P?$SrSSKrSSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSK J r SSK J r SSKJr SSKJr SSKJr SS KJr SSKrS rS rS rS r\S-r\S-r\S-rSrSrSrSr Sr!Sr"Sr#Sr$"SS\ RJ5r&g)Direct Connectivity Diagnostic.N) path_util) diagnostic)gcs_resource_reference)execution_utils)log) gce_cache)fileszDirect Connectivity CallzSuccess.z [Not Found]zs #   xc9K9K Lb !u$$--- jj)&&r!uQx0,2HIJ A&&&.. . jj)&&r!uQx0,2HIJ M *cZU(aSRUR55$[$)Nz"{}")formatlower _NOT_FOUND)ss r!_get_location_string_or_not_foundr6Is%&qwwy !6J6r0c\UR5RUR55$)z9Returns true if the region is a prefix of the given zone.)r3 startswith)regionr s r_check_zone_prefixr:Ms   00r0c[R"5n[R"USURS9 UR 5R 5$)z1Returns standard output from executing a command.T)no_exitout_func)ioStringIOrExecwritegetvaluer)commandouts r_exec_and_return_stdoutrERs? # yy    r0cH[R"5U-n[U5$)z6Returns standard output from executing gcloud command.)r ArgsForGcloudrE) command_argsrCs r_exec_gcloud_and_return_stdoutrI]s  ) ) +l :'  ))r0cJ[[5nURSS5S$)z2Gets the zone of the VM from the Metadata service./)r_METADATA_ZONE_URLrsplit)rs r _get_zonerPcs# +,> ?( a  $$r0cN[R"SRU55 g)NzRunning Check: {})rinfor2) check_names r_log_running_checkrTis((  % %j 12r0c^\rSrSrSrSS\R 4Sjjr\S\ 4Sj5r U4Sjr Sr S r S rS rS rS rSrSrSrSrSr\S\R04Sj5rSrU=r$)DirectConnectivityDiagnosticmrbucket_resourcecVXlSUlSUl/Ul[ U5UlSUlSUlUcR[RR[R"5S[R"5-S-5Ulg[ R""U5Ulg)z/Initializes the Direct Connectivity Diagnostic.FrLNdirect_connectivity_log_z.txt)_bucket_resource _cleaned_up_process_count_resultsbool _retain_logs _thread_count_vm_zoneospathjointempfile gettempdirrgenerate_random_int_for_path _logs_pathr ExpandHomeDir)selfrX logs_paths r__init__%DirectConnectivityDiagnostic.__init__ps ,DDDMYDDDM     $  2 2 4 5  do++I6dor0returncg)NzDirect Connectivity Diagnosticrks rname!DirectConnectivityDiagnostic.names +r0c\>UR(d[[U]5 SUlgg)zDRestores environment variables and cleans up temporary cloud object.TN)r\superrV _post_process)rk __class__s r _clean_up&DirectConnectivityDiagnostic._clean_ups'    ($=?d r0c[R"UR5nUHnX;dM SSS5 g SSS5 g!,(df  g=f)z4Checks if target is substring of a line in the logs.NTF)r FileReaderri)rk target_string file_readerlines r!_generic_check_for_string_in_logs>DirectConnectivityDiagnostic._generic_check_for_string_in_logssI   $// *k$   + * +  + * s AAA AcURSS5 URSS5 URSS5 URSS5 [R"UR5n[R "5S S S S UR RR/-n[R"UURS S9nSSS5 WS:Xa_[R"UR5nUH0n[R"SU5(dM![s sSSS5 $ SSS5 SUR-$!,(df  N=f!,(df  N.=f)zBReturns true if get bucket success over Direct Connectivity infra.ATTEMPT_DIRECT_PATHrLCLOUDSDK_STORAGE_PREFERRED_APIgrpc_with_json_fallback GRPC_TRACEhttpGRPC_VERBOSITYdebugz--verbosity=debugstoragebucketsdescribeT)err_funcr<NrzG(?:\[ipv6:(?:%5B)?2001:4860:80[4-7].+\])|(?:\[ipv4:(?:%5B)?34\.126.+\])zFailed. See log at )_set_env_variabler FileWriterrirrGr[ storage_url url_stringr@rAr|research_SUCCESS)rk file_writerrC return_coder~rs r!_check_core_buckets_describe_call>DirectConnectivityDiagnostic._check_core_buckets_describe_calls10!4(*C <0+W5   $// *k--/        + + 6 6 3g$(( $$k +a   DOO , D YYX  O - , - !4?? 