| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /proc/1534260/root/usr/lib/python3/dist-packages/uaclient/__pycache__/ |
Upload File : |
o
����F��c�m����������������������@���s$��d�dl�Z�d�dlZd�dlmZmZmZmZmZ�d�dlm Z m
Z
m
Z
m
Z
m
Z
mZmZ�d�dlmZ�d�dlmZ�d�dlmZ�dZdZd Zd
Zd
Zd
Zd
Z
dZ
dddd�Z
e
� ��Z G�dd��de
j!�Z" d<dedee#ef�dee#ef�de$de$ddf
d
d
�Z%
d=ded ee#ef�d ee#ef�de$de$deee$f�f
d!d"�Z&d#e
j'de
j(fd$d%�Z)
d>d&ee#�fd'd(�Z*dedee�fd)d*�Z+ded+e#dee#ef�fd,d-�Z,dede$fd.d/�Z-d0ee#e#f�d1ee#e#f�de.fd2d3�Z/d4ee#ef�d5e#d6e#dee.ee#ef�f�fd7d8�Z0 d?d ee#ef�d9ee#�ddfd:d;�Z1dS�)@�����N)�Any�Dict�List�Optional�Tuple)�clouds�
event_logger�
exceptions�messages�
serviceclient�system�util)�UAConfig)�ATTACH_FAIL_DATE_FORMAT)�UserFacingStatusz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z
/v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z
/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z
/v1/contractz/v1/magic-attach������������)�series_overrides�series�cloudc����������������
���@���s���e�Zd�ZdZejZeje j
g�d�d�d.dd��Z
de
e
ef�fdd �Zd
e
de
e
ef�fd
d
�Zeje j
g�d�d�d
ejfdd��Z d.de
de
dee
�de
e
ef�fdd�Z d.de
de
dee
�de
fdd�Zdd��Zde
de
e
ef�fdd
�Zde
e
ef�fd
d
�Zde
fd d �Z d.de
de
dee
�de
e
ef�fd!d"�Z d.de
de
dee
�de
fd#d$�Z
d%e
e
ef�fd&d'�Z
d(d)��Z
d*d+��Z d.dee
�fd,d-�Z dS�)/�UAContractClient�
contract_url)r���r���r���)�
retry_sleepsNc�����������������C���s~���|�����}|�dd�|�i��|��|�}|�jt||d�\}}|�jj�|��t j
�
���|�
di���
d|�
d��}|�j�
d|��|S�)a}��Requests machine attach to the provided machine_id.
@param contract_token: Token string providing authentication to
ContractBearer service endpoint.
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
@return: Dict of the JSON response containing the machine-token.
�
Authorization� Bearer {})�data�headers�machineTokenInfo� machineId�
machine-id)r
����update�format�_get_platform_data�
request_url�
API_V1_CONTEXT_MACHINE_TOKEN�cfg�machine_token_file�writer
����get_machine_id�
cache_clear�get�
write_cache)�self�contract_token�
machine_idr
���r
����
machine_token�_headers��r2����3/usr/lib/python3/dist-packages/uaclient/contract.py� request_contract_machine_attach*���s���
�
�z0UAContractClient.request_contract_machine_attach�returnc�����������������C���s���|�j�t|����d�\}}|S�)z=Requests list of entitlements available to this machine type.)�
query_params)r$����API_V1_RESOURCES�_get_platform_basic_info)r-����resource_responser
���r2���r2���r3����request_resourcesE���s���
�z"UAContractClient.request_resourcesr.���c�����������������C���s2���|�����}|�dd�|�i��|�jt|d�\}}|S�)Nr���r����r
���)r
���r!���r"���r$����API_V1_CONTRACT_INFORMATION)r-���r.���r
����
response_data�_response_headersr2���r2���r3����
request_contract_informationL���s
���
�z-UAContractClient.request_contract_information�instancec�������������
���C���s|���z|�j�tj|jd�|jd�\}}W�n#�tjy4�}�z|j�dd�}|r.t �
|��tj
|d��|�d}~ww�|�j
�
d|��|S�)z�Requests contract token for auto-attach images for Pro clouds.
@param instance: AutoAttachCloudInstance for the cloud.
@return: Dict of the JSON response containing the contract-token.
