shell bypass 403
a
����'�Dg��������������������� ���@���sr��d�dl�Z�d�dlZd�dlZd�dlZd�dlZd�dlZd�dlZd�dlmZ�d�dl m Z m
Z
�d�dl
m
Z
m
Z
�d�dl
mZmZmZmZmZ�d�dlmZ�d�dlmZ�d�dlmZmZmZm
Z
m
Z
m
Z
�d�d l m Z �d�d
l!m"Z"�e�#e$�Z%d
Z&d
Z'd
Z(dZ)dZ*e j+dddd�Z,ed�Z-ede-f�ede-f�d�dd�Z.e.dd���Z/e.dd
���Z0dd
�e1e j2d
�d d �Z3d!d"��Z4e.d#d$���Z5ed%d&���Z6e.dd'd(d)�e1e7ee8�e9e9e
j:d*�d+d,��Z;e1e1e1e8d-�d.d/�Z<G�d0d1��d1�Z=G�d2d3��d3e>�Z?G�d4d5��d5�Z@G�d6d7��d7�ZAG�d8d9��d9�ZBG�d:d;��d;�ZCe.dIe1ejDeee1��ee1�d<�d=d>��ZEe.e1d?d@�dAdB��ZFdCdD��ZGG�dEdF��dFe>�ZHG�dGdH��dH�ZIdS�)J�����N)�contextmanager)�datetime�timezone)�sleep�time)�Callable�List�Optional�TypeVar�Union)�
ElementTree)�escape)�distros�subp�
temp_utils�
url_helper�util�version)�events)�errorsz
168.63.129.16�boot-telemetryz
system-infoZ
diagnostic�
compressedzazure-dsz initialize reporter for azure dsT)�name�
descriptionZreporting_enabled�T.)�func�returnc��������������������s�����fdd�}|S�)Nc������������������ ���sF���t�j��j��jtd��
���|�i�|��W��d�����S�1�s80����Y��d�S�)N�r���r����parent)r����ReportEventStack�__name__�azure_ds_reporter)�args�kwargs�r������C/usr/lib/python3.9/site-packages/cloudinit/sources/helpers/azure.py�impl*���s
�����z)azure_ds_telemetry_reporter.<locals>.implr%���)r���r'���r%���r$���r&����azure_ds_telemetry_reporter)���s����
r(���c���������������
���C���s8��t����std��t�d��ztt���tt�����}�W�n.�t yb�}�ztd�|�W�Y�d}~n
d}~0�0�zTt
j
g�d�dd�\}}d}|r�d|v�r�|�
d�d �}|s�td
��|�t|�d
��}W�nf�t
j
y��}�ztd
|��|�W�Y�d}~n<d}~0��t �y
�}�ztd
|��|�W�Y�d}~n
d}~0�0�zZt
j
g�d�dd�\}}d}|�rZd|v��rZ|�
d�d �}|�shtd��|�t|�d
��}W�nh�t
j
�y��}�ztd|��|�W�Y�d}~n<d}~0��t �y��}�ztd|��|�W�Y�d}~n
d}~0�0�t
�tddt�|�tj����t�|tj����t�|tj����f�t
j�}t
�|��|S�)z[Report timestamps related to kernel initialization and systemd
activation of cloud-initz1distro not using systemd, skipping boot telemetryzCollecting boot telemetryz*Failed to determine kernel start timestampN)� systemctl�show�-pZUserspaceTimestampMonotonicT)�capture�=����z8Failed to parse UserspaceTimestampMonotonic from systemdi@B�z-Failed to get UserspaceTimestampMonotonic: %sz<Failed to parse UserspaceTimestampMonotonic from systemd: %s)r)���r*���zcloud-init-localr+���Z
InactiveExitTimestampMonotonicz;Failed to parse InactiveExitTimestampMonotonic from systemdz0Failed to get InactiveExitTimestampMonotonic: %sz?Failed to parse InactiveExitTimestampMonotonic from systemd: %sr���z5kernel_start=%s user_start=%s cloudinit_activation=%s)r���Z
uses_systemd�
RuntimeError�LOG�debug�floatr���r���Zuptime�
ValueErrorr����splitZProcessExecutionErrorr����ReportingEvent�BOOT_EVENT_TYPEr���Z
fromtimestampr���ZutcZ isoformat�DEFAULT_EVENT_ORIGIN�
report_event)Z
kernel_start�e�out�_ZtsmZ
user_startZcloudinit_activation�evtr%���r%���r&����get_boot_telemetry5���s�����
�
������
����������
r=���c���������������
���C���sb���t����}�t�tddt���|�d�|�d�|�d�d�|�d�d�|�d�d�|�d �f�tj�}t�|��|S�)
z%Collect and report system informationzsystem informationztcloudinit_version=%s, kernel_version=%s, variant=%s, distro_name=%s, distro_version=%s, flavor=%s, python_version=%s�releaseZvariantZdistr���r.�������Zpython) r���Z
system_infor���r5����SYSTEMINFO_EVENT_TYPEr���Zversion_stringr7���r8���)�infor<���r%���r%���r&����get_system_info����s$����
��
�
rB�����
logger_func)�msgr
