U lHJe6y @sddlZddlZddlZddlZddlmZmZmZmZm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZddlmZmZmZddlmZdd lm Z d Z!d Z"d Z#d Z$d Z%dZ&dZ'dZ(dZ)dZ*dZ+dddddZ,e -Z.e/e0e1Z2ej3Gdddej4Z5Gddde j6Z7e8dddZ9d>eee:efee:efe;e;ddd d!Zej?d&d'd(Z@d)d*ZAeeed+d,d-ZBee:ee:efd.d/d0ZCee;d+d1d2ZDee:e:fee:e:feEd3d4d5ZFd@ee:efe:e:ee:eeEee:effd6d7d8ZGdAee:efee:ee:dd9d:d;ZHee e5eEfd+ds rc@s0eZdZdZejejdddgdd&ddZe e e fdd d Z e e e e fd d d Z ejejdddgdejdddZd'e e ee ee e e fdddZddZe e e e fdddZe e e fdddZe dddZd(e e ee e e e fdd d!Zd)e e ee e dd"d#Zd$d%ZdS)*UAContractClientZ contract_urlrr)Z retry_sleepsNc Cs|st|j}|}|dd|i|}||d<||d}t|}|j t ||d}|j dkrvt n|j dkrt||j dkrt jt |j |jd |jS) a}Requests machine attach to the provided machine_id. @param contract_token: Token string providing authentication to ContractBearer service endpoint. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing the machine-token. Authorization Bearer {}lastAttachment machineId activityInfo)dataheadersiurlcodebody)r get_machine_idcfgr2updateformat_get_activity_info isoformat_support_old_machine_info request_urlAPI_V1_ADD_CONTRACT_MACHINEr7r ZAttachInvalidTokenError_raise_attach_forbidden_messageContractAPIErrorr8 json_dict) selfcontract_tokenZ attachment_dt machine_idr2 activity_infor1backcompat_dataresponser(r(r)add_contract_machineJs0        z%UAContractClient.add_contract_machine)returncCsT|}|jt|d|d|d|ddd}|jdkrNtjt|j|jd|jS) z=Requests list of entitlements available to this machine type. architecturerkernelvirtrMrrNrO) query_paramsr4r5)r=r@API_V1_AVAILABLE_RESOURCESr7r rCr8rD)rErHrJr(r(r)available_resourcesps  z$UAContractClient.available_resources)rFrLcCsN|}|dd|i|jt|d}|jdkrHtjt|j|jd|j S)Nr+r,r2r4r5) r2r;r<r@API_V1_GET_CONTRACT_USING_TOKENr7r rCr8rD)rErFr2rJr(r(r)get_contract_using_tokens z)UAContractClient.get_contract_using_token)instancecCsv|jtj|jd|jd}|jdkr`|jdd}|rLt |t j |dt j t|j|j d|jd|j|jS) zRequests contract token for auto-attach images for Pro clouds. @param instance: AutoAttachCloudInstance for the cloud. @return: Dict of the JSON response containing the contract-token. ) cloud_type)r1r4message)Z error_msgr5zcontract-token)r@,API_V1_GET_CONTRACT_TOKEN_FOR_CLOUD_INSTANCEr<rXZ identity_docr7rDgetLOGdebugr ZInvalidProImagerCr8r: write_cache)rErWrJmsgr(r(r)%get_contract_token_for_cloud_instances$    z6UAContractClient.get_contract_token_for_cloud_instanceT) machine_tokenresourcerG save_filerLcCs|st|j}|}|dd|itj||d}|j||d}|jdkrft j t|j|j d|j dr|jd|j d<|r|jd||j |j S) aRequests machine access context for a given resource @param machine_token: The authentication token needed to talk to this contract service endpoint. @param resource: Entitlement name. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @save_file: If the machine access should be saved on the user machine @return: Dict of the JSON response containing entitlement accessInfo. r+r,)rcmachinerTr4r5expireszmachine-access-{})r r9r:r2r;r<"API_V1_GET_RESOURCE_MACHINE_ACCESSr@r7r rCr8r\rDr_)rErbrcrGrdr2r6rJr(r(r)get_resource_machine_accesss.   