feat: Offline licensing support (#1436)

BEGIN_COMMIT_OVERRIDE
feat: Offline licensing support

Includes breaking changes to the `premium.NewUsageClient` interface.
Save value of `opts.PluginMeta` from `Configure()` and pass it to
`premium.NewUsageClient` as the first argument.
END_COMMIT_OVERRIDE

---------

Co-authored-by: Kemal Hadimli <[email protected]>

Author: disq

examples/simple_plugin/go.mod

@@ -21,6 +21,7 @@ require (
 	github.com/CloudyKit/jet/v6 v6.2.0 // indirect
 	github.com/Joker/jade v1.1.3 // indirect
 	github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 // indirect
+	github.com/adrg/xdg v0.4.0 // indirect
 	github.com/andybalholm/brotli v1.0.6 // indirect
 	github.com/apache/arrow/go/v13 v13.0.0-20230731205701-112f94971882 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect

examples/simple_plugin/go.sum

@@ -11,6 +11,8 @@ github.com/Joker/jade v1.1.3/go.mod h1:T+2WLyt7VH6Lp0TRxQrUYEs64nRc83wkMQrfeIQKd
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
 github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 h1:KkH3I3sJuOLP3TjA/dfr4NAY8bghDwnXiU7cTKxQqo0=
 github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06/go.mod h1:7erjKLwalezA0k99cWs5L11HWOAPNjdUZ6RxH1BXbbM=
+github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
+github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
@@ -320,6 +322,7 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

plugin/meta.go

@@ -0,0 +1,10 @@
+package plugin
+
+import cqapi "github.com/cloudquery/cloudquery-api-go"
+
+type Meta struct {
+	Team            cqapi.PluginTeam
+	Kind            cqapi.PluginKind
+	Name            cqapi.PluginName
+	SkipUsageClient bool
+}

plugin/plugin.go

@@ -7,6 +7,7 @@ import (
 	"sync"
 
 	"github.com/apache/arrow/go/v15/arrow"
+	cqapi "github.com/cloudquery/cloudquery-api-go"
 	"github.com/cloudquery/plugin-sdk/v4/message"
 	"github.com/cloudquery/plugin-sdk/v4/schema"
 	"github.com/rs/zerolog"
@@ -17,6 +18,7 @@ var ErrNotImplemented = fmt.Errorf("not implemented")
 
 type NewClientOptions struct {
 	NoConnection bool
+	PluginMeta   Meta
 }
 
 type NewClientFunc func(context.Context, zerolog.Logger, []byte, NewClientOptions) (Client, error)
@@ -78,6 +80,8 @@ type Plugin struct {
 	schema string
 	// validator object to validate specs
 	schemaValidator *jsonschema.Schema
+	// skips the usage client
+	skipUsageClient bool
 }
 
 // NewPlugin returns a new CloudQuery Plugin with the given name, version and implementation.
@@ -124,6 +128,11 @@ func (p *Plugin) Version() string {
 	return p.version
 }
 
+// SetSkipUsageClient sets whether the usage client should be skipped
+func (p *Plugin) SetSkipUsageClient(v bool) {
+	p.skipUsageClient = v
+}
+
 type OnBeforeSender interface {
 	OnBeforeSend(context.Context, message.SyncMessage) (message.SyncMessage, error)
 }
@@ -196,6 +205,13 @@ func (p *Plugin) Init(ctx context.Context, spec []byte, options NewClientOptions
 		}
 	}
 
+	options.PluginMeta = Meta{
+		Team:            p.team,
+		Kind:            cqapi.PluginKind(p.kind),
+		Name:            p.name,
+		SkipUsageClient: p.skipUsageClient,
+	}
+
 	p.client, err = p.newClient(ctx, p.logger, spec, options)
 	if err != nil {
 		return fmt.Errorf("failed to initialize client: %w", err)

