| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/python3/dist-packages/uaclient/entitlements/__pycache__/ |
Upload File : |
o
����F��cz�����������������������@���s����d�dl�Z�d�dlZd�dlZd�dlZd�dlmZ�d�dlmZmZmZm Z m
Z
m
Z
m
Z
�d�dl
Z
d�dlmZmZmZmZmZmZ�d�dlmZ�d�dlmZmZmZmZm
Z
m
Z
m
Z
m Z �d�dl m!Z!m"Z"�d�dl#m$Z$�e�%��Z&G�d d
��d
�Z'G�d
d
��d
e�j(d
�Z)dS�)�����N)�datetime)�Any�Dict�List�Optional�Tuple�Type�Union)�config�contract�
event_logger�messages�system�util)�DEFAULT_HELP_FILE)�ApplicabilityStatus�ApplicationStatus�CanDisableFailure�CanDisableFailureReason�CanEnableFailure�CanEnableFailureReason�ContractStatus�UserFacingStatus)�MessagingOperationsDict�StaticAffordance)�is_config_value_truec�������������������@���s$���e�Zd�Zded�dejfdd�ZdS�)�IncompatibleService�
entitlement�
UAEntitlement� named_msgc�����������������C���s���||�_�||�_d�S��N)r
���r ���)�selfr
���r �����r"����</usr/lib/python3/dist-packages/uaclient/entitlements/base.py�__init__
���s���
z
IncompatibleService.__init__N)�__name__�
__module__�
__qualname__r���r
����
NamedMessager$���r"���r"���r"���r#���r
���
���s
������r
���c����������������
���@���s���e�Zd�ZdZdZdZdZdZdZdZ dZ
e
e
j
defdd���Ze
dee�fdd��Ze
e
j
defd d
���Ze
e
j
defd
d
���Ze
defd
d��Ze
defdd��Ze
deedf�fdd��Ze
deedf�fdd��Ze
deed��df�fdd��Z
e
deed��df�fdd��Z
e
de
fdd��Z
dXd
e e!j"�d
e#d e#d ed!e#ddf
d"d#�Z$e
d$d%���Z% dYd&e#dee#e&de'f�f�fd'd(�Z(e
j
dYd&e#de#fd)d*��Z) dYd+e#dee#e e*�f�fd,d-�Z+dee#e e'�f�fd.d/�Z,de#fd0d1�Z-d2d3��Z.dee�fd4d5�Z/de#fd6d7�Z0dee#e e1j2�f�fd8d9�Z3dee#e e1j2�f�fd:d;�Z4dee5e e1j2�f�fd<d=�Z6e
j
dYd&e#de#fd>d?��Z7d&e#dee#e e1j2�f�fd@dA�Z8de#fdBdC�Z9 dYdDed&e#ddfdEdF�Z: dYd&e#dee#e e*�f�fdGdH�Z;de<fdIdJ�Z=de#fdKdL�Z>de?fdMdN�Z@ dYdOeAeeBf�dPeAeeBf�dQe#de#fdRdS�ZCdeeDe e1j2�f�fdTdU�ZEe
j
dee?e e1j2�f�fdVdW��ZFdS�)Zr
���NFr"����returnc�����������������C�������dS�)z&The lowercase name of this entitlementNr"����r!���r"���r"���r#����name@�������zUAEntitlement.namec�����������������C���s$���|�j�g}|�j|�j�kr|�|�j��|S�)z1The list of names this entitlement may be called.)r,����presentation_name�append)r!����
valid_namesr"���r"���r#���r0���F���s���
zUAEntitlement.valid_namesc�����������������C���r*���)z,The human readable title of this entitlementNr"���r+���r"���r"���r#����titleN���r-���zUAEntitlement.titlec�����������������C���r*���)z&A sentence describing this entitlementNr"���r+���r"���r"���r#����
descriptionT���r-���zUAEntitlement.descriptionc�����������������C���s>���|�j�jjr
|�j�jj�|�ji���di���di���d|�j�S�|�jS�)z/The user-facing name shown for this entitlementr
����
affordances�
presentedAs)�cfg�machine_token_file�
is_present�
entitlements�getr,���r+���r"���r"���r#���r.���Z���s���
�z UAEntitlement.presentation_namec�����������������C���sl���|�j�du�r3i�}tj�t�r'ttd��
}t�|�}W�d����n1�s"w���Y��|�|�j i���dd�|�_�|�j�S�)z$Help information for the entitlementN�r�help��)
�
_help_info�os�path�existsr����open�yaml� safe_loadr9���r,���)r!���� help_dict�fr"���r"���r#���� help_infog���s���
�zUAEntitlement.help_info.c�����������������C���r*���)Nr"���r"���r+���r"���r"���r#����static_affordancesx�������z UAEntitlement.static_affordancesc�����������������C�������|�j�S�)a
��
Return a list of packages that aren't compatible with the entitlement.
