HEX
Server: Apache
System: Linux scp1.abinfocom.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: confeduphaar (1010)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /proc/self/root/lib/python3/dist-packages/uaclient/__pycache__/
Upload Files
File: //proc/self/root/lib/python3/dist-packages/uaclient/__pycache__/contract.cpython-38.pyc
U

��JhW��
@s�ddlZddlZddlZddlmZddlmZmZmZm	Z	m
Z
ddlmm
ZddlmZmZmZmZmZmZmZmZmZddlmZddlmZddlmZddlm Z dd	l!m"Z"m#Z#dd
l$m%Z%ddl&m'Z'dZ(d
Z)d
Z*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3ddddd�Z4e�5�Z6e�7e�8e9��Z:edddg�Z;Gdd�dej<�Z=Gdd �d e%j>�Z?e@d!�d"d#�ZAdDeeeBefeeBefeCeCdd%�d&d'�ZDdEeeeBefeeBefeCeCe
eeCfd)�d*d+�ZEejFejGd,�d-d.�ZHed/�d0d1�ZIeeed2�d3d4�ZJeeBeeBefd5�d6d7�ZKeeBeBfeeBeBfeLd8�d9d:�ZMdFeeBefeBeBe	eBeeLeeBeffd;�d<d=�ZNdGeeBefe	eBe	eBdd>�d?d@�ZOeeeBefee;dA�dBdC�ZPdS)H�N)�
namedtuple)�Any�Dict�List�Optional�Tuple)	�
data_types�event_logger�
exceptions�http�messages�secret_manager�system�util�version)�_enabled_services)�_is_attached)�UAConfig)�ATTACH_FAIL_DATE_FORMAT)�attachment_data_file�machine_id_file)�
serviceclient)�get_user_or_root_log_file_pathz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z
/v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z/v1/contractz/v1/magic-attachz?/v1/contracts/{contract}/context/machines/{machine}/guest-token����)�series_overrides�series�cloud�variant�EnableByDefaultService�namer c@sReZdZejdejdd�ejdejdd�ejdejdd�ejdejdd�ejdejdd�ejdejdd�ejd	ejdd�ejd
ejdd�ejdejdd�ejdejdd�ejd
ejdd�ejdejdd�ejdejdd�ejdejdd�gZdeeeeeeeeeeeeeeeeeeeeeeeeeeeed�dd�Z	dS)�CPUTypeData�cpuinfo_cpuF)Zrequired�cpuinfo_cpu_architecture�cpuinfo_cpu_family�cpuinfo_cpu_implementer�cpuinfo_cpu_part�cpuinfo_cpu_revision�cpuinfo_cpu_variant�
cpuinfo_model�cpuinfo_model_name�cpuinfo_stepping�cpuinfo_vendor_id�"sys_firmware_devicetree_base_model�
sysinfo_model�sysinfo_typeN�r$r%r&r'r(r)r*r+r,r-r.r/r0r1cCsX||_||_||_||_||_||_||_||_|	|_|
|_	||_
||_|
|_||_
dS)Nr2)�selfr$r%r&r'r(r)r*r+r,r-r.r/r0r1�r4�3/usr/lib/python3/dist-packages/uaclient/contract.py�__init__zs�zCPUTypeData.__init__)NNNNNNNNNNNNNN)
�__name__�
__module__�__qualname__rZFieldZStringDataValueZfieldsr�strr6r4r4r4r5r#Fs����������������5��r#csheZdZdZd*eedd��fdd�
Zeje	j
dddgd�d+d	d
��Zee
efd�dd
�Ze
ee
efd�dd�Zeje	j
dddgd�e
ee
efd�dd��Zd,e
e
ee
ee
efd�dd�Zdd�Ze
ee
efd�dd�Zee
efd�dd�Ze
d�dd �Zd-e
e
ee
ee
efd!�d"d#�Zd.e
e
ee
ed!�d$d%�Ze
e
e
ed!�d&d'�Zd(d)�Z�ZS)/�UAContractClientZcontract_urlN��cfg�returncst�j|d�t��|_dS)N�r=)�superr6�mtf�get_machine_token_file�machine_token_file)r3r=��	__class__r4r5r6�szUAContractClient.__init__rr)Zretry_sleepscCs�|st�|j�}|��}|�dd�|�i�|��}|��|d<||d�}t|�}|j	t
||d�}|jdkrvt�
��n|jdkr�t|�|jdkr�tjt
|j|jd	��|j}	tj�|	�d
d��|	�dg�D]}
tj�|
�d
d��q�|	S)a}Requests machine attach to the provided machine_id.

