github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/types/license.go (about) 1 /* 2 Copyright 2018-2019 Gravitational, Inc. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package types 18 19 import ( 20 "fmt" 21 "strings" 22 "time" 23 24 "github.com/gravitational/trace" 25 ) 26 27 // License defines teleport License Information 28 type License interface { 29 Resource 30 31 // GetReportsUsage returns true if the Teleport cluster should report usage 32 // to the Houston control plane. 33 GetReportsUsage() Bool 34 // SetReportsUsage sets the Houston usage reporting flag. 35 SetReportsUsage(Bool) 36 // GetSalesCenterReporting returns true if the Teleport cluster should 37 // report usage to Sales Center. 38 GetSalesCenterReporting() Bool 39 // SetSalesCenterReporting sets the Sales Center usage reporting flag. 40 SetSalesCenterReporting(Bool) 41 42 // GetCloud returns true if teleport cluster is hosted by Gravitational 43 GetCloud() Bool 44 // SetCloud sets cloud flag 45 SetCloud(Bool) 46 47 // GetAWSProductID returns product id that limits usage to AWS instance 48 // with a similar product ID 49 GetAWSProductID() string 50 // SetAWSProductID sets AWS product ID 51 SetAWSProductID(string) 52 53 // GetAWSAccountID limits usage to AWS instance within account ID 54 GetAWSAccountID() string 55 // SetAWSAccountID sets AWS account ID that will be limiting 56 // usage to AWS instance 57 SetAWSAccountID(accountID string) 58 59 // GetSupportsKubernetes returns kubernetes support flag 60 GetSupportsKubernetes() Bool 61 // SetSupportsKubernetes sets kubernetes support flag 62 SetSupportsKubernetes(Bool) 63 64 // GetSupportsApplicationAccess returns application access support flag 65 GetSupportsApplicationAccess() Bool 66 // SetSupportsApplicationAccess sets application access support flag 67 SetSupportsApplicationAccess(Bool) 68 69 // GetSupportsDatabaseAccess returns database access support flag 70 GetSupportsDatabaseAccess() Bool 71 // SetSupportsDatabaseAccess sets database access support flag 72 SetSupportsDatabaseAccess(Bool) 73 74 // GetSupportsDesktopAccess returns desktop access support flag 75 GetSupportsDesktopAccess() Bool 76 // SetSupportsDesktopAccess sets desktop access support flag 77 SetSupportsDesktopAccess(Bool) 78 79 // GetSupportsModeratedSessions returns moderated sessions support flag 80 // Note: this flag is unused in Teleport v11+ but it's still used to 81 // generate licenses that support older versions of Teleport 82 GetSupportsModeratedSessions() Bool 83 // SetSupportsModeratedSessions sets moderated sessions support flag 84 // Note: this flag is unused in Teleport v11+ but it's still used to 85 // generate licenses that support older versions of Teleport 86 SetSupportsModeratedSessions(Bool) 87 88 // GetSupportsMachineID returns MachineID support flag 89 // Note: this flag is unused in Teleport v11+ but it's still used to 90 // generate licenses that support older versions of Teleport 91 GetSupportsMachineID() Bool 92 // SetSupportsMachineID sets MachineID support flag 93 // Note: this flag is unused in Teleport v11+ but it's still used to 94 // generate licenses that support older versions of Teleport 95 SetSupportsMachineID(Bool) 96 97 // GetSupportsResourceAccessRequests returns resource access requests support flag 98 // Note: this flag is unused in Teleport v11+ but it's still used to 99 // generate licenses that support older versions of Teleport 100 GetSupportsResourceAccessRequests() Bool 101 // SetSupportsResourceAccessRequests sets resource access requests support flag 102 // Note: this flag is unused in Teleport v11+ but it's still used to 103 // generate licenses that support older versions of Teleport 104 SetSupportsResourceAccessRequests(Bool) 105 106 // GetSupportsFeatureHiding returns feature hiding support flag. 107 GetSupportsFeatureHiding() Bool 108 // GetSupportsFeatureHiding sets feature hiding support flag. 109 SetSupportsFeatureHiding(Bool) 110 111 // GetTrial returns the trial flag. 112 // Note: This is not applicable to Cloud licenses 113 GetTrial() Bool 114 // SetTrial sets the trial flag. 115 // Note: This is not applicable to Cloud licenses 116 SetTrial(Bool) 117 118 // SetLabels sets metadata labels 119 SetLabels(labels map[string]string) 120 121 // GetAccountID returns Account ID. 122 // Note: This is not applicable to all Cloud licenses 123 GetAccountID() string 124 125 // GetFeatureSource returns where the features should be loaded from. 126 // 127 // Deprecated. 128 // FeatureSource was used to differentiate between 129 // cloud+team vs cloud+enterprise. cloud+enterprise read from license 130 // and cloud+team read from salescenter. With the new EUB product, 131 // all cloud+ will read from salescenter. 132 GetFeatureSource() FeatureSource 133 134 // GetCustomTheme returns the name of the WebUI custom theme 135 GetCustomTheme() string 136 137 // SetCustomTheme sets the name of the WebUI custom theme 138 SetCustomTheme(themeName string) 139 140 // GetSupportsIdentityGovernanceSecurity returns IGS features support flag. 141 // IGS includes: access list, access request, access monitoring and device trust. 142 GetSupportsIdentityGovernanceSecurity() Bool 143 // SetSupportsIdentityGovernanceSecurity sets IGS feature support flag. 144 // IGS includes: access list, access request, access monitoring and device trust. 145 SetSupportsIdentityGovernanceSecurity(Bool) 146 // GetUsageBasedBilling returns if usage based billing is turned on or off 147 GetUsageBasedBilling() Bool 148 // SetUsageBasedBilling sets flag for usage based billing 149 SetUsageBasedBilling(Bool) 150 151 // GetAnonymizationKey returns a key that should be used to 152 // anonymize usage data if it's set. 153 GetAnonymizationKey() string 154 // SetAnonymizationKey sets the anonymization key. 155 SetAnonymizationKey(string) 156 157 // GetSupportsPolicy returns Teleport Policy support flag. 158 GetSupportsPolicy() Bool 159 //SGetSupportsPolicy sets Teleport Policy support flag. 160 SetSupportsPolicy(Bool) 161 } 162 163 // FeatureSource defines where the list of features enabled 164 // by the license is. 165 type FeatureSource string 166 167 const ( 168 FeatureSourceLicense FeatureSource = "license" 169 FeatureSourceCloud FeatureSource = "cloud" 170 ) 171 172 // NewLicense is a convenience method to create LicenseV3. 173 func NewLicense(name string, spec LicenseSpecV3) (License, error) { 174 l := &LicenseV3{ 175 Metadata: Metadata{ 176 Name: name, 177 }, 178 Spec: spec, 179 } 180 if err := l.CheckAndSetDefaults(); err != nil { 181 return nil, trace.Wrap(err) 182 } 183 return l, nil 184 } 185 186 // LicenseV3 represents License resource version V3. When changing this, keep in 187 // mind that other consumers of teleport/api (Houston, Sales Center) might still 188 // need to generate or parse licenses for older versions of Teleport. 189 type LicenseV3 struct { 190 // Kind is a resource kind - always resource. 191 Kind string `json:"kind"` 192 193 // SubKind is a resource sub kind 194 SubKind string `json:"sub_kind,omitempty"` 195 196 // Version is a resource version. 197 Version string `json:"version"` 198 199 // Metadata is metadata about the resource. 200 Metadata Metadata `json:"metadata"` 201 202 // Spec is the specification of the resource. 