���c����������������C���s6���t�|�r||���t�td|�tj�}tj|dhd��|S�)zReport a diagnostic eventzdiagnostic message�log�Zexcluded_handler_types)�callabler���r5����DIAGNOSTIC_EVENT_TYPEr7���r8���)rE���rD���r<���r%���r%���r&����report_diagnostic_event����s�����rJ���c�����������������C���sN���t��t�|��}d|�d�d�}t�t|�t� |�tj
�}tj
|h�d�d��|S�)zReport a compressed eventzgz+b64�ascii)�encoding�data>����printZwebhookrF���rG���)
�base64Z
encodebytes�zlib�compress�decoder���r5����COMPRESSED_EVENT_TYPE�json�dumpsr7���r8���)Z
event_nameZ
event_contentZcompressed_dataZ
event_datar<���r%���r%���r&����report_compressed_event����s
�������rV���c���������������
���C���sn���t��d��z$tjdgddd�\}�}td|���W�n:�tyh�}�z"tdt|��t�jd��W�Y�d}~n
d}~0�0�dS�) zReport dmesg to KVP.zDumping dmesg log to KVPZdmesgFT)rR���r,���z$Exception when dumping dmesg log: %srC���N)r0���r1���r���rV���� ExceptionrJ����repr�warning)r:���r;����exr%���r%���r&����report_dmesg_to_kvp����s����
�r[���c�������������� ���c���s@���t����}t��t�j�|����zd�V��W�t��|��n
t��|��0�d�S��N)�os�getcwd�chdir�path�
expanduser)ZnewdirZprevdirr%���r%���r&����cd����s
����rb�����������)rM����
retry_sleep�timeout_minutes)�url�headersrM���re���rf���r
���c���������� ���
���C���s����|d�t����}d}d}|s�|d7�}ztj|�||dd�}W�q�W�nb�tjy��}�zHtd|�|||j|jf�tjd��t���|�|ks�d t |�v�r���W�Y�d}~n
d}~0�0�t
|��qtd
|�|f�tjd��|S�)
z�Readurl wrapper for querying wireserver.
:param retry_sleep: Time to sleep before retrying.
:param timeout_minutes: Retry up to specified number of minutes.
:raises UrlError: on error fetching data.
�<���r���Nr.���)rc���ri���)rh���rM����timeoutzdFailed HTTP request with Azure endpoint %s during attempt %d with exception: %s (code=%r headers=%r)rC���zNetwork is unreachablez@Successful HTTP request with Azure endpoint %s after %d attempts)
r���r���ZreadurlZUrlErrorrJ����coderh���r0���r1����strr���) rg���rh���rM���re���rf���rj���Zattempt�responser9���r%���r%���r&����http_with_retries����s<�������
�
�
��rn���)�username�hostname�
disableSshPwdr
���c�����������������C���s$���t��d�}|j|�||d�}|�d�S�)Na.�� <ns0:Environment xmlns:ns0="http://schemas.dmtf.org/ovf/environment/1"
xmlns:ns1="http://schemas.microsoft.com/windowsazure"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns1:ProvisioningSection>
<ns1:Version>1.0</ns1:Version>
<ns1:LinuxProvisioningConfigurationSet>
<ns1:ConfigurationSetType>LinuxProvisioningConfiguration
</ns1:ConfigurationSetType>
<ns1:UserName>{username}</ns1:UserName>
<ns1:DisableSshPasswordAuthentication>{disableSshPwd}
</ns1:DisableSshPasswordAuthentication>
<ns1:HostName>{hostname}</ns1:HostName>
</ns1:LinuxProvisioningConfigurationSet>
</ns1:ProvisioningSection>
<ns1:PlatformSettingsSection>
<ns1:Version>1.0</ns1:Version>
<ns1:PlatformSettings>
<ns1:ProvisionGuestAgent>true</ns1:ProvisionGuestAgent>
</ns1:PlatformSettings>
</ns1:PlatformSettingsSection>
</ns0:Environment>
)ro���rp���rq����utf-8)�textwrap�dedent�format�encode)ro���rp���rq���ZOVF_ENV_TEMPLATE�retr%���r%���r&����build_minimal_ovf
��s������rx���c�������������������@���sH���e�Zd�Zddd�Zdd��Zdejd�dd �Zdee �ejd
�d
d
�Z
d
S�)�AzureEndpointHttpClientZ
WALinuxAgentz
2012-11-30)zx-ms-agent-namez
x-ms-versionc�����������������C���s���d|d�|�_�d�S�)NZ
DES_EDE3_CBC)zx-ms-cipher-namez!x-ms-guest-agent-public-x509-cert)�extra_secure_headers)�self�
certificater%���r%���r&����__init__D��s�����z AzureEndpointHttpClient.__init__F�r
