def _parse_user(user):
name = findtext(user, "Name")
encrypted_password = findtext(user, "Password")
expiration = findtext(user, "Expiration")
remote_access_user = RemoteAccessUser(name, encrypted_password,
expiration)
return remote_access_user
def parse(self, xml_text):
"""
Write configuration to file ExtensionsConfig.xml.
"""
xml_doc = parse_doc(xml_text)
ga_families_list = find(xml_doc, "GAFamilies")
ga_families = findall(ga_families_list, "GAFamily")
for ga_family in ga_families:
family = findtext(ga_family, "Name")
uris_list = find(ga_family, "Uris")
uris = findall(uris_list, "Uri")
manifest = VMAgentManifest()
manifest.family = family
for uri in uris:
manifestUri = VMAgentManifestUri(uri=gettext(uri))
manifest.versionsManifestUris.append(manifestUri)
self.vmagent_manifests.vmAgentManifests.append(manifest)
plugins_list = find(xml_doc, "Plugins")
plugins = findall(plugins_list, "Plugin")
plugin_settings_list = find(xml_doc, "PluginSettings")
plugin_settings = findall(plugin_settings_list, "Plugin")
for plugin in plugins:
ext_handler = self.parse_plugin(plugin)
self.ext_handlers.extHandlers.append(ext_handler)
self.parse_plugin_settings(ext_handler, plugin_settings)
self.status_upload_blob = findtext(xml_doc, "StatusUploadBlob")
def _parse_extensions_config(self, xml_text):
xml_doc = parse_doc(xml_text)
ga_families_list = find(xml_doc, "GAFamilies")
ga_families = findall(ga_families_list, "GAFamily")
for ga_family in ga_families:
family = findtext(ga_family, "Name")
uris_list = find(ga_family, "Uris")
uris = findall(uris_list, "Uri")
manifest = VMAgentManifest()
manifest.family = family
for uri in uris:
manifest_uri = VMAgentManifestUri(uri=gettext(uri))
manifest.versionsManifestUris.append(manifest_uri)
self.vmagent_manifests.vmAgentManifests.append(manifest)
self.__parse_plugins_and_settings_and_populate_ext_handlers(xml_doc)
required_features_list = find(xml_doc, "RequiredFeatures")
if required_features_list is not None:
self._parse_required_features(required_features_list)
self._status_upload_blob = findtext(xml_doc, "StatusUploadBlob")
self.artifacts_profile_blob = findtext(xml_doc,
"InVMArtifactsProfileBlob")
status_upload_node = find(xml_doc, "StatusUploadBlob")
self._status_upload_blob_type = getattrib(status_upload_node,
"statusBlobType")
logger.verbose("Extension config shows status blob type as [{0}]",
self._status_upload_blob_type)
self.in_vm_gs_metadata.parse_node(
find(xml_doc, "InVMGoalStateMetaData"))
def parse(self, xml_text):
"""
Write configuration to file ExtensionsConfig.xml.
"""
xml_doc = parse_doc(xml_text)
ga_families_list = find(xml_doc, "GAFamilies")
ga_families = findall(ga_families_list, "GAFamily")
for ga_family in ga_families:
family = findtext(ga_family, "Name")
uris_list = find(ga_family, "Uris")
uris = findall(uris_list, "Uri")
manifest = VMAgentManifest()
manifest.family = family
for uri in uris:
manifestUri = VMAgentManifestUri(uri=gettext(uri))
manifest.versionsManifestUris.append(manifestUri)
self.vmagent_manifests.vmAgentManifests.append(manifest)
plugins_list = find(xml_doc, "Plugins")
plugins = findall(plugins_list, "Plugin")
plugin_settings_list = find(xml_doc, "PluginSettings")
plugin_settings = findall(plugin_settings_list, "Plugin")
for plugin in plugins:
ext_handler = self.parse_plugin(plugin)
self.ext_handlers.extHandlers.append(ext_handler)
self.parse_plugin_settings(ext_handler, plugin_settings)
self.status_upload_blob = findtext(xml_doc, "StatusUploadBlob")
def __init__(self, xml_text):
self.xml_text = xml_text
self.ext_handlers = ExtHandlerList()
self.vmagent_manifests = VMAgentManifestList()
self.status_upload_blob = None
self.status_upload_blob_type = None
self.artifacts_profile_blob = None
if xml_text is None:
return
xml_doc = parse_doc(self.xml_text)
ga_families_list = find(xml_doc, "GAFamilies")
ga_families = findall(ga_families_list, "GAFamily")
