h'dWc@sdZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z m Z mZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+ddl,m-Z-m.Z.m/Z0m1Z1m2Z3m4Z4m5Z5m6Z7m8Z9m:Z:m;Z;m<Z<ddl=m>Z>ddl?m@Z@mAZAd ZBd efd YZCd eDfd YZEdeDfdYZFdS(s AI Service Interface iN(t itemgetter(tCalledProcessErrortPopentsystem_temp_path(tEventsGeneratort AIServerErrort ERROR_TYPEtClienttManifesttProfilet IMAGE_TYPEtSERVICE_STATUSt ARCHITECTUREt MACAddresst IPv4AddresstObjectChangedEventt CreatedEventt DeletedEventtClientStatusEventt LoggingEventt CertificatetKeytFWt AUTH_NONEtFW_KEYStmake_credentialtSERVICE_SECURITY_POLICIESt check_authst SERVICE_AUTHt CLIENT_AUTHt MANIFEST_AUTHt PROFILE_AUTH( tlogtcachetservice_configtimagetsecurityt KNOWN_ARCHSt DEFAULT_ARCHt ai_databaset aiservicetget_server_instancetdhcptWEBSERVER_DOCROOT(tOPENSSL(tvalidate_service_nametcheck_imagepaths /usr/bin/filetServicec BsIeZdZeeeeeeeeeeed ZdZedZedZ edZ dZ edZ edZ eeed Zed Zed Zd Zd ZeeedZdZdZeeedZdZdZeedZedZdZdZdZdZdZ dZ!dZ"edZ#edZ$dZ%d Z&ed!Z'ed"Z(ed#Z)ed$Z*d%Z+d&Z,e-d'Z.e-d(Z/e-d)Z0e-d*Z1e-d+Z2e-d,Z3e-d-Z4e-d.Z5e-d/Z6e-d0Z7e-d1Z8e-d2Z9e-d3Z:e-d4Z;e-d5Z<e-d6Z=e-d7Z>e-d8Z?e-d9Z@e-d:ZAe-d;ZBe-d<ZCe-d=ZDe-d>ZEe-d?ZFe-d@ZGdAZHdBZIe-dCZJe-dDZKe-dEZLe-dFZMe-dGZNdHZOeedIZPedJZQdKZRdLZSdMZTdNZUe-dOZVe-dPZWedQZXedRZYRS(SsMA service defines what Automated Installer image, manifests and profiles are to be served out. It also defines what clients are to be served by this image. The following event types are possible for a Service: - ObjectChangedEvent - CreatedEvent - DeletedEvent - ClientStatusEvent - LoggingEvent c  Cs||_||_||_||_||_||_||_||_| |_d|_ d|_ t |_ d|_d|_d|_d|_||_d|_d|_|dk r1|j|tjd|rttjtd|n|j|r1|dkr1ttjtdq1ntj|_ |j!dk rt"j#|j!kr|j!t"j#t"j$krtj%|_ qtj&|_ qn|dk r|t'krttjtd|nt'||_n|dk r|j(||j)n|dk rEt*|t+sEttjtdt,|qEn|dk rt-j.|r|dk rttjtdn|dk rttjtdqqt-j/|sttjtd|qn|dk rjt*|t0s"ttjtd t,|nyt1j2|j3|j4Wqjt1j5k rf} ttj| qjXn| dk r|j6| n|dkr!|jdks| r!|j7t8j9k} |jdk r|j:}nd}y:t;j<d |jd |jd |d | dt=\}}Wn{t>k r}| rbt?j@d|ttjtd|jqttjtdi|jd 6|d6nX|jdkr||_n|jdks|jAtBjCkrt'||_q!|j:|kr!ttjtdi|j:d 6|d 6q!n|dk r@tDjE||n|dk rt*|tFsttjtdt,|nyt1jG|jHWqt1j5k r} ttj| qXn|dkr|jItjkr|jJ|jKntLjMdt |_NtLjMdt |_OtLjMdt |_PtQ|_RtQ|_StQ|_TtQ|_UtQ|_VtQ|_Wd|_Xd|_Yd|_Z| dk rt[|| dt=|_Z|jZj\nt]t-|j^t_t`tatbtcgdS(sThis method initializes a new Service object with the parameters provided, some parameters are optional depending on the intention. Parameters: name: String Optional: This is the name to be given to the service. If omitted, then a name will be automatically generated. alias_of: Service Optional: If provided, then this service will be created as an alias of an existing service. arch: Architecture Optional: This specifies which architecture variant this service should be. If omitted, then the variant will default to the variant of the ISO (if provided), or the variant of the server system. ips_settings: IPSSettings Optional: The IPS Settings, if provided, are used as the pkg(5) repository that the AI service image should be populated from. This is combined with the source option which should be the name of the IPS package to use. Optionally, IPSSettings can have the key and cert for the publisher. If omitted, then the first publisher in the system's publisher preference list is used. source: String Optional: If specified, the source can be one of two things: - An FMRI reference to a pkg(5) package, this is combined with the value of the ips_settings parameter. - A file path to an AI ISO image - when using the remote API, this path needs to be valid on the AI server machine. If this option is not specified, then the source will default to the install-image/solaris-auto-install FMRI. dhcp_ip_range: DHCPAddressRange Optional: If provided, then an ISC DHCP server will be started on the AI server with the specified DHCP configuration. boot_args: Dictionary Optional: This only applies to X86 clients. If