Cache license by id for ace

Signed-off-by: Tamal Saha <[email protected]>

Author: tamalsaha

pkg/server/issuer.go

@@ -69,6 +69,7 @@ func IssueEnterpriseLicense(fs blobfs.Interface, certs *certstore.CertStore, inf
 
 	// 1 yr domain license
 	license := &ProductLicense{
+		ID:      info.ID,
 		Domain:  domain,
 		Product: info.Product(),
 		Agreement: &LicenseAgreement{
@@ -78,12 +79,12 @@ func IssueEnterpriseLicense(fs blobfs.Interface, certs *certstore.CertStore, inf
 	}
 
 	var crtLicense []byte
-	exists, err := fs.Exists(context.TODO(), LicenseCertPath(license.Domain, license.Product, info.Cluster))
+	exists, err := fs.Exists(context.TODO(), license.LicenseCertPath(info.Cluster))
 	if err != nil {
 		return nil, nil, err
 	}
 	if exists {
-		data, err := fs.ReadFile(context.TODO(), LicenseCertPath(license.Domain, license.Product, info.Cluster))
+		data, err := fs.ReadFile(context.TODO(), license.LicenseCertPath(info.Cluster))
 		if err != nil {
 			return nil, nil, err
 		}
@@ -92,7 +93,7 @@ func IssueEnterpriseLicense(fs blobfs.Interface, certs *certstore.CertStore, inf
 			return nil, nil, err
 		}
 		if len(certs) > 1 {
-			return nil, nil, fmt.Errorf("multiple certificates found in %s", LicenseCertPath(license.Domain, license.Product, info.Cluster))
+			return nil, nil, fmt.Errorf("multiple certificates found in %s", license.LicenseCertPath(info.Cluster))
 		}
 
 		if !certs[0].NotAfter.Before(license.Agreement.ExpiryDate.Time) {
@@ -113,26 +114,29 @@ func IssueEnterpriseLicense(fs blobfs.Interface, certs *certstore.CertStore, inf
 		LicenseForm: info,
 		Timestamp:   timestamp,
 	}
-	{
-		// record request
-		data, err := json.MarshalIndent(accesslog, "", "  ")
-		if err != nil {
-			return nil, nil, err
-		}
-		err = fs.WriteFile(context.TODO(), FullLicenseIssueLogPath(domain, info.Product(), info.Cluster, timestamp), data)
-		if err != nil {
-			return nil, nil, err
-		}
-	}
-
-	{
-		// mark email as verified
-		if exists, err := fs.Exists(context.TODO(), EmailVerifiedPath(domain, info.Email)); err == nil && !exists {
-			err = fs.WriteFile(context.TODO(), EmailVerifiedPath(domain, info.Email), []byte(timestamp))
+	// only log for https://appscode.com/issue-license/
+	if license.ID <= 0 {
+		{
+			// record request
+			data, err := json.MarshalIndent(accesslog, "", "  ")
+			if err != nil {
+				return nil, nil, err
+			}
+			err = fs.WriteFile(context.TODO(), FullLicenseIssueLogPath(domain, info.Product(), info.Cluster, timestamp), data)
 			if err != nil {
 				return nil, nil, err
 			}
 		}
+
+		{
+			// mark email as verified
+			if exists, err := fs.Exists(context.TODO(), EmailVerifiedPath(domain, info.Email)); err == nil && !exists {
+				err = fs.WriteFile(context.TODO(), EmailVerifiedPath(domain, info.Email), []byte(timestamp))
+				if err != nil {
+					return nil, nil, err
+				}
+			}
+		}
 	}
 
 	return crtLicense, &accesslog, nil
@@ -176,11 +180,11 @@ func CreateLicense(fs blobfs.Interface, certs *certstore.CertStore, info License
 		return nil, errors.Wrap(err, "failed to generate client certificate")
 	}
 