When we are enabling the entitlement we can directly ask the user
if those entitlements can be disabled before proceding.
Overridden in livepatch and fips
)�_incompatible_servicesr+���r"���r"���r#����incompatible_services|�������z#UAEntitlement.incompatible_servicesc�����������������C���rI���)a��
Return a list of packages that must be active before enabling this
service. When we are enabling the entitlement we can directly ask
the user if those entitlements can be enabled before proceding.
Overridden in ros and ros-updates.
)�_required_servicesr+���r"���r"���r#����required_services����rL���z UAEntitlement.required_servicesc�����������������C���rI���)a
��
Return a list of packages that depend on this service.
We will use that list during disable operations, where
a disable operation will also disable all of the services
required by the original service
Overriden in esm-apps and esm-infra
)�_dependent_servicesr+���r"���r"���r#����dependent_services����s��� z UAEntitlement.dependent_servicesc�����������������C���s���i�S�r ���r"���r+���r"���r"���r#���� messaging����rH���zUAEntitlement.messagingr<���r5����
assume_yes�
allow_beta�
called_name�
access_onlyc�����������������C���sD���|st����dk}tj|d�}||�_||�_||�_||�_||�_d|�_ dS�)z]Setup UAEntitlement instance
@param config: Parsed configuration dictionary
r���)� root_modeN)
r>����getuidr
����UAConfigr5���rR���rS���rU����
_called_name�_valid_service)r!���r5���rR���rS���rT���rU���rV���r"���r"���r#���r$�������s���
zUAEntitlement.__init__c�����������������C���s.���|�j�du�r|�j
�p|�jpt|�jjd�|�_�|�j�S�)z2Check if the service is marked as valid (non-beta)Nzfeatures.allow_beta)rZ����is_betarS���r���r5���r+���r"���r"���r#����
valid_service����s���
�
�zUAEntitlement.valid_service�silentc����������� ������C���s����|�j��dg��}t�|�sdS�|����\}}|sL|du�r
dS�|jtjkr2|����\}}|s1||_ d|fS�n|jtj
krH|��
��\}}|sG||_ d|fS�nd|fS�|�j��dg��}t�|�sZdS�|�j
|d�}|sddS�|�j��dg��}t�|�srdS�dS�) aN��Enable specific entitlement.
@return: tuple of (success, optional reason)
(True, None) on success.
(False, reason) otherwise. reason is only non-None if it is a
populated CanEnableFailure reason. This may expand to
include other types of reasons in the future.
�pre_can_enable�FNNF�
pre_enable�r]����
post_enable�TN)
rQ���r9���r����handle_message_operations�
can_enable�reasonr����INCOMPATIBLE_SERVICE�
handle_incompatible_services�message�INACTIVE_REQUIRED_SERVICES�_enable_required_services�_perform_enable) r!���r]����msg_opsre����fail�
incompat_ret�error�req_ret�retr"���r"���r#����enable����sB���
���
�
zUAEntitlement.enablec�����������������C���r*���)a��
Enable specific entitlement. This should be implemented by subclasses.
This method does the actual enablement, and does not check can_enable
or handle pre_enable or post_enable messaging.
@return: True on success, False otherwise.
Nr"����r!���r]���r"���r"���r#���rl�������s��� z
UAEntitlement._perform_enable�ignore_dependent_servicesc�����������������C���sX���|�����\}}|tjkrdttjtjj|�jd�d�fS�|�j r*|s*|��
��r*dttj
�fS�dS�)z�Report whether or not disabling is possible for the entitlement.