for ga_family in ga_families:
family = findtext(ga_family, "Name")
uris_list = find(ga_family, "Uris")
uris = findall(uris_list, "Uri")
manifest = VMAgentManifest()
manifest.family = family
for uri in uris:
manifestUri = VMAgentManifestUri(uri=gettext(uri))
manifest.versionsManifestUris.append(manifestUri)
self.vmagent_manifests.vmAgentManifests.append(manifest)
plugins_list = find(xml_doc, "Plugins")
plugins = findall(plugins_list, "Plugin")
plugin_settings_list = find(xml_doc, "PluginSettings")
plugin_settings = findall(plugin_settings_list, "Plugin")
for plugin in plugins:
ext_handler = ExtensionsConfig._parse_plugin(plugin)
self.ext_handlers.extHandlers.append(ext_handler)
ExtensionsConfig._parse_plugin_settings(ext_handler,
plugin_settings)
self.status_upload_blob = findtext(xml_doc, "StatusUploadBlob")
self.artifacts_profile_blob = findtext(xml_doc,
"InVMArtifactsProfileBlob")
status_upload_node = find(xml_doc, "StatusUploadBlob")
self.status_upload_blob_type = getattrib(status_upload_node,
"statusBlobType")
logger.verbose("Extension config shows status blob type as [{0}]",
self.status_upload_blob_type)
def __init__(self, xml_text):
self.xml_text = xml_text
self.version = None
self.incarnation = None
self.user_list = RemoteAccessUsersList()
if self.xml_text is None or len(self.xml_text) == 0:
return
xml_doc = parse_doc(self.xml_text)
self.version = findtext(xml_doc, "Version")
self.incarnation = findtext(xml_doc, "Incarnation")
user_collection = find(xml_doc, "Users")
users = findall(user_collection, "User")
for user in users:
remote_access_user = RemoteAccess._parse_user(user)
self.user_list.users.append(remote_access_user)
def parse(self, xml_text):
"""
Request configuration data from endpoint server.
"""
self.xml_text = xml_text
xml_doc = parse_doc(xml_text)
self.incarnation = findtext(xml_doc, "Incarnation")
self.expected_state = findtext(xml_doc, "ExpectedState")
self.hosting_env_uri = findtext(xml_doc, "HostingEnvironmentConfig")
self.shared_conf_uri = findtext(xml_doc, "SharedConfig")
self.certs_uri = findtext(xml_doc, "Certificates")
self.ext_uri = findtext(xml_doc, "ExtensionsConfig")
role_instance = find(xml_doc, "RoleInstance")
self.role_instance_id = findtext(role_instance, "InstanceId")
role_config = find(role_instance, "Configuration")
self.role_instance_config_name = findtext(role_config, "ConfigName")
container = find(xml_doc, "Container")
self.container_id = findtext(container, "ContainerId")
lbprobe_ports = find(xml_doc, "LBProbePorts")
self.load_balancer_probe_port = findtext(lbprobe_ports, "Port")
return self
def parse(self, xml_text):
xml_doc = parse_doc(xml_text)
preferred = find(xml_doc, "Preferred")
self.preferred = findtext(preferred, "Version")
logger.info("Fabric preferred wire protocol version:{0}", self.preferred)
self.supported = []
supported = find(xml_doc, "Supported")
supported_version = findall(supported, "Version")
for node in supported_version:
version = gettext(node)
logger.verbose("Fabric supported wire protocol version:{0}", version)
self.supported.append(version)
def _handle_packages(self, packages, isinternal):
for package in packages:
version = findtext(package, "Version")
disallow_major_upgrade = findtext(package, "DisallowMajorVersionUpgrade")
if disallow_major_upgrade is None:
disallow_major_upgrade = ''
disallow_major_upgrade = disallow_major_upgrade.lower() == "true"
uris = find(package, "Uris")
uri_list = findall(uris, "Uri")
uri_list = [gettext(x) for x in uri_list]
pkg = ExtHandlerPackage()
pkg.version = version
pkg.disallow_major_upgrade = disallow_major_upgrade
for uri in uri_list:
pkg_uri = ExtHandlerVersionUri()
pkg_uri.uri = uri
pkg.uris.append(pkg_uri)
pkg.isinternal = isinternal
self.pkg_list.versions.append(pkg)
def __init__(self, wire_client):
"""
Fetches the goal state using the given wire client.
