Server : Apache/2.4.52 (Ubuntu) System : Linux webserver 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 17:42:15 UTC 2 x86_64 User : www-data ( 33) PHP Version : 8.1.2-1ubuntu2.21 Disable Function : NONE Directory : /lib/python3/dist-packages/uaclient/__pycache__/ |
o
�������f}����������������������@���s���d�dl�Z�d�dlZd�dlZd�dlmZ�d�dlmZmZmZm Z m
Z
�d�dl
m
��m
Z�d�dlmZmZmZmZmZmZmZmZmZ�d�dlmZ�d�dlm
Z
�d�dl
m
Z
�d�dl m Z �d�d l!m"Z"m#Z#�d�d
l$m%Z%�d�d
l&m'Z'�d
Z(d
Z)d
Z*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2ddddd�Z3e�4��Z5e�6e�7e8��Z9edddg�Z:G�d
d
��d
e%j;�Z<d
e=fd d �Z> !dJd"e
d#ee?ef�d$ee?ef�d%e@d&e@d'df
d(d)�ZA * !dKd"e
d+ee?ef�d,ee?ef�d%e@d&e@d'e
ee@f�f
d-d.�ZBd/ejCd'ejDfd0d1�ZEd"e
fd2d3�ZFd"e
d'ee�fd4d5�ZGd"e
d6e?d'ee?ef�fd7d8�ZHd"e
d'e@fd9d:�ZId;ee?e?f�d<ee?e?f�d'eJfd=d>�ZK dLd?ee?ef�d@e?dAe?de e?�d'eeJee?ef�f�f
dBdC�ZL dMd+ee?ef�dDe e?�de e?�d'dfdEdF�ZMd"e
dGee?ef�d'ee:�fdHdI�ZNdS�)N�����N)�
namedtuple)�Any�Dict�List�Optional�Tuple) �clouds�
event_logger�
exceptions�http�messages�secret_manager�system�util�version)�_enabled_services)�
_is_attached)�UAConfig)�ATTACH_FAIL_DATE_FORMAT)�attachment_data_file�machine_id_file)�
serviceclient)�
get_user_or_root_log_file_pathz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z
/v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z
/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z
/v1/contractz/v1/magic-attach����������������)�series_overrides�series�cloud�variant�EnableByDefaultService�namer ���c����������������
�������sj��e�Zd�ZdZ d(dee�ddf��fdd�
Zeje j
g�d�d� d(d d
��Z
de
e
ef�fd
d
�Zd
e
de
e
ef�fdd�Zeje j
g�d�d�dejfdd��Z d(de
de
dee
�de
e
ef�fdd�Zdd��Zde
de
e
ef�fdd
�Zde
e
ef�fd
d
�Zde
fd d �Z d(de
d!e
dee
�de
e
ef�fd"d#�Z d(de
d!e
dee
�de
fd$d%�Zd&d'��Z���Z
S�))�UAContractClient�
contract_urlN�cfg�returnc��������������������s
���t���j|d��t���|�_d�S�)N�r%���)�super�__init__�mtf�get_machine_token_file�machine_token_file)�selfr%����� __class__���3/usr/lib/python3/dist-packages/uaclient/contract.pyr)���E���s���zUAContractClient.__init__)r���r���r���)�
retry_sleepsc�����������
������C���s����|st��|�j�}|����}|�dd�|�i��|����}|���|d<�||d�}t|�}|�j t
||d�}|j
dkr:t
�
���|j
dkrCt|��|j
dkrRt
jt
|j
|jd ��|j} tj�| �d
d
���| �d
g��D�]
}
tj�|
�d
d
���qe| S�)a}��Requests machine attach to the provided machine_id.
@param contract_token: Token string providing authentication to
ContractBearer service endpoint.
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
@return: Dict of the JSON response containing the machine-token.
