This RFD proposes a way to display license warnings to self hosted users both before and after license expiration.
## Why
To encourage the renewal of licenses after expiration and let users know before their license expires.
## Success criteria
Teleport displays license warnings to users in both CLI and web UI starting from a certain time prior to the license expiration, as well as post-expiration.
## Scope
Self-hosted Teleport will be the target of this RFD. Teleport Cloud is out of scope because the Cloud license does not have proper expiration yet. When Cloud implements proper license expiration, this feature will kick in automatically.
License warning should be displayed in both Web UI and CLI (tsh/tctl).
Your Teleport Enterprise Edition license has expired on instance InstanceName. Please reach out to [licenses@goteleport.com](mailto:licenses@goteleport.com) to obtain a new license. Inaction may lead to unplanned outage or degraded performance and support.
Your Teleport Enterprise Edition license will expire in 10 days on instance InstanceName. Please reach out to [licenses@goteleport.com](mailto:licenses@goteleport.com) to obtain a new license. Inaction may lead to unplanned outage or degraded performance and support.
```
```
$ build/tctl status -c /home/edward/teleport/teleport.yaml
CA pin sha256:3d72102f020146d09ff400810f59f70b8163ebfe6ec1ecfb0b3b2a0c151592
Your Teleport Enterprise Edition license has expired on instance InstanceName. Please reach out to [licenses@goteleport.com](mailto:licenses@goteleport.com) to obtain a new license. Inaction may lead to unplanned outage or degraded performance and support.
```
CLI does not support snoozing the warnings as you can in the webUI. Which provides the functionality to disable the warnings temporarily.
### Web UI UX
Web UI will display license expiration banner on top of the page with the following rules:
Show warning (yellow) to users N days prior to expiration, 1 day snooze
Show error (red) to all users after expiration, no dismiss or snoozing available.
Snoozing allows users to disable the warning in the web UI from being displayed for N days.
## Implementation details
License warnings can piggyback on the cluster alert endpoint `ServerWithRoles.GetClusterAlerts` with the responses being
```
{
"alerts": [
{
"kind": "cluster_alert",
"version": "v1",
"metadata": {
"name": "123e4567-e89b-12d3-a456-426614174000.",
"labels": {
"teleport.internal/alert-on-login": "yes",
"teleport.internal/alert-permit-all": "yes"
},
"expires": "2022-08-31T17:26:05.728149Z"
},
"spec": {
"severity": 5,
"message": "Your Teleport Enterprise Edition license will expire in 10 days on instance InstanceName. Please reach out to [licenses@goteleport.com](mailto:licenses@goteleport.com) to obtain a new license. Inaction may lead to unplanned outage or degraded performance and support.",
"message": "Your Teleport Enterprise Edition license has expired on instance InstanceName. Please reach out to [licenses@goteleport.com](mailto:licenses@goteleport.com) to obtain a new license. Inaction may lead to unplanned outage or degraded performance and support.",
"created": "2022-08-30T17:26:05.728149Z"
}
}
]
}
```
On startup and every 1 hour afterwards the auth server will check the license and generate a license warning if applicable, or clear license warning alerts if they are no longer needed. License warning alerts are only generated and cleared in Teleport enterprise and not Teleport cloud or OSS Teleport.
The warnings are to be be created up to 90 days prior to the license expiring.
All requests to grab cluster alerts will be made with a timeout of 500ms.
The cluster alert spec may also need to be modified to add a bool for whether an alert is allowed to be dismissed for the web ui alerts.
```
message ClusterAlertSpec {
// Severity represents how problematic/urgent the alert is.