|
Server : Apache System : Linux cvar2.toservers.com 3.10.0-962.3.2.lve1.5.73.el7.x86_64 #1 SMP Wed Aug 24 21:31:23 UTC 2022 x86_64 User : njnconst ( 1116) PHP Version : 8.4.18 Disable Function : NONE Directory : /proc/self/root/opt/alt-old/python37/lib/python3.7/site-packages/clcommon/lib/ |
Upload File : |
# coding=utf-8
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2020 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
# pylint: disable=no-absolute-import
import os
import sys
import subprocess
from enum import Enum
from functools import wraps
from jwt import exceptions
from typing import AnyStr
from clcommon.lib.consts import CLN_JWT_TOKEN_PATH, CL_EDITION_FILE_FOR_USERS
from clcommon.lib.jwt_token import read_jwt, decode_jwt, jwt_token_check
from clcommon.clexception import FormattedException
CL_EDITION_FILE_MARKER = '/etc/cloudlinux-edition-solo'
SHARED_PRO_EDITION_HUMAN_READABLE = 'CloudLinux OS Shared Pro'
SHARED_EDITION_HUMAN_READABLE = 'CloudLinux OS Shared'
SOLO_EDITION_HUMAN_READABLE = 'CloudLinux OS Solo'
from clcommon.clcagefs import in_cagefs
class SupportedEditions(Enum):
"""
Keeps supported CloudLinux editions
"""
SOLO = 'solo'
SHARED = 'shared'
SHARED_PRO = 'shared_pro'
class CLEditionDetectionError(FormattedException):
def __init__(self, message, **context):
FormattedException.__init__(self, {
'message': message,
'context': context
})
HUMAN_READABLE_TOKEN_EDITION_PAIRS = {
SOLO_EDITION_HUMAN_READABLE: SupportedEditions.SOLO.value,
SHARED_PRO_EDITION_HUMAN_READABLE: SupportedEditions.SHARED_PRO.value,
SHARED_EDITION_HUMAN_READABLE: SupportedEditions.SHARED.value
}
class CLEditions:
@staticmethod
def get_from_jwt(token=None, verify_exp=True):
"""
Note: be careful when modifying this method.
Passing token in is used in X-Ray,
ask @dkavchuk or someone else from C-Projects team for details
:param token:
:param verify_exp:
:return:
"""
if token is None:
token = read_jwt(CLN_JWT_TOKEN_PATH)
try:
jwt = decode_jwt(token, verify_exp=verify_exp)
except exceptions.PyJWTError as e:
raise CLEditionDetectionError(f'Unable to detect edition from jwt token: {CLN_JWT_TOKEN_PATH}. '
f'Please, make sure it is not broken, error: {e}')
try:
return jwt['edition']
except KeyError:
# fallback for old format of tokens
cl_plus = jwt.get('cl_plus')
if cl_plus is None:
raise CLEditionDetectionError(
f'Unable to detect edition from jwt token: {CLN_JWT_TOKEN_PATH}. '
f'Please, make sure it is not broken, error: not enough fields for detection')
return SupportedEditions.SHARED_PRO.value if cl_plus else SupportedEditions.SHARED.value
@staticmethod
def is_package_installed(package_name):
process = subprocess.Popen(['rpm', '-q', package_name],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True)
out, err = process.communicate()
if process.returncode != 0 and 'is not installed' in out:
return False
elif process.returncode != 0:
raise CLEditionDetectionError(f'Unable to check is package {package_name} is installed, '
f'reason: {out}, {err}')
return True
@classmethod
def get_cl_edition(cls, skip_jwt_check=False, skip_marker_check=False,
raw_jwt=None, verify_exp=True):
"""
1. Try to detect edition from jwt token
if edition field is in token -> return edition
if edition field is not present -> recheck via cl_plus flag
if token is broken -> raise error about it
2. Try to detect from file
if edition is in file -> return edition
if file is broken -> raise about it
if file is missed -> check if meta package is present
Detection from file may be switched off using skip_marker_check
In case there is no token with correct edition,
no file we consider edition as regular CL.
Note: be careful when modifying this method.
It is used in X-Ray, ask @dkavchuk or someone else from C-Projects team
for details
"""
# skipping both jwt and file checks is not allowed
if skip_jwt_check and skip_marker_check:
raise CLEditionDetectionError(
'Unable to detect edition: neither jwt token check, no file marker check enabled')
if not skip_jwt_check and os.path.isfile(CLN_JWT_TOKEN_PATH):
try:
edition = cls.get_from_jwt(token=raw_jwt, verify_exp=verify_exp)
except PermissionError:
edition = user_cl_edition()
if edition:
return edition
# In case if user in cagefs.
if in_cagefs():
return user_cl_edition()
# if fallback to file is applicable
if not skip_marker_check:
# jwt has no 'edition' field -> ensure it is really solo via file
if os.path.isfile(CL_EDITION_FILE_MARKER):
return SupportedEditions.SOLO.value
return SupportedEditions.SHARED.value
def is_cl_solo_edition(skip_jwt_check=True, skip_marker_check=False, verify_exp=True):
"""
Allow skip_jwt_check ONLY if it not critical when license is not valid
Use skip_marker_check=True when validity of license is critical
and fallback to file is not applicable
Note: be careful when modifying this method.
It is used in X-Ray and SSA,
ask @dkavchuk or someone else from C-Projects team for details
"""
edition = CLEditions.get_cl_edition(
skip_jwt_check=skip_jwt_check,
skip_marker_check=skip_marker_check,
verify_exp=verify_exp
)
return edition is not None and edition == SupportedEditions.SOLO.value
def is_cl_shared_edition(skip_jwt_check=False, skip_marker_check=False, verify_exp=True):
"""
Allow skip_jwt_check ONLY if it not critical when license is not valid
Use skip_marker_check=True when validity of license is critical
and fallback to file is not applicable
"""
edition = CLEditions.get_cl_edition(
skip_jwt_check=skip_jwt_check,
skip_marker_check=skip_marker_check,
verify_exp=verify_exp
)
return edition is not None and edition == SupportedEditions.SHARED.value
def is_cl_shared_pro_edition(skip_jwt_check=False,
skip_marker_check=False,
verify_exp=True):
"""
Allow skip_jwt_check ONLY if it not critical when license is not valid
Use skip_marker_check=True when validity of license is critical
and fallback to file is not applicable
"""
edition = CLEditions.get_cl_edition(
skip_jwt_check=skip_jwt_check,
skip_marker_check=skip_marker_check,
verify_exp=verify_exp
)
return edition is not None and edition == SupportedEditions.SHARED_PRO.value
def get_cl_edition_readable() -> AnyStr:
"""
Function returns current edition of CL:
- CloudLinux OS Shared
- CloudLinux OS Shared Pro
- CloudLinux OS Solo
- Error string
"""
try:
if is_cl_solo_edition(skip_jwt_check=True):
return SOLO_EDITION_HUMAN_READABLE
except CLEditionDetectionError:
return SHARED_EDITION_HUMAN_READABLE
success_flag, error_message, _ = jwt_token_check()
# This error message indicates that user could not read jwt.token because not enough privileges
# We have to check existence of token file, to be sure that privilege error acquired
if 'read error' in error_message and (os.path.isfile(CLN_JWT_TOKEN_PATH) or in_cagefs()):
with open(CL_EDITION_FILE_FOR_USERS, 'r') as f:
return f.read().strip()
if success_flag:
return SHARED_PRO_EDITION_HUMAN_READABLE
else:
return SHARED_EDITION_HUMAN_READABLE
def skip_on_cl_solo():
try:
# we still have some utils that could be run under user (e.g cloudlinux-selector)
if is_cl_solo_edition(skip_jwt_check=True):
print('CloudLinux Solo edition detected! \n'
'Command is skipped, because it is unsupported and unneeded on current edition')
sys.exit(0)
except CLEditionDetectionError as e:
print(f'Error: {e}')
sys.exit(1)
def lve_supported_or_exit(f):
@wraps(f)
def inner(*args, **kwargs):
skip_on_cl_solo()
return f(*args, **kwargs)
return inner
def user_cl_edition():
"""This function is used as workaround for users to be able to get CL Edition.
Crontab will write to CL_EDITION_FILE_FOR_USERS, output of cldetect --detect-edition command with 0644 permission.
"""
if os.path.exists(CL_EDITION_FILE_FOR_USERS):
with open(CL_EDITION_FILE_FOR_USERS, 'r') as f:
edition = f.read().strip()
return HUMAN_READABLE_TOKEN_EDITION_PAIRS.get(edition)
return None