관리-도구

편집 파일: azure.cpython-39.opt-1.pyc

a ����'�Dg��������������������� ���@���sr��d�d
l�Z�d�d
l
Z
d�d
lZd�d
lZd�d
lZd�d
lZd�d
lZd�dlmZ
�d�dl m Z m Z
�d�dlmZmZ
�d�dl mZmZmZmZmZ
�d�dlmZ
�d�dlmZ
�d�dlmZmZmZmZmZmZ
�d�d lm Z
�d�d l!m"Z"
�e�#e$�
Z%dZ&dZ'd Z(dZ)dZ*e j+dddd�Z,ed�
Z-ede-f�ede-f�d�dd�Z.e.dd���
Z/e.dd���
Z0d
d�
e1e j2d�dd �Z3d!d"��Z4e.d#d$���
Z5ed%d&���
Z6e.d
d'd(d)�e1e7ee8�e9e9ej:d*�d+d,��
Z;e1e1e1e8d-�d.d/�Z<G�d0d1��d1�Z=G�d2d3��d3e>�Z?G�d4d5��d5�Z@G�d6d7��d7�ZAG�d8d9��d9�ZBG�d:d;��d;�ZCe.dIe1ejDeee1��ee1�d<�d=d>��
ZEe.e1d?d@�dAdB��
ZFdCdD��ZGG�dEdF��dFe>�ZHG�dGdH��dH�ZId
S�)J�����N)
�contextmanager)�datetime�timezone)�sleep�time)�Callable�List�Optional�TypeVar�Union)
�ElementTree)
�escape)�distros�subp� temp_utils� url_helper�util�version)
�events)
�errorsz 168.63.129.16�boot-telemetryzsystem-infoZ diagnostic� compressedzazure-dsz initialize reporter for azure dsT)�name�descriptionZreporting_enabled�
T.)�func�returnc
��������������������s�����f
d
d�}
|
S�)Nc���������������������sF���t�j
��j��jtd
��
���|�i�|
�
�
W��d����
�S�1�s80�
�
�
�Y�
�d�S�)N�r���r����parent)r����ReportEventStack�__name__�azure_ds_reporter)�args�kwargs�
r������C/usr/lib/python3.9/site-packages/cloudinit/sources/helpers/azure.py�impl*���s����



�z)azure_ds_telemetry_reporter.<locals>.implr%���)r���r'���r%���r$���r&����azure_ds_telemetry_reporter)���s����
r(���c������������������C���s8��t��
��std
�
�
t�d�

�ztt���
tt����
�}�W�n.�t yb
�}

�ztd�
|
�W�Y�d}
~
n d}
~
0�0�zTt j g�d�
dd�\}}d}|r�d|v�r�|�d�
d �}|s�td �
�
|�t|�
d��}W�nf�t jy�
�}

�ztd|
��
|
�W�Y�d}
~
n<d}
~
0��t �
y
�}

�ztd |
��
|
�W�Y�d}
~
n d}
~
0�0�zZt j g�d�
dd�\}}d}|�
rZd|v��
rZ|�d�
d �}|�
shtd�
�
|�t|�
d��}W�nh�t j�
y�
�}

�ztd|
��
|
�W�Y�d}
~
n<d}
~
0��t �
y�
�}

�ztd|
��
|
�W�Y�d}
~
n d}
~
0�0�t �tddt�|�tj����t�|tj����t�|tj����f�t j�}t �|�

�|S�)z[Report timestamps related to kernel initialization and systemd activation of cloud-initz1distro not using systemd, skipping boot telemetryzCollecting boot telemetryz*Failed to determine kernel start timestampN)� systemctl�show�-pZUserspaceTimestampMonotonicT)
�capture�
=�
���z8Failed to parse UserspaceTimestampMonotonic from systemdi@B�z-Failed to get UserspaceTimestampMonotonic: %sz<Failed to parse UserspaceTimestampMonotonic from systemd: %s)r)���r*���zcloud-init-localr+���ZInactiveExitTimestampMonotonicz;Failed to parse InactiveExitTimestampMonotonic from systemdz0Failed to get InactiveExitTimestampMonotonic: %sz?Failed to parse InactiveExitTimestampMonotonic from systemd: %sr���z5kernel_start=%s user_start=%s cloudinit_activation=%s)r���Zuses_systemd�RuntimeError�LOG�debug�floatr���r���Zuptime� ValueErrorr����splitZProcessExecutionErrorr����ReportingEvent�BOOT_EVENT_TYPEr���Z fromtimestampr���ZutcZ isoformat�DEFAULT_EVENT_ORIGIN�report_event)Zkernel_start�
e�out�
_ZtsmZ user_startZcloudinit_activation�evtr%���r%���r&����get_boot_telemetry5���s�����







� 



�


��

��

� 




�


��


���





���� r=���c��������������� ���C���sb���t��
��}�t�td
dt���|�d�|�d�|�d�d�|�d�d�|�d�d�|�d �f�tj�}
t�|
�

�|
S�) z%Collect and report system informationzsystem informationztcloudinit_version=%s, kernel_version=%s, variant=%s, distro_name=%s, distro_version=%s, flavor=%s, python_version=%s�releaseZvariantZdistr
���r.�������Zpython) r���Zsystem_infor���r5����SYSTEMINFO_EVENT_TYPEr���Zversion_stringr7���r8���)�infor<���r%���r%���r&����get_system_info����s$����









��� rB����
�logger_func)�msgr���c
�������
���������C���s6���t�|
�
r|
|��

�t
�td
|�t
j�}t
j|dh
d�
�|S�)zReport a diagnostic eventzdiagnostic message�log�
Zexcluded_handler_types)�callabler���r5����DIAGNOSTIC_EVENT_TYPEr7���r8���)rE���rD���r<���r%���r%���r&����report_diagnostic_event����s����





�rJ���c�����������������C���sN���t��
t�|
�
�
}d
|�d�
d�}t�t|�t� |�
tj �}tj|h�d�
d�
�|S�)zReport a compressed eventzgz+b64�ascii)�encoding�data>����printZwebhookrF���rG���)�base64Zencodebytes�zlib�compress�decoder���r5����COMPRESSED_EVENT_TYPE�json�dumpsr7���r8���)Z event_nameZ event_contentZcompressed_dataZ event_datar<���r%���r%���r&����report_compressed_event����s����
�



�
�rV���c��������������� ���C���sn���t��
d
�

�z$tjdg
ddd�\}�}
td|��
�W�n:�tyh
�}
�z"tdt|�
�t�jd�
�W�Y�d}~n d}~0�0�dS�) zReport dmesg to KVP.zDumping dmesg log to KVPZdmesgFT)rR���r,���z$Exception when dumping dmesg log: %srC���N)r0���r1���r���rV���� ExceptionrJ����repr�warning)r:���r;����exr%���r%���r&����report_dmesg_to_kvp����s����






�r[���c
�������������� ���c���s@���t��
��}
t��t�j�|��
�

�zd�V�
�W�t��|
�

�nt��|
�

�0�d�S��
N)�os�getcwd�chdir�path� expanduser)ZnewdirZprevdirr%���r%���r&����cd����s ����


rb�����������)rM����retry_sleep�timeout_minutes)�url�headersrM���re���rf���r���c
���������� ��� ���C���s����|d
�t����}d}d}|s�|d7�}zt
j|�|
|dd�}W�q�W�nb�t
jy�
�}
�zHtd|�|||j|jf�tjd�
�t���|�|ks�d t |�
v�r���W�Y�d}~n d}~0�0�t |�

�qtd |�|f�tjd�
�|S�)z�Readurl wrapper for querying wireserver. :param retry_sleep: Time to sleep before retrying. :param timeout_minutes: Retry up to specified number of minutes. :raises UrlError: on error fetching data. �<���r
���Nr.���)rc���ri���)rh���rM����timeoutzdFailed HTTP request with Azure endpoint %s during attempt %d with exception: %s (code=%r headers=%r)rC���zNetwork is unreachablez@Successful HTTP request with Azure endpoint %s after %d attempts)r���r���ZreadurlZUrlErrorrJ����coderh���r0���r1����strr���) rg���rh���rM���re���rf���rj���Zattempt�responser9���r%���r%���r&����http_with_retries����s<����





�


�� � � 

��rn���)�username�hostname� disableSshPwdr���c�����������������C���s$���t��
d
�
}|j|�|
|d�}|�d�
S�)Na.�� <ns0:Environment xmlns:ns0="http://schemas.dmtf.org/ovf/environment/1" xmlns:ns1="http://schemas.microsoft.com/windowsazure" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ns1:ProvisioningSection> <ns1:Version>1.0</ns1:Version> <ns1:LinuxProvisioningConfigurationSet> <ns1:ConfigurationSetType>LinuxProvisioningConfiguration </ns1:ConfigurationSetType> <ns1:UserName>{username}</ns1:UserName> <ns1:DisableSshPasswordAuthentication>{disableSshPwd} </ns1:DisableSshPasswordAuthentication> <ns1:HostName>{hostname}</ns1:HostName> </ns1:LinuxProvisioningConfigurationSet> </ns1:ProvisioningSection> <ns1:PlatformSettingsSection> <ns1:Version>1.0</ns1:Version> <ns1:PlatformSettings> <ns1:ProvisionGuestAgent>true</ns1:ProvisionGuestAgent> </ns1:PlatformSettings> </ns1:PlatformSettingsSection> </ns0:Environment> )ro���rp���rq����utf-8)�textwrap�dedent�format�encode)ro���rp���rq���ZOVF_ENV_TEMPLATE�retr%���r%���r&����build_minimal_ovf
��s����
�
�rx���c�������������������@���sH���e�Z
d�Zd
dd�Zdd��Zdejd�
dd �Zdee �ejd�dd �Z d S�)�AzureEndpointHttpClientZWALinuxAgentz 2012-11-30)zx-ms-agent-namezx-ms-versionc�����������������C���s���d
|
d�|�_�d�S�)NZDES_EDE3_CBC)zx-ms-cipher-namez!x-ms-guest-agent-public-x509-cert)
�extra_secure_headers)�self�certificater%���r%���r&����__init__D
��s����
�z AzureEndpointHttpClient.__init__F�
r���c�����������������C���s,���|�j�}|r |�j��
��}|�|�j�

�t|
|d
�S�)N)
rh���)rh����copy�updaterz���rn���)r{���rg����securerh���r%���r%���r&����getJ
��s ����




zAzureEndpointHttpClient.getN)rM���r���c�����������������C���s0���|�j�}|d�u
r"|�j��
��}|�|�

�t|
||d
�S�)N)rM���rh���)rh���r���r����rn���)r{���rg���rM���� extra_headersrh���r%���r%���r&����postQ
��s ����



zAzureEndpointHttpClient.post)
F)NN)r ���� __module__�__qualname__rh���r}���r����UrlResponser����r ����bytesr����r%���r%���r%���r&���ry���>
��s���
���

�ry���c����������������
���@���s���e�Z
d�Zd
ZdS�)�InvalidGoalStateXMLExceptionz9Raised when GoalState XML is invalid or has missing data.N)r ���r����r�����__doc__r%���r%���r%���r&���r����[
��s���
r����c�������������������@���s2���e�Z
d�Zdeeef�eedd�dd�Zdd��Z dS�) � GoalStateTN)�unparsed_xml�azure_endpoint_client�need_certificater���c�������������� ���C���s*
��||�_�zt
�|
�
|�_W�n:�t
jyP
�}
�z td
|�tjd�
���W�Y�d}~n d}~0�0�|��d�
|�_ |��d�
|�_ |��d�
|�_dD�]0}t|�|�du�rzd|�}t|tjd�
�t |�
�
qzd|�_|��d �
}|du
�
r&|�
r&tjd dtd��8
�|�j�j|d d�j|�_|�jdu��
rt d�
�
W�d���
�n1��
s0�
�
�
�Y�
�dS�)ah
��Parses a GoalState XML string and returns a GoalState object. @param unparsed_xml: string representing a GoalState XML. @param azure_endpoint_client: instance of AzureEndpointHttpClient. @param need_certificate: switch to know if certificates is needed. @return: GoalState object representing the GoalState XML string. z!Failed to parse GoalState XML: %srC���Nz./Container/ContainerIdz4./Container/RoleInstanceList/RoleInstance/InstanceIdz ./Incarnation)�container_id�instance_id�incarnationzMissing %s in GoalState XMLzD./Container/RoleInstanceList/RoleInstance/Configuration/Certificateszget-certificates-xmlzget certificates xmlr���T)
r����z/Azure endpoint returned empty certificates xml.)r�����ET� fromstring�root� ParseErrorrJ���r0���rY����_text_from_xpathr����r����r�����getattrr�����certificates_xmlr���r���r!���r�����contents)r{���r����r����r����r9����attrrE���rg���r%���r%���r&���r}���`
��sH���� 




�

�





�



�
� 

�zGoalState.__init__c�����������������C���s���|�j��
|
�
}|d�u
r|jS�d�S�r\���)r�����find�text)r{���Zxpath�elementr%���r%���r&���r�����
��s����



zGoalState._text_from_xpath)
T) r ���r����r����r���rl���r����ry����boolr}���r����r%���r%���r%���r&���r����_
��s�����


�7r����c�������������������@���s����e�Z
d�Zd
dd�Zdd��Zdd��Zedd ���
Zejd d ���
Ze dd���
Z ee d d���
�
Ze dd���
Z e dd���
Ze dd���
Ze dd���
ZdS�)�OpenSSLManagerzTransportPrivate.pemzTransportCert.pem)�private_keyr|���c
�����������
������C���s���t��
��|�_d�|�_|����
�d�S�r\���)r���Zmkdtemp�tmpdir�_certificate�generate_certificate�
r{���r%���r%���r&���r}����
��s����


zOpenSSLManager.__init__c
�����������
������C���s���t��
|�j�

�d�S�r\���)r���Zdel_dirr����r����r%���r%���r&����clean_up�
��s����
zOpenSSLManager.clean_upc
�����������
���
���C���s���|�j�S�r\����
r����r����r%���r%���r&���r|����
��s����zOpenSSLManager.certificatec�����������������C���s ���|
|�_�d�S�r\���r����)r{����valuer%���r%���r&���r|����
��s����c
�����������������C���s����t��
d
�

�|�jd�u
r"t��
d�

�d�S�t|�j�
�z
�t�ddddddd d ddd |�jd�d|�jd�g�

�d}
t�|�jd��
� ��D�]}d|v
rx|
|� ��7�}
qx|
|�_W�d����
�n1�s�0�
�
�
�Y�
�t��
d�

�d�S�)Nz7Generating certificate for communication with fabric...zCertificate already generated.�opensslZreqz-x509z-nodesz-subjz/CN=LinuxTransportz-daysZ32768z-newkeyzrsa:2048z-keyoutr����z-outr|�����ZCERTIFICATEzNew certificate generated.)r0���r1���r|���rb���r����r����certificate_namesr���Zload_text_file� splitlines�rstrip)r{���r|����liner%���r%���r&���r�����
��s<����

















��

�

$
z#OpenSSLManager.generate_certificatec�����������������C���s"���d
dd|�g}t�j�||
d�\}}|S�)Nr����Zx509z-noout�
rM���)
r���)�actionZcert�cmd�resultr;���r%���r%���r&����_run_x509_action�
��s����

zOpenSSLManager._run_x509_actionc�����������������C���s*���|���d
|
�}g�d�
}t
j
||d�\}}|S�)Nz-pubkey)z ssh-keygenz-iz-mZPKCS8z-fz /dev/stdinr����)r����r���)r{���r|���Zpub_keyZ keygen_cmd�ssh_keyr;���r%���r%���r&����_get_ssh_key_from_cert�
��s����


z%OpenSSLManager._get_ssh_key_from_certc�����������������C���s6���|���d
|
�}|�
d�
}||d�d���d�
}d�|�
S�)a
��openssl x509 formats fingerprints as so: 'SHA1 Fingerprint=07:3E:19:D1:4D:1C:79:92:24:C6:A0:FD:8D:DA:\ B6:A8:BF:27:D4:73\n' Azure control plane passes that fingerprint as so: '073E19D14D1C799224C6A0FD8DDAB6A8BF27D473' z-fingerprintr-���r.�������
:r����)r����r����r4����join)r{���r|���Zraw_fp�eq�octetsr%���r%���r&����_get_fingerprint_from_cert�
��s���� 


z)OpenSSLManager._get_fingerprint_from_certc�����������������C���s����t��
|
�
�d
�
}|j}ddddd|�d�
g}t|�j�
�8
�tjdjf�i�|�j �
�
d d � |�
d�\}}W�d���
�n1�st0�
�
�
�Y�
�|S�) z�Decrypt the certificates XML document using the our private key; return the list of certs and private keys contained in the doc. z.//Datas���MIME-Version: 1.0s<���Content-Disposition: attachment; filename="Certificates.p7m"s?���Content-Type: application/x-pkcs7-mime; name="Certificates.p7m"s!���Content-Transfer-Encoding: base64�����rr���zuopenssl cms -decrypt -in /dev/stdin -inkey {private_key} -recip {certificate} | openssl pkcs12 -nodes -password pass:T�
��� )�shellrM���N)r����r����r����r����rv���rb���r����r���ru���r����r����)r{���r�����tagZcertificates_content�linesr:���r;���r%���r%���r&����_decrypt_certs_from_xml�
��s$����





�

�
�(z&OpenSSLManager._decrypt_certs_from_xmlc����������� ������C���sv���|���|
�
}g�}i�}|�
��D�]V}|�|�

�t�d
|�r:g�}qt�d|�rd�|�
}|��|�
}|��|�
}|||<�g�}q|S�)z�Given the Certificates XML document, return a dictionary of fingerprints and associated SSH keys derived from the certs.z[-]+END .*?KEY[-]+$z[-]+END .*?CERTIFICATE[-]+$�
)r����r�����append�re�matchr����r����r����) r{���r����r:����current�keysr����r|���r�����fingerprintr%���r%���r&����parse_certificates��s����











z!OpenSSLManager.parse_certificatesN)r ���r����r����r����r}���r�����propertyr|����setterr(���r�����staticmethodr����r����r����r����r����r%���r%���r%���r&���r�����
��s,���
�


!