__init__ fetches only the goal state itself, not including inner properties such as ExtensionsConfig; to fetch the entire goal state
use the fetch_full_goal_state().
"""
uri = GOAL_STATE_URI.format(wire_client.get_endpoint())
for _ in range(0, _NUM_GS_FETCH_RETRIES):
self.xml_text = wire_client.fetch_config(uri, wire_client.get_header())
xml_doc = parse_doc(self.xml_text)
self.incarnation = findtext(xml_doc, "Incarnation")
role_instance = find(xml_doc, "RoleInstance")
if role_instance:
break
time.sleep(0.5)
else:
raise IncompleteGoalStateError("Fetched goal state without a RoleInstance [incarnation {inc}]".format(inc=self.incarnation))
try:
self.role_instance_id = findtext(role_instance, "InstanceId")
role_config = find(role_instance, "Configuration")
self.role_config_name = findtext(role_config, "ConfigName")
container = find(xml_doc, "Container")
self.container_id = findtext(container, "ContainerId")
AgentGlobals.update_container_id(self.container_id)
# these properties are populated by fetch_full_goal_state()
self._hosting_env_uri = findtext(xml_doc, "HostingEnvironmentConfig")
self.hosting_env = None
self._shared_conf_uri = findtext(xml_doc, "SharedConfig")
self.shared_conf = None
self._certs_uri = findtext(xml_doc, "Certificates")
self.certs = None
self.extensions_config_uri = findtext(xml_doc, "ExtensionsConfig")
self._remote_access_uri = findtext(container, "RemoteAccessInfo")
self.remote_access = None
except Exception as exception:
# We don't log the error here since fetching the goal state is done every few seconds
raise ProtocolError(msg="Error fetching goal state", inner=exception)
def parse(self, xml_text):
"""
Request configuration data from endpoint server.
"""
self.xml_text = xml_text
xml_doc = parse_doc(xml_text)
self.incarnation = findtext(xml_doc, "Incarnation")
self.expected_state = findtext(xml_doc, "ExpectedState")
self.hosting_env_uri = findtext(xml_doc, "HostingEnvironmentConfig")
self.shared_conf_uri = findtext(xml_doc, "SharedConfig")
self.certs_uri = findtext(xml_doc, "Certificates")
self.ext_uri = findtext(xml_doc, "ExtensionsConfig")
role_instance = find(xml_doc, "RoleInstance")
self.role_instance_id = findtext(role_instance, "InstanceId")
container = find(xml_doc, "Container")
self.container_id = findtext(container, "ContainerId")
lbprobe_ports = find(xml_doc, "LBProbePorts")
self.load_balancer_probe_port = findtext(lbprobe_ports, "Port")
return self
def _handle_packages(self, packages, isinternal):
for package in packages:
version = findtext(package, "Version")
disallow_major_upgrade = findtext(package,
"DisallowMajorVersionUpgrade")
if disallow_major_upgrade is None:
disallow_major_upgrade = ''
disallow_major_upgrade = disallow_major_upgrade.lower() == "true"
uris = find(package, "Uris")
uri_list = findall(uris, "Uri")
uri_list = [gettext(x) for x in uri_list]
pkg = ExtHandlerPackage()
pkg.version = version
pkg.disallow_major_upgrade = disallow_major_upgrade
for uri in uri_list:
pkg_uri = ExtHandlerVersionUri()
pkg_uri.uri = uri
pkg.uris.append(pkg_uri)
pkg.isinternal = isinternal
self.pkg_list.versions.append(pkg)
def parse(self, xml_text):
xml_doc = parse_doc(xml_text)
preferred = find(xml_doc, "Preferred")
self.preferred = findtext(preferred, "Version")
logger.info("Fabric preferred wire protocol version:{0}",
self.preferred)
self.supported = []
supported = find(xml_doc, "Supported")
supported_version = findall(supported, "Version")
for node in supported_version:
version = gettext(node)
logger.verbose("Fabric supported wire protocol version:{0}",
version)
self.supported.append(version)
def _parse_required_features(self, required_features_list):
for required_feature in findall(required_features_list,
"RequiredFeature"):
feature_name = findtext(required_feature, "Name")
# per the documentation, RequiredFeatures also have a "Value" attribute but currently it is not being populated
self._required_features.append(feature_name)
def __init__(self, xml_text):
self.cert_list = CertList()
# Save the certificates
local_file = os.path.join(conf.get_lib_dir(), CERTS_FILE_NAME)
fileutil.write_file(local_file, xml_text)
