feat: adds license check

Author: ZhengYa-0110

server/controller/config/common/config.go

@@ -20,6 +20,13 @@ type Swagger struct {
 	Enabled bool `default:"true" yaml:"enabled"`
 }
 
+type Warrant struct {
+	Enabled bool   `default:"false" yaml:"enabled"`
+	Host    string `default:"warrant" yaml:"host"`
+	Port    int    `default:"20413" yaml:"port"`
+	Timeout int    `default:"30" yaml:"timeout"`
+}
+
 // TODO use this
 type FPermit struct {
 	Enabled bool   `default:"false" yaml:"enabled"`

server/controller/controller/controller.go

@@ -40,6 +40,7 @@ import (
 	"github.com/deepflowio/deepflow/server/controller/http/router"
 	"github.com/deepflowio/deepflow/server/controller/manager"
 	"github.com/deepflowio/deepflow/server/controller/monitor"
+	"github.com/deepflowio/deepflow/server/controller/monitor/license"
 	"github.com/deepflowio/deepflow/server/controller/native_field"
 	"github.com/deepflowio/deepflow/server/controller/prometheus"
 	"github.com/deepflowio/deepflow/server/controller/recorder"
@@ -180,6 +181,8 @@ func Start(ctx context.Context, configPath, serverLogFile string, shared *server
 	// native field
 	native_field.Refresh()
 
+	license.BuildChecker().Init(cfg.MonitorCfg.Warrant)
+
 	router.SetInitStageForHealthChecker("Register routers init")
 	httpServer.SetControllerChecker(controllerCheck)
 	httpServer.SetAnalyzerChecker(analyzerCheck)

server/controller/http/common/const.go

@@ -49,6 +49,7 @@ const (
 
 	// map to http.StatusForbidden
 	NO_PERMISSIONS = "NO_PERMISSIONS"
+	NO_LICENSE     = "NO_LICENSE"
 
 	// map to http.StatusPartialContent
 	PARTIAL_CONTENT = "PARTIAL_RESULT"

server/controller/http/router/agent/agent_cmd.go

@@ -37,6 +37,7 @@ import (
 	httpcommon "github.com/deepflowio/deepflow/server/controller/http/common"
 	"github.com/deepflowio/deepflow/server/controller/http/common/response"
 	service "github.com/deepflowio/deepflow/server/controller/http/service/agent"
+	"github.com/deepflowio/deepflow/server/controller/monitor/license"
 )
 
 const (
@@ -112,6 +113,16 @@ func forwardToServerConnectedByAgent() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
+		if ok, err := license.GetChecker().AgentHasObtained(agent, common.AGENT_LICENSE_FUNCTION_LEGACY_PROBE); !ok {
+			if err != nil {
+				log.Error(err, db.LogPrefixORGID)
+				response.JSON(c, response.SetOptStatus(httpcommon.NO_PERMISSIONS), response.SetError(err))
+			}
+			response.JSON(c, response.SetOptStatus(httpcommon.NO_PERMISSIONS), response.SetError(fmt.Errorf("agent(%s) license not support probe command", agent.Name)))
+			c.Abort()
+			return
+		}
+
 		key := agent.CtrlIP + "-" + agent.CtrlMac
 		// handle forward times
 		var forwardTimes int

server/controller/http/router/resource/domain.go

@@ -29,13 +29,15 @@ import (
 	"github.com/op/go-logging"
 	"gopkg.in/yaml.v2"
 
+	ctrlCommon "github.com/deepflowio/deepflow/server/controller/common"
 	"github.com/deepflowio/deepflow/server/controller/config"
 	metadbcommon "github.com/deepflowio/deepflow/server/controller/db/metadb/common"
 	httpcommon "github.com/deepflowio/deepflow/server/controller/http/common"
 	"github.com/deepflowio/deepflow/server/controller/http/common/response"
 	"github.com/deepflowio/deepflow/server/controller/http/router/common"
 	"github.com/deepflowio/deepflow/server/controller/http/service/resource"
 	"github.com/deepflowio/deepflow/server/controller/model"
+	"github.com/deepflowio/deepflow/server/controller/monitor/license"
 )
 
 var log = logging.MustGetLogger("controller.resource")
@@ -64,11 +66,11 @@ func (d *Domain) RegisterTo(e *gin.Engine) {
 	e.PATCH("/v2/sub-domains/:lcuuid/", updateSubDomain(d.cfg))
 	e.DELETE("/v2/sub-domains/:lcuuid/", deleteSubDomain(d.cfg))
 
