1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
# Copyright (C) 2012 Yahoo! Inc.
#
# Author: Joshua Harlow <harlowja@yahoo-inc.com>
#
# This file is part of cloud-init. See LICENSE file for license information.
"""Write Files: write arbitrary files"""
import base64
import logging
import os
from typing import Optional
from cloudinit import url_helper, util
from cloudinit.cloud import Cloud
from cloudinit.config import Config
from cloudinit.config.schema import MetaSchema
from cloudinit.settings import PER_INSTANCE
DEFAULT_PERMS = 0o644
DEFAULT_DEFER = False
TEXT_PLAIN_ENC = "text/plain"
LOG = logging.getLogger(__name__)
meta: MetaSchema = {
"id": "cc_write_files",
"distros": ["all"],
"frequency": PER_INSTANCE,
"activate_by_schema_keys": ["write_files"],
}
def handle(name: str, cfg: Config, cloud: Cloud, args: list) -> None:
file_list = cfg.get("write_files", [])
filtered_files = [
f
for f in file_list
if not util.get_cfg_option_bool(f, "defer", DEFAULT_DEFER)
]
if not filtered_files:
LOG.debug(
"Skipping module named %s,"
" no/empty 'write_files' key in configuration",
name,
)
return
ssl_details = util.fetch_ssl_details(cloud.paths)
write_files(name, filtered_files, cloud.distro.default_owner, ssl_details)
def canonicalize_extraction(encoding_type):
if not encoding_type:
encoding_type = ""
encoding_type = encoding_type.lower().strip()
if encoding_type in ["gz", "gzip"]:
return ["application/x-gzip"]
if encoding_type in ["gz+base64", "gzip+base64", "gz+b64", "gzip+b64"]:
return ["application/base64", "application/x-gzip"]
# Yaml already encodes binary data as base64 if it is given to the
# yaml file as binary, so those will be automatically decoded for you.
# But the above b64 is just for people that are more 'comfortable'
# specifying it manually (which might be a possibility)
if encoding_type in ["b64", "base64"]:
return ["application/base64"]
if encoding_type == TEXT_PLAIN_ENC:
return [TEXT_PLAIN_ENC]
if encoding_type:
LOG.warning(
"Unknown encoding type %s, assuming %s",
encoding_type,
TEXT_PLAIN_ENC,
)
return [TEXT_PLAIN_ENC]
def write_files(name, files, owner: str, ssl_details: Optional[dict] = None):
if not files:
return
for i, f_info in enumerate(files):
path = f_info.get("path")
if not path:
LOG.warning(
"No path provided to write for entry %s in module %s",
i + 1,
name,
)
continue
path = os.path.abspath(path)
# Read content from provided URL, if any, or decode from inline
contents = read_url_or_decode(
f_info.get("source", None),
ssl_details,
f_info.get("content", None),
f_info.get("encoding", None),
)
if contents is None:
LOG.warning(
"No content could be loaded for entry %s in module %s;"
" skipping",
i + 1,
name,
)
continue
# Only create the file if content exists. This will not happen, for
# example, if the URL fails and no inline content was provided
(u, g) = util.extract_usergroup(f_info.get("owner", owner))
perms = decode_perms(f_info.get("permissions"), DEFAULT_PERMS)
omode = "ab" if util.get_cfg_option_bool(f_info, "append") else "wb"
util.write_file(
path, contents, omode=omode, mode=perms, user=u, group=g
)
util.chownbyname(path, u, g)
if util.get_permissions(path) != perms:
# Original setuid bit permissions were cleared due to chown
util.chmod(path, perms)
def decode_perms(perm, default):
if perm is None:
return default
try:
if isinstance(perm, (int, float)):
# Just 'downcast' it (if a float)
return int(perm)
else:
# Force to string and try octal conversion
return int(str(perm), 8)
except (TypeError, ValueError):
reps = []
for r in (perm, default):
try:
reps.append("%o" % r)
except TypeError:
reps.append("%r" % r)
LOG.warning("Undecodable permissions %s, returning default %s", *reps)
return default
def read_url_or_decode(source, ssl_details, content, encoding):
url = None if source is None else source.get("uri", None)
use_url = bool(url)
# Special case: empty URL and content. Write a blank file
if content is None and not use_url:
return ""
# Fetch file content from source URL, if provided
result = None
if use_url:
try:
# NOTE: These retry parameters are arbitrarily chosen defaults.
# They have no significance, and may be changed if appropriate
result = url_helper.read_file_or_url(
url,
headers=source.get("headers", None),
retries=3,
sec_between=3,
ssl_details=ssl_details,
).contents
except Exception:
util.logexc(
LOG,
'Failed to retrieve contents from source "%s"; falling back to'
' data from "contents" key',
url,
)
use_url = False
# If inline content is provided, and URL is not provided or is
# inaccessible, parse the former
if content is not None and not use_url:
# NOTE: This is not simply an "else"! Notice that `use_url` can change
# in the previous "if" block
extractions = canonicalize_extraction(encoding)
result = extract_contents(content, extractions)
return result
def extract_contents(contents, extraction_types):
result = contents
for t in extraction_types:
if t == "application/x-gzip":
result = util.decomp_gzip(result, quiet=False, decode=False)
elif t == "application/base64":
result = base64.b64decode(result)
elif t == TEXT_PLAIN_ENC:
pass
return result
|
