diff --git a/deployments/helm/configmapfiles/discovery-engine/conf.yaml b/deployments/helm/configmapfiles/discovery-engine/conf.yaml index 98a853a0..94a683e8 100644 --- a/deployments/helm/configmapfiles/discovery-engine/conf.yaml +++ b/deployments/helm/configmapfiles/discovery-engine/conf.yaml @@ -79,4 +79,8 @@ feed-consumer: recommend: operation-mode: 1 # 1: cronjob | 2: one-time-job cron-job-time-interval: "1h0m00s" # format: XhYmZs - + +# license +license: + enabled: false + validate: "user-id" \ No newline at end of file diff --git a/deployments/k8s/deployment.yaml b/deployments/k8s/deployment.yaml index 99a05ce2..bd9fd95b 100644 --- a/deployments/k8s/deployment.yaml +++ b/deployments/k8s/deployment.yaml @@ -135,6 +135,11 @@ data: recommend: operation-mode: 1 # 1: cronjob | 2: one-time-job cron-job-time-interval: "1h0m00s" # format: XhYmZs + + # license + license: + enabled: false + validate: "user-id" --- apiVersion: v1 kind: Service diff --git a/src/conf/local.yaml b/src/conf/local.yaml index 73b82d95..0a05d517 100644 --- a/src/conf/local.yaml +++ b/src/conf/local.yaml @@ -71,3 +71,9 @@ recommend: operation-mode: 1 # 1: cronjob | 2: one-time-job cron-job-time-interval: "1h0m00s" # format: XhYmZs recommend-host-policy: true + +# license +license: + enabled: true + # validate can be user-id or platform-uuid + validate: "user-id" \ No newline at end of file diff --git a/src/libs/common.go b/src/libs/common.go index 6bf68bf1..6c58932c 100644 --- a/src/libs/common.go +++ b/src/libs/common.go @@ -152,6 +152,7 @@ func SetDefaultConfig() { viper.SetDefault("recommend.operation-mode", 1) viper.SetDefault("recommend.host-policy", true) viper.SetDefault("recommend.admission-controller-policy", true) + viper.SetDefault("license.enabled", false) } type cfgArray []string diff --git a/src/license/license.go b/src/license/license.go index dc5852f5..915a5e28 100644 --- a/src/license/license.go +++ b/src/license/license.go @@ -7,6 +7,7 @@ import ( "github.com/golang-jwt/jwt/v5" "github.com/mervick/aes-everywhere/go/aes256" "github.com/rs/zerolog/log" + "github.com/spf13/viper" "k8s.io/client-go/kubernetes" "os" "strings" @@ -24,6 +25,8 @@ const ( // LicenseConfig to store configs required for licensing type LicenseConfig struct { + Enabled bool + validate string k8sClient *kubernetes.Clientset Tkn *Token Lcs *License @@ -40,7 +43,11 @@ var LCfg *LicenseConfig // InitializeConfig to initialize license config func InitializeConfig(k8sClient *kubernetes.Clientset) { + enabled := viper.GetBool("license.enabled") + validate := viper.GetString("license.validate") LCfg = &LicenseConfig{ + Enabled: enabled, + validate: validate, k8sClient: k8sClient, Tkn: nil, Lcs: nil, @@ -143,13 +150,20 @@ func (l *License) ValidateLicense() error { func (l *License) getLicenseToken() (*Token, error) { var err error - l.PlatformUUID, err = LCfg.getKubeSystemUUID() - if err != nil { - log.Error().Msgf("error while fetching uuid of kube-system namespace, error: %s", err.Error()) - return nil, err + var passphrase string + + if LCfg.validate == "platform-uuid" { + l.PlatformUUID, err = LCfg.getKubeSystemUUID() + if err != nil { + log.Error().Msgf("error while fetching uuid of kube-system namespace, error: %s", err.Error()) + return nil, err + } + passphrase = l.PlatformUUID + } else { + passphrase = l.UserId } - decryptedKey, err := decryptKey(l.Key, l.PlatformUUID) + decryptedKey, err := decryptKey(l.Key, passphrase) if err != nil { log.Error().Msgf("error while decrypting license key, error: %s", err.Error()) return nil, err @@ -172,8 +186,8 @@ func (cfg *LicenseConfig) getKubeSystemUUID() (string, error) { return uuid, nil } -func decryptKey(key string, platformUUID string) (string, error) { - decryptedKey := aes256.Decrypt(key, platformUUID) +func decryptKey(key string, passphrase string) (string, error) { + decryptedKey := aes256.Decrypt(key, passphrase) tokenSplit := strings.Split(decryptedKey, ".") if len(tokenSplit) != 3 { log.Error().Msgf("invalid licence key") diff --git a/src/license/server.go b/src/license/server.go index 1a9156d2..ecbec83c 100644 --- a/src/license/server.go +++ b/src/license/server.go @@ -3,6 +3,7 @@ package license import ( "context" "errors" + "fmt" ipb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/license" "github.com/rs/zerolog/log" "time" @@ -15,6 +16,12 @@ type Server struct { // InstallLicense Implementation of grpc server code. Function to install license when grpc request is made func (ls *Server) InstallLicense(ctx context.Context, lr *ipb.LicenseInstallRequest) (*ipb.LicenseInstallResponse, error) { log.Info().Msgf("request received to install license for user-id: %s", lr.UserId) + if lr.UserId == "" || lr.Key == "" { + return &ipb.LicenseInstallResponse{ + Res: -1, + Message: "error while validating license", + }, fmt.Errorf("invalid request body") + } l := &License{ UserId: lr.UserId, Key: lr.Key, diff --git a/tests/conf/local.yaml b/tests/conf/local.yaml index 5882ac36..42744e4a 100644 --- a/tests/conf/local.yaml +++ b/tests/conf/local.yaml @@ -32,3 +32,8 @@ database: logging: level: "INFO" + +# license +license: + enabled: false + validate: "user-id"