)�
cloud_type)r
����message��)� error_msgNzcontract-token)r$����
API_V1_AUTO_ATTACH_CLOUD_TOKENr"���rA����
identity_docr ����ContractAPIError� api_errorr+����logging�debug�InvalidProImager&���r,���)r-���r@����responser1����e�msgr2���r2���r3����"request_auto_attach_contract_tokenV���s"���
��
��z3UAContractClient.request_auto_attach_contract_tokenr0����resourcer/���c�����������������C���sz���|st��|�j�}|����}|�dd�|�i��tj||d�}|�j||d�\}}|�d�r1|d�|d<�|�j� d�|�|��|S�)a���Requests machine access context for a given resource
@param machine_token: The authentication token needed to talk to
this contract service endpoint.
@param resource: Entitlement name.
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
@return: Dict of the JSON response containing entitlement accessInfo.
r���r���)rP����machiner;����expireszmachine-access-{})
r
���r)���r&���r
���r!���r"����#API_V1_TMPL_RESOURCE_MACHINE_ACCESSr$���r+���r,���)r-���r0���rP���r/���r
����url�resource_accessr2���r2���r3���� request_resource_machine_accessq���s
���
�
�z0UAContractClient.request_resource_machine_access�
contract_idc�����������������C���s���|�j�|||d�S�)z6Update existing machine-token for an attached machine.)r0���rW���r/���)�
_request_machine_token_update)r-���r0���rW���r/���r2���r2���r3����
request_machine_token_update����s
����z-UAContractClient.request_machine_token_updatec����������� ������C���s����|�j�jj}|�j�j�d�}t�|�j��}|��|�}tj ||d�}|��
��}|�
dd� |�i��|�j
|||d�\}}|rI|�j�j}||d<�|�j�j�
|��dS�dS�)z�Report current activity token and enabled services.
This will report to the contracts backend all the current
enabled services in the system.
�
machineToken��contractrQ���r���r���)r
���r
����
activityInfoN)r&���r'���rW���r0���r+���r
���r)����_get_activity_info�API_V1_MACHINE_ACTIVITYr"���r
���r!���r$���r(���) r-���rW���r0���r/����
request_datarT���r
���rL����_r2���r2���r3����report_machine_activity����s
���
��z(UAContractClient.report_machine_activity�
magic_tokenc��������������
���C���s����|�����}|�dd�|�i��z
|�jt|d�\}}W�|S��tjy@�}�zt|d�r:|jdkr1t� ���|jdkr:t�
���|�d}~w�tj
yW�}�z
t
�
t|���t����d}~ww�)z�Request magic attach token info.
When the magic token is registered, it will contain new fields
that will allow us to know that the attach process can proceed
r���r���r;����code������N)r
���r!���r"���r$����API_V1_MAGIC_ATTACHr ���rG����hasattrrd����MagicAttachTokenError�MagicAttachUnavailable�UrlErrorrI���� exception�str�ConnectivityError)r-���rc���r
���rL���ra���rM���r2���r2���r3����get_magic_attach_token_info����s(���
��
���z,UAContractClient.get_magic_attach_token_infoc��������������
���C���s����|�����}z
|�jt|dd�\}}W�|S��tjy)�}�z
|jdkr#t����|�d}~w�tjy@�}�z
t� t
|���t�
���d}~ww�)z)Create a magic attach token for the user.�POST�r
����methodrf���N)
r
���r$���rg���r ���rG���rd���rj���rk���rI���rl���rm���rn���)r-���r
���rL���ra���rM���r2���r2���r3����new_magic_attach_token����s$���
�
�
���z'UAContractClient.new_magic_attach_tokenc��������������
���C���s����|�����}|�dd�|�i��z
|�jt|dd��W�d S��tjyH�}�z"t|d�rB|jdkr0t� ���|jdkr9t�
���|jdkrBt�
���|�d }~w�tj
y_�}�z
t
�t|���t����d }~ww�)
z)Revoke a magic attach token for the user.r���r����DELETErq���rd���i���re���rf���N)r
���r!���r"���r$���rg���r ���rG���rh���rd���� MagicAttachTokenAlreadyActivatedri���rj���rk���rI���rl���rm���rn���)r-���rc���r
���rM���r2���r2���r3����revoke_magic_attach_token����s.���
�
���z*UAContractClient.revoke_magic_attach_tokenc�����������������C���sv���|s
|���|��dd�}|����}|�dd�|�i��tj||d�}|�j|d||����dd�\}}|�d �r9|d �|d <�|S�)
a|��Get the updated machine token from the contract server.