:return:
(True, None) if can disable
(False, CanDisableFailure) if can't disable
F�r1����ri���rc���)
�application_statusr����DISABLEDr���r����ALREADY_DISABLEDr
����formatr1���rP����detect_dependent_services�ACTIVE_DEPENDENT_SERVICES)r!���ru���rx����_r"���r"���r#����
can_disable��s ���
��
��zUAEntitlement.can_disablec�����������������C���s"��|�����rt�d|�j��t�|�j��|����tj ks'dt
t
j
t
jj|�jd�d�fS�|����\}}|tjkrAdt
t
jt
jj|�jd�d�fS�|�jsKdt
t
j�fS�|����\}}|tjkr_dt
t
j|d�fS�|�jrm|����rmdt
t
j
�fS�|�j
r{|��
��s{dt
t
j �fS�|�j s�|�j!r�dt
t
j"t
j#j|�jd��fS�dS�)z�
Report whether or not enabling is possible for the entitlement.
:return:
(True, None) if can enable
(False, CanEnableFailure) if can't enable
z(Updating contract on service '%s' expiryFrv���rw���rc���)$�is_access_expired�logging�debugr,���r
����request_updated_contractr5����contract_statusr����ENTITLEDr���r����
NOT_ENTITLEDr
����
UNENTITLEDr{���r1���rx���r���ry����ALREADY_ENABLEDr\����IS_BETA�applicability_statusr����
INAPPLICABLErK����
detect_incompatible_servicesrg���rN����
check_required_services_activerj����supports_access_onlyrU����ACCESS_ONLY_NOT_SUPPORTED� ENABLE_ACCESS_ONLY_NOT_SUPPORTED)r!���rx���r~���r�����detailsr"���r"���r#���re���&��sj��� �
��
��
������
���
zUAEntitlement.can_enablec�����������������C���s2���|�j�D�]}||�j����\}}|tjkr�dS�qdS�)z�
Check for depedent services.
:return:
True if there are dependent services enabled
False if there are no dependent services enabled
TF)rP���r5���rx���r����ENABLED)r!����dependent_service_cls�
ent_statusr~���r"���r"���r#���r|���s��s���
��
�z'UAEntitlement.detect_dependent_servicesc�����������������C���s2���|�j�D�]}||�j����\}}|tjkr�dS�qdS�)z�
Check if all required services are active
:return:
True if all required services are active
False is at least one of the required services is disabled
FT)rN���r5���rx���r���r����)r!����required_service_clsr����r~���r"���r"���r#���r�������s
���
�z,UAEntitlement.check_required_services_activec�����������������C���s<���g�}|�j�D�]}|�|�j����\}}|tjkr|�|��q|S�)zI
:return: List of incompatible services that are enabled
)rK���r
���r5���rx���r���r����r/���)r!���rr����servicer����r~���r"���r"���r#����
blocking_incompatible_services���s���
�z,UAEntitlement.blocking_incompatible_servicesc�����������������C���s���t�|�����dkS�)z�
Check for incompatible services.
:return:
True if there are incompatible services enabled
False if there are no incompatible services enabled
r���)�lenr����r+���r"���r"���r#���r�������s���z*UAEntitlement.detect_incompatible_servicesc�����������������C���s����t�j|�jjdd�}|����D�]M}|j|�jdd�}tjj|�j|jd�}tj j|�j|jd�}|r3d|f��S�t�j
||�j
d�sAd|f��S�d�|j�}t
�
|��|jdd �}|sZ|d
f��S�q
d
S�)
a)��
Prompt user when incompatible services are found during enable.
When enabling a service, we may find that there is an incompatible
service already enable. In that situation, we can ask the user
if the incompatible service should be disabled before proceeding.
