Don't let expired contract to block getting new license (#44)

Signed-off-by: Tamal Saha <tamal@appscode.com>

Author: tamalsaha

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.81.0
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
-	go.bytebuilders.dev/license-verifier v0.14.6
+	go.bytebuilders.dev/license-verifier v0.14.7
 	gocloud.dev v0.40.0
 	gomodules.xyz/blobfs v0.2.2
 	gomodules.xyz/cert v1.6.0

go.sum

@@ -518,8 +518,8 @@ github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
 github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
-go.bytebuilders.dev/license-verifier v0.14.6 h1:0iHYGURUbx8toiXvFKftn/qMpeHzqHbAgEnEzOCNLvo=
-go.bytebuilders.dev/license-verifier v0.14.6/go.mod h1:LqWXJKee5ofDcCYM6T5WilYlUc4NlKeZz58tHwO8GEs=
+go.bytebuilders.dev/license-verifier v0.14.7 h1:EHbrFXg75u04FRLKbVQB/nX0rTfo5LiwYonymduDPMs=
+go.bytebuilders.dev/license-verifier v0.14.7/go.mod h1:BviSsSxXgXVXBSCXvYmftuTEtxchb04G0cV/AlD/Tu8=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
 go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=

pkg/manager/license_acquirer.go

@@ -18,6 +18,8 @@ package manager
 
 import (
 	"context"
+	"crypto/x509"
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -35,6 +37,8 @@ import (
 	core "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/klog/v2"
 	clusterv1 "open-cluster-management.io/api/cluster/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -129,6 +133,8 @@ func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string
 		return err
 	}
 
+	var errList []error
+
 	reg, err := r.getLicenseRegistry(cid)
 	if err != nil {
 		return err
@@ -138,19 +144,28 @@ func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string
 		if !found {
 			var c *v1alpha1.Contract
 			l, c, err = r.getNewLicense(ctx, cid, []string{feature})
-			if err != nil {
-				return err
+			if err == nil {
+				reg.Add(l, c)
+			} else {
+				klog.ErrorS(err, "failed to get new license", "feature", feature)
+				var ce *x509.CertificateInvalidError
+				if !errors.As(err, &ce) {
+					errList = append(errList, err)
+				}
 			}
-			reg.Add(l, c)
 		}
-		sec.Data[l.PlanName] = l.Data
+		if l != nil && l.Status == v1alpha1.LicenseActive {
+			sec.Data[l.PlanName] = l.Data
+		}
 	}
 
 	if secretExists {
-		return r.Update(context.TODO(), &sec)
+		errList = append(errList, r.Update(context.TODO(), &sec))
 	} else {
-		return r.Create(context.TODO(), &sec)
+		errList = append(errList, r.Create(context.TODO(), &sec))
 	}
+
+	return utilerrors.NewAggregate(errList)
 }
 
 func (r *LicenseAcquirer) getNewLicense(ctx context.Context, cid string, features []string) (*v1alpha1.License, *v1alpha1.Contract, error) {

pkg/manager/manager.go

@@ -21,6 +21,7 @@ import (
 	"embed"
 	"fmt"
 	"os"
+	"time"
 
 	"go.bytebuilders.dev/license-proxyserver/pkg/common"
 	"go.bytebuilders.dev/license-proxyserver/pkg/manager/rbac"
@@ -42,6 +43,7 @@ import (
 	cmdfactory "open-cluster-management.io/addon-framework/pkg/cmd/factory"
 	"open-cluster-management.io/api/addon/v1alpha1"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
@@ -78,6 +80,7 @@ func NewManagerCommand() *cobra.Command {
 
 func runManagerController(ctx context.Context, cfg *rest.Config, opts *ManagerOptions) error {
 	log.SetLogger(klog.NewKlogr())
+	resyncPeriod := 1 * time.Hour
 