@param machine_token: The machine token needed to talk to
this contract service endpoint.
@param contract_id: Unique contract id provided by contract service
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
r ���Nr���r���r[����GETr���)rr���r
���r6����timeoutrR���)r#���r+���r
���r!���r"����*API_V1_TMPL_CONTEXT_MACHINE_TOKEN_RESOURCEr$���r8���)r-���r0���rW���r/���r
���rT���rL���r2���r2���r3����get_updated_contract_info��s(���
��
�
z*UAContractClient.get_updated_contract_infoc�����������������C���s����|�����}|�dd�|�i��|��|�}|����|d<�tj||d�d�}|�j||d|d�\}}|�d�r8|d�|d<�|�d i���d|�d��}|S�)
a���Request machine token refresh from contract server.
@param machine_token: The machine token needed to talk to
this contract service endpoint.
@param contract_id: Unique contract id provided by contract service.
@param machine_id: Optional unique system machine id. When absent,
contents of /etc/machine-id will be used.
@return: Dict of the JSON response containing refreshed machine-token
r���r���r]���r ���r[���rp���)r
���rr���r
���rR���r
���)r
���r!���r"���r#���r^���ry���r$���r+���)r-���r0���rW���r/���r
���r
���rT���rL���r2���r2���r3���rX���)��s ���
�
�
�z.UAContractClient._request_machine_token_updaterL���c�����������������C���sN���|�j�j�|��tj����|��d��}|�di���d|�d��}|�j��d|��d�S�)Nr
���r ���r ���) r&���r'���r(���r
���r)���r*���r#���r+���r,���)r-���rL���r
���r/���r2���r2���r3����'update_files_after_machine_token_updateJ��s���
�z8UAContractClient.update_files_after_machine_token_updatec�����������������C���s6���|st��|�j�}t����}|���}|�d�}|||d�S�)z<Return a dict of platform-related data for contract requests�arch)r ����
architecture�os)r
���r)���r&����get_platform_info�copy�pop)r-���r/����platform�
platform_osr|���r2���r2���r3���r#���U��s���
�z#UAContractClient._get_platform_datac�����������������C���s ���t����}|d�|d�|d�d�S�)z?Return a dict of platform basic info for some contract requestsr|���r����kernel)r}���r���r����)r
���r���)r-���r����r2���r2���r3���r8���b��s
����z)UAContractClient._get_platform_basic_infoc��������������������sN���ddl�m}�|st���j�}��jjjp|}��fdd�|D��}|��jjj|d�S�)z9Return a dict of activity info data for contract requestsr���)�ENTITLEMENT_CLASSESc��������������������s0���g�|�]}|��j�����d��tjkr|��j��j�qS�)r���)r&����user_facing_statusr����ACTIVE�name)�.0�ent�r-���r2���r3����
<listcomp>v��s
�����
�z7UAContractClient._get_activity_info.<locals>.<listcomp>)�
activityID�
activityToken� resources)�uaclient.entitlementsr����r
���r)���r&���r'����
activity_id�activity_token)r-���r/���r����r�����enabled_servicesr2���r����r3���r^���k��s���
��z#UAContractClient._get_activity_info�N)!�__name__�
__module__�
__qualname__�cfg_url_base_attrr ���rG����
api_error_clsr
����retry�socketrx���r4���r���rm���r���r:���r?���r����AutoAttachCloudInstancerO���r���rV���rY���rb���ro���rs���rv���rz���rX���r{���r#���r8���r^���r2���r2���r2���r3���r���%���s�����
�
�
�
����
�#����
�
#
����
�'����
�!
�
r���Tr&����past_entitlements�new_entitlements�
allow_enabler���r5���c�����������
���
���C���sh��ddl�m}�d}d}||��D�]�}z||�} W�n �ty ���Y�qw�zt|�|�|i��| ||d�\}
}
W�n\�tjy`���d}t�|��t �
����t
�
dj
|| d���W�d����n1�sYw���Y��Y�q�ty����d}t�|��t �
����t
�d j
|| d���W�d����n1�s�w���Y��Y�qw�|
r�|
r�t�|��q|r�tjtjjtjjd
��|r�tjtjjtjjd
��dS�)
a���Iterate over all entitlements in new_entitlement and apply any delta
found according to past_entitlements.
:param cfg: UAConfig instance
:param past_entitlements: dict containing the last valid information
regarding service entitlements.
:param new_entitlements: dict containing the current information regarding
service entitlements.