There are also different ways to configure that behavior:
We can disable removing incompatible service during enable by
adding the following lines into uaclient.conf:
features:
block_disable_on_enable: true
z features.block_disable_on_enable)r
����
path_to_valueT)rR���)�service_being_enabled�incompatible_serviceF��msgrR���z"Disabling incompatible service: {}ra���Nrc���)r���r���r5���r����r
���r
���rg���r{���r1����!INCOMPATIBLE_SERVICE_STOPS_ENABLE�prompt_for_confirmationrR����event�info�disable)r!����cfg_block_disable_on_enabler�����ent�user_msg�e_msg�
disable_msgrr���r"���r"���r#���rh������s:����
��
�
�
�z*UAEntitlement.handle_incompatible_servicesc�����������
������C���s����|�j�D�]i}||�jdd�}|���d�tjk}|rltjj|�j|jd�}tj j|�j|jd�}t
j
||�j
d�s9d|f��S�t
�d�|j���|jdd�\}}|sld }|r]|jr]|jjr]d
|jj�}tjj||jd
�} || f��S�qd
S�)
a,��
Prompt user when required services are found during enable.
When enabling a service, we may find that there are required services
that must be enabled first. In that situation, we can ask the user
if the required service should be enabled before proceeding.
T)rS���r���)r�����required_servicer����Fz
Enabling required service: {}ra���r<����
)rp���r����rc���)rN���r5���rx���r���ry���r
����REQUIRED_SERVICEr{���r1����
REQUIRED_SERVICE_STOPS_ENABLEr���r����rR���r����r����rs���ri���r����� ERROR_ENABLING_REQUIRED_SERVICE)
r!���r����r�����is_service_disabledr����r����rr���rn���� error_msgr����r"���r"���r#���rk������s:���
����
�
�z'UAEntitlement._enable_required_servicesc�����������������C���s���|�j�jj�|�j�}|stjtjfS�|�j D�]\}}}|��|kr%tj
|f��S�q|d��di��}t
�
��}|�dd�}|durY|d�|vrYt
�|�}tj
tjj|�j|d�d�|�d�fS�|�dd�} | durw|d�| vrwtj
tjj|�j|d �d
�fS�t
���}
|�d
d�}
|�d
�}
|
dur�|
j|
vr�tj
tjj|�j|
jd�|
�d
�fS�|
r�|
jdur�|
jdur�tjj|�j|
j|
d�}
z|
�d�\}}t
|�}t
|�}W�n�t
y����t
� d|
��tj
|
f�Y�S�w�|
j|k�r�tj
|
fS�|
j|kr�|
j|k�r�tj
|
fS�tjdfS�)a���Check all contract affordances to vet current platform
Affordances are a list of support constraints for the entitlement.
Examples include a list of supported series, architectures for kernel
revisions.
:return:
tuple of (ApplicabilityStatus, NamedMessage). APPLICABLE if
platform passes all defined affordances, INAPPLICABLE if it doesn't
meet all of the provided constraints.
r
���r3����
architecturesN�archz, )r1���r�����supported_arches�series�version)r1���r�����
kernelFlavors�minKernelVersion)r1����kernel�supported_kernels)r1���r�����
min_kernel�.z$Could not parse minKernelVersion: %s) r5���r6���r8���r9���r,���r����
APPLICABLEr
����"NO_ENTITLEMENT_AFFORDANCES_CHECKEDrG���r����r����get_platform_infor����deduplicate_arches�INAPPLICABLE_ARCHr{���r1����join�INAPPLICABLE_SERIES�get_kernel_info�flavor�INAPPLICABLE_KERNEL�
uname_release�major�minor�INAPPLICABLE_KERNEL_VER�split�int�
ValueErrorr�����warning)r!����entitlement_cfg�
error_message�functor�expected_resultr3����platform�affordance_arches�deduplicated_arches�affordance_series�
kernel_info�affordance_kernels�affordance_min_kernel�
invalid_msg�
kernel_major�
kernel_minor�min_kern_major�min_kern_minorr"���r"���r#���r����
��s����
��
�
�
�
��
�
�
��
�� ����
��
��
z"UAEntitlement.applicability_statusc�����������������C���r*���)a\��
Disable specific entitlement. This should be implemented by subclasses.
This method does the actual disable, and does not check can_disable
or handle pre_disable or post_disable messaging.
@param silent: Boolean set True to silence print/log of messages
@return: True on success, False otherwise.
