accuknox · rajaSahil · May 8, 2023 · May 4, 2023 · May 4, 2023
diff --git a/deployments/helm/configmapfiles/discovery-engine/conf.yaml b/deployments/helm/configmapfiles/discovery-engine/conf.yaml
@@ -79,4 +79,8 @@ feed-consumer:
 recommend:
   operation-mode: 1                       # 1: cronjob | 2: one-time-job
   cron-job-time-interval: "1h0m00s"       # format: XhYmZs
-
+
+# license
+license:
+  enabled: false
+  validate: "user-id"
diff --git a/deployments/k8s/deployment.yaml b/deployments/k8s/deployment.yaml
@@ -135,6 +135,11 @@ data:
     recommend:
       operation-mode: 1                       # 1: cronjob | 2: one-time-job
       cron-job-time-interval: "1h0m00s"       # format: XhYmZs
+
+    # license
+    license:
+      enabled: false
+      validate: "user-id"
 ---
 apiVersion: v1
 kind: Service

diff --git a/src/conf/local.yaml b/src/conf/local.yaml
@@ -71,3 +71,9 @@ recommend:
   operation-mode: 1                       # 1: cronjob | 2: one-time-job
   cron-job-time-interval: "1h0m00s"       # format: XhYmZs
   recommend-host-policy: true
+
+# license
+license:
+  enabled: true
+  # validate can be user-id or platform-uuid
+  validate: "user-id"
diff --git a/src/libs/common.go b/src/libs/common.go
@@ -152,6 +152,7 @@ func SetDefaultConfig() {
 	viper.SetDefault("recommend.operation-mode", 1)
 	viper.SetDefault("recommend.host-policy", true)
 	viper.SetDefault("recommend.admission-controller-policy", true)
+	viper.SetDefault("license.enabled", false)
 }
 
 type cfgArray []string

diff --git a/src/license/license.go b/src/license/license.go
@@ -7,6 +7,7 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/mervick/aes-everywhere/go/aes256"
 	"github.com/rs/zerolog/log"
+	"github.com/spf13/viper"
 	"k8s.io/client-go/kubernetes"
 	"os"
 	"strings"
@@ -24,6 +25,8 @@ const (
 
 // LicenseConfig to store configs required for licensing
 type LicenseConfig struct {
+	Enabled   bool
+	validate  string
 	k8sClient *kubernetes.Clientset
 	Tkn       *Token
 	Lcs       *License
@@ -40,7 +43,11 @@ var LCfg *LicenseConfig
 
 // InitializeConfig to initialize license config
 func InitializeConfig(k8sClient *kubernetes.Clientset) {
+	enabled := viper.GetBool("license.enabled")
+	validate := viper.GetString("license.validate")
 	LCfg = &LicenseConfig{
+		Enabled:   enabled,
+		validate:  validate,
 		k8sClient: k8sClient,
 		Tkn:       nil,
 		Lcs:       nil,
@@ -143,13 +150,20 @@ func (l *License) ValidateLicense() error {
 
 func (l *License) getLicenseToken() (*Token, error) {
 	var err error
-	l.PlatformUUID, err = LCfg.getKubeSystemUUID()
-	if err != nil {
-		log.Error().Msgf("error while fetching uuid of kube-system namespace, error: %s", err.Error())
-		return nil, err
+	var passphrase string
+
+	if LCfg.validate == "platform-uuid" {
+		l.PlatformUUID, err = LCfg.getKubeSystemUUID()
+		if err != nil {
+			log.Error().Msgf("error while fetching uuid of kube-system namespace, error: %s", err.Error())
+			return nil, err
+		}
+		passphrase = l.PlatformUUID
+	} else {
+		passphrase = l.UserId
 	}
 
-	decryptedKey, err := decryptKey(l.Key, l.PlatformUUID)
+	decryptedKey, err := decryptKey(l.Key, passphrase)
 	if err != nil {
 		log.Error().Msgf("error while decrypting license key, error: %s", err.Error())
 		return nil, err
@@ -172,8 +186,8 @@ func (cfg *LicenseConfig) getKubeSystemUUID() (string, error) {
 	return uuid, nil
 }
 
-func decryptKey(key string, platformUUID string) (string, error) {
-	decryptedKey := aes256.Decrypt(key, platformUUID)
+func decryptKey(key string, passphrase string) (string, error) {
+	decryptedKey := aes256.Decrypt(key, passphrase)
 	tokenSplit := strings.Split(decryptedKey, ".")
 	if len(tokenSplit) != 3 {
 		log.Error().Msgf("invalid licence key")

diff --git a/src/license/server.go b/src/license/server.go
@@ -3,6 +3,7 @@ package license
 import (
 	"context"
 	"errors"
+	"fmt"
 	ipb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/license"
 	"github.com/rs/zerolog/log"
 	"time"
@@ -15,6 +16,12 @@ type Server struct {
 // InstallLicense Implementation of grpc server code. Function to install license when grpc request is made
 func (ls *Server) InstallLicense(ctx context.Context, lr *ipb.LicenseInstallRequest) (*ipb.LicenseInstallResponse, error) {
 	log.Info().Msgf("request received to install license for user-id: %s", lr.UserId)
+	if lr.UserId == "" || lr.Key == "" {
+		return &ipb.LicenseInstallResponse{
+			Res:     -1,
+			Message: "error while validating license",
+		}, fmt.Errorf("invalid request body")
+	}
 	l := &License{
 		UserId: lr.UserId,
 		Key:    lr.Key,

diff --git a/tests/conf/local.yaml b/tests/conf/local.yaml
@@ -32,3 +32,8 @@ database:
 
 logging:
   level: "INFO"
+
+# license
+license:
+  enabled: false
+  validate: "user-id"