�
Authorization� Bearer {}�lastAttachment�� machineId�
activityInfo)�data�headers���i����������url�code�body�
machineToken���resourceTokens�token)r����get_machine_idr%���r:����update�format�_get_activity_info� isoformat�_support_old_machine_info�
request_url�API_V1_ADD_CONTRACT_MACHINEr?���r
����AttachInvalidTokenError� _raise_attach_forbidden_message�ContractAPIErrorr@���� json_dictr
����secrets�
add_secret�get)
r-����contract_token�
attachment_dt�
machine_idr:����
activity_infor9����backcompat_data�response�
response_jsonrD���r0���r0���r1����add_contract_machineL���s8���
�
�
�z%UAContractClient.add_contract_machinec�����������������C���sT���|�����}|�jt|d�|d�|d�|d�d�d�}|jdkr'tjt|j|jd��|jS�) z=Requests list of entitlements available to this machine type.�
architecturer
����kernel�virt�r\���r
���r]���r^���)�
query_paramsr<���r=���)rH���rK����API_V1_AVAILABLE_RESOURCESr?���r
���rO���r@���rP���)r-���rW���rY���r0���r0���r1����available_resourcesw���s �����
�z$UAContractClient.available_resourcesrT���c�����������������C���sN���|�����}|�dd�|�i��|�jt|d�}|jdkr$tjt|j|jd��|j S�)Nr3���r4����r:���r<���r=���)
r:���rF���rG���rK���� API_V1_GET_CONTRACT_USING_TOKENr?���r
���rO���r@���rP���)r-���rT���r:���rY���r0���r0���r1����get_contract_using_token����s����
�z)UAContractClient.get_contract_using_token�instancec����������������C���s~���|�j�tj|jd�|jd�}|jdkr0|j�dd�}|r&t� |��t
j
|d��t
j
t|j|j
d��|j}tj�|�dd���|S�) z�Requests contract token for auto-attach images for Pro clouds.
@param instance: AutoAttachCloudInstance for the cloud.
@return: Dict of the JSON response containing the contract-token.
)�
cloud_type)r9���r<����messagerB���)� error_msgr=����
contractToken)rK����,API_V1_GET_CONTRACT_TOKEN_FOR_CLOUD_INSTANCErG���rg����
identity_docr?���rP���rS����LOG�debugr
����InvalidProImagerO���r@���r
���rQ���rR���)r-���rf���rY����msgrZ���r0���r0���r1����%get_contract_token_for_cloud_instance����s*���
��
�
�z6UAContractClient.get_contract_token_for_cloud_instance�
machine_token�resourcerV���c����������� ������C���s����|st��|�j�}|����}|�dd�|�i��tj||d�}|�j||d�}|jdkr3t j
t|j|j
d��|j�
d�rA|jd�|j
d<�|j
}|�
dg��D�]
}tj�|�
d d
���qJ|S�)
a���Requests machine access context for a given resource
@param machine_token: The authentication token needed to talk to
this contract service endpoint.
@param resource: Entitlement name.
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
@return: Dict of the JSON response containing entitlement accessInfo.
r3���r4���)rs����machinerc���r<���r=����expiresrC���rD���rB���)r���rE���r%���r:���rF���rG����"API_V1_GET_RESOURCE_MACHINE_ACCESSrK���r?���r
���rO���r@���rS���rP���r
���rQ���rR���) r-���rr���rs���rV���r:���r>���rY���rZ���rD���r0���r0���r1����get_resource_machine_access����s(���
�
�
z,UAContractClient.get_resource_machine_accessc�����������������C���s����|�j�j}|�j�j�d�}t�|�j�}|����}tj ||d�}|��
��}|�
dd� |�i��|�j
|||d�}|j
dkrAtj||j
|jd��|jrU|�j�j}|j|d<�|�j��|��d S�d S�)
z�Report current activity token and enabled services.
This will report to the contracts backend all the current
enabled services in the system.
rA�����contractrt���r3���r4���)r:���r9���r<���r=���r8���N)r,����
contract_idrr���rS���r���rE���r%���rH����
API_V1_UPDATE_ACTIVITY_TOKENrG���r:���rF���rK���r?���r
���rO���r@���rP����write)r-���rz���rr���rV����
request_datar>���r:���rY���r0���r0���r1����update_activity_token����s*����
�
�
�z&UAContractClient.update_activity_token�
magic_tokenc�����������������C���s����|�����}|�dd�|�i��|�jt|d�}|jdkr
t����|jdkr't����|jdkr6tj t|j|j
d��|j
}g�d�}|D�]
}t
j
�|�|d ���q?|S�)
z�Request magic attach token info.