203 Spec LicenseSpecV3 `json:"spec"` 204 } 205 206 // GetVersion returns resource version 207 func (c *LicenseV3) GetVersion() string { 208 return c.Version 209 } 210 211 // GetSubKind returns resource sub kind 212 func (c *LicenseV3) GetSubKind() string { 213 return c.SubKind 214 } 215 216 // SetSubKind sets resource subkind 217 func (c *LicenseV3) SetSubKind(s string) { 218 c.SubKind = s 219 } 220 221 // GetKind returns resource kind 222 func (c *LicenseV3) GetKind() string { 223 return c.Kind 224 } 225 226 // GetResourceID returns resource ID 227 func (c *LicenseV3) GetResourceID() int64 { 228 return c.Metadata.ID 229 } 230 231 // SetResourceID sets resource ID 232 func (c *LicenseV3) SetResourceID(id int64) { 233 c.Metadata.ID = id 234 } 235 236 // GetRevision returns the revision 237 func (c *LicenseV3) GetRevision() string { 238 return c.Metadata.GetRevision() 239 } 240 241 // SetRevision sets the revision 242 func (c *LicenseV3) SetRevision(rev string) { 243 c.Metadata.SetRevision(rev) 244 } 245 246 // GetName returns the name of the resource 247 func (c *LicenseV3) GetName() string { 248 return c.Metadata.Name 249 } 250 251 // SetLabels sets metadata labels 252 func (c *LicenseV3) SetLabels(labels map[string]string) { 253 c.Metadata.Labels = labels 254 } 255 256 // GetLabels returns metadata labels 257 func (c *LicenseV3) GetLabels() map[string]string { 258 return c.Metadata.Labels 259 } 260 261 // SetName sets the name of the resource 262 func (c *LicenseV3) SetName(name string) { 263 c.Metadata.Name = name 264 } 265 266 // Expiry returns object expiry setting 267 func (c *LicenseV3) Expiry() time.Time { 268 return c.Metadata.Expiry() 269 } 270 271 // SetExpiry sets object expiry 272 func (c *LicenseV3) SetExpiry(t time.Time) { 273 c.Metadata.SetExpiry(t) 274 } 275 276 // GetMetadata returns object metadata 277 func (c *LicenseV3) GetMetadata() Metadata { 278 return c.Metadata 279 } 280 281 // GetReportsUsage returns true if the Teleport cluster should report usage to 282 // the Houston control plane. 283 func (c *LicenseV3) GetReportsUsage() Bool { 284 return c.Spec.ReportsUsage 285 } 286 287 // GetSalesCenterReporting returns true if the Teleport cluster should report 288 // usage to Sales Center. 289 func (c *LicenseV3) GetSalesCenterReporting() Bool { 290 return c.Spec.SalesCenterReporting 291 } 292 293 // GetCloud returns true if teleport cluster is hosted by Gravitational 294 func (c *LicenseV3) GetCloud() Bool { 295 return c.Spec.Cloud 296 } 297 298 // SetCloud sets cloud flag 299 func (c *LicenseV3) SetCloud(cloud Bool) { 300 c.Spec.Cloud = cloud 301 } 302 303 // SetReportsUsage sets the Houston usage reporting flag. 304 func (c *LicenseV3) SetReportsUsage(reports Bool) { 305 c.Spec.ReportsUsage = reports 306 } 307 308 // SetSalesCenterReporting sets the Sales Center usage reporting flag. 309 func (c *LicenseV3) SetSalesCenterReporting(reports Bool) { 310 c.Spec.SalesCenterReporting = reports 311 } 312 313 // setStaticFields sets static resource header and metadata fields. 314 func (c *LicenseV3) setStaticFields() { 315 c.Kind = KindLicense 316 c.Version = V3 317 } 318 319 // CheckAndSetDefaults verifies the constraints for License. 