Current File : //usr/lib/python3/dist-packages/uaclient/__pycache__/actions.cpython-312.pyc
�

��g�8���ddlZddlZddlZddlZddlZddlZddlZddlmZm	Z	ddl
mZmZm
Z
mZmZmZmZmZddl
mZddl
mZmZddl
mZddl
mZmZmZddlmZmZmZm Z dd	l!m"Z"m#Z#dd
l$m%Z%m&Z&m'Z'm(Z(m)Z)ejT�Z+ejXejZe.��Z/dZ0dZ1d
e
jddejfdejfd�Z4	d-d
e
jddeejjdejfdejde6f
d�Z7	d-d
e
jdde8de6de6ddf
d�Z9	d.d
e
jddejtddfd�Z;ddddd�d
e
jdde8de6de8de6d e	ee8fd!�Z<ddd"�d
e
jdd#e	e8d$e6fd%�Zd&e8ddfd'�Z=	d/d&e8d(e	ee>ddfd)�Z?d
e
jdfd*�Z@d
e
jdd+e8fd,�ZAy)0�N)�List�Optional)�api�clouds�config�contract�entitlements�event_logger�
exceptions�	livepatch)�log)�messages�secret_manager)�status)�system�timer�util)�APPARMOR_PROFILES�CLOUD_BUILD_INFO�DEFAULT_CONFIG_FILE�DEFAULT_LOG_PREFIX)�
machine_token�notices)�AttachmentData�attachment_data_file�machine_id_file�only_series_check_marker_file�timer_jobs_state_file)zapt-news.servicezesm-cache.servicezua-timer.servicezua-timer.timerzua-auto-attach.pathzua-auto-attach.servicezua-reboot-cmds.servicezubuntu-advantage.service�
�cfg�contract_client�attached_atc��ddlm}tjt	|���tj|��||�|j�y)Nr��update_motd_messages�r"�r )�uaclient.timer.update_messagingr%r�writer�	ua_statusr�update_activity_token)r r!r"r%s    �2/usr/lib/python3/dist-packages/uaclient/actions.py�_handle_partial_attachr-9s=��
E����~�+�F�G�
���������)�)�+�F�services_to_be_enabled�silentc��d}g}g}	|D]k}t||j|j|��\}	}
||	z}|	s|j|j��Ltj|j���m	|s�t|||�tj|�|rot
jt||�D�
�cgc]C\}
}|
tj j#t%|�t'j(���f��Ec}}
���t
j*|D�
cgc]}
|
tj,f��c}
���y#tj$r3}tjj�t|||�|�d}~wtj$r!|jj�d}Y��At$r9}d}|jj�|j|�Yd}~��}d}~wwxYwcc}}
wcc}
w)NT)r �name�variantr0)�serviceF)�	error_msg�log_path)�failed_services)�enable_entitlement_by_namer2r3�append�event�service_processedr�ConnectivityError�service_failedr-�UbuntuProError�	Exception�services_failed�AttachFailureUnknownError�zipr�UNEXPECTED_ERROR�format�str�pro_log�get_user_or_root_log_file_path�AttachFailureDefaultServices�!E_ATTACH_FAILURE_DEFAULT_SERVICES)r r/r!r"r0�retr7�unexpected_errors�enable_by_default_service�ent_ret�reason�exc�er2�	exceptions               r,�_enable_default_servicesrRFs����C��O���$�)?�	P�%�8��.�3�3�1�9�9��	�O�G�V�
�7�N�C���&�&�'@�'E�'E�F��'�'�0I�0N�0N�'�O�	P�2��s�O�[�A�
���o�.���6�6�,/�'�):�,�!�(��i�
� �1�1�8�8�&)�)�n�%,�%K�%K�%M�9���!�
�

��9�9�!0�!���8�E�E�F�!��
�+���'�'��
���6�;�;�<��s�O�[�A��	���$�$�����8�=�=�>����$������8�=�=�>�� � ��#�#��$��!��!s7�A0E�=AG>
�!H�G;�.F�3G;�:G;�.G6�6G;�token�allow_enable�returnc���ddlm}ddlm}tj
j
|�tj|�}tj|�}tjjtjj��}|j||��}	t!j"�j$}
|	j'di�j'di�}t)d�|j'd	g�D��}|j'd
i�j'di�j'dd
�}
|
r�t!j*|
�}|
|
k7r+t-j.|j0|j2���t5j6t4j8j:|j0|j2��t=j>|
�|j?|	�	||�t jDjG�|	j'di�j'dt!jD|��}tIj>|�|r4tjJ||jM��}tO|||||��tQj>tS|���||�tUjV�y
#t,j@$r}|jC�|�d
}~wwxYw)aC
    Common functionality to take a token and attach via contract backend
    :raise ConnectivityError: On unexpected connectivity issues to contract
        server or inability to access identity doc from metadata service.
    :raise ContractAPIError: On unexpected errors when talking to the contract
        server.
    r)�+check_entitlement_apt_directives_are_uniquer$)�tz)�contract_token�
attachment_dt�machineTokenInfo�contractInfoc3�jK�|]+}|jd�dk(r|jd�|f���-y�w)�type�supportN)�get)�.0rPs  r,�	<genexpr>z$attach_with_token.<locals>.<genexpr>�s5�����
��5�5��=�I�%�
���v�����s�13�resourceEntitlementsr_�affordances�
onlySeriesN)�release�series_codename�	machineId)r r/r!r"r0r&),�uaclient.entitlementsrWr(r%r�secrets�
add_secretr�get_machine_token_filer�UAContractClient�datetime�now�timezone�utc�add_contract_machiner�get_release_info�seriesr`�dict�get_distro_infor�AttachFailureRestrictedReleaserfrgr�add�Notice�LIMITED_TO_RELEASErr)�%EntitlementsAPTDirectivesAreNotUnique�delete�get_machine_id�cache_clearr�get_enabled_by_default_servicesr	rRrrr�start)r rSrTr0rWr%�machine_token_filer!r"�new_machine_token�current_seriesr\�support_resource�only_series�allowed_releaserP�
machine_idr/s                  r,�attach_with_tokenr��s����E����%�%�e�,�&�=�=�c�B���/�/��4�O��#�#�'�'�8�+<�+<�+@�+@�'�A�K�'�<�<��K�=����,�,�.�5�5�N�$�(�(�);�R�@�D�D����L����!�!�"8�"�=����	���Y��+�	��]�B�	�	��\�4�	 ��
� �0�0��=���.�(��;�;�'�/�/� /� ?� ?��
�	����N�N�-�-�#�+�+�+�;�;�	
�
	&�+�+�K�8����.�/��3�C�8�
���%�%�'�"�&�&�'9�2�>�B�B��V�*�*�3�/��J����*�%��!)�!I�!I��#�0�0�2�"
��	!��#9�+�#��	
����~�+�F�G����	�K�K�M��1�;�;���!�!�#�����s�'K	�	K3�K.�.K3�cloudc�B�|j|�}t|||��y)a\