z,UAContractClient.get_resource_machine_accesscCs|jjj}|jjd}t|j}|}tj ||d}| }| dd |i|j |||d}|j dkrtj||j |jd|jr|jj}|j|d<|jj|d S) zReport current activity token and enabled services. This will report to the contracts backend all the current enabled services in the system. machineTokenZcontractrer+r,)r2r1r4r5r0N)r:machine_token_file contract_idrbr\r r9r=API_V1_UPDATE_ACTIVITY_TOKENr<r2r;r@r7r rCr8rDwrite)rErlrbrGZ request_datar6r2rJr(r(r)update_activity_tokens*    z&UAContractClient.update_activity_token) magic_tokenrLc Cs|}|dd|iz|jt|d}Wn6tjk rd}zt|t W5d}~XYnX|j dkrxt |j dkrt |j dkrtj t|j |jd|jS) zRequest magic attach token info. When the magic token is registered, it will contain new fields that will allow us to know that the attach process can proceed r+r,rTNr3r4r5)r2r;r<r@"API_V1_GET_MAGIC_ATTACH_TOKEN_INFOr UrlErrorr] exceptionConnectivityErrorr7MagicAttachTokenErrorMagicAttachUnavailablerCr8rDrErpr2rJer(r(r)get_magic_attach_token_infos*     z,UAContractClient.get_magic_attach_token_infoc Cs|}z|jt|dd}Wn6tjk rR}zt|tW5d}~XYnX|jdkrft |jdkrtj t|j|j d|j S)z)Create a magic attach token for the user.POSTr2methodNrqr4r5) r2r@API_V1_NEW_MAGIC_ATTACHr rsr]rtrur7rwrCr8rD)rEr2rJryr(r(r)new_magic_attach_tokens&    z'UAContractClient.new_magic_attach_token)rpc Cs|}|dd|iz|jt|dd}Wn6tjk rf}zt|t W5d}~XYnX|j dkrzt |j dkrt |j dkrt |j d krtjt|j |jd dS) z)Revoke a magic attach token for the user.r+r,ZDELETEr|Nir3rqr4r5)r2r;r<r@API_V1_REVOKE_MAGIC_ATTACHr rsr]rtrur7Z MagicAttachTokenAlreadyActivatedrvrwrCr8rxr(r(r)revoke_magic_attach_token3s.      z*UAContractClient.revoke_magic_attach_token)rbrlrGrLc Cs|st|j}|}|dd|itj||d}|}|j|d||d|d|d|dd d }|j d krt j ||j |j d |j d r|jd |jd <|jS)a|Get the updated machine token from the contract server. @param machine_token: The machine token needed to talk to this contract service endpoint. @param contract_id: Unique contract id provided by contract service @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. r+r,rjZGETrMrrNrOrP)r}r2rQr4r5rf)r r9r:r2r;r<API_V1_GET_CONTRACT_MACHINEr=r@r7r rCr8r\rD)rErbrlrGr2r6rHrJr(r(r)get_contract_machineNs8   z%UAContractClient.get_contract_machinec Cs|st|j}|}|dd|i||d}t|}tj||d}|j ||d|d}|j dkrt j ||j |j d|jd r|jd |jd <|jS) aRequest machine token refresh from contract server. @param machine_token: The machine token needed to talk to this contract service endpoint. @param contract_id: Unique contract id provided by contract service. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing refreshed machine-token r+r,r.rjr{)r2r}r1r4r5rf)r r9r:r2r;r<r=r?API_V1_UPDATE_CONTRACT_MACHINEr@r7r rCr8r\rD) rErbrlrGr2r1rIr6rJr(r(r)update_contract_machineys6   z(UAContractClient.update_contract_machinecCstjtjtjtttt d}t |j j rt|j j}t}|j jjpjt|j |j jjdd|Ddd|D|r|jndd}ni}||S)z9Return a dict of activity info data for contract requests) distributionrNrrMZdesktoprOZ clientVersioncSsg|] }|jqSr()name.0servicer(r(r) sz7UAContractClient._get_activity_info..cSsi|]}|jr|j|jqSr()Zvariant_enabledrZ variant_namerr(r(r) sz7UAContractClient._get_activity_info..N)Z activityIDZ activityToken resourcesZresourceVariantsr-)r get_release_inforZget_kernel_infoZ uname_releaserZ get_dpkg_archZ is_desktopZ get_virt_typerZ get_versionrr: is_attachedrenabled_servicesrreadrkZ activity_idr9Zactivity_tokenZ attached_atr>)rEZ machine_inforZattachment_datarHr(r(r)r=s4      z#UAContractClient._get_activity_info)N)NT)N)N)r