Update license verifier (#1400)

Signed-off-by: Tamal Saha <tamal@appscode.com>

Author: tamalsaha

go.mod

@@ -14,9 +14,9 @@ require (
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
-	go.bytebuilders.dev/audit v0.0.12
-	go.bytebuilders.dev/license-verifier v0.9.5
-	go.bytebuilders.dev/license-verifier/kubernetes v0.9.5
+	go.bytebuilders.dev/audit v0.0.13
+	go.bytebuilders.dev/license-verifier v0.9.6
+	go.bytebuilders.dev/license-verifier/kubernetes v0.9.6
 	gomodules.xyz/blobfs v0.1.7
 	gomodules.xyz/cert v1.2.0
 	gomodules.xyz/encoding v0.0.2
@@ -39,7 +39,7 @@ require (
 	k8s.io/kubernetes v1.21.1
 	kmodules.xyz/client-go v0.0.0-20211122091731-6c471b24a4ea
 	kmodules.xyz/constants v0.0.0-20210218100002-2c304bfda278
-	kmodules.xyz/custom-resources v0.0.0-20211007080833-72bd9e8cae6e
+	kmodules.xyz/custom-resources v0.0.0-20211122142737-3bf3dbd8ac52
 	kmodules.xyz/objectstore-api v0.0.0-20210928135706-fdf68f88ea6e
 	kmodules.xyz/offshoot-api v0.0.0-20210829122105-6f4d481b0c61
 	kmodules.xyz/openshift v0.0.0-20210618001443-f2507caa512f

