feat: adds license check

Author: ZhengYa-0110

server/controller/config/common/config.go

@@ -20,6 +20,13 @@ type Swagger struct {
 	Enabled bool `default:"true" yaml:"enabled"`
 }
 
+type Warrant struct {
+	Enabled bool   `default:"false" yaml:"enabled"`
+	Host    string `default:"warrant" yaml:"host"`
+	Port    int    `default:"20413" yaml:"port"`
+	Timeout int    `default:"30" yaml:"timeout"`
+}
+
 // TODO use this
 type FPermit struct {
 	Enabled bool   `default:"false" yaml:"enabled"`

server/controller/http/common/const.go

@@ -49,6 +49,7 @@ const (
 
 	// map to http.StatusForbidden
 	NO_PERMISSIONS = "NO_PERMISSIONS"
+	NO_LICENSE     = "NO_LICENSE"
 
 	// map to http.StatusPartialContent
 	PARTIAL_CONTENT = "PARTIAL_RESULT"

server/controller/http/router/agent/agent_cmd.go

@@ -25,6 +25,7 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"strconv"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
@@ -88,6 +89,16 @@ func (a *AgentCMD) RegisterTo(e *gin.Engine) {
 	agentRoutes.POST("/cmd/run", forwardToServerConnectedByAgent(), a.cmdRunHandler())
 }
 
+func checkAgentLicense(agent *metadbmodel.VTap) error {
+	parts := strings.Split(agent.LicenseFunctions, ",")
+	for _, part := range parts {
+		if strings.TrimSpace(part) == fmt.Sprintf("%s", common.AGENT_LICENSE_FUNCTION_LEGACY_PROBE) {
+			return nil
+		}
+	}
+	return fmt.Errorf("agent(%s) license not support probe command", agent.Name)
+}
+
 func forwardToServerConnectedByAgent() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		orgID, _ := c.Get(common.HEADER_KEY_X_ORG_ID)
@@ -112,6 +123,13 @@ func forwardToServerConnectedByAgent() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
+		if err := checkAgentLicense(agent); err != nil {
+			log.Error(err, db.LogPrefixORGID)
+			response.JSON(c, response.SetOptStatus(httpcommon.NO_PERMISSIONS), response.SetError(err))
+			c.Abort()
+			return
+		}
+
 		key := agent.CtrlIP + "-" + agent.CtrlMac
 		// handle forward times
 		var forwardTimes int

server/controller/http/router/resource/domain.go

@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
@@ -29,7 +30,9 @@ import (
 	"github.com/op/go-logging"
 	"gopkg.in/yaml.v2"
 
+	ctrlCommon "github.com/deepflowio/deepflow/server/controller/common"
 	"github.com/deepflowio/deepflow/server/controller/config"
+	configs "github.com/deepflowio/deepflow/server/controller/config/common"
 	metadbcommon "github.com/deepflowio/deepflow/server/controller/db/metadb/common"
 	httpcommon "github.com/deepflowio/deepflow/server/controller/http/common"
 	"github.com/deepflowio/deepflow/server/controller/http/common/response"
@@ -64,11 +67,11 @@ func (d *Domain) RegisterTo(e *gin.Engine) {
 	e.PATCH("/v2/sub-domains/:lcuuid/", updateSubDomain(d.cfg))
 	e.DELETE("/v2/sub-domains/:lcuuid/", deleteSubDomain(d.cfg))
 
-	e.PUT("/v1/domain-additional-resources/", applyDomainAddtionalResource)
-	e.GET("/v1/domain-additional-resources/", listDomainAddtionalResource)
+	e.PUT("/v1/domain-additional-resources/", applyDomainAdditionalResource(d.cfg.MonitorCfg.Warrant))
+	e.GET("/v1/domain-additional-resources/", listDomainAdditionalResource)
 	e.GET("/v1/domain-additional-resources/example/", GetDomainAdditionalResourceExample)
-	e.PATCH("/v1/domain-additional-resources/advanced/", updateDomainAddtionalResourceAdvanced)
-	e.GET("/v1/domain-additional-resources/advanced/", getDomainAddtionalResourceAdvanced)
+	e.PATCH("/v1/domain-additional-resources/advanced/", updateDomainAdditionalResourceAdvanced(d.cfg.MonitorCfg.Warrant))
+	e.GET("/v1/domain-additional-resources/advanced/", getDomainAdditionalResourceAdvanced)
 }
 
 func getDomain(cfg *config.ControllerConfig) gin.HandlerFunc {
@@ -397,37 +400,44 @@ func updateSubDomain(cfg *config.ControllerConfig) gin.HandlerFunc {
 	})
 }
 
