Current File : //usr/lib/python3/dist-packages/uaclient/__pycache__/contract.cpython-312.pyc
�

��gW����ddlZddlZddlZddlmZddlmZmZmZm	Z	m
Z
ddlmcm
ZddlmZmZmZmZmZmZmZmZmZddlmZddlmZddlmZddlm Z dd	l!m"Z"m#Z#dd
l$m%Z%ddl&m'Z'dZ(d
Z)d
Z*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3ddddd�Z4ejj�Z6ejnejpe9��Z:edddg�Z;Gd�dejx�Z=Gd�d e%j|�Z?d!e@fd"�ZA	d>d#ed$eeBefd%eeBefd&eCd'eCd(dfd)�ZD		d?d#ed*eeBefd+eeBefd&eCd'eCd(e
eeCffd,�ZEd-ej�d(ej�fd.�ZHd#efd/�ZId#ed(eefd0�ZJd#ed1eBd(eeBeffd2�ZKd3eeBeBfd4eeBeBfd(eLfd5�ZM	d@d6eeBefd7eBd8eBde	eBd(eeLeeBefff
d9�ZN		dAd*eeBefd:e	eBde	eBd(dfd;�ZOd#ed<eeBefd(ee;fd=�ZPy)B�N)�
namedtuple)�Any�Dict�List�Optional�Tuple)	�
data_types�event_logger�
exceptions�http�messages�secret_manager�system�util�version)�_enabled_services)�_is_attached)�UAConfig)�ATTACH_FAIL_DATE_FORMAT)�attachment_data_file�machine_id_file)�
serviceclient)�get_user_or_root_log_file_pathz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z
/v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z/v1/contractz/v1/magic-attachz?/v1/contracts/{contract}/context/machines/{machine}/guest-token����)�series_overrides�series�cloud�variant�EnableByDefaultService�namer!c�
�eZdZejdej
d��ejdej
d��ejdej
d��ejdej
d��ejdej
d��ejdej
d��ejd	ej
d��ejd
ej
d��ejdej
d��ejdej
d��ejd
ej
d��ejdej
d��ejdej
d��ejdej
d��gZ														ddeedeedeedeedeedeed	eed
eedeedeed
eedeedeedeefd�Z	y)�CPUTypeData�cpuinfo_cpuF)�required�cpuinfo_cpu_architecture�cpuinfo_cpu_family�cpuinfo_cpu_implementer�cpuinfo_cpu_part�cpuinfo_cpu_revision�cpuinfo_cpu_variant�
cpuinfo_model�cpuinfo_model_name�cpuinfo_stepping�cpuinfo_vendor_id�"sys_firmware_devicetree_base_model�
sysinfo_model�sysinfo_typeNc���||_||_||_||_||_||_||_||_|	|_|
|_	||_
||_|
|_||_
y�N�r&r(r)r*r+r,r-r.r/r0r1r2r3r4)�selfr&r(r)r*r+r,r-r.r/r0r1r2r3r4s               �3/usr/lib/python3/dist-packages/uaclient/contract.py�__init__zCPUTypeData.__init__zsy��"'���(@��%�"4���'>��$� 0���$8��!�#6�� �*���"4��� 0���!2���.�	
�/�+���(���)NNNNNNNNNNNNNN)
�__name__�
__module__�__qualname__r	�Field�StringDataValue�fieldsr�strr:�r;r9r%r%Fs����
����:�5�5��	
�	�
���&��&�&��	
�
	�
��� �*�"<�"<�u�	
�	�
���%��&�&��	
�
	�
����
� :� :�U�	
�	�
���"�J�$>�$>��	
�	�
���!�:�#=�#=��	
�	�
����Z�7�7�%�	
�	�
��� �*�"<�"<�u�	
�	�
����
� :� :�U�	
�	�
�����!;�!;�e�	
�	�
���0��&�&��	
�
	�
����Z�7�7�%�	
�	�
����J�6�6��	
�]1�F�j&*�26�,0�15�*.�.2�-1�'+�,0�*.�+/�<@�'+�&*� )��c�]� )�#+�3�-� )�%�S�M�	 )�
"*�#�� )�#�3�-�
 )�'�s�m� )�&�c�]� )� ��}� )�%�S�M� )�#�3�-� )�$�C�=� )�-5�S�M� )� ��}� )��s�m� )r;r%c����eZdZdZ	ddeeddf�fd�
Zeje	jgd���	dd��Zdee
effd	�Zd
e
dee
effd�Zeje	jgd���de
d
ee
effd��Z	dde
de
dee
dee
effd�Zd�Zde
dee
effd�Zdee
effd�Zde
fd�Z	dde
de
dee
dee
effd�Z	dde
de
dee
defd�Zde
de
de
defd�Zd�Z�xZS)�UAContractClient�contract_urlN�cfg�returnc�X��t�|�|��tj�|_y)N�rG)�superr:�mtf�get_machine_token_file�machine_token_file)r8rG�	__class__s  �r9r:zUAContractClient.__init__�s&���	���S��!�"%�"<�"<�">��r;)rrr)�retry_sleepsc�<�|stj|j�}|j�}|j	ddj|�i�|j
�}|j�|d<||d�}t|�}|jt||��}|jdk(rtj��|jdk(rt|�|jdk7r0tjt|j|j �	��|j"}	t$j&j)|	j+d
d��|	j+dg�D]1}
t$j&j)|
j+d
d���3|	S)a}Requests machine attach to the provided machine_id.