320 func (c *LicenseV3) CheckAndSetDefaults() error { 321 c.setStaticFields() 322 if c.Spec.FeatureSource == "" { 323 c.Spec.FeatureSource = FeatureSourceLicense 324 } 325 if err := c.Metadata.CheckAndSetDefaults(); err != nil { 326 return trace.Wrap(err) 327 } 328 return nil 329 } 330 331 // GetAWSProductID returns product ID that limits usage to AWS instance 332 // with a similar product ID 333 func (c *LicenseV3) GetAWSProductID() string { 334 return c.Spec.AWSProductID 335 } 336 337 // SetAWSProductID sets AWS product ID 338 func (c *LicenseV3) SetAWSProductID(pid string) { 339 c.Spec.AWSProductID = pid 340 } 341 342 // GetAccountID sets AWS product ID 343 func (c *LicenseV3) GetAccountID() string { 344 return c.Spec.AccountID 345 } 346 347 // GetAWSAccountID limits usage to AWS instance within account ID 348 func (c *LicenseV3) GetAWSAccountID() string { 349 return c.Spec.AWSAccountID 350 } 351 352 // SetAWSAccountID sets AWS account ID that will be limiting 353 // usage to AWS instance 354 func (c *LicenseV3) SetAWSAccountID(accountID string) { 355 c.Spec.AWSAccountID = accountID 356 } 357 358 // GetSupportsKubernetes returns kubernetes support flag 359 func (c *LicenseV3) GetSupportsKubernetes() Bool { 360 return c.Spec.SupportsKubernetes 361 } 362 363 // SetSupportsKubernetes sets kubernetes support flag 364 func (c *LicenseV3) SetSupportsKubernetes(supportsK8s Bool) { 365 c.Spec.SupportsKubernetes = supportsK8s 366 } 367 368 // GetSupportsApplicationAccess returns application access support flag 369 func (c *LicenseV3) GetSupportsApplicationAccess() Bool { 370 // For backward compatibility return true if app access flag isn't set, 371 // or it will stop working for all users who are already using it and 372 // were issued licenses without this flag. 373 if c.Spec.SupportsApplicationAccess == nil { 374 return Bool(true) 375 } 376 return *c.Spec.SupportsApplicationAccess 377 } 378 379 // SetSupportsApplicationAccess sets application access support flag 380 func (c *LicenseV3) SetSupportsApplicationAccess(value Bool) { 381 c.Spec.SupportsApplicationAccess = &value 382 } 383 384 // GetSupportsDatabaseAccess returns database access support flag 385 func (c *LicenseV3) GetSupportsDatabaseAccess() Bool { 386 return c.Spec.SupportsDatabaseAccess 387 } 388 389 // SetSupportsDatabaseAccess sets database access support flag 390 func (c *LicenseV3) SetSupportsDatabaseAccess(value Bool) { 391 c.Spec.SupportsDatabaseAccess = value 392 } 393 394 // GetSupportsDesktopAccess returns desktop access support flag 395 func (c *LicenseV3) GetSupportsDesktopAccess() Bool { 396 return c.Spec.SupportsDesktopAccess 397 } 398 399 // SetSupportsDesktopAccess sets desktop access support flag 400 func (c *LicenseV3) SetSupportsDesktopAccess(value Bool) { 401 c.Spec.SupportsDesktopAccess = value 402 } 403 404 // GetSupportsModeratedSessions returns moderated sessions support flag 405 func (c *LicenseV3) GetSupportsModeratedSessions() Bool { 406 return c.Spec.SupportsModeratedSessions 407 } 408 409 // SetSupportsModeratedSessions sets moderated sessions support flag 410 func (c *LicenseV3) SetSupportsModeratedSessions(value Bool) { 411 c.Spec.SupportsModeratedSessions = value 412 } 413 414 // GetSupportsMachineID returns MachineID support flag 415 func (c *LicenseV3) GetSupportsMachineID() Bool { 416 return c.Spec.SupportsMachineID 417 } 418 419 // SetSupportsMachineID sets MachineID support flag 420 func (c *LicenseV3) SetSupportsMachineID(value Bool) { 421 c.Spec.SupportsMachineID = value 422 } 423 424 // GetSupportsResourceAccessRequests returns resource access requests support flag 425 func (c *LicenseV3) GetSupportsResourceAccessRequests() Bool { 426 return c.Spec.SupportsResourceAccessRequests 427 } 428 429 // SetSupportsResourceAccessRequests sets resource access requests support flag 430 func (c *LicenseV3) SetSupportsResourceAccessRequests(value Bool) { 431 c.Spec.SupportsResourceAccessRequests = value 432 } 433 434 // GetSupportsFeatureHiding returns feature hiding requests support flag 435 func (c *LicenseV3) GetSupportsFeatureHiding() Bool { 436 return c.Spec.SupportsFeatureHiding 437 } 438 439 // SetSupportsFeatureHiding