-func applyDomainAddtionalResource(c *gin.Context) {
-	b, err := io.ReadAll(c.Request.Body)
-	if err != nil {
-		response.JSON(c, response.SetOptStatus(httpcommon.SERVER_ERROR), response.SetError(err))
-		return
-	}
-	err = common.CheckJSONParam(string(b), model.AdditionalResource{})
-	if err != nil {
-		response.JSON(c, response.SetOptStatus(httpcommon.INVALID_PARAMETERS), response.SetError(err))
-		return
-	}
+func applyDomainAdditionalResource(warrantCfg configs.Warrant) gin.HandlerFunc {
+	return gin.HandlerFunc(func(c *gin.Context) {
+		if err := checkCMDBLicense(warrantCfg); err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.NO_LICENSE), response.SetError(err))
+			return
+		}
 
-	var data model.AdditionalResource
-	err = json.Unmarshal(b, &data)
-	// invalidate request body
-	if err != nil {
-		response.JSON(c, response.SetOptStatus(httpcommon.INVALID_PARAMETERS), response.SetError(err))
-		return
-	}
+		b, err := io.ReadAll(c.Request.Body)
+		if err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.SERVER_ERROR), response.SetError(err))
+			return
+		}
+		err = common.CheckJSONParam(string(b), model.AdditionalResource{})
+		if err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.INVALID_PARAMETERS), response.SetError(err))
+			return
+		}
 
-	db, err := common.GetContextOrgDB(c)
-	if err != nil {
-		response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))
-		return
-	}
+		var data model.AdditionalResource
+		err = json.Unmarshal(b, &data)
+		// invalidate request body
+		if err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.INVALID_PARAMETERS), response.SetError(err))
+			return
+		}
+
+		db, err := common.GetContextOrgDB(c)
+		if err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))
+			return
+		}
 
-	err = resource.ApplyDomainAddtionalResource(data, db)
-	response.JSON(c, response.SetError(err))
+		err = resource.ApplyDomainAdditionalResource(data, db)
+		response.JSON(c, response.SetError(err))
+	})
 }
 
-func listDomainAddtionalResource(c *gin.Context) {
+func listDomainAdditionalResource(c *gin.Context) {
 	var resourceType, resourceName string
 	t, ok := c.GetQuery("type")
 	if ok {
@@ -457,38 +467,45 @@ func GetDomainAdditionalResourceExample(c *gin.Context) {
 	response.JSON(c, response.SetData(data), response.SetError(err))
 }
 
-func updateDomainAddtionalResourceAdvanced(c *gin.Context) {
-	db, err := common.GetContextOrgDB(c)
-	if err != nil {
-		response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))
-		return
-	}
-
-	data := &model.AdditionalResource{}
-	err = c.ShouldBindBodyWith(&data, binding.YAML)
-	if err == nil || err == io.EOF {
-		if err = resource.ApplyDomainAddtionalResource(*data, db); err != nil {
-			response.JSON(c, response.SetError(err))
+func updateDomainAdditionalResourceAdvanced(warrantCfg configs.Warrant) gin.HandlerFunc {
+	return gin.HandlerFunc(func(c *gin.Context) {
+		if err := checkCMDBLicense(warrantCfg); err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.NO_LICENSE), response.SetError(err))
 			return
 		}
-		d, err := resource.GetDomainAdditionalResource("", "", db)
+
+		db, err := common.GetContextOrgDB(c)
 		if err != nil {
-			response.JSON(c, response.SetError(err))
+			response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))
 			return
 		}
-		b, err := yaml.Marshal(d)
-		if err != nil {
-			response.JSON(c, response.SetError(err))
+
+		data := &model.AdditionalResource{}
+		err = c.ShouldBindBodyWith(&data, binding.YAML)
+		if err == nil || err == io.EOF {
+			if err = resource.ApplyDomainAdditionalResource(*data, db); err != nil {
+				response.JSON(c, response.SetError(err))
+				return
+			}
+			d, err := resource.GetDomainAdditionalResource("", "", db)
+			if err != nil {
+				response.JSON(c, response.SetError(err))
+				return
+			}
+			b, err := yaml.Marshal(d)
+			if err != nil {
+				response.JSON(c, response.SetError(err))
+				return
+			}
+			response.JSON(c, response.SetData(string(b))) // TODO 不需要转换类型
+		} else {
+			response.JSON(c, response.SetOptStatus(httpcommon.INVALID_PARAMETERS), response.SetError(err))
 			return
 		}
-		response.JSON(c, response.SetData(string(b))) // TODO 不需要转换类型
-	} else {
-		response.JSON(c, response.SetOptStatus(httpcommon.INVALID_PARAMETERS), response.SetError(err))
-		return
-	}
+	})
 }
 
