constellation/internal/license/license.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

// Package license provides functions to check a user's Constellation license.
package license

import (
	"bytes"
	"context"
	"encoding/json"
	"fmt"
	"net/http"
	"net/url"
)

const (
	// CommunityLicense is used by everyone who has not bought an enterprise license.
	CommunityLicense = "00000000-0000-0000-0000-000000000000"
	apiHost          = "license.confidential.cloud"
	licensePath      = "api/v1/license"
)

type (
	// Action performed by Constellation.
	Action string
)

const (
	// Init action denotes the initialization of a Constellation cluster.
	Init Action = "init"
	// test action is only to be used in testing.
	test Action = "test"
)

// Client interacts with the ES license server.
type Client struct {
	httpClient *http.Client
}

// NewClient creates a new client to interact with ES license server.
func NewClient() *Client {
	return &Client{
		httpClient: http.DefaultClient,
	}
}

// QuotaCheckRequest is JSON request to license server to check quota for a given license and action.
type QuotaCheckRequest struct {
	Action   Action `json:"action"`
	Provider string `json:"provider"`
	License  string `json:"license"`
}

// QuotaCheckResponse is JSON response by license server.
type QuotaCheckResponse struct {
	Quota int `json:"quota"`
}

// QuotaCheck for a given license and action, passed via CheckQuotaRequest.
func (c *Client) QuotaCheck(ctx context.Context, checkRequest QuotaCheckRequest) (QuotaCheckResponse, error) {
	reqBody, err := json.Marshal(checkRequest)
	if err != nil {
		return QuotaCheckResponse{}, fmt.Errorf("unable to marshal input: %w", err)
	}
	req, err := http.NewRequestWithContext(ctx, http.MethodPost, licenseURL().String(), bytes.NewBuffer(reqBody))
	if err != nil {
		return QuotaCheckResponse{}, fmt.Errorf("unable to create request: %w", err)
	}
	resp, err := c.httpClient.Do(req)
	if err != nil {
		return QuotaCheckResponse{}, fmt.Errorf("unable to do request: %w", err)
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		return QuotaCheckResponse{}, fmt.Errorf("http error %d", resp.StatusCode)
	}

	responseContentType := resp.Header.Get("Content-Type")
	if responseContentType != "application/json" {
		return QuotaCheckResponse{}, fmt.Errorf("expected server JSON response but got '%s'", responseContentType)
	}

	var parsedResponse QuotaCheckResponse
	err = json.NewDecoder(resp.Body).Decode(&parsedResponse)
	if err != nil {
		return QuotaCheckResponse{}, fmt.Errorf("unable to parse response: %w", err)
	}

	return parsedResponse, nil
}

func licenseURL() *url.URL {
	return &url.URL{
		Scheme: "https",
		Host:   apiHost,
		Path:   licensePath,
	}
}

// QuotaChecker checks the vCPU quota for a given license.
type QuotaChecker interface {
	QuotaCheck(ctx context.Context, checkRequest QuotaCheckRequest) (QuotaCheckResponse, error)
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 03:06:08 -04:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

dev-docs: Go package docs (#958) * Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems> 2023-01-19 09:57:50 -05:00			`// Package license provides functions to check a user's Constellation license.`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`package license`

			`import (`
			`"bytes"`
			`"context"`
			`"encoding/json"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`)`

			`const (`
			`// CommunityLicense is used by everyone who has not bought an enterprise license.`
			`CommunityLicense = "00000000-0000-0000-0000-000000000000"`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`apiHost = "license.confidential.cloud"`
			`licensePath = "api/v1/license"`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`)`

Add provider to license check (#88) 2022-09-08 05:02:04 -04:00			`type (`
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// Action performed by Constellation.`
Add provider to license check (#88) 2022-09-08 05:02:04 -04:00			`Action string`
			`)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00
			`const (`
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// Init action denotes the initialization of a Constellation cluster.`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`Init Action = "init"`
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// test action is only to be used in testing.`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`test Action = "test"`
			`)`

			`// Client interacts with the ES license server.`
			`type Client struct {`
			`httpClient *http.Client`
			`}`

			`// NewClient creates a new client to interact with ES license server.`
			`func NewClient() *Client {`
			`return &Client{`
			`httpClient: http.DefaultClient,`
			`}`
			`}`

AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`// QuotaCheckRequest is JSON request to license server to check quota for a given license and action.`
			`type QuotaCheckRequest struct {`
Add provider to license check (#88) 2022-09-08 05:02:04 -04:00			Action Action `json:"action"`
			Provider string `json:"provider"`
			License string `json:"license"`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`

AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`// QuotaCheckResponse is JSON response by license server.`
			`type QuotaCheckResponse struct {`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			Quota int `json:"quota"`
			`}`

AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`// QuotaCheck for a given license and action, passed via CheckQuotaRequest.`
			`func (c *Client) QuotaCheck(ctx context.Context, checkRequest QuotaCheckRequest) (QuotaCheckResponse, error) {`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`reqBody, err := json.Marshal(checkRequest)`
			`if err != nil {`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`return QuotaCheckResponse{}, fmt.Errorf("unable to marshal input: %w", err)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`
			`req, err := http.NewRequestWithContext(ctx, http.MethodPost, licenseURL().String(), bytes.NewBuffer(reqBody))`
			`if err != nil {`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`return QuotaCheckResponse{}, fmt.Errorf("unable to create request: %w", err)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`
			`resp, err := c.httpClient.Do(req)`
			`if err != nil {`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`return QuotaCheckResponse{}, fmt.Errorf("unable to do request: %w", err)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`
			`defer resp.Body.Close()`

			`if resp.StatusCode != http.StatusOK {`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`return QuotaCheckResponse{}, fmt.Errorf("http error %d", resp.StatusCode)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`

			`responseContentType := resp.Header.Get("Content-Type")`
			`if responseContentType != "application/json" {`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`return QuotaCheckResponse{}, fmt.Errorf("expected server JSON response but got '%s'", responseContentType)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`

AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`var parsedResponse QuotaCheckResponse`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`err = json.NewDecoder(resp.Body).Decode(&parsedResponse)`
			`if err != nil {`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`return QuotaCheckResponse{}, fmt.Errorf("unable to parse response: %w", err)`
AB#2299 License check in CLI during init (#366) * license server interaction * logic to read from license file * print license information during init Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-08-16 10:06:38 -04:00			`}`

			`return parsedResponse, nil`
			`}`

			`func licenseURL() *url.URL {`
			`return &url.URL{`
			`Scheme: "https",`
			`Host: apiHost,`
			`Path: licensePath,`
			`}`
			`}`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// QuotaChecker checks the vCPU quota for a given license.`
AB#2360 enterprise build tag (#397) * enterprise build switch to disable license checking in default (OSS) version * remove community license quota * empty image references on OSS build in config Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-25 08:06:29 -04:00			`type QuotaChecker interface {`
			`QuotaCheck(ctx context.Context, checkRequest QuotaCheckRequest) (QuotaCheckResponse, error)`
			`}`