sets feature hiding requests support flag 440 func (c *LicenseV3) SetSupportsFeatureHiding(value Bool) { 441 c.Spec.SupportsFeatureHiding = value 442 } 443 444 // GetCustomTheme returns the name of the WebUI custom theme 445 func (c *LicenseV3) GetCustomTheme() string { 446 return c.Spec.CustomTheme 447 } 448 449 // SetCustomTheme sets the name of the WebUI custom theme 450 func (c *LicenseV3) SetCustomTheme(themeName string) { 451 c.Spec.CustomTheme = themeName 452 } 453 454 // GetSupportsIdentityGovernanceSecurity returns IGS feature support flag. 455 // IGS includes: access list, access request, access monitoring and device trust. 456 func (c *LicenseV3) GetSupportsIdentityGovernanceSecurity() Bool { 457 return c.Spec.SupportsIdentityGovernanceSecurity 458 } 459 460 // SetSupportsIdentityGovernanceSecurity sets IGS feature support flag. 461 // IGS includes: access list, access request, access monitoring and device trust. 462 func (c *LicenseV3) SetSupportsIdentityGovernanceSecurity(b Bool) { 463 c.Spec.SupportsIdentityGovernanceSecurity = b 464 } 465 466 // GetUsageBasedBilling returns if usage based billing is turned on or off 467 func (c *LicenseV3) GetUsageBasedBilling() Bool { 468 return c.Spec.UsageBasedBilling 469 } 470 471 // SetUsageBasedBilling sets flag for usage based billing. 472 func (c *LicenseV3) SetUsageBasedBilling(b Bool) { 473 c.Spec.UsageBasedBilling = b 474 } 475 476 // GetTrial returns the trial flag 477 func (c *LicenseV3) GetTrial() Bool { 478 return c.Spec.Trial 479 } 480 481 // SetTrial sets the trial flag 482 func (c *LicenseV3) SetTrial(value Bool) { 483 c.Spec.Trial = value 484 } 485 486 // GetAnonymizationKey returns a key that should be used to 487 // anonymize usage data if it's set. 488 func (c *LicenseV3) GetAnonymizationKey() string { 489 return c.Spec.AnonymizationKey 490 } 491 492 // SetAnonymizationKey sets the anonymization key. 493 func (c *LicenseV3) SetAnonymizationKey(anonKey string) { 494 c.Spec.AnonymizationKey = anonKey 495 } 496 497 // GetSupportsPolicy returns Teleport Policy support flag 498 func (c *LicenseV3) GetSupportsPolicy() Bool { 499 return c.Spec.SupportsPolicy 500 } 501 502 // SetSupportsPolicy sets Teleport Policy support flag 503 func (c *LicenseV3) SetSupportsPolicy(value Bool) { 504 c.Spec.SupportsPolicy = value 505 } 506 507 // String represents a human readable version of license enabled features 508 func (c *LicenseV3) String() string { 509 var features []string 510 if !c.Expiry().IsZero() { 511 features = append(features, fmt.Sprintf("expires at %v", c.Expiry())) 512 } 513 if c.GetTrial() { 514 features = append(features, "is trial") 515 } 516 if c.GetReportsUsage() { 517 features = append(features, "reports usage") 518 } 519 if c.GetSupportsKubernetes() { 520 features = append(features, "supports kubernetes") 521 } 522 if c.GetSupportsApplicationAccess() { 523 features = append(features, "supports application access") 524 } 525 if c.GetSupportsDatabaseAccess() { 526 features = append(features, "supports database access") 527 } 528 if c.GetSupportsDesktopAccess() { 529 features = append(features, "supports desktop access") 530 } 531 if c.GetSupportsFeatureHiding() { 532 features = append(features, "supports feature hiding") 533 } 534 if c.GetCloud() { 535 features = append(features, "is hosted by Gravitational") 536 } 537 if c.GetAWSProductID() != "" { 538 features = append(features, fmt.Sprintf("is limited to AWS product ID %q", c.Spec.AWSProductID)) 539 } 540 if c.GetAWSAccountID() != "" { 541 features = append(features, fmt.Sprintf("is limited to AWS account ID %q", c.Spec.AWSAccountID)) 542 } 543 if len(features) == 0 { 544 return "" 545 } 546 return strings.Join(features, ",") 547 } 548 549 // GetFeatureSource returns the source Teleport should use to read the features 550 func (c *LicenseV3) GetFeatureSource() FeatureSource { 551 // defaults to License for backward compatibility 552 if c.Spec.FeatureSource == "" { 553 return FeatureSourceLicense 554 } 555 556 return c.Spec.FeatureSource 557 } 558 559 // LicenseSpecV3 is the actual data we care about for LicenseV3. When changing 560 // this, keep in mind that other consumers of teleport/api (Houston, Sales 561 // Center) might still need to generate or parse licenses for older versions of 562 // Teleport. 563 type LicenseSpecV3 struct { 564 // AccountID is a customer account ID 565 AccountID string `json:"account_id,omitempty"` 566 // AWSProductID limits usage to AWS instance with a product ID 567 AWSProductID string `json:"aws_pid,omitempty"` 568 // AWSAccountID limits usage to AWS instance within account ID 569 AWSAccountID string `json:"aws_account,omitempty"` 570 // SupportsKubernetes turns kubernetes support on or off 571 SupportsKubernetes Bool `json:"k8s"` 572 // SupportsApplicationAccess turns application access on or off 573 // Note it's a pointer for backward compatibility 574 SupportsApplicationAccess *Bool `json:"app,omitempty"` 575 // SupportsDatabaseAccess turns database access on or off 576 SupportsDatabaseAccess Bool `json:"db,omitempty"` 577 // SupportsDesktopAccess turns desktop access on or off 578 SupportsDesktopAccess Bool `json:"desktop,omitempty"` 579 // ReportsUsage turns Houston usage reporting on or off 580 ReportsUsage Bool `json:"usage,omitempty"` 581 // SalesCenterReporting turns Sales Center usage reporting on or off 582 SalesCenterReporting Bool `json:"reporting,omitempty"` 583 // Cloud is turned on when teleport is hosted by Gravitational 584 Cloud Bool `json:"cloud,omitempty"` 585 // SupportsModeratedSessions turns on moderated sessions 586 SupportsModeratedSessions Bool `json:"moderated_sessions,omitempty"` 587 // SupportsMachineID turns MachineID support on or off 588 SupportsMachineID Bool `json:"machine_id,omitempty"` 589 // SupportsResourceAccessRequests turns resource access request support on or off 590 SupportsResourceAccessRequests Bool `json:"resource_access_requests,omitempty"` 591 // SupportsFeatureHiding turns feature hiding support on or off 592 SupportsFeatureHiding Bool `json:"feature_hiding,omitempty"` 593 // Trial is true for trial licenses 594 Trial Bool `json:"trial,omitempty"` 595 // FeatureSource is the source of the set of enabled feature 596 // 597 // Deprecated. 598 // FeatureSource was used to differentiate between 599 // cloud+team vs cloud+enterprise. cloud+enterprise read from license 600 // and cloud+team read from salescenter. With the new EUB product, 601 // all cloud+ will read from salescenter. 602 FeatureSource FeatureSource `json:"feature_source"` 603 // CustomTheme is the name of the WebUI custom theme 604 CustomTheme string `json:"custom_theme,omitempty"` 605 // SupportsIdentityGovernanceSecurity turns IGS features on or off. 606 SupportsIdentityGovernanceSecurity Bool `json:"identity_governance_security,omitempty"` 607 // UsageBasedBilling determines if the user subscription is usage-based (pay-as-you-go). 608 UsageBasedBilling Bool `json:"usage_based_billing,omitempty"` 609 // AnonymizationKey is a key that is used to anonymize usage data when it is set. 610 // It should only be set when UsageBasedBilling is true. 611 AnonymizationKey string `json:"anonymization_key,omitempty"` 612 // SupportsPolicy turns Teleport Policy features on or off. 613 SupportsPolicy Bool `json:"policy,omitempty"` 614 }