���c�����������������C���s,���|�j�}|r |�j����}|�|�j��t||d�S�)N)rh���)rh����copy�updaterz���rn���)r{���rg����securerh���r%���r%���r&����getJ��s
����
zAzureEndpointHttpClient.getN)rM���r
���c�����������������C���s0���|�j�}|d�ur"|�j����}|�|��t|||d�S�)N)rM���rh���)rh���r���r����rn���)r{���rg���rM����
extra_headersrh���r%���r%���r&����postQ��s
����
z
AzureEndpointHttpClient.post)F)NN)
r ����
__module__�
__qualname__rh���r}���r����
UrlResponser����r ����bytesr����r%���r%���r%���r&���ry���>��s�������ry���c�������������������@���s���e�Zd�ZdZdS�)�
InvalidGoalStateXMLExceptionz9Raised when GoalState XML is invalid or has missing data.N)r ���r����r�����__doc__r%���r%���r%���r&���r����[��s���r����c�������������������@���s2���e�Zd�Zdeeef�eedd�dd�Zdd��Z dS�) � GoalStateTN)�
unparsed_xml�azure_endpoint_client�need_certificater
���c��������������
���C���s*��||�_�zt�|�|�_W�n:�tjyP�}�z td|�tjd����W�Y�d}~n
d}~0�0�|��d�|�_ |��d�|�_
|��d�|�_
dD�]0}t
|�|�du�rzd|�}t|tjd��t
|��qzd|�_|��d �}|du�r&|�r&tjd
d
td
��8�|�j�j|d
d�j|�_|�jdu��rt
d��W�d����n1��s
0����Y��dS�)ah��Parses a GoalState XML string and returns a GoalState object.
@param unparsed_xml: string representing a GoalState XML.
@param azure_endpoint_client: instance of AzureEndpointHttpClient.
@param need_certificate: switch to know if certificates is needed.
@return: GoalState object representing the GoalState XML string.
z!Failed to parse GoalState XML: %srC���Nz./Container/ContainerIdz4./Container/RoleInstanceList/RoleInstance/InstanceIdz
./Incarnation)�
container_id�
instance_id�
incarnationzMissing %s in GoalState XMLzD./Container/RoleInstanceList/RoleInstance/Configuration/Certificateszget-certificates-xmlzget certificates xmlr
���T)r����z/Azure endpoint returned empty certificates xml.)r�����ET�
fromstring�root�
ParseErrorrJ���r0���rY����_text_from_xpathr����r����r�����getattrr�����certificates_xmlr���r ���r!���r�����contents)r{���r����r����r����r9����attrrE���rg���r%���r%���r&���r}���`��sH����
�
�
���
�zGoalState.__init__c�����������������C���s
���|�j��|�}|d�ur|jS�d�S�r\���)r�����find�text)r{���Zxpath�elementr%���r%���r&���r�������s����
zGoalState._text_from_xpath)T)
r ���r����r����r
���rl���r����ry����boolr}���r����r%���r%���r%���r&���r����_��s�����
�
7r����c�������������������@���s����e�Zd�Zddd�Zdd��Zdd��Zedd ���Zejd
d ���Ze d
d
���Z
e
e d
d����Z
e dd���Z
e dd���Ze dd���Ze dd���ZdS�)�OpenSSLManagerzTransportPrivate.pemzTransportCert.pem)�
private_keyr|���c�����������������C���s
���t����|�_d�|�_|�����d�S�r\���)r���Zmkdtemp�tmpdir�
_certificate�generate_certificate�r{���r%���r%���r&���r}������s����
zOpenSSLManager.__init__c�����������������C���s���t��|�j��d�S�r\���)r���Zdel_dirr����r����r%���r%���r&����clean_up���s����zOpenSSLManager.clean_upc�����������������C���s���|�j�S�r\����r����r����r%���r%���r&���r|������s����zOpenSSLManager.certificatec�����������������C���s
���||�_�d�S�r\���r����)r{����valuer%���r%���r&���r|������s����c�����������������C���s����t��d��|�jd�ur"t��d��d�S�t|�j��z�t�ddddddd d
d
d
d
|�jd�d|�jd�g��d}t�|�jd��� ��D�]}d|vrx||�
��7�}qx||�_W�d�����n1�s�0����Y��t��d��d�S�)Nz7Generating certificate for communication with fabric...z
Certificate already generated.�opensslZreqz-x509z-nodesz-subjz/CN=LinuxTransportz-daysZ32768z-newkeyzrsa:2048z-keyoutr����z-outr|�����Z
CERTIFICATEzNew certificate generated.)