provided, then these arguments are used to set the boot arguments in the GRUB configuration files menu.lst and/or grub.cfg, as appropriate. boot_file_server: IPv4Address Used to provide the IP address of the boot server from which clients should request boot-files. This is only required if this IP address cannot be determined by other means. image_path: String Optional: Specifies the path at which to create the net image. If not specified, the default location, as specified in the server's default_image_path_basedir property - usually /export/auto_install/ - is used. defer_source_validation: Boolean Optional: if False, it will check the source or ips_settings provided by unpacking the ISO or checking the FMRI contents. This operation may take several seconds. Deferring source validation for a service without a name is not possible, as the source needs to be checked to extract the service name. default_manifest_content: String This is the complete content of an XML manifest file. It will be validated against the service it's being added to and set as the default manifest. Return Value None Errors / Exceptions AIServerError The following error types can be raised by this method: - InsufficientArguments Insufficient arguments are provided to be able to complete the method successfully. - InvalidValue This signifies that an invalid value was passed as a parameter. tfilter_by_namesService already exists: '%s's+Default services must be created as aliasessInvalid architecture: '%s'sInvalid IPS settings: '%s's5Architecture option is invalid for ISO-based servicess2Publisher option is invalid for ISO-based servicessInvalid source: '%s'sInvalid DHCP value: '%s'tsourcet ips_settingstarchtisot fail_on_errorsCould not get name from ISO: %ssInvalid ISO: '%s'sThe specified data source, %(source)s, for the service is not a path to an existing ISO image. Attempting to create the service from pkg(5) package, %(source)s, failed for the following reasons: %(error)sterrorsNArchitecture provided '%(arch)s' does not match the source image: '%(source)s's$Invalid boot file server value: '%s'tvalidtdefaultN(dt_namet _alias_oft_archt _ips_settingst_sourcet_dhcp_ip_ranget _boot_argst_boot_file_servert _image_pathtNonet_security_policyt _databasetFalset_custom_grubcfgt_grubcfgt_default_xml_manifest_contentt_manifest_cli_datafile_contentt_dtdlistt _disk_namet_Service__service_propst_Service__aiservicet validate_nameR)t get_servicesRRtDUPLICATE_ENTRYt_tis_default_service_namet INVALID_VALUER tPENDINGt_statust_service_propstconfigt PROP_STATUSt STATUS_ONtONtOFFR%t_validate_alias_oft_validate_service_supportt isinstancet IPSSettingststrR/tis_isotis_fmritDHCPAddressRangeR*tvalidate_ip_rangetip_starttip_counttDHCPServerErrort_image_path_usablet image_typeR tISOtarch_strR#tget_default_service_nametTruet ValueErrorR tdebugR3R tUNKNOWNRtvalidate_boot_argsRtvalidate_bootservertjointstatustvalidate_image_patht image_pathR!tCachet_clientst _profilest _manifestsRt_keyt_certt _ca_certst_deleted_certst_aest_sha1t_has_credentialst _is_securet_default_manifestRtvalidatetsupert__init__RRRRR(tselftnametalias_ofR3R2R1t dhcp_ip_ranget boot_argstboot_file_serverRvtdefer_source_validationtdefault_manifest_contentR6t iso_basedtsvc_nametsvc_archt value_err((s service.pyRGsU                                                  !                   