check if the license has expired before beginning installation process (#719)

laverya · web-flow · commit cc92043a8f7f · 2024-06-21T13:26:48.000Z
* check if the license has expired before beginning installation process

* require that licenses have embedded cluster download enabled before installation

* check another error

* do not change tar file
diff --git a/cmd/embedded-cluster/install.go b/cmd/embedded-cluster/install.go
@@ -136,7 +136,7 @@ func isAlreadyInstalled() (bool, error) {
 	}
 }
 
-func checkLicenseMatches(c *cli.Context) error {
+func checkLicenseMatches(licenseFile string) error {
 	rel, err := release.GetChannelRelease()
 	if err != nil {
 		return fmt.Errorf("failed to get release from binary: %w", err) // this should only be if the release is malformed
@@ -146,20 +146,20 @@ func checkLicenseMatches(c *cli.Context) error {
 	// 1. no release and no license, which is OK
 	// 2. no license and a release, which is not OK
 	// 3. a license and no release, which is not OK
-	if rel == nil && c.String("license") == "" {
+	if rel == nil && licenseFile == "" {
 		// no license and no release, this is OK
 		return nil
-	} else if rel == nil && c.String("license") != "" {
+	} else if rel == nil && licenseFile != "" {
 		// license is present but no release, this means we would install without vendor charts and k0s overrides
 		return fmt.Errorf("a license was provided but no release was found in binary, please rerun without the license flag")
-	} else if rel != nil && c.String("license") == "" {
+	} else if rel != nil && licenseFile == "" {
 		// release is present but no license, this is not OK
 		return fmt.Errorf("no license was provided for %s and one is required, please rerun with '--license <path to license file>'", rel.AppSlug)
 	}
 
-	license, err := helpers.ParseLicense(c.String("license"))
+	license, err := helpers.ParseLicense(licenseFile)
 	if err != nil {
-		return fmt.Errorf("unable to parse the license file at %q, please ensure it is not corrupt: %w", c.String("license"), err)
+		return fmt.Errorf("unable to parse the license file at %q, please ensure it is not corrupt: %w", licenseFile, err)
 	}
 
 	// Check if the license matches the application version data
@@ -173,6 +173,21 @@ func checkLicenseMatches(c *cli.Context) error {
 		return fmt.Errorf("license channel %s (%s) does not match binary channel %s, please provide the correct license", license.Spec.ChannelID, license.Spec.ChannelName, rel.ChannelID)
 	}
 
+	if license.Spec.Entitlements["expires_at"].Value.StrVal != "" {
+		// read the expiration date, and check it against the current date
+		expiration, err := time.Parse(time.RFC3339, license.Spec.Entitlements["expires_at"].Value.StrVal)
+		if err != nil {
+			return fmt.Errorf("unable to parse expiration date: %w", err)
+		}
+		if time.Now().After(expiration) {
+			return fmt.Errorf("license expired on %s, please provide a valid license", expiration)
+		}
+	}
+
+	if !license.Spec.IsEmbeddedClusterDownloadEnabled {
+		return fmt.Errorf("license does not have embedded cluster enabled, please provide a valid license")
+	}
+
 	return nil
 }
 
