U JhW @sddlZddlZddlZddlmZddlmZmZmZm Z m Z ddl m m ZddlmZmZmZmZmZmZmZmZmZddlmZddlmZddlmZddlm Z dd l!m"Z"m#Z#dd l$m%Z%dd l&m'Z'd Z(d Z)d Z*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dddddZ4e5Z6e7e8e9Z:edddgZ;Gdddej<Z=Gdd d e%j>Z?e@d!d"d#ZAdDeeeBefeeBefeCeCdd%d&d'ZDdEeeeBefeeBefeCeCe eeCfd)d*d+ZEejFejGd,d-d.ZHed/d0d1ZIeeed2d3d4ZJeeBeeBefd5d6d7ZKeeBeBfeeBeBfeLd8d9d:ZMdFeeBefeBeBe eBeeLeeBeffd;dd?d@ZOeeeBefee;dAdBdCZPdS)HN) namedtuple)AnyDictListOptionalTuple) data_types event_logger exceptionshttpmessagessecret_managersystemutilversion)_enabled_services) _is_attached)UAConfig)ATTACH_FAIL_DATE_FORMAT)attachment_data_filemachine_id_file) serviceclient)get_user_or_root_log_file_pathz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z /v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z /v1/contractz/v1/magic-attachz?/v1/contracts/{contract}/context/machines/{machine}/guest-token)series_overridesseriescloudvariantEnableByDefaultServicenamer c@sReZdZejdejddejdejddejdejddejdejddejdejddejdejddejd ejddejd ejddejd ejddejd ejddejd ejddejdejddejdejddejdejddgZdeeeeeeeeeeeeeeeeeeeeeeeeeeeedddZ dS) CPUTypeData cpuinfo_cpuF)Zrequiredcpuinfo_cpu_architecturecpuinfo_cpu_familycpuinfo_cpu_implementercpuinfo_cpu_partcpuinfo_cpu_revisioncpuinfo_cpu_variant cpuinfo_modelcpuinfo_model_namecpuinfo_steppingcpuinfo_vendor_id"sys_firmware_devicetree_base_model sysinfo_model sysinfo_typeNr$r%r&r'r(r)r*r+r,r-r.r/r0r1cCsX||_||_||_||_||_||_||_||_| |_| |_ | |_ | |_ | |_ ||_ dS)Nr2)selfr$r%r&r'r(r)r*r+r,r-r.r/r0r1r43/usr/lib/python3/dist-packages/uaclient/contract.py__init__zszCPUTypeData.__init__)NNNNNNNNNNNNNN) __name__ __module__ __qualname__rZFieldZStringDataValueZfieldsrstrr6r4r4r4r5r#Fs5r#csheZdZdZd*eeddfdd Zeje j dddgdd+d d Z e e efd d d Ze e e efdddZeje j dddgde e e efdddZd,e e ee e e efdddZddZe e e efdddZe e efd ddZe ddd Zd-e e ee e e efd!d"d#Zd.e e ee e d!d$d%Ze e e e d!d&d'Zd(d)ZZS)/UAContractClientZ contract_urlNcfgreturncstj|dt|_dS)Nr=)superr6mtfget_machine_token_filemachine_token_file)r3r= __class__r4r5r6szUAContractClient.__init__rr)Z retry_sleepsc Cs|st|j}|}|dd|i|}||d<||d}t|}|j t ||d}|j dkrvt n|j dkrt||j dkrt jt |j |jd |j} tj| d d | d gD]} tj| d d q| S)a}Requests machine attach to the provided machine_id. @param contract_token: Token string providing authentication to ContractBearer service endpoint. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing the machine-token. Authorization Bearer {}lastAttachment machineId activityInfo)dataheadersiurlcodebody machineTokenresourceTokenstoken)rget_machine_idr=rMupdateformat_get_activity_info isoformat_support_old_machine_info request_urlAPI_V1_ADD_CONTRACT_MACHINErRr ZAttachInvalidTokenError_raise_attach_forbidden_messageContractAPIErrorrS json_dictr secrets add_secretget) r3contract_tokenZ attachment_dt machine_idrM activity_inforLbackcompat_dataresponse response_jsonrWr4r4r5add_contract_machines<         z%UAContractClient.add_contract_machine)r>cCsT|}|jt|d|d|d|ddd}|jdkrNtjt|j|jd|jS) z=Requests list of entitlements available to this machine type. architecturerkernelvirtrmrrnro) query_paramsrOrP)r[r^API_V1_AVAILABLE_RESOURCESrRr rarSrb)r3rhrjr4r4r5available_resourcess  z$UAContractClient.available_resources)rfr>cCsN|}|dd|i|jt|d}|jdkrHtjt|j|jd|j S)NrFrGrMrOrP) rMrYrZr^API_V1_GET_CONTRACT_USING_TOKENrRr rarSrb)r3rfrMrjr4r4r5get_contract_using_tokens z)UAContractClient.get_contract_using_token) cloud_typerLcCsz|jtj|d|d}|jdkr\|jdd}|rHt|tj |dtj