r0���r1���r|���rb���r����r����certificate_namesr���Zload_text_file�
splitlines�rstrip)r{���r|����liner%���r%���r&���r�������s<����
���
$z#OpenSSLManager.generate_certificatec�����������������C���s"���ddd|�g}t�j�||d�\}}|S�)Nr����Zx509z-noout�rM���)r���)�actionZcert�cmd�resultr;���r%���r%���r&����_run_x509_action���s����
z OpenSSLManager._run_x509_actionc�����������������C���s*���|���d|�}g�d�}tj||d�\}}|S�)Nz-pubkey)z
ssh-keygenz-iz-mZPKCS8z-fz
/dev/stdinr����)r����r���)r{���r|���Zpub_keyZ
keygen_cmd�ssh_keyr;���r%���r%���r&����_get_ssh_key_from_cert���s����
z%OpenSSLManager._get_ssh_key_from_certc�����������������C���s6���|���d|�}|�d�}||d�d���d�}d�|�S�)a��openssl x509 formats fingerprints as so:
'SHA1 Fingerprint=07:3E:19:D1:4D:1C:79:92:24:C6:A0:FD:8D:DA:\
B6:A8:BF:27:D4:73\n'
Azure control plane passes that fingerprint as so:
'073E19D14D1C799224C6A0FD8DDAB6A8BF27D473'
z
-fingerprintr-���r.�������:r����)r����r����r4����join)r{���r|���Zraw_fp�eq�octetsr%���r%���r&����_get_fingerprint_from_cert���s����
z)OpenSSLManager._get_fingerprint_from_certc�����������������C���s����t��|��d�}|j}ddddd|�d�g}t|�j��8�tjdjf�i�|�j ��d d
�
|�d
�\}}W�d
����n1�st0����Y��|S�)
z�Decrypt the certificates XML document using the our private key;
return the list of certs and private keys contained in the doc.
z.//Datas���MIME-Version: 1.0s<���Content-Disposition: attachment; filename="Certificates.p7m"s?���Content-Type: application/x-pkcs7-mime; name="Certificates.p7m"s!���Content-Transfer-Encoding: base64�����rr���zuopenssl cms -decrypt -in /dev/stdin -inkey {private_key} -recip {certificate} | openssl pkcs12 -nodes -password pass:T����
)�shellrM���N)
r����r����r����r����rv���rb���r����r���ru���r����r����)r{���r�����tagZcertificates_content�linesr:���r;���r%���r%���r&����_decrypt_certs_from_xml���s$�����
��(z&OpenSSLManager._decrypt_certs_from_xmlc����������� ������C���sv���|���|�}g�}i�}|���D�]V}|�|��t�d|�r:g�}qt�d|�rd�|�}|��|�}|��|�}|||<�g�}q|S�)z�Given the Certificates XML document, return a dictionary of
fingerprints and associated SSH keys derived from the certs.z[-]+END .*?KEY[-]+$z[-]+END .*?CERTIFICATE[-]+$�
)r����r�����append�re�matchr����r����r����) r{���r����r:����current�keysr����r|���r�����
fingerprintr%���r%���r&����parse_certificates
��s
����
z!OpenSSLManager.parse_certificatesN)r ���r����r����r����r}���r�����propertyr|����setterr(���r�����
staticmethodr����r����r����r����r����r%���r%���r%���r&���r�������s,����
!
r����c�������������������@���s����e�Zd�Ze�d�Ze�d�ZdZdZdZ dZ
e
e
e
dd�d d
�Zedd
�d
d
��Zee
dd�dd��Zde
e
e
e
ed�dd�Zeedd�dd��ZdS�)�GoalStateHealthReportera��� <?xml version="1.0" encoding="utf-8"?>
<Health xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GoalStateIncarnation>{incarnation}</GoalStateIncarnation>
<Container>
<ContainerId>{container_id}</ContainerId>
<RoleInstanceList>
<Role>
<InstanceId>{instance_id}</InstanceId>
<Health>
<State>{health_status}</State>
{health_detail_subsection}
</Health>
</Role>
</RoleInstanceList>
</Container>
</Health>
z� <Details>
<SubStatus>{health_substatus}</SubStatus>
<Description>{health_description}</Description>
</Details>
ZReadyZNotReadyZProvisioningFailedi���N)�
goal_stater�����endpointr
���c�����������������C���s���||�_�||�_||�_dS�)a?��Creates instance that will report provisioning status to an endpoint
@param goal_state: An instance of class GoalState that contains
goal state info such as incarnation, container id, and instance id.