go.sum

@@ -772,13 +772,13 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.bytebuilders.dev/audit v0.0.12 h1:B8kXU/HRJ9ss2J8wEAEBjClFSOE3U4v5IkZQtRH641E=
-go.bytebuilders.dev/audit v0.0.12/go.mod h1:ByBiBbgRf3y+frLEWnxjJJCYn4rXN5TTb9Dc0Kfr0tI=
+go.bytebuilders.dev/audit v0.0.13 h1:Ne2tYw6aM7p5fbGOxQWfhQvGyv0IVZphLBAK3rMLGFE=
+go.bytebuilders.dev/audit v0.0.13/go.mod h1:p5z/qZKf9awnjs8mKSWiwz1OwUdzbK5SXKi+Xtww5HQ=
 go.bytebuilders.dev/license-verifier v0.9.3/go.mod h1:GpIW0o8O0wpiBVt7IIz4z7bcPuG8nza8/bCDkaupDn8=
-go.bytebuilders.dev/license-verifier v0.9.5 h1:XUbFH3LzHSpQFtVS/MiT5RN0gr/KNNBvnOm78KYoAEQ=
-go.bytebuilders.dev/license-verifier v0.9.5/go.mod h1:GpIW0o8O0wpiBVt7IIz4z7bcPuG8nza8/bCDkaupDn8=
-go.bytebuilders.dev/license-verifier/kubernetes v0.9.5 h1:KWzmh4qZ+3cR8LpBuUfufb2goK5NuULyE0uKYgt3D50=
-go.bytebuilders.dev/license-verifier/kubernetes v0.9.5/go.mod h1:mg5pZDweHlpTTw57kOdLj4bU107hHVP/1xTKKZ1eUNc=
+go.bytebuilders.dev/license-verifier v0.9.6 h1:nT4Eplu0OQWM7Re81ZQibkYKeno6nDAwOzaz14Yvadc=
+go.bytebuilders.dev/license-verifier v0.9.6/go.mod h1:GpIW0o8O0wpiBVt7IIz4z7bcPuG8nza8/bCDkaupDn8=
+go.bytebuilders.dev/license-verifier/kubernetes v0.9.6 h1:QwiUgNug1pD4cwxLuSQmSLn1WvvNreKfBajdymoRmeM=
+go.bytebuilders.dev/license-verifier/kubernetes v0.9.6/go.mod h1:b1oIjrDuNN1T3d1ixnr020hi2i0sXlR7CIsWrhkzga4=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
@@ -1222,15 +1222,15 @@ kmodules.xyz/apiversion v0.2.0/go.mod h1:oPX8g8LvlPdPX3Yc5YvCzJHQnw3YF/X4/jdW0b1
 kmodules.xyz/client-go v0.0.0-20210617233340-13d22e91512b/go.mod h1:A6GAK6xP5zBuWK6A/vUkkjKzcuywkms7fIxRf5wblO4=
 kmodules.xyz/client-go v0.0.0-20210928133955-8df5bb467db6/go.mod h1:0gkPeALtYjB27OHt4rd6+ZmMgoVTHVLtEJQeU23/gtA=
 kmodules.xyz/client-go v0.0.0-20211013093146-1fbfd52e78c9/go.mod h1:0gkPeALtYjB27OHt4rd6+ZmMgoVTHVLtEJQeU23/gtA=
-kmodules.xyz/client-go v0.0.0-20211028132207-0cf6ea46b030/go.mod h1:ENUu8pPK19xzBkVpAJHoGCI2QRvb1SqffWRt0K2sV5I=
 kmodules.xyz/client-go v0.0.0-20211107190155-5bb4090d2728/go.mod h1:ENUu8pPK19xzBkVpAJHoGCI2QRvb1SqffWRt0K2sV5I=
 kmodules.xyz/client-go v0.0.0-20211122091731-6c471b24a4ea h1:z5Li57oxum0018ryWpI5w5HYVFgI2S2cVj27R76IRnU=
 kmodules.xyz/client-go v0.0.0-20211122091731-6c471b24a4ea/go.mod h1:ENUu8pPK19xzBkVpAJHoGCI2QRvb1SqffWRt0K2sV5I=
 kmodules.xyz/constants v0.0.0-20210218100002-2c304bfda278 h1:sFmqh4EaiZ4K2FkkGvrDFddstq8GSf6ogH24IAsuKew=
 kmodules.xyz/constants v0.0.0-20210218100002-2c304bfda278/go.mod h1:DbiFk1bJ1KEO94t1SlAn7tzc+Zz95rSXgyUKa2nzPmY=
 kmodules.xyz/crd-schema-fuzz v0.0.0-20210618002152-fae23aef5fb4/go.mod h1:IIkUctlfoptoci0BOrsUf8ya+MOG5uaeh1PE4uzaIbA=
-kmodules.xyz/custom-resources v0.0.0-20211007080833-72bd9e8cae6e h1:0IEUFAJPgwPx3+Zb1BMcHLywKhJtXMk6YCHNsjWJwYQ=
 kmodules.xyz/custom-resources v0.0.0-20211007080833-72bd9e8cae6e/go.mod h1:pGabego8q4oi/2sNjhdtFkgVaVw4AyGv14GO6VtAjTw=
+kmodules.xyz/custom-resources v0.0.0-20211122142737-3bf3dbd8ac52 h1:UWVpU7y5znTUusU+JhPB+ojh26f6K2v8sNb37U1DolQ=
+kmodules.xyz/custom-resources v0.0.0-20211122142737-3bf3dbd8ac52/go.mod h1:yHLFe4wVYxepTnN00CFUf29xH+jEHDokq6d2fbp9pks=
 kmodules.xyz/objectstore-api v0.0.0-20210928135706-fdf68f88ea6e h1:2QZBUcUI6r7mLU5/9+Xxd1eDClEIEkZkJlyCU91UoY8=
 kmodules.xyz/objectstore-api v0.0.0-20210928135706-fdf68f88ea6e/go.mod h1:Tkcf9uTplnrJ6C8o0zlw2kpgS1SaWAiMO5P2YgLjTo8=
 kmodules.xyz/offshoot-api v0.0.0-20210829122105-6f4d481b0c61 h1:J56UGmRFddu6tERRd8BELmP5QbXxievzb+6vAjFptiM=

pkg/cmds/server/options.go

@@ -27,6 +27,7 @@ import (
 
 	"github.com/spf13/pflag"
 	licenseapi "go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1"
+	"go.bytebuilders.dev/license-verifier/info"
 	license "go.bytebuilders.dev/license-verifier/kubernetes"
 	crd_cs "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -114,14 +115,14 @@ func (s *ExtraOptions) ApplyTo(cfg *controller.Config) error {
 	cfg.RestoreJobPSPNames = s.RestoreJobPSPNames
 
 	if cfg.LicenseFile != "" {
-		info := license.NewLicenseEnforcer(cfg.ClientConfig, cfg.LicenseFile).LoadLicense()
-		if info.Status != licenseapi.LicenseActive {
-			return fmt.Errorf("license status %s, reason: %s", info.Status, info.Reason)
+		l := license.NewLicenseEnforcer(cfg.ClientConfig, cfg.LicenseFile).LoadLicense()
+		if l.Status != licenseapi.LicenseActive {
+			return fmt.Errorf("license status %s, reason: %s", l.Status, l.Reason)
 		}
-		if !sets.NewString(info.Features...).HasAny("stash-community", "kubedb-ext-stash") {
+		if !sets.NewString(l.Features...).HasAny(info.Features()...) {
 			return fmt.Errorf("not a valid license for this product")
 		}
-		cfg.License = info
+		cfg.License = l
 	}
 
