/customconfig.yaml -f manifests/deploy.yaml"]

controllers/licenseissuer/deploy/manifests/customconfig.yaml.tmpl

@@ -11,13 +11,29 @@ apiVersion: v1
 data:
   config.json: |
     {
-      "CollectorURL": {{ .CollectorURL }},
-      "NotificationURL": {{ .NotificationURL }},
-      "RegisterURL": {{ .RegisterURL }},
-      "CloudSyncURL": {{ .CloudSyncURL }},
-      "LicenseMonitorURL": {{ .LicenseMonitorURL }}
+      "CollectorURL": "{{ .CollectorURL }}",
+      "NotificationURL": "{{ .NotificationURL }}",
+      "RegisterURL": "{{ .RegisterURL }}",
+      "CloudSyncURL": "{{ .CloudSyncURL }}",
+      "LicenseMonitorURL": "{{ .LicenseMonitorURL }}"
     }
 kind: ConfigMap
 metadata:
   name: url-config
   namespace: sealos-system
+---
+apiVersion: v1
+data: null
+kind: ConfigMap
+metadata:
+  name: license-history
+  namespace: sealos-system
+---
+apiVersion: infostream.sealos.io/v1
+kind: Launcher
+metadata:
+  name: launcher
+  namespace: sealos-system
+spec:
+  description: This YAML file is responsible for launching the entire cloud module.
+  name: Cloud-Launcher

controllers/licenseissuer/deploy/manifests/deploy.yaml

@@ -583,7 +583,7 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 64Mi
           requests:
             cpu: 5m
             memory: 64Mi
@@ -629,7 +629,7 @@ spec:
             memory: 1024Mi
           requests:
             cpu: 10m
-            memory: 512Mi
+            memory: 128Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

controllers/licenseissuer/internal/controller/license_controller.go

@@ -19,7 +19,6 @@ package controller
 import (
 	"context"
 	"os"
-	"time"
 
 	"github.com/go-logr/logr"
 	accountv1 "github.com/labring/sealos/controllers/account/api/v1"
@@ -128,27 +127,15 @@ func (r *LicenseReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	} else {
 		payload, ok = issuer.LicenseCheckOnInternalNetwork(license)
 	}
+
 	// pre-check for license
 	if !ok {
 		pack := issuer.NewNotificationPackage(issuer.LicenseNoticeTitle, issuer.SEALOS, issuer.InvalidLicenseMessage)
 		issuer.SubmitNotificationWithUser(ctx, r.Client, req.Namespace, pack)
 		r.logger.Info("invalid license")
 		return ctrl.Result{}, r.Client.Delete(ctx, &license)
 	}
-	// check license creat time
-	creatTime, err := issuer.InterfaceToInt64(payload[issuer.CreatTimeField])
-	if err != nil {
-		r.logger.Error(err, "failed to convert license creat time")
-		pack := issuer.NewNotificationPackage(issuer.LicenseNoticeTitle, issuer.SEALOS, issuer.InvalidLicenseMessage)
-		issuer.SubmitNotificationWithUser(ctx, r.Client, req.Namespace, pack)
-		return ctrl.Result{}, r.Client.Delete(ctx, &license)
-	}
-	if time.Unix(creatTime, 0).Add(issuer.LicenseLifetime).Before(time.Now()) {
-		pack := issuer.NewNotificationPackage(issuer.LicenseNoticeTitle, issuer.SEALOS, issuer.ExpiredLicenseMessage)
-		issuer.SubmitNotificationWithUser(ctx, r.Client, req.Namespace, pack)
-		r.logger.Info("expired license")
-		return ctrl.Result{}, r.Client.Delete(ctx, &license)
-	}
+
 	// recharge
 	(&issuer.WriteEventBuilder{}).WithCallback(func() error {
 		if !issuer.ContainsFields(payload, issuer.AmountField) {

controllers/pkg/crypto/crypto_test.go

@@ -8,7 +8,7 @@ import (
 	v1 "github.com/labring/sealos/controllers/licenseissuer/api/v1"
 )
 
