README
¶
Mainflux Licensing Service
Licensing service
Concepts
License is used to validate a service on startup. License entity looks like this:
type License struct {
ID string `json:"id"`
Key string `json:"key"`
Issuer string `json:"issuer"`
DeviceID string `json:"device_id"`
Active bool `json:"active"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
UpdatedBy string `json:"updated_by"`
UpdatedAt time.Time `json:"updated_at"`
Services []string `json:"services"`
Plan map[string]interface{} `json:"plan"`
Signature []byte `json:"signature"`
}
Please note that some of these fields are not used at the moment and are hare for the future use.
The licensing flow has two parts: service and agent.
Licensing service
Licensing service provides basic CRUD operations over License.
The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
| MF_LICENSE_LOG_LEVEL | License service log level | error |
| MF_LICENSE_DB_HOST | DB host | localhost |
| MF_LICENSE_DB_PORT | DB port | 5432 |
| MF_LICENSE_DB_USER | DB user | mainflux |
| MF_LICENSE_DB_PASS | DB pass | mainflux |
| MF_LICENSE_DB | DB name | license |
| MF_LICENSE_DB_SSL_MODE | DB SSL mode | disable |
| MF_LICENSE_DB_SSL_CERT | DB SSL cert in PEM | |
| MF_LICENSE_DB_SSL_KEY | DB SSL key | |
| MF_LICENSE_DB_SSL_ROOT_CERT | DB SSL root cert | |
| MF_LICENSE_CLIENT_TLS | Client TLS | false |
| MF_LICENSE_CA_CERTS | gRPC CA cert | |
| MF_LICENSE_PORT | service HTTP port | 8111 |
| MF_LICENSE_SERVER_CERT | server TLS cert | |
| MF_LICENSE_SERVER_KEY | server TLS cert key | |
| MF_JAEGER_URL | tracing URL | |
| MF_AUTH_URL | Auth service URL | localhost:8181 |
| MF_AUTH_TIMEOUT | Auth service call timeout | 1 |
Licensing Agent
The agent is an executable that's running on local machine and is used for license validation and synchronization with the service.
The agent is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
| MF_LICENSE_LOG_LEVEL | Agent log level | "error" |
| MF_LICENSE_SERVICE_URL | License service URL | "http://localhost:8111/licenses/devices" |
| LICENSE_FILE | File to store license in | "./license" |
| MF_LICENSE_CLIENT_TLS | HTTP client for License service | "false" |
| MF_LICENSE_AGENT_CERT | Agent TLS cert | |
| MF_AGENT_SERVER_KEY | Agen TLS cert key | |
| MF_AGENT_PORT | Agent port | "3000" |
| MF_AGENT_LOAD_RETRY_SECONDS | Retry period in seconds to wait between two sync calls to service | "60" |
The Agent fetches the License using its ID, and exposes HTTP API for validation. You can se the License validation flow on the diagram below:
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrConflict represents unique identifier violation. ErrConflict = errors.New("entity already exists") // ErrNotFound represents non-existing entity request. ErrNotFound = errors.New("entity does not exist") // ErrMalformedEntity represents malformed entity specification. ErrMalformedEntity = errors.New("malformed entity data") ErrUnauthorizedAccess = errors.New("unauthorized access") // ErrExpired represents expired license error. ErrExpired = errs.New("the license is expired") // ErrIssuedAt represents invalid issue date. ErrIssuedAt = errs.New("invalid issue date") )
var ErrLicenseValidation = errors.New("license validation failed")
ErrLicenseValidation wraps an error in case of unsuccessfull validation.
Functions ¶
This section is empty.
Types ¶
type Agent ¶
type Agent interface {
// Validate validates service.
Validate([]byte) ([]byte, error)
// Load reads License from the location.
Load() error
// Save saves License to file.
Save() error
// Do runs the Agent.
Do()
}
Agent represents licensing agent. Licensing Agent is a service that handles License locally.
type Crypto ¶
type Crypto interface {
// Encrypt encrypts license before storing in file.
Encrypt([]byte) ([]byte, error)
// Descrypt decrypts license retrieved from file or cloud.
Decrypt([]byte) ([]byte, error)
}
Crypto provides an interface for reading and storing of the License.
type IdentityProvider ¶
IdentityProvider specifies an API for generating unique identifiers.
type License ¶
type License struct {
ID string `json:"id"`
Key string `json:"key"`
Issuer string `json:"issuer"`
DeviceID string `json:"device_id"`
Active bool `json:"active"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
UpdatedBy string `json:"updated_by"`
UpdatedAt time.Time `json:"updated_at"`
Services []string `json:"services"`
Plan map[string]interface{} `json:"plan"`
Signature []byte `json:"signature"`
}
License represents single license object.
type Repository ¶
type Repository interface {
// Save stores a License.
Save(ctx context.Context, l License) (string, error)
// Retrieve the License by given ID that belongs to the given owner.
Retrieve(ctx context.Context, issuer, id string) (License, error)
// RetrieveByID retrives the license by device ID.
RetrieveByDeviceID(ctx context.Context, deviceID string) (License, error)
// Update an existing License.
Update(ctx context.Context, l License) error
// Remove a License with the given ID that belongs to the given owner.
Remove(ctx context.Context, issuer, id string) error
// ChangeActive a License with the given ID
// that belongs to the given issuer.
ChangeActive(ctx context.Context, token, id string, active bool) error
}
Repository specifies a License persistence API.
type Service ¶
type Service interface {
// Create adds License that belongs to the
// user identified by the provided token.
Create(ctx context.Context, token string, l License) (string, error)
// Retrieve retrieves the License by given ID that belongs to
// the user identified by the provided token.
Retrieve(ctx context.Context, token, id string) (License, error)
// RetrieveByDeviceID retrieves the License by given ID.
RetrieveByDeviceID(ctx context.Context, deviceID string) ([]byte, error)
// Fetch retrieves License using license ID and Key.
Fetch(ctx context.Context, key, id string) ([]byte, error)
// Update updates an existing License that's issued
// by the given issuer.
Update(ctx context.Context, token string, l License) error
// Remove removes a License with the given ID
// that belongs to the given issuer.
Remove(ctx context.Context, token, id string) error
// ChangeActive a License with the given ID
// that belongs to the given issuer.
ChangeActive(ctx context.Context, token, id string, active bool) error
// Validate checks if the license is valid for the given service name.
Validate(ctx context.Context, svcName, deviceID string, payload []byte) error
}
Service represents licensing service API specification.
Source Files
Directories