cCs1t|j}d|dReRfR@R?RARtcontentR)tappend_to_queuet _servicestaddRmRxR7RyRz(tclsRtinstanceRt class_patht class_nameRttask((s service.pyt_create_on_disknsP           c Cst}|d|d          c CsZtt|ttfkr7ttjtdn|s|jrdttjtdn|j rttjtdqnt }t }||d<|j |d<|r|j |d|sm|r>|jd|d}|jr|jjrtj|j}n|r|dkrtj|}q;xg|jD]#}tj|j||j||r>x-|D]"}||jkr|j|=qqWq>n|dkr\tj|}nx|jD]}||j krqin|jri|jjri|jj d|dt dt rd}x||jjD]n}g} x/|jj|D]} | j d t | qWd j| } |r1|d | 7}qd | }qWd} xv|jD]k}g} x,|j|D]} | j d t | qiWd j| } | r| d | 7} qOd | } qOWttjtd i|j d 6|d6| d6qqiqiWdS(sParse Criteria on existing manifests comparing against new passed in Criteria ensuring a criteria collision does not occur. Parameters criteria: Criteria object - when appending/setting criteria List of criteria - when deleting criteria appending: Boolean True if criteria is being appended deleting: Boolean True if criteria is being deleted manifest_name: string Name of manifest we are setting criteria for Return Value Nothing Errors / Exceptions: Raises AIServerEror if Criteria is colliding s6Error: Cannot append and delete criteria concurrently.NR0it param_critt match_alltcollision_detectionRs%ss, s, %ssnError: Criteria collides with %(manifest)s. Existing Criteria: %(criteria1)s Requested Criteria: %(criteria2)sRt criteria1t criteria2(RRRSRQtcriteriaRBRtcopytdeepcopyRtmatchesRmtappendR`Rs( RRt appendingtdeletingt manifest_nametcompare_criteriaRtcritt crit_str1tval_listtvltval_strt crit_str2((s service.pytfind_colliding_manifestsl   $      cCs|jjst|j_|jtjkrNtjtd|j t Sx{|j j D]g}y2t |ddd|}|jj|j |Wq^tk r}tjdt|q^Xq^Wn|jjd|S(s6This method will fetch a list of system configuration profiles in this Service that match the value in filter_by_name. Parameters filter_by_name: String Optional: This string is the name of a system configuration profile to match. It is possible to match sub-strings using the '*' character, e.g. 'test*' will match all manifests that start with the characters 'test'. Omitting the parameter will return all system configuration profiles in this service. Return Value Profile[ ] Returns a list of system configuration profiles. Should there be no matches, an empty list will be returned. Errors / Exceptions None. sICannot load profiles from disk for service '%s'. Service not yet created.RRs+WARNING: Could not load profile from DB: %sRN(RyR7RmRtR RTR RRQRRRtget_profile_namesR RBRRRoR`R(RR0RtprofileR6((s service.pyt get_profiles<s    cCs'tt|jtj||d|S(s2This method adds a new client to this service, initializing with the specified values. Parameters See the Client constructor for more information on the parameters. Return Value Returns a tuple with: String Name of the newly created AI server engine task. Client: Reference to the new client. Errors / Exceptions AIServerError The following error types can be raised by this method: - DuplicateEntry This error/exception will be raised if the mac_address value matches any existing client on the AI server. - InvalidValue Some of the parameters passed are invalid. R(RRR]RR(Rt mac_addressR((s service.pyt create_clientks cCsttt|tsWyt|}WqWtjk rS}ttj|qWXn|jd}|j d|}|sttj t d|n|dj S(sYThis method will remove the client whose MAC address matches the supplied parameter. Parameters mac_address: String/MACAddress This is the MAC address to match, it should be an exact match or the method will fail. The format of the MAC address may be one of several variations: Hexadecimal, separated by colons, e.g.: "AA:BB:CC:DD:EE:FF" Client ID, with or without the '01' prefix, e.g. "01AABBCCDDEEFF" or "AABBCCDDEEFF" Return Value String Name of the newly created AI server engine task. Errors / Exceptions AIServerError The following error types can be raised by this method: - NoMatches This error/exception will be raised if the mac_address value provided doesn't match any existing client in the service. - InvalidValue This signifies that an invalid value was passed as a parameter. RRsUnknown client: '%s'i( RRR^R RRRRSRsRt NO_MATCHESRQR(RRterrRR((s service.pytdelete_client_by_addrs  cCsuttt|ts4ttjtdn|jd|j skttj td|j n|j S(s+This method will remove the client that matches the Client reference passed as a parameter. Parameters client: Client The client to match, if the client is not matched then the method will fail. Return Value String Name of the newly created AI server engine task. Errors / Exceptions AIServerError The following error types can be raised by this method: - NoMatches This error/exception