:param allow_enable: Boolean set True if allowed to perform the enable
operation. When False, a message will be logged to inform the user
about the recommended enabled service.
:param series_overrides: Boolean set True if series overrides should be
applied to the new_access dict.
r���)�entitlements_enable_orderF)r&����
orig_access�
new_accessr����r���Tz4Failed to process contract delta for {name}: {delta})r�����deltaNz>Unexpected error processing contract delta for {name}: {delta}�rN����msg_code)r����r�����KeyError�process_entitlement_deltar+���r ����UserFacingError�event�service_failedr
����disable_log_to_consolerI����errorr"���� Exceptionrl����service_processedr
����UNEXPECTED_ERRORrN���r����� ATTACH_FAILURE_DEFAULT_SERVICES)
r&���r����r����r����r���r�����
delta_error�unexpected_errorr�����new_entitlement�deltas�service_enabledr2���r2���r3����process_entitlements_delta���sl���
�
�
��
��
��
���
����r����Fr����r����c�����������
���
���C���s����ddl�m}�|r
t|��t�||�}d}|ri|�di���d�}|s*|�di���d�}|s=tjj||d�} t j
| j
| j
d��z||�|d�}
W�n�t j
yZ�}
�zt�d |��|
�d
}
~
ww�|
|�|d
�}
|
j|||d
�}||fS�)
a-��Process a entitlement access dictionary deltas if they exist.
:param cfg: UAConfig instance
:param orig_access: Dict with original entitlement access details before
contract refresh deltas
:param new_access: Dict with updated entitlement access details after
contract refresh
:param allow_enable: Boolean set True if allowed to perform the enable
operation. When False, a message will be logged to inform the user
about the recommended enabled service.
:param series_overrides: Boolean set True if series overrides should be
applied to the new_access dict.
:raise UserFacingError: on failure to process deltas.
:return: A tuple containing a dict of processed deltas and a
boolean indicating if the service was fully processed
r���)�entitlement_factoryF�
entitlement�type)�orig�newr����)r&���r����z3Skipping entitlement deltas for "%s". No such classN)r&����
assume_yes)r����)r����r�����apply_contract_overridesr
����get_dict_deltasr+���r
����$INVALID_CONTRACT_DELTAS_SERVICE_TYPEr"���r ���r����rN���r�����EntitlementNotFoundErrorrI���rJ����process_contract_deltas)
r&���r����r����r����r���r����r�����retr����rN����ent_cls�excr����r2���r2���r3���r�������s8���
����
�r����rM���c�����������������C���s����t�j}t|�d�r{d|�jv�r{|�jd�}|d�}|d�}d�}|dkr=|d��t�}|d��d�|d�}t�jj||d �}||_n,|d
kr^|d��t�}|d��d�|d
�}t�j j||d �}||_n
|d
krit�j
j|d
�}|r{t�j
j|j
d�}|j
|_
|j|_|S�)NrH����info�
contractId�reasonzno-longer-effective�timez%m-%d-%Y)�contract_expiry_daterW���)rW����dateznot-effective-yet)�contract_effective_daterW���znever-effective)rW���)r����)r
����ATTACH_EXPIRED_TOKENrh���rH����strftimer����ATTACH_FORBIDDEN_EXPIREDr"����additional_info�ATTACH_FORBIDDEN_NOT_YET�ATTACH_FORBIDDEN_NEVER�ATTACH_FORBIDDENrN���r����)rM���rN���r����rW���r�����
reason_msgr����r����r2���r2���r3���� _create_attach_forbidden_message��sB���
��
���r����r.���c�����������
���
���C���sD��|�j�}|�jj}|r|rtj}tj|j|jd��t |��}|rz|j
|d��W�nq�tj
y~�}�zLt
|tj
�rXt|d�rV|jdkrBt����|jdkrVt|�}tj|j|j|jd��|�t�����t�t|���W�d����t����1�sqw���Y��t����d}~ww�|d�}|d �d
�d
�} |j|| d
�}
|�|
��t|�||�jj|��dS�)
af��Request contract refresh from ua-contracts service.
Compare original token to new token and react to entitlement deltas.
:param cfg: Instance of UAConfig for this machine.
:param contract_token: String contraining an optional contract token.
:param allow_enable: Boolean set True if allowed to perform the enable
operation. When False, a message will be logged to inform the user
about the recommended enabled service.