-const Token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJTZWFsb3MiLCJpYXQiOjE2ODkxNDYyOTAsImFtdCI6NTAwMCwibm9kIjoxLCJ0dGUiOjMwfQ.lj1IYb_6vvWfYiLhm3DRpjAu4E3SsjWR9TA09ynB09HXx5Qa3FNXSE-kmpccjhn-lZd0miDwAEVxLDLNhFCGnrqMsSCAlwIK_ymoCSlNFntYAIMRU-uF6eu6JMc44Ol6eR2MlOdklYsfj0lxEwEG55uTIZGfMcHjJapGr4J0ONsloMYGn-eqEjLv3gXzNc5IsNWkRzDyLnK1IbuQo7pXo3yGcR7TQZn5cvOm03xU-jvCaYrl-MDhTbRnJ2XPTqgrtQxgspjApk6gvWKIfZTLY78e4QHFMiv36cdHXLvvvXO5eC8ImVenrjbNeHofP9_OsqbrVaiydc9aj3tHWbqYSQ"
+const Token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJTZWFsb3MiLCJpYXQiOjE2OTA0NDU5NjIsImFtdCI6MjAwMH0.ZzZfPRbNiNvRBLMn5FGJeKitRPHmUHZ1qvnGdJUIbIH1L5mQ4yECzvvsa5S8-OTqF6HXmrw9QmFcQOjoz5GpqjqrqXdH2H-JDXFGNNAib2J9UmLFmtV1BVm3zReucfK-bOY5NiWOr5wplEVwkoUKNPHLY5Mw142y9J62vELE-XW-hb3xcmWjLTPVRYgMqk0KEi7Z7cQ_rS0QgJh1Rqb2WS6AKz2ILE5J8XUhhhUva0nCEyLzE-I8oZtV6kugQy8YjWI-SjfneFOLI8-Pg40vry6DZZ-_J_9QmjkUlZx0YNMRiRA5yg2yWeMEzVnam9L310TJgu6Od-bEUijsfOcZyw"
 const Key = "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFvbFBTSzB0UjFKeDZtb25lL2ppeApSWGN6UGlxcU5SSXRmdW1mdWNyNGMxc2dqdlJha0NwcWtDU21lMTR1akJkU0x6QlZzRjkvUWl0UnFNb2NvaEN1CkJ6R25EQ29hWnZXbWVHeE96NEZSejVTeUg1QTlDa3dnbUEzYnFnMWxKSEZTMlZyVjVHVFhFWnphZTZtRmhHOVcKenJMTnpZMlptYTMzOVE1WTNJSDZ6RXIrcTRQbTZDOXBHVGpsSnVodlRvb0dSY2w0bmpZRXc2eHB6ZHZrdi9uSApmZmxsWGZVNDNyRGdQaGkwZDRjWnNuTUJlazUxQkNiRFRuSHlNVFdGT1RoTjc1VVM0bzJxRm9JSEhsM0N0RzE4ClZIZEdRSE1IR0dYcGN3bVhhck1EQndwVWFOSk9kMkhjTTB5dlZEY2xDZzRITkIwVUFWeFNweFlRV3BwNWJzN2gKbHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=="
 
 func TestIsLicenseValid(t *testing.T) {

deploy/cloud/manifests/admin-user.yaml

@@ -0,0 +1,6 @@
+apiVersion: user.sealos.io/v1
+kind: User
+metadata:
+  name: admin
+spec:
+  csrExpirationSeconds: 7200

deploy/cloud/manifests/free-license.yaml

@@ -0,0 +1,8 @@
+apiVersion: infostream.sealos.io/v1
+kind: License
+metadata:
+  name: license
+spec:
+  uid: admin
+  # nosemgrep: generic.secrets.security.detected-jwt-token.detected-jwt-token
+  token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJTZWFsb3MiLCJpYXQiOjE2OTA0NDU5NjIsImFtdCI6MjAwMH0.ZzZfPRbNiNvRBLMn5FGJeKitRPHmUHZ1qvnGdJUIbIH1L5mQ4yECzvvsa5S8-OTqF6HXmrw9QmFcQOjoz5GpqjqrqXdH2H-JDXFGNNAib2J9UmLFmtV1BVm3zReucfK-bOY5NiWOr5wplEVwkoUKNPHLY5Mw142y9J62vELE-XW-hb3xcmWjLTPVRYgMqk0KEi7Z7cQ_rS0QgJh1Rqb2WS6AKz2ILE5J8XUhhhUva0nCEyLzE-I8oZtV6kugQy8YjWI-SjfneFOLI8-Pg40vry6DZZ-_J_9QmjkUlZx0YNMRiRA5yg2yWeMEzVnam9L310TJgu6Od-bEUijsfOcZyw"

deploy/cloud/scripts/init.sh

@@ -56,6 +56,29 @@ function sealos_run_controller {
   --env enableMonitor="true" 
 }
 
+function sealos_authorize {
+    echo "start to authorize sealos"
+    echo "create admin-user"
+    # create admin-user
+    kubectl apply -f manifests/admin-user.yaml
+    # wait for admin-user ready
+    echo "waiting for admin-user generated"
+    while true; do
+        if kubectl get namespace ns-admin >/dev/null 2>&1 && kubectl get accounts.account.sealos.io admin -n sealos-system >/dev/null 2>&1; then
+            break
+        else
+            echo "waiting for preset admin-user to be created..."
+            sleep 3
+        fi
+    done
+    # issue license for admin-user
+    echo "license issue for admin-user"
+
+    # issue license for admin-user
+    echo "license issue for admin-user"
+    kubectl apply -f manifests/free-license.yaml
+}
+
 function gen_mongodbUri() {
   # if mongodbUri is empty then create mongodb and gen mongodb uri
   if [ -z "$mongodbUri" ]; then
@@ -132,9 +155,12 @@ function install {
 
   # sealos run controllers
   sealos_run_controller
-
+  
   # sealos run frontends
   sealos_run_frontend
+
+  # sealos authorize
+  sealos_authorize
 }
 
 install