        @param contract_token: Token string providing authentication to
            ContractBearer service endpoint.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing the machine-token.
        �
Authorization�	Bearer {}�lastAttachment��	machineId�activityInfo)�data�headers�i�����url�code�body�machineToken��resourceTokens�token)r�get_machine_idr=rM�update�format�_get_activity_info�	isoformat�_support_old_machine_info�request_url�API_V1_ADD_CONTRACT_MACHINErRr
ZAttachInvalidTokenError�_raise_attach_forbidden_message�ContractAPIErrorrS�	json_dictr
�secrets�
add_secret�get)r3�contract_tokenZ
attachment_dt�
machine_idrM�
activity_inforL�backcompat_data�response�
response_jsonrWr4r4r5�add_contract_machine�s<

�



�
�z%UAContractClient.add_contract_machine)r>cCsT|��}|jt|d|d|d|dd�d�}|jdkrNtjt|j|jd��|jS)	z=Requests list of entitlements available to this machine type.�architecturer�kernel�virt�rmrrnro)�query_paramsrOrP)r[r^�API_V1_AVAILABLE_RESOURCESrRr
rarSrb)r3rhrjr4r4r5�available_resources�s ��	
�z$UAContractClient.available_resources)rfr>cCsN|��}|�dd�|�i�|jt|d�}|jdkrHtjt|j|jd��|j	S)NrFrG�rMrOrP)
rMrYrZr^�API_V1_GET_CONTRACT_USING_TOKENrRr
rarSrb)r3rfrMrjr4r4r5�get_contract_using_token�s�
�z)UAContractClient.get_contract_using_token)�
cloud_typerLcCsz|jtj|d�|d�}|jdkr\|j�dd�}|rHt�|�tj	|d��tj
t|j|jd��|j}tj
�|�dd��|S)	z�Requests contract token for auto-attach images for Pro clouds.

        @param instance: AutoAttachCloudInstance for the cloud.

        @return: Dict of the JSON response containing the contract-token.
        )rw)rLrO�messagerU)�	error_msgrP�
contractToken)r^�,API_V1_GET_CONTRACT_TOKEN_FOR_CLOUD_INSTANCErZrRrbre�LOG�debugr
ZInvalidProImagerarSr
rcrd)r3rwrLrj�msgrkr4r4r5�%get_contract_token_for_cloud_instance�s*
��

�
�z6UAContractClient.get_contract_token_for_cloud_instance)�
machine_token�resourcergr>c	Cs�|st�|j�}|��}|�dd�|�i�tj||d�}|j||d�}|jdkrft	j
t|j|jd��|j�d�r�|jd|j
d<|j
}|�dg�D]}tj�|�d	d
��q�|S)a�Requests machine access context for a given resource

        @param machine_token: The authentication token needed to talk to
            this contract service endpoint.
        @param resource: Entitlement name.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing entitlement accessInfo.
        rFrG)r��machinertrOrP�expiresrVrWrU)rrXr=rMrYrZ�"API_V1_GET_RESOURCE_MACHINE_ACCESSr^rRr
rarSrerbr
rcrd)	r3r�r�rgrMrQrjrkrWr4r4r5�get_resource_machine_accesss*�
�z,UAContractClient.get_resource_machine_accesscCs�|jj}|jj�d�}t�|j�}|��}tj	||d�}|�
�}|�dd�	|�i�|j|||d�}|j
dkr�tj||j
|jd��|jr�|jj}|j|d<|j�|�d	S)
z�Report current activity token and enabled services.

        This will report to the contracts backend all the current
        enabled services in the system.
        rT�Zcontractr�rFrG)rMrLrOrPrKN)rC�contract_idr�rerrXr=r[�API_V1_UPDATE_ACTIVITY_TOKENrZrMrYr^rRr
rarSrb�write)r3r�r�rgZrequest_datarQrMrjr4r4r5�update_activity_token;s.��
�
z&UAContractClient.update_activity_token)�magic_tokenr>cCs�|��}|�dd�|�i�|jt|d�}|jdkr<t���|jdkrNt���|jdkrltj	t|j|j
d��|j}dd	d
g}|D]}tj
�|�|d��q�|S)z�Request magic attach token info.