        @param contract_token: Token string providing authentication to
            ContractBearer service endpoint.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing the machine-token.
        �
Authorization�	Bearer {}�lastAttachment��	machineId�activityInfo)�data�headers�i�����url�code�body�machineToken��resourceTokens�token)r�get_machine_idrGrY�update�format�_get_activity_info�	isoformat�_support_old_machine_info�request_url�API_V1_ADD_CONTRACT_MACHINEr^r�AttachInvalidTokenError�_raise_attach_forbidden_message�ContractAPIErrorr_�	json_dictr�secrets�
add_secret�get)r8�contract_token�
attachment_dt�
machine_idrY�
activity_inforX�backcompat_data�response�
response_jsonrcs           r9�add_contract_machinez%UAContractClient.add_contract_machine�sl����.�.�t�x�x�8�J��,�,�.�������);�);�N�)K�L�M��/�/�1�
�*7�*A�*A�*C�
�&�'�'��G��3�D�9���#�#�'�o�w�$�
���=�=�C���4�4�6�6�
�]�]�c�
!�+�H�5��=�=�C���-�-�/��]�]��]�]��
�
!�*�*�
����)�)����n�b�1�	
�#�&�&�'7��<�	F�E��"�"�-�-�e�i�i���.D�E�	F��r;c��|j�}|jt|d|d|d|dd���}|jdk7r0t	j
t|j|j���|jS)	z=Requests list of entitlements available to this machine type.�architecturer�kernel�virt�r|rr}r~)�query_paramsr[r\)rgrj�API_V1_AVAILABLE_RESOURCESr^rrnr_ro)r8rvrxs   r9�available_resourcesz$UAContractClient.available_resources�s����/�/�1�
��#�#�&� -�n� =�'��1�'��1�%�f�-�	�$�
���=�=�C���-�-�.��]�]��]�]��
�
�!�!�!r;rsc�*�|j�}|jddj|�i�|jt|��}|j
dk7r0t
jt|j
|j���|jS)NrRrS�rYr[r\)
rYrerfrj�API_V1_GET_CONTRACT_USING_TOKENr^rrnr_ro)r8rsrYrxs    r9�get_contract_using_tokenz)UAContractClient.get_contract_using_token�s����,�,�.�������);�);�N�)K�L�M��#�#�+�W�$�
���=�=�C���-�-�3��]�]��]�]��
�
�!�!�!r;�
cloud_typerXc���|jtj|��|��}|jdk7ry|jjdd�}|r+tj|�tj|���tjt|j|j���|j}tjj|jdd��|S)	z�Requests contract token for auto-attach images for Pro clouds.

