Fix license expiration check

Signed-off-by: Tamal Saha <tamal@appscode.com>

Author: tamalsaha

pkg/controllers/secret/license_syncer.go

@@ -20,13 +20,15 @@ import (
 	"context"
 	"crypto/x509"
 	"fmt"
+	"time"
 
 	"go.bytebuilders.dev/license-proxyserver/pkg/common"
 	"go.bytebuilders.dev/license-proxyserver/pkg/storage"
 	verifier "go.bytebuilders.dev/license-verifier"
 
 	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/klog/v2"
 	kutil "kmodules.xyz/client-go"
 	cu "kmodules.xyz/client-go/client"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -100,6 +102,16 @@ func (r *LicenseSyncer) addLicense(data []byte) error {
 	if err != nil {
 		return err
 	}
-	r.R.Add(&license, nil)
+
+	if time.Until(license.NotAfter.Time) >= storage.MinRemainingLife {
+		klog.InfoS("adding license",
+			"id", license.ID,
+			"product", license.ProductLine,
+			"plan", license.PlanName,
+			"tier", license.TierName,
+			"expiry", license.NotAfter.UTC().Format(time.RFC822),
+		)
+		r.R.Add(&license, nil)
+	}
 	return nil
 }

pkg/manager/license_acquirer.go

@@ -25,6 +25,7 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"time"
 
 	"go.bytebuilders.dev/license-proxyserver/pkg/common"
 	"go.bytebuilders.dev/license-proxyserver/pkg/storage"
@@ -88,10 +89,7 @@ func (r *LicenseAcquirer) Reconcile(ctx context.Context, request reconcile.Reque
 		}
 	}
 	if cid != "" && len(features) > 0 {
-		err = r.reconcile(ctx, managedCluster.Name, cid, features)
-		if err != nil {
-			return reconcile.Result{}, err
-		}
+		return r.reconcile(ctx, managedCluster.Name, cid, features)
 	}
 
 	return reconcile.Result{}, nil
@@ -116,7 +114,7 @@ func (r *LicenseAcquirer) getLicenseRegistry(cid string) (*storage.LicenseRegist
 	return reg, nil
 }
 
-func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string, features []string) error {
+func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string, features []string) (reconcile.Result, error) {
 	sec := core.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      common.LicenseSecret,
@@ -130,14 +128,15 @@ func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string
 	} else if apierrors.IsNotFound(err) {
 		sec.Data = map[string][]byte{}
 	} else {
-		return err
+		return reconcile.Result{}, err
 	}
 
 	var errList []error
+	var earliestExpired time.Time
 
 	reg, err := r.getLicenseRegistry(cid)
 	if err != nil {
-		return err
+		return reconcile.Result{}, err
 	}
 	for _, feature := range features {
 		l, found := reg.LicenseForFeature(feature)
@@ -156,6 +155,9 @@ func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string
 		}
 		if l != nil && l.Status == v1alpha1.LicenseActive {
 			sec.Data[l.PlanName] = l.Data
+			if earliestExpired.IsZero() || earliestExpired.After(l.NotAfter.Time) {
+				earliestExpired = l.NotAfter.Time
+			}
 		}
 	}
 
@@ -165,12 +167,15 @@ func (r *LicenseAcquirer) reconcile(ctx context.Context, clusterName, cid string
 		errList = append(errList, r.Create(context.TODO(), &sec))
 	}
 
-	return utilerrors.NewAggregate(errList)
+	if !earliestExpired.IsZero() {
+		return reconcile.Result{
+			RequeueAfter: time.Until(earliestExpired.Add(-storage.LicenseAcquisitionBuffer)),
+		}, utilerrors.NewAggregate(errList)
+	}
+	return reconcile.Result{}, utilerrors.NewAggregate(errList)
 }
 
 func (r *LicenseAcquirer) getNewLicense(ctx context.Context, cid string, features []string) (*v1alpha1.License, *v1alpha1.Contract, error) {
-	logger := log.FromContext(ctx)
-
 	lc, err := pc.NewClient(r.BaseURL, r.Token, cid, r.CaCert, r.InsecureSkipTLSVerify, fmt.Sprintf("license-proxyserver-manager/%s", v.Version.Version))
 	if err != nil {
 		return nil, nil, err
@@ -180,7 +185,6 @@ func (r *LicenseAcquirer) getNewLicense(ctx context.Context, cid string, feature
 	if err != nil {
 		return nil, nil, err
 	}
-	logger.Info("acquired new license", "cid", cid, "features", strings.Join(features, ","))
 
 	caData, err := info.LoadLicenseCA()
 	if err != nil {
@@ -200,5 +204,13 @@ func (r *LicenseAcquirer) getNewLicense(ctx context.Context, cid string, feature
 		return nil, nil, err
 	}
 