-	e.PUT("/v1/domain-additional-resources/", applyDomainAddtionalResource)
-	e.GET("/v1/domain-additional-resources/", listDomainAddtionalResource)
+	e.PUT("/v1/domain-additional-resources/", applyDomainAdditionalResource)
+	e.GET("/v1/domain-additional-resources/", listDomainAdditionalResource)
 	e.GET("/v1/domain-additional-resources/example/", GetDomainAdditionalResourceExample)
-	e.PATCH("/v1/domain-additional-resources/advanced/", updateDomainAddtionalResourceAdvanced)
-	e.GET("/v1/domain-additional-resources/advanced/", getDomainAddtionalResourceAdvanced)
+	e.PATCH("/v1/domain-additional-resources/advanced/", updateDomainAdditionalResourceAdvanced)
+	e.GET("/v1/domain-additional-resources/advanced/", getDomainAdditionalResourceAdvanced)
 }
 
 func getDomain(cfg *config.ControllerConfig) gin.HandlerFunc {
@@ -397,7 +399,15 @@ func updateSubDomain(cfg *config.ControllerConfig) gin.HandlerFunc {
 	})
 }
 
-func applyDomainAddtionalResource(c *gin.Context) {
+func applyDomainAdditionalResource(c *gin.Context) {
+	if ok, err := license.GetChecker().HasObtained(ctrlCommon.AGENT_LICENSE_FUNCTION_ASSET_CMDB); !ok {
+		if err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.SERVER_ERROR), response.SetError(err))
+		}
+		response.JSON(c, response.SetOptStatus(httpcommon.NO_LICENSE), response.SetError(fmt.Errorf("no license to asset cmdb")))
+		return
+	}
+
 	b, err := io.ReadAll(c.Request.Body)
 	if err != nil {
 		response.JSON(c, response.SetOptStatus(httpcommon.SERVER_ERROR), response.SetError(err))
@@ -423,11 +433,11 @@ func applyDomainAddtionalResource(c *gin.Context) {
 		return
 	}
 
-	err = resource.ApplyDomainAddtionalResource(data, db)
+	err = resource.ApplyDomainAdditionalResource(data, db)
 	response.JSON(c, response.SetError(err))
 }
 
-func listDomainAddtionalResource(c *gin.Context) {
+func listDomainAdditionalResource(c *gin.Context) {
 	var resourceType, resourceName string
 	t, ok := c.GetQuery("type")
 	if ok {
@@ -457,7 +467,15 @@ func GetDomainAdditionalResourceExample(c *gin.Context) {
 	response.JSON(c, response.SetData(data), response.SetError(err))
 }
 
-func updateDomainAddtionalResourceAdvanced(c *gin.Context) {
+func updateDomainAdditionalResourceAdvanced(c *gin.Context) {
+	if ok, err := license.GetChecker().HasObtained(ctrlCommon.AGENT_LICENSE_FUNCTION_ASSET_CMDB); !ok {
+		if err != nil {
+			response.JSON(c, response.SetOptStatus(httpcommon.SERVER_ERROR), response.SetError(err))
+		}
+		response.JSON(c, response.SetOptStatus(httpcommon.NO_LICENSE), response.SetError(fmt.Errorf("no license to asset cmdb")))
+		return
+	}
+
 	db, err := common.GetContextOrgDB(c)
 	if err != nil {
 		response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))
@@ -467,7 +485,7 @@ func updateDomainAddtionalResourceAdvanced(c *gin.Context) {
 	data := &model.AdditionalResource{}
 	err = c.ShouldBindBodyWith(&data, binding.YAML)
 	if err == nil || err == io.EOF {
-		if err = resource.ApplyDomainAddtionalResource(*data, db); err != nil {
+		if err = resource.ApplyDomainAdditionalResource(*data, db); err != nil {
 			response.JSON(c, response.SetError(err))
 			return
 		}
@@ -488,7 +506,7 @@ func updateDomainAddtionalResourceAdvanced(c *gin.Context) {
 	}
 }
 
-func getDomainAddtionalResourceAdvanced(c *gin.Context) {
+func getDomainAdditionalResourceAdvanced(c *gin.Context) {
 	db, err := common.GetContextOrgDB(c)
 	if err != nil {
 		response.JSON(c, response.SetOptStatus(httpcommon.GET_ORG_DB_FAIL), response.SetError(err))

server/controller/http/service/resource/domain_additional_resource.go

@@ -74,7 +74,7 @@ func newAddtionalResourceToolDataSet(regionUUID string) *addtionalResourceToolDa
 	}
 }
 
-func ApplyDomainAddtionalResource(reqData model.AdditionalResource, orgDB *metadb.DB) error {
+func ApplyDomainAdditionalResource(reqData model.AdditionalResource, orgDB *metadb.DB) error {
 	log.Infof("apply domain additional resource: %#v", reqData, orgDB.LogPrefixORGID)
 	domainUUIDToToolDataSet, err := generateToolDataSet(reqData, orgDB)
 	if err != nil {

server/controller/monitor/common.go

@@ -22,13 +22,20 @@ import (
 	"time"
 
 	"github.com/deepflowio/deepflow/server/controller/common"
+	configs "github.com/deepflowio/deepflow/server/controller/config/common"
 	"github.com/deepflowio/deepflow/server/controller/db/metadb"
 	metadbmodel "github.com/deepflowio/deepflow/server/controller/db/metadb/model"
 	"github.com/deepflowio/deepflow/server/libs/logger"
 )
 
 var log = logger.MustGetLogger("monitor")
 
