Skip to content

Commit

Permalink
[cherry-pick] Update license verifier to v0.8.0 (#868)
Browse files Browse the repository at this point in the history 
/cherry-pick

Signed-off-by: Tamal Saha <tamal@appscode.com>

Co-authored-by: Tamal Saha <tamal@appscode.com>
  • Loading branch information
@1gtm @tamalsaha
1gtm and tamalsaha committed Apr 7, 2021
1 parent e8cdd17 commit cf982cc
Show file tree
Hide file tree
Showing 9 changed files with 54 additions and 31 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Expand Up @@ -9,7 +9,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/sergi/go-diff v1.1.0 // indirect
github.com/spf13/cobra v1.1.1
go.bytebuilders.dev/license-verifier/kubernetes v0.7.1
go.bytebuilders.dev/license-verifier/kubernetes v0.8.0
gomodules.xyz/pointer v0.0.0-20201105071923-daf60fa55209
gomodules.xyz/x v0.0.0-20201105065653-91c568df6331
k8s.io/api v0.18.9
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Expand Up @@ -775,10 +775,10 @@ github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3Ifn
github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
github.com/yudai/pp v2.0.1+incompatible h1:Q4//iY4pNF6yPLZIigmvcl7k/bPgrcTPIFIcmawg5bI=
github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
go.bytebuilders.dev/license-verifier v0.7.1 h1:ea2HO0Qfu/Li6lR5ZFs0E0uPDwFW4NZGszX5NSRhLio=
go.bytebuilders.dev/license-verifier v0.7.1/go.mod h1:N7fJxdaBJQ9seOGFg+trJQ3eWwy/ga6YZi0wlvdDQi0=
go.bytebuilders.dev/license-verifier/kubernetes v0.7.1 h1:JogI0Y+MQRIdQd0fH9uFtJuimrOgwThAbl9mfxyF0DM=
go.bytebuilders.dev/license-verifier/kubernetes v0.7.1/go.mod h1:92LIvidYIGntnkUJJKjRH3s6qdgyiHRZFeBd14Efl3c=
go.bytebuilders.dev/license-verifier v0.8.0 h1:lLnz+v65UuHcpMuWRiINDOI+HmwETNehtjm44+dauMo=
go.bytebuilders.dev/license-verifier v0.8.0/go.mod h1:N7fJxdaBJQ9seOGFg+trJQ3eWwy/ga6YZi0wlvdDQi0=
go.bytebuilders.dev/license-verifier/kubernetes v0.8.0 h1:RyXeFcib/Mr6dwyeSCkvpX8u+696CWXnH3FYXCEYdxs=
go.bytebuilders.dev/license-verifier/kubernetes v0.8.0/go.mod h1:xyLTXiI5SEefYKQSNq/ozFpJChwb2Xp+8x4SMJ9180Q=
go.elastic.co/apm v1.5.0/go.mod h1:OdB9sPtM6Vt7oz3VXt7+KR96i9li74qrxBGHTQygFvk=
go.elastic.co/apm/module/apmhttp v1.5.0/go.mod h1:1FbmNuyD3ddauwzgVwFB0fqY6KbZt3JkV187tGCYYhY=
go.elastic.co/apm/module/apmot v1.5.0/go.mod h1:d2KYwhJParTpyw2WnTNy8geNlHKKFX+4oK3YLlsesWE=
Expand Down
3 changes: 2 additions & 1 deletion vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/types.go
View file
Expand Up @@ -27,7 +27,8 @@ type License struct {
metav1.TypeMeta `json:",inline,omitempty"`

Issuer string `json:"issuer,omitempty"` // byte.builders
Products []string `json:"products,omitempty"`
Features []string `json:"features,omitempty"`
PlanName string `json:"planName,omitempty"`
Clusters []string `json:"clusters,omitempty"` // cluster_id ?
User *User `json:"user,omitempty"`
NotBefore *metav1.Time `json:"notBefore,omitempty"` // start of subscription start
Expand Down
4 changes: 2 additions & 2 deletions vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/go.bytebuilders.dev/license-verifier/info/lib.go
View file
Expand Up @@ -25,7 +25,7 @@ var (
ProductOwnerName string
ProductOwnerUID string

ProductName string
ProductName string // This has been renamed to Features
ProductUID string
)

Expand Down
2 changes: 1 addition & 1 deletion vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod
View file
Expand Up @@ -4,7 +4,7 @@ go 1.14

require (
github.com/gogo/protobuf v1.3.1
go.bytebuilders.dev/license-verifier v0.7.1
go.bytebuilders.dev/license-verifier v0.8.0
k8s.io/api v0.18.9
k8s.io/apimachinery v0.18.9
k8s.io/apiserver v0.18.9
Expand Down
28 changes: 17 additions & 11 deletions vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go
View file
Expand Up @@ -73,8 +73,8 @@ func NewLicenseEnforcer(config *rest.Config, licenseFile string) *LicenseEnforce
licenseFile: licenseFile,
config: config,
opts: &verifier.Options{
CACert: []byte(info.LicenseCA),
ProductName: info.ProductName,
CACert: []byte(info.LicenseCA),
Features: info.ProductName,
},
}
}
Expand Down Expand Up @@ -110,9 +110,15 @@ func (le *LicenseEnforcer) podName() (string, error) {