premium/offline.go

@@ -0,0 +1,94 @@
+package premium
+
+import (
+	"crypto/ed25519"
+	_ "embed"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"os"
+	"time"
+
+	"github.com/rs/zerolog"
+)
+
+type License struct {
+	LicensedTo string    `json:"licensed_to"` // Customers name, e.g. "Acme Inc"
+	IssuedAt   time.Time `json:"issued_at"`
+	ValidFrom  time.Time `json:"valid_from"`
+	ExpiresAt  time.Time `json:"expires_at"`
+}
+
+type LicenseWrapper struct {
+	LicenseBytes []byte `json:"license"`
+	Signature    string `json:"signature"` // crypto
+}
+
+var (
+	ErrInvalidLicenseSignature = errors.New("invalid license signature")
+	ErrLicenseNotValidYet      = errors.New("license not valid yet")
+	ErrLicenseExpired          = errors.New("license expired")
+)
+
+//go:embed offline.key
+var publicKey string
+
+func ValidateLicense(logger zerolog.Logger, licenseFile string) error {
+	licenseContents, err := os.ReadFile(licenseFile)
+	if err != nil {
+		return err
+	}
+
+	l, err := UnpackLicense(licenseContents)
+	if err != nil {
+		return err
+	}
+
+	return l.IsValid(logger)
+}
+
+func UnpackLicense(lic []byte) (*License, error) {
+	publicKeyBytes, err := hex.DecodeString(publicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var lw LicenseWrapper
+	if err := json.Unmarshal(lic, &lw); err != nil {
+		return nil, err
+	}
+
+	signatureBytes, err := hex.DecodeString(lw.Signature)
+	if err != nil {
+		return nil, err
+	}
+
+	if !ed25519.Verify(publicKeyBytes, lw.LicenseBytes, signatureBytes) {
+		return nil, ErrInvalidLicenseSignature
+	}
+
+	var l License
+	if err := json.Unmarshal(lw.LicenseBytes, &l); err != nil {
+		return nil, err
+	}
+
+	return &l, nil
+}
+
+func (l *License) IsValid(logger zerolog.Logger) error {
+	now := time.Now().UTC()
+	if now.Before(l.ValidFrom) {
+		return ErrLicenseNotValidYet
+	}
+	if now.After(l.ExpiresAt) {
+		return ErrLicenseExpired
+	}
+
+	msg := logger.Info()
+	if now.Add(15 * 24 * time.Hour).After(l.ExpiresAt) {
+		msg = logger.Warn()
+	}
+
+	msg.Time("expires_at", l.ExpiresAt).Msgf("Offline license for %s loaded.", l.LicensedTo)
+	return nil
+}

premium/offline.key

@@ -0,0 +1 @@
+fd81a64351452e0ada99c05c7e44bdf104cc583eb3ed44bf5545fe82b2f0a615

premium/offline_test.go

@@ -0,0 +1,27 @@
+package premium
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestUnpackLicense(t *testing.T) {
+	publicKey = "eacdff4866c8bc0d97de3c2d7668d0970c61aa16c3f12d6ba8083147ff92c9a6"
+
+	t.Run("Success", func(t *testing.T) {
+		licData := `{"license":"eyJsaWNlbnNlZF90byI6IlVOTElDRU5TRUQgVEVTVCIsImlzc3VlZF9hdCI6IjIwMjMtMTItMjhUMTk6MDI6MjguODM4MzY3WiIsInZhbGlkX2Zyb20iOiIyMDIzLTEyLTI4VDE5OjAyOjI4LjgzODM2N1oiLCJleHBpcmVzX2F0IjoiMjAyMy0xMi0yOVQxOTowMjoyOC44MzgzNjdaIn0=","signature":"8687a858463764b052455b3c783d979d364b5fb653b86d88a7463e495480db62fdec7ae1a84d1e30dddee77eb769a0e498ecfc836538c53e410aeb1a0c04d102"}`
+
+		l, err := UnpackLicense([]byte(licData))
+		require.NoError(t, err)
+		require.Equal(t, "UNLICENSED TEST", l.LicensedTo)
+		require.Equal(t, l.ExpiresAt.Add(-24*time.Hour).Truncate(time.Hour), l.ValidFrom.Truncate(time.Hour))
+	})
+	t.Run("Fail", func(t *testing.T) {
+		licData := `{"license":"eyJsaWNlbnNlZF90byI6IlVOTElDRU5TRUQgVEVTVCIsImlzc3VlZF9hdCI6IjIwMjMtMTItMjhUMTk6MDI6MjguODM4MzY3WiIsInZhbGlkX2Zyb20iOiIyMDIzLTEyLTI4VDE5OjAyOjI4LjgzODM2N1oiLCJleHBpcmVzX2F0IjoiMjAyMy0xMi0yOVQxOTowMjoyOC44MzgzNjdaIn0=","signature":"9687a858463764b052455b3c783d979d364b5fb653b86d88a7463e495480db62fdec7ae1a84d1e30dddee77eb769a0e498ecfc836538c53e410aeb1a0c04d102"}`
+		l, err := UnpackLicense([]byte(licData))
+		require.ErrorIs(t, err, ErrInvalidLicenseSignature)
+		require.Nil(t, l)
+	})
+}

premium/usage.go

@@ -13,6 +13,7 @@ import (
 	cqapi "github.com/cloudquery/cloudquery-api-go"
 	"github.com/cloudquery/cloudquery-api-go/auth"
 	"github.com/cloudquery/cloudquery-api-go/config"
+	"github.com/cloudquery/plugin-sdk/v4/plugin"
 	"github.com/google/uuid"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@@ -119,19 +120,10 @@ func withTokenClient(tokenClient TokenClient) UsageClientOptions {
 	}
 }
 