+	klog.InfoS("acquired new license",
+		"cluster", cid,
+		"id", l.ID,
+		"product", l.ProductLine,
+		"plan", l.PlanName,
+		"tier", l.TierName,
+		"expiry", l.NotAfter.UTC().Format(time.RFC822),
+	)
 	return &l, con, nil
 }

pkg/registry/proxyserver/licenserequest/storage.go

@@ -21,6 +21,7 @@ import (
 	"crypto/x509"
 	"sort"
 	"strings"
+	"time"
 
 	proxyv1alpha1 "go.bytebuilders.dev/license-proxyserver/apis/proxyserver/v1alpha1"
 	"go.bytebuilders.dev/license-proxyserver/pkg/common"
@@ -36,6 +37,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/registry/rest"
+	"k8s.io/klog/v2"
 	clustermeta "kmodules.xyz/client-go/cluster"
 	clusterv1alpha1 "open-cluster-management.io/api/cluster/v1alpha1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -143,6 +145,7 @@ func (r *Storage) Create(ctx context.Context, obj runtime.Object, _ rest.Validat
 		}
 	} else {
 		// return blank response instead of error
+		// typically license mounted via secret has expired
 		in.Response = &proxyv1alpha1.LicenseRequestResponse{}
 	}
 
@@ -172,6 +175,14 @@ func (r *Storage) getLicense(features []string) (*v1alpha1.License, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	klog.InfoS("adding license",
+		"id", l.ID,
+		"product", l.ProductLine,
+		"plan", l.PlanName,
+		"tier", l.TierName,
+		"expiry", l.NotAfter.UTC().Format(time.RFC822),
+	)
 	r.reg.Add(&l, c)
 	return &l, nil
 }

pkg/storage/loader.go

@@ -19,6 +19,7 @@ package storage
 import (
 	"os"
 	"path/filepath"
+	"time"
 
 	verifier "go.bytebuilders.dev/license-verifier"
 	"go.bytebuilders.dev/license-verifier/info"
@@ -68,7 +69,15 @@ func LoadDir(cid, dir string, reg *LicenseRegistry) error {
 		if err != nil {
 			klog.ErrorS(err, "Skipping", "file", filename)
 			continue
-		} else {
+		} else if time.Until(license.NotAfter.Time) >= MinRemainingLife {
+			klog.InfoS("adding license",
+				"dir", dir,
+				"id", license.ID,
+				"product", license.ProductLine,
+				"plan", license.PlanName,
+				"tier", license.TierName,
+				"expiry", license.NotAfter.UTC().Format(time.RFC822),
+			)
 			reg.Add(&license, nil)
 		}
 	}

pkg/storage/store.go

@@ -25,9 +25,14 @@ import (
 	"time"
 
 	"go.bytebuilders.dev/license-verifier/apis/licenses/v1alpha1"
+
+	"k8s.io/klog/v2"
 )
 
-const minRemainingLife = 10 * time.Minute
+const (
+	LicenseAcquisitionBuffer = 5 * time.Second
+	MinRemainingLife         = 5 * time.Minute
+)
 
 // A LicenseQueue implements heap.Interface and holds Items.
 type LicenseQueue []*v1alpha1.License
@@ -109,13 +114,20 @@ func (r *LicenseRegistry) LicenseForFeature(feature string) (*v1alpha1.License,
 	if !ok {
 		return nil, false
 	}
-	now := time.Now().Add(minRemainingLife)
 	for q.Len() > 0 {
 		// ref: https://stackoverflow.com/a/63328950
 		item := q[0]
-		if now.After(item.NotAfter.Time) {
+		if time.Until(item.NotAfter.Time) < MinRemainingLife {
 			heap.Pop(&q)
 			r.reg[feature] = q
+
+			klog.InfoS("removing license",
+				"id", item.ID,
+				"product", item.ProductLine,
+				"plan", item.PlanName,
+				"tier", item.TierName,
+				"expiry", item.NotAfter.UTC().Format(time.RFC822),
+			)
 			r.removeFromStore(item)
 		} else {
 			return item, true
@@ -153,7 +165,7 @@ func (r *LicenseRegistry) List() []*Record {
 	r.m.Lock()
 	defer r.m.Unlock()
 
-	now := time.Now().Add(minRemainingLife)
+	now := time.Now().Add(MinRemainingLife)
 	out := make([]*Record, 0, len(r.store))
 	for _, rec := range r.store {
 		if rec.License.NotAfter.After(now) {