Nr"���rt���r"���r"���r#����_perform_disablel��s���
z
UAEntitlement._perform_disablec�����������
������C���s����|�j�D�]m}||�jdd�}|���d�tjk}|rptjj|j|�jd�}tj j|�j|jd�}t
j
||�j
d�s9d|f��S�|sFt
�tjj|jd���|jdd �\}}|spd
} |ra|jra|jjrad
|jj�} tjj| |jd
�}
d|
f��S�qd
S�)ay��
Disable dependent services
When performing a disable operation, we might have
other services that depend on the original services.
If that is true, we will alert the user about this
and prompt for confirmation to disable these services
as well.
@param silent: Boolean set True to silence print/log of messages
T)r5���rR���r���)�dependent_service�service_being_disabled)r����r����r����F)r����ra���r<���r����)rp���r����rc���)rP���r5���rx���r���r����r
����DEPENDENT_SERVICEr{���r1���� DEPENDENT_SERVICE_STOPS_DISABLEr���r����rR���r����r�����DISABLING_DEPENDENT_SERVICEr����ri���r�����"FAILED_DISABLING_DEPENDENT_SERVICE)
r!���r]���r����r�����is_service_enabledr����r����rr���rn���r����r����r"���r"���r#����_disable_dependent_servicesy��sD���
����
��
�
�z)UAEntitlement._disable_dependent_servicesc�����������������C���s���t����S�)z%Check if system needs to be rebooted.)r����
should_rebootr+���r"���r"���r#����_check_for_reboot���s���z UAEntitlement._check_for_reboot� operationc�����������������C���s,���|�����r|st�tjj|d���dS�dS�dS�)z�Check if user should be alerted that a reboot must be performed.
@param operation: The operation being executed.
@param silent: Boolean set True to silence print/log of messages
)r����N)r����r����r����r
����ENABLE_REBOOT_REQUIRED_TMPLr{���)r!���r����r]���r"���r"���r#����_check_for_reboot_msg���s���
���z#UAEntitlement._check_for_reboot_msgc�����������������C���s����|�j��dg��}t�|�sdS�|����\}}|s8|du�r
dS�|jtjkr4|�j|d�\}}|s3||_ d|fS�nd|fS�|�j
|d�s@dS�|�j��dg��}t�|�sNdS�|�j
d|d��d S�)
a���Disable specific entitlement
@param silent: Boolean set True to silence print/log of messages
@return: tuple of (success, optional reason)
(True, None) on success.
(False, reason) otherwise. reason is only non-None if it is a
populated CanDisableFailure reason. This may expand to
include other types of reasons in the future.
�
pre_disabler_���Nra���F�
post_disablezdisable operation)r����r]���rc���)
rQ���r9���r���rd���r���rf���r���r}���r����ri���r����r����)r!���r]���rm���r���rn���rr���r����r"���r"���r#���r�������s4���
���
�zUAEntitlement.disablec�����������������C���s@���|�j�jstjS�|�j�jj�|�ji��}|r
|d��d�r
tjS�tjS�)z=Return whether the user is entitled to the entitlement or notr
����entitled) r5����
is_attachedr���r����r6���r8���r9���r,���r����)r!���r����r"���r"���r#���r�������s���
�z
UAEntitlement.contract_statusc�����������������C���sF���|�j�jj�|�ji��}|�d�}|sdS�t�|d�}|t���kr!dS�dS�)z<Return entitlement access info as stale and needing refresh.�expiresFz%Y-%m-%dT%H:%M:%S.%fZT)r5���r6���r8���r9���r,���r����strptime�utcnow)r!����entitlement_contract�
expire_str�expiryr"���r"���r#���r�������s���
�
z UAEntitlement.is_access_expiredc�����������������C���sl���|�j��d�}|du�r
tjS�|�dg��}|D�]
}|�d�|�jkr2|�d�}|dkr-tj��S�tj��S�qtjS�)z6Check on the state of application on the status cache.�
status-cacheN�servicesr,����status�enabled)r5����
read_cacher���ry���r9���r,���r����)r!����
status_cache�services_status_listr�����service_statusr"���r"���r#����"_check_application_status_on_cache
��s���
�z0UAEntitlement._check_application_status_on_cache�
orig_access�deltas�
allow_enablec�����������������C���s���|sdS�|��di��}|��di��}|�j�d�}t|tjk�}|s9|r*t�|��|d�}|r9d|v�r9|d�dtjfv�}|rr|rD|rD|����}n|�� ��\}} |t
j
krf|��
��r_|��
���t�d|�j��nt�d|�j��|�j�d �|�j���dS�|��d
�}
|
s~|��d
�}
|��d
i��}
t|
��d
�o�|
�}
|
r�d|�_|����\}
} |
r�|
r�|r�tjj|�jd
�}tj|tjd��|�����dS�tj
j|�jd
�}tj|tjd��dS�dS�)av��Process any contract access deltas for this entitlement.
