From 2da7f9fb9b87ce983bb6288abe71dbd4a413caad Mon Sep 17 00:00:00 2001 From: lgtm <1gtm@users.noreply.github.com> Date: Tue, 6 Apr 2021 19:26:35 -0700 Subject: [PATCH] [cherry-pick] Update license verifier to v0.8.0 (#738) /cherry-pick Signed-off-by: Tamal Saha Co-authored-by: Tamal Saha --- go.mod | 2 +- go.sum | 8 ++--- .../apis/licenses/v1alpha1/types.go | 3 +- .../v1alpha1/zz_generated.deepcopy.go | 4 +-- .../license-verifier/info/lib.go | 2 +- .../license-verifier/kubernetes/go.mod | 2 +- .../license-verifier/kubernetes/lib.go | 28 +++++++++------- .../license-verifier/lib.go | 32 ++++++++++++++----- vendor/modules.txt | 4 +-- 9 files changed, 54 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 3c1166d22..c483a5e24 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/onsi/gomega v1.10.5 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/cobra v1.1.1 - go.bytebuilders.dev/license-verifier/kubernetes v0.7.1 + go.bytebuilders.dev/license-verifier/kubernetes v0.8.0 gomodules.xyz/x v0.0.0-20201105065653-91c568df6331 k8s.io/api v0.18.9 k8s.io/apimachinery v0.18.9 diff --git a/go.sum b/go.sum index fd7f42b22..2170530e7 100644 --- a/go.sum +++ b/go.sum @@ -581,10 +581,10 @@ github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDf github.com/yudai/pp v2.0.1+incompatible h1:Q4//iY4pNF6yPLZIigmvcl7k/bPgrcTPIFIcmawg5bI= github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.bytebuilders.dev/license-verifier v0.7.1 h1:ea2HO0Qfu/Li6lR5ZFs0E0uPDwFW4NZGszX5NSRhLio= -go.bytebuilders.dev/license-verifier v0.7.1/go.mod h1:N7fJxdaBJQ9seOGFg+trJQ3eWwy/ga6YZi0wlvdDQi0= -go.bytebuilders.dev/license-verifier/kubernetes v0.7.1 h1:JogI0Y+MQRIdQd0fH9uFtJuimrOgwThAbl9mfxyF0DM= -go.bytebuilders.dev/license-verifier/kubernetes v0.7.1/go.mod h1:92LIvidYIGntnkUJJKjRH3s6qdgyiHRZFeBd14Efl3c= +go.bytebuilders.dev/license-verifier v0.8.0 h1:lLnz+v65UuHcpMuWRiINDOI+HmwETNehtjm44+dauMo= +go.bytebuilders.dev/license-verifier v0.8.0/go.mod h1:N7fJxdaBJQ9seOGFg+trJQ3eWwy/ga6YZi0wlvdDQi0= +go.bytebuilders.dev/license-verifier/kubernetes v0.8.0 h1:RyXeFcib/Mr6dwyeSCkvpX8u+696CWXnH3FYXCEYdxs= +go.bytebuilders.dev/license-verifier/kubernetes v0.8.0/go.mod h1:xyLTXiI5SEefYKQSNq/ozFpJChwb2Xp+8x4SMJ9180Q= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= diff --git a/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/types.go b/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/types.go index a0b4e8706..f5528e624 100644 --- a/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/types.go +++ b/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/types.go @@ -27,7 +27,8 @@ type License struct { metav1.TypeMeta `json:",inline,omitempty"` Issuer string `json:"issuer,omitempty"` // byte.builders - Products []string `json:"products,omitempty"` + Features []string `json:"features,omitempty"` + PlanName string `json:"planName,omitempty"` Clusters []string `json:"clusters,omitempty"` // cluster_id ? User *User `json:"user,omitempty"` NotBefore *metav1.Time `json:"notBefore,omitempty"` // start of subscription start diff --git a/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/zz_generated.deepcopy.go b/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/zz_generated.deepcopy.go index 1b6f8bae0..d57524e32 100644 --- a/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1/zz_generated.deepcopy.go @@ -28,8 +28,8 @@ import ( func (in *License) DeepCopyInto(out *License) { *out = *in out.TypeMeta = in.TypeMeta - if in.Products != nil { - in, out := &in.Products, &out.Products + if in.Features != nil { + in, out := &in.Features, &out.Features *out = make([]string, len(*in)) copy(*out, *in) } diff --git a/vendor/go.bytebuilders.dev/license-verifier/info/lib.go