-func WithPluginTeam(pluginTeam string) cqapi.PluginTeam {
-	return pluginTeam
-}
-
-func WithPluginKind(pluginKind string) cqapi.PluginKind {
-	return cqapi.PluginKind(pluginKind)
-}
-
-func WithPluginName(pluginName string) cqapi.PluginName {
-	return pluginName
-}
-
-var _ UsageClient = (*BatchUpdater)(nil)
+var (
+	_ UsageClient = (*BatchUpdater)(nil)
+	_ UsageClient = (*NoOpUsageClient)(nil)
+)
 
 type BatchUpdater struct {
 	logger      zerolog.Logger
@@ -141,9 +133,7 @@ type BatchUpdater struct {
 
 	// Plugin details
 	teamName   cqapi.TeamName
-	pluginTeam cqapi.PluginTeam
-	pluginKind cqapi.PluginKind
-	pluginName cqapi.PluginName
+	pluginMeta plugin.Meta
 
 	// Configuration
 	batchLimit            uint32
@@ -161,14 +151,12 @@ type BatchUpdater struct {
 	isClosed       bool
 }
 
-func NewUsageClient(pluginTeam cqapi.PluginTeam, pluginKind cqapi.PluginKind, pluginName cqapi.PluginName, ops ...UsageClientOptions) (*BatchUpdater, error) {
+func NewUsageClient(meta plugin.Meta, ops ...UsageClientOptions) (UsageClient, error) {
 	u := &BatchUpdater{
 		logger: zerolog.Nop(),
 		url:    defaultAPIURL,
 
-		pluginTeam: pluginTeam,
-		pluginKind: pluginKind,
-		pluginName: pluginName,
+		pluginMeta: meta,
 
 		batchLimit:            defaultBatchLimit,
 		minTimeBetweenFlushes: defaultMinTimeBetweenFlushes,
@@ -183,6 +171,13 @@ func NewUsageClient(pluginTeam cqapi.PluginTeam, pluginKind cqapi.PluginKind, pl
 		op(u)
 	}
 
+	if meta.SkipUsageClient {
+		u.logger.Debug().Msg("Disabling usage client")
+		return &NoOpUsageClient{
+			TeamNameValue: u.teamName,
+		}, nil
+	}
+
 	if u.tokenClient == nil {
 		u.tokenClient = auth.NewTokenClient()
 	}
@@ -248,8 +243,8 @@ func (u *BatchUpdater) TeamName() string {
 }
 
 func (u *BatchUpdater) HasQuota(ctx context.Context) (bool, error) {
-	u.logger.Debug().Str("url", u.url).Str("team", u.teamName).Str("pluginTeam", u.pluginTeam).Str("pluginKind", string(u.pluginKind)).Str("pluginName", u.pluginName).Msg("checking quota")
-	usage, err := u.apiClient.GetTeamPluginUsageWithResponse(ctx, u.teamName, u.pluginTeam, u.pluginKind, u.pluginName)
+	u.logger.Debug().Str("url", u.url).Str("team", u.teamName).Str("pluginTeam", u.pluginMeta.Team).Str("pluginKind", string(u.pluginMeta.Kind)).Str("pluginName", u.pluginMeta.Name).Msg("checking quota")
+	usage, err := u.apiClient.GetTeamPluginUsageWithResponse(ctx, u.teamName, u.pluginMeta.Team, u.pluginMeta.Kind, u.pluginMeta.Name)
 	if err != nil {
 		return false, fmt.Errorf("failed to get usage: %w", err)
 	}
@@ -333,9 +328,9 @@ func (u *BatchUpdater) updateUsageWithRetryAndBackoff(ctx context.Context, numbe
 
 		resp, err := u.apiClient.IncreaseTeamPluginUsageWithResponse(ctx, u.teamName, cqapi.IncreaseTeamPluginUsageJSONRequestBody{
 			RequestId:  uuid.New(),
-			PluginTeam: u.pluginTeam,
-			PluginKind: u.pluginKind,
-			PluginName: u.pluginName,
+			PluginTeam: u.pluginMeta.Team,
+			PluginKind: u.pluginMeta.Kind,
+			PluginName: u.pluginMeta.Name,
 			Rows:       int(numberToUpdate),
 		})
 		if err != nil {
@@ -414,3 +409,23 @@ func (u *BatchUpdater) getTeamNameByTokenType(tokenType auth.TokenType) (string,
 		return "", fmt.Errorf("unsupported token type: %v", tokenType)
 	}
 }
+
+type NoOpUsageClient struct {
+	TeamNameValue string
+}
+
+func (n *NoOpUsageClient) TeamName() string {
+	return n.TeamNameValue
+}
+
+func (NoOpUsageClient) HasQuota(_ context.Context) (bool, error) {
+	return true, nil
+}
+
+func (NoOpUsageClient) Increase(_ uint32) error {
+	return nil
+}
+
+func (NoOpUsageClient) Close() error {
+	return nil
+}