22/ + * - ,s%)AE3 EE(E E E cTURSS9(aSUR-$[$)z%Checks if connecting to PSC endpoint.z.p.googleapis.com)r}zKFound PSC endpoint. For context, search for ".p.googleapis.com" in logs at )rrirrrs r_check_private_service_connect;DirectConnectivityDiagnostic._check_private_service_connects5 --).   OO  Or0cD[R"5(a[$g)z"Checks if user is inside a GCE VM.z8Detected this command is not being run from within a VM.)r GetOnGCErrrs r_check_inside_vm-DirectConnectivityDiagnostic._check_inside_vms o Er0c[R"S5 [$![RRa gf=f)3Checks if user can access Traffic Director service.z(https://directpath-pa.googleapis.com:443z&Unable to connect to Traffic Director.)rrrrrrrs r_check_traffic_director_access;DirectConnectivityDiagnostic._check_traffic_director_accesss76ll=> o    / /6 56s ??c[R"S5S4[R"S5S4/n[SS5[SS5-n[R"[ /SQ55nS nUHnUS S :wd US (aMS nUS HnSn[R"U5n UH upU R U 5(aU nM M" [R"U5n UHupX:XdM U nM UcMp[R"SRX55 SnM U(dM[R"SRUS55 SnM U(ag[$![a Mf=f)rz 34.126.0.0/18zDirect Connectivity IPv4z2001:4860:8040::/42zDirect Connectivity IPv6zstorage.googleapis.comzdirectpath-pa.googleapis.comTraffic Director)computezfirewall-ruleslistz --format=jsonF directionEGRESSdisabled sourceRangesNz Found firewall blocking {}: "{}"TzCTo disable run "gcloud compute firewall-rules update --disabled {}"rsz1Found conflicting firewalls. See STDERR messages.) r( ip_networkr/jsonloadsrI subnet_of TypeErrorr)rerrorr2r)rkdesired_ip_networksdesired_ip_addressesfirewall_responsefound_any_problemfirewallfound_firewall_problemfirewall_ip_stringblocked_servicefirewall_networkdesired_ip_networkr, firewall_ipdesired_ip_addresss r_check_firewalls-DirectConnectivityDiagnostic._check_firewallss   o .0JK  !6 7 & $   /1CD E  & B  % + ( *hz.B$ ( 8 $//0BC0C ,  ))*<== ,o>1D **+=> 0D ,   .*O1E  & ))077! $( +!9.   6(6*+ !C&F @ O3   s1E.. E< ;E< c URRR5n[UR5nURR S:Xa{[URR (aURR SOS5n[X24;dX2:wa,SURSUS[R"5SUS3 $URR S:XaURR (aURR nUH%n[XPR5(dM[s $ S URS [US5S [US 5S [R"5SU3 $[URR5nSURS[R"5SUSUSUS3 $UR(a [XR5(a[$SRUR[U5[R"5U5$)z(Checks if bucket has problematic region.r rNzRapid storage bucket "z" zone z does not match VM "zA. Transfer performance between the bucket and VM may be degraded.z dual-regionzBucket "z " locations z and rLz do not include VM "zFound bucket "z"" is in a dual-region. Ensure VM "zT" is in one of the regions covered by the dual-region by looking up the dual-region z\ in the following table: https://cloud.google.com/storage/docs/locations#predefined VM zone zA should start with one of the regions covered by the dual-region .z6Bucket "{}" location {} does not match VM "{}" zone {}) r[locationr3r6rb location_typedata_locationsr4r" gethostnamer:rr2)rkbucket_locationvm_zone bucket_zoneregionsr9location_strings r_check_bucket_region1DirectConnectivityDiagnostic._check_bucket_regions4++44::G **f45  " " 1 1    . .q 1k  - -1G$T%:%:$;7m++-.ggY?N N  **m;   - -''66F  6 6Ot,,-.1'!*=>?1'!*=>?