        @param instance: AutoAttachCloudInstance for the cloud.

        @return: Dict of the JSON response containing the contract-token.
        )r�)rXr[�messagera)�	error_msgr\�
contractToken)rj�,API_V1_GET_CONTRACT_TOKEN_FOR_CLOUD_INSTANCErfr^rorr�LOG�debugr�InvalidProImagernr_rrprq)r8r�rXrx�msgrys      r9�%get_contract_token_for_cloud_instancez6UAContractClient.get_contract_token_for_cloud_instance�s����#�#�8�?�?�%�
@�
��	$�
���=�=�C���$�$�(�(��B�7�C���	�	�#�� �0�0�3�?�?��-�-�@��]�]��]�]��
�!�*�*�
����)�)����o�r�2�	
��r;�
machine_token�resourceruc��|stj|j�}|j�}|j	ddj|�i�tj||��}|j||��}|jdk7r0tjt|j|j���|jjd�r|jd|jd<|j}|jdg�D]1}tjj!|jd	d
���3|S)a�Requests machine access context for a given resource

        @param machine_token: The authentication token needed to talk to
            this contract service endpoint.
        @param resource: Entitlement name.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing entitlement accessInfo.
        rRrS)r��machiner�r[r\�expiresrbrcra)rrdrGrYrerf�"API_V1_GET_RESOURCE_MACHINE_ACCESSrjr^rrnr_rrrorrprq)	r8r�r�rurYr]rxryrcs	         r9�get_resource_machine_accessz,UAContractClient.get_resource_machine_accesss#�� ��.�.�t�x�x�8�J��,�,�.�������);�);�M�)J�K�L�0�7�7��z�8�
���#�#�C��#�9���=�=�C���-�-�6��]�]��]�]��
�
�����	�*�,4�,<�,<�Y�,G�H���y�)� �*�*�
�"�&�&�'7��<�	F�E��"�"�-�-�e�i�i���.D�E�	F��r;c��|jj}|jjjd�}t	j
|j�}|j�}tj||��}|j�}|jddj|�i�|j|||��}|jdk7r,tj||j|j ���|j"rA|jj}|j"|d<|jj%|�y	y	)
z�Report current activity token and enabled services.

        This will report to the contracts backend all the current
        enabled services in the system.
        r`��contractr�rRrS)rYrXr[r\rWN)rN�contract_idr�rrrrdrGrg�API_V1_UPDATE_ACTIVITY_TOKENrfrYrerjr^rrnr_ro�write)r8r�r�ru�request_datar]rYrxs        r9�update_activity_tokenz&UAContractClient.update_activity_token;s'���-�-�9�9���/�/�=�=�A�A��
�
��*�*�4�8�8�4�
��.�.�0��*�1�1� �*�2�
���,�,�.�������);�);�M�)J�K�L��#�#�C��|�#�L���=�=�C���-�-��h�m�m�(�-�-��
���� �3�3�A�A�M�-5�,>�,>�M�.�)��#�#�)�)�-�8�r;�magic_tokenc�.�|j�}|jddj|�i�|jt|��}|j
dk(rt
j��|j
dk(rt
j��|j
dk7r0t
jt|j
|j���|j}gd�}|D]1}tjj|j|d	���3|S)
z�Request magic attach token info.