# Separate the certificates into individual files.
xml_doc = parse_doc(xml_text)
data = findtext(xml_doc, "Data")
if data is None:
return
# if the certificates format is not Pkcs7BlobWithPfxContents do not parse it
certificateFormat = findtext(xml_doc, "Format")
if certificateFormat and certificateFormat != "Pkcs7BlobWithPfxContents":
logger.warn("The Format is not Pkcs7BlobWithPfxContents. Format is " + certificateFormat)
return
cryptutil = CryptUtil(conf.get_openssl_cmd())
p7m_file = os.path.join(conf.get_lib_dir(), P7M_FILE_NAME)
p7m = ("MIME-Version:1.0\n" # pylint: disable=W1308
"Content-Disposition: attachment; filename=\"{0}\"\n"
"Content-Type: application/x-pkcs7-mime; name=\"{1}\"\n"
"Content-Transfer-Encoding: base64\n"
"\n"
"{2}").format(p7m_file, p7m_file, data)
fileutil.write_file(p7m_file, p7m)
trans_prv_file = os.path.join(conf.get_lib_dir(), TRANSPORT_PRV_FILE_NAME)
trans_cert_file = os.path.join(conf.get_lib_dir(), TRANSPORT_CERT_FILE_NAME)
pem_file = os.path.join(conf.get_lib_dir(), PEM_FILE_NAME)
# decrypt certificates
cryptutil.decrypt_p7m(p7m_file, trans_prv_file, trans_cert_file, pem_file)
# The parsing process use public key to match prv and crt.
buf = []
begin_crt = False # pylint: disable=W0612
begin_prv = False # pylint: disable=W0612
prvs = {}
thumbprints = {}
index = 0
v1_cert_list = []
with open(pem_file) as pem:
for line in pem.readlines():
buf.append(line)
if re.match(r'[-]+BEGIN.*KEY[-]+', line):
begin_prv = True
elif re.match(r'[-]+BEGIN.*CERTIFICATE[-]+', line):
begin_crt = True
elif re.match(r'[-]+END.*KEY[-]+', line):
tmp_file = Certificates._write_to_tmp_file(index, 'prv', buf)
pub = cryptutil.get_pubkey_from_prv(tmp_file)
prvs[pub] = tmp_file
buf = []
index += 1
begin_prv = False
elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
tmp_file = Certificates._write_to_tmp_file(index, 'crt', buf)
pub = cryptutil.get_pubkey_from_crt(tmp_file)
thumbprint = cryptutil.get_thumbprint_from_crt(tmp_file)
thumbprints[pub] = thumbprint
# Rename crt with thumbprint as the file name
crt = "{0}.crt".format(thumbprint)
v1_cert_list.append({
"name": None,
"thumbprint": thumbprint
})
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
buf = []
index += 1
begin_crt = False
# Rename prv key with thumbprint as the file name
for pubkey in prvs:
thumbprint = thumbprints[pubkey]
if thumbprint:
tmp_file = prvs[pubkey]
prv = "{0}.prv".format(thumbprint)
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), prv))
logger.info("Found private key matching thumbprint {0}".format(thumbprint))
else:
# Since private key has *no* matching certificate,
# it will not be named correctly
logger.warn("Found NO matching cert/thumbprint for private key!")
# Log if any certificates were found without matching private keys
# This can happen (rarely), and is useful to know for debugging
for pubkey in thumbprints:
if not pubkey in prvs:
msg = "Certificate with thumbprint {0} has no matching private key."
logger.info(msg.format(thumbprints[pubkey]))
for v1_cert in v1_cert_list:
cert = Cert()
set_properties("certs", cert, v1_cert)
self.cert_list.certificates.append(cert)
def __init__(self, wire_client, full_goal_state=False, base_incarnation=None):
"""
Fetches the goal state using the given wire client.
By default it fetches only the goal state itself; to fetch the entire goal state (that includes all the
nested components, such as the extension config) use the 'full_goal_state' parameter.
If 'base_incarnation' is given, it fetches the full goal state if the new incarnation is different than
the given value, otherwise it fetches only the goal state itself.