will be raised if the Client reference provided doesn't match any existing client in the service. - InvalidValue This signifies that an invalid value was passed as a parameter. sArgument is not a clientRsUnknown client: '%s'( RRR^RRRRSRQRRRRR(RR((s service.pyt delete_clients    c Cs@tt|j|j|tj||d|d|d|S(sqThis method adds a new manifest to this service, initializing with the specified values. Parameters See the Manifest interface for more information on how the parameters are interpreted. Return Value Returns a tuple with: String Name of the newly created AI server engine task. Manifest A new Manifest reference, populated with the data provided, which has been added to the Service. Errors / Exceptions AIServerError The following error types can be raised by this method: - ParsingError This error/exception will be raised should the provided manifest content fail to validate against the DTDs in the service. RRR8(RRR]RRR(RRRRR8((s service.pytcreate_manifests   cCs|tt|jd|}|sAttjtd|nt|dkrnttjtdn|dj S(s}This will remove the manifest identified by the name provided. Parameters name: String This is the name of the manifest to match, it should be an exact match, wildcards are not permitted. Return Value String Name of the newly created AI server engine task. Errors / Exceptions AIServerError The following error types can be raised by this method: - NoMatches This error/exception will be raised should there be no matches against the name parameter. R0sUnknown manifest: '%s'is"More than one manifest was matchedi( RRRRRRRQtlenRSR(RRt manifests((s service.pytdelete_manifest_by_names   cCsuttt|ts4ttjtdn|jd|j skttj td|j n|j S(sThis method removes the manifest specified from the service. Parameters manifest: Manifest The Manifest reference of the manifest to be removed from the service. Return Value String Name of the newly created AI server engine task. Errors / Exceptions AIServerError The following error types can be raised by this method: - NoMatches This error/exception will be raised should there be no matches against the manifest parameter. - InvalidValue This signifies that an invalid value was passed as a parameter. sArgument is not a manifestR0sUnknown manifest: '%s'( RRR^RRRRSRQRRRR(RR((s service.pytdelete_manifests   c Cs3tt|jtj||d|d|d|S(saThis method adds a new system configuration profile to this service, initializing it with the specified values. Parameters See the Profile interface for more information on how the parameters are interpreted. Return Value Returns a tuple with: String Name of the newly created AI server engine task. Profile Returns a new Profile reference which has been populated with the parameters provided. Errors / Exceptions AIServerError The following error types can be raised by this method: - ParsingError This error/exception will be raised should the provided content fail to validate against the DTDs in the service. RRt environment(RRR]R R(RRRRR((s service.pytcreate_profile?s  cCs|tt|jd|}|sAttjtd|nt|dkrnttjtdn|dj S(sThis will remove the system configuration profile identified by the name provided. Parameters name: String This is the name of the system configuration profile to match, it should be an exact match, wildcards are not permitted. Return Value String Name of the newly created AI server engine task. Errors / Exceptions AIServerError The following error types can be raised by this method: - NoMatches This error/exception will be raised should there be no matches against the name parameter. - InvalidValue More than one profile was matched with the name argument R0sUnknown profile: '%s'is!More than one profile was matchedi( RRRRRRRQRRSR(RRtprofiles((s service.pytdelete_profile_by_name^s   cCsuttt|ts4ttjtdn|jd|j skttj td|j n|j S(sThis method removes the system configuration profile specified from the service. Parameters profile: Profile The Profile reference of the system configuration