    :raise ConnectivityError: On unexpected connectivity issues to contract
        server or inability to access identity doc from metadata service.
    :raise ContractAPIError: On unexpected errors when talking to the contract
        server.
    :raise NonAutoAttachImageError: If this cloud type does not have
        auto-attach support.
    )rSrTN)�acquire_pro_tokenr�)r r�rTrSs    r,�auto_attachr��s ��
�#�#�C�(�E��c��\�Br.�)�access_onlyr3r0�
extra_argsr2r�r3r�c��tj|||||��}|s=tjtj
j
|j���|jtj��\}}|r?|s=tjtjj
|j���||fS)z�
    Constructs an entitlement based on the name provided. Passes kwargs onto
    the entitlement constructor.
    :raise EntitlementNotFoundError: If no entitlement with the given name is
        found, then raises this error.
    )r r2r3r�r�)�title)r	�entitlement_factoryr:�infor�
ENABLING_TMPLrDr��enabler�ProgressWrapper�ENABLED_TMPL)	r r2r�r3r0r��entitlementrMrNs	         r,r8r8�s����2�2��
�����K��
�
�
�8�)�)�0�0�{�7H�7H�0�I�J�!�(�(��)<�)<�)>�?�O�G�V��v�
�
�
�8�(�(�/�/�k�6G�6G�/�H�I��F�?�r.)�simulate_with_token�show_allr�r�c�~�|rtj|||��\}}||fStj||��}d}||fS)z6
    Construct the current Pro status dictionary.
    )r rSr��r r�r)r*�simulate_statusr)r r�r�rrJs     r,rrsS����/�/��%��
�����3�;���!�!�c�H�=�����3�;�r.�filenamec���gd�}d}d}	tj|�\}}|rfg}|jd�D]*}tj||�s�|j|��,tj|dj|��yy#tj$rW}tjdt|��tjdj|�t|��Yd}~yd}~wwxYw)z�
    Helper which gets ubuntu_pro apparmor logs from the kernel from the last
    day and writes them to the specified filename.
    )�
journalctlz-bz-kz--since=1 day agoz7apparmor=\".*(profile=\"ubuntu_pro_|name=\"ubuntu_pro_)N�
z!Failed to collect kernel logs:
%s�{}-error)r�subp�split�re�searchr9�
write_file�joinr�ProcessExecutionError�LOG�warningrErD)r��cmd�apparmor_re�kernel_logs�_�
apparmor_logs�kernel_linerPs        r,�_write_apparmor_logs_to_filer�%s���:�C�L�K��K�B����S�)���Q�
��M�*�0�0��6�
6���9�9�[�+�6�!�(�(��5�
6�
���h��	�	�-�(@�A�
��	�+�+�?����8�#�a�&�A����*�+�+�H�5�s�1�v�>�>��?�s�B�C5�A
C0�0C5�return_codesc�>�	tj|j�|��\}}tj|dj	||��y#t
j$r8}tjdj	|�t|��Yd}~yd}~wwxYw)zCHelper which runs a command and writes output or error to filename.)�rcszstdout:
{}