 	hubManager, err := ctrl.NewManager(cfg, manager.Options{
 		Scheme:                 scheme,
@@ -86,6 +89,9 @@ func runManagerController(ctx context.Context, cfg *rest.Config, opts *ManagerOp
 		LeaderElection:         false,
 		LeaderElectionID:       "5b87adeb.mager.licenses.appscode.com",
 		NewClient:              cu.NewClient,
+		Cache: cache.Options{
+			SyncPeriod: &resyncPeriod,
+		},
 	})
 	if err != nil {
 		return err

vendor/go.bytebuilders.dev/license-verifier/Makefile

@@ -64,7 +64,7 @@ ARCH := $(if $(GOARCH),$(GOARCH),$(shell go env GOARCH))
 BASEIMAGE_PROD   ?= gcr.io/distroless/static-debian12
 BASEIMAGE_DBG    ?= debian:12
 
-GO_VERSION       ?= 1.23
+GO_VERSION       ?= 1.24
 BUILD_IMAGE      ?= ghcr.io/appscode/golang-dev:$(GO_VERSION)
 
 OUTBIN = bin/$(OS)_$(ARCH)/$(BIN)
@@ -220,7 +220,7 @@ lint: $(BUILD_DIRS)
 	    --env GO111MODULE=on                                    \
 	    --env GOFLAGS="-mod=vendor"                             \
 	    $(BUILD_IMAGE)                                          \
-	    golangci-lint run --enable $(ADDTL_LINTERS) --deadline=10m --skip-files="generated.*\.go$\" --skip-dirs-use-default --skip-dirs=client,vendor
+	    golangci-lint run --enable $(ADDTL_LINTERS) --deadline=10m --exclude-files="generated.*\.go$\" --exclude-dirs-use-default --exclude-dirs=client,vendor
 
 $(BUILD_DIRS):
 	@mkdir -p $@
@@ -256,7 +256,7 @@ add-license:
 		--env HTTP_PROXY=$(HTTP_PROXY)                   \
 		--env HTTPS_PROXY=$(HTTPS_PROXY)                 \
 		$(BUILD_IMAGE)                                   \
-		ltag -t "./hack/license" --excludes "vendor contrib libbuild" -v
+		ltag -t "./hack/license" --excludes ".go vendor contrib libbuild" -v
 
 .PHONY: check-license
 check-license:
@@ -269,7 +269,7 @@ check-license:
 		--env HTTP_PROXY=$(HTTP_PROXY)                   \
 		--env HTTPS_PROXY=$(HTTPS_PROXY)                 \
 		$(BUILD_IMAGE)                                   \
-		ltag -t "./hack/license" --excludes "vendor contrib libbuild" --check -v
+		ltag -t "./hack/license" --excludes ".go vendor contrib libbuild" --check -v
 
 .PHONY: ci
 ci: verify check-license lint build unit-tests #cover

vendor/go.bytebuilders.dev/license-verifier/lib.go

@@ -24,7 +24,6 @@ import (
 	"go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1"
 	"go.bytebuilders.dev/license-verifier/info"
 
-	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 )
@@ -158,7 +157,7 @@ func ParseLicense(opts ParserOptions) (v1alpha1.License, error) {
 
 	// ref: https://github.com/appscode/gitea/blob/master/models/stripe_license.go#L117-L126
 	if _, err := cert.Verify(crtopts); err != nil {
-		e2 := errors.Wrap(err, "failed to verify certificate")
+		e2 := fmt.Errorf("failed to verify certificate due to %w", err)
 		license.Status = v1alpha1.LicenseInvalid
 		license.Reason = e2.Error()
 		return license, e2

vendor/modules.txt

@@ -552,8 +552,8 @@ github.com/yudai/golcs
 # github.com/zeebo/xxh3 v1.0.2
 ## explicit; go 1.17
 github.com/zeebo/xxh3
-# go.bytebuilders.dev/license-verifier v0.14.6
-## explicit; go 1.21
+# go.bytebuilders.dev/license-verifier v0.14.7
+## explicit; go 1.23.0
 go.bytebuilders.dev/license-verifier
 go.bytebuilders.dev/license-verifier/apis/licenses
 go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1