These 3 values are needed when reporting the provisioning status
to Azure
@param azure_endpoint_client: Instance of class AzureEndpointHttpClient
@param endpoint: Endpoint (string) where the provisioning status report
will be sent to
@return: Instance of class GoalStateHealthReporter
N)�
_goal_state�_azure_endpoint_client� _endpoint)r{���r����r����r����r%���r%���r&���r}���F��s����z GoalStateHealthReporter.__init__r~���c��������������
���C���s����|�j�|�jj|�jj|�jj|�jd�}t�d��z|�j|d��W�n8�t yr�}�z t
d|�tj
d����W�Y�d�}~n
d�}~0�0�t�
d��d�S�)N)r����r����r�����statusz Reporting ready to Azure fabric.��documentz#exception while reporting ready: %srC���z Reported ready to Azure fabric.)
�
build_reportr����r����r����r�����PROVISIONING_SUCCESS_STATUSr0���r1����_post_health_reportrW���rJ����errorrA���)r{���r����r9���r%���r%���r&����send_ready_signal[��s �����
�z)GoalStateHealthReporter.send_ready_signal�r���r
���c��������������
���C���s����|�j�|�jj|�jj|�jj|�j|�j|d�}z|�j|d��W�n<�tyr�}�z$d|�}t |t
j
d����W�Y�d�}~n
d�}~0�0�t
�
d��d�S�)N)r����r����r����r����� substatusr���r����z%exception while reporting failure: %srC���z!Reported failure to Azure fabric.)
r����r����r����r����r�����
PROVISIONING_NOT_READY_STATUS�
PROVISIONING_FAILURE_SUBSTATUSr����rW���rJ���r0���r����rY���)r{���r���r����r9���rE���r%���r%���r&����send_failure_signalo��s
�����z+GoalStateHealthReporter.send_failure_signal)r����r����r����r����r
���c����������� ������C���sb���d}|d�ur.|�j�jt|�t|d�|�j���d�}|�jjtt|��t|�t|�t|�|d�}|�d�S�)Nr����)Zhealth_substatusZhealth_description)r����r����r����Z
health_statusZhealth_detail_subsectionrr���)�%HEALTH_DETAIL_SUBSECTION_XML_TEMPLATEru���r
����"HEALTH_REPORT_DESCRIPTION_TRIM_LEN�HEALTH_REPORT_XML_TEMPLATErl���rv���) r{���r����r����r����r����r����r���Z
health_detailZ
health_reportr%���r%���r&���r�������s ����
��
�z$GoalStateHealthReporter.build_report)r����r
���c�����������������C���sB���t�d��t�d��d�|�j�}|�jj||ddid��t�d��d�S�)Nr���z&Sending health report to Azure fabric.z
http://{}/machine?comp=healthz
Content-Typeztext/xml; charset=utf-8)rM���r����z/Successfully sent health report to Azure fabric)r���r0���r1���ru���r����r����r����)r{���r����rg���r%���r%���r&���r�������s����
�z+GoalStateHealthReporter._post_health_report)NN)r ���r����r����rs���rt���r����r����r����r����r����r����r����ry���rl���r}���r(���r����r����r����r����r����r%���r%���r%���r&���r���� ��s<����� �
����
r����c�������������������@���s����e�Zd�Zed�dd�Zdd��Zeejdd�dd ��Z ed
eje
e
e��d�d
d
��Z
eedd
�d
d��Z
eeed�dd��Zeed�dd��Zeeeef�eed�dd��Zeeeed�dd��Zeeeed�d
d
��ZdS�) �WALinuxAgentShim�r����c�����������������C���s���||�_�d�|�_d�|�_d�S�r\���)r�����openssl_managerr����)r{���r����r%���r%���r&���r}������s����zWALinuxAgentShim.__init__c�����������������C���s���|�j�d�ur|�j�����d�S�r\���)r����r����r����r%���r%���r&���r�������s����
zWALinuxAgentShim.clean_upN)�distror
���c��������������
���C���sT���t��d��z|�|��W�n6�tyN�}�z
td|�t�jd��W�Y�d�}~n
d�}~0�0�d�S�)Nz
Ejecting the provisioning isoz(Failed ejecting the provisioning iso: %srC���)r0���r1���Z
eject_mediarW���rJ���r����)r{����iso_devr����r9���r%���r%���r&���� eject_iso���s����
�zWALinuxAgentShim.eject_isoc�����������������C���s����d}|�j�du�r&|dur&t��|�_�|�j�j}|�jdu�r:t|�|�_|�j|dud�}d}|durb|��||�}t||�j|�j�}|dur�|�j ||d��|�
���|S�)a���Gets the VM's GoalState from Azure, uses the GoalState information
to report ready/send the ready signal/provisioning complete signal to
Azure, and then uses pubkey_info to filter and obtain the user's
pubkeys from the GoalState.