-func getDomainAddtionalResourceAdvanced(c *gin.Context) {
+func getDomainAdditionalResourceAdvanced(c *gin.Context) {
 	db, err := common.GetContextOrgDB(c)
 	if err != nil {
 		response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))
@@ -507,3 +524,29 @@ func getDomainAddtionalResourceAdvanced(c *gin.Context) {
 	}
 	response.JSON(c, response.SetData(string(b))) // TODO 不需要转换类型
 }
+
+func checkCMDBLicense(warrantCfg configs.Warrant) error {
+	if !warrantCfg.Enabled {
+		return nil
+	}
+	body := make(map[string]interface{})
+	response, err := ctrlCommon.CURLPerform(
+		http.MethodGet,
+		fmt.Sprintf(
+			"http://%s:%d/licensedata",
+			warrantCfg.Host, warrantCfg.Port,
+		),
+		body,
+	)
+	if err != nil {
+		return err
+	}
+	for k, v := range response.Get("DATA").Get("LICENSE").MustMap() {
+		if k == "ASSET_CMDB_COUNT" {
+			if v.(int) != 0 {
+				return nil
+			}
+		}
+	}
+	return fmt.Errorf("no license for cmdb")
+}

server/controller/http/service/resource/domain_additional_resource.go

@@ -74,7 +74,7 @@ func newAddtionalResourceToolDataSet(regionUUID string) *addtionalResourceToolDa
 	}
 }
 
-func ApplyDomainAddtionalResource(reqData model.AdditionalResource, orgDB *metadb.DB) error {
+func ApplyDomainAdditionalResource(reqData model.AdditionalResource, orgDB *metadb.DB) error {
 	log.Infof("apply domain additional resource: %#v", reqData, orgDB.LogPrefixORGID)
 	domainUUIDToToolDataSet, err := generateToolDataSet(reqData, orgDB)
 	if err != nil {

server/controller/monitor/config/config.go

@@ -16,11 +16,9 @@
 
 package config
 
-type Warrant struct {
-	Host    string `default:"warrant" yaml:"warrant"`
-	Port    int    `default:"20413" yaml:"port"`
-	Timeout int    `default:"30" yaml:"timeout"`
-}
+import (
+	configs "github.com/deepflowio/deepflow/server/controller/config/common"
+)
 
 type MonitorConfig struct {
 	HealthCheckInterval         int                           `default:"60" yaml:"health_check_interval"`
@@ -32,7 +30,7 @@ type MonitorConfig struct {
 	AutoRebalanceVTap           bool                          `default:"true" yaml:"auto_rebalance_vtap"`
 	RebalanceCheckInterval      int                           `default:"300" yaml:"rebalance_check_interval"` // unit: second
 	VTapAutoDelete              VTapAutoDelete                `yaml:"vtap_auto_delete"`
-	Warrant                     Warrant                       `yaml:"warrant"`
+	Warrant                     configs.Warrant               `yaml:"warrant"`
 	IngesterLoadBalancingConfig IngesterLoadBalancingStrategy `yaml:"ingester-load-balancing-strategy"`
 	SyncDefaultORGDataInterval  int                           `default:"10" yaml:"sync_default_org_data_interval"`
 }

server/controller/recorder/domain.go

@@ -102,6 +102,20 @@ func (d *domain) refreshDomainExcludeSubDomain(cloudData cloudmodel.Resource) er
 	return d.tryRefresh(cloudData)
 }
 
+func (d *domain) checkLicense() error {
+	var domain *metadbmodel.Domain
+	err := d.metadata.DB.Select("state").Where("lcuuid = ?", d.metadata.Domain.Lcuuid).First(&domain).Error
+	if err != nil {
+		log.Errorf("failed to get domain from db: %s", err, d.metadata.LogPrefixes)
+		return err
+	}
+	if domain.State == common.RESOURCE_STATE_CODE_NO_LICENSE {
+		log.Errorf("domain %s has no license", d.metadata.Domain.Lcuuid, d.metadata.LogPrefixes)
+		return errors.New("domain has no license")
+	}
+	return nil
+}
+
 func (d *domain) tryRefresh(cloudData cloudmodel.Resource) error {
 	// 无论是否会更新资源，需先更新domain及subdomain状态
 	d.updateStateInfo(cloudData)

server/server.yaml

@@ -100,6 +100,12 @@ controller:
     port: 20823
     timeout: 30
 
+  warrant:
+    enabled: false
+    host: warrant
+    port: 20413
+    timeout: 30
+
   # mysql相关配置
   mysql:
     enabled: true
@@ -217,6 +223,7 @@ controller:
     #   lost_time_max: 3600
     # warrant
     warrant:
+      enabled: false
       host: warrant
       port: 20413
       timeout: 30