profile to be removed from the service. Return Value String Name of the newly created AI server engine task. Errors / Exceptions AIServerError The following error types can be raised by this method: - NoMatches This error/exception will be raised should there be no matches against the profile parameter. - InvalidValue This signifies that an invalid value was passed as a parameter. sArgument is not a profileR0sUnknown profile: '%s'( RRR^R RRRSRQRRRR(RR((s service.pytdelete_profiles   c Cstt|j|dk rLtj| rLttjt d|n|dk rt |t  rttjt d|n|j sttjt d|j n|jtjkrttjt dn|dk rdtjt dy.tjd|d|dtd t\}}Wqdtk r`}ttjt d |qdXnt}t}||d <|j |d <||d<||dttjtdnt }t }||d<|j |dttjt dnt }t }||d<|j |d|jdkr>tjS|jdk rptj |jrftj StjSny$|j j j rtjStj SWnXtjjjk r}ttjtdit|jd6t|jd6nXdS(sReturns the image types,IPS version skew (%(expver)s vs %(specver)s)tspecvertexpverN(R<RBR tPKGRtR RTR=R/RaRjRR#t is_pkg_basedR5Rt api_errorstVersionExceptionRRRSRQR`treceived_versiontexpected_version(RR((s service.pyRis"!    cCs*|jtjkrtdStdSdS(s#Return a string with the image typeRBRjN(RiR RBRQ(R((s service.pytimage_type_strs cCsn|jdkrg|jdk r(|jjS|jdkrCd|_qgtjjtj |j |_n|jS(sCThis is a read-only reference to the service's image path. t-N( RARBR:RvR9R R!RsR)tdefault_imagepath_basedirR(R((s service.pyRvs   cCs|jtjks$|jtjkr(dSt}|jj j j }xZ|D]R}t}x'|j j D]}|jt|qiW|jt||gqMW|S(sHThis is a read-only reference to the publisher for the service. N(RiR RBRtR RTRBRRR#t pkg_imagetget_publisherst repositorytoriginsRR`(Rtrtn_pubt publisherstpubturistorigin((s service.pyR6s   cCsW|jtjkrPy-|jjdk r>|jjj r>tjSWqPtjSXn|jS(s=This is a read-only reference to the service status. N( RUR RTRR#RBt is_supportedR=R[(R((s service.pyRts  cCs|jdk r|jSdS(shThis is a read-only reference to the Service this is an alias of, or possibly None. N(R:RB(R((s service.pyRscCs|jdk r|jjSdS(sThis is a read-only reference to the service name this is an alias of, or possibly and empty string if not an alias. RN(R:RBR(R((s service.pyRs cCsFg}x9tjD](}|j|jkr|j|qqW|S(s:Return a list of services that are aliased to this service(R)RORRR(Rt aliased_byR((s service.pyRU%s cCsx|jdkrq|jdk rqtj|jkrn|jtj}|jd|}|rk|d|_qkqnqqn|jS(sThis is a read reference to the default manifest for the service. A new default can be selected with update_default_manifest. This is the manifest that is used if there are no other manifests with criteria that match. R0iN(RRBRVRWRR(Rt default_nameR((s service.pytdefault_manifest.scCs!|jdk r|jjSdSdS(sName of the default manifest for the service. This is the manifest that is used if there are no other manifests with criteria that match. RN(RWRBR(R((s service.pytdefault_manifest_strBs cCs|jr dS|jS(sThis is a read-only reference to the service boot arguments. Returns a dictionary with the service's default boot_args. R(RR?(R((s service.pyRNs cCs1|jr tS|jdk r)|jr)tStSdS(sfReturn true if the client has custom boot_args, false if it uses the service default boot_argsN(RRER?RBRm(R((s service.pyRYs  cCs|j r|jtjkr|jtjkrPttj t d|j ny1t |j jd}|j|_WdQXWqtk r}ttjt d|qXn|jS(s9Return the contents of the grub.cfg menu for this services\Cannot get grub.cfg menu for service '%s' because it is pending creation and not on disk yettrNs$Could not read the grub.cfg file: %s(RGR3R RRtR RTRRR'RQRtopenRt bootsourcetreadtIOErrorR(Rt grubcfg_fileR((s service.pytgrubcfggs    cCs|jS(sReturn True if the grub.cfg menu for this service has been set to a custom one, in which case it is not possible to update the boot_args. (RF(R((s service.pyR|scCsDtt|jdkr=tj}|j|j|_n|jS(s[Boolean defining whether this service has any security credentials or not. N(RRRRBR)R$tservice_has_credentialsR(Rtsecobj((s service.pythas_credentialss   cCstt|js.ttjtdn|jdkrt j }|j |j }|t j krzt j |}n tj}||_n|jS(sThe security policy defines how this service should operate with respect to client authentication. Valid values for this are defined in the enumeration