@param pubkey_info: List of pubkey values and fingerprints which are
used to filter and obtain the user's pubkey values from the
GoalState.
@return: The list of user's authorized pubkey values.
N�r����)r����)
r����r����r|���r����ry����
_fetch_goal_state_from_azure�_get_user_pubkeysr����r����r����r����)r{���r�����
pubkey_infor����Zhttp_client_certificater�����ssh_keys�health_reporterr%���r%���r&����"register_with_azure_and_fetch_data���s*����
��
�z3WALinuxAgentShim.register_with_azure_and_fetch_datar����c�����������������C���s@���|�j�du�rtd�|�_�|�jdd�}t||�j�|�j�}|j|d��dS�)z�Gets the VM's GoalState from Azure, uses the GoalState information
to report failure/send provisioning failure signal to Azure.
@param: user visible error description of provisioning failure.
NFr�����r���)r����ry���r����r����r����r����)r{���r���r����r����r%���r%���r&����®ister_with_azure_and_report_failure���s����
�z7WALinuxAgentShim.register_with_azure_and_report_failure)r����r
���c�����������������C���s���|�����}|��||�S�)a���Fetches the GoalState XML from the Azure endpoint, parses the XML,
and returns a GoalState object.
@param need_certificate: switch to know if certificates is needed.
@return: GoalState object representing the GoalState XML
)�"_get_raw_goal_state_xml_from_azure�_parse_raw_goal_state_xml)r{���r�����unparsed_goal_state_xmlr%���r%���r&���r������s����
�z-WALinuxAgentShim._fetch_goal_state_from_azurer~���c��������������
���C���s����t��d��d�|�j�}z@tjddtd��
�|�j�|�}W�d����n1�sJ0����Y��W�n8�t y��}�z t
d|�t�j
d����W�Y�d}~n
d}~0�0�t��
d ��|j
S�)
z�Fetches the GoalState XML from the Azure endpoint and returns
the XML as a string.
@return: GoalState XML string
zRegistering with Azure...z!http://{}/machine/?comp=goalstatezgoalstate-retrievalzretrieve goalstater
���Nz9failed to register with Azure and fetch GoalState XML: %srC���z#Successfully fetched GoalState XML.)r0���rA���ru���r����r���r ���r!���r����r����rW���rJ���rY���r1���r����)r{���rg���rm���r9���r%���r%���r&���r������s&����
�.��
z3WALinuxAgentShim._get_raw_goal_state_xml_from_azure)r����r����r
���c��������������
���C���s����zt�||�j|�}W�n8�tyJ�}�z td|�tjd����W�Y�d}~n
d}~0�0�d�d|j�d|j�d|j �g�}t|tj
d��|S�)a��Parses a GoalState XML string and returns a GoalState object.
@param unparsed_goal_state_xml: GoalState XML string
@param need_certificate: switch to know if certificates is needed.
@return: GoalState object representing the GoalState XML
z"Error processing GoalState XML: %srC���Nz, z
GoalState XML container id: %sz
GoalState XML instance id: %sz
GoalState XML incarnation: %s)
r����r����rW���rJ���r0���rY���r����r����r����r����r1���)r{���r����r����r����r9���rE���r%���r%���r&���r����2��s(����
����z*WALinuxAgentShim._parse_raw_goal_state_xml)r����r����r
���c�����������������C���sH���g�}|j�durD|durD|�jdurDt�d��|�j�|j��}|��||�}|S�)a���Gets and filters the VM admin user's authorized pubkeys.
The admin user in this case is the username specified as "admin"
when deploying VMs on Azure.
See https://docs.microsoft.com/en-us/cli/azure/vm#az-vm-create.
cloud-init expects a straightforward array of keys to be dropped
into the admin user's authorized_keys file. Azure control plane exposes
multiple public keys to the VM via wireserver. Select just the
admin user's key(s) and return them, ignoring any other certs.