func (le *LicenseEnforcer) handleLicenseVerificationFailure(licenseErr error) error {
// Send interrupt so that all go-routines shut-down gracefully
// https://pracucci.com/graceful-shutdown-of-kubernetes-pods.html
// https://linuxhandbook.com/sigterm-vs-sigkill/
// https://pracucci.com/graceful-shutdown-of-kubernetes-pods.html
//nolint:errcheck
defer func() {
_ = syscall.Kill(syscall.Getpid(), syscall.SIGINT)
// Need to send signal twice because
// we catch the first INT/TERM signal
// ref: https://github.com/kubernetes/apiserver/blob/8d97c871d91c75b81b8b4c438f4dd1eaa7f35052/pkg/server/signal.go#L47-L51
_ = syscall.Kill(syscall.Getpid(), syscall.SIGTERM)
time.Sleep(30 * time.Second)
_ = syscall.Kill(syscall.Getpid(), syscall.SIGKILL)
}()
Expand Down Expand Up @@ -220,8 +226,8 @@ func VerifyLicensePeriodically(config *rest.Config, licenseFile string, stopCh <
licenseFile: licenseFile,
config: config,
opts: &verifier.Options{
CACert: []byte(info.LicenseCA),
ProductName: info.ProductName,
CACert: []byte(info.LicenseCA),
Features: info.ProductName,
},
}
// Create Kubernetes client
Expand Down Expand Up @@ -271,8 +277,8 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error {
licenseFile: licenseFile,
config: config,
opts: &verifier.Options{
CACert: []byte(info.LicenseCA),
ProductName: info.ProductName,
CACert: []byte(info.LicenseCA),
Features: info.ProductName,
},
}
// Create Kubernetes client
Expand All @@ -299,8 +305,8 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error {
return nil
}

// CheckLicenseEndpoint verifies whether the provided api server has a valid license is valid for products.
func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, products []string) error {
// CheckLicenseEndpoint verifies whether the provided api server has a valid license is valid for features.
func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, features []string) error {
aggrClient, err := clientset.NewForConfig(config)
if err != nil {
return err
Expand Down Expand Up @@ -350,8 +356,8 @@ func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, products [
return fmt.Errorf("license %s is not active, status: %s, reason: %s", license.ID, license.Status, license.Reason)
}

if !sets.NewString(license.Products...).HasAny(products...) {
return fmt.Errorf("license %s is not valid for products %q", license.ID, strings.Join(products, ","))
if !sets.NewString(license.Features...).HasAny(features...) {
return fmt.Errorf("license %s is not valid for products %q", license.ID, strings.Join(features, ","))
}
return nil
}
32 changes: 24 additions & 8 deletions vendor/go.bytebuilders.dev/license-verifier/lib.go
View file
Expand Up @@ -31,10 +31,10 @@ import (
)

type Options struct {
ClusterUID string `json:"clusterUID"`
ProductName string `json:"productName"`
CACert []byte `json:"caCert,omitempty"`
License []byte `json:"license"`
ClusterUID string `json:"clusterUID"`
Features string `json:"features"`
CACert []byte `json:"caCert,omitempty"`
License []byte `json:"license"`
}

func VerifyLicense(opts *Options) (v1alpha1.License, error) {
Expand Down Expand Up @@ -84,7 +84,23 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) {
NotBefore: &metav1.Time{Time: cert.NotBefore},
NotAfter: &metav1.Time{Time: cert.NotAfter},
ID: cert.SerialNumber.String(),
Products: cert.Subject.Organization,
Features: cert.Subject.Organization,
}
if len(cert.Subject.OrganizationalUnit) > 0 {
license.PlanName = cert.Subject.OrganizationalUnit[0]
} else {
// old certificate, so plan name auto detected from feature
// ref: https://github.com/appscode/offline-license-server/blob/v0.0.20/pkg/server/constants.go#L50-L59
features := sets.NewString(cert.Subject.Organization...)
if features.Has("kubedb-enterprise") {
license.PlanName = "kubedb-enterprise"
} else if features.Has("kubedb-community") {
license.PlanName = "kubedb-community"
} else if features.Has("stash-enterprise") {
license.PlanName = "stash-enterprise"
} else if features.Has("stash-community") {
license.PlanName = "stash-community"
}
}

var user *v1alpha1.User
Expand Down Expand Up @@ -127,11 +143,11 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) {
license.Reason = e2.Error()
return license, e2
}
products := strings.FieldsFunc(opts.ProductName, func(r rune) bool {
features := strings.FieldsFunc(opts.Features, func(r rune) bool {
return unicode.IsSpace(r) || r == ',' || r == ';'
})
if !sets.NewString(cert.Subject.Organization...).HasAny(products...) {
e2 := fmt.Errorf("license was not issued for %s", opts.ProductName)
if !sets.NewString(cert.Subject.Organization...).HasAny(features...) {
e2 := fmt.Errorf("license was not issued for %s", opts.Features)
license.Status = v1alpha1.LicenseExpired
license.Reason = e2.Error()
return license, e2
Expand Down
4 changes: 2 additions & 2 deletions vendor/modules.txt
View file
Expand Up @@ -131,12 +131,12 @@ github.com/yudai/gojsondiff
github.com/yudai/gojsondiff/formatter
# github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82
github.com/yudai/golcs
# go.bytebuilders.dev/license-verifier v0.7.1
# go.bytebuilders.dev/license-verifier v0.8.0
go.bytebuilders.dev/license-verifier
go.bytebuilders.dev/license-verifier/apis/licenses
go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1
go.bytebuilders.dev/license-verifier/info
# go.bytebuilders.dev/license-verifier/kubernetes v0.7.1
# go.bytebuilders.dev/license-verifier/kubernetes v0.8.0
go.bytebuilders.dev/license-verifier/kubernetes
# golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
golang.org/x/crypto/ssh/terminal
Expand Down

0 comments on commit cf982cc

Please sign in to comment.