        When the magic token is registered, it will contain new fields
        that will allow us to know that the attach process can proceed
        rRrSr�rZ�r[r\�rc�userCoder�ra)rYrerfrj�"API_V1_GET_MAGIC_ATTACH_TOKEN_INFOr^r�MagicAttachTokenError�MagicAttachUnavailablernr_rorrprqrr)r8r�rYrxry�
secret_fields�fields       r9�get_magic_attach_token_infoz,UAContractClient.get_magic_attach_token_infocs����,�,�.�������);�);�K�)H�I�J��#�#�.��$�
���=�=�C���2�2�4�4��=�=�C���3�3�5�5��=�=�C���-�-�6��]�]��]�]��
�
!�*�*�
�>�
�"�	L�E��"�"�-�-�m�.?�.?��r�.J�K�	L��r;c��|j�}|jt|d��}|jdk(rt	j
��|jdk7r0t	jt|j|j���|j}gd�}|D]1}tjj|j|d���3|S)z)Create a magic attach token for the user.�POST�rY�methodr�r[r\r�ra)
rYrj�API_V1_NEW_MAGIC_ATTACHr^rr�rnr_rorrprqrr)r8rYrxryr�r�s      r9�new_magic_attach_tokenz'UAContractClient.new_magic_attach_tokens����,�,�.���#�#�#���$�
���=�=�C���3�3�5�5��=�=�C���-�-�+��]�]��]�]��
�
!�*�*�
�>�
�"�	L�E��"�"�-�-�m�.?�.?��r�.J�K�	L��r;c���|j�}|jddj|�i�|jt|d��}|j
dk(rt
j��|j
dk(rt
j��|j
dk(rt
j��|j
dk7r0t
jt|j
|j�	��y
)z)Revoke a magic attach token for the user.rRrS�DELETEr��rZr�r[r\N)rYrerfrj�API_V1_REVOKE_MAGIC_ATTACHr^r� MagicAttachTokenAlreadyActivatedr�r�rnr_)r8r�rYrxs    r9�revoke_magic_attach_tokenz*UAContractClient.revoke_magic_attach_token�s����,�,�.�������);�);�K�)H�I�J��#�#�&���$�
���=�=�C���=�=�?�?��=�=�C���2�2�4�4��=�=�C���3�3�5�5��=�=�C���-�-�.��]�]��]�]��
� r;r�c
�>�|stj|j�}|j�}|j	ddj|�i�tj||��}|j�}|j|d||d|d|d|dd	��
�}|jdk7r,tj||j|j���|jjd
�r|jd
|jd
<|jS)a|Get the updated machine token from the contract server.

        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.
        rRrSr��GETr|rr}r~r)r�rYr�r[r\r�)rrdrGrYrerf�API_V1_GET_CONTRACT_MACHINErgrjr^rrnr_rrro)r8r�r�rurYr]rvrxs        r9�get_contract_machinez%UAContractClient.get_contract_machine�s����.�.�t�x�x�8�J��,�,�.�������);�);�M�)J�K�L�)�0�0� ��1�
���/�/�1�
��#�#���� -�n� =�'��1�'��1�%�f�-�	�	$�

���=�=�C���-�-��h�m�m�(�-�-��
������	�*�,4�,<�,<�Y�,G�H���y�)��!�!�!r;c�8�|stj|j�}|j�}|j	ddj|�i�||j
�d�}t|�}tj||��}|j||d|��}|jdk7r,tj||j|j���|jjd	�r|jd	|jd	<|jS)
a�Request machine token refresh from contract server.