:param orig_access: Dictionary containing the original
resourceEntitlement access details.
:param deltas: Dictionary which contains only the changed access keys
and values.
:param allow_enable: Boolean set True if allowed to perform the enable
operation. When False, a message will be logged to inform the user
about the recommended enabled service.
:return: True when delta operations are processed; False when noop.
:raise: UserFacingError when auto-enable fails unexpectedly.
Tr
����
directivesr����r����Fz.Due to contract refresh, '%s' is now disabled.zhUnable to disable '%s' as recommended during contract refresh. Service is still active. See `pro status`zmachine-access-{}�
resourceToken�
obligations�enableByDefault)r,���)� file_type)
r9���r5���r�����boolr����
DROPPED_KEYr
����apply_contract_overridesr����rx���r���ry���r���r����r����r����r,���r�����delete_cache_keyr{���rS���re���r
����ENABLE_BY_DEFAULT_TMPLr�����sys�stderrrs����
ENABLE_BY_DEFAULT_MANUAL_TMPL)r!���r����r����r�����delta_entitlement�delta_directivesr�����transition_to_unentitledrx���r~���r���delta_obligations�enable_by_defaultre���r����r"���r"���r#����process_contract_deltas ��sl���
�
��
�
��z%UAEntitlement.process_contract_deltasc�����������������C���s����|�����\}}|tjkrtj|fS�|�jjj�|�j �}|s&tj
t
j
j
|�jd�fS�|d��dd�du�r;tj
t
j
j
|�jd�fS�|����\}}tjtjtjtji|�}||fS�)z4Return (user-facing status, details) for entitlementrv���r
���r����F)r����r���r����r���r����r5���r6���r8���r9���r,����
UNAVAILABLEr
����SERVICE_NOT_ENTITLEDr{���r1���rx���r���r�����ACTIVEry����INACTIVE)r!����
applicabilityr����r����rx����
explanation�user_facing_statusr"���r"���r#���r��y��s*���
���
��z UAEntitlement.user_facing_statusc�����������������C���r*���)z�
The current status of application of this entitlement
:return:
A tuple of (ApplicationStatus, human-friendly reason)
Nr"���r+���r"���r"���r#���rx������s���
z UAEntitlement.application_status)NFFr<���F)F)Gr%���r&���r'����
help_doc_urlrR���r[���r����r=���rJ���rM���rO����property�abc�abstractmethod�strr,���r���r0���r1���r2���r.���rF���r���r���rG���r
���rK���r���rN���rP���r���rQ���r���r
���rX���r��r$���r\���r ���r���rs���rl���r���r���re���r|���r����r����r����r
���r(���rh���rk���r���r����r����r����r����r����r����r���r����r����r���r����r���r���r��r���r��rx���r"���r"���r"���r#���r
���&���s�����
������
�
��
�7
��
� M
�5
�/
�_
�
�9���
���
�.
�
�
��
�Y
�
�r
���)� metaclass)*r
��r����r>���r
��r����typingr���r���r���r���r���r���r ���rB����uaclientr
���r
���r
���r
���r���r����uaclient.defaultsr����(uaclient.entitlements.entitlement_statusr���r���r���r���r���r���r���r����uaclient.typesr���r����
uaclient.utilr����get_event_loggerr����r
����ABCMetar
���r"���r"���r"���r#����<module>���s
����
$
(