When the magic token is registered, it will contain new fields
that will allow us to know that the attach process can proceed
r3���r4���rc���r;������r<���r=����rD����userCoderj���rB���)r:���rF���rG���rK����"API_V1_GET_MAGIC_ATTACH_TOKEN_INFOr?���r
����MagicAttachTokenError�MagicAttachUnavailablerO���r@���rP���r
���rQ���rR���rS���)r-���r���r:���rY���rZ����
secret_fields�fieldr0���r0���r1����get_magic_attach_token_info��s(����
�z,UAContractClient.get_magic_attach_token_infoc�����������������C���sx���|�����}|�jt|dd�}|jdkrt����|jdkr$tjt|j|jd��|j}g�d�}|D�]
}t j
�
|�
|d���q-|S�)z)Create a magic attach token for the user.�POST�r:����methodr����r<���r=���r����rB���)
r:���rK����API_V1_NEW_MAGIC_ATTACHr?���r
���r����rO���r@���rP���r
���rQ���rR���rS���)r-���r:���rY���rZ���r����r����r0���r0���r1����new_magic_attach_token$��s&����
�z'UAContractClient.new_magic_attach_tokenc�����������������C���s����|�����}|�dd�|�i��|�jt|dd�}|jdkr t����|jdkr(t����|jdkr1t� ���|jdkr@tj
t|j|j
d ��d
S�)
z)Revoke a magic attach token for the user.r3���r4����DELETEr����i���r;���r����r<���r=���N)
r:���rF���rG���rK����API_V1_REVOKE_MAGIC_ATTACHr?���r
���� MagicAttachTokenAlreadyActivatedr����r����rO���r@���)r-���r���r:���rY���r0���r0���r1����revoke_magic_attach_token;��s(����
��z*UAContractClient.revoke_magic_attach_tokenrz���c�������������� ���C���s����|st��|�j�}|����}|�dd�|�i��tj||d�}|����}|�j|d||d�|d�|d�|d�d �d
�}|j d
krFt
j
||j |j
d
��|j�
d
�rT|jd
�|jd
<�|jS�)a|��Get the updated machine token from the contract server.
@param machine_token: The machine token needed to talk to
this contract service endpoint.
@param contract_id: Unique contract id provided by contract service
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
r3���r4���rx����GETr\���r
���r]���r^���r_���)r����r:���r`���r<���r=���ru���)r���rE���r%���r:���rF���rG����API_V1_GET_CONTRACT_MACHINErH���rK���r?���r
���rO���r@���rS���rP���)r-���rr���rz���rV���r:���r>���rW���rY���r0���r0���r1����get_contract_machineR��s4���
���
�
z%UAContractClient.get_contract_machinec����������� ������C���s����|st��|�j�}|����}|�dd�|�i��||����d�}t|�}tj||d�}|�j ||d|d�}|j
dkr@t
j
||j
|j
d��|j�d �rN|jd �|jd <�|jS�)
a���Request machine token refresh from contract server.
@param machine_token: The machine token needed to talk to
this contract service endpoint.
@param contract_id: Unique contract id provided by contract service.
