o K&bH @spddlZddlmZmZmZmZmZddlmZm Z m Z m Z m Z m Z ddlmZddlmZddlmZdZdZd Zd Zd Zd Zd Ze ZGddde jZ d)deeefdeeefde de ddf ddZ!  d*deeefdeeefde de deee ff ddZ"de j#de j$fddZ% d+d eefd!d"Z&d#edeefd$d%Z'd#ed&edeeeffd'd(Z(dS),N)AnyDictListOptionalTuple)clouds event_logger exceptionsmessages serviceclientutil)UAConfig)ATTACH_FAIL_DATE_FORMAT)UserFacingStatusz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z /v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z /v1/contractc @seZdZdZejZd ddZdee e ffddZ de dee e ffd d Z d e jfd d Z d de de dee dee e ffddZ d de de de defddZddZ  d!de de de dedef ddZddZd dee fddZdS)"UAContractClientZ contract_urlNcCs~|}|dd|i||}|jt||d\}}|jd|tj | di d| d}|jd||S)a}Requests machine attach to the provided machine_id. @param contract_token: Token string providing authentication to ContractBearer service endpoint. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing the machine-token. Authorization Bearer {})dataheaders machine-tokenmachineTokenInfo machineId machine-id) rupdateformat_get_platform_data request_urlAPI_V1_CONTEXT_MACHINE_TOKENcfg write_cacher get_machine_id cache_clearget)selfcontract_token machine_idrr machine_token_headersr(3/usr/lib/python3/dist-packages/uaclient/contract.pyrequest_contract_machine_attach$s      z0UAContractClient.request_contract_machine_attachreturncCs6t}|d|d|dd}|jt|d\}}|S)z=Requests list of entitlements available to this machine type.archserieskernel) architecturer-r.) query_params)r get_platform_inforAPI_V1_RESOURCES)r#platformr0Zresource_responserr(r(r)request_resources>s z"UAContractClient.request_resourcesr$cCs2|}|dd|i|jt|d\}}|S)Nrrr)rrrrAPI_V1_CONTRACT_INFORMATION)r#r$rZ response_dataZ_response_headersr(r(r)request_contract_informationKs  z-UAContractClient.request_contract_informationinstancecCs0|jtj|jd|jd\}}|jd||S)zRequests contract token for auto-attach images for Pro clouds. @param instance: AutoAttachCloudInstance for the cloud. @return: Dict of the JSON response containing the contract-token. ) cloud_type)rzcontract-token)rAPI_V1_AUTO_ATTACH_CLOUD_TOKENrr9Z identity_docrr)r#r8responser'r(r(r)"request_auto_attach_contract_tokenUs  z3UAContractClient.request_auto_attach_contract_tokenr&resourcer%cCsz|st|j}|}|dd|itj||d}|j||d\}}|dr1|d|d<|j d|||S)aRequests machine access context for a given resource @param machine_token: The authentication token needed to talk to this contract service endpoint. @param resource: Entitlement name. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @return: Dict of the JSON response containing entitlement accessInfo. rr)r=machiner5expireszmachine-access-{}) r r rrrr#API_V1_TMPL_RESOURCE_MACHINE_ACCESSrr"r)r#r&r=r%rurlZresource_accessr(r(r)request_resource_machine_accessgs    z0UAContractClient.request_resource_machine_access contract_idcCs|j|||ddS)z6Update existing machine-token for an attached machine.F)r&rCr%detach)_request_machine_token_update)r#r&rCr%r(r(r)request_machine_token_updates z-UAContractClient.request_machine_token_updatec Cs|jj}|jjd}t|j}||}tj||d}| }| dd|i|j |||d\}}|rJ|j d}||d<|j d|dSdS) zReport current activity token and enabled services. This will report to the contracts backend all the current enabled services in the system. machineTokenZcontractr>rr)rrr activityInfoN)rrCr&r"r r _get_activity_infoAPI_V1_MACHINE_ACTIVITYrrrrZ read_cacher) r#rCr&r%Z request_datarArr;_r(r(r)report_machine_activitys   z(UAContractClient.report_machine_activityFrDc Cs|}|dd|i||}||d<tj||dd}d|i}|r-d|d<nd |d<||d <|j|fi|\} }|d rK|d | d <|sm|j d | t j | d id|d}|j d|| S)aBRequest machine token refresh from contract server. @param machine_token: The machine token needed to talk to this contract service endpoint. @param contract_id: Unique contract id provided by contract service. @param machine_id: Optional unique system machine id. When absent, contents of /etc/machine-id will be used. @param detach: Boolean set True if detaching this machine from the active contract. Default is False. @return: Dict of the JSON response containing refreshed machine-token rrrIrrHrZDELETEmethodZPOSTrr?rrr) rrrrrJ*API_V1_TMPL_CONTEXT_MACHINE_TOKEN_RESOURCErr"rrr r r!) r#r&rCr%rDrrrAkwargsr;r(r(r)rEs.        z.UAContractClient._request_machine_token_updatecCs6|st|j}t}|}|d}|||dS)zs  z7UAContractClient._get_activity_info..)Z activityIDZ activityToken resources)uaclient.entitlementsrTr r r activity_idZactivity_token)r#r%rTr[Zenabled_servicesr(rWr)rJs    z#UAContractClient._get_activity_info)NNF)__name__ __module__ __qualname__Zcfg_url_base_attrr ContractAPIErrorZ api_error_clsr*rstrrr4r7rZAutoAttachCloudInstancer<rrBrFrMboolrErrJr(r(r(r)rsb           ' , rTpast_entitlementsnew_entitlements allow_enableseries_overridesr+c CsTd}d}t|D]\}}zt||i|||d\}} Wnetjy(Yq tjyVd}t|t t dj ||dWdn1sOwYYq tyd}t|t t dj ||dWdn1s|wYYq w| r|rt|q |rtjtjjtjjd|rtjtjjtjjddS) aIterate over all entitlements in new_entitlement and apply any delta found according to past_entitlements. :param past_entitlements: dict containing the last valid information regarding service entitlements. :param new_entitlements: dict containing the current information regarding service entitlements. :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :param series_overrides: Boolean set True if series overrides should be applied to the new_access dict. F)rerfTz4Failed to process contract delta for {name}: {delta})rUZdeltaNz>Unexpected error processing contract delta for {name}: {delta}msgZmsg_code)sorteditemsprocess_entitlement_deltar"r EntitlementNotFoundErrorUserFacingErroreventZservice_failedr disable_log_to_consoleloggingerrorr Exception exceptionZservice_processedr ZUNEXPECTED_ERRORrhrUZATTACH_FAILURE_DEFAULT_SERVICES) rcrdrerfZ delta_errorZunexpected_errorrUZnew_entitlementdeltasZservice_enabledr(r(r)process_entitlements_deltasb       ruF orig_access new_accessc Csddlm}|r t|t||}d}|rg|did}|s+|did}|s>tjj||d}t j |j |j dz||} Wnt j yY} ztd|| d } ~ ww| |d } | j|||d }||fS) a Process a entitlement access dictionary deltas if they exist. :param orig_access: Dict with original entitlement access details before contract refresh deltas :param new_access: Dict with updated entitlement access details after contract refresh :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :param series_overrides: Boolean set True if series overrides should be applied to the new_access dict. :raise UserFacingError: on failure to process deltas. :return: A tuple containing a dict of processed deltas and a boolean indicating if the service was fully processed r)entitlement_factoryF entitlementtype)Zorignewrgz3Skipping entitlement deltas for "%s". No such classN)Z assume_yes)re)rZrxr Zapply_series_overridesZget_dict_deltasr"r Z$INVALID_CONTRACT_DELTAS_SERVICE_TYPErr rmrhrUrlrpdebugZprocess_contract_deltas) rvrwrerfrxrtretrUrhZent_clsexcryr(r(r)rkEs8     rkecCstj}t|drht|jdkrhd|jdvrh|jdd}|d}|d}d}|dkr;|dt}tjj||d}n|d krO|dt}tj j||d}n |d krZtj j|d }|rhtj j|j d }|j |_ |S) N api_errorsrinfoZ contractIdreasonzno-longer-effectivetime)rCdateznot-effective-yetznever-effective)rC)r)r ZATTACH_EXPIRED_TOKENhasattrlenrstrftimerZATTACH_FORBIDDEN_EXPIREDrZATTACH_FORBIDDEN_NOT_YETZATTACH_FORBIDDEN_NEVERZATTACH_FORBIDDENrhrU)rrhrrCrZ reason_msgrr(r(r) _create_attach_forbidden_messagezs:  rr$c Cs8|j}|j}|r|rtj}tj|j|jdt|}|rz|j |dWnntj y}zNt |tj rUt |drS|jdkrAt|jdkrSt|}tj|j|jd|ttt|Wdn1skwYtjtjjtjjdd}~ww|d}|dd d } |j|| d t||j|dS) afRequest contract refresh from ua-contracts service. Compare original token to new token and react to entitlement deltas. :param cfg: Instance of UAConfig for this machine. :param contract_token: String contraining an optional contract token. :param allow_enable: Boolean set True if allowed to perform the enable operation. When False, a message will be logged to inform the user about the recommended enabled service. :raise UserFacingError: on failure to update contract or error processing contract deltas :raise UrlError: On failure to contact the server rg)r$codeiiNrGrZ contractInfoid)r&rC)r&Z entitlementsr Z-UNEXPECTED_CONTRACT_TOKEN_ON_ATTACHED_MACHINEr rmrhrUrr*ZUrlError isinstancer`rrZAttachInvalidTokenErrorrr rorprsraZCONNECTIVITY_ERRORrFru) rr$reZ orig_tokenZorig_entitlementsrhZcontract_clientrr&rCr(r(r)request_updated_contractsN      rrcCst|}|}|dgS)zDQuery available resources from the contract server for this machine.rY)rr4r")rclientrYr(r(r)get_available_resourcess rtokencCst|}||S)z/Query contract information for a specific token)rr7)rrrr(r(r)get_contract_informations r)T)FTr\))rptypingrrrrrZuaclientrrr r r r Zuaclient.configr Zuaclient.defaultsrZuaclient.statusrrrOr2r@r:rKr6Zget_event_loggerrnZUAServiceClientrrarbrurkr`Z NamedMessagerrrrr(r(r(r)sl    k   C    5 % 9"