o Q+@sdZddlmZddlmZddlmZddlZddlmZddlm Z ddlm Z dd l m Z dd l mZd ZGd d d eZGdddeZGdddeZGdddeZe jdddejjjfddZd ddZGdddeZdaeZ ddZ!dS)!zFetching GCE metadata.)absolute_import)division)unicode_literalsN) properties) gce_cache)gce_read)retry)urllibzNinsecure-cloudtop-shared-user@cloudtop-prod.google.com.iam.gserviceaccount.comc@eZdZdZdS)ErrorzExceptions for the gce module.N__name__ __module__ __qualname____doc__rr@/tmp/google-cloud-sdk/lib/googlecloudsdk/core/credentials/gce.pyr %r c@r )MetadataServerException9Exception for when the metadata server cannot be reached.Nr rrrrr)rrc@r )&CannotConnectToMetadataServerExceptionrNr rrrrr-rrc@r )MissingAudienceForIdTokenErrorzBException for when audience is missing from ID token minting call.Nr rrrrr1rr) max_retrialsrc Cszt||WStjjy.}z|j|vrWYd}~dS|jdkr&tdt|d}~wtjjy?}zt|d}~ww)zCReads data from a URI with no proxy, yielding cloud-sdk exceptions.NizThe request is rejected. Please check if the metadata server is concealed. See https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata#concealment for more information about metadata server concealment.) r ReadNoProxyr error HTTPErrorcoderURLErrorr)urihttp_errors_to_ignoretimeouterrr_ReadNoProxyWithCleanFailures5s  r#Fcsfdd}|S)aHandles when the metadata server is missing and resets the caches. If you move gcloud from one environment to another, it might still think it in on GCE from a previous invocation (which would result in a crash). Instead of crashing, we ignore the error and just update the cache. Args: return_list: True to return [] instead of None as the default empty answer. Returns: The value the underlying method would return. csfdd}|S)Nc sjz |g|Ri|WSty4t t|_Wdn1s%wYr0gYSdYSwN)r_metadata_lockrForceCacheRefresh connected)selfargskwargs)f return_listrrInner\s  z=_HandleMissingMetadataServer.._Wrapper..Innerr)r+r-r,)r+r_WrapperZsz._HandleMissingMetadataServer.._Wrapperr)r,r/rr.r_HandleMissingMetadataServerKs  r0c@s~eZdZdZddZeddZeddZedd d d Zed d Z ddZ e  dddZ eddZ dS) _GCEMetadatazsClass for fetching GCE metadata. Attributes: connected: bool, True if the metadata server is available. cCst|_dSr$)rGetOnGCEr')r(rrr__init__psz_GCEMetadata.__init__cCs(|jsdSttjdd}|tkrdS|S)aGet the default service account for the host GCE instance. Fetches GOOGLE_GCE_METADATA_DEFAULT_ACCOUNT_URI and returns its contents. Raises: CannotConnectToMetadataServerException: If the metadata server cannot be reached. MetadataServerException: If there is a problem communicating with the metadata server. Returns: str, The email address for the default service account. None if not on a GCE VM, or if there are no service accounts associated with this VM. Nir )r'r#r'GOOGLE_GCE_METADATA_DEFAULT_ACCOUNT_URICLOUDTOP_COMMON_SERVICE_ACCOUNT)r(accountrrrDefaultAccountssz_GCEMetadata.DefaultAccountcCs |jsdSttj}|r|SdS)aGet the project that owns the current GCE instance. Fetches GOOGLE_GCE_METADATA_PROJECT_URI and returns its contents. Raises: CannotConnectToMetadataServerException: If the metadata server cannot be reached. MetadataServerException: If there is a problem communicating with the metadata server. Returns: str, The project ID for the current active project. None if no project is currently active. N)r'r#rGOOGLE_GCE_METADATA_PROJECT_URI)r(projectrrrProjectsz_GCEMetadata.ProjectTr.cCsX|jsgSttjd}|}g}|D]}|d}|dks#|tkr$q||q|S)aUGet the list of service accounts available from the metadata server. Returns: [str], The list of accounts. [] if not on a GCE VM. Raises: CannotConnectToMetadataServerException: If no metadata server is present. MetadataServerException: If there is a problem communicating with the metadata server. /default)r'r#r GOOGLE_GCE_METADATA_ACCOUNTS_URIsplitstripr7append)r(accounts_listingaccounts_linesaccounts account_liner8rrrAccountss   z_GCEMetadata.AccountscCs.