[Feat]: Marketplace and Subscription / Billing integration with Alibaba Cloud

[sashwathn]

Problem

We need to be on the Alibaba Cloud Global Marketplace.

Description

In our attempt to expand our partnerships, we intend to have Netdata listed and integrated with the Alibaba MarketPlace, allowing users to:

• Subscribe to Netdata Annual and Monthly Subscriptions
• Upgrade their subscriptions
• Renew their subscriptions
• Terminate their subscriptions

This will require an SPI integration and the documentation to this is available here https://www.alibabacloud.com/help/en/marketplace/spi-reference/ The main aspects that we need to identify and support are:

• [ ] Associate a subscription with a Netdata Space
  • [ ] With an existing Netdata Space
  • [ ] With a new Netdata Space
• [ ] Get the subscription details from Alibaba Cloud and store in our backend
• [ ] Inform Alibaba Cloud of overages
• [ ] Other aspects similar to AWS Billing integrations

cc: @papazach @shyamvalsan @ktsaou

Importance

must have

Value proposition

1. Expand our partnerships
2. New revenue streams
3. Ease of subscription for Alibaba Cloud customers

Proposed implementation

No response

[papazach]

Going through the API Reference docs I noticed some important points that at a glance seem incompatible with our auth/operation model and that we should definitely look into further.

The flow creating the subscription to Netdata Cloud after successful customer purchase looks as follows:

So in a nutshell the after the customer action (aka purchase) we will get a callback with some information, we will need to create entities/bindings etc and then respond with a predefined payload that includes credentials to acually access the SaaS that the customer purchased.

Issues / Questions

A) The request parameters do not include a customer email (issue no. 1). The closest identifier that is included is aliUid that is

The unique ID of the Alibaba Cloud account that purchases the SaaS product

We have no way to translate that to the underlying email. Looking at the Alibaba Cloud APIs we could do that only if we were ... the actual customer and had issued API credentials.

B) This is just a callback, it is not a customer redirection similar to the AWS integration. So we should synchronously create everything needed in our systems and respond. So the customer will not do anything here we will need to create everything behind the scenes and just return in the response credential information (more on that on point C). So the issue no. 2 here is kinda bigger aka:

• The customer will not be given the chance to attach the subscription to an existing space. The customer will not even be able to choose a space. We could theoretically create a new account on his behalf and attach it to its default space.
• But how are we going to create an account without an email (issue no.1) ? Everything account related from our side is connected to an email.

C) In the response we need to return a subscription identifier (that is ok) and an appInfo payload to access the newly purchased and created account and space.

appInfo looks like this:

The 2 issues I see with that are:

• password : We do not even use passwords. We only have magic links and SSO aka password-less methods.
• authUrl : The docs mention that as:

The URL for logging on the SaaS product without authentication.

We currently have no way to issue such a URL, but this could be the only issue that we could tackle.

Nevertheless, looking into the actual user-facing SaaS purchase journey here, I understand that we could only return the authUrl and the user would login directly from there.

Blockers

So finally I can summarize the blockers for this 1st flow in two major points:

1. We have no customer email. We will need to reach out to an Alibaba Marketplace rep and ask if there is any way to retrieve it somehow. If not I think this is kinda of a show stopper or we need to rethink/rework our auth layer to work with usernames (?)
2. The customer is not setting up his account/space himself, we should do it on his behalf. This means that Alibaba Marketplace purchases will only create a new account and attach the subscription to the default space of that account. What we could potentially do would be to also check if an account already exists with that given email (I take for granted that we obtained it somehow from point 1.) and attach it that account's default space.

Any thoughts/comments are welcome @ralphm / @juacker, @car12o / @sashwathn

[papazach]

@sashwathn Summarizing again the open questions regarding the createInstance operation, we could send over to Alibaba Cloud before scheduling a call:

1. Could we somehow get the end customer's email address? The documentation mentions only the aliUid is sent over as customer identifier. Is there perhaps another API we could lookup the customer's email using the aliUid?
2. We would like to redirect the customer to register/login & setup its space to our SaaS before successfully responding with the newly created InstanceId. Would that be possible? From the docs we understand that the the moment the customer purchases our SaaS our createInstance endpoint will be called from Alibaba and we should setup everything for customer on its behalf behind the scenes, with the customer performing no actions whatsoever. Note that we only support password-less logins (aka email magic links) and SSOs login/registration.