@param goal_state: GoalState object. The GoalState object contains
a certificate XML, which contains both the VM user's authorized
pubkeys and other non-user pubkeys, which are used for
MSI and protected extension handling.
@param pubkey_info: List of VM user pubkey dicts that were previously
obtained from provisioning data.
Each pubkey dict in this list can either have the format
pubkey['value'] or pubkey['fingerprint'].
Each pubkey['fingerprint'] in the list is used to filter
and obtain the actual pubkey value from the GoalState
certificates XML.
Each pubkey['value'] requires no further processing and is
immediately added to the return list.
@return: A list of the VM user's authorized pubkey values.
Nz/Certificate XML found; parsing out public keys.)r����r����r0���r1���r�����_filter_pubkeys)r{���r����r����r�����keys_by_fingerprintr%���r%���r&���r����T��s����
���
�
z"WALinuxAgentShim._get_user_pubkeys)r����r����r
���c�����������������C���s|���g�}|D�]n}d|v�r,|d�r,|��|d���qd|v�rj|d�rj|d�}||�v�r\|��|�|���qvt�d|��qt�d|��q|S�)a8��Filter and return only the user's actual pubkeys.
@param keys_by_fingerprint: pubkey fingerprint -> pubkey value dict
that was obtained from GoalState Certificates XML. May contain
non-user pubkeys.
@param pubkey_info: List of VM user pubkeys. Pubkey values are added
to the return list without further processing. Pubkey fingerprints
are used to filter and obtain the actual pubkey values from
keys_by_fingerprint.
@return: A list of the VM user's authorized pubkey values.
r����r����zIovf-env.xml specified PublicKey fingerprint %s not found in goalstate XMLzFovf-env.xml specified PublicKey with neither value nor fingerprint: %s)r����r0���rY���)r����r����r����Zpubkeyr����r%���r%���r&���r����~��s"����
��z WALinuxAgentShim._filter_pubkeys)NN)r ���r����r����rl���r}���r����r(���r����Distror����r ���r���r����r����r����r����r����r����r����r
���r�����listr����r�����dictr����r%���r%���r%���r&���r�������s:���
��
�%�
�!�)r����)r����r����r����r����c�����������������C���s4���t�|�d�}z|j|||d�W�|����S�|����0�d�S�)Nr����)r����r����r����)r����r����r����)r����r����r����r�����shimr%���r%���r&����get_metadata_from_fabric���s����
��r����zerrors.ReportableError)r����r����c�����������������C���s:���t�|�d�}|���}z|j|d��W�|����n
|����0�d�S�)Nr����r����)r����Zas_encoded_reportr����r����)r����r����r����r���r%���r%���r&����report_failure_to_fabric���s
����
r����c�����������������C���s(���t�d|��tjd��t�d|�tjd��d�S�)Nzdhclient output stream: %srC���zdhclient error stream: %s)rJ���r0���r1���)r:����errr%���r%���r&����
dhcp_log_cb���s
����
�
�r����c�������������������@���s
���e�Zd�ZdS�)�NonAzureDataSourceN)r ���r����r����r%���r%���r%���r&���r�������s���r����c����������������
���@���s����e�Zd�Zddd�Zdddddddddd� ee�ee�ee�ee�ee�eee ��eee�edd�
dd �Z
ed
�d
d
�Z
e
ed�d
�dd��Z
d
eeed�dd�Zd
eeeed�dd�Zdd��Zdd��Zdd
��ZdS�) � OvfEnvXmlz)http://schemas.dmtf.org/ovf/environment/1z)http://schemas.microsoft.com/windowsazure)Zovf�waNF� ro����passwordrp����
custom_data�disable_ssh_password_auth�
public_keys�preprovisioned_vm�preprovisioned_vm_type�provision_guest_proxy_agent)
ro���r��rp���r��r��r��r��r��r��r
���c������� ���
������C���s>���||�_�||�_||�_||�_||�_|p$g�|�_||�_||�_| |�_d�S�r\���r��)
r{���ro���r��rp���r��r��r��r��r��r��r%���r%���r&���r}������s����
zOvfEnvXml.__init__r~���c�����������������C���s
���|�j�|j�kS�r\���)�__dict__)r{����otherr%���r%���r&����__eq__���s����zOvfEnvXml.__eq__)�
ovf_env_xmlr
���c��������������
���C���s|���zt��|�}W�n4�t�jyB�}�ztj|d�|�W�Y�d}~n
d}~0�0�|�d|�j�du�r^td��t��}|� |��|�
|��|S�)z�Parser for ovf-env.xml data.