|jsdSttjdd}|r|ddSdS)aGet the name of the zone containing the current GCE instance. Fetches GOOGLE_GCE_METADATA_ZONE_URI, formats it, and returns its contents. Raises: CannotConnectToMetadataServerException: If the metadata server cannot be reached. MetadataServerException: If there is a problem communicating with the metadata server. Returns: str, The short name (e.g., us-central1-f) of the zone containing the current instance. None if not on a GCE VM. Nr4r5r=)r'r#rGOOGLE_GCE_METADATA_ZONE_URIr@)r( zone_pathrrrZonesz_GCEMetadata.ZonecCs2|jsdS|}|rd|dddSdS)aGet the name of the region containing the current GCE instance. Fetches GOOGLE_GCE_METADATA_ZONE_URI, extracts the region associated with the zone, and returns it. Extraction is based property that zone names have form - (see https://cloud.google.com/ compute/docs/zones) and an assumption that contains no hyphens. Raises: CannotConnectToMetadataServerException: If the metadata server cannot be reached. MetadataServerException: If there is a problem communicating with the metadata server. Returns: str, The short name (e.g., us-central1) of the region containing the current instance. None if not on a GCE VM. N-rH)r'rKjoinr@)r(zonerrrRegions z_GCEMetadata.RegionstandardFcCs:|jsdS|s t|rdnd}ttjj|||dddS)aGet a valid identity token on the host GCE instance. Fetches GOOGLE_GCE_METADATA_ID_TOKEN_URI and returns its contents. Args: audience: str, target audience for ID token. token_format: str, Specifies whether or not the project and instance details are included in the identity token. Choices are "standard", "full". include_license: bool, Specifies whether or not license codes for images associated with GCE instance are included in their identity tokens Raises: CannotConnectToMetadataServerException: If the metadata server cannot be reached. MetadataServerException: If there is a problem communicating with the metadata server. MissingAudienceForIdTokenError: If audience is missing. Returns: str, The id token or None if not on a CE VM, or if there are no service accounts associated with this VM. NTRUEFALSE)audienceformatlicensesr4r5)r'rr#r GOOGLE_GCE_METADATA_ID_TOKEN_URIrT)r(rS token_formatinclude_licenserrr GetIdTokens z_GCEMetadata.GetIdTokencCs,|jsdSttjdd}|stjjjjS|S)a}Get the universe domain of the current GCE instance. If the GCE metadata server universe domain endpoint is not found, or the endpoint returns an empty string, return the default universe domain (googleapis.com); otherwise return the fetched universe domain value, or raise an exception if the request fails. Raises: CannotConnectToMetadataServerException: If the metadata server cannot be reached. MetadataServerException: If there is a problem communicating with the metadata server. Returns: str, The universe domain value from metadata server. None if not on GCE. Nr4r5) r'r#r'GOOGLE_GCE_METADATA_UNIVERSE_DOMAIN_URIrVALUEScoreuniverse_domainr>)r(r]rrrUniverseDomain(s z_GCEMetadata.UniverseDomainN)rPF) r rrrr3r0r9r<rGrKrOrYr^rrrrr1is$     (r1cCsDttstaWdtSWdtS1swYtS)zGet a singleton for the GCE metadata class. Returns: _GCEMetadata, An object used to collect information from the GCE metadata server. N)r% _metadatar1rrrrMetadataKs  r`)F)"r __future__rrr threadinggooglecloudsdk.corergooglecloudsdk.core.credentialsrrgooglecloudsdk.core.utilr six.movesr r7 Exceptionr rrrRetryOnExceptionr[computegce_metadata_read_timeout_secGetIntr#r0objectr1r_Lockr%r`rrrrs2           _