        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing refreshed machine-token
        rRrSrUr�r�)rYr�rXr[r\r�)rrdrGrYrerfrgri�API_V1_UPDATE_CONTRACT_MACHINErjr^rrnr_rrro)	r8r�r�rurYrXrwr]rxs	         r9�update_contract_machinez(UAContractClient.update_contract_machine�s�� ��.�.�t�x�x�8�J��,�,�.�������);�);�M�)J�K�L�#� �3�3�5�
��4�D�9��,�3�3� �*�4�
���#�#����o�$�
���=�=�C���-�-��h�m�m�(�-�-��
������	�*�,4�,<�,<�Y�,G�H���y�)��!�!�!r;c��|j�}|jddj|�i�tj||��}|j	||d��}|j
dk(rt
jd���|j
d	k7r,t
j||j
|j�
��|jS)a�Request guest token associated with this machine's contract
        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service
        @param machine_id: Unique machine id that was registered with the pro
            backend on attach.
        @return: Dict of the JSON response containing the guest token
        rRrSr�r�r�r��get_guest_token)�feature_namer[r\)rYrerf�API_V1_GET_GUEST_TOKENrjr^r� FeatureNotSupportedOldTokenErrorrnr_ro)r8r�r�rurYr]rxs       r9r�z UAContractClient.get_guest_tokens����,�,�.�������);�);�M�)J�K�L�$�+�+� ��,�
���#�#�C���#�G���=�=�C���=�=�.��
��]�]�c�
!��-�-���]�]��]�]��
�
�!�!�!r;c��tj�}tj�jtj�j
tj�jtj�tj�tj�tj�t|j|j|j|j |j"|j$|j&|j(|j*|j,|j.|j0|j2|j4��j7d��d�}t9|j:�j<r�t?|j:�j@}tCjD�}|jFjHxstjJ|j:�|jFjL|D�cgc]}|jN��c}|D�cic]%}|jPr|jN|jR��'c}|r|jTjW�ndd�}ni}i|�|�Scc}wcc}w)z9Return a dict of activity info data for contract requestsr7F)�	keep_none)�distributionr}rr|�desktopr~�
clientVersion�cpu_typeN)�
activityID�
activityToken�	resources�resourceVariantsrT),r�get_cpu_info�get_release_infor��get_kernel_info�
uname_releaser�
get_dpkg_arch�
is_desktop�
get_virt_typer�get_versionr%r&r(r)r*r+r,r-r.r/r0r1r2r3r4�to_dictrrG�is_attachedr�enabled_servicesr�readrN�activity_idrd�activity_tokenr#�variant_enabled�variant_name�attached_atrh)r8�cpuinfo�machine_infor��attachment_data�servicervs       r9rgz#UAContractClient._get_activity_info#s���%�%�'��"�3�3�5�B�B��,�,�.�<�<��-�-�/�6�6�"�0�0�2��(�(�*��(�(�*�$�0�0�2�#�#�/�/�)0�)I�)I�#*�#=�#=�(/�(G�(G�!(�!9�!9�%,�%A�%A�$+�$?�$?�%�3�3�#*�#=�#=�!(�!9�!9�")�";�";�3:�3]�3]�%�3�3�$�1�1���g��g�&�/
��4����!�-�-�0����:�K�K��2�7�7�9�O�"�5�5�A�A�3��(�(����2�!%�!8�!8�!G�!G�:J�K�w�g�l�l�K�$4�%���.�.��L�L�'�"6�"6�6�%�'�$�/�/�9�9�;���M�"�M�
��
��
�	
��L��%s�I>�)*J
r6)r<r=r>�cfg_url_base_attrrrr:r�retry�socket�timeoutrzrrBrr�r�r�r�r�r�r�r�r�r�r�rg�
__classcell__)rOs@r9rErE�s����&��#'�?�
�h�
�?�
�?��T�Z�Z����Y�7�8<�(�8�(�T"�T�#�s�(�^�"�("�s�"�t�C��H�~�"��T�Z�Z����Y�7�� ��(,�S�#�X���8��H%)�	$��$��$��S�M�	$�

�c�3�h��$�L&9�P�s��t�C��H�~��8��S�#�X���.�S��6%)�	)"��)"��)"��S�M�	)"�

�c�3�h��)"�^%)�	&"��&"��&"��S�M�	&"�

�&"�P!"��!"��!"��	!"�

�!"�F7
r;rE�request_bodyc	��|jdi�}|jd�||jd�|jd�|jd�|jd�dtj�jd�d	�S)
a?
    Transforms a request_body that has the new activity_info into a body that
    includes both old and new forms of machineInfo/activityInfo

    This is necessary because there may be old ua-airgapped contract
    servers deployed that we need to support.
    This function is used for attach and refresh calls.
    rWrVr|r�r}r�Linux)r�r}r�type�release)rVrWr|�os)rrrr�r�)r�rvs  r9riri]s���!�$�$�^�R�8�M�"�%�%�k�2�%�%�)�)�.�9�)�-�-�n�=�#�'�'��1�#�'�'��1���.�.�0�8�8�
�	
�
r;rG�past_entitlements�new_entitlements�allow_enablerrHc��ddlm}d}g}g}||�D]I}		||	}
g}	t||j	|	i�|
||��\}}|s�2|s�5t
j
|	��Kt
j|�t|�dkDretj t#||�D�	�cgc]9\}	}|	t$j&j)t+|�t-��	�f��;c}}	�
��|r4tj.|D�	cgc]}	|	t$j0f��c}	�
��y#t$rY��wxYw#tj$rJ}
tj|
�d}|j|	�tjd|	|
�Yd}
~
��sd}
~
wt$rY}
tj|
�|j|
�|j|	�tjd|	|
�Yd}
~
���d}
~
wwxYwcc}}	wcc}	w)a�Iterate over all entitlements in new_entitlement and apply any delta
    found according to past_entitlements.

    :param cfg: UAConfig instance
    :param past_entitlements: dict containing the last valid information
        regarding service entitlements.
    :param new_entitlements: dict containing the current information regarding
        service entitlements.
    :param allow_enable: Boolean set True if allowed to perform the enable
        operation. When False, a message will be logged to inform the user
        about the recommended enabled service.
    :param series_overrides: Boolean set True if series overrides should be
        applied to the new_access dict.
    r)�entitlements_enable_orderF)rG�orig_access�
new_accessr�rTz+Failed to process contract delta for %s: %rNz5Unexpected error processing contract delta for %s: %r)r��log_path)�failed_services)�uaclient.entitlementsr��KeyError�process_entitlement_deltarr�event�service_processedr�UbuntuProErrorr��	exception�append�error�	Exception�services_failed�len�AttachFailureUnknownError�zipr
�UNEXPECTED_ERRORrfrBr�AttachFailureDefaultServices�!E_ATTACH_FAILURE_DEFAULT_SERVICES)rGr�r�r�rr��delta_error�unexpected_errorsr�r#�new_entitlement�deltas�service_enabled�er�s               r9�process_entitlements_deltarxs��*@��K����O�)�#�.�%.��	�.�t�4�O���	.�&?��-�1�1�$��;�*�)�!1�'�#�F�O�8�6��'�'��-�K%.�L
���/�*�
����!��2�2�(+�?�<M�'N�	�$�D�)�
��-�-�4�4�"%�i�.�!?�!A�5���	�
�	
�
��5�5�,����x�A�A�B��
�	
�
��c�	��	���(�(�	��M�M�!���K��"�"�4�(��I�I�=���
�
��
�	��M�M�!���$�$�Q�'��"�"�4�(��M�M�G���
�
��		��"	��sA�D �#D0�">G0
�>G6� 	D-�,D-�0G-�?F�G-�AG(�(G-r�r�c�(�ddlm}|rt|�tj||�}d}|r�|jdi�jd�}|s!|jdi�jd�}|st
j||���|jdi�jdi�jd	d
�}		||||	��}
|
j|||��}||fS#tj$r}tjd|�|�d
}~wwxYw)a,Process a entitlement access dictionary deltas if they exist.

    :param cfg: UAConfig instance
    :param orig_access: Dict with original entitlement access details before
        contract refresh deltas
    :param new_access: Dict with updated entitlement access details after
        contract refresh
    :param allow_enable: Boolean set True if allowed to perform the enable
        operation. When False, a message will be logged to inform the user
        about the recommended enabled service.
    :param series_overrides: Boolean set True if series overrides should be
        applied to the new_access dict.

    :raise UbuntuProError: on failure to process deltas.
    :return: A tuple containing a dict of processed deltas and a
             boolean indicating if the service was fully processed
    r��entitlement_factoryF�entitlementr�)�orig�new�entitlements�obligations�use_selectorra�rGr#r!z3Skipping entitlement deltas for "%s". No such classN�r�)r�r�apply_contract_overridesr�get_dict_deltasrrr� InvalidContractDeltasServiceType�EntitlementNotFoundErrorr�r��process_contract_deltas)rGr�r�r�rrr�retr#r!r�excs            r9r�r��s��0:�� ��,�
�
!�
!�+�z�
:�F�
�C�
����}�b�1�5�5�f�=����:�:�m�R�0�4�4�V�<�D���=�=� �j��
�

�N�N�>�2�.�
�S���
#�
�S���
$�	�

	�-�����K��1�1���l�2�
���3�;����2�2�	��I�I�E�t�
��I��		�s�>C!�!D�4D�Drxc���|jjd�}|r�|d}|d}|dk(rB|djt�}t	j
|||djd����|dk(rB|djt�}t	j|||djd��	��|d
k(rt	j|���t	j��)N�info�
contractId�reasonzno-longer-effective�timez%m-%d-%Y)r��date�contract_expiry_dateznot-effective-yet)r�r&�contract_effective_dateznever-effective)r�)	rorr�strftimerr�AttachForbiddenExpired�AttachForbiddenNotYet�AttachForbiddenNever�AttachExpiredToken)rxr"r�r$r&s     r9rmrms������!�!�&�)�D���<�(���h����*�*���<�(�(�)@�A�D��3�3�'��%)�&�\�%:�%:�:�%F�	�
��*�
*���<�(�(�)@�A�D��2�2�'��(,�V��(=�(=�j�(I�	�
��(�
(��1�1�k�J�J�
�
'�
'�
)�)r;c���tj|�}|j�}|j}|d}|ddd}t	|��}|j||��}|j
|�tjj�|jdi�jdtj|��}tj|�t|||j�d�	�y
)z�Request contract refresh from ua-contracts service.

    :raise UbuntuProError: on failure to update contract or error processing
        contract deltas
    :raise ConnectivityError: On failure during a connection
    r`�machineTokenInfo�contractInfo�idrJ)r�r�rVFrN)
rLrMrr�rEr�r�rrd�cache_clearrrrr)	rGrN�orig_entitlements�
orig_tokenr�r��contract_client�resprus	         r9�refreshr7.s����3�3�C�8��*�7�7�9��#�1�1�J��~�.�M��/�0��@��F�K�&�3�/�O��2�2�#��3��D����T�"�
���%�%�'����,�b�1�5�5��V�*�*�3�/��J����*�%�����'�'�)��	r;c�\�t|�}|j�}|jdg�S)zDQuery available resources from the contract server for this machine.r�)rEr�rr)rG�clientr�s   r9�get_available_resourcesr:Os+��
�c�
"�F��*�*�,�I��=�=��b�)�)r;rcc�:�t|�}|j|�S)z/Query contract information for a specific token)rEr�)rGrcr9s   r9�get_contract_informationr<Vs��
�c�
"�F��*�*�5�1�1r;�override_selector�selector_valuesc�~�d}|j�D]'\}}||f|j�vry|t|z
}�)|S)Nr)�items�OVERRIDE_SELECTOR_WEIGHTS)r=r>�override_weight�selector�values     r9�_get_override_weightrE\sV���O�,�2�2�4�?���%��e��O�$9�$9�$;�;���4�X�>�>��?�
�r;r�series_namer�c� �i}||d�}|r||d<|jdi�j|i�}|r||td<tj|j	dg��}|D]%}t|jd�|�}	|	s�!|||	<�'|S)N)rr r!rr�	overridesrC)�poprA�copy�deepcopyrrrE)
rrFr�r!rHr>r�general_overrides�override�weights
          r9�_select_overridesrOhs����I�!,�z�B�O��%,��	�"�"���x��4�8�8��b�I����	�+�,>�?�@��
�
�k�o�o�k�2�&F�G��%�)��%��L�L��$�o�
��� (�I�f��)��r;rc��ddlm}tt|t�d|vg�stdj
|���|�tj�jn|}|�\}}|jdi�}t||||�}t|j��D][\}	}
|
j�D]C\}}|dj|�}
t|
t�r|
j|��<||d|<�E�]y)a�Apply series-specific overrides to an entitlement dict.