r!r"Zcfg_url_base_attrr ZretrysocketZtimeoutrKrstrrrSrVrZAutoAttachCloudInstancerarboolrhrorzrrrrr=r(r(r(r)r*GsJ %! (& / (r*) request_bodyc CsJ|di}|d||d|d|d|ddtjdd S) a? Transforms a request_body that has the new activity_info into a body that includes both old and new forms of machineInfo/activityInfo This is necessary because there may be old ua-airgapped contract servers deployed that we need to support. This function is used for attach and refresh calls. r0r/rMrrNrZLinux)rrNrtyperelease)r/r0rMos)r\r rr)rrHr(r(r)r?s r?T)r:past_entitlementsnew_entitlements allow_enablerrLc Cs`ddlm}d}d}g}||D]} z || } Wntk rHYq YnXg}z"t||| i| ||d\} } Wntjk r} z*t| d}| | t d| | W5d} ~ XYq t k r} z*t| d}| | td| | W5d} ~ XYq X| r | r t | q t ||r@tjd d |Dd n|r\tjd d |Dd dS) aIterate over all entitlements in new_entitlement and apply any delta found according to past_entitlements. :param cfg: UAConfig instance :param past_entitlements: dict containing the last valid information regarding service entitlements. :param new_entitlements: dict containing the current information regarding service entitlements. :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :param series_overrides: Boolean set True if series overrides should be applied to the new_access dict. r)entitlements_enable_orderF)r: orig_access new_accessrrTz+Failed to process contract delta for %s: %rNz5Unexpected error processing contract delta for %s: %rcSsg|]}|tjfqSr()r ZUNEXPECTED_ERRORrrr(r(r)r)sz.process_entitlements_delta..)failed_servicescSsg|]}|tjfqSr()r Z!E_ATTACH_FAILURE_DEFAULT_SERVICESrr(r(r)r/s)uaclient.entitlementsrKeyErrorprocess_entitlement_deltar\r ZUbuntuProErrorr]rtappenderror ExceptioneventZservice_processedZservices_failedZAttachFailureUnknownErrorZAttachFailureDefaultServices)r:rrrrrZ delta_errorZunexpected_errorrrnew_entitlementdeltasZservice_enabledryr(r(r)process_entitlements_deltasf           rF)r:rrrrrLc Csddlm}|rt|t||}d}|r|did}|sT|did}|sftj||d|didid d } z|||| d } Wn4tjk r} zt d || W5d } ~ XYnX| ||d} | j |||d}||fS)a,Process a entitlement access dictionary deltas if they exist. :param cfg: UAConfig instance :param orig_access: Dict with original entitlement access details before contract refresh deltas :param new_access: Dict with updated entitlement access details after contract refresh :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :param series_overrides: Boolean set True if series overrides should be applied to the new_access dict. :raise UbuntuProError: on failure to process deltas. :return: A tuple containing a dict of processed deltas and a boolean indicating if the service was fully processed r)entitlement_factoryF entitlementr)Zorignew entitlementsZ obligationsZ use_selectorrZ)r:rrz3Skipping entitlement deltas for "%s". No such classN)r:Z assume_yesr) rrapply_contract_overridesr get_dict_deltasr\r Z InvalidContractDeltasServiceTypeZEntitlementNotFoundErrorr]r^Zprocess_contract_deltas) r:rrrrrrZretrrZent_clsexcrr(r(r)r6sJ    r)rJrLcCs|jd}|r|d}|d}|dkrR|dt}tj|||dddnF|dkr|dt}tj|||ddd n|d krtj|d tdS) NinfoZ contractIdreasonzno-longer-effectivetimez%m-%d-%Y)rldateZcontract_expiry_dateznot-effective-yet)rlrZcontract_effective_dateznever-effective)rl) rDr\strftimerr