[cherry-pick] Update license verifier to v0.8.0

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/onsi/gomega v1.10.5 // indirect
 	github.com/sergi/go-diff v1.1.0 // indirect
 	github.com/spf13/cobra v1.1.1
-	go.bytebuilders.dev/license-verifier/kubernetes v0.7.1
+	go.bytebuilders.dev/license-verifier/kubernetes v0.8.0
 	gomodules.xyz/x v0.0.0-20201105065653-91c568df6331
 	k8s.io/api v0.18.9
 	k8s.io/apimachinery v0.18.9

go.sum

@@ -581,10 +581,10 @@ github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDf
 github.com/yudai/pp v2.0.1+incompatible h1:Q4//iY4pNF6yPLZIigmvcl7k/bPgrcTPIFIcmawg5bI=
 github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.bytebuilders.dev/license-verifier v0.7.1 h1:ea2HO0Qfu/Li6lR5ZFs0E0uPDwFW4NZGszX5NSRhLio=
-go.bytebuilders.dev/license-verifier v0.7.1/go.mod h1:N7fJxdaBJQ9seOGFg+trJQ3eWwy/ga6YZi0wlvdDQi0=
-go.bytebuilders.dev/license-verifier/kubernetes v0.7.1 h1:JogI0Y+MQRIdQd0fH9uFtJuimrOgwThAbl9mfxyF0DM=
-go.bytebuilders.dev/license-verifier/kubernetes v0.7.1/go.mod h1:92LIvidYIGntnkUJJKjRH3s6qdgyiHRZFeBd14Efl3c=
+go.bytebuilders.dev/license-verifier v0.8.0 h1:lLnz+v65UuHcpMuWRiINDOI+HmwETNehtjm44+dauMo=
+go.bytebuilders.dev/license-verifier v0.8.0/go.mod h1:N7fJxdaBJQ9seOGFg+trJQ3eWwy/ga6YZi0wlvdDQi0=
+go.bytebuilders.dev/license-verifier/kubernetes v0.8.0 h1:RyXeFcib/Mr6dwyeSCkvpX8u+696CWXnH3FYXCEYdxs=
+go.bytebuilders.dev/license-verifier/kubernetes v0.8.0/go.mod h1:xyLTXiI5SEefYKQSNq/ozFpJChwb2Xp+8x4SMJ9180Q=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=

vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/types.go

@@ -27,7 +27,8 @@ type License struct {
 	metav1.TypeMeta `json:",inline,omitempty"`
 
 	Issuer    string        `json:"issuer,omitempty"` // byte.builders
-	Products  []string      `json:"products,omitempty"`
+	Features  []string      `json:"features,omitempty"`
+	PlanName  string        `json:"planName,omitempty"`
 	Clusters  []string      `json:"clusters,omitempty"` // cluster_id ?
 	User      *User         `json:"user,omitempty"`
 	NotBefore *metav1.Time  `json:"notBefore,omitempty"` // start of subscription start

vendor/go.bytebuilders.dev/license-verifier/info/lib.go

@@ -25,7 +25,7 @@ var (
 	ProductOwnerName string
 	ProductOwnerUID  string
 
-	ProductName string
+	ProductName string // This has been renamed to Features
 	ProductUID  string
 )
 

vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod

@@ -4,7 +4,7 @@ go 1.14
 
 require (
 	github.com/gogo/protobuf v1.3.1
-	go.bytebuilders.dev/license-verifier v0.7.1
+	go.bytebuilders.dev/license-verifier v0.8.0
 	k8s.io/api v0.18.9
 	k8s.io/apimachinery v0.18.9
 	k8s.io/apiserver v0.18.9

vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go

@@ -73,8 +73,8 @@ func NewLicenseEnforcer(config *rest.Config, licenseFile string) *LicenseEnforce
 		licenseFile: licenseFile,
 		config:      config,
 		opts: &verifier.Options{
-			CACert:      []byte(info.LicenseCA),
-			ProductName: info.ProductName,
+			CACert:   []byte(info.LicenseCA),
+			Features: info.ProductName,
 		},
 	}
 }
@@ -110,9 +110,15 @@ func (le *LicenseEnforcer) podName() (string, error) {
 
 func (le *LicenseEnforcer) handleLicenseVerificationFailure(licenseErr error) error {
 	// Send interrupt so that all go-routines shut-down gracefully
+	// https://pracucci.com/graceful-shutdown-of-kubernetes-pods.html
+	// https://linuxhandbook.com/sigterm-vs-sigkill/
+	// https://pracucci.com/graceful-shutdown-of-kubernetes-pods.html
 	//nolint:errcheck
 	defer func() {
-		_ = syscall.Kill(syscall.Getpid(), syscall.SIGINT)
+		// Need to send signal twice because
+		// we catch the first INT/TERM signal
+		// ref: https://github.com/kubernetes/apiserver/blob/8d97c871d91c75b81b8b4c438f4dd1eaa7f35052/pkg/server/signal.go#L47-L51
+		_ = syscall.Kill(syscall.Getpid(), syscall.SIGTERM)
 		time.Sleep(30 * time.Second)
 		_ = syscall.Kill(syscall.Getpid(), syscall.SIGKILL)
 	}()
@@ -220,8 +226,8 @@ func VerifyLicensePeriodically(config *rest.Config, licenseFile string, stopCh <
 		licenseFile: licenseFile,
 		config:      config,
 		opts: &verifier.Options{
-			CACert:      []byte(info.LicenseCA),
-			ProductName: info.ProductName,
+			CACert:   []byte(info.LicenseCA),
+			Features: info.ProductName,
 		},
 	}
 	// Create Kubernetes client
@@ -271,8 +277,8 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error {
 		licenseFile: licenseFile,
 		config:      config,
 		opts: &verifier.Options{
-			CACert:      []byte(info.LicenseCA),
-			ProductName: info.ProductName,
+			CACert:   []byte(info.LicenseCA),
+			Features: info.ProductName,
 		},
 	}
 	// Create Kubernetes client
@@ -299,8 +305,8 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error {
 	return nil
 }
 