    This function mutates orig_access dict by applying any series-overrides to
    the top-level keys under 'entitlement'. The series-overrides are sparse
    and intended to supplement existing top-level dict values. So, sub-keys
    under the top-level directives, obligations and affordance sub-key values
    will be preserved if unspecified in series-overrides.

    To more clearly indicate that orig_access in memory has already had
    the overrides applied, the 'series' key is also removed from the
    orig_access dict.

    :param orig_access: Dict with original entitlement access details
    r)�get_cloud_typerz?Expected entitlement access dict. Missing "entitlement" key: {}N)�uaclient.clouds.identityrQ�all�
isinstance�dict�RuntimeErrorrfrr�rrrrO�sortedr@re)r�rr!rQrFr��_�orig_entitlementrH�_weight�overrides_to_apply�keyrD�currents              r9rr�s
��&8��
�;��-�}��/K�L�M��
��&��%�
�	
�-3�N����!�(�(���#�$�M�J��"���}�b�9��!��+�z�7��I�(.�i�o�o�.?�'@�	8�#��#�,�2�2�4�	8�J�C��!�-�0�4�4�S�9�G��'�4�(����u�%�38��M�*�3�/�	8�	8r;rc���ddlm}g}|j�D]�\}}|jdi�jdd�}	||||��}|jdi�jdi�}|jd�}	|j
||	�s�z|j�\}
}|
s��|jt||�	����|S#tj
$rY��wxYw)
Nrrrrrarr�
resourceToken)r#r!)
r�rr@rrrr�_should_enable_by_default�
can_enabler�r")rGrr�enable_by_default_services�ent_name�	ent_valuer!�entrr_rarXs            r9�get_enabled_by_default_servicesrf�s���:�!#��+�1�1�3����)��-�-�
�r�2�6�6�~�r�J��	�%�#�H�g�N�C� �m�m�M�2�6�:�:�=�"�M��!�
�
�o�6�
��(�(��m�D��N�N�,�M�J���*�1�1�*�%� '����*&�%��!�2�2�	��	�s�C	�	C�C)T)FTr6)NN)QrJ�loggingr��collectionsr�typingrrrrr�uaclient.files.machine_token�filesr�rL�uaclientr	r
rrr
rrrr�-uaclient.api.u.pro.status.enabled_services.v1r�(uaclient.api.u.pro.status.is_attached.v1r�uaclient.configr�uaclient.defaultsr�uaclient.files.state_filesrr�
uaclient.httpr�uaclient.logrrkr�r�r�r�r�r�r�r�r�r�r�rA�get_event_loggerr��	getLogger�replace_top_level_logger_namer<r�r"�
DataObjectr%�UAServiceClientrErUrirB�boolrr��HTTPResponse�NamedMessagermr7r:r<�intrErOrrfrCr;r9�<module>r}sJ����
�"�3�3�*�*�
�
�
�L�A�$�5�L�'�7�;��9��:��-��9�#�0O�,�9��#1��%7�"�,��/��F��
��
��	��	&��%�%�'���g���:��:�:�8�D�E��$��v�y�1���
T)�*�'�'�T)�n}
�}�4�4�}
�@�D��@"�W
�	�W
��C��H�~�W
��3��8�n�W
��	W
�
�W
�
�
W
�|�!�<�	�<��c�3�h��<��S�#�X��<��	<�
�<��4��:��
<�~*����*�
���*�:���B*��*�d�4�j�*�2�(�2�3�2�4��S��>�2�	��C��H�~�	�8<�S�#�X��	��	� "�	��c�3�h��������c�]�	�

�#�t�C��H�~�
���>!�!�.8��c�3�h��.8��S�M�.8��c�]�.8�
�	.8�b&�	�&�!%�c�3�h��&�	�
 �!�&r;