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
@return: Dict of the JSON response containing refreshed machine-token
r3���r4���r6���rx���r����)r:���r����r9���r<���r=���ru���)r���rE���r%���r:���rF���rG���rH���rJ����
API_V1_UPDATE_CONTRACT_MACHINErK���r?���r
���rO���r@���rS���rP���) r-���rr���rz���rV���r:���r9���rX���r>���rY���r0���r0���r1����update_contract_machine}��s*���
���
�
z(UAContractClient.update_contract_machinec�����������������C���s����t����jt����jt����jt����t����t����t �
��d�}t
|�j
�j
rOt|�j
�j}t���}|�jjp4t��|�j
�|�jjdd��|D��dd��|D��|rJ|j���ndd�}ni�}i�|�|�S�)z9Return a dict of activity info data for contract requests)�
distributionr]���r
���r\����desktopr^����
clientVersionc�����������������S���s���g�|�]}|j��qS�r0���)r"�����.0�servicer0���r0���r1����
<listcomp>���s����z7UAContractClient._get_activity_info.<locals>.<listcomp>c�����������������S���s
���i�|�]
}|j�r|j|j�qS�r0���)�variant_enabledr"����
variant_namer����r0���r0���r1����
<dictcomp>���s
������z7UAContractClient._get_activity_info.<locals>.<dictcomp>N)�
activityID�
activityToken� resources�resourceVariantsr5���)r����get_release_infor�����get_kernel_info�
uname_releaser
����
get_dpkg_arch�
is_desktop�
get_virt_typer����
get_versionr���r%����
is_attachedr����enabled_servicesr����readr,����
activity_idrE����activity_token�
attached_atrI���)r-����
machine_infor�����attachment_datarW���r0���r0���r1���rH������s8����
�
����z#UAContractClient._get_activity_info�N)
�__name__�
__module__�
__qualname__�cfg_url_base_attrr���r���r)���r����retry�socket�timeoutr[���r����strr���rb���re���r����AutoAttachCloudInstancerq���rw���r~���r����r����r����r����r����rH����
__classcell__r0���r0���r.���r1���r#���B���sh�������
�*
�$����
�&(
����
�/����
�(r#����
request_bodyc�������������� ���C���sJ���|���di��}|���d�||��d�|��d�|��d�|��d�dt���jd�d �S�)
a?��
Transforms a request_body that has the new activity_info into a body that
includes both old and new forms of machineInfo/activityInfo
This is necessary because there may be old ua-airgapped contract
servers deployed that we need to support.
This function is used for attach and refresh calls.
r8���r7���r\���r����r]���r
����Linux)r����r]���r
����type�release)r7���r8���r\����os)rS���r���r����r����)r����rW���r0���r0���r1���rJ������s���
��rJ���Tr%����past_entitlements�new_entitlements�
allow_enabler
���r&���c��������������
���C���sj��ddl�m}�d}g�}g�}||��D�]|} z|| �}
W�n �ty!���Y�qw�g�}zt|�|�| i��|
||d�\}
}
W�nM�tjy[�}
�zt�|
��d}|� | ��t�
d| |
��W�Y�d}
~
qd}
~
w�t
y��}
�z
t�|
��|� |
��|� | ��t�d| |
��W�Y�d}
~
qd}
~
ww�|
r�|
r�t
�
| ��qt
�|��t|�dkr�tjd d
��t||�D��d
��|r�tjd
d
��|D��d
��dS�)
a���Iterate over all entitlements in new_entitlement and apply any delta
found according to past_entitlements.
:param cfg: UAConfig instance
:param past_entitlements: dict containing the last valid information
regarding service entitlements.
:param new_entitlements: dict containing the current information regarding
service entitlements.
:param allow_enable: Boolean set True if allowed to perform the enable
operation. When False, a message will be logged to inform the user
about the recommended enabled service.
:param series_overrides: Boolean set True if series overrides should be
applied to the new_access dict.