stderr:
{}r�N)rr�r�r�rDrr�rE)r�r�r��out�errrPs      r,�_write_command_output_to_filer�>s~��
��;�;�s�y�y�{��=���S�	����2�9�9�#�s�C�	
���+�+�?����*�+�+�H�5�s�1�v�>�>��?�s�(A�B�$.B�Bc����jxst�jtjj
tg�fd�tjD��S)Nc3��K�|]:}t|tjj�r|��j���<y�w�N)�
issubclassr	�repo�RepoEntitlement�	repo_file)ra�entitlement_clsr s  �r,rbz#_get_state_files.<locals>.<genexpr>Ss:�����

���/�<�+<�+<�+L�+L�M�
�C� �*�*�

�s�AA)	�cfg_pathr�log_filer�ua_file�pathrr	�ENTITLEMENT_CLASSESr's`r,�_get_state_filesr�LsM���	���+�+�����%�%�*�*��	
�


�#/�#C�#C�

�
�
r.�
output_dirc�
	�tddj|��tdjtj�dj|��tddj|��tddj|��td	jd
j	t
D�cgc]}d|vs�dj|���c}��d
j|��t
D]1}tdj|�dj||�ddg���3t
|d��\}}tjdj|�tj|tj���tj�}tjdj|�tj|��t|�}tj�rt!j"�dt$nt!j&�g}t)|�D]q\}	}
	tj*tj,|
��}tjt.j0j	|dj|	��|��s|t;j:t<dz�zD]�}
t.j0j?|
�s�#	tj,|
�}tj*|�}tj�rtj|
|�tjt.j0j	|t.j0jA|
��|���tCdj|��tDD]9}
t.j0j?|
�s�#	tGjH|
|��;ycc}w#t2$r+}t4j7d|
t9|��Yd}~���d}~wwxYw#t2$r+}t4j7d|
t9|��Yd}~���d}~wwxYw#t2$r*}t4j7d|
t9|��Yd}~��d}~wwxYw)zG
    Write all relevant Ubuntu Pro logs to the specified directory
    zcloud-idz{}/cloud-id.txtz	{} statusz{}/livepatch-status.txtzsystemctl list-timers --allz{}/systemd-timers.txtzujournalctl --boot=0 -o short-precise -u cloud-init-local.service -u cloud-init-config.service -u cloud-config.servicez{}/cloud-init-journal.txtzjournalctl -o short-precise {}� z.servicez-u {}z{}/pro-journal.txtzsystemctl status {}z	{}/{}.txtr�)r�Fr�z{}/pro-status.json)�clsz{}/environment_vars.jsonNz
user{}.logz&Failed to collect user log file: %s
%s�*zFailed to load file: %s
%sz{}/apparmor_logs.txtzFailed to copy file: %s
%s)%r�rDr�
LIVEPATCH_CMDr��UA_SERVICESrrr��json�dumpsr�DatetimeAwareJSONEncoder�get_pro_environmentr��we_are_currently_rootrF�get_all_user_log_files�USER_LOG_COLLECTED_LIMIT�get_user_log_file�	enumerate�redact_sensitive_logs�	load_file�osr�r?r�r�rE�globr�isfile�basenamer�r�shutil�copy)r r��sr4�
pro_statusr��env_vars�state_files�user_log_files�log_file_idxr��contentrP�fs              r,�collect_logsr�[s���"��%�,�,�Z�8��"����9�2�2�3�!�(�(��4��"�%��&�&�z�2��"�
&�
	$�*�*�:�6��"�	,�4�4��H�H�,7�K�q�:��?�����"�K�
�	
�
	�#�#�J�/�
��
��%�!�(�(��1����z�7�3��Q��	
�
��s�U�3�M�J��
����#�#�J�/��
�
�:�4�#@�#@�A���'�'�)�H�
���"�)�)�*�5��
�
�8���
#�3�'�K��%�%�'�	�&�&�(�)B�*B�C��'�'�)�
*��#,�N�";�
���h�		��0�0��1A�1A�(�1K�L�G���������Z��)<�)<�\�)J�K��
�
��4�9�9�%7�#�%=�>�
>���
�7�7�>�>�!��
� �*�*�1�-���0�0��9�G��)�)�+��!�!�!�W�-���������Z����)9�)9�!�)<�=�w�
��(!�!7�!>�!>�z�!J�K����
�7�7�>�>�!��
����A�z�*���CL��H�	��K�K�9�8�S��V�
�
��	���
����9�1�c�!�f�E���
��.�
����9�1�c�!�f�E���
�sU�-	O�7O�(A+O!�P�Q�!	P�* P�P�	Q�! Q�Q�	R� Q=�=R)F)Tr�)Brnr�r��loggingr�r�r��typingrr�uaclientrrrrr	r
rrr
rFrrrr*rrr�uaclient.defaultsrrrr�uaclient.filesrr�uaclient.files.state_filesrrrrr�get_event_loggerr:�	getLogger�replace_top_level_logger_name�__name__r�r�r��UAConfigrmr-�EnableByDefaultService�boolrRrEr��AutoAttachInstancer�r8r��intr�r�r��r.r,�<module>r�s�������	�	�
�!�	�	�	�$�-�(�(�(���2���	&��%�%�'���g���:��:�:�8�D�E��	����
,�	���
,��.�.�
,��"�"�
,�$�?�	���?� ��!@�!@�A�?��.�.�?��"�"�	?�

�?�L�	Q�	���Q��Q��Q�
�	Q�

�Q�n�C�	���C��$�$�C�
�	C�*���&*��	����

���	�
��
�
���c��#��J*.��	�	����"�#����	�,B�3�B�4�B�4=A�
��
�&.�t�C�y�&9�
�	�
��&�/�/��b�f�o�o�b�3�br.