&&()  ; :    ( (o 40012##%&';;J:KLI,-Q  0 }}+O]]KK o C J J )/:  r0c UR(dg[SSS[R"5SR UR5S/5nU(aUR S5(a[ $g) z#Checks if VM has a service account.zAFound no VM zone and, therefore, could not check service account.r instancesrz --zone={}z/--format=table[csv,no-heading](serviceAccounts)z[{zoCompute VM missing service account. See: https://cloud.google.com/compute/docs/instances/change-service-account)rbrIr"rr2r8r)rkservice_accountss r_check_vm_has_service_account:DirectConnectivityDiagnostic._check_vm_has_service_accountPsl == P54==)9 7,77== o Qr0cr[[5nU(dgUS:Xa[$[[5nSUS3$)z(Checks if VM has a MTU of at least 1460.z.Could not determine MTU from metadata service.8896z&Set the MTU of VPC network interface "zv" to 8896 for optimal transfer performance. See: https://cloud.google.com/storage/docs/enable-grpc-api#configure-vpcsc)r_METADATA_MTU_URLr_METADATA_NETWORK_URL)rkmtunetworks r _check_vm_mtu*DirectConnectivityDiagnostic._check_vm_mtudsB (): ;C  = f} o,-BCG 0 :P Pr0c [R"S5 [[5 URR [ R"[UR5SS95 [5Ul URSS4URSS4URSS 4URS S 4URS S 4UR SS4UR"SS44HHupn[U5 U"5nURR [ R"UUUS95 MJ g![$a nUnSnANESnAff=f)zRuns the diagnostic test.zThis diagnostic is experimental. The output may change, and checks may be added or removed at any time. Please do not rely on the diagnostic being present.zCAble to get bucket metadata using Direct Connectivity network path.)rsresultpayload_descriptionzPrivate Service Connectz^Checks for string in logs containing incompatible PSC endpoint of format "*.p.googleapis.com".zCompute Engine VMzSDirect Connectivity is only accessible from within Compute Engine virtual machines.rzDDirect Connectivity requires access to the Traffic Director service. Firewallsz]Direct Connectivity requires access to various IP addresses that may be blocked by firewalls.z Bucket Regionz[To get the best performance, the bucket should have a replica in the same region as the VM.zVM has Service Accountz;Direct Connectivity requires the VM have a service account.zVPC Network MTUzADirect Connectivity performs best with a VPC network MTU of 8896.N)rwarningrT_CORE_CHECK_NAMEr^r'rDiagnosticOperationResultrrPrbrrrrrrr Exception)rkcheckrs descriptionr-es r_run!DirectConnectivityDiagnostic._runrsnKK ) '(MM,,!99;.   KDM  / / %3    ! ! ,    / /     ! ! 5    % % 1    . . $ I      _7% [p4 g  mm  . ."- 7%xs!D'' D=1D88D=c$UR5 g)zSee _clean_up. Using redundant calls because we can clean up earlier during _run, and keeping _post_process ensures clean up if _run fails. N)ryrrs rrw*DirectConnectivityDiagnostic._post_processs  NNr0cT[R"URURS9$)z:Returns the summarized result of the diagnostic execution.)rsoperation_results)rDiagnosticResultrsr^rrs rr#DirectConnectivityDiagnostic.results%  & & YY-- r0)r[r\rir]r^r`rarb)N)__name__ __module__ __qualname____firstlineno____doc__rGcsBucketResourcermpropertystrrsryrrrrrrrrrrrwrrr__static_attributes__ __classcell__)rxs@rrVrVms' 7-??70 ,C, ,  3D F 6:x7r( [z j11 r0rV)'rr>r(rrcrr"rf"googlecloudsdk.command_lib.storager+googlecloudsdk.command_lib.storage.diagnoser,googlecloudsdk.command_lib.storage.resourcesrgooglecloudsdk.corerrgooglecloudsdk.core.credentialsr googlecloudsdk.core.utilr rrrr4_METADATA_BASE_URLrNrrrr/r6r:rErIrPrT DiagnosticrVrqr0rrs&  8BO/#5*.   B(&0&)CC*-KK   71  * % 3p:#8#8pr0