a >h@sbddlZddlmZddlmZddlmZddlmZddl m Z m Z m Z Gddde e Z dS) N) HTTPResponse)Any)request)URLError)PluginIndependentPlugin PluginOptc@seZdZdZdZdZeddddgZdZd Z d Z d Z d Z d dZ ddZddZedddZeeedddZddZeeedddZd S)GCPzGoogle Cloud Platformgcp)Zvirtkeep-piiFzyStop the plugin from removing PIIs like project name or organization ID from the metadata retrieved from Metadata server.)defaultZdescz3http://metadata.google.internal/computeMetadata/v1/zBhttp://metadata.google.internal/computeMetadata/v1/?recursive=truez[--REDACTED--]NzDDMI: Google Google Compute Engine/Google Compute Engine, BIOS GooglecCs(|d}|ddkrdS|j|dvS)z Checks if this plugin should be executed at all. In this case, it will check the `dmesg` command output to see if the system is running on a Google Cloud Compute instance. dmesgstatusrFoutput)Zexec_cmd GOOGLE_DMI)selfr r:/usr/lib/python3.9/site-packages/sos/report/plugins/gcp.py check_enabled)s  zGCP.check_enabledcCs$|jddgd|jddgddS)z Collect the following info: * Metadata from the Metadata server * `gcloud auth list` output * Any google services output from journal zgcloud auth listr tagszgoogle*)ZunitsrN)Zadd_cmd_outputZ add_journalrrrrsetup4s z GCP.setupc Cs|jddgdp}z,||_||tj|jddWn2typ}z|t|WYd}~n d}~00Wdn1s0YdS)Nz metadata.jsonr r)indent) Zcollection_file get_metadatametadatascrub_metadatawritejsondumps RuntimeErrorstr)rZmfileerrrrrcollectBs z GCP.collect)returncCs"||j}|}t|S)zq Retrieves metadata from the Metadata Server and transforms it into a dictionary object. )_query_addressMETADATA_QUERYreaddecoderloads)rresponseZ response_bodyrrrrLs  zGCP.get_metadata)urlr%c Cszntj|ddid}t|>}|jdkrHtd|jd||WdWS1sb0YWn6ty}ztdt||WYd}~n d}~00dS) zf Query the given url address with headers required by Google Metadata Server. zMetadata-FlavorZGoogle)Zheadersz2Failed to communicate with Metadata Server (code: z): Nz,Failed to communicate with Metadata Server: ) rZRequestZurlopencoder!r(r)rr")r,Zreqr+r#rrrr&Us$   ( zGCP._query_addresscsdrdSjddjddtttdfdd j_jdd d jdd d dS) a" Remove all PII information from metadata, unless a keep-pii option is specified. Note: PII information collected by this plugin, like project number, account names etc. might be required by Google Cloud Support for faster issue resolution. r NZprojectZ projectIdZnumericProjectId)datar%cst|tr2d|vrj|d<fdd|DSt|trNfdd|DSt|trp|jjSt|tr|krjS|S|S)Ntokencsi|]\}}||qSrr).0kvscrubrr z5GCP.scrub_metadata..scrub..csg|] }|qSrr)r1valuer4rr r7z5GCP.scrub_metadata..scrub..) isinstancedictREDACTEDitemslistr"replaceint)r/Z project_idZproject_numberZproject_number_intr5rrrr5ys     z!GCP.scrub_metadata..scrubZ attributeszssh-keysZsshKeys)Z get_optionrr"rsafe_redact_keyrrrArris  zGCP.scrub_metadata)dict_objkeycCs||vr|j||<dS)z Redact keys N)r<)clsrCrDrrrrBszGCP.safe_redact_key)__name__ __module__ __qualname__Z short_descZ plugin_nameZprofilesrZ option_listZ METADATA_ROOTr'r<rrrrr$r;r staticmethodr"rr&r classmethodrBrrrrr s*   'r )rZ http.clientrtypingrZurllibrZ urllib.errorrZsos.report.pluginsrrrr rrrrs