ZAttachForbiddenExpiredZAttachForbiddenNotYetZAttachForbiddenNeverZAttachExpiredToken)rJrrlrrr(r(r)rBrs*    rBcCs|jj}|j}|d}|ddd}t|}|j||d}|j|tj| di dt|}| d|t |||jjdd d S) a Request contract refresh from ua-contracts service. :param cfg: Instance of UAConfig for this machine. :raise UbuntuProError: on failure to update contract or error processing contract deltas :raise UrlError: On failure during a connection rimachineTokenInfo contractInfoid)rbrlr/z machine-idFrN) rkrrbr*rrnr r9 cache_clearr\r_r)r:orig_entitlements orig_tokenrbrlcontract_clientresprGr(r(r)refreshs,     r)r:rLcCst|}|}|dgS)zDQuery available resources from the contract server for this machine.r)r*rSr\)r:clientrr(r(r)get_available_resourcessr)r:tokenrLcCst|}||S)z/Query contract information for a specific token)r*rV)r:rrr(r(r)get_contract_informationsrc Cs|j}|jj}|dd}|dididd}|s>dSt|}|||}|dididd}|rv|n|jj}|jj|krdS|j|} t| D]&\} } t || i| } | rdSqdS) NrirZrrrFZ effectiveToT) rbrkrr\r*rZcontract_expiry_datetimeZget_entitlements_from_tokensorteditemsr r) r:rrrbrlrrZ resp_expiryZ new_expiryZcurr_entitlementsrrrr(r(r)is_contract_changedsP      r)override_selectorselector_valuesrLcCs<d}|D]*\}}||f|kr*dS|t|7}q |S)Nr)rOVERRIDE_SELECTOR_WEIGHTS)rrZoverride_weightselectorvaluer(r(r)_get_override_weights r)r series_namerXrrLc Cszi}||d}|r||d<|di|i}|r>||td<t|dg}|D] }t|d|} | rT||| <qT|S)N)rrrrr overridesr)poprcopydeepcopyr\r) rrrXrrrrZgeneral_overridesoverrideZweightr(r(r)_select_overridess&  r)rrrrLcCsddlm}tt|td|kgs0td||dkrBtj n|}|\}}| di}t ||||}t | D]J\} } | D]8\} } |d | } t| tr| | q| |d| <qqvdS)aApply series-specific overrides to an entitlement dict. This function mutates orig_access dict by applying any series-overrides to the top-level keys under 'entitlement'. The series-overrides are sparse and intended to supplement existing top-level dict values. So, sub-keys under the top-level directives, obligations and affordance sub-key values will be preserved if unspecified in series-overrides. To more clearly indicate that orig_access in memory has already had the overrides applied, the 'series' key is also removed from the orig_access dict. :param orig_access: Dict with original entitlement access details r)get_cloud_typerz?Expected entitlement access dict. Missing "entitlement" key: {}N)Zuaclient.clouds.identityrall isinstancedict RuntimeErrorr<r rrr\rrrr;)rrrrrrX_Zorig_entitlementrZ_weightZoverrides_to_applykeyrZcurrentr(r(r)r s.     rcCst|jstjdfSt}t}|jj}|dkrBt dtj | fSd|krV|krdnn tj |fS| |krzdkrnn tj |fS|| krtj |fStj |fS)z/Return a tuple [ContractExpiryStatus, num_days]rNz:contract effectiveTo date is null - assuming it is expired)rrrr#rrrkZcontract_remaining_daysr]Zwarningr'r%r&r$)r:Z grace_periodZpending_expiryZremaining_daysr(r(r)get_contract_expiry_status>s"       r)T)FT)N)NN)JrenumZloggingrtypingrrrrrZuaclientrrr r r r r rZ-uaclient.api.u.pro.status.enabled_services.v1rZ(uaclient.api.u.pro.status.is_attached.v1rZuaclient.configrZuaclient.defaultsrrrZuaclient.files.state_filesrZ uaclient.httprrArrrRrgr[rmrUrrr~rrZget_event_loggerrZ getLoggerZreplace_top_level_logger_namer r]uniqueEnumrZUAServiceClientr*rr?rrrrZ HTTPResponseZ NamedMessagerBrrrrintrrrrr(r(r(r)s(         W   = "'      2