Documentation
¶
Overview ¶
Package license provides the license parsing and validation logic for Coderd. Licensing in Coderd defines what features are allowed to be used in a given deployment. Without a license, or with a license that grants 0 features, Coderd will refuse to execute some feature code paths. These features are typically gated with a middleware that checks the license before allowing the http request to proceed.
Terms:
- FeatureName: A specific functionality that Coderd provides, such as external provisioners.
- Feature: Entitlement definition for a FeatureName. A feature can be:
- "entitled": The feature is allowed to be used by the deployment.
- "grace period": The feature is allowed to be used by the deployment, but the license is expired. There is a grace period before the feature is disabled.
- "not entitled": The deployment is not allowed to use the feature. Either by expiration, or by not being included in the license. A feature can also be "disabled" that prevents usage of the feature even if entitled. This is usually a deployment configuration option.
- License: A signed JWT that lists the features that are allowed to be used by a given deployment. A license can have extra properties like, `IsTrial`, `DeploymentIDs`, etc that can be used to further define usage of the license.
- Entitlements: A parsed set of licenses. Yes you can have more than 1 license on a deployment! Entitlements will enumerate all features that are allowed to be used.
Index ¶
- Constants
- Variables
- func Entitlements(ctx context.Context, db database.Store, replicaCount int, ...) (codersdk.Entitlements, error)
- func LicensesEntitlements(now time.Time, licenses []database.License, ...) (codersdk.Entitlements, error)
- func ParseRaw(l string, keys map[string]ed25519.PublicKey) (jwt.MapClaims, error)
- type Claims
- type FeatureArguments
- type Features
- type MetricsCollector
Constants ¶
View Source
const ( CurrentVersion = 3 HeaderKeyID = "kid" AccountTypeSalesforce = "salesforce" VersionClaim = "version" )
Variables ¶
View Source
var ( ValidMethods = []string{"EdDSA"} ErrInvalidVersion = xerrors.New("license must be version 3") ErrMissingKeyID = xerrors.Errorf("JOSE header must contain %s", HeaderKeyID) ErrMissingLicenseExpires = xerrors.New("license missing license_expires") ErrMissingExp = xerrors.New("exp claim missing or not parsable") ErrMultipleIssues = xerrors.New("license has multiple issues; contact support") )
Functions ¶
func Entitlements ¶
func Entitlements( ctx context.Context, db database.Store, replicaCount int, externalAuthCount int, keys map[string]ed25519.PublicKey, enablements map[codersdk.FeatureName]bool, ) (codersdk.Entitlements, error)
Entitlements processes licenses to return whether features are enabled or not.
func LicensesEntitlements ¶ added in v2.14.0
func LicensesEntitlements( now time.Time, licenses []database.License, enablements map[codersdk.FeatureName]bool, keys map[string]ed25519.PublicKey, featureArguments FeatureArguments, ) (codersdk.Entitlements, error)
LicensesEntitlements returns the entitlements for licenses. Entitlements are merged from all licenses and the highest entitlement is used for each feature. Arguments:
now: The time to use for checking license expiration.
license: The license to check.
enablements: Features can be explicitly disabled by the deployment even if
the license has the feature entitled. Features can also have
the 'feat.AlwaysEnable()' return true to disallow disabling.
featureArguments: Additional arguments required by specific features.
Types ¶
type Claims ¶
type Claims struct {
jwt.RegisteredClaims
// LicenseExpires is the end of the legit license term, and the start of the grace period, if
// there is one. The standard JWT claim "exp" (ExpiresAt in jwt.RegisteredClaims, above) is
// the end of the grace period (identical to LicenseExpires if there is no grace period).
// The reason we use the standard claim for the end of the grace period is that we want JWT
// processing libraries to consider the token "valid" until then.
LicenseExpires *jwt.NumericDate `json:"license_expires,omitempty"`
AccountType string `json:"account_type,omitempty"`
AccountID string `json:"account_id,omitempty"`
// DeploymentIDs enforces the license can only be used on a set of deployments.
DeploymentIDs []string `json:"deployment_ids,omitempty"`
Trial bool `json:"trial"`
FeatureSet codersdk.FeatureSet `json:"feature_set"`
// AllFeatures represents 'FeatureSet = FeatureSetEnterprise'
// Deprecated: AllFeatures is deprecated in favor of FeatureSet.
AllFeatures bool `json:"all_features,omitempty"`
Version uint64 `json:"version"`
Features Features `json:"features"`
RequireTelemetry bool `json:"require_telemetry,omitempty"`
}
func ParseClaims ¶
ParseClaims validates a raw JWT, and if valid, returns the claims. If unparsable or invalid, it returns an error
func ParseClaimsIgnoreNbf ¶ added in v2.14.3
ParseClaimsIgnoreNbf validates a raw JWT, but ignores `nbf` claim. If otherwise valid, it returns the claims. If unparsable or invalid, it returns an error. Ignoring the `nbf` (not before) is useful to determine if a JWT _will_ become valid at any point now or in the future.
type FeatureArguments ¶ added in v2.14.0
type Features ¶
type Features map[codersdk.FeatureName]int64
type MetricsCollector ¶ added in v2.3.1
type MetricsCollector struct {
Entitlements *entitlements.Set
}
func (*MetricsCollector) Collect ¶ added in v2.3.1
func (mc *MetricsCollector) Collect(metricsCh chan<- prometheus.Metric)
func (*MetricsCollector) Describe ¶ added in v2.3.1
func (*MetricsCollector) Describe(descCh chan<- *prometheus.Desc)
Source Files
Click to show internal directories.
Click to hide internal directories.