r���)�entitlements_enable_orderF)r%����
orig_access�
new_accessr����r
���Tz+Failed to process contract delta for %s: %rNz5Unexpected error processing contract delta for %s: %rc�����������������S���s*���g�|�]\}}|t�jjt|�t��d��f�qS�))ri����log_path)r
����UNEXPECTED_ERRORrG���r����r���)r����r"���� exceptionr0���r0���r1���r����/��s��������z.process_entitlements_delta.<locals>.<listcomp>)�failed_servicesc�����������������S���s���g�|�]}|t�jf�qS�r0���)r
����!E_ATTACH_FAILURE_DEFAULT_SERVICES)r����r"���r0���r0���r1���r����<��s������)�uaclient.entitlementsr�����KeyError�process_entitlement_deltarS���r
����UbuntuProErrorrm���r�����append�error� Exception�event�service_processed�services_failed�len�AttachFailureUnknownError�zip�
AttachFailureDefaultServices)r%���r����r����r����r
���r�����
delta_error�unexpected_errorsr����r"����new_entitlement�deltas�service_enabled�er0���r0���r1����process_entitlements_delta���sr���
�
�
��
���
�
��
���r����Fr����r����c�����������
���
���C���s����ddl�m}�|r
t|��t�||�}d}|rh|�di���d�}|s*|�di���d�}|s3tj||d��|�di���di���d d
�} z ||�|| d
�}
W�n�tjy_�}
�zt �
d
|��|
�d
}
~
ww�|
j
|||d�}||fS�)a,��Process a entitlement access dictionary deltas if they exist.
:param cfg: UAConfig instance
:param orig_access: Dict with original entitlement access details before
contract refresh deltas
:param new_access: Dict with updated entitlement access details after
contract refresh
:param allow_enable: Boolean set True if allowed to perform the enable
operation. When False, a message will be logged to inform the user
about the recommended enabled service.
:param series_overrides: Boolean set True if series overrides should be
applied to the new_access dict.
:raise UbuntuProError: on failure to process deltas.
:return: A tuple containing a dict of processed deltas and a
boolean indicating if the service was fully processed
r�����entitlement_factoryF�
entitlementr����)�orig�new�
entitlements�
obligations�
use_selectorrB����r%���r"���r ���z3Skipping entitlement deltas for "%s". No such classN�r����)
r����r�����apply_contract_overridesr����get_dict_deltasrS���r
���� InvalidContractDeltasServiceType�EntitlementNotFoundErrorrm���rn����process_contract_deltas)
r%���r����r����r����r
���r����r�����retr"���r ���r�����excr0���r0���r1���r����C��sD���
�
�
�����r����rY���c�����������������C���s����|�j��d�}|rJ|d�}|d�}|dkr(|d��t�}tj|||d��d�d��|dkr@|d��t�}tj|||d��d�d ��|d
krJtj|d
��t����)
N�info�
contractId�reasonzno-longer-effective�timez%m-%d-%Y)rz����date�contract_expiry_dateznot-effective-yet)rz���r�����contract_effective_dateznever-effective)rz���) rP���rS����strftimer���r
����AttachForbiddenExpired�AttachForbiddenNotYet�AttachForbiddenNever�AttachExpiredToken)rY���r����rz���r����r����r0���r0���r1���rN������s*���
�
�
rN���c����������� ������C���s����t��|��}|���}|j}|d�}|d�d�d�}t|�d�}|j||d�}|�|��tj� ���|�
di���
dt�|���}t
�|��t
|�||���dd ��d
S�)
z�Request contract refresh from ua-contracts service.
:raise UbuntuProError: on failure to update contract or error processing
contract deltas
:raise ConnectivityError: On failure during a connection
rA����machineTokenInfo�
contractInfo�idr'���)rr���rz���r7���Fr����N)
r*���r+���r����rr���r#���r����r|���r���rE����
cache_clearrS���r���r����) r%���r,����orig_entitlements�
orig_tokenrr���rz����contract_client�resprV���r0���r0���r1����refresh���s*���
�
�
�r ��c�����������������C���s
���t�|��}|���}|�dg��S�)zDQuery available resources from the contract server for this machine.r����)r#���rb���rS���)r%����clientr����r0���r0���r1����get_available_resources���s���
r
��rD���c�����������������C���s���t�|��}|�|�S�)z/Query contract information for a specific token)r#���re���)r%���rD���r
��r0���r0���r1����get_contract_information���s���
r
��c�����������
������C���s����t�|��}|jj}|j���}|�dd�}|�di���di���dd��}|s%dS�|�||�}|�di���di���dd��}|r=|n|jj}|jj|krIdS�|j�|�} t| � ���D�]\}
}
t
�
|�|
i��|
�}
|
rh�dS�qUdS�) NrA���rB���r��r��r��F�
effectiveToT)
r#���r,���rr���r����rS���r�����contract_expiry_datetime�get_entitlements_from_token�sorted�itemsr���r����)
r%���r��r��r��rr���rz���r���
resp_expiry�
new_expiry�curr_entitlementsr"���r����r����r0���r0���r1����is_contract_changed���sF���
�
������
��r���override_selector�selector_valuesc�����������������C���s<���d}|�����D�]\}}||f|����vr�dS�|t|�7�}q|S�)Nr���)r���OVERRIDE_SELECTOR_WEIGHTS)r��r���override_weight�selector�valuer0���r0���r1����_get_override_weight���s
���r
��r�����
series_namerg���c�����������
������C���sz���i�}||d�}|r
||d<�|���di����|i��}|r ||td�<�t�|��dg���}|D�]}t|��d�|�} | r:||| <�q*|S�)N)r
���r ���r ���r
���r
���� overridesr��)�popr���copy�deepcopyrS���r
��)
r����r
��rg���r ���r
��r��r
����general_overrides�override�weightr0���r0���r1����_select_overrides��s"���
�
��r%��r
���c�����������������C���s����ddl�m}�tt|�t�d|�v�g�std�|����|du�r!t���j n|}|��\}}|��
di��}t
||||�}t
|�
���D�]%\} }
|
�
��D�]
\}
}
|�d��
|
�}
t|
t�rY|
�|
��qC|
|�d�|
<�qCq;dS�)a���Apply series-specific overrides to an entitlement dict.
This function mutates orig_access dict by applying any series-overrides to
the top-level keys under 'entitlement'. The series-overrides are sparse
and intended to supplement existing top-level dict values. So, sub-keys
under the top-level directives, obligations and affordance sub-key values
will be preserved if unspecified in series-overrides.
To more clearly indicate that orig_access in memory has already had
the overrides applied, the 'series' key is also removed from the
orig_access dict.
:param orig_access: Dict with original entitlement access details
r���)�get_cloud_typer����z?Expected entitlement access dict. Missing "entitlement" key: {}N)�uaclient.clouds.identityr&���all�
isinstance�dict�
RuntimeErrorrG���r���r����r
���rS���r%��r��r��rF���)r����r
���r ���r&��r
��rg����_�orig_entitlementr
���_weight�overrides_to_apply�keyr���currentr0���r0���r1���r����#��s*���
��
�
��r����r����c�����������
��� ���C���s����ddl�m}�g�}|���D�]H\}}|�di���dd�}z ||�||d�}W�n
�tjy-���Y�q
w�|�di���di��}|�d�} |�|| �rT|���\}
}
|
rT|�t ||d ���q
|S�)
Nr���r����r����r����rB���r����r�����
resourceToken)r"���r ���)
r����r����r��rS���r
���r�����_should_enable_by_default�
can_enabler����r!���)
r%���r����r�����enable_by_default_services�ent_name� ent_valuer ����entr����r2��r4��r,��r0���r0���r1���� get_enabled_by_default_servicesT��s,���
�
���r9��)T)FTr����)NN)Or ���loggingr�����
collectionsr����typingr���r���r���r���r����
uaclient.files.machine_token�filesrr���r*����uaclientr���r ���r
���r
���r
���r
���r���r���r����-uaclient.api.u.pro.status.enabled_services.v1r����(uaclient.api.u.pro.status.is_attached.v1r����uaclient.configr����uaclient.defaultsr����uaclient.files.state_filesr���r����
uaclient.httpr����
uaclient.logr���rL���r����r����ra���rv���rk���r{���rd���r����r����r����r���get_event_loggerr����� getLogger�
replace_top_level_logger_namer����rm���r!����UAServiceClientr#���r*��rJ���r�����boolr����r�����
HTTPResponse�
NamedMessagerN���r ��r
��r
��r���intr
��r%��r����r9��r0���r0���r0���r1����<module>���s�����
,
��������� ��
�
���
�^��
�
���
�?�
�
!
�
�-
�
�
��
����
� �
���
�1�
��