-	err = fs.WriteFile(context.TODO(), LicenseCertPath(license.Domain, license.Product, cluster), cert.EncodeCertPEM(crt))
+	err = fs.WriteFile(context.TODO(), license.LicenseCertPath(cluster), cert.EncodeCertPEM(crt))
 	if err != nil {
 		return nil, err
 	}
-	err = fs.WriteFile(context.TODO(), LicenseKeyPath(license.Domain, license.Product, cluster), cert.EncodePrivateKeyPEM(key))
+	err = fs.WriteFile(context.TODO(), license.LicenseKeyPath(cluster), cert.EncodePrivateKeyPEM(key))
 	if err != nil {
 		return nil, err
 	}

pkg/server/paths.go

@@ -38,8 +38,18 @@ func AgreementPath(domain, product string) string {
 	return fmt.Sprintf("domains/%s/products/%s/agreement.json", domain, product)
 }
 
-func LicenseCertPath(domain, product, cluster string) string {
-	return fmt.Sprintf("domains/%s/products/%s/clusters/%s/tls.crt", domain, product, cluster)
+func (l ProductLicense) LicenseCertPath(cluster string) string {
+	if l.ID > 0 {
+		return fmt.Sprintf("id/%d/products/%s/clusters/%s/tls.crt", l.ID, l.Product, cluster)
+	}
+	return fmt.Sprintf("domains/%s/products/%s/clusters/%s/tls.crt", l.Domain, l.Product, cluster)
+}
+
+func (l ProductLicense) LicenseKeyPath(cluster string) string {
+	if l.ID > 0 {
+		return fmt.Sprintf("id/%d/products/%s/clusters/%s/tls.key", l.ID, l.Product, cluster)
+	}
+	return fmt.Sprintf("domains/%s/products/%s/clusters/%s/tls.key", l.Domain, l.Product, cluster)
 }
 
 func ProductAccessLogPath(domain, product, cluster, timestamp string) string {
@@ -53,7 +63,3 @@ func FullLicenseIssueLogPath(domain, product, cluster, timestamp string) string
 func EmailAccessLogPath(domain, email, product, timestamp string) string {
 	return fmt.Sprintf("domains/%s/emails/%s/products/%s/accesslog/%s", domain, email, product, timestamp)
 }
-
-func LicenseKeyPath(domain, product, cluster string) string {
-	return fmt.Sprintf("domains/%s/products/%s/clusters/%s/tls.key", domain, product, cluster)
-}

pkg/server/server.go

@@ -678,12 +678,12 @@ func (s *Server) GetDomainLicense(domain string, product string) (*ProductLicens
 func (s *Server) CreateOrRetrieveLicense(info LicenseForm, license ProductLicense, cluster string) ([]byte, error) {
 	// Return existing license for enterprise products
 	if IsEnterpriseProduct(license.Product) {
-		exists, err := s.fs.Exists(context.TODO(), LicenseCertPath(license.Domain, license.Product, cluster))
+		exists, err := s.fs.Exists(context.TODO(), license.LicenseCertPath(cluster))
 		if err != nil {
 			return nil, err
 		}
 		if exists {
-			return s.fs.ReadFile(context.TODO(), LicenseCertPath(license.Domain, license.Product, cluster))
+			return s.fs.ReadFile(context.TODO(), license.LicenseCertPath(cluster))
 		}
 	}
 	return CreateLicense(s.fs, s.certs, info, license, cluster, nil)

pkg/server/types.go

@@ -28,6 +28,7 @@ import (
 )
 
 type ProductLicense struct {
+	ID        int64             `json:"id"`
 	Domain    string            `json:"domain"`
 	Product   string            `json:"product"` // This is now called plan in a parsed LicenseInfo
 	TTL       *metav1.Duration  `json:"ttl,omitempty"`
@@ -44,6 +45,7 @@ type RegisterRequest struct {
 }
 
 type LicenseForm struct {
+	ID           int64  `form:"id" json:"id"`
 	Name         string `form:"name" binding:"Required" json:"name"`
 	Email        string `form:"email" binding:"Required;Email" json:"email"`
 	CC           string `form:"cc" json:"cc"`