Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-951

Rework the SonarQube licensing mechanism to match the new Pricing Model



    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:


      The context

      With the new pricing model, there are only 4 commercial packages which are provided through sets of commercial SonarQube plugins. Those 4 packages are :

      • Support Pack
      • Developer Edition (Branch, Developer, mainstream languages,... )
      • Enterprise Edition (Developer Pack + Governance, Boost + Legacy Languages)
      • Data Center Edition (Enterprise Edition + Cluster plugin)

      Expectations on the new way we manage commercial products in next LTS:

      • About the license:
        • It still limits the use of the commercial features for a given amount of time (i.e. there's still an expiration)
        • It will limit the use of SonarQube to a maximum number of Lines Of Code
        • It must not be linked to an IP or Mac address
          • As a customer, once I've a SonarQube instance, I should be able to move this instance from one machine to another without having to ask for a new license to SonarSource
        • It must not be sent over the wire to the scanners
          • This is indeed a security concern for sonarcloud.io.
        • Only 1 license to rule all the plugins which make a package
          • As a customer, I do expect to have only one license to enter - whatever the number of commercial features (= underlying commercial plugins) that are unlocked by this license
      • About the way features are packaged and installed
        • It must be easy to find those commercial packages
          • As a user, I'm tempted to go the the Update Center to find things to install - so I expect to find this information in this place
        • It must be simple to install a package - whatever underlying plugins it contains
          • As a customer, I should not have to figure out by myself which plugins I have to install to benefit from this or that package - I just want to select the package and have a very smooth and straighforward user experience

      The expected end-user experience

      There are 2 main features:

      1. Discover, install and remove packages
      2. Set the license, update it and manage cases where it is invalid

      #1 - Discover, install and remove packages

      This is here just to understand the big-picture, but it will be implemented in MMF-1066

      As a user, I expect to find everything in the "Update Center" (which will be renamed "Marketplace"):

      • When I arrive on the page, on top of what we currently see, I immediately see 4 "big boxes" that:
        • Are named after the packages
        • Provide a short description of the purpose of the package
        • Give a link that will bring me to SonarSource website to get more details about the package
        • Have an appealing "Install" button
      • When I click on "Install", a modal asks me if I've already got a license for that package
        • If I answer "Yes", SonarQube proceeds with the download of the package (= ZIP file that contains the relevant plugins) and tells me to restart once it's done
          • If the download fails (for instance because SQ does not have access to Internet), a direct link to the ZIP file is provided along with instructions on what to do (i.e. extract it in the plugins "install" folder and restart)
        • If I answer "No", redirect the user to a form on SonarSource website (and pass the Server ID as a parameter to pre-fill the form)*
      • When I restart after the package was automatically downloaded or after I unzipped the one I downloaded, when I log as a global admin (and as long as a valid license hasn't been set), I'm automatically redirected to the License page where I can enter the license that SonarSource sent to me

      Once I have a package installed and activated through a valid license:

      • I can update the plugins in the Update Center like I would do for any other plugin
      • I can upgrade to another package if I want to (I will follow the path described previously)
      • I can "Uninstall" the package using a discreet "Downgrade" button that will automatically remove all the commercial plugins which were installed for this package
        • The set of plugins to uninstall are all the installed SonarSource commercial plugins


      • It's not possible to install SonarSource commercial plugins with the standard "install" mechanism of the Update Center
        • It's possible to find them if you search (for instance for "COBOL"), but no "Install" button is available and there's a message which says that such plugin is available only through the packages displayed at the top of the page
      • If I've installed a package, it would be nice that the corresponding box shows this information and therefore does not provide the "Install" button
      • If SonarSource decides to give a tailored package for a given customer (for example Dev Pack + SonarCOBOL), it is intended that this will be done "manually":
        • The Sales person will send the license key along with a ZIP file containing the relevant plugins
        • The customer will have to unzip the archive in the "extensions/install" folder, restart the server and set the license

      #2 - Set the license, update it and manage cases where it is invalid

      This will be done through a dedicated closed-source plugin (License Manager Plugin) that will come with every commercial package. This plugin will provide the "License" page to which are redirected SQ admins who have installed a package but not filled the license yet.

      As a SQ admin who has just installed a package, I'm redirected to this page where:

      • I see the Server ID displayed at the top of the page
      • I can enter the license that was sent to me by SonarSource
      • I get clear error messages in case the license cannot be read (invalid copied string for instance)
      • I see all the details once a valid license has been set:
        • Expiration Date: DD MMM YYYY
        • Limit of Lines of Code: X'XXX'XXX
        • Server ID: YYYY-ZZZZ-TTTT-XXXX
        • Name of Package : Developer Kit/Legacy Languages/Enterprise Edition/..
        • Brief listing of available features (e.g.: "Branch Support + dev notifications" or "COBOL, RPG, PL/I")
      • If the license is not valid, this is clearly displayed and I can easily find which part is not correct
        • Example 1: date has expired
        • Example 2: server ID is not the correct one
      • I have a button to set a new license (for example when it is expired)

      If the license is missing or if it is invalid (for example because the max number of ncloc is reached):

      • Every background task must fail at the very beginning of the processing with a clear message that the license has expired or is invalid
      • Therefore users will see a "Failed" badge on their project if that happens, and they will contact their SQ admin
      • The SQ admin will also see this in the global "Background Tasks" page
      • And so the SQ admin will go to the "License" page where he will find what's wrong and will be able to set a new license

      Also, as a SQ admin, I expect to get an email 2 months in advance (with a reminder 1 month in advance) that the license is about to expire. This should give enough time to contact SonarSource and get a renewal.

      Note: if the License Plugin detects that other SonarSource commercial plugins were installed but are not part of the current license key, SonarQube should also fail any background task with a message like "Please uninstall XXXX as your license doesn't allow to benefit from this feature.".

      • This might happen when a customer gets a tailored package but makes a mistake while installing other plugins not supported in the license

      Implementation of the solution

      The solution will be implemented in 3 places:

      • Inside SonarQube for the UX to discover, install and remove packages
      • In a closed-source plugin for the management of the license
      • In the license generator

      #1 - Discover, install and remove packages

      This is here just to understand the big-picture, but it will be implemented in MMF-1066

      This part will be developed in SonarQube itself, which means that even Community Edition users will see the "advertisement" for SonarSource packages inside the Update Center.

      Even though this will be developed during a 6.6 sprint, this UI should be available only starting with SonarQube 6.7.

      To offer us more flexibility, the definition of the package "boxes" will be retrieved by the browser from a JSON file located on a SonarSource server. This will be something like:

      	"dev-pack": {
      		"name": "Developer Pack",
      		"desc": "Offers everything your dev team needs to collaborate efficiently:<ul><li>Branch support</li><li>Dev notifications</li></ul> ",
      		"more_link": "https:/redirect.sonarsource.com/business/dev-pack.html",
      		"download_link": "https://www.sonarsource.com/downloads/dev-pack.zip"
      	"enterprise-edition": {
      		"name": "Enterprise Edition",
      		"desc": "...",
      		"more_link": "...",
      		"download_link": "..."
      	"enterprise-edition-with-ha": {
      		"name": "Enterprise Edition with High Availability",
      		"desc": "...",
      		"more_link": "...",
      		"download_link": "..."

      #2 - Set the license, update it and manage cases where it is invalid

      This must be done in a closed-source "License Manager" plugin which will:

      • Contribute the UI to manage the license (and the redirect to that page upon admin login when the license is missing)
      • Handle the various use cases when CE engine must fail:
        • Missing license
        • Invalid license (expired, more commercial plugin than expected, max number of nloc exceeded, invalid server id)

      The commercial plugins should not contain any logic relating to this license mechanism. The only thing they should do is to fail at start-up if the License Manager plugin is not installed: "Please install the SonarSource License Manager and request a valide license to be able to use XXXX".

      The "Support" plugin has a requirement though: it should be able to know the following piece of information in order to display what's relevant in the "Support" page:

      • Is an edition installed, and if yes, which one is it?
      • Is the instance supported?

      => Ideally, this information should be stored somewhere in the DB (as a kind of metadata of the instance) so that we can (for instance) change the "Get Support" link to something else when the instance is supported.

      #3 - The license generator

      The license generator wizard used by the Sales Operations team should go through the following steps :

      • Provide a license type (Evaluation / Production)
      • Provide a Server ID (mandatory)
      • Provide an expiration date (mandatory)
      • Provide a maximum number of lines of code (mandatory): to be choosen among a pre-defined list of thresholds.
      • Provide an edition : to be choosen among the following list:
        • Community Edition
        • Developer Edition
        • Enterprise Edition
        • Data Center Edition
      • Provide some extra commercial languages (optional) : to be choosen among a pre-defined list of languages
      • Tell if support is included (mandatory): false (default) or true

      Current design solution

      In Administration, we no longer have a "System" tab containing "System Info" and "Update Center". We have a System tab (no dropdown) containing what was the System Info page, and a new Marketplace tab.

      The System page will now show an info banner whenever a new version of SonarQube is available (because there's no Update Center anymore)

      The Marketplace tab is where you'll find plugins and our Editions packs.

      When clicking on "Install" on Developer Edition:

      The license page will show all useful informations about his current plan

      License can be updated by clicking on "Set new license". A simple format check will always be performed (nb this is already the case when entering license for the first time)

      Coming back to the Marketplace page, it should look like this

      Errors and other scenarios

      When the user can't install the Pack because of internet issues

      When the user reaches the maximum number of LoC

      When the license has expired, a similar error banner will appear on top of a project's homepage. The license page will also look like this

      When the user tries to set a new license that doesn't match her current installation/edition


        1. MMF_951_V1_01_System_Page_01.png
          85 kB
        2. MMF_951_V1_02_System_Page_02.png
          98 kB
        3. MMF_951_V1_03_Marketplace_01.png
          161 kB
        4. MMF_951_V1_08_License_01.png
          75 kB
        5. MMF_951_V1_09_License_02.png
          87 kB
        6. MMF_951_V1_10_License_03.png
          107 kB
        7. MMF_951_V1_11_License_04.png
          109 kB
        8. MMF_951_V1_12_Analysis_Failed_02.png
          94 kB
        9. MMF_951_V1_12_License_05.png
          119 kB
        10. MMF_951_V1_12_Marketplace_06.png
          172 kB
        11. MMF_951_V1_13_Analysis_Failed_01.png
          158 kB
        12. MMF_951_V1_13_Analysis_Failed_04.png
          90 kB
        13. MMF_951_V1_13_License_06.png
          85 kB
        14. MMF_951_V1_14_Analysis_Failed_03.png
          157 kB
        15. MMF_951_V1_14_License_07.png
          87 kB
        16. MMF_951_V2_04_Marketplace_02.png
          152 kB
        17. MMF_951_V2_05_Marketplace_03.png
          165 kB
        18. MMF_951_V2_06_Marketplace_04.png
          165 kB
        19. MMF_951_V2_07_Marketplace_05.png
          160 kB

          Issue Links



              fabrice.bellingard Fabrice Bellingard
              freddy.mallet Freddy Mallet (Inactive)
              0 Vote for this issue
              7 Start watching this issue