        When the magic token is registered, it will contain new fields
        that will allow us to know that the attach process can proceed
        rFrGrtrN�rOrPrW�userCoderzrU)rMrYrZr^�"API_V1_GET_MAGIC_ATTACH_TOKEN_INFOrRr
�MagicAttachTokenError�MagicAttachUnavailablerarSrbr
rcrdre)r3r�rMrjrk�
secret_fields�fieldr4r4r5�get_magic_attach_token_infocs*�


�
z,UAContractClient.get_magic_attach_token_infocCsz|��}|jt|dd�}|jdkr*t���|jdkrHtjt|j|jd��|j}dddg}|D]}t	j
�|�|d	��q\|S)
z)Create a magic attach token for the user.�POST�rM�methodr�rOrPrWr�rzrU)
rMr^�API_V1_NEW_MAGIC_ATTACHrRr
r�rarSrbr
rcrdre)r3rMrjrkr�r�r4r4r5�new_magic_attach_tokens&�

�
z'UAContractClient.new_magic_attach_token)r�cCs�|��}|�dd�|�i�|jt|dd�}|jdkr>t���|jdkrPt���|jdkrbt�	��|jdkr�tj
t|j|jd	��d
S)z)Revoke a magic attach token for the user.rFrGZDELETEr��rNr�rOrPN)rMrYrZr^�API_V1_REVOKE_MAGIC_ATTACHrRr
Z MagicAttachTokenAlreadyActivatedr�r�rarS)r3r�rMrjr4r4r5�revoke_magic_attach_token�s&�



�z*UAContractClient.revoke_magic_attach_token)r�r�rgr>c	Cs�|st�|j�}|��}|�dd�|�i�tj||d�}|��}|j|d||d|d|d|dd	�d
�}|j	dkr�t
j||j	|jd��|j�
d
�r�|jd
|jd
<|jS)a|Get the updated machine token from the contract server.

        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.
        rFrGr��GETrmrrnrorp)r�rMrqrOrPr�)rrXr=rMrYrZ�API_V1_GET_CONTRACT_MACHINEr[r^rRr
rarSrerb)r3r�r�rgrMrQrhrjr4r4r5�get_contract_machine�s8���
�z%UAContractClient.get_contract_machinec	Cs�|st�|j�}|��}|�dd�|�i�||��d�}t|�}tj||d�}|j	||d|d�}|j
dkr�tj||j
|j
d��|j�d	�r�|jd	|jd	<|jS)
a�Request machine token refresh from contract server.

        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing refreshed machine-token
        rFrGrIr�r�)rMr�rLrOrPr�)rrXr=rMrYrZr[r]�API_V1_UPDATE_CONTRACT_MACHINEr^rRr
rarSrerb)	r3r�r�rgrMrLrirQrjr4r4r5�update_contract_machine�s6���
�z(UAContractClient.update_contract_machinecCsv|��}|�dd�|�i�tj||d�}|j||dd�}|jdkrRtjdd��n|jd	krptj||j|j	d
��|j
S)a�Request guest token associated with this machine's contract
        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service
        @param machine_id: Unique machine id that was registered with the pro
            backend on attach.
        @return: Dict of the JSON response containing the guest token
        rFrGr�r�r�r��get_guest_token)Zfeature_namerOrP)rMrYrZ�API_V1_GET_GUEST_TOKENr^rRr
Z FeatureNotSupportedOldTokenErrorrarSrb)r3r�r�rgrMrQrjr4r4r5r�s$�
�
�z UAContractClient.get_guest_tokencCs�t��}t��jt��jt��jt��t��t�	�t
��t|j
|j|j|j|j|j|j|j|j|j|j|j|j|jd�jdd�d�}t|j�jr�t|j�j }t!�"�}|j#j$p�t�%|j�|j#j&dd�|D�dd�|D�|r�|j'�(�nd	d
�}ni}||�S)z9Return a dict of activity info data for contract requestsr2F)Z	keep_none)�distributionrnrrmZdesktoproZ
clientVersionZcpu_typecSsg|]
}|j�qSr4)r"��.0�servicer4r4r5�
<listcomp>Hsz7UAContractClient._get_activity_info.<locals>.<listcomp>cSsi|]}|jr|j|j�qSr4)Zvariant_enabledr"Zvariant_namer�r4r4r5�
<dictcomp>Is�z7UAContractClient._get_activity_info.<locals>.<dictcomp>N)Z
activityIDZ
activityToken�	resourcesZresourceVariantsrH))rZget_cpu_info�get_release_infor�Zget_kernel_infoZ
uname_releaserZ
get_dpkg_archZ
is_desktopZ
get_virt_typerZget_versionr#r$r%r&r'r(r)r*r+r,r-r.r/r0r1Zto_dictrr=Zis_attachedr�enabled_servicesr�readrCZactivity_idrXZactivity_tokenZattached_atr\)r3ZcpuinfoZmachine_infor�Zattachment_datarhr4r4r5r[#sZ���
����z#UAContractClient._get_activity_info)N)N)N)N)N)r7r8r9Zcfg_url_base_attrrrr6rZretry�socketZtimeoutrlrr:rrsrvrr�r�r�r�r�r�r�r�r[�
__classcell__r4r4rDr5r;�s\���*
�$�
�&(�
�/��*�#r;)�request_bodyc	CsJ|�di�}|�d�||�d�|�d�|�d�|�d�dt��jd�d	�S)
a?
    Transforms a request_body that has the new activity_info into a body that
    includes both old and new forms of machineInfo/activityInfo

