o id@sbddlZddlmZddlmZddlmZddlmZddl m Z m Z m Z Gddde e Z dS) N) HTTPResponse)Any)request)URLError)PluginIndependentPlugin PluginOptc@seZdZdZdZdZeddddgZdZd Z d Z d Z d d Z ddZ ddZdefddZededefddZddZededefddZdS)GCPzGoogle Cloud Platformgcp)virtkeep-piiFzyStop the plugin from removing PIIs like project name or organization ID from the metadata retrieved from Metadata server.)defaultdescz3http://metadata.google.internal/computeMetadata/v1/zBhttp://metadata.google.internal/computeMetadata/v1/?recursive=truez[--REDACTED--]zDDMI: Google Google Compute Engine/Google Compute Engine, BIOS GooglecCs(|d}|ddkr dS|j|dvS)z Checks if this plugin should be executed at all. In this case, it will check the `dmesg` command output to see if the system is running on a Google Cloud Compute instance. dmesgstatusrFoutput)exec_cmd GOOGLE_DMI)selfrr8/usr/lib/python3/dist-packages/sos/report/plugins/gcp.py check_enabled(s  zGCP.check_enabledcCs$|jddgd|jddgddS)z Collect the following info: * Metadata from the Metadata server * `gcloud auth list` output * Any google services output from journal zgcloud auth listr tagszgoogle*)unitsrN)add_cmd_output add_journalrrrrsetup3s z GCP.setupc Cs|jddgdA}z||_||tj|jddWnty8}z |t|WYd}~n d}~wwWddSWddS1sLwYdS)Nz metadata.jsonr r)indent) collection_file get_metadatametadatascrub_metadatawritejsondumps RuntimeErrorstr)rmfileerrrrrcollectAs "z GCP.collectreturncCs"||j}|}t|S)zq Retrieves metadata from the Metadata Server and transforms it into a dictionary object. )_query_addressMETADATA_QUERYreaddecoder&loads)rresponse response_bodyrrrr"Ks   zGCP.get_metadataurlc Csvztj|ddid}t|}Wnty$}ztdt|d}~ww|jdkr9td|jd||S) zf Query the given url address with headers required by Google Metadata Server. zMetadata-FlavorGoogle)headersz,Failed to communicate with Metadata Server: Nz2Failed to communicate with Metadata Server (code: z): ) rRequesturlopenrr(r)coder0r1)r5reqr3r+rrrr.Ts$   zGCP._query_addresscsdrdSjddjddtdtdtffdd j_jdd d jdd d dS) a" Remove all PII information from metadata, unless a keep-pii option is specified. Note: PII information collected by this plugin, like project number, account names etc. might be required by Google Cloud Support for faster issue resolution. r Nproject projectIdnumericProjectIddatar-cst|trd|vrj|d<fdd|DSt|tr'fdd|DSt|tr8|jjSt|trF|krDjS|S|S)Ntokencsi|] \}}||qSrr).0kvscrubrr |sz5GCP.scrub_metadata..scrub..csg|]}|qSrr)rBvaluerErr ~sz5GCP.scrub_metadata..scrub..) isinstancedictREDACTEDitemslistr)replaceint)r@ project_idproject_numberproject_number_intrFrrrrFvs       z!GCP.scrub_metadata..scrub attributeszssh-keyssshKeys) get_optionr#r)rsafe_redact_keyrrrQrr$fs  zGCP.scrub_metadatadict_objkeycCs||vr |j||<dSdS)N)rL)clsrYrZrrrrXszGCP.safe_redact_keyN)__name__ __module__ __qualname__ short_desc plugin_nameprofilesr option_list METADATA_ROOTr/rLrrrr,rKr" staticmethodr)rr.r$ classmethodrXrrrrr s*   'r )r& http.clientrtypingrurllibr urllib.errorrsos.report.pluginsrrrr rrrrs