SERVICE_SECURITY_POLICIES, with the following meanings: - OPTIONAL Security can be switched on or off, optional - DISABLE This completely disables any requirement for authentication by clients. - REQUIRE_CLIENT_AUTH This value indicates that all clients must authenticate for installation. - REQUIRE_SERVER_AUTH This value indicates that authenticate must be done by the server. - ENCR_ONLY ? Return the currently set policy setting for service. s'Service image does not support securityN(RRtimage_supports_securityRRRSRQRCRBtsect AISecuritytget_svc_policyRtSEC_POLICY_ENUM_MAPRtOPTIONAL(RRatsvc_sect sec_policy((s service.pytsecurity_policys      cCstj|jS(sBReturn the string version of the current security policy. As security policy is implemented as strings at the moment in internal/security.py, just return the policy directly. If this is changed to use ENUMS's then will need to match these enums to the relevant string. (RdtSEC_POLICY_STR_MAPRk(R((s service.pytsecurity_policy_strscCstt|jtjkr tStj|j\}}|sBt S|t j }y#t j |}|jtjkSWnt SXt S(swBoolean defining whether the image for this service is of a recent enough version to support security. (RRRtR RTRmRdtget_dealiased_service_propsRRERWRR#tInstalladmImagetversiontIMAGE_VERSION_SUPPORTS_SECURITY(Rt _base_svctpropsRvtimageobj((s service.pyRcs  cCs@|jdkr9tj|j}tj|j|_n|jS(s4Return the criteria database object for this serviceN(RDRBtAIsvct AIServiceRtAIdbtDBt database_path(RR((s service.pytdatabasescCs|jsy|jj|_Wn@tk ra}|jtjkrbttjt dqbnX|jsttj t dqn|jS(sDReturn the XML content of the image's default.xml manifest. s,Insufficient permission to perform operations(Could not read default.xml manifest file( RHRtget_image_default_manifestR]terrnotEACCESRRtINSUFFICIENT_AUTHORIZATIONRQR(RR6((s service.pytdefault_xml_manifest_contents    cCs|jsy|jj|_Wn@tk ra}|jtjkrbttjt dqbnX|jsttj t dqn|jS(s"Obtain the contents of the service image manifest cli data file. Parameters None Return Value string containing content of mappings file Errors / Exceptions AIServerError if insufficient permissions or unable to read file s,Insufficient permission to perform operations+Could not read manifest editor cli datafile( RIRtget_manifest_cli_datafileR]R|R}RRR~RQR(RR6((s service.pytmanifest_cli_datafile_contents    cCs|jsy|jj|_Wn@tk ra}|jtjkrbttjt dqbnX|jsttj t dqn|jS(s&Obtain the list of DTD filenames and content for the AI DTD Parameters None Return Value list of tuples [(dtdname, dtdcontent)...for each dtd file] Errors / Exceptions AIServerError if insufficient permissions or no dtd files s,Insufficient permission to perform operationsNo AI DTD files for service( RJRtget_dtd_names_and_contentR]R|R}RRR~RQR(RR6((s service.pytdtd_names_and_content s    cCsd|jg}|jdk r6|jd|jn|jdk r\|jd|jn|jdk r|jd|jn|jdk r|jd|jn|j dk r|jd|j n|j dk r|jd|j n|j dk r|jd|j n|j dk r@|jd |j n|j dk rf|jd |j n|jdk r|jd |jn|jd |jd j|S(s&Pretty print information for debug uses Service: %ss alias_of = %ss arch = %ss image_path = %ss ips_settings = %ss source = %ss dhcp_ip_range = %ss boot_args = %ss boot_file_server = %ss security_policy = %ss custom_grub = %ss default_manifest = %ss N(R9R:RBRRR;RkRAR<R=R>R?R@RCRFRXRs(Rtstr_list((s service.pyt__str__( s.c Cstt|j|tjkrBttjtd|nt }t }||d<|j |dAssigns CA certificates for the Service. Parameters ca_cert_contents A list of strings containing contents of user-specified files. Return Value String The task name that will be executed by this checkpoint. Errors / Exceptions AIServerError The following error types can be raised by this method: - DuplicateEntry The cert has already been removed or it's scheduled to be removed in the current queue. RRRs/solaris_install/ai/server/internal/set_securityRsupdate-service-ca-certificateRRR(RRR]RRRRdRRRRR)RR}( RRRRRRRRRR((s service.pytupdate_ca_cert{ s&          c Cstt|jtk rG||jkrGttjtd|nt}t }||d<|j |d<||dtjj|jr>|jStjd}zytjdd|j dddt \}}tj ||j}tj ||t |jkrttjtdnWn/tk r}ttjtd|nXWd