r����c�������������������@���s����e�Z
d�Ze�d
�
Ze�d�
ZdZdZdZ dZ eee dd�d d �Zedd�
dd ��
Zee dd�dd��
Zde e e e ed�dd�Zeedd�dd��
ZdS�)�GoalStateHealthReportera��� <?xml version="1.0" encoding="utf-8"?> <Health xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <GoalStateIncarnation>{incarnation}</GoalStateIncarnation> <Container> <ContainerId>{container_id}</ContainerId> <RoleInstanceList> <Role> <InstanceId>{instance_id}</InstanceId> <Health> <State>{health_status}</State> {health_detail_subsection} </Health> </Role> </RoleInstanceList> </Container> </Health> z� <Details> <SubStatus>{health_substatus}</SubStatus> <Description>{health_description}</Description> </Details> ZReadyZNotReadyZProvisioningFailedi���N)� goal_stater�����endpointr���c�����������������C���s���|
|�_�||�_
||�_d
S�)a?��Creates instance that will report provisioning status to an endpoint @param goal_state: An instance of class GoalState that contains goal state info such as incarnation, container id, and instance id. These 3 values are needed when reporting the provisioning status to Azure @param azure_endpoint_client: Instance of class AzureEndpointHttpClient @param endpoint: Endpoint (string) where the provisioning status report will be sent to @return: Instance of class GoalStateHealthReporter N)�_goal_state�_azure_endpoint_client� _endpoint)r{���r����r����r����r%���r%���r&���r}���F��s����

z GoalStateHealthReporter.__init__r~���c
�������������� ���C���s����|�j�|�j
j|�j
j|�j
j|�jd
�}
t�d�

�z|�j|
d�

�W�n8�t yr
�}
�z t d|�tjd�
���W�Y�d�}~n d�}~0�0�t�d�

�d�S�)N)r����r����r�����statusz Reporting ready to Azure fabric.�
�documentz#exception while reporting ready: %srC���zReported ready to Azure fabric.) �build_reportr����r����r����r�����PROVISIONING_SUCCESS_STATUSr0���r1����_post_health_reportrW���rJ����errorrA���)r{���r����r9���r%���r%���r&����send_ready_signal[��s ����



�





�z)GoalStateHealthReporter.send_ready_signal�r���r���c�������������� ���C���s����|�j�|�j
j|�j
j|�j
j|�j|�j|
d
�}z|�j|d�

�W�n<�tyr
�}
�z$d|�}t |t jd�
���W�Y�d�}~n d�}~0�0�t �d�

�d�S�)N)r����r����r����r����� substatusr���r����z%exception while reporting failure: %srC���z!Reported failure to Azure fabric.) r����r����r����r����r�����PROVISIONING_NOT_READY_STATUS�PROVISIONING_FAILURE_SUBSTATUSr����rW���rJ���r0���r����rY���)r{���r���r����r9���rE���r%���r%���r&����send_failure_signalo��s����





�




z+GoalStateHealthReporter.send_failure_signal)r����r����r����r����r���c����������� ������C���sb���d
}|d�u
r.|�j�j
t|�
t|d�|�j���
d�}|�jj
tt|
�
�
t|�
t|�
t|�
|d�}|�d�
S�)Nr����)Zhealth_substatusZhealth_description)r����r����r����Z health_statusZhealth_detail_subsectionrr���)�%HEALTH_DETAIL_SUBSECTION_XML_TEMPLATEru���r ����"HEALTH_REPORT_DESCRIPTION_TRIM_LEN�HEALTH_REPORT_XML_TEMPLATErl���rv���) r{���r����r����r����r����r����r���Z health_detailZ health_reportr%���r%���r&���r�������s ���� 




��




�z$GoalStateHealthReporter.build_report)r����r���c�����������������C���sB���t�d
�

�t
�d�

�d�|�j�
}|�jj||
ddi
d�
�t
�d�

�d�S�)Nr
���z&Sending health report to Azure fabric.zhttp://{}/machine?comp=healthzContent-Typeztext/xml; charset=utf-8)rM���r����z/Successfully sent health report to Azure fabric)r���r0���r1���ru���r����r����r����)r{���r����rg���r%���r%���r&���r�������s����




�z+GoalStateHealthReporter._post_health_report)NN)r ���r����r����rs���rt���r����r����r����r����r����r����r����ry���rl���r}���r(���r����r����r����r����r����r%���r%���r%���r&���r���� ��s<���

�
� 




�

�
��


�
r����c�������������������@���s����e�Z
d�Zed
�
dd�Zdd��Zeejdd�dd ��
Z edeje ee��d�d d��
Zeedd�d d��
Z eeed�dd��
Zeed�
dd��
Zeeeef�eed�dd��
Zeeeed�dd��
Zeeeed�dd��
ZdS�)�WALinuxAgentShim�
r����c�����������������C���s���|
|�_�d�|�_
d�|�_d�S�r\���)r�����openssl_managerr����)r{���r����r%���r%���r&���r}������s����


zWALinuxAgentShim.__init__c
�����������
������C���s���|�j�d�u
r|�j��
��
�d�S�r\���)r����r����r����r%���r%���r&���r�������s����

zWALinuxAgentShim.clean_upN)�distror���c�������������� ���C���sT���t��
d
�

�z|�|
�

�W�n6�tyN
�}
�ztd|�t�jd�
�W�Y�d�}~n d�}~0�0�d�S�)NzEjecting the provisioning isoz(Failed ejecting the provisioning iso: %srC���)r0���r1���Zeject_mediarW���rJ���r����)r{����iso_devr����r9���r%���r%���r&���� eject_iso���s����





�zWALinuxAgentShim.eject_isoc�����������������C���s����d
}|�j�d
u�r&|d
u
r&t
��|�_�|�j�j}|�jd
u�r:t|�
|�_|�j|d
u
d�
}d
}|d
u
rb|��||�}t||�j|�j�}|d
u
r�|�j ||
d�
�|� ��
�|S�)a�
��Gets the VM's GoalState from Azure, uses the GoalState information to report ready/send the ready signal/provisioning complete signal to Azure, and then uses pubkey_info to filter and obtain the user's pubkeys from the GoalState. @param pubkey_info: List of pubkey values and fingerprints which are used to filter and obtain the user's pubkey values from the GoalState. @return: The list of user's authorized pubkey values. N�
r����)
r����)r����r����r|���r����ry����_fetch_goal_state_from_azure�_get_user_pubkeysr����r����r����r����)r{���r�����pubkey_infor����Zhttp_client_certificater�����ssh_keys�health_reporterr%���r%���r&����"register_with_azure_and_fetch_data���s*����





�
�



�

z3WALinuxAgentShim.register_with_azure_and_fetch_datar����c�����������������C���s@���|�j�d
u�rt
d
�
|�_�|�jdd�
}t||�j�|�j�}|j|
d�

�d
S�)z�Gets the VM's GoalState from Azure, uses the GoalState information to report failure/send provisioning failure signal to Azure. @param: user visible error description of provisioning failure. NFr�����
r���)r����ry���r����r����r����r����)r{���r���r����r����r%���r%���r&����&register_with_azure_and_report_failure���s����



�z7WALinuxAgentShim.register_with_azure_and_report_failure)r����r���c�����������������C���s���|�����}|��
||
�S�)
a�
��Fetches the GoalState XML from the Azure endpoint, parses the XML, and returns a GoalState object. @param need_certificate: switch to know if certificates is needed. @return: GoalState object representing the GoalState XML )�"_get_raw_goal_state_xml_from_azure�_parse_raw_goal_state_xml)r{���r�����unparsed_goal_state_xmlr%���r%���r&���r������s���� 

�z-WALinuxAgentShim._fetch_goal_state_from_azurer~���c
�������������� ���C���s����t��
d
�

�d�|�j�
}
z@tjddtd��
�|�j�|
�
}W�d���
�n1�sJ0�
�
�
�Y�
�W�n8�t y�
�}
�z t d|�t�jd�
���W�Y�d}~n d}~0�0�t��d �

�|j S�) z�Fetches the GoalState XML from the Azure endpoint and returns the XML as a string. @return: GoalState XML string zRegistering with Azure...z!http://{}/machine/?comp=goalstatezgoalstate-retrievalzretrieve goalstater���Nz9failed to register with Azure and fetch GoalState XML: %srC���z#Successfully fetched GoalState XML.)r0���rA���ru���r����r���r���r!���r����r����rW���rJ���rY���r1���r����)r{���rg���rm���r9���r%���r%���r&���r������s&����





�.



��

z3WALinuxAgentShim._get_raw_goal_state_xml_from_azure)r����r����r���c�������������� ���C���s����zt�|
|�j
|�}W�n8�tyJ
�}
�z td
|�tjd�
���W�Y�d}~n d}~0�0�d�d|j�d|j�d|j �g�
}t|tj d�
�|S�)a
��Parses a GoalState XML string and returns a GoalState object. @param unparsed_goal_state_xml: GoalState XML string @param need_certificate: switch to know if certificates is needed. @return: GoalState object representing the GoalState XML z"Error processing GoalState XML: %srC���Nz, zGoalState XML container id: %szGoalState XML instance id: %szGoalState XML incarnation: %s)r����r����rW���rJ���r0���rY���r����r����r����r����r1���)r{���r����r����r����r9���rE���r%���r%���r&���r����2��s(����



�


�


��
z*WALinuxAgentShim._parse_raw_goal_state_xml)r����r����r���c�����������������C���sH���g�}|
j�d
u
rD|d
u
rD|�j
d
u
rDt�d�

�|�j
�|
j��
}|��||�}|S�)a���Gets and filters the VM admin user's authorized pubkeys. The admin user in this case is the username specified as "admin" when deploying VMs on Azure. See https://docs.microsoft.com/en-us/cli/azure/vm#az-vm-create. cloud-init expects a straightforward array of keys to be dropped into the admin user's authorized_keys file. Azure control plane exposes multiple public keys to the VM via wireserver. Select just the admin user's key(s) and return them, ignoring any other certs. @param goal_state: GoalState object. The GoalState object contains a certificate XML, which contains both the VM user's authorized pubkeys and other non-user pubkeys, which are used for MSI and protected extension handling. @param pubkey_info: List of VM user pubkey dicts that were previously obtained from provisioning data. Each pubkey dict in this list can either have the format pubkey['value'] or pubkey['fingerprint']. Each pubkey['fingerprint'] in the list is used to filter and obtain the actual pubkey value from the GoalState certificates XML. Each pubkey['value'] requires no further processing and is immediately added to the return list. @return: A list of the VM user's authorized pubkey values. Nz/Certificate XML found; parsing out public keys.)r����r����r0���r1���r�����_filter_pubkeys)r{���r����r����r�����keys_by_fingerprintr%���r%���r&���r����T��s�������

�
z"WALinuxAgentShim._get_user_pubkeys)r����r����r���c�����������������C���s|���g�}|
D�]n}d
|v�r,|d
�r,|��|d
��

�qd|v�rj|d�rj|d�}||�v�r\|��|�|��

�qvt
�d|�
�qt
�d|�
�q|S�)a8��Filter and return only the user's actual pubkeys. @param keys_by_fingerprint: pubkey fingerprint -> pubkey value dict that was obtained from GoalState Certificates XML. May contain non-user pubkeys. @param pubkey_info: List of VM user pubkeys. Pubkey values are added to the return list without further processing. Pubkey fingerprints are used to filter and obtain the actual pubkey values from keys_by_fingerprint. @return: A list of the VM user's authorized pubkey values. r����r����zIovf-env.xml specified PublicKey fingerprint %s not found in goalstate XMLzFovf-env.xml specified PublicKey with neither value nor fingerprint: %s)r����r0���rY���)r����r����r����Zpubkeyr����r%���r%���r&���r����~��s"���� 







�
�z WALinuxAgentShim._filter_pubkeys)NN)r ���r����r����rl���r}���r����r(���r����Distror����r ���r���r����r����r����r����r����r����r����r���r�����listr����r�����dictr����r%���r%���r%���r&���r�������s:���

 ��

�%

�


�!
�)
r����)r����r����r����r����c�����������������C���s4���t�|�d
�
}z|j
|
||d�W�|���
�S�|���
�0�d�S�)Nr����)r����r����r����)r����r����r����)r����r����r����r�����shimr%���r%���r&����get_metadata_from_fabric���s����


��r����zerrors.ReportableError)r����r����c�����������������C���s:���t�|�d
�
}|
�
��}z|j|d�

�W�|���
�n |���
�0�d�S�)Nr����r����)r����Zas_encoded_reportr����r����)r����r����r����r���r%���r%���r&����report_failure_to_fabric���s ����


r����c�����������������C���s(���t�d
|��t
jd�
�t�d|
�t
jd�
�d�S�)Nzdhclient output stream: %srC���zdhclient error stream: %s)rJ���r0���r1���)r:����errr%���r%���r&����dhcp_log_cb���s����

�
�r����c����������������
���@���s���e�Z
d�Zd
S�)�NonAzureDataSourceN)r ���r����r����r%���r%���r%���r&���r�������s���
r����c�������������������@���s����e�Z
d�Zd
dd�Zdddddddddd� ee�ee�ee�ee�ee�eee ��eee�edd� dd �Z ed �
dd�Zeed�d �dd��
Z deeed�dd�Zdeeeed�dd�Zdd��Zdd��Zdd��ZdS�)� OvfEnvXmlz)http://schemas.dmtf.org/ovf/environment/1z)http://schemas.microsoft.com/windowsazure)Zovf�waNF� ro����passwordrp����custom_data�disable_ssh_password_auth�public_keys�preprovisioned_vm�preprovisioned_vm_type�provision_guest_proxy_agent) ro���r
��rp���r
��r
��r
��r
��r
��r
��r���c
������� ��� ������C���s>���|
|�_�||�_
||�_||�_||�_|p$g�|�_||�_||�_| |�_d�S�r\���r

��) r{���ro���r
��rp���r
��r
��r
��r
��r
��r
��r%���r%���r&���r}������s���� 







zOvfEnvXml.__init__r~���c�����������������C���s���|�j�|
j�kS�r\���)
�__dict__)r{����otherr%���r%���r&����__eq__���s����
zOvfEnvXml.__eq__)�ovf_env_xmlr���c�������������� ���C���s|���zt��
|
�
}W�n4�t�jyB
�}
�ztj|d
�
|�W�Y�d}~n d}~0�0�|�d|�j�du�r^td�
�
t��}|� |�

�|� |�

�|S�)z�Parser for ovf-env.xml data. :raises NonAzureDataSource: if XML is not in Azure's format. :raises errors.ReportableErrorOvfParsingException: if XML is unparsable or invalid. )
� exceptionNz./wa:ProvisioningSectionz=Ignoring non-Azure ovf-env.xml: ProvisioningSection not found)r����r����r����r���Z"ReportableErrorOvfParsingExceptionr����� NAMESPACESr����r�����&_parse_linux_configuration_set_section� _parse_platform_settings_section)�clsr
��r����r9����instancer%���r%���r&���� parse_text���s����


$

�

zOvfEnvXml.parse_textr�
��)r����required� namespacec�����������������C���sp���|
��d
||f�t
j�}t|�
dkrFd|�}t�|�

�|rBt�|�
�
d�S�t|�
dkrht�d|t|�
f��
�
|d�S�)Nz./%s:%sr
����missing configuration for %rr.����*multiple configuration matches for %r (%d))�findallr����r
���lenr0���r1���r����!ReportableErrorOvfInvalidMetadata)r{����noder���r
��r
���matchesrE���r%���r%���r&����_find��s ����
�








��zOvfEnvXml._find)r���r
��� decode_base64� parse_boolc����������� ������C���s����|
��d
|�t
j�}t|�
dkrBd|�}t�|�

�|r>t�|�
�
|S�t|�
dkrdt�d|t|�
f��
�
|d�j} | d�u�rz|} |r�| d�u
r�t � d�| ����
�
} |r�t �| �
} | S�)Nz./wa:r
���r
��r.���r
��r����)r
��r����r
��r
��r0���r1���r���r
��r����rO���Z b64decoder����r4���r���Ztranslate_bool) r{���r
��r���r
��r
��r
���defaultr
��rE���r����r%���r%���r&����_parse_property��s*���� 









�� 


zOvfEnvXml._parse_propertyc�����������������C���s����|�j�|
d
dd�}|�j�|ddd�}|�j
|dddd�|�_|�j
|ddd�|�_|�j
|d dd�|�_|�j
|d dd�|�_|�j
|dddd�|�_|��|�

�d�S�) NZProvisioningSectionT�
r
��Z!LinuxProvisioningConfigurationSetZ CustomDataF)r
��r
��ZUserNameZUserPasswordZHostNameZ DisableSshPasswordAuthentication)r
��r
��)r
��r!
��r
��ro���r
��rp���r
���_parse_ssh_section)r{���r����Zprovisioning_section� config_setr%���r%���r&���r
��?��s<����

�


�



�
�
�
�



�z0OvfEnvXml._parse_linux_configuration_set_sectionc�����������������C���sb���|�j�|
d
dd�}|�j�|ddd�}|�j
|ddddd�|�_|�j
|ddd�|�_|�j
|d dddd�|�_d�S�) NZPlatformSettingsSectionTr"
��ZPlatformSettingsZPreprovisionedVmF)r
��r
��r
��ZPreprovisionedVMTypeZProvisionGuestProxyAgent)r
��r!
��r
��r
��r
��)r{���r����Zplatform_settings_sectionZplatform_settingsr%���r%���r&���r
��a��s2����

�
�




�


�




�z*OvfEnvXml._parse_platform_settings_sectionc����������� ������C���s����g�|�_�|�j
|
d
dd�}|d�u�r"d�S�|�j
|ddd�}|d�u�r>d�S�|�dtj�D�]N}|�j|ddd�}|�j|ddd�}|�j|dd dd �}|||d�}|�j��|�

�qLd�S�)NZSSHFr"
��Z PublicKeysz./wa:PublicKeyZFingerprint�PathZValuer����)r
��r
��)r����r`���r����)r
��r
��r
��r����r
��r!
��r����) r{���r$
��Zssh_sectionZpublic_keys_sectionZ public_keyr����r`���r����r����r%���r%���r&���r#
��}��s0����



�

�
�

�

�zOvfEnvXml._parse_ssh_section)
r�
��)FFN)r ���r����r����r
��r ���rl���r����r����r���r����r}���r
���classmethodr
��r
��r!
��r
��r
��r#
��r%���r%���r%���r&���r�������sZ���
�







�








�
��

��
�
��


�$"r����)NN)JrO���rT���Zloggingr]���r����rs���rP���� contextlibr���r���r���r���r����typingr���r���r ���r ���r���Z xml.etreer���r����Zxml.sax.saxutilsr ���Z cloudinitr���r���r���r���r���r���Zcloudinit.reportingr���Zcloudinit.sources.azurer���Z getLoggerr ���r0���ZDEFAULT_WIRESERVER_ENDPOINTr6���r@���rI���rS���r���r!���r���r(���r=���rB���rl���r5���rJ���rV���r[���rb���r����r�����intr����rn���rx���ry���rW���r����r����r����r����r����r����r����r����r����r����r����r%���r%���r%���r&����<module>���s����













 






� 
U
�

�



�




�7
�"?���f�
��



