o w7e@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z ddl m Z ddlmZmZddlmZmZmZmZmZmZddlmZddlmZdd lmZmZmZmZm Z m!Z!dd l"m#Z#dd l$m%Z%er~dd l&m'Z'e(e)Z*d Z+dZ,dZ-dZ.dZ/dZ0dZ1e#j2ddddZ3edZ4dede4fdede4ffddZ5e5ddZ6e5d d!Z7dd"d#e8de#j9fd$d%Z:d&d'Z;e5e%d(fd)d*Zd/d0Z?e5dd1d2d3d4e8d5e@d6eeAd7eBd8eBdejCf d9d:ZDd;e8dd?ZEGd@dAdAZFGdBdCdCeGZHGdDdEdEZIGdFdGdGZJGdHdIdIZKGdJdKdKZLe5  d]dLe8dMeee8dNee8fdOdPZMe5dLe8dQdRfdSdTZNdUdVZOGdWdXdXeGZPGdYdZdZeGZQGd[d\d\ZRdS)^N)contextmanager)datetime)ENOENT)sleeptime) TYPE_CHECKINGCallableListOptionalTypeVarUnion) ElementTree)escape)distrossubp temp_utils url_helperutilversion)events) CFG_BUILTIN)errorsz 168.63.129.16boot-telemetryz system-info diagnostic compressediz'/run/cloud-init/log_pushed_to_kvp_indexzazure-dsz initialize reporter for azure dsT)name descriptionreporting_enabledTfunc.returncsfdd}|S)NcsFtjjjtd|i|WdS1swYdS)Nrrparent)rReportEventStack__name__azure_ds_reporter)argskwargsrA/usr/lib/python3/dist-packages/cloudinit/sources/helpers/azure.pyimpl5s $z)azure_ds_telemetry_reporter..implr))rr+r)r(r*azure_ds_telemetry_reporter4s r,c Cststdtdz tttt}Wnt y+}ztd|d}~wwz*t j gddd\}}d}|rGd|vrG| dd }|sMtd |t|d }Wn&t j yj}ztd ||d}~wt y|}ztd ||d}~wwz*t j gddd\}}d}|rd|vr| dd }|std|t|d }Wn&t j y}ztd||d}~wt y}ztd||d}~wwt tddt|dt|dt|dft j}t ||S)z[Report timestamps related to kernel initialization and systemd activation of cloud-initz1distro not using systemd, skipping boot telemetryzCollecting boot telemetryz*Failed to determine kernel start timestampN) systemctlshow-pUserspaceTimestampMonotonicT)capture=z8Failed to parse UserspaceTimestampMonotonic from systemdi@Bz-Failed to get UserspaceTimestampMonotonic: %szr[printwebhookr\) base64 encodebyteszlibcompressdecoderr?COMPRESSED_EVENT_TYPEjsondumpsrCrD) event_name event_contentcompressed_data event_datarLr)r)r*report_compressed_eventsrr def_log_filec CsVt}tdzNt|d?}|dtjt|t |}t d |||tjd||tj t d|ttt|Wdn1sPwYWntys}zt dt|tjdWYd}~nd}~wwtd ztjd gd d d \}}t d |WdSty}zt dt|tjdWYd}~dSd}~ww)azPush a portion of cloud-init.log file or the whole file to KVP based on the file size. The first time this function is called after VM boot, It will push the last n bytes of the log file such that n < MAX_LOG_TO_KVP_LENGTH If called again on the same boot, it continues from where it left off. In addition to cloud-init.log, dmesg log will also be collected.z"Dumping cloud-init.log file to KVPrbrzMDumping last {0} bytes of cloud-init.log file to KVP starting from index: {1}rXzcloud-init.logNz#Exception when dumping log file: %szDumping dmesg log to KVPdmesgFT)rjr1z$Exception when dumping dmesg log: %s)%get_last_log_byte_pushed_to_kvp_indexr8r9openseekosSEEK_ENDmaxtellMAX_LOG_TO_KVP_LENGTHr`formatSEEK_SETrrreadr write_fileLOG_PUSHED_TO_KVP_INDEX_FILEstr Exceptionreprwarningr) file_name start_indexf seek_indexexrGrHr)r)r*push_log_to_kvpsD      rc Cszttd}t|WdWS1swYWdStyI}z|jtkr>tdt|t j dWYd}~dSWYd}~dSd}~wt yf}ztdt|t j dWYd}~dSd}~wt y}ztdt|t j dWYd}~dSd}~ww)Nrz0Reading LOG_PUSHED_TO_KVP_INDEX_FILE failed: %s.rXz2Invalid value in LOG_PUSHED_TO_KVP_INDEX_FILE: %s.z2Failed to get the last log byte pushed to KVP: %s.r) rwrintrIOErrorerrnorr`rr8rr<r)rrFr)r)r*rvs<  $      rvc cs@t}ttj|z dVWt|dSt|wN)rygetcwdchdirpath expanduser)newdirprevdirr)r)r*cds rcCsx|dd}t|dkr2d}|dD]}t|dkrd|}||7}qtdt|ddd}n|d }t|S) N\:r30z>Lutf-8) replacelenr=structpackrencodesocket inet_ntoa)fallback_lease_valueunescaped_value hex_stringhex_pair packed_bytesr)r)r*get_ip_from_lease_value!s      r)rc retry_sleeptimeout_minutesurlheadersrcrrc Cs|dt}d}d}|sT|d7}z tj|||dd}Wn7tjyM}z$td||||j|jftjdt||ksBd t |vrCWYd}~nd}~wwt ||r td ||ftjd|S) zReadurl wrapper for querying wireserver. :param retry_sleep: Time to sleep before retrying. :param timeout_minutes: Retry up to specified number of minutes. :raises UrlError: on error fetching data. <rNr3)rr)rrctimeoutzdFailed HTTP request with Azure endpoint %s during attempt %d with exception: %s (code=%r headers=%r)rXzNetwork is unreachablez@Successful HTTP request with Azure endpoint %s after %d attempts) rrreadurlUrlErrorr`coderr8r9rr) rrrcrrrattemptresponserFr)r)r*http_with_retries/s@  rusernamehostname disableSshPwdcCs$td}|j|||d}|dS)Na. 1.0 LinuxProvisioningConfiguration {username} {disableSshPwd} {hostname} 1.0 true )rrrr)textwrapdedentr~r)rrrOVF_ENV_TEMPLATEretr)r)r*build_minimal_ovffs rc@sLeZdZdddZddZddejfdd Z dd ee dejfd d Z d S)AzureEndpointHttpClient WALinuxAgentz 2012-11-30)zx-ms-agent-namez x-ms-versioncCsd|d|_dS)N DES_EDE3_CBC)zx-ms-cipher-namez!x-ms-guest-agent-public-x509-cert)extra_secure_headers)self certificater)r)r*__init__s z AzureEndpointHttpClient.__init__Fr cCs,|j}|r|j}||jt||dS)N)r)rcopyupdaterr)rrsecurerr)r)r*gets    zAzureEndpointHttpClient.getNrccCs0|j}|dur|j}||t|||dS)N)rcr)rrrr)rrrc extra_headersrr)r)r*posts   zAzureEndpointHttpClient.post)FNN) r$ __module__ __qualname__rrr UrlResponserr bytesrr)r)r)r*rsrc@seZdZdZdS)InvalidGoalStateXMLExceptionz9Raised when GoalState XML is invalid or has missing data.N)r$rr__doc__r)r)r)r*rsrc @s:eZdZ d deeefdededdfddZd d Z dS) GoalStateT unparsed_xmlazure_endpoint_clientneed_certificater Nc Cs ||_zt||_Wntjy"}z td|tjdd}~ww|d|_ |d|_ |d|_ dD]}t ||durOd|}t|tjdt |q7d|_|d }|dur|rtjd d td |jj|d dj|_|jdurzt dWddS1swYdSdSdS)ahParses a GoalState XML string and returns a GoalState object. @param unparsed_xml: string representing a GoalState XML. @param azure_endpoint_client: instance of AzureEndpointHttpClient. @param need_certificate: switch to know if certificates is needed. @return: GoalState object representing the GoalState XML string. z!Failed to parse GoalState XML: %srXNz./Container/ContainerIdz4./Container/RoleInstanceList/RoleInstance/InstanceIdz ./Incarnation) container_id instance_id incarnationzMissing %s in GoalState XMLzD./Container/RoleInstanceList/RoleInstance/Configuration/Certificateszget-certificates-xmlzget certificates xmlr!T)rz/Azure endpoint returned empty certificates xml.)rr fromstringroot ParseErrorr`r8r_text_from_xpathrrrgetattrrcertificates_xmlrr#r%rcontents)rrrrrFattrrZrr)r)r*rsX     "zGoalState.__init__cCs|j|}|dur |jSdSr)rfindtext)rxpathelementr)r)r*rs zGoalState._text_from_xpath)T) r$rrr rrrboolrrr)r)r)r*rs  7rc@seZdZdddZddZddZedd Zejd d Ze d d Z e e d dZ e ddZ e ddZe ddZe ddZdS)OpenSSLManagerzTransportPrivate.pemzTransportCert.pem) private_keyrcCst|_d|_|dSr)rmkdtemptmpdir _certificategenerate_certificaterr)r)r*rs  zOpenSSLManager.__init__cCst|jdSr)rdel_dirrrr)r)r*clean_upszOpenSSLManager.clean_upcCs|jSrrrr)r)r*rszOpenSSLManager.certificatecCs ||_dSrr)rvaluer)r)r*rs cCstd|jdurtddSt|j:tddddddd d d d d |jdd|jdgd}t|jdD] }d|vrE||7}q9||_Wdn1sSwYtddS)Nz7Generating certificate for communication with fabric...zCertificate already generated.opensslreqz-x509z-nodesz-subjz/CN=LinuxTransportz-days32768z-newkeyzrsa:2048z-keyoutrz-outrr CERTIFICATEzNew certificate generated.) r8r9rrrrcertificate_namesrwrstrip)rrliner)r)r*rs<     z#OpenSSLManager.generate_certificatecCs"ddd|g}tj||d\}}|S)Nrx509z-nooutrc)r)actioncertcmdresultrHr)r)r*_run_x509_action s zOpenSSLManager._run_x509_actioncCs*|d|}gd}tj||d\}}|S)Nz-pubkey)z ssh-keygenz-iz-mPKCS8z-fz /dev/stdinr)rr)rrpub_key keygen_cmdssh_keyrHr)r)r*_get_ssh_key_from_cert's z%OpenSSLManager._get_ssh_key_from_certcCs6|d|}|d}||ddd}d|S)aopenssl x509 formats fingerprints as so: 'SHA1 Fingerprint=07:3E:19:D1:4D:1C:79:92:24:C6:A0:FD:8D:DA: B6:A8:BF:27:D4:73 ' Azure control plane passes that fingerprint as so: '073E19D14D1C799224C6A0FD8DDAB6A8BF27D473' z -fingerprintr2r3rr)rrr=join)rrraw_fpeqoctetsr)r)r*_get_fingerprint_from_cert.s  z)OpenSSLManager._get_fingerprint_from_certcCst|d}|j}ddddd|dg}t|jtjdjd i|j d d |d \}}Wd |S1s;wY|S)zDecrypt the certificates XML document using the our private key; return the list of certs and private keys contained in the doc. z.//DatasMIME-Version: 1.0s<Content-Disposition: attachment; filename="Certificates.p7m"s?Content-Type: application/x-pkcs7-mime; name="Certificates.p7m"s!Content-Transfer-Encoding: base64rzuopenssl cms -decrypt -in /dev/stdin -inkey {private_key} -recip {certificate} | openssl pkcs12 -nodes -password pass:T )shellrcNr)) r rrrrrrrr~rr )rrtagcertificates_contentlinesrGrHr)r)r*_decrypt_certs_from_xml<s.  z&OpenSSLManager._decrypt_certs_from_xmlc Csv||}g}i}|D]+}||td|rg}q td|r8d|}||}||}|||<g}q |S)zGiven the Certificates XML document, return a dictionary of fingerprints and associated SSH keys derived from the certs.z[-]+END .*?KEY[-]+$z[-]+END .*?CERTIFICATE[-]+$ )r splitlinesappendrematchr rr) rrrGcurrentkeysrrr fingerprintr)r)r*parse_certificatesUs        z!OpenSSLManager.parse_certificatesN)r$rrrrrpropertyrsetterr,r staticmethodrrrrrr)r)r)r*rs.       rc @seZdZedZedZdZdZdZ dZ de de d e d d fd d ZedddZede d d fddZ dde de de de d ef ddZeded d fddZd S)GoalStateHealthReportera {incarnation} {container_id} {instance_id} {health_status} {health_detail_subsection} z
{health_substatus} {health_description}
ReadyNotReadyProvisioningFailedi goal_staterendpointr NcCs||_||_||_dS)a?Creates instance that will report provisioning status to an endpoint @param goal_state: An instance of class GoalState that contains goal state info such as incarnation, container id, and instance id. These 3 values are needed when reporting the provisioning status to Azure @param azure_endpoint_client: Instance of class AzureEndpointHttpClient @param endpoint: Endpoint (string) where the provisioning status report will be sent to @return: Instance of class GoalStateHealthReporter N) _goal_state_azure_endpoint_client _endpoint)rr&rr'r)r)r*rs z GoalStateHealthReporter.__init__c Csv|j|jj|jj|jj|jd}tdz|j|dWnt y3}z t d|tj dd}~wwt ddS)N)rrrstatusz Reporting ready to Azure fabric.documentz#exception while reporting ready: %srXzReported ready to Azure fabric.) build_reportr(rrrPROVISIONING_SUCCESS_STATUSr8r9_post_health_reportrr`errorrV)rr-rFr)r)r*send_ready_signals$ z)GoalStateHealthReporter.send_ready_signalrc Csv|j|jj|jj|jj|j|j|d}z|j|dWnty3}z d|}t |t j dd}~wwt ddS)N)rrrr+ substatusrr,z%exception while reporting failure: %srXz!Reported failure to Azure fabric.) r.r(rrrPROVISIONING_NOT_READY_STATUSPROVISIONING_FAILURE_SUBSTATUSr0rr`r8r1r)rrr-rFrZr)r)r*send_failure_signals"z+GoalStateHealthReporter.send_failure_signalrrrr+c Csbd}|dur|jjt|t|d|jd}|jjtt|t|t|t||d}|dS)Nr)health_substatushealth_description)rrr health_statushealth_detail_subsectionr)%HEALTH_DETAIL_SUBSECTION_XML_TEMPLATEr~r"HEALTH_REPORT_DESCRIPTION_TRIM_LENHEALTH_REPORT_XML_TEMPLATErr) rrrrr+r3r health_detail health_reportr)r)r*r.s     z$GoalStateHealthReporter.build_reportr-cCsHttdtdd|j}|jj||ddidtddS)Nrz&Sending health report to Azure fabric.zhttp://{}/machine?comp=healthz Content-Typeztext/xml; charset=utf-8)rcrz/Successfully sent health report to Azure fabric)rrr8r9r~r*r)r)rr-rr)r)r*r0s  z+GoalStateHealthReporter._post_health_reportr Nr)r$rrrrr=r;r/r4r5r<rrrrr,r2r6rr.r0r)r)r)r*r"jsN    r"c@seZdZdefddZddZeddd Ze ddee efd d Z ed eddfd dZ ede de fddZedefddZedeeefde de fddZede dedefddZedededefddZdS) WALinuxAgentShimr'cCs||_d|_d|_dSr)r'openssl_managerr)rr'r)r)r*r s zWALinuxAgentShim.__init__cCs|jdur |jdSdSr)rBrrr)r)r*rs zWALinuxAgentShim.clean_upr Nc CsXztdtd|gWdSty+}ztd|tjdWYd}~dSd}~ww)NzEjecting the provisioning isoejectz(Failed ejecting the provisioning iso: %srX)r8r9rrr`)riso_devrFr)r)r* eject_isos zWALinuxAgentShim.eject_isocCsd}|jdur|durt|_|jj}|jdurt||_|j|dud}d}|dur1|||}t||j|j}|durB| || |S)aGets the VM's GoalState from Azure, uses the GoalState information to report ready/send the ready signal/provisioning complete signal to Azure, and then uses pubkey_info to filter and obtain the user's pubkeys from the GoalState. @param pubkey_info: List of pubkey values and fingerprints which are used to filter and obtain the user's pubkey values from the GoalState. @return: The list of user's authorized pubkey values. Nr) rBrrrr_fetch_goal_state_from_azure_get_user_pubkeysr"r'rEr2)r pubkey_inforDhttp_client_certificater&ssh_keyshealth_reporterr)r)r*"register_with_azure_and_fetch_data s*    z3WALinuxAgentShim.register_with_azure_and_fetch_datarcCs@|jdur td|_|jdd}t||j|j}|j|ddS)zGets the VM's GoalState from Azure, uses the GoalState information to report failure/send provisioning failure signal to Azure. @param: user visible error description of provisioning failure. NFrFr)rrrGr"r'r6)rrr&rLr)r)r*®ister_with_azure_and_report_failureFs    z7WALinuxAgentShim.register_with_azure_and_report_failurercCs|}|||S)aFetches the GoalState XML from the Azure endpoint, parses the XML, and returns a GoalState object. @param need_certificate: switch to know if certificates is needed. @return: GoalState object representing the GoalState XML )"_get_raw_goal_state_xml_from_azure_parse_raw_goal_state_xml)rrunparsed_goal_state_xmlr)r)r*rGUs z-WALinuxAgentShim._fetch_goal_state_from_azurec Cstdd|j}z tjddtd|j|}Wdn1s%wYWnt yA}z t d|tj dd}~wwt d |j S) zFetches the GoalState XML from the Azure endpoint and returns the XML as a string. @return: GoalState XML string zRegistering with Azure...z!http://{}/machine/?comp=goalstatezgoalstate-retrievalzretrieve goalstater!Nz9failed to register with Azure and fetch GoalState XML: %srXz#Successfully fetched GoalState XML.)r8rVr~r'rr#r%rrrr`rr9r)rrrrFr)r)r*rPds.   z3WALinuxAgentShim._get_raw_goal_state_xml_from_azurerRc Cstz t||j|}Wnty}z td|tjdd}~wwdd|jd|jd|j g}t|tj d|S)aParses a GoalState XML string and returns a GoalState object. @param unparsed_goal_state_xml: GoalState XML string @param need_certificate: switch to know if certificates is needed. @return: GoalState object representing the GoalState XML z"Error processing GoalState XML: %srXNz, zGoalState XML container id: %szGoalState XML instance id: %szGoalState XML incarnation: %s) rrrr`r8rr rrrr9)rrRrr&rFrZr)r)r*rQs, z*WALinuxAgentShim._parse_raw_goal_state_xmlr&rIcCsHg}|jdur"|dur"|jdur"td|j|j}|||}|S)aGets and filters the VM admin user's authorized pubkeys. The admin user in this case is the username specified as "admin" when deploying VMs on Azure. See https://docs.microsoft.com/en-us/cli/azure/vm#az-vm-create. cloud-init expects a straightforward array of keys to be dropped into the admin user's authorized_keys file. Azure control plane exposes multiple public keys to the VM via wireserver. Select just the admin user's key(s) and return them, ignoring any other certs. @param goal_state: GoalState object. The GoalState object contains a certificate XML, which contains both the VM user's authorized pubkeys and other non-user pubkeys, which are used for MSI and protected extension handling. @param pubkey_info: List of VM user pubkey dicts that were previously obtained from provisioning data. Each pubkey dict in this list can either have the format pubkey['value'] or pubkey['fingerprint']. Each pubkey['fingerprint'] in the list is used to filter and obtain the actual pubkey value from the GoalState certificates XML. Each pubkey['value'] requires no further processing and is immediately added to the return list. @return: A list of the VM user's authorized pubkey values. Nz/Certificate XML found; parsing out public keys.)rrBr8r9r_filter_pubkeys)rr&rIrKkeys_by_fingerprintr)r)r*rHs    z"WALinuxAgentShim._get_user_pubkeysrTcCs|g}|D]7}d|vr|dr||dqd|vr5|dr5|d}||vr.|||qtd|qtd|q|S)a8Filter and return only the user's actual pubkeys. @param keys_by_fingerprint: pubkey fingerprint -> pubkey value dict that was obtained from GoalState Certificates XML. May contain non-user pubkeys. @param pubkey_info: List of VM user pubkeys. Pubkey values are added to the return list without further processing. Pubkey fingerprints are used to filter and obtain the actual pubkey values from keys_by_fingerprint. @return: A list of the VM user's authorized pubkey values. rrzIovf-env.xml specified PublicKey fingerprint %s not found in goalstate XMLzFovf-env.xml specified PublicKey with neither value nor fingerprint: %s)rr8r)rTrIrpubkeyrr)r)r*rSs" z WALinuxAgentShim._filter_pubkeysr@r)r$rrrrrr,rEr r rMrOrrrGrrPr rQlistrHr!dictrSr)r)r)r*rA sL    %   ! )rAr'rIrDcCs.t|d}z |j||dW|S|w)Nr')rIrD)rArMr)r'rIrDshimr)r)r*get_metadata_from_fabrics rZr1zerrors.ReportableErrorcCs8t|d}|}z |j|dW|dS|w)NrXrN)rAas_encoded_reportrOr)r'r1rYrr)r)r*report_failure_to_fabrics r\cCs(td|tjdtd|tjddS)Nzdhclient output stream: %srXzdhclient error stream: %s)r`r8r9)rGerrr)r)r* dhcp_log_cb s    r^c@ eZdZdS)BrokenAzureDataSourceNr$rrr)r)r)r*r`r`c@r_)NonAzureDataSourceNrar)r)r)r*rcrbrcc@seZdZdddZddddddddddeedeed eed eed eed eee d edeeddfddZ defddZ e deddfddZ d'dededefddZ   d(dedededefdd Zd!d"Zd#d$Zd%d&ZdS)) OvfEnvXmlz)http://schemas.dmtf.org/ovf/environment/1z)http://schemas.microsoft.com/windowsazure)ovfwaNFrpasswordr custom_datadisable_ssh_password_auth public_keyspreprovisioned_vmpreprovisioned_vm_typerrhrrirjrkrlrmr c Cs8||_||_||_||_||_|pg|_||_||_dSrrg) rrrhrrirjrkrlrmr)r)r*r s   zOvfEnvXml.__init__cCs |j|jkSr)__dict__)rotherr)r)r*__eq__5s zOvfEnvXml.__eq__ ovf_env_xmlc Cspzt|}Wntjy}z d|}t||d}~ww|d|js)tdt}||| ||S)zParser for ovf-env.xml data. :raises NonAzureDataSource: if XML is not in Azure's format. :raises BrokenAzureDataSource: if XML is unparseable or invalid. zInvalid ovf-env.xml: %sNz./wa:ProvisioningSectionz=Ignoring non-Azure ovf-env.xml: ProvisioningSection not found) r rrr`r NAMESPACESrcrd&_parse_linux_configuration_set_section _parse_platform_settings_section)clsrqrrF error_strinstancer)r)r* parse_text8s   zOvfEnvXml.parse_textrfrrequired namespacecCsl|d||ftj}t|dkr"d|}t||r t|dSt|dkr2td|t|f|dS)Nz./%s:%sr#No ovf-env.xml configuration for %rr3:Multiple configuration matches in ovf-exml.xml for %r (%d))findallrdrrrr8r9r`)rnoderryrzmatchesrZr)r)r*_findQs     zOvfEnvXml._find decode_base64 parse_boolc Cs|d|tj}t|dkr d|}t||rt||St|dkr0td|t|f|dj} | dur;|} |rK| durKt d | } |rRt | } | S)Nz./wa:rr{r3r|r)r}rdrrrr8r9r`rrf b64decoder r=rtranslate_bool) rr~rryrrdefaultrrZrr)r)r*_parse_propertyis*       zOvfEnvXml._parse_propertycCs|j|ddd}|j|ddd}|j|dddd|_|j|ddd|_|j|d dd|_|j|d dd|_|j|d ddd |_||dS) NProvisioningSectionTry!LinuxProvisioningConfigurationSet CustomDataF)rryUserName UserPasswordHostName DisableSshPasswordAuthentication)rry)rrrirrhrrj_parse_ssh_section)rrprovisioning_section config_setr)r)r*rss<z0OvfEnvXml._parse_linux_configuration_set_sectioncCsL|j|ddd}|j|ddd}|j|ddddd|_|j|ddd|_dS) NPlatformSettingsSectionTrPlatformSettingsPreprovisionedVmF)rrryPreprovisionedVMType)rrrlrm)rrplatform_settings_sectionplatform_settingsr)r)r*rts$ z*OvfEnvXml._parse_platform_settings_sectionc Csg|_|j|ddd}|durdS|j|ddd}|durdS|dtjD]'}|j|ddd}|j|ddd}|j|dd dd }|||d }|j|q&dS) NSSHFr PublicKeysz./wa:PublicKey FingerprintPathValuer)rry)rrr)rkrr}rdrrrr) rr ssh_sectionpublic_keys_section public_keyrrrrr)r)r*rs2zOvfEnvXml._parse_ssh_section)rf)FFN)r$rrrrr rrrr rWrrp classmethodrxrrrsrtrr)r)r)r*rdsr      $" rdr)Srfrlloggingryrrrrrh contextlibrrrrrrtypingrrr r r r xml.etreer xml.sax.saxutilsr cloudinitrrrrrrcloudinit.reportingrcloudinit.settingsrcloudinit.sources.azurer getLoggerr$r8DEFAULT_WIRESERVER_ENDPOINTr@rTr_rkr}rr#r%rr,rMrWrr?r`rrrrvrrrWrrrrrrrrrrr"rArZr\r^r`rcrdr)r)r)r*s           " S  (    6 "?"f