tj|X|S( sCreates a temporal file to store the contents of the cert and returns the path to the new file. Parameters None Return Value String Path to the newly created temporal file. If the file already exists from a previous call, it will not create a new file, but just returns the path to the original one. None If cert attribute is None or empty. Errors / Exceptions AIServerError The following error types can be raised by this method: - RuntimeError Unable to write/create the temporal cert file i?Rs%s_tsuffixs.crttdirs!Certificate contents write faileds%Certificate contents write failed: %sN(RRBRR R!R$tumaskttempfiletmkstempRRtwritetcloseRRRRRQt Exception(Rt orig_umasktfdescR!t write_lenR((s service.pytcreate_cert_file* s*$    cCsE|jdkrtS|j}z|j|Wdtj|XtS(sBValidate that the contents of the cert are valid. Parameters None Return Value Boolean True if the contents of the cert are valid, False otherwise. Errors / Exceptions AIServerError The following error types can be raised by create_cert_file() or validate_cert_file(): - InvalidValue The contents of the cert are invalid - RuntimeError Could not copy cert contents to internal temporal file N(RRBRERtvalidate_cert_fileR tremoveRm(Rt cert_file((s service.pyRX s cCsidt|f}y)tj|jdtjdtjWn)tk rdttjt dnXt S(sValidate a cert file using openssl. Parameters String Path to a cert file Return Value Boolean True if the contents of the cert are valid. Errors / Exceptions AIServerError The following error types can be raised by this method: - InvalidValue The contents of the cert are invalid s%s x509 -noout -text -in %sR+R,sInvalid certificate file( R,RR.RR/RRRRSRQRm(RR!tcmd_str((s service.pyRx s  cCs|jd krd S|jd k r>tjj|jr>|jStjd}zytjdd|j dddt \}}tj ||j}tj ||t |jkrttjtdnWn/tk r}ttjtd|nXWd tj|X|S( sCreates a temporal file to store the contents of the key and returns the path to the new file. Parameters None Return Value String Path to the newly created temporal file. If the file already exists from a previous call, it will not create a new file, but just return the path to the original one. None If the key attribute is None or empty. Errors / Exceptions AIServerError The following error types can be raised by this method: - RuntimeError Unable to write/create the temporal key file i?Rs%s_Rs.keyRsKey contents write failedsKey contents write failed: %sN(RRBRR R!R$RRRRRRRRRRRRQR(RRRR!RR((s service.pytcreate_key_file s($   cCsE|jdkrtS|j}z|j|Wdtj|XtS(s+Validate that the contents of the key are valid. Parameters None Return Value Boolean True if the contents of the key are valid. Errors / Exceptions AIServerError The following error types can be raised by create_key_file() or validate_key_file(): - InvalidValue The contents of the key are invalid - RuntimeError Could not copy key contents to internal temporal file N(RRBRERtvalidate_key_fileR RRm(Rtkey_file((s service.pyR s cCsidt|f}y)tj|jdtjdtjWn)tk rdttjt dnXt S(sValidate a key file using openssl Parameters path: String Path to a key file Return Value Boolean True if the contents of the key are valid. Errors / Exceptions AIServerError The following error types can be raised by this method: - InvalidValue The contents of the key are invalid s%s rsa -check -noout -in %sR+R,sInvalid X.509 key file( R,RR.RR/RRRRSRQRm(RR!R((s service.pyR s  cCs|j|jgS(scReturns the IPS info in a list, which is what is passed as the publisher to the IPS API.(RRS(R((s service.pytto_list scCsd|j|jfS(s1Returns the publisher in the format prefix=origins%s=%s(RRS(R((s service.pyR sN(RRRRBRRRRRRRRRR(((s service.pyR_ s? .  -  (GRRR|R tpkg.client.api_errorsR5tpkg.client.publisherRR(toperatorRtsolaris_installRRRtsolaris_install.ai.serverRRRRRR R R R R RRRRRRRRRRRRRRRRRRt"solaris_install.ai.server.internalR R!R"RWR#R$RdR%R&R'RwR(RuR)R*R+t+solaris_install.ai.server.internal.securityR,t,solaris_install.ai.server.internal.utilitiesR-R.R-R/tobjectRcR_(((s service.pyts8       RvC