b/vendor/go.bytebuilders.dev/license-verifier/info/lib.go index 03d5a8054..04d799e25 100644 --- a/vendor/go.bytebuilders.dev/license-verifier/info/lib.go +++ b/vendor/go.bytebuilders.dev/license-verifier/info/lib.go @@ -25,7 +25,7 @@ var ( ProductOwnerName string ProductOwnerUID string - ProductName string + ProductName string // This has been renamed to Features ProductUID string ) diff --git a/vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod b/vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod index 8b49631a5..f180726d5 100644 --- a/vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod +++ b/vendor/go.bytebuilders.dev/license-verifier/kubernetes/go.mod @@ -4,7 +4,7 @@ go 1.14 require ( github.com/gogo/protobuf v1.3.1 - go.bytebuilders.dev/license-verifier v0.7.1 + go.bytebuilders.dev/license-verifier v0.8.0 k8s.io/api v0.18.9 k8s.io/apimachinery v0.18.9 k8s.io/apiserver v0.18.9 diff --git a/vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go b/vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go index 0fcb907fa..8c060814a 100644 --- a/vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go +++ b/vendor/go.bytebuilders.dev/license-verifier/kubernetes/lib.go @@ -73,8 +73,8 @@ func NewLicenseEnforcer(config *rest.Config, licenseFile string) *LicenseEnforce licenseFile: licenseFile, config: config, opts: &verifier.Options{ - CACert: []byte(info.LicenseCA), - ProductName: info.ProductName, + CACert: []byte(info.LicenseCA), + Features: info.ProductName, }, } } @@ -110,9 +110,15 @@ func (le *LicenseEnforcer) podName() (string, error) { func (le *LicenseEnforcer) handleLicenseVerificationFailure(licenseErr error) error { // Send interrupt so that all go-routines shut-down gracefully + // https://pracucci.com/graceful-shutdown-of-kubernetes-pods.html + // https://linuxhandbook.com/sigterm-vs-sigkill/ + // https://pracucci.com/graceful-shutdown-of-kubernetes-pods.html //nolint:errcheck defer func() { - _ = syscall.Kill(syscall.Getpid(), syscall.SIGINT) + // Need to send signal twice because + // we catch the first INT/TERM signal + // ref: https://github.com/kubernetes/apiserver/blob/8d97c871d91c75b81b8b4c438f4dd1eaa7f35052/pkg/server/signal.go#L47-L51 + _ = syscall.Kill(syscall.Getpid(), syscall.SIGTERM) time.Sleep(30 * time.Second) _ = syscall.Kill(syscall.Getpid(), syscall.SIGKILL) }() @@ -220,8 +226,8 @@ func VerifyLicensePeriodically(config *rest.Config, licenseFile string, stopCh < licenseFile: licenseFile, config: config, opts: &verifier.Options{ - CACert: []byte(info.LicenseCA), - ProductName: info.ProductName, + CACert: []byte(info.LicenseCA), + Features: info.ProductName, }, } // Create Kubernetes client @@ -271,8 +277,8 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error { licenseFile: licenseFile, config: config, opts: &verifier.Options{ - CACert: []byte(info.LicenseCA), - ProductName: info.ProductName, + CACert: []byte(info.LicenseCA), + Features: info.ProductName, }, } // Create Kubernetes client @@ -299,8 +305,8 @@ func CheckLicenseFile(config *rest.Config, licenseFile string) error { return nil } -// CheckLicenseEndpoint verifies whether the provided api server has a valid license is valid for products. -func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, products []string) error { +// CheckLicenseEndpoint verifies whether the provided api server has a valid license is valid for features. +func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, features []string) error { aggrClient, err := clientset.NewForConfig(config) if err != nil { return err @@ -350,8 +356,8 @@ func CheckLicenseEndpoint(config *rest.Config, apiServiceName string, products [ return fmt.Errorf("license %s is not active, status: %s, reason: %s", license.ID, license.Status, license.Reason) } - if !sets.NewString(license.Products...).HasAny(products...) { - return fmt.Errorf("license %s is not valid for products %q", license.ID, strings.Join(products, ",")) + if !sets.NewString(license.Features...).HasAny(features...) { + return fmt.Errorf("license %s is not valid for products %q", license.ID, strings.Join(features, ",")) } return nil } diff --git a/vendor/go.bytebuilders.dev/license-verifier/lib.go b/vendor/go.bytebuilders.dev/license-verifier/lib.go index aff87ae88..7544a36b7 100644 --- a/vendor/go.bytebuilders.dev/license-verifier/lib.go +++ b/vendor/go.bytebuilders.dev/license-verifier/lib.go @@ -31,10 +31,10 @@ import ( ) type Options struct { - ClusterUID string `json:"clusterUID"` - ProductName string `json:"productName"` - CACert []byte `json:"caCert,omitempty"` - License []byte `json:"license"` + ClusterUID string `json:"clusterUID"` + Features string `json:"features"` + CACert []byte `json:"caCert,omitempty"` + License []byte `json:"license"` } func VerifyLicense(opts *Options) (v1alpha1.License, error) { @@ -84,7 +84,23 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) { NotBefore: &metav1.Time{Time: cert.NotBefore}, NotAfter: &metav1.Time{Time: cert.NotAfter}, ID: cert.SerialNumber.String(), - Products: cert.Subject.Organization, + Features: cert.Subject.Organization, + } + if len(cert.Subject.OrganizationalUnit) > 0 { + license.PlanName = cert.Subject.OrganizationalUnit[0] + } else { + // old certificate, so plan name auto detected from feature + // ref: https://github.com/appscode/offline-license-server/blob/v0.0.20/pkg/server/constants.go#L50-L59 + features := sets.NewString(cert.Subject.Organization...) + if features.Has("kubedb-enterprise") { + license.PlanName = "kubedb-enterprise" + } else if features.Has("kubedb-community") { + license.PlanName = "kubedb-community" + } else if features.Has("stash-enterprise") { + license.PlanName = "stash-enterprise" + } else if features.Has("stash-community") { + license.PlanName = "stash-community" + } } var user *v1alpha1.User @@ -127,11 +143,11 @@ func VerifyLicense(opts *Options) (v1alpha1.License, error) { license.Reason = e2.Error() return license, e2 } - products := strings.FieldsFunc(opts.ProductName, func(r rune) bool { + features := strings.FieldsFunc(opts.Features, func(r rune) bool { return unicode.IsSpace(r) || r == ',' || r == ';' }) - if !sets.NewString(cert.Subject.Organization...).HasAny(products...) { - e2 := fmt.Errorf("license was not issued for %s", opts.ProductName) + if !sets.NewString(cert.Subject.Organization...).HasAny(features...) { + e2 := fmt.Errorf("license was not issued for %s", opts.Features) license.Status = v1alpha1.LicenseExpired license.Reason = e2.Error() return license, e2 diff --git a/vendor/modules.txt b/vendor/modules.txt index d5d28d452..02e77dc1d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -131,12 +131,12 @@ github.com/yudai/gojsondiff github.com/yudai/gojsondiff/formatter # github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 github.com/yudai/golcs -# go.bytebuilders.dev/license-verifier v0.7.1 +# go.bytebuilders.dev/license-verifier v0.8.0 go.bytebuilders.dev/license-verifier go.bytebuilders.dev/license-verifier/apis/licenses go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1 go.bytebuilders.dev/license-verifier/info -# go.bytebuilders.dev/license-verifier/kubernetes v0.7.1 +# go.bytebuilders.dev/license-verifier/kubernetes v0.8.0 go.bytebuilders.dev/license-verifier/kubernetes # golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 golang.org/x/crypto/ssh/terminal