 	if cfg.KubeClient, err = kubernetes.NewForConfig(cfg.ClientConfig); err != nil {

vendor/go.bytebuilders.dev/audit/lib/nats.go

@@ -61,7 +61,7 @@ func NewNatsConfig(clusterID string, LicenseFile string) (*NatsConfig, error) {
 
 	opts := verifier.Options{
 		ClusterUID: clusterID,
-		Features:   info.ProductName,
+		Features:   info.Features(),
 		CACert:     []byte(info.LicenseCA),
 		License:    licenseBytes,
 	}

vendor/go.bytebuilders.dev/license-verifier/Makefile

@@ -61,8 +61,8 @@ BIN_PLATFORMS    := $(DOCKER_PLATFORMS) windows/amd64 darwin/amd64
 OS   := $(if $(GOOS),$(GOOS),$(shell go env GOOS))
 ARCH := $(if $(GOARCH),$(GOARCH),$(shell go env GOARCH))
 
-BASEIMAGE_PROD   ?= gcr.io/distroless/static-debian10
-BASEIMAGE_DBG    ?= debian:buster
+BASEIMAGE_PROD   ?= gcr.io/distroless/static-debian11
+BASEIMAGE_DBG    ?= debian:bullseye
 
 GO_VERSION       ?= 1.17
 BUILD_IMAGE      ?= appscode/golang-dev:$(GO_VERSION)

vendor/go.bytebuilders.dev/license-verifier/info/lib.go

@@ -20,6 +20,8 @@ import (
 	"net/url"
 	"path"
 	"strconv"
+	"strings"
+	"unicode"
 )
 
 var (
@@ -37,6 +39,12 @@ var (
 	registrationAPIPath = "api/v1/register"
 )
 
+func Features() []string {
+	return strings.FieldsFunc(ProductName, func(r rune) bool {
+		return unicode.IsSpace(r) || r == ',' || r == ';'
+	})
+}
+
 func SkipLicenseVerification() bool {
 	v, _ := strconv.ParseBool(EnforceLicense)
 	return !v

vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod

@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/gogo/protobuf v1.3.2
-	go.bytebuilders.dev/license-verifier v0.9.5
+	go.bytebuilders.dev/license-verifier v0.9.6
 	k8s.io/api v0.21.1
 	k8s.io/apimachinery v0.21.1
 	k8s.io/apiserver v0.21.1

vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go

@@ -74,7 +74,7 @@ func NewLicenseEnforcer(config *rest.Config, licenseFile string) *LicenseEnforce
 		config:      config,
 		opts: &verifier.Options{
 			CACert:   []byte(info.LicenseCA),
-			Features: info.ProductName,
+			Features: info.Features(),
 		},
 	}
 }
@@ -227,7 +227,7 @@ func VerifyLicensePeriodically(config *rest.Config, licenseFile string, stopCh <
 		config:      config,
 		opts: &verifier.Options{
 			CACert:   []byte(info.LicenseCA),
-			Features: info.ProductName,
+			Features: info.Features(),
 		},
 	}
 
@@ -286,7 +286,7 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error {
 		config:      config,
 		opts: &verifier.Options{
 			CACert:   []byte(info.LicenseCA),
-			Features: info.ProductName,
+			Features: info.Features(),
 		},
 	}
 

vendor/go.bytebuilders.dev/license-verifier/lib.go

@@ -20,10 +20,8 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"strings"
-	"unicode"
-
 	"go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1"
+	"strings"
 
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -32,7 +30,7 @@ import (
 
 type Options struct {
 	ClusterUID string `json:"clusterUID"`
-	Features   string `json:"features"`
+	Features   []string `json:"features"`
 	CACert     []byte `json:"caCert,omitempty"`
 	License    []byte `json:"license"`
 }
@@ -165,10 +163,7 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) {
 		license.Reason = e2.Error()
 		return license, e2
 	}
-	features := strings.FieldsFunc(opts.Features, func(r rune) bool {
-		return unicode.IsSpace(r) || r == ',' || r == ';'
-	})
-	if !sets.NewString(cert.Subject.Organization...).HasAny(features...) {
+	if !sets.NewString(cert.Subject.Organization...).HasAny(opts.Features...) {
 		e2 := fmt.Errorf("license was not issued for %s", opts.Features)
 		license.Status = v1alpha1.LicenseExpired
 		license.Reason = e2.Error()