    This is necessary because there may be old ua-airgapped contract
    servers deployed that we need to support.
    This function is used for attach and refresh calls.
    rKrJrmr�rnrZLinux)r�rnr�type�release)rJrKrm�os)rerr�r�)r�rhr4r4r5r]]s	��r]T)r=�past_entitlements�new_entitlements�allow_enablerr>cCsvddlm}d}g}g}||�D�]�}	z||	}
Wntk
rJYq YnXg}z"t||�|	i�|
||d�\}}Wn�tjk
r�}
z*t�|
�d}|�	|	�t�
d|	|
�W5d}
~
XYq tk
�r
}
z0t�|
�|�	|
�|�	|	�t�d|	|
�W5d}
~
XYq X|r |r t�
|	�q t�|�t|�dk�rVtjd	d
�t||�D�d��n|�rrtjdd
�|D�d��dS)
a�Iterate over all entitlements in new_entitlement and apply any delta
    found according to past_entitlements.

    :param cfg: UAConfig instance
    :param past_entitlements: dict containing the last valid information
        regarding service entitlements.
    :param new_entitlements: dict containing the current information regarding
        service entitlements.
    :param allow_enable: Boolean set True if allowed to perform the enable
        operation. When False, a message will be logged to inform the user
        about the recommended enabled service.
    :param series_overrides: Boolean set True if series overrides should be
        applied to the new_access dict.
    r)�entitlements_enable_orderF)r=�orig_access�
new_accessr�rTz+Failed to process contract delta for %s: %rNz5Unexpected error processing contract delta for %s: %rcSs*g|]"\}}|tjjt|�t�d�f�qS))ryZlog_path)rZUNEXPECTED_ERRORrZr:r)r�r"�	exceptionr4r4r5r��s���z.process_entitlements_delta.<locals>.<listcomp>)�failed_servicescSsg|]}|tjf�qSr4)rZ!E_ATTACH_FAILURE_DEFAULT_SERVICES)r�r"r4r4r5r��s�)�uaclient.entitlementsr��KeyError�process_entitlement_deltarer
ZUbuntuProErrorr|r��append�error�	Exception�eventZservice_processedZservices_failed�lenZAttachFailureUnknownError�zipZAttachFailureDefaultServices)r=r�r�r�rr�Zdelta_errorZunexpected_errorsr�r"Znew_entitlement�deltasZservice_enabled�er4r4r5�process_entitlements_deltaxsf

�

�


�
����r�F)r=r�r�r�rr>c
Cs�ddlm}|rt|�t�||�}d}|r�|�di��d�}|sT|�di��d�}|sftj||d��|�di��di��d	d
�}	z||||	d�}
Wn4tjk
r�}zt	�
d|�|�W5d
}~XYnX|
j|||d�}||fS)a,Process a entitlement access dictionary deltas if they exist.

    :param cfg: UAConfig instance
    :param orig_access: Dict with original entitlement access details before
        contract refresh deltas
    :param new_access: Dict with updated entitlement access details after
        contract refresh
    :param allow_enable: Boolean set True if allowed to perform the enable
        operation. When False, a message will be logged to inform the user
        about the recommended enabled service.
    :param series_overrides: Boolean set True if series overrides should be
        applied to the new_access dict.

    :raise UbuntuProError: on failure to process deltas.
    :return: A tuple containing a dict of processed deltas and a
             boolean indicating if the service was fully processed
    r��entitlement_factoryF�entitlementr�)Zorig�new�entitlements�obligations�use_selectorrU�r=r"r z3Skipping entitlement deltas for "%s". No such classN�r�)r�r��apply_contract_overridesrZget_dict_deltasrer
Z InvalidContractDeltasServiceType�EntitlementNotFoundErrorr|r}Zprocess_contract_deltas)r=r�r�r�rr�r�Zretr"r r��excr4r4r5r��sP�����
��r�)rjr>cCs�|j�d�}|r�|d}|d}|dkrR|d�t�}tj|||d�d�d��nF|dkr�|d�t�}tj|||d�d�d	��n|d
kr�tj|d��t���dS)N�infoZ
contractId�reasonzno-longer-effective�timez%m-%d-%Y)r��dateZcontract_expiry_dateznot-effective-yet)r�r�Zcontract_effective_dateznever-effective)r�)	rbre�strftimerr
ZAttachForbiddenExpiredZAttachForbiddenNotYetZAttachForbiddenNeverZAttachExpiredToken)rjr�r�r�r�r4r4r5r`s*��r`r?c	Cs�t�|�}|��}|j}|d}|ddd}t|d�}|j||d�}|�|�tj�	�|�
di��
dt�|��}t�|�t|||��dd	�d
S)z�Request contract refresh from ua-contracts service.