:raise UserFacingError: on failure to update contract or error processing
contract deltas
:raise UrlError: On failure to contact the server
r����)r.���rd���re���i���)rN���r����r����NrZ���r
����
contractInfo�id)r0���rW���)
r0���r'����
entitlementsr
����-UNEXPECTED_CONTRACT_TOKEN_ON_ATTACHED_MACHINEr ���r����rN���r����r���r4���rk����
isinstancerG���rh���rd����AttachInvalidTokenErrorr����r����r
���r����rI���rl���rm���rn���rY���r{���r����)
r&���r.���r�����
orig_token�orig_entitlementsrN����contract_clientrM���r0���rW����respr2���r2���r3����request_updated_contract0��sX���
�
�
�����
�r����c�����������������C���s
���t�|��}|���}|�dg��S�)zDQuery available resources from the contract server for this machine.r����)r���r:���r+���)r&����clientr����r2���r2���r3����get_available_resourcesl��s���
r�����tokenc�����������������C���s���t�|��}|�|�S�)z/Query contract information for a specific token)r���r?���)r&���r����r����r2���r2���r3����get_contract_informations��s���
r����c�����������
������C���s����|�j�}|�jj}|�dd�}|�di���di���dd��}|s dS�t|��}|�||�}|�di���di���dd��}|r>t�|�n|�jj}|�jj|krJdS�|�j� |�} t
| �
���D�]\}
}
t�
|�|
i��|
�}
|
ri�dS�qVdS�) NrZ���rC���r
���r����r����F�
effectiveToT)
r0���r'���r����r+���r���rz���r
����parse_rfc3339_date�contract_expiry_datetime�get_entitlements_from_token�sorted�itemsr����)
r&���r����r����r0���rW���r����r�����
resp_expiry�
new_expiry�curr_entitlementsr����r����r����r2���r2���r3����is_contract_changedy��sD���
��
�
��
�
��r�����override_selector�selector_valuesc�����������������C���s<���d}|�����D�]\}}||f|����vr�dS�|t|�7�}q|S�)Nr���)r�����OVERRIDE_SELECTOR_WEIGHTS)r����r�����override_weight�selector�valuer2���r2���r3����_get_override_weight���s
���r����r�����
series_namerA���c����������� ������C���sh���i�}||d�}|���di����|i��}|r||td�<�|���dg��}|D�]}t|��d�|�}|r1|||<�q!|S�)N)r���r���r���r���� overridesr����)r����r����r����) r����r����rA���r����r����r����general_overrides�override�weightr2���r2���r3����_select_overrides���s"���
��
��r����r���c�����������
������C���s����ddl�m}�tt|�t�d|�v�g�std�|����|du�r"t���d�n|}|��\}}|�� di��}t
|||�}t
|�
���D�]%\}} | �
��D�]
\}
}
|�d�� |
�}
t|
t�rY|
�
|
��qC|
|�d�|
<�qCq;dS�)a���Apply series-specific overrides to an entitlement dict.
This function mutates orig_access dict by applying any series-overrides to
the top-level keys under 'entitlement'. The series-overrides are sparse
and intended to supplement existing top-level dict values. So, sub-keys
under the top-level directives, obligations and affordance sub-key values
will be preserved if unspecified in series-overrides.
To more clearly indicate that orig_access in memory has already had
the overrides applied, the 'series' key is also removed from the
orig_access dict.
:param orig_access: Dict with original entitlement access details
r���)�get_cloud_typer����z?Expected entitlement access dict. Missing "entitlement" key: {}Nr���)�uaclient.clouds.identityr�����allr�����dict�
RuntimeErrorr"���r
���r���r+���r����r����r����r!���)
r����r���r����r����rA���ra����orig_entitlementr�����_weight�overrides_to_apply�keyr�����currentr2���r2���r3���r�������s&���
��
��r����)T)FT)NFr����)2rI���r�����typingr���r���r���r���r����uaclientr���r���r ���r
���r
���r
���r
����uaclient.configr����uaclient.defaultsr����(uaclient.entitlements.entitlement_statusr���r%���ry���r7���rS���rE���r_���r<���rg���r�����get_event_loggerr�����UAServiceClientr���rm����boolr����r����rG����
NamedMessager����r����r����r����r�����intr����r����r����r2���r2���r2���r3����<module>���s�����
$
��
��e��
�
���
�O��
�
���
�7�
�,�
�<
(
�
�
�
���
��
���