DockerCLI/vendor/github.com/docker/licensing/client.go

277 lines
8.1 KiB
Go

package licensing
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"net/http"
"net/url"
"strings"
"github.com/docker/libtrust"
"github.com/docker/licensing/lib/errors"
"github.com/docker/licensing/lib/go-auth/jwt"
"github.com/docker/licensing/lib/go-clientlib"
"github.com/docker/licensing/model"
)
const (
trialProductID = "docker-ee-trial"
trialRatePlanID = "free-trial"
)
// Client represents the licensing package interface, including methods for authentication and interaction with Docker
// licensing, accounts, and billing services
type Client interface {
LoginViaAuth(ctx context.Context, username, password string) (authToken string, err error)
GetHubUserOrgs(ctx context.Context, authToken string) (orgs []model.Org, err error)
GetHubUserByName(ctx context.Context, username string) (user *model.User, err error)
VerifyLicense(ctx context.Context, license model.IssuedLicense) (res *model.CheckResponse, err error)
GenerateNewTrialSubscription(ctx context.Context, authToken, dockerID string) (subscriptionID string, err error)
ListSubscriptions(ctx context.Context, authToken, dockerID string) (response []*model.Subscription, err error)
ListSubscriptionsDetails(ctx context.Context, authToken, dockerID string) (response []*model.SubscriptionDetail, err error)
DownloadLicenseFromHub(ctx context.Context, authToken, subscriptionID string) (license *model.IssuedLicense, err error)
ParseLicense(license []byte) (parsedLicense *model.IssuedLicense, err error)
StoreLicense(ctx context.Context, dclnt WrappedDockerClient, licenses *model.IssuedLicense, localRootDir string) error
LoadLocalLicense(ctx context.Context, dclnt WrappedDockerClient) (*model.Subscription, error)
SummarizeLicense(res *model.CheckResponse, keyID string) *model.Subscription
}
func (c *client) LoginViaAuth(ctx context.Context, username, password string) (string, error) {
creds, err := c.login(ctx, username, password)
if err != nil {
return "", errors.Wrap(err, errors.Fields{
"username": username,
})
}
return creds.Token, nil
}
func (c *client) GetHubUserOrgs(ctx context.Context, authToken string) ([]model.Org, error) {
ctx = jwt.NewContext(ctx, authToken)
orgs, err := c.getUserOrgs(ctx, model.PaginationParams{})
if err != nil {
return nil, errors.WithMessage(err, "Failed to get orgs for user")
}
return orgs, nil
}
func (c *client) GetHubUserByName(ctx context.Context, username string) (*model.User, error) {
user, err := c.getUserByName(ctx, username)
if err != nil {
return nil, errors.Wrap(err, errors.Fields{
"username": username,
})
}
return user, nil
}
func (c *client) VerifyLicense(ctx context.Context, license model.IssuedLicense) (*model.CheckResponse, error) {
res, err := c.check(ctx, license)
if err != nil {
return nil, errors.WithMessage(err, "Failed to verify license")
}
return res, nil
}
func (c *client) GenerateNewTrialSubscription(ctx context.Context, authToken, dockerID string) (string, error) {
ctx = jwt.NewContext(ctx, authToken)
sub, err := c.createSubscription(ctx, &model.SubscriptionCreationRequest{
Name: "Docker Enterprise Free Trial",
DockerID: dockerID,
ProductID: trialProductID,
ProductRatePlan: trialRatePlanID,
Eusa: &model.EusaState{
Accepted: true,
},
})
if err != nil {
return "", errors.Wrap(err, errors.Fields{
"docker_id": dockerID,
})
}
return sub.ID, nil
}
// ListSubscriptions returns basic descriptions of all subscriptions to docker enterprise products for the given dockerID
func (c *client) ListSubscriptions(ctx context.Context, authToken, dockerID string) ([]*model.Subscription, error) {
ctx = jwt.NewContext(ctx, authToken)
subs, err := c.listSubscriptions(ctx, map[string]string{"docker_id": dockerID})
if err != nil {
return nil, errors.Wrap(err, errors.Fields{
"docker_id": dockerID,
})
}
// filter out non docker licenses
dockerSubs := []*model.Subscription{}
for _, sub := range subs {
if !strings.HasPrefix(sub.ProductID, "docker-ee") {
continue
}
dockerSubs = append(dockerSubs, sub)
}
return dockerSubs, nil
}
// ListDetailedSubscriptions returns detailed subscriptions to docker enterprise products for the given dockerID
func (c *client) ListSubscriptionsDetails(ctx context.Context, authToken, dockerID string) ([]*model.SubscriptionDetail, error) {
ctx = jwt.NewContext(ctx, authToken)
subs, err := c.listSubscriptionsDetails(ctx, map[string]string{"docker_id": dockerID})
if err != nil {
return nil, errors.Wrap(err, errors.Fields{
"docker_id": dockerID,
})
}
// filter out non docker licenses
dockerSubs := []*model.SubscriptionDetail{}
for _, sub := range subs {
if !strings.HasPrefix(sub.ProductID, "docker-ee") {
continue
}
dockerSubs = append(dockerSubs, sub)
}
return dockerSubs, nil
}
func (c *client) DownloadLicenseFromHub(ctx context.Context, authToken, subscriptionID string) (*model.IssuedLicense, error) {
ctx = jwt.NewContext(ctx, authToken)
license, err := c.getLicenseFile(ctx, subscriptionID)
if err != nil {
return nil, errors.Wrap(err, errors.Fields{
"subscriptionID": subscriptionID,
})
}
return license, nil
}
func (c *client) ParseLicense(license []byte) (*model.IssuedLicense, error) {
parsedLicense := &model.IssuedLicense{}
// The file may contain a leading BOM, which will choke the
// json deserializer.
license = bytes.Trim(license, "\xef\xbb\xbf")
if err := json.Unmarshal(license, &parsedLicense); err != nil {
return nil, errors.WithMessage(err, "failed to parse license")
}
return parsedLicense, nil
}
type client struct {
publicKeys []libtrust.PublicKey
hclient *http.Client
baseURI url.URL
}
// Config holds licensing client configuration
type Config struct {
BaseURI url.URL
HTTPClient *http.Client
// used by licensing client to validate an issued license
PublicKeys []string
}
func errorSummary(body []byte) string {
var be struct {
Message string `json:"message"`
}
jsonErr := json.Unmarshal(body, &be)
if jsonErr != nil {
return clientlib.DefaultErrorSummary(body)
}
return be.Message
}
// New creates a new licensing Client
func New(config *Config) (Client, error) {
publicKeys, err := unmarshalPublicKeys(config.PublicKeys)
if err != nil {
return nil, err
}
hclient := config.HTTPClient
if hclient == nil {
hclient = &http.Client{}
}
return &client{
baseURI: config.BaseURI,
hclient: hclient,
publicKeys: publicKeys,
}, nil
}
func unmarshalPublicKeys(publicKeys []string) ([]libtrust.PublicKey, error) {
trustKeys := make([]libtrust.PublicKey, len(publicKeys))
for i, publicKey := range publicKeys {
trustKey, err := unmarshalPublicKey(publicKey)
if err != nil {
return nil, err
}
trustKeys[i] = trustKey
}
return trustKeys, nil
}
func unmarshalPublicKey(publicKey string) (libtrust.PublicKey, error) {
pemBytes, err := base64.StdEncoding.DecodeString(publicKey)
if err != nil {
return nil, errors.Wrapf(err, errors.Fields{
"public_key": publicKey,
}, "decode public key failed")
}
key, err := libtrust.UnmarshalPublicKeyPEM(pemBytes)
if err != nil {
return nil, errors.Wrapf(err, errors.Fields{
"public_key": publicKey,
}, "unmarshal public key failed")
}
return key, nil
}
func (c *client) doReq(ctx context.Context, method string, url *url.URL, opts ...clientlib.RequestOption) (*http.Request, *http.Response, error) {
return clientlib.Do(ctx, method, url.String(), append(c.requestDefaults(), opts...)...)
}
func (c *client) doRequestNoAuth(ctx context.Context, method string, url *url.URL, opts ...clientlib.RequestOption) (*http.Request, *http.Response, error) {
return clientlib.Do(ctx, method, url.String(), append(c.requestDefaults(), opts...)...)
}
func (c *client) requestDefaults() []clientlib.RequestOption {
return []clientlib.RequestOption{
func(req *clientlib.Request) {
tok, _ := jwt.FromContext(req.Context())
req.Header.Add("Authorization", "Bearer "+tok)
req.ErrorSummary = errorSummary
req.Client = c.hclient
},
}
}
func (c *client) StoreLicense(ctx context.Context, dclnt WrappedDockerClient, licenses *model.IssuedLicense, localRootDir string) error {
return StoreLicense(ctx, dclnt, licenses, localRootDir)
}