:raises NonAzureDataSource: if XML is not in Azure's format.
:raises errors.ReportableErrorOvfParsingException: if XML is
unparsable or invalid.
)� exceptionNz./wa:ProvisioningSectionz=Ignoring non-Azure ovf-env.xml: ProvisioningSection not found)
r����r����r����r���Z"ReportableErrorOvfParsingExceptionr�����
NAMESPACESr����r�����&_parse_linux_configuration_set_section� _parse_platform_settings_section)�clsr
��r����r9����instancer%���r%���r&����
parse_text���s����$�
zOvfEnvXml.parse_textr���)r����required� namespacec�����������������C���sp���|��d||f�tj�}t|�dkrFd|�}t�|��|rBt�|��d�S�t|�dkrht�d|t|�f���|d�S�)Nz./%s:%sr����
missing configuration for %rr.����*multiple configuration matches for %r (%d))�findallr����r���lenr0���r1���r����!ReportableErrorOvfInvalidMetadata)r{����noder���r��r���matchesrE���r%���r%���r&����_find��s �����
��zOvfEnvXml._find)r���r���
decode_base64�
parse_boolc�����������
������C���s����|��d|�tj�}t|�dkrBd|�}t�|��|r>t�|��|S�t|�dkrdt�d|t|�f���|d�j} | d�u�rz|} |r�| d�ur�t �
d�
| �
����} |r�t
�| �} | S�)Nz./wa:r���r��r.���r��r����)r��r����r��r��r0���r1���r���r��r����rO���Z b64decoder����r4���r���Ztranslate_bool)
r{���r��r���r��r
��r ���defaultr
��rE���r����r%���r%���r&����_parse_property��s*����
��
zOvfEnvXml._parse_propertyc�����������������C���s����|�j�|ddd�}|�j�|ddd�}|�j|dddd�|�_|�j|ddd�|�_|�j|d dd�|�_|�j|d
dd�|�_|�j|d
ddd
�|�_|��|��d�S�)
NZProvisioningSectionT�r��Z!LinuxProvisioningConfigurationSetZ
CustomDataF)r
��r��ZUserNameZ
UserPasswordZHostNameZ DisableSshPasswordAuthentication)r ��r��)r
��r!��r��ro���r��rp���r���_parse_ssh_section)r{���r����Zprovisioning_section�
config_setr%���r%���r&���r��?��s<�����������z0OvfEnvXml._parse_linux_configuration_set_sectionc�����������������C���sb���|�j�|ddd�}|�j�|ddd�}|�j|ddddd�|�_|�j|ddd�|�_|�j|d dddd�|�_d�S�)
NZPlatformSettingsSectionTr"��ZPlatformSettingsZPreprovisionedVmF)r ��r ��r��ZPreprovisionedVMTypeZProvisionGuestProxyAgent)r
��r!��r��r��r��)r{���r����Zplatform_settings_sectionZplatform_settingsr%���r%���r&���r��a��s2���������z*OvfEnvXml._parse_platform_settings_sectionc����������� ������C���s����g�|�_�|�j|ddd�}|d�u�r"d�S�|�j|ddd�}|d�u�r>d�S�|�dtj�D�]N}|�j|ddd�}|�j|ddd�}|�j|dd dd
�}|||d
�}|�j��|��qLd�S�)
NZSSHFr"��Z
PublicKeysz./wa:PublicKeyZ
Fingerprint�PathZValuer����)r ��r��)r����r`���r����)r��r
��r��r����r��r!��r����) r{���r$��Z
ssh_sectionZpublic_keys_sectionZ
public_keyr����r`���r����r����r%���r%���r&���r#��}��s0���������z
OvfEnvXml._parse_ssh_section)r���)FFN)r ���r����r����r��r ���rl���r����r����r���r����r}���r
���
classmethodr��r
��r!��r��r��r#��r%���r%���r%���r&���r�������sZ�����
�
���
�����
$"
r����)NN)JrO���rT���Zloggingr]���r����rs���rP����
contextlibr���r���r���r���r����typingr���r���r ���r
���r
���Z xml.etreer
���r����Zxml.sax.saxutilsr
���Z cloudinitr���r���r���r���r���r���Zcloudinit.reportingr���Zcloudinit.sources.azurer���Z getLoggerr ���r0���ZDEFAULT_WIRESERVER_ENDPOINTr6���r@���rI���rS���r ���r!���r���r(���r=���rB���rl���r5���rJ���rV���r[���rb���r����r�����intr����rn���rx���ry���rW���r����r����r����r����r����r����r����r����r����r����r����r%���r%���r%���r&����<module>���s����
�
U
��
��7�
"
?�� �f���
