summaryrefslogtreecommitdiff
path: root/cloudinit/url_helper.py
AgeCommit message (Collapse)Author
2020-03-03ec2: only redact token request headers in logs, avoid altering request (#230)Chad Smith
Our header redact logic was redacting both logged request headers and the actual source request. This results in DataSourceEc2 sending the invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which gets an HTTP status response of 400. Cloud-init retries this failed token request for 2 minutes before falling back to IMDSv1. LP: #1865882
2020-02-19ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)Ryan Harper
Instead of logging the token values used log the headers and replace the actual values with the string 'REDACTED'. This allows users to examine cloud-init.log and see that the IMDSv2 token header is being used but avoids leaving the value used in the log file itself. LP: #1863943
2020-01-21Start removing dependency on six (#178)Daniel Watkins
* url_helper: drop six * url_helper: sort imports * log: drop six * log: sort imports * handlers/__init__: drop six * handlers/__init__: sort imports * user_data: drop six * user_data: sort imports * sources/__init__: drop six * sources/__init__: sort imports * DataSourceOVF: drop six * DataSourceOVF: sort imports * sources/helpers/openstack: drop six * sources/helpers/openstack: sort imports * mergers/m_str: drop six This also allowed simplification of the logic, as we will never encounter a non-string text type. * type_utils: drop six * mergers/m_dict: drop six * mergers/m_list: drop six * cmd/query: drop six * mergers/__init__: drop six * net/cmdline: drop six * reporting/handlers: drop six * reporting/handlers: sort imports
2019-12-02url_helper: read_file_or_url should pass headers param into readurl (#66)Chad Smith
Headers param was accidentally omitted and no longer passed through to readurl due to a previous commit. To avoid this omission of params in the future, drop positional param definitions from read_file_or_url and pass all kwargs through to readurl when we are not operating on a file. In util:read_seeded, correct the case where invalid positional param file_retries was being passed into read_file_or_url. Also drop duplicated file:// prefix addition from read_seeded because read_file_or_url does that work anyway. LP: #1854084
2019-11-22ec2: Add support for AWS IMDS v2 (session-oriented) (#55)Ryan Harper
* ec2: Add support for AWS IMDS v2 (session-oriented) AWS now supports a new version of fetching Instance Metadata[1]. Update cloud-init's ec2 utility functions and update ec2 derived datasources accordingly. For DataSourceEc2 (versus ec2-look-alikes) cloud-init will issue the PUT request to obtain an API token for the maximum lifetime and then all subsequent interactions with the IMDS will include the token in the header. If the API token endpoint is unreachable on Ec2 platform, log a warning and fallback to using IMDS v1 and which does not use session tokens when communicating with the Instance metadata service. We handle read errors, typically seen if the IMDS is beyond one etwork hop (IMDSv2 responses have a ttl=1), by setting the api token to a disabled value and then using IMDSv1 paths. To support token-based headers, ec2_utils functions were updated to support custom headers_cb and exception_cb callback functions so Ec2 could store, or refresh API tokens in the event of token becoming stale. [1] https://docs.aws.amazon.com/AWSEC2/latest/ \ UserGuide/ec2-instance-metadata.html \ #instance-metadata-v2-how-it-works
2019-10-16Small typo fixes in code comments.Dominic Schlegel
2019-08-09Add support for publishing host keys to GCE guest attributesRick Wright
This adds an empty publish_host_keys() method to the default datasource that is called by cc_ssh.py. This feature can be controlled by the 'ssh_publish_hostkeys' config option. It is enabled by default but can be disabled by setting 'enabled' to false. Also, a blacklist of key types is supported. In addition, this change implements ssh_publish_hostkeys() for the GCE datasource, attempting to write the hostkeys to the instance's guest attributes. Using these hostkeys for ssh connections is currently supported by the alpha version of Google's 'gcloud' command-line tool. (On Google Compute Engine, this feature will be enabled by setting the 'enable-guest-attributes' metadata key to 'true' for the project/instance that you would like to use this feature for. When connecting to the instance for the first time using 'gcloud compute ssh' the hostkeys will be read from the guest attributes for the instance and written to the user's local known_hosts file for Google Compute Engine instances.)
2019-01-30Resolve flake8 comparison and pycodestyle over-ident issuesParide Legovini
Fixes: - flake8: use ==/!= to compare str, bytes, and int literals - pycodestyle: E117 over-indented
2018-11-13azure: retry imds polling on requests.TimeoutChad Smith
There is an infrequent race when the booting instance can hit the IMDS service before it is fully available. This results in a requests.ConnectTimeout being raised. Azure's retry_callback logic now retries on either 404s or Timeouts. LP:1800223
2018-10-31azure: report ready to fabric after reprovision and reduce loggingasakkurr
When reusing a preprovisioned VM, report ready to Azure fabric as soon as we get the reprovision data and the goal state so that we are not delayed by the cloud-init stage switch, saving 2-3 seconds. Also reduce logging when polling IMDS for reprovision data. LP: #1799594
2018-05-17read_file_or_url: move to url_helper, fix bug in its FileResponse.Scott Moser
The result of a read_file_or_url on a file and on a url would differ in behavior. str(UrlResponse) would return UrlResponse.contents.decode('utf-8') while str(FileResponse) would return str(FileResponse.contents) The difference being "b'foo'" versus "foo". As part of the general goal of cleaning util, move read_file_or_url into url_helper.
