-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Expand file tree
/
Copy pathconnectivity_utils.py
More file actions
403 lines (331 loc) · 18.3 KB
/
connectivity_utils.py
File metadata and controls
403 lines (331 loc) · 18.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------
import time
import os
import json
import base64
import oras.client
import tarfile
from glob import glob
import colorama
from azure.cli.core.style import Style, print_styled_text
from azure.core.exceptions import ResourceNotFoundError, HttpResponseError
from azure.cli.core import telemetry
from azure.cli.core import azclierror
from azure.mgmt.core.tools import resource_id, parse_resource_id
from azure.cli.core.commands.client_factory import get_subscription_id
from knack import log
from knack.prompting import prompt_y_n
from . import file_utils
from . import constants as consts
logger = log.get_logger(__name__)
# Get the Access Details to connect to Arc Connectivity platform from the HybridConnectivity RP
def get_relay_information(cmd, resource_group, vm_name, resource_type,
certificate_validity_in_seconds, port, yes_without_prompt):
if not certificate_validity_in_seconds or \
certificate_validity_in_seconds > consts.RELAY_INFO_MAXIMUM_DURATION_IN_SECONDS:
certificate_validity_in_seconds = consts.RELAY_INFO_MAXIMUM_DURATION_IN_SECONDS
namespace = resource_type.split('/', 1)[0]
arc_type = resource_type.split('/', 1)[1]
resource_uri = resource_id(subscription=get_subscription_id(cmd.cli_ctx), resource_group=resource_group,
namespace=namespace, type=arc_type, name=vm_name)
cred = None
new_service_config = False
try:
cred = _list_credentials(cmd, resource_uri, certificate_validity_in_seconds)
except ResourceNotFoundError:
_create_default_endpoint(cmd, resource_uri)
except HttpResponseError as e:
if e.reason != "Precondition Failed":
raise azclierror.UnclassifiedUserFault(f"Unable to retrieve relay information. Failed with error: {str(e)}")
except Exception as e:
raise azclierror.UnclassifiedUserFault(f"Unable to retrieve relay information. Failed with error: {str(e)}")
if not cred:
_create_service_configuration(cmd, resource_uri, port, yes_without_prompt)
new_service_config = True
try:
cred = _list_credentials(cmd, resource_uri, certificate_validity_in_seconds)
except Exception as e:
raise azclierror.UnclassifiedUserFault(f"Unable to get relay information. Failed with error: {str(e)}")
_handle_relay_connection_delay(cmd, "Setting up service configuration")
else:
if not _check_service_configuration(cmd, resource_uri, port):
_create_service_configuration(cmd, resource_uri, port, yes_without_prompt)
new_service_config = True
try:
cred = _list_credentials(cmd, resource_uri, certificate_validity_in_seconds)
except Exception as e:
raise azclierror.UnclassifiedUserFault(f"Unable to get relay information. Failed with error: {str(e)}")
_handle_relay_connection_delay(cmd, "Setting up service configuration")
return (cred, new_service_config)
def _check_service_configuration(cmd, resource_uri, port):
from .aaz.latest.hybrid_connectivity.endpoint.service_configuration import Show as ShowServiceConfig
show_service_config_args = {
'endpoint_name': 'default',
'resource_uri': resource_uri,
'service_configuration_name': 'SSH'
}
serviceConfig = None
# pylint: disable=broad-except
try:
serviceConfig = ShowServiceConfig(cli_ctx=cmd.cli_ctx)(command_args=show_service_config_args)
except Exception:
# If for some reason the request for Service Configuration fails,
# we will still attempt to get relay information and connect. If the service configuration
# is not setup correctly, the connection will fail.
# The more likely scenario is that the request failed with a "Authorization Error",
# in case the user isn't an owner/contributor.
return True
if port:
return serviceConfig['port'] == int(port)
if serviceConfig['port'] != 22:
logger.warning("The Service Configuration endpoint is set to a non-default port. "
"To either update the Service Configuration or connect using the non-default port, "
"please use the -Port parameter")
return True
def _create_default_endpoint(cmd, resource_uri):
from .aaz.latest.hybrid_connectivity.endpoint import Create as CreateHybridConnectivityEndpoint
vm_name = parse_resource_id(resource_uri)["name"]
resource_group = parse_resource_id(resource_uri)["resource_group"]
create_endpoint_args = {
'endpoint_name': 'default',
'resource_uri': resource_uri,
'type': 'default'
}
try:
endpoint = CreateHybridConnectivityEndpoint(cli_ctx=cmd.cli_ctx)(command_args=create_endpoint_args)
except HttpResponseError as e:
colorama.init()
if e.reason == "Forbidden":
raise azclierror.UnauthorizedError(f"Client is not authorized to create a default connectivity "
f"endpoint for \'{vm_name}\' in Resource Group \'{resource_group}\'. "
f"This is a one-time operation that must be performed by "
f"an account with Owner or Contributor role to allow "
f"connections to the target resource.")
raise azclierror.UnclassifiedUserFault(f"Failed to create default endpoint for the target Arc Server. "
f"\nError: {str(e)}")
except Exception as e:
colorama.init()
raise azclierror.UnclassifiedUserFault(f"Failed to create default endpoint for the target Arc Server. "
f"\nError: {str(e)}")
return endpoint
def _create_service_configuration(cmd, resource_uri, port, yes_without_prompt):
from .aaz.latest.hybrid_connectivity.endpoint.service_configuration import Create as CreateServiceConfig
prompt = (f"The port {port} that you are trying to connect to is not allowed "
f"for SSH connections for this resource. Would you like to update "
f"the current Service Configuration in the endpoint to allow connections to port {port}?")
if not port:
port = '22'
prompt = ("Port 22 is not allowed for SSH connections in this resource. Would you like to update "
"the current Service Configuration in the endpoint to allow connections to port 22? If you "
"would like to update the Service Configuration to allow connections to a different port, "
"please provide the -Port parameter or manually set up the Service Configuration.")
if not yes_without_prompt and not prompt_y_n(prompt):
raise azclierror.ClientRequestError(f"SSH connection is not enabled in the target port {port}.")
create_service_conf_args = {
'endpoint_name': 'default',
'resource_uri': resource_uri,
'service_configuration_name': 'SSH',
'port': int(port),
'service_name': 'SSH'
}
try:
serviceConfig = CreateServiceConfig(cli_ctx=cmd.cli_ctx)(command_args=create_service_conf_args)
except HttpResponseError as e:
colorama.init()
vm_name = parse_resource_id(resource_uri)["name"]
resource_group = parse_resource_id(resource_uri)["resource_group"]
if e.reason == "Forbidden":
raise azclierror.UnauthorizedError(f"Client is not authorized to create or update the Service "
f"Configuration endpoint for \'{vm_name}\' in the Resource "
f"Group \'{resource_group}\'. This is an operation that "
f"must be performed by an account with Owner or Contributor "
f"role to allow SSH connections to the specified port {port}.")
raise azclierror.UnclassifiedUserFault(f"Failed to create service configuration to allow SSH "
f"connections to port {port} on the endpoint for {vm_name} "
f"in the Resource Group {resource_group}\nError: {str(e)}")
except Exception as e:
raise azclierror.UnclassifiedUserFault(f"Failed to create service configuration to allow SSH connections "
f"to port {port} on the endpoint for {vm_name} in the Resource "
f"Group {resource_group}\nError: {str(e)}")
return serviceConfig
def _list_credentials(cmd, resource_uri, certificate_validity_in_seconds):
from .aaz.latest.hybrid_connectivity.endpoint import ListCredential
list_cred_args = {
'endpoint_name': 'default',
'resource_uri': resource_uri,
'expiresin': int(certificate_validity_in_seconds),
'service_name': "SSH"
}
return ListCredential(cli_ctx=cmd.cli_ctx)(command_args=list_cred_args)
def format_relay_info_string(relay_info):
relay_info_string = json.dumps(
{
"relay": {
"namespaceName": relay_info['namespaceName'],
"namespaceNameSuffix": relay_info['namespaceNameSuffix'],
"hybridConnectionName": relay_info['hybridConnectionName'],
"accessKey": relay_info['accessKey'],
"expiresOn": relay_info['expiresOn'],
"serviceConfigurationToken": relay_info['serviceConfigurationToken']
}
})
result_bytes = relay_info_string.encode("ascii")
enc = base64.b64encode(result_bytes)
base64_result_string = enc.decode("ascii")
return base64_result_string
def _handle_relay_connection_delay(cmd, message):
# relay has retry delay after relay connection is lost
# must sleep for at least as long as the delay
# otherwise the ssh connection will fail
progress_bar = cmd.cli_ctx.get_progress_controller(True)
for x in range(0, consts.SERVICE_CONNECTION_DELAY_IN_SECONDS + 1):
interval = float(1 / consts.SERVICE_CONNECTION_DELAY_IN_SECONDS)
progress_bar.add(message=f"{message}:",
value=interval * x, total_val=1.0)
time.sleep(1)
progress_bar.add(message=f"{message}: complete",
value=1.0, total_val=1.0)
progress_bar.end()
# Downloads client side proxy to connect to Arc Connectivity Platform
def install_client_side_proxy(arc_proxy_folder):
client_operating_system = _get_client_operating_system()
client_architecture = _get_client_architeture()
install_dir = _get_proxy_install_dir(arc_proxy_folder)
proxy_name = _get_proxy_filename(client_operating_system, client_architecture)
install_location = os.path.join(install_dir, proxy_name)
# Only download new proxy if it doesn't exist already
if not os.path.isfile(install_location):
if not os.path.isdir(install_dir):
file_utils.create_directory(install_dir, f"Failed to create client proxy directory '{install_dir}'.")
# if directory exists, delete any older versions of the proxy
else:
older_version_location = _get_older_version_proxy_path(
install_dir,
client_operating_system,
client_architecture)
older_version_files = glob(older_version_location)
for f in older_version_files:
file_utils.delete_file(f, f"failed to delete older version file {f}", warning=True)
_download_proxy_from_MCR(install_dir, proxy_name, client_operating_system, client_architecture)
_check_proxy_installation(install_dir, proxy_name)
return install_location
def _download_proxy_from_MCR(dest_dir, proxy_name, operating_system, architecture):
mar_target = f"{consts.CLIENT_PROXY_MCR_TARGET}/{operating_system.lower()}/{architecture}/ssh-proxy"
logger.debug("Downloading Arc Connectivity Proxy from %s in Microsoft Artifact Regristy.", mar_target)
client = oras.client.OrasClient()
t0 = time.time()
try:
response = client.pull(target=f"{mar_target}:{consts.CLIENT_PROXY_VERSION}", outdir=dest_dir)
except Exception as e:
raise azclierror.CLIInternalError(
f"Failed to download Arc Connectivity proxy with error {str(e)}. Please try again.")
time_elapsed = time.time() - t0
proxy_data = {
'Context.Default.AzureCLI.SSHProxyDownloadTime': time_elapsed,
'Context.Default.AzureCLI.SSHProxyVersion': consts.CLIENT_PROXY_VERSION
}
telemetry.add_extension_event('ssh', proxy_data)
proxy_package_path = _get_proxy_package_path_from_oras_response(response)
_extract_proxy_tar_files(proxy_package_path, dest_dir, proxy_name)
file_utils.delete_file(proxy_package_path, f"Failed to delete {proxy_package_path}. Please delete manually.", True)
def _get_proxy_package_path_from_oras_response(pull_response):
if not isinstance(pull_response, list):
raise azclierror.CLIInternalError(
"Attempt to download Arc Connectivity Proxy returned unnexpected result. Please try again.")
if len(pull_response) != 1:
for r in pull_response:
file_utils.delete_file(r, f"Failed to delete {r}. Please delete it manually.", True)
raise azclierror.CLIInternalError(
"Attempt to download Arc Connectivity Proxy returned unnexpected result. Please try again.")
proxy_package_path = pull_response[0]
if not os.path.isfile(proxy_package_path):
raise azclierror.CLIInternalError("Unable to download Arc Connectivity Proxy. Please try again.")
logger.debug("Proxy package downloaded to %s", proxy_package_path)
return proxy_package_path
def _extract_proxy_tar_files(proxy_package_path, install_dir, proxy_name):
with tarfile.open(proxy_package_path, 'r:gz') as tar:
members = []
for member in tar.getmembers():
if member.isfile():
filenames = member.name.split('/')
if len(filenames) != 2:
tar.close()
file_utils.delete_file(
proxy_package_path,
f"Failed to delete {proxy_package_path}. Please delete it manually.",
True)
raise azclierror.CLIInternalError(
"Attempt to download Arc Connectivity Proxy returned unnexpected result. Please try again.")
member.name = filenames[1]
if member.name.startswith('sshproxy'):
member.name = proxy_name
elif member.name.lower() not in ['license.txt', 'thirdpartynotice.txt']:
tar.close()
file_utils.delete_file(
proxy_package_path,
f"Failed to delete {proxy_package_path}. Please delete it manually.",
True)
raise azclierror.CLIInternalError(
"Attempt to download Arc Connectivity Proxy returned unnexpected result. Please try again.")
members.append(member)
tar.extractall(members=members, path=install_dir, filter='data')
def _check_proxy_installation(install_dir, proxy_name):
proxy_filepath = os.path.join(install_dir, proxy_name)
if os.path.isfile(proxy_filepath):
print_styled_text((Style.SUCCESS, f"Successfuly installed SSH Connectivity Proxy file {proxy_filepath}"))
else:
raise azclierror.CLIInternalError(
"Failed to install required SSH Arc Connectivity Proxy. "
f"Couldn't find expected file {proxy_filepath}. Please try again.")
license_files = ["LICENSE.txt", "ThirdPartyNotice.txt"]
for file in license_files:
file_location = os.path.join(install_dir, file)
if os.path.isfile(file_location):
print_styled_text(
(Style.SUCCESS,
f"Successfuly installed SSH Connectivity Proxy License file {file_location}"))
else:
logger.warning(
"Failed to download Arc Connectivity Proxy license file %s. Clouldn't find expected file %s. "
"This won't affect your connection.", file, file_location)
def _get_proxy_filename(operating_system, architecture):
if operating_system.lower() == 'darwin' and architecture == '386':
raise azclierror.BadRequestError("Unsupported Darwin OS with 386 architecture.")
proxy_filename = \
f"sshProxy_{operating_system.lower()}_{architecture}_{consts.CLIENT_PROXY_VERSION.replace('.', '_')}"
if operating_system.lower() == 'windows':
proxy_filename += '.exe'
return proxy_filename
def _get_older_version_proxy_path(install_dir, operating_system, architecture):
proxy_name = f"sshProxy_{operating_system.lower()}_{architecture}_*"
return os.path.join(install_dir, proxy_name)
def _get_proxy_install_dir(arc_proxy_folder):
if not arc_proxy_folder:
return os.path.expanduser(os.path.join('~', ".clientsshproxy"))
return arc_proxy_folder
def _get_client_architeture():
import platform
machine = platform.machine()
architecture = None
logger.debug("Platform architecture: %s", machine)
if "arm64" in machine.lower() or "aarch64" in machine.lower():
architecture = 'arm64'
elif machine.endswith('64'):
architecture = 'amd64'
elif machine.endswith('86'):
architecture = '386'
elif machine == '':
raise azclierror.BadRequestError("Couldn't identify the platform architecture.")
else:
raise azclierror.BadRequestError(f"Unsuported architecture: {machine} is not currently supported")
return architecture
def _get_client_operating_system():
import platform
operating_system = platform.system()
logger.debug("Platform OS: %s", operating_system)
if operating_system.lower() not in ('linux', 'darwin', 'windows'):
raise azclierror.BadRequestError(f"Unsuported OS: {operating_system} platform is not currently supported")
return operating_system