t|j|j d|j}t j |dd|S) zRequests contract token for auto-attach images for Pro clouds. @param instance: AutoAttachCloudInstance for the cloud. @return: Dict of the JSON response containing the contract-token. )rw)rLrOmessagerU) error_msgrP contractToken)r^,API_V1_GET_CONTRACT_TOKEN_FOR_CLOUD_INSTANCErZrRrbreLOGdebugr ZInvalidProImagerarSr rcrd)r3rwrLrjmsgrkr4r4r5%get_contract_token_for_cloud_instances*     z6UAContractClient.get_contract_token_for_cloud_instance) machine_tokenresourcergr>c Cs|st|j}|}|dd|itj||d}|j||d}|jdkrft j t|j|j d|j dr|jd|j d<|j }| dgD]}tj| d d q|S) aRequests machine access context for a given resource @param machine_token: The authentication token needed to talk to this contract service endpoint. @param resource: Entitlement name. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing entitlement accessInfo. rFrG)rmachinertrOrPexpiresrVrWrU)rrXr=rMrYrZ"API_V1_GET_RESOURCE_MACHINE_ACCESSr^rRr rarSrerbr rcrd) r3rrrgrMrQrjrkrWr4r4r5get_resource_machine_accesss*   z,UAContractClient.get_resource_machine_accesscCs|jj}|jjd}t|j}|}tj ||d}| }| dd |i|j |||d}|j dkrtj||j |jd|jr|jj}|j|d<|j|d S) zReport current activity token and enabled services. This will report to the contracts backend all the current enabled services in the system. rTZcontractrrFrG)rMrLrOrPrKN)rC contract_idrrerrXr=r[API_V1_UPDATE_ACTIVITY_TOKENrZrMrYr^rRr rarSrbwrite)r3rrrgZ request_datarQrMrjr4r4r5update_activity_token;s.   z&UAContractClient.update_activity_token) magic_tokenr>cCs|}|dd|i|jt|d}|jdkrt|jdkrPt|jdkrbt |jdkrtj t|j|j d d S) z)Revoke a magic attach token for the user.rFrGZDELETErrNrrOrPN) rMrYrZr^API_V1_REVOKE_MAGIC_ATTACHrRr Z MagicAttachTokenAlreadyActivatedrrrarS)r3rrMrjr4r4r5revoke_magic_attach_tokens&    z*UAContractClient.revoke_magic_attach_token)rrrgr>c Cs|st|j}|}|dd|itj||d}|}|j|d||d|d|d|dd d }|j d krt j ||j |j d |j d r|jd |jd <|jS)a|Get the updated machine token from the contract server. @param machine_token: The machine token needed to talk to this contract service endpoint. @param contract_id: Unique contract id provided by contract service @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. rFrGrGETrmrrnrorp)rrMrqrOrPr)rrXr=rMrYrZAPI_V1_GET_CONTRACT_MACHINEr[r^rRr rarSrerb)r3rrrgrMrQrhrjr4r4r5get_contract_machines8   z%UAContractClient.get_contract_machinec Cs|st|j}|}|dd|i||d}t|}tj||d}|j ||d|d}|j dkrt j ||j |j d|jd r|jd |jd <|jS) aRequest machine token refresh from contract server. @param machine_token: The machine token needed to talk to this contract service endpoint. @param contract_id: Unique contract id provided by contract service. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing refreshed machine-token rFrGrIrr)rMrrLrOrPr)rrXr=rMrYrZr[r]API_V1_UPDATE_CONTRACT_MACHINEr^rRr rarSrerb) r3rrrgrMrLrirQrjr4r4r5update_contract_machines6   z(UAContractClient.update_contract_machinecCsv|}|dd|itj||d}|j||dd}|jdkrRtjddn|jd krptj||j|j d |j S) aRequest guest token associated with this machine's contract @param machine_token: The machine token needed to talk to this contract service endpoint. @param contract_id: Unique contract id provided by contract service @param machine_id: Unique machine id that was registered with the pro backend on attach. @return: Dict of the JSON response containing the guest token rFrGrrrrget_guest_token)Z feature_namerOrP) rMrYrZAPI_V1_GET_GUEST_TOKENr^rRr Z FeatureNotSupportedOldTokenErrorrarSrb)r3rrrgrMrQrjr4r4r5rs$  z UAContractClient.get_guest_tokencCst}tjtjtjttt t t |j |j|j|j|j|j|j|j|j|j|j|j|j|jdjddd}t|jjrt|jj }t!"