2018-04-19pylint: pay attention to unused variable warnings.Scott Moser
This enables warnings produced by pylint for unused variables (W0612), and fixes the existing errors.
2018-03-23Reduce AzurePreprovisioning HTTP timeouts.Douglas Jordan
Reducing timeout to 1 second as IMDS responds within a handful of milliseconds. Also get rid of max_retries to prevent exiting out of polling loop early due to IMDS outage / upgrade. Reduce Azure PreProvisioning HTTP timeouts during polling to avoid waiting an extra minute. LP: #1752977
2018-03-23Revert the logic of exception_cb in read_url.Kurt Garloff
In commit e9e8616, there was an inversion of the logic of the exception_cb return value meaning, breaking the (network) OpenStack DataSource, which implemented exception_cb as should_retry_cb, returning True when a retry should be done and False when the retry loop should be broken and the exception reraised again immediately. The OpenStack DS was the only user of this callback at the time and not touched by the commit (nor did the commit message mention an intended change), so this almost certainly happened by mistake. These days, we have a second user of the callback in DataSourceScaleway. It uses the new logic, so it needs change if we fix the meaning of the return value. This patch reverts the meaning of url_helper.read_url() execption_cb to the old semantics. It updates the comment and adjusts the Scaleway datasource. The patch has been tested on Open Telekom Cloud (which uses the OpenStack network Datasource) where previously a missing user_data and network_data.json would be retried 6 times each despite them not being present (they are optional!) and the server repsonding with a correct 404. After the patch, boot times are 10s faster, as we no longer pointlessly retry these files. LP: #1702160 LP: #1298921
2018-03-02Simplify some comparisions.Rémy Léone
Just replace a couple things like: if b > a and b < c: with: if a < b < c:
2018-01-24Azure VM Preprovisioning support.Douglas Jordan
This change will enable azure vms to report provisioning has completed twice, first to tell the fabric it has completed then a second time to enable customer settings. The datasource for the second provisioning is the Instance Metadata Service (IMDS),and the VM will poll indefinitely for the new ovf-env.xml from IMDS. This branch introduces EphemeralDHCPv4 which encapsulates common logic used by both DataSourceEc2 an DataSourceAzure for temporary DHCP interactions without side-effects. LP: #1734991
2017-08-30url_helper: dynamically import oauthlib import from inside oauth_headersChad Smith
oauth_headers is the only function which requires oauthlib, move the import and ImportError handling inside this function to only attempt loading at runtime if called. This will allow us to build on platforms that don't have python-oauthlib installed by default. Add simple unittests around the missing oauthlib dependencies to make sure the function performs as intended and raises and NotImplementedError if oauthlib can't be imported.
2017-08-29url_helper: fail gracefully if oauthlib is not availableLars Kellogg-Stedman
We are unable to ship python-oauthlib in RHEL. This commit allows imports of url_helper to succeed even when oauthlib is unavailable and OauthUrlHelper.oauth_headers to raise a NotImplementedException when called. LP: #1713760
2017-07-17Scaleway: add datasource with user and vendor data for Scaleway.Julien Castets
Here we add and enable by default a datasource for Scaleway cloud. The datasource quickly exits unless one of three things: a.) 'Scaleway' found as the system vendor b.) 'scaleway' found on the kernel command line. c.) the directory /var/run/scaleway exists (this is currently created by the scaleway initramfs module). One interesting bit of this particular datasource is that it requires the source port of the http request to be < 1024.
2017-04-21pylint: fix all logging warningsJoshua Powers
This will change all instances of LOG.warn to LOG.warning as warn is now a deprecated method. It will also make sure any logging uses lazy logging by passing string format arguments as function parameters.
2017-03-24test: add running of pylintJoshua Powers
Now tox will run pylint. The .pylintrc file sets pylint to only produce errors, and will ignore certain classes that are known problematic (six).
2016-12-22LICENSE: Allow dual licensing GPL-3 or Apache 2.0Jon Grimm
This has been a recurring ask and we had initially just made the change to the cloud-init 2.0 codebase. As the current thinking is we'll just continue to enhance the current codebase, its desirable to relicense to match what we'd intended as part of the 2.0 plan here. - put a brief description of license in LICENSE file - put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0 - simplify the per-file header to reference LICENSE - tox: ignore H102 (Apache License Header check) Add license header to files that ship. Reformat headers, make sure everything has vi: at end of file. Non-shipping files do not need the copyright header, but at the moment tests/ have it.
2016-05-12Fix up a ton of flake8 issuesJoshua Harlow
2016-03-03Update pep8 runner and fix pep8 issuesRyan Harper
2015-09-29MAAS: fix issues with url_helper and oauth moduleScott Moser
This would cause problems in the event that we actually had a bad clock. We add a retry in the main (for test) also, to ensure that the oauth timestamp fix gets in place. LP: #1499869
2015-08-31readurl: if headers are provided still provide base headersScott Moser
we want cloud-init user agent to be present even if the user provided some headers. In the event that they provided User-Agent, this will respect their wishes.
2015-08-25MAAS: fixes to data source and OauthUrlHelperScott Moser
the previous version was broken. The vital fixes here are: * adding parsedate and oauth1 imports to url_helper * fix skew_data usage intending to use self.skew_data Additionally: * reorder imports in url_helper * fixes to python3 -m cloudinit.sources.DataSourceMaas LP: #1488507
2015-08-07fix syntaxScott Moser
2015-08-07improvements on skewScott Moser
2015-08-07seems functional in testScott Moser
2015-08-06tests passScott Moser
2015-03-02url_helper.py: fix undefined variableScott Moser
python2 scoping is different and running wait_for_url in python3 results in a use of undeclared variable 'e'. $ python3 -c 'from cloudinit import url_helper; \ url_helper.wait_for_url("o", max_wait=3,timeout=1, exception_cb=print)' Traceback (most recent call last): File "<string>", line 1, in <module> File "cloudinit/url_helper.py", line 358, in wait_for_url exception_cb(msg=status_msg, exception=e)
2015-02-25move towards user-data being binaryScott Moser
UrlResponse: biggest change... make readurl return bytes, making user know what to do with it. util: add load_tfile_or_url for loading text file or url as read_file_or_url now returns bytes ec2_utils: all meta-data is text, remove non-obvious string translations DigitalOcean: adjust for ec2_utils DataSourceGCE, DataSourceMAAS: user-data is binary other fields are text. openstack.py: read paths without decoding to text. This is ok as paths other than user-data are json, and load_json will handle load_file still returns text, and that is what most things use.
2015-01-21Largely merge lp:~harlowja/cloud-init/py2-3 albeit manually because it seemedBarry Warsaw
to be behind trunk. `tox -e py27` passes full test suite. Now to work on replacing mocker.
2014-08-26further remove evidence of pylint.Scott Moser
This just removes comments '# pylint:' things and other code remnents of pylint.
2014-08-26fix(pep8): Fix various pep8 violations and version-lock pep8Jay Faulkner
Fixed all complaints from running "make pep8". Also version locked pep8 in test-requirements.txt to ensure that pep8 requirements don't change without an explicit commit.
2014-02-13wait less for the metadata service (by default)Scott Moser
Waiting around for a metadata service in a given datasource means that if its not there all the subsequent datasources have to wait, and boot is slowed down. As it is right now, EC2 is the only one that has the right to wait. In the past, we had to wait around for the EC2 metadata service. I really do not want to extend that courtesy to other cloud platforms. A network based metadata service should be up as soon as networking is up.
2014-02-08Spacing and comment cleanupJoshua Harlow
2014-02-08Update requests ssl not supported messageJoshua Harlow
2014-02-08Remove HEAD usage and other small adjustmentsJoshua Harlow
2014-02-07Remerged with trunkJoshua Harlow
2014-02-01Add a openstack specific datasourceJoshua Harlow
Openstack has a unique derivative datasource that is gaining usage. Previously the config drive datasource provided part of this functionality as well as the ec2 datasource, but since new functionality is being added to openstack is seems benefical to combine the used parts into one datasource just made for handling openstack deployments. This patch factors out the common logic shared between the config drive and the openstack metadata datasource and places that in a shared helper file and then creates a new openstack datasource that readers from the openstack metadata service and refactors the config drive datasource to use this common logic.
2014-01-24read_file_or_url: raise UrlError with 404 on ENOENTScott Moser
This makes it easier to call read_file_or_url and handle file or url errors. Now read_file_or_url will raise a UrlError in either case on errors.
2014-01-23Use the right exceptionJoshua Harlow
2014-01-23Skip retry and continued fetch of userdata when NOT_FOUNDJoshua Harlow
When a 404 http code comes back from the fetching of ec2 data, instead of retrying immediatly stop the fetching process and in the userdata fetching function handle this case as a special case of no userdata being fetched (an empty string in this case).
2013-05-03Fix a feature that doesn't yet exist on python 2.6Joshua Harlow
2013-04-25re-work maas datasource and headers call backsScott Moser
Couple of things here: * do not re-try on user-data (404 means 'not here') * re-generate headers on retry requests LP: #1172742
2013-03-19set 'allow_redirects' to True by defaultScott Moser
the previous implementation of url_helper.readurl() would default to allow_redirects being true. So, for backwards compat, we should keep that behavior.
2013-03-19do not bother retrying on ssl errorsScott Moser
if the error is an ssl error, its extremely unlikely that it would be fixed by waiting a few seconds and trying again.
2013-03-19appease pylint and pep8Scott Moser
* cloudinit/distros/parsers/resolv_conf.py added some pylint overrides with 'plXXXXX' syntax. example: # pl51222 pylint: disable=E0102 The pl51222 there means: http://www.logilab.org/ticket/51222 This specific issue is present in 12.04 pylint, but not 13.04. * pylint doesn't like the requests special handling we have. which makes sense as it is only checking versus one specific version. * general pep8 and pylint cleanups.