gramex icon indicating copy to clipboard operation
gramex copied to clipboard

Published 20 hours ago verified publisher icon gramener

Licensing feature

Open sanand0 opened this issue 4 years ago • 3 comments

Gramex enterprise should allow restricting instances based on a license.json. It's a signed JSON file that has this structure:

{
  "libraries": [
    "gramex.ml",
    "gramex.cache",
  ],
  "microservices": [
    "FormHandler",
    "AuthHandler",
  ],
  "apps": [
    "ui",
    "forms"
  ],
  "connectors": [
    "mysql",
    "postgres"
  ],

  "max-apps-per-instance": 1,             //
  "max-instances-per-server": 1,          // 
  "max-users": 100,                       // 
  "max-cache": 1000000000,                // 
  "max-requests-per-day": 10000,          //
  "max-requests-per-month": 100000,       //

  "restrict-custom-microservices": false, // Can user write their own handlers?
  "restrict-to-app": "hr-app",            // Only a folder named hr-app will run
  "restrict-to-instance": "machine-signature",
  
  "valid-till": "2021-12-31",             // License expires on this date
  "email": "...",                         //
  "signature": "..."                      // SHA256(JSON + SECRET_SALT) or something
}
  • A JSON file that can be read by any app (e.g. IDE should be able to list what capabilities are available by looking at the JSON)
  • A signed file (e.g. the JSON file must have a field that validates that this was provided by Gramener, and invalidate it if the user edits the JSON)
  • The JSON has keys for different capabilities (e.g. a key called "time", "components", etc.) for each of the restriction types, which can be extended in the future
  • Licence generation function as an API
  • When license fails, the error messages share clear next steps
  • Allow self-generation of license (with limits)
  • Licenses are atomic. Only 1 license is valid at a time. To add capabilities, generate a new license file with old + new capabilities.

sanand0 avatar Jan 11 '21 08:01 sanand0

@bhatsandeep Let's discuss this on Wed 13 Jan and take a call. But could you please share any thoughts on this?

sanand0 avatar Jan 11 '21 08:01 sanand0

@Anand S [email protected] right no I do not have any preference for data storage, so JSON works. However, I'd suggest that the 'reading' part should be done by a Gramex itself and exposed to the external world (other apps) through an REST API. We can discuss details on Wednesday as suggested.

Also, from a licensing scenario perspective, I have one addition, making it four now as below:

  1. Gramex Instance on Server (Running IDE for an Org)
  2. Gramex Instance running within each container (on the server above) on which the App is being developed.
  3. Gramex Instance on the server on which the App is being deployed/hosted.
  4. Gramex Instance(s) in a Multitenant Environment where App is being deployed/hosted (need to discuss whether we want to support it - pro's and cons)

Regards Sandeep

On Mon, Jan 11, 2021 at 1:59 PM S Anand [email protected] wrote:

@bhatsandeep https://github.com/bhatsandeep Let's discuss this on Wed 13 Jan and take a call. But could you please share any thoughts on this?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/gramener/gramex/issues/359#issuecomment-757711948, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQC65A3T6WI44WFVRN6B5M3SZKZIPANCNFSM4V5GZJIA .

bhatsandeep avatar Jan 11 '21 10:01 bhatsandeep

Noted @bhatsandeep -- will factor these scenarios in.

sanand0 avatar Jan 11 '21 13:01 sanand0