}|j#j$pt%|j|j#j&dd|Ddd|D|r|j'(nd d }ni}||S) z9Return a dict of activity info data for contract requestsr2F)Z keep_none) distributionrnrrmZdesktoproZ clientVersionZcpu_typecSsg|] }|jqSr4)r".0servicer4r4r5 Hsz7UAContractClient._get_activity_info..cSsi|]}|jr|j|jqSr4)Zvariant_enabledr"Z variant_namerr4r4r5 Isz7UAContractClient._get_activity_info..N)Z activityIDZ activityToken resourcesZresourceVariantsrH))rZ get_cpu_infoget_release_inforZget_kernel_infoZ uname_releaserZ get_dpkg_archZ is_desktopZ get_virt_typerZ get_versionr#r$r%r&r'r(r)r*r+r,r-r.r/r0r1Zto_dictrr=Z is_attachedrenabled_servicesrreadrCZ activity_idrXZactivity_tokenZ attached_atr\)r3ZcpuinfoZ machine_inforZattachment_datarhr4r4r5r[#sZ     z#UAContractClient._get_activity_info)N)N)N)N)N)r7r8r9Zcfg_url_base_attrrrr6rZretrysocketZtimeoutrlrr:rrsrvrrrrrrrrrr[ __classcell__r4r4rDr5r;s\ * $ &( / * #r;) request_bodyc CsJ|di}|d||d|d|d|ddtjdd S) a? Transforms a request_body that has the new activity_info into a body that includes both old and new forms of machineInfo/activityInfo This is necessary because there may be old ua-airgapped contract servers deployed that we need to support. This function is used for attach and refresh calls. rKrJrmrrnrZLinux)rrnrtyperelease)rJrKrmos)rerrr)rrhr4r4r5r]]s r]T)r=past_entitlementsnew_entitlements allow_enablerr>c Csvddlm}d}g}g}||D]} z || } Wntk rJYq YnXg}z"t||| i| ||d\} } Wntjk r} z*t| d}| | t d| | W5d} ~ XYq t k r } z0t| | | | | td| | W5d} ~ XYq X| r | r t | q t |t|dkrVtjd d t||Dd n|rrtjd d |Dd dS) aIterate over all entitlements in new_entitlement and apply any delta found according to past_entitlements. :param cfg: UAConfig instance :param past_entitlements: dict containing the last valid information regarding service entitlements. :param new_entitlements: dict containing the current information regarding service entitlements. :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :param series_overrides: Boolean set True if series overrides should be applied to the new_access dict. r)entitlements_enable_orderF)r= orig_access new_accessrrTz+Failed to process contract delta for %s: %rNz5Unexpected error processing contract delta for %s: %rcSs*g|]"\}}|tjjt|tdfqS))ryZlog_path)r ZUNEXPECTED_ERRORrZr:r)rr" exceptionr4r4r5rsz.process_entitlements_delta..)failed_servicescSsg|]}|tjfqSr4)r Z!E_ATTACH_FAILURE_DEFAULT_SERVICES)rr"r4r4r5rs)uaclient.entitlementsrKeyErrorprocess_entitlement_deltarer ZUbuntuProErrorr|rappenderror ExceptioneventZservice_processedZservices_failedlenZAttachFailureUnknownErrorzipZAttachFailureDefaultServices)r=rrrrrZ delta_errorZunexpected_errorsrr"Znew_entitlementdeltasZservice_enableder4r4r5process_entitlements_deltaxsf            rF)r=rrrrr>c Csddlm}|rt|t||}d}|r|did}|sT|did}|sftj||d|didid d } z|||| d } Wn4tjk r} zt d || W5d } ~ XYnX| j |||d}||fS)a,Process a entitlement access dictionary deltas if they exist. :param cfg: UAConfig instance :param orig_access: Dict with original entitlement access details before contract refresh deltas :param new_access: Dict with updated entitlement access details after contract refresh :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :param series_overrides: Boolean set True if series overrides should be applied to the new_access dict. :raise UbuntuProError: on failure to process deltas. :return: A tuple containing a dict of processed deltas and a boolean indicating if the service was fully processed rentitlement_factoryF entitlementr)Zorignew entitlements obligations use_selectorrUr=r"r z3Skipping entitlement deltas for "%s". No such classNr) rrapply_contract_overridesrZget_dict_deltasrer Z InvalidContractDeltasServiceTypeEntitlementNotFoundErrorr|r}Zprocess_contract_deltas) r=rrrrrrZretr"r rexcr4r4r5rsP    r)rjr>cCs|jd}|r|d}|d}|dkrR|dt}tj|||dddnF|dkr|dt}tj|||ddd n|d krtj|d tdS) NinfoZ contractIdreasonzno-longer-effectivetimez%m-%d-%Y)rdateZcontract_expiry_dateznot-effective-yet)rrZcontract_effective_dateznever-effective)r) rbrestrftimerr ZAttachForbiddenExpiredZAttachForbiddenNotYetZAttachForbiddenNeverZAttachExpiredToken)rjrrrrr4r4r5r`s*    r`r?c Cst|}|}|j}|d}|ddd}t|d}|j||d}||tj | di dt|}t |t |||dd d S) zRequest contract refresh from ua-contracts service. :raise UbuntuProError: on failure to update contract or error processing contract deltas :raise ConnectivityError: On failure during a connection rTZmachineTokenInfoZ contractInfoidr?)rrrJFrN) rArBrrr;rrrrX cache_clearrerr) r=rCZorig_entitlementsZ orig_tokenrrZcontract_clientZresprgr4r4r5refresh.s.      rr<cCst|}|}|dgS)zDQuery available resources from the contract server for this machine.r)r;rsre)r=clientrr4r4r5get_available_resourcesOsr)r=rWr>cCst|}||S)z/Query contract information for a specific token)r;rv)r=rWrr4r4r5get_contract_informationVsr)override_selectorselector_valuesr>cCs<d}|D]*\}}||f|kr*dS|t|7}q |S)Nr)itemsOVERRIDE_SELECTOR_WEIGHTS)rrZoverride_weightselectorvaluer4r4r5_get_override_weight\s r)r series_namerwr r>c Cszi}||d}|r||d<|di|i}|r>||td<t|dg}|D] }t|d|} | rT||| <qT|S)N)rrr rr overridesr)poprcopydeepcopyrer) rrrwr rrrZgeneral_overridesoverrideZweightr4r4r5_select_overrideshs"   r)rrr r>cCsddlm}tt|td|kgs0td||dkrBtj n|}|\}}| di}t ||||}t | D]J\} } | D]8\} } |d | } t| tr| | q| |d| <qqvdS)aApply series-specific overrides to an entitlement dict. This function mutates orig_access dict by applying any series-overrides to the top-level keys under 'entitlement'. The series-overrides are sparse and intended to supplement existing top-level dict values. So, sub-keys under the top-level directives, obligations and affordance sub-key values will be preserved if unspecified in series-overrides. To more clearly indicate that orig_access in memory has already had the overrides applied, the 'series' key is also removed from the orig_access dict. :param orig_access: Dict with original entitlement access details r)get_cloud_typerz?Expected entitlement access dict. Missing "entitlement" key: {}N)Zuaclient.clouds.identityrall isinstancedict RuntimeErrorrZrrrrersortedrrY)rrr rrrw_Zorig_entitlementrZ_weightZoverrides_to_applykeyrZcurrentr4r4r5rs.     r)r=rr>c Csddlm}g}|D]\}}|didd}z||||d}Wntjk r`YqYnX|didi}|d} ||| r|\} } | r|t ||d q|S) NrrrrrUrr resourceToken)r"r ) rrrrer rZ_should_enable_by_default can_enablerr!) r=rrZenable_by_default_servicesZent_nameZ ent_valuer Zentrrrrr4r4r5get_enabled_by_default_servicess(     r)T)FT)N)NN)QrZloggingr collectionsrtypingrrrrrZuaclient.files.machine_tokenfilesrrAZuaclientrr r r r r rrrZ-uaclient.api.u.pro.status.enabled_services.v1rZ(uaclient.api.u.pro.status.is_attached.v1rZuaclient.configrZuaclient.defaultsrZuaclient.files.state_filesrrZ uaclient.httprZ uaclient.logrr_rrrrrr{rrurrrrrZget_event_loggerrZ getLoggerZreplace_top_level_logger_namer7r|r!Z DataObjectr#ZUAServiceClientr;rr]r:boolrrZ HTTPResponseZ NamedMessager`rrrintrrrrr4r4r4r5s ,      WC    ^   @ !      2