-// CheckLicenseEndpoint verifies whether the provided api server has a valid license is valid for products.
-func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, products []string) error {
+// CheckLicenseEndpoint verifies whether the provided api server has a valid license is valid for features.
+func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, features []string) error {
 	aggrClient, err := clientset.NewForConfig(config)
 	if err != nil {
 		return err
@@ -350,8 +356,8 @@ func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, products [
 		return fmt.Errorf("license %s is not active, status: %s, reason: %s", license.ID, license.Status, license.Reason)
 	}
 
-	if !sets.NewString(license.Products...).HasAny(products...) {
-		return fmt.Errorf("license %s is not valid for products %q", license.ID, strings.Join(products, ","))
+	if !sets.NewString(license.Features...).HasAny(features...) {
+		return fmt.Errorf("license %s is not valid for products %q", license.ID, strings.Join(features, ","))
 	}
 	return nil
 }

vendor/go.bytebuilders.dev/license-verifier/lib.go

@@ -31,10 +31,10 @@ import (
 )
 
 type Options struct {
-	ClusterUID  string `json:"clusterUID"`
-	ProductName string `json:"productName"`
-	CACert      []byte `json:"caCert,omitempty"`
-	License     []byte `json:"license"`
+	ClusterUID string `json:"clusterUID"`
+	Features   string `json:"features"`
+	CACert     []byte `json:"caCert,omitempty"`
+	License    []byte `json:"license"`
 }
 
 func VerifyLicense(opts *Options) (v1alpha1.License, error) {
@@ -84,7 +84,23 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) {
 		NotBefore: &metav1.Time{Time: cert.NotBefore},
 		NotAfter:  &metav1.Time{Time: cert.NotAfter},
 		ID:        cert.SerialNumber.String(),
-		Products:  cert.Subject.Organization,
+		Features:  cert.Subject.Organization,
+	}
+	if len(cert.Subject.OrganizationalUnit) > 0 {
+		license.PlanName = cert.Subject.OrganizationalUnit[0]
+	} else {
+		// old certificate, so plan name auto detected from feature
+		// ref: https://github.com/appscode/offline-license-server/blob/v0.0.20/pkg/server/constants.go#L50-L59
+		features := sets.NewString(cert.Subject.Organization...)
+		if features.Has("kubedb-enterprise") {
+			license.PlanName = "kubedb-enterprise"
+		} else if features.Has("kubedb-community") {
+			license.PlanName = "kubedb-community"
+		} else if features.Has("stash-enterprise") {
+			license.PlanName = "stash-enterprise"
+		} else if features.Has("stash-community") {
+			license.PlanName = "stash-community"
+		}
 	}
 
 	var user *v1alpha1.User
@@ -127,11 +143,11 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) {
 		license.Reason = e2.Error()
 		return license, e2
 	}
-	products := strings.FieldsFunc(opts.ProductName, func(r rune) bool {
+	features := strings.FieldsFunc(opts.Features, func(r rune) bool {
 		return unicode.IsSpace(r) || r == ',' || r == ';'
 	})
-	if !sets.NewString(cert.Subject.Organization...).HasAny(products...) {
-		e2 := fmt.Errorf("license was not issued for %s", opts.ProductName)
+	if !sets.NewString(cert.Subject.Organization...).HasAny(features...) {
+		e2 := fmt.Errorf("license was not issued for %s", opts.Features)
 		license.Status = v1alpha1.LicenseExpired
 		license.Reason = e2.Error()
 		return license, e2

vendor/modules.txt

@@ -131,12 +131,12 @@ github.com/yudai/gojsondiff
 github.com/yudai/gojsondiff/formatter
 # github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82
 github.com/yudai/golcs
-# go.bytebuilders.dev/license-verifier v0.7.1
+# go.bytebuilders.dev/license-verifier v0.8.0
 go.bytebuilders.dev/license-verifier
 go.bytebuilders.dev/license-verifier/apis/licenses
 go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1
 go.bytebuilders.dev/license-verifier/info
-# go.bytebuilders.dev/license-verifier/kubernetes v0.7.1
+# go.bytebuilders.dev/license-verifier/kubernetes v0.8.0
 go.bytebuilders.dev/license-verifier/kubernetes
 # golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
 golang.org/x/crypto/ssh/terminal