For better code readability, use the static fetch_* methods below instead of instantiating GoalState
directly.
"""
uri = GOAL_STATE_URI.format(wire_client.get_endpoint())
for _ in range(0, _NUM_GS_FETCH_RETRIES):
self.xml_text = wire_client.fetch_config(uri, wire_client.get_header())
xml_doc = parse_doc(self.xml_text)
self.incarnation = findtext(xml_doc, "Incarnation")
role_instance = find(xml_doc, "RoleInstance")
if role_instance:
break
time.sleep(0.5)
else:
raise IncompleteGoalStateError("Fetched goal state without a RoleInstance [incarnation {inc}]".format(inc=self.incarnation))
try:
self.expected_state = findtext(xml_doc, "ExpectedState")
self.role_instance_id = findtext(role_instance, "InstanceId")
role_config = find(role_instance, "Configuration")
self.role_config_name = findtext(role_config, "ConfigName")
container = find(xml_doc, "Container")
self.container_id = findtext(container, "ContainerId")
lbprobe_ports = find(xml_doc, "LBProbePorts")
self.load_balancer_probe_port = findtext(lbprobe_ports, "Port")
AgentGlobals.update_container_id(self.container_id)
if full_goal_state:
reason = 'force update'
elif base_incarnation not in (None, self.incarnation):
reason = 'new incarnation'
else:
self.hosting_env = None
self.shared_conf = None
self.certs = None
self.ext_conf = None
self.remote_access = None
return
except Exception as exception:
# We don't log the error here since fetching the goal state is done every few seconds
raise ProtocolError(msg="Error fetching goal state", inner=exception)
try:
logger.info('Fetching new goal state [incarnation {0} ({1})]', self.incarnation, reason)
uri = findtext(xml_doc, "HostingEnvironmentConfig")
xml_text = wire_client.fetch_config(uri, wire_client.get_header())
self.hosting_env = HostingEnv(xml_text)
uri = findtext(xml_doc, "SharedConfig")
xml_text = wire_client.fetch_config(uri, wire_client.get_header())
self.shared_conf = SharedConfig(xml_text)
uri = findtext(xml_doc, "Certificates")
if uri is None:
self.certs = None
else:
xml_text = wire_client.fetch_config(uri, wire_client.get_header_for_cert())
self.certs = Certificates(xml_text)
uri = findtext(xml_doc, "ExtensionsConfig")
if uri is None:
self.ext_conf = ExtensionsConfig(None)
else:
xml_text = wire_client.fetch_config(uri, wire_client.get_header())
self.ext_conf = ExtensionsConfig(xml_text)
uri = findtext(container, "RemoteAccessInfo")
if uri is None:
self.remote_access = None
else:
xml_text = wire_client.fetch_config(uri, wire_client.get_header_for_cert())
self.remote_access = RemoteAccess(xml_text)
except Exception as exception:
logger.warn("Fetching the goal state failed: {0}", ustr(exception))
raise ProtocolError(msg="Error fetching goal state", inner=exception)
finally:
logger.info('Fetch goal state completed')
def _parse_required_features(self, required_features_list):
for required_feature in findall(required_features_list, "RequiredFeature"):
feature_name = findtext(required_feature, "Name")
feature_value = findtext(required_feature, "Value")
self.required_features.append(RequiredFeature(name=feature_name, value=feature_value))
def __init__(self,
wire_client,
full_goal_state=False,
base_incarnation=None):
"""
Fetches the goal state using the given wire client.
By default it fetches only the goal state itself; to fetch the entire goal state (that includes all the
nested components, such as the extension config) use the 'full_goal_state' parameter.
If 'base_incarnation' is given, it fetches the full goal state if the new incarnation is different than
the given value, otherwise it fetches only the goal state itself.
For better code readability, use the static fetch_* methods below instead of instantiating GoalState
directly.