@@ -479,7 +494,7 @@ var installCommand = &cli.Command{
 			return fmt.Errorf("unable to configure network manager: %w", err)
 		}
 		logrus.Debugf("checking license matches")
-		if err := checkLicenseMatches(c); err != nil {
+		if err := checkLicenseMatches(c.String("license")); err != nil {
 			metricErr := fmt.Errorf("unable to check license: %w", err)
 			metrics.ReportApplyFinished(c, metricErr)
 			return err // do not return the metricErr, as we want the user to see the error message without a prefix
diff --git a/cmd/embedded-cluster/install_test.go b/cmd/embedded-cluster/install_test.go
@@ -0,0 +1,150 @@
+package main
+
+import (
+	"github.com/replicatedhq/embedded-cluster/pkg/release"
+	"github.com/stretchr/testify/require"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func Test_checkLicenseMatches(t *testing.T) {
+	tests := []struct {
+		name            string
+		licenseContents string
+		wantErr         string
+		useRelease      bool
+	}{
+		{
+			name:    "no license, no release",
+			wantErr: "",
+		},
+		{
+			name:       "no license, with release",
+			useRelease: true,
+			wantErr:    `no license was provided for embedded-cluster-smoke-test-staging-app and one is required, please rerun with '--license <path to license file>'`,
+		},
+		{
+			name: "valid license, no release",
+			licenseContents: `
+spec:
+  appSlug: embedded-cluster-smoke-test-staging-app
+  channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+  isEmbeddedClusterDownloadEnabled: true
+  `,
+			wantErr: "a license was provided but no release was found in binary, please rerun without the license flag",
+		},
+		{
+			name:       "valid license, with release",
+			useRelease: true,
+			licenseContents: `
+spec:
+  appSlug: embedded-cluster-smoke-test-staging-app
+  channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+  isEmbeddedClusterDownloadEnabled: true
+  `,
+		},
+		{
+			name:       "expired license, with release",
+			useRelease: true,
+			licenseContents: `
+spec:
+  appSlug: embedded-cluster-smoke-test-staging-app
+  channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+  isEmbeddedClusterDownloadEnabled: true
+  entitlements:
+    expires_at:
+      description: License Expiration
+      signature: {}
+      title: Expiration
+      value: "2024-06-03T00:00:00Z"
+      valueType: String
+  `,
+			wantErr: "license expired on 2024-06-03 00:00:00 +0000 UTC, please provide a valid license",
+		},
+		{
+			name:       "license with no expiration, with release",
+			useRelease: true,
+			licenseContents: `
+spec:
+  appSlug: embedded-cluster-smoke-test-staging-app
+  channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+  isEmbeddedClusterDownloadEnabled: true
+  entitlements:
+    expires_at:
+      description: License Expiration
+      signature: {}
+      title: Expiration
+      value: ""
+      valueType: String
+  `,
+		},
+		{
+			name:       "license with 100 year expiration, with release",
+			useRelease: true,
+			licenseContents: `
+spec:
+  appSlug: embedded-cluster-smoke-test-staging-app
+  channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+  isEmbeddedClusterDownloadEnabled: true
+  entitlements:
+    expires_at:
+      description: License Expiration
+      signature: {}
+      title: Expiration
+      value: "2124-06-03T00:00:00Z"
+      valueType: String
+  `,
+		},
+		{
+			name:       "embedded cluster not enabled, with release",
+			useRelease: true,
+			licenseContents: `
+spec:
+  appSlug: embedded-cluster-smoke-test-staging-app
+  channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+  isEmbeddedClusterDownloadEnabled: false
+  `,
+			wantErr: "license does not have embedded cluster enabled, please provide a valid license",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := require.New(t)
+
+			tmpdir, err := os.MkdirTemp("", "license")
+			defer os.RemoveAll(tmpdir)
+			req.NoError(err)
+
+			licenseFile, err := os.Create(tmpdir + "/license.yaml")
+			req.NoError(err)
+			_, err = licenseFile.Write([]byte(tt.licenseContents))
+			req.NoError(err)
+
+			dataMap := map[string][]byte{}
+			if tt.useRelease {
+				dataMap["release.yaml"] = []byte(`
+# channel release object
+channelID: "2cHXb1RCttzpR0xvnNWyaZCgDBP"
+channelSlug: "CI"
+appSlug: "embedded-cluster-smoke-test-staging-app"
+versionLabel: testversion
+`)
+			}
+			err = release.SetReleaseDataForTests(dataMap)
+			req.NoError(err)
+
+			if tt.licenseContents != "" {
+				err = checkLicenseMatches(filepath.Join(tmpdir, "license.yaml"))
+			} else {
+				err = checkLicenseMatches("")
+			}
+
+			if tt.wantErr != "" {
+				req.EqualError(err, tt.wantErr)
+			} else {
+				req.NoError(err)
+			}
+		})
+	}
+}
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/replicatedhq/embedded-cluster-kinds v1.3.9
 	github.com/replicatedhq/embedded-cluster-operator v0.36.0
 	github.com/replicatedhq/embedded-cluster-utils v1.0.0
-	github.com/replicatedhq/kotskinds v0.0.0-20240523174825-f4d441adb453
+	github.com/replicatedhq/kotskinds v0.0.0-20240621115447-55148ce032e4
 	github.com/replicatedhq/troubleshoot v0.93.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0
diff --git a/go.sum b/go.sum
@@ -249,8 +249,8 @@ github.com/replicatedhq/embedded-cluster-operator v0.36.0 h1:bVfprWclxojJx3bj+86
 github.com/replicatedhq/embedded-cluster-operator v0.36.0/go.mod h1:ARYlOmWODaibFtX04e4x5eeymYJmhLzpVC7hJfBt2Es=
 github.com/replicatedhq/embedded-cluster-utils v1.0.0 h1:Axdni1nYfl5zeOP9g5U79yvN8cRdClyU6hz0wV1Hmdc=
 github.com/replicatedhq/embedded-cluster-utils v1.0.0/go.mod h1:4JmMC2CwMCLxq05GEW3XSPPVotqyamAF/omrbB3pH+c=
-github.com/replicatedhq/kotskinds v0.0.0-20240523174825-f4d441adb453 h1:g8CQQ9R4gjIdoHuBX1LN1hmF3Omq2JfA040JfpfNVC8=
-github.com/replicatedhq/kotskinds v0.0.0-20240523174825-f4d441adb453/go.mod h1:QjhIUu3+OmHZ09u09j3FCoTt8F3BYtQglS+OLmftu9I=
+github.com/replicatedhq/kotskinds v0.0.0-20240621115447-55148ce032e4 h1:nsNSod6wpFpaMUq1IqnU4y2XWQd2FEKtdr02UB2udkk=
+github.com/replicatedhq/kotskinds v0.0.0-20240621115447-55148ce032e4/go.mod h1:QjhIUu3+OmHZ09u09j3FCoTt8F3BYtQglS+OLmftu9I=
 github.com/replicatedhq/troubleshoot v0.93.1 h1:JWdyk8TH//PUaDpUGhlcQIH4YVIWXoDbee6aOMTfOOk=
 github.com/replicatedhq/troubleshoot v0.93.1/go.mod h1:2GQAYOwWL0YMNkc5WOkA54/6AicoHwoSxyzhkzSmFM4=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