+type LicenseChecker interface {
+	Init(configs.Warrant)
+	HasObtained(function int) (bool, error)
+	AgentHasObtained(agent *metadbmodel.VTap, function int) (bool, error)
+}
+
 type dfHostCheck struct {
 	lastTimeUnix int64
 }

server/controller/monitor/config/config.go

@@ -16,11 +16,9 @@
 
 package config
 
-type Warrant struct {
-	Host    string `default:"warrant" yaml:"warrant"`
-	Port    int    `default:"20413" yaml:"port"`
-	Timeout int    `default:"30" yaml:"timeout"`
-}
+import (
+	configs "github.com/deepflowio/deepflow/server/controller/config/common"
+)
 
 type MonitorConfig struct {
 	HealthCheckInterval         int                           `default:"60" yaml:"health_check_interval"`
@@ -32,7 +30,7 @@ type MonitorConfig struct {
 	AutoRebalanceVTap           bool                          `default:"true" yaml:"auto_rebalance_vtap"`
 	RebalanceCheckInterval      int                           `default:"300" yaml:"rebalance_check_interval"` // unit: second
 	VTapAutoDelete              VTapAutoDelete                `yaml:"vtap_auto_delete"`
-	Warrant                     Warrant                       `yaml:"warrant"`
+	Warrant                     configs.Warrant               `yaml:"warrant"`
 	IngesterLoadBalancingConfig IngesterLoadBalancingStrategy `yaml:"ingester-load-balancing-strategy"`
 	SyncDefaultORGDataInterval  int                           `default:"10" yaml:"sync_default_org_data_interval"`
 }

server/controller/monitor/license/checker.go

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2024 Yunshan Networks
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package license
+
+import (
+	"sync"
+
+	configs "github.com/deepflowio/deepflow/server/controller/config/common"
+	"github.com/deepflowio/deepflow/server/controller/monitor"
+	metadbmodel "github.com/deepflowio/deepflow/server/controller/db/metadb/model"
+)
+
+var (
+	checkerOnce sync.Once
+	checker     *Checker
+)
+
+type Checker struct{}
+
+func BuildChecker() *Checker {
+	checkerOnce.Do(func() {
+		checker = &Checker{}
+	})
+	return checker
+}
+
+func GetChecker() monitor.LicenseChecker {
+	return checker
+}
+
+func (c *Checker) Init(cfg configs.Warrant) {
+}
+
+func (c *Checker) HasObtained(function int) (bool, error) {
+	return false, nil
+}
+
+func (c *Checker) AgentHasObtained(agent *metadbmodel.VTap, function int) (bool, error) {
+	return false, nil
+}

server/controller/recorder/domain.go

@@ -18,7 +18,6 @@ package recorder
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -82,6 +81,10 @@ func (d *domain) CloseStatsd() {
 
 func (d *domain) Refresh(target string, cloudData cloudmodel.Resource) error {
 	log.Infof("refresh target: %s", target, d.metadata.LogPrefixes)
+	if err := d.checkLicense(); err != nil {
+		return err
+	}
+
 	switch target {
 	case RefreshTargetDomain:
 		log.Info("refresher started, triggered by ticker/hand", d.metadata.LogPrefixes)
@@ -94,14 +97,28 @@ func (d *domain) Refresh(target string, cloudData cloudmodel.Resource) error {
 		return d.subDomains.RefreshOne(cloudData.SubDomainResources)
 	default:
 		log.Info("invalid refresh target", d.metadata.LogPrefixes)
-		return errors.New("invalid refresh target")
+		return fmt.Errorf("invalid refresh target")
 	}
 }
 
 func (d *domain) refreshDomainExcludeSubDomain(cloudData cloudmodel.Resource) error {
 	return d.tryRefresh(cloudData)
 }
 
+func (d *domain) checkLicense() error {
+	var domain *metadbmodel.Domain
+	err := d.metadata.DB.Select("state").Where("lcuuid = ?", d.metadata.Domain.Lcuuid).First(&domain).Error
+	if err != nil {
+		log.Errorf("failed to get domain from db: %s", err, d.metadata.LogPrefixes)
+		return err
+	}
+	if domain.State == common.RESOURCE_STATE_CODE_NO_LICENSE {
+		log.Errorf("domain %s has no license", d.metadata.Domain.Lcuuid, d.metadata.LogPrefixes)
+		return fmt.Errorf("domain %s has no license", d.metadata.Domain.Lcuuid)
+	}
+	return nil
+}
+
 func (d *domain) tryRefresh(cloudData cloudmodel.Resource) error {
 	// 无论是否会更新资源，需先更新domain及subdomain状态
 	d.updateStateInfo(cloudData)

server/server.yaml

@@ -100,6 +100,12 @@ controller:
     port: 20823
     timeout: 30
 
+  warrant:
+    enabled: false
+    host: warrant
+    port: 20413
+    timeout: 30
+
   # mysql相关配置
   mysql:
     enabled: true
@@ -217,6 +223,7 @@ controller:
     #   lost_time_max: 3600
     # warrant
     warrant:
+      enabled: false
       host: warrant
       port: 20413
       timeout: 30