"""
uri = GOAL_STATE_URI.format(wire_client.get_endpoint())
self.xml_text = wire_client.fetch_config(uri, wire_client.get_header())
xml_doc = parse_doc(self.xml_text)
self.incarnation = findtext(xml_doc, "Incarnation")
self.expected_state = findtext(xml_doc, "ExpectedState")
role_instance = find(xml_doc, "RoleInstance")
self.role_instance_id = findtext(role_instance, "InstanceId")
role_config = find(role_instance, "Configuration")
self.role_config_name = findtext(role_config, "ConfigName")
container = find(xml_doc, "Container")
self.container_id = findtext(container, "ContainerId")
lbprobe_ports = find(xml_doc, "LBProbePorts")
self.load_balancer_probe_port = findtext(lbprobe_ports, "Port")
GoalState.ContainerID = self.container_id
fetch_full_goal_state = False
if full_goal_state:
fetch_full_goal_state = True
reason = 'force update'
elif base_incarnation is not None and self.incarnation != base_incarnation:
fetch_full_goal_state = True
reason = 'new incarnation'
if not fetch_full_goal_state:
self.hosting_env = None
self.shared_conf = None
self.certs = None
self.ext_conf = None
self.remote_access = None
return
logger.info('Fetching new goal state [incarnation {0} ({1})]',
self.incarnation, reason)
try:
uri = findtext(xml_doc, "HostingEnvironmentConfig")
xml_text = wire_client.fetch_config(uri, wire_client.get_header())
self.hosting_env = HostingEnv(xml_text)
uri = findtext(xml_doc, "SharedConfig")
xml_text = wire_client.fetch_config(uri, wire_client.get_header())
self.shared_conf = SharedConfig(xml_text)
uri = findtext(xml_doc, "Certificates")
if uri is None:
self.certs = None
else:
xml_text = wire_client.fetch_config(
uri, wire_client.get_header_for_cert())
self.certs = Certificates(xml_text)
uri = findtext(xml_doc, "ExtensionsConfig")
if uri is None:
self.ext_conf = ExtensionsConfig(None)
else:
xml_text = wire_client.fetch_config(uri,
wire_client.get_header())
self.ext_conf = ExtensionsConfig(xml_text)
uri = findtext(container, "RemoteAccessInfo")
if uri is None:
self.remote_access = None
else:
xml_text = wire_client.fetch_config(
uri, wire_client.get_header_for_cert())
self.remote_access = RemoteAccess(xml_text)
except Exception as e:
logger.warn("Fetching the goal state failed: {0}", ustr(e))
raise
finally:
logger.info('Fetch goal state completed')
def parse(self, xml_text):
"""
Parse multiple certificates into seperate files.
"""
xml_doc = parse_doc(xml_text)
data = findtext(xml_doc, "Data")
if data is None:
return
cryptutil = CryptUtil(conf.get_openssl_cmd())
p7m_file = os.path.join(conf.get_lib_dir(), P7M_FILE_NAME)
p7m = ("MIME-Version:1.0\n"
"Content-Disposition: attachment; filename=\"{0}\"\n"
"Content-Type: application/x-pkcs7-mime; name=\"{1}\"\n"
"Content-Transfer-Encoding: base64\n"
"\n"
"{2}").format(p7m_file, p7m_file, data)
self.client.save_cache(p7m_file, p7m)
trans_prv_file = os.path.join(conf.get_lib_dir(),
TRANSPORT_PRV_FILE_NAME)
trans_cert_file = os.path.join(conf.get_lib_dir(),
TRANSPORT_CERT_FILE_NAME)
pem_file = os.path.join(conf.get_lib_dir(), PEM_FILE_NAME)
# decrypt certificates
cryptutil.decrypt_p7m(p7m_file, trans_prv_file, trans_cert_file,
pem_file)
# The parsing process use public key to match prv and crt.
buf = []
begin_crt = False
begin_prv = False
prvs = {}
thumbprints = {}
index = 0
v1_cert_list = []
with open(pem_file) as pem:
for line in pem.readlines():
buf.append(line)
if re.match(r'[-]+BEGIN.*KEY[-]+', line):
begin_prv = True
elif re.match(r'[-]+BEGIN.*CERTIFICATE[-]+', line):
begin_crt = True
elif re.match(r'[-]+END.*KEY[-]+', line):
tmp_file = self.write_to_tmp_file(index, 'prv', buf)
pub = cryptutil.get_pubkey_from_prv(tmp_file)
prvs[pub] = tmp_file
buf = []
index += 1
begin_prv = False
elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
tmp_file = self.write_to_tmp_file(index, 'crt', buf)
pub = cryptutil.get_pubkey_from_crt(tmp_file)
thumbprint = cryptutil.get_thumbprint_from_crt(tmp_file)
thumbprints[pub] = thumbprint
# Rename crt with thumbprint as the file name
crt = "{0}.crt".format(thumbprint)
v1_cert_list.append({
"name": None,
"thumbprint": thumbprint
})
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
buf = []
index += 1
begin_crt = False
# Rename prv key with thumbprint as the file name
for pubkey in prvs:
thumbprint = thumbprints[pubkey]
if thumbprint:
tmp_file = prvs[pubkey]
prv = "{0}.prv".format(thumbprint)
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), prv))
for v1_cert in v1_cert_list:
cert = Cert()
set_properties("certs", cert, v1_cert)
self.cert_list.certificates.append(cert)
def parse(self, xml_text):
"""
Parse multiple certificates into seperate files.
"""
xml_doc = parse_doc(xml_text)
data = findtext(xml_doc, "Data")
if data is None:
return
cryptutil = CryptUtil(conf.get_openssl_cmd())
p7m_file = os.path.join(conf.get_lib_dir(), P7M_FILE_NAME)
p7m = ("MIME-Version:1.0\n"
"Content-Disposition: attachment; filename=\"{0}\"\n"
"Content-Type: application/x-pkcs7-mime; name=\"{1}\"\n"
"Content-Transfer-Encoding: base64\n"
"\n"
"{2}").format(p7m_file, p7m_file, data)
self.client.save_cache(p7m_file, p7m)
trans_prv_file = os.path.join(conf.get_lib_dir(),
TRANSPORT_PRV_FILE_NAME)
trans_cert_file = os.path.join(conf.get_lib_dir(),
TRANSPORT_CERT_FILE_NAME)
pem_file = os.path.join(conf.get_lib_dir(), PEM_FILE_NAME)
# decrypt certificates
cryptutil.decrypt_p7m(p7m_file, trans_prv_file, trans_cert_file,
pem_file)
# The parsing process use public key to match prv and crt.
buf = []
begin_crt = False
begin_prv = False
prvs = {}
thumbprints = {}
index = 0
v1_cert_list = []
with open(pem_file) as pem:
for line in pem.readlines():
buf.append(line)
if re.match(r'[-]+BEGIN.*KEY[-]+', line):
begin_prv = True
elif re.match(r'[-]+BEGIN.*CERTIFICATE[-]+', line):
begin_crt = True
elif re.match(r'[-]+END.*KEY[-]+', line):
tmp_file = self.write_to_tmp_file(index, 'prv', buf)
pub = cryptutil.get_pubkey_from_prv(tmp_file)
prvs[pub] = tmp_file
buf = []
index += 1
begin_prv = False
elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
tmp_file = self.write_to_tmp_file(index, 'crt', buf)
pub = cryptutil.get_pubkey_from_crt(tmp_file)
thumbprint = cryptutil.get_thumbprint_from_crt(tmp_file)
thumbprints[pub] = thumbprint
# Rename crt with thumbprint as the file name
crt = "{0}.crt".format(thumbprint)
v1_cert_list.append({
"name": None,
"thumbprint": thumbprint
})
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
buf = []
index += 1
begin_crt = False
# Rename prv key with thumbprint as the file name
for pubkey in prvs:
thumbprint = thumbprints[pubkey]
if thumbprint:
tmp_file = prvs[pubkey]
prv = "{0}.prv".format(thumbprint)
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), prv))
for v1_cert in v1_cert_list:
cert = Cert()
set_properties("certs", cert, v1_cert)
self.cert_list.certificates.append(cert)
def parse(self, xml_text):
"""
Parse xml tree, retreiving user and ssh key information.
Return self.
"""
wans = WA_NAME_SPACE
ovfns = OVF_NAME_SPACE
xml_doc = parse_doc(xml_text)
environment = find(xml_doc, "Environment", namespace=ovfns)
_validate_ovf(environment, "Environment not found")
section = find(environment, "ProvisioningSection", namespace=wans)
_validate_ovf(section, "ProvisioningSection not found")
version = findtext(environment, "Version", namespace=wans)
_validate_ovf(version, "Version not found")
if version > OVF_VERSION:
logger.warn("Newer provisioning configuration detected. "
"Please consider updating waagent")
conf_set = find(section,
"LinuxProvisioningConfigurationSet",
namespace=wans)
_validate_ovf(conf_set, "LinuxProvisioningConfigurationSet not found")
self.hostname = findtext(conf_set, "HostName", namespace=wans)
_validate_ovf(self.hostname, "HostName not found")
self.username = findtext(conf_set, "UserName", namespace=wans)
_validate_ovf(self.username, "UserName not found")
self.user_password = findtext(conf_set, "UserPassword", namespace=wans)
self.customdata = findtext(conf_set, "CustomData", namespace=wans)
auth_option = findtext(conf_set,
"DisableSshPasswordAuthentication",
namespace=wans)
if auth_option is not None and auth_option.lower() == "true":
self.disable_ssh_password_auth = True
else:
self.disable_ssh_password_auth = False
public_keys = findall(conf_set, "PublicKey", namespace=wans)
for public_key in public_keys:
path = findtext(public_key, "Path", namespace=wans)
fingerprint = findtext(public_key, "Fingerprint", namespace=wans)
value = findtext(public_key, "Value", namespace=wans)
self.ssh_pubkeys.append((path, fingerprint, value))
keypairs = findall(conf_set, "KeyPair", namespace=wans)
for keypair in keypairs:
path = findtext(keypair, "Path", namespace=wans)
fingerprint = findtext(keypair, "Fingerprint", namespace=wans)
self.ssh_keypairs.append((path, fingerprint))
platform_settings_section = find(environment,
"PlatformSettingsSection",
namespace=wans)
_validate_ovf(platform_settings_section,
"PlatformSettingsSection not found")
platform_settings = find(platform_settings_section,
"PlatformSettings",
namespace=wans)
_validate_ovf(platform_settings, "PlatformSettings not found")
self.provision_guest_agent = findtext(platform_settings,
"ProvisionGuestAgent",
namespace=wans)
_validate_ovf(self.provision_guest_agent,
"ProvisionGuestAgent not found")
def parse(self, xml_text):
"""
Parse xml tree, retreiving user and ssh key information.
Return self.
"""
wans = WA_NAME_SPACE
ovfns = OVF_NAME_SPACE
xml_doc = parse_doc(xml_text)
environment = find(xml_doc, "Environment", namespace=ovfns)
_validate_ovf(environment, "Environment not found")
section = find(environment, "ProvisioningSection", namespace=wans)
_validate_ovf(section, "ProvisioningSection not found")
version = findtext(environment, "Version", namespace=wans)
_validate_ovf(version, "Version not found")
if version > OVF_VERSION:
logger.warn("Newer provisioning configuration detected. "
"Please consider updating waagent")
conf_set = find(section, "LinuxProvisioningConfigurationSet",
namespace=wans)
_validate_ovf(conf_set, "LinuxProvisioningConfigurationSet not found")
self.hostname = findtext(conf_set, "HostName", namespace=wans)
_validate_ovf(self.hostname, "HostName not found")
self.username = findtext(conf_set, "UserName", namespace=wans)
_validate_ovf(self.username, "UserName not found")
self.user_password = findtext(conf_set, "UserPassword", namespace=wans)
self.customdata = findtext(conf_set, "CustomData", namespace=wans)
auth_option = findtext(conf_set, "DisableSshPasswordAuthentication",
namespace=wans)
if auth_option is not None and auth_option.lower() == "true":
self.disable_ssh_password_auth = True
else:
self.disable_ssh_password_auth = False
public_keys = findall(conf_set, "PublicKey", namespace=wans)
for public_key in public_keys:
path = findtext(public_key, "Path", namespace=wans)
fingerprint = findtext(public_key, "Fingerprint", namespace=wans)
value = findtext(public_key, "Value", namespace=wans)
self.ssh_pubkeys.append((path, fingerprint, value))
keypairs = findall(conf_set, "KeyPair", namespace=wans)
for keypair in keypairs:
path = findtext(keypair, "Path", namespace=wans)
fingerprint = findtext(keypair, "Fingerprint", namespace=wans)
self.ssh_keypairs.append((path, fingerprint))
platform_settings_section = find(environment, "PlatformSettingsSection", namespace=wans)
_validate_ovf(platform_settings_section, "PlatformSettingsSection not found")
platform_settings = find(platform_settings_section, "PlatformSettings", namespace=wans)
_validate_ovf(platform_settings, "PlatformSettings not found")
self.provision_guest_agent = findtext(platform_settings, "ProvisionGuestAgent", namespace=wans)
_validate_ovf(self.provision_guest_agent, "ProvisionGuestAgent not found")