    :raise UbuntuProError: on failure to update contract or error processing
        contract deltas
    :raise ConnectivityError: On failure during a connection
    rTZmachineTokenInfoZcontractInfo�idr?)r�r�rJFr�N)
rArBr�r�r;r�r�rrX�cache_clearrerr�)	r=rCZorig_entitlementsZ
orig_tokenr�r�Zcontract_clientZresprgr4r4r5�refresh.s.

�

�
�r�r<cCst|�}|��}|�dg�S)zDQuery available resources from the contract server for this machine.r�)r;rsre)r=�clientr�r4r4r5�get_available_resourcesOsr�)r=rWr>cCst|�}|�|�S)z/Query contract information for a specific token)r;rv)r=rWr�r4r4r5�get_contract_informationVsr�)�override_selector�selector_valuesr>cCs<d}|��D]*\}}||f|��kr*dS|t|7}q|S)Nr)�items�OVERRIDE_SELECTOR_WEIGHTS)r�r�Zoverride_weight�selector�valuer4r4r5�_get_override_weight\sr�)r��series_namerwr r>c
Cszi}||d�}|r||d<|�di��|i�}|r>||td<t�|�dg��}|D] }t|�d�|�}	|	rT|||	<qT|S)N)rrr rr�	overridesr�)�popr��copy�deepcopyrer�)
r�r�rwr r�r�rZgeneral_overrides�overrideZweightr4r4r5�_select_overrideshs"
�
�
r�)r�rr r>cCs�ddlm}tt|t�d|kg�s0td�|���|dkrBt��j	n|}|�\}}|�
di�}t||||�}t|�
��D]J\}	}
|
�
�D]8\}}|d�
|�}
t|
t�r�|
�|�q�||d|<q�qvdS)a�Apply series-specific overrides to an entitlement dict.

    This function mutates orig_access dict by applying any series-overrides to
    the top-level keys under 'entitlement'. The series-overrides are sparse
    and intended to supplement existing top-level dict values. So, sub-keys
    under the top-level directives, obligations and affordance sub-key values
    will be preserved if unspecified in series-overrides.

    To more clearly indicate that orig_access in memory has already had
    the overrides applied, the 'series' key is also removed from the
    orig_access dict.

    :param orig_access: Dict with original entitlement access details
    r)�get_cloud_typer�z?Expected entitlement access dict. Missing "entitlement" key: {}N)Zuaclient.clouds.identityr��all�
isinstance�dict�RuntimeErrorrZrr�rrer��sortedr�rY)r�rr r�r�rw�_Zorig_entitlementr�Z_weightZoverrides_to_apply�keyr�Zcurrentr4r4r5r��s.���
�
r�)r=r�r>c	Cs�ddlm}g}|��D]�\}}|�di��dd�}z||||d�}Wntjk
r`YqYnX|�di��di�}|�d�}	|�||	�r|��\}
}|
r|�t	||d	��q|S)
Nrr�r�r�rUr�r��
resourceToken)r"r )
r�r�r�rer
r�Z_should_enable_by_default�
can_enabler�r!)r=r�r�Zenable_by_default_servicesZent_nameZ	ent_valuer Zentr�r�r�r�r4r4r5�get_enabled_by_default_services�s(

��r�)T)FT)N)NN)Qr�Zloggingr��collectionsr�typingrrrrrZuaclient.files.machine_token�filesr�rAZuaclientrr	r
rrr
rrrZ-uaclient.api.u.pro.status.enabled_services.v1rZ(uaclient.api.u.pro.status.is_attached.v1rZuaclient.configrZuaclient.defaultsrZuaclient.files.state_filesrrZ
uaclient.httprZuaclient.logrr_r�r�rrr�r{r�rur�r�r�r�r�Zget_event_loggerr�Z	getLoggerZreplace_top_level_logger_namer7r|r!Z
DataObjectr#ZUAServiceClientr;r�r]r:�boolr�r�ZHTTPResponseZNamedMessager`r�r�r��intr�r�r�r�r4r4r4r5�<module>s�,�������WC �

�^�


�@�!

��
��
�2
�
@ Telegram