Ubuntu
ubuntu-advantage-tools package

Merge ~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools:upload-28-mantic into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel

  1. Git
  2. lp:~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools
  3. upload-28-mantic
  4. Merge into ubuntu/devel
Proposed by Grant Orndorff
Status: Merged
Merged at revision: 3a9468ad1c615b05f46ecb8ae9bf8b264d396be8
Proposed branch: ~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools:upload-28-mantic
Merge into: ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel
Diff against target: 22814 lines (+8963/-3090)
215 files modified
.github/PULL_REQUEST_TEMPLATE.md (+21/-2)
.github/actions/bug-refs/action.yml (+9/-0)
.github/actions/bug-refs/index.js (+107/-0)
.github/actions/bug-refs/package-lock.json (+430/-0)
.github/actions/bug-refs/package.json (+10/-0)
.github/workflows/ci-base.yaml (+2/-0)
.github/workflows/ci-integration.yaml (+3/-0)
.github/workflows/custom_pr_checks.yaml (+27/-0)
.pre-commit-config.yaml (+1/-1)
apport/source_ubuntu-advantage-tools.py (+6/-2)
apt-hook/json-hook.cc (+35/-19)
debian/changelog (+54/-0)
debian/source/lintian-overrides (+3/-1)
debian/ubuntu-advantage-tools.postinst (+1/-1)
dev-docs/explanations/systemd_units.md (+6/-6)
dev-docs/howtoguides/building.md (+0/-13)
dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md (+1/-1)
dev-docs/howtoguides/release_a_new_version.md (+52/-33)
dev-docs/howtoguides/testing.md (+4/-15)
dev-docs/references/directory_layout.md (+2/-2)
dev-docs/references/enabling_a_service.md (+1/-1)
dev-docs/references/terminology.md (+2/-2)
dev-docs/references/version_string_formatting.md (+10/-10)
dev-docs/references/what_happens_during_attach.md (+1/-1)
dev-requirements.txt (+1/-1)
dev/null (+0/-91)
docs/_static/js/github_issue_links.js (+1/-1)
docs/conf.py (+3/-1)
docs/explanations.rst (+2/-0)
docs/explanations/apt_messages.md (+1/-1)
docs/explanations/cves_and_usns_explained.md (+44/-0)
docs/explanations/how_to_interpret_output_of_unattended_upgrades.md (+82/-0)
docs/explanations/how_to_interpret_the_security_status_command.md (+200/-7)
docs/explanations/motd_messages.md (+121/-20)
docs/explanations/status_columns.md (+102/-0)
docs/googleaf254801a5285c31.html (+1/-0)
docs/howtoguides.rst (+1/-0)
docs/howtoguides/enable_fips.md (+1/-1)
docs/howtoguides/get_rid_of_corrupt_lock.md (+1/-1)
docs/howtoguides/get_token_and_attach.md (+37/-3)
docs/howtoguides/how_to_not_fix_related_usns.md (+65/-0)
docs/index.rst (+3/-2)
docs/references/api.md (+207/-0)
docs/references/network_requirements.md (+29/-23)
docs/sitemap-index.xml (+8/-0)
docs/tutorials/create_a_fips_updates_pro_cloud_image.md (+9/-9)
docs/tutorials/fix_scenarios.md (+54/-15)
features/_version.feature (+6/-6)
features/airgapped.feature (+1/-1)
features/api.feature (+12/-2)
features/api_configure_retry_service.feature (+1/-1)
features/api_full_auto_attach.feature (+1/-1)
features/api_magic_attach.feature (+1/-1)
features/api_packages.feature (+1/-1)
features/api_security.feature (+2/-2)
features/api_unattended_upgrades.feature (+1/-1)
features/apt_messages.feature (+26/-51)
features/attach_invalidtoken.feature (+2/-2)
features/attach_validtoken.feature (+34/-20)
features/attached_commands.feature (+66/-61)
features/attached_enable.feature (+25/-25)
features/attached_status.feature (+10/-6)
features/cloud.py (+74/-18)
features/cloud_pro_clone.feature (+2/-10)
features/collect_logs.feature (+2/-2)
features/config.feature (+1/-1)
features/daemon.feature (+82/-14)
features/docker.feature (+1/-2)
features/enable_fips_cloud.feature (+1/-1)
features/enable_fips_container.feature (+2/-2)
features/enable_fips_vm.feature (+40/-40)
features/environment.py (+114/-127)
features/fix.feature (+286/-68)
features/i8n.feature (+128/-0)
features/install_uninstall.feature (+3/-3)
features/livepatch.feature (+87/-16)
features/logs.feature (+60/-1)
features/magic_attach.feature (+2/-6)
features/motd_messages.feature (+2/-2)
features/proxy_config.feature (+19/-34)
features/realtime_kernel.feature (+267/-47)
features/reboot_cmds.feature (+48/-0)
features/retry_auto_attach.feature (+6/-7)
features/security_status.feature (+230/-66)
features/steps/airgap.py (+2/-2)
features/steps/attach.py (+20/-4)
features/steps/files.py (+5/-2)
features/steps/fix.py (+2/-2)
features/steps/machines.py (+37/-13)
features/steps/output.py (+7/-0)
features/steps/packages.py (+17/-18)
features/steps/shell.py (+4/-2)
features/steps/status.py (+1/-1)
features/steps/ubuntu_advantage_tools.py (+24/-23)
features/timer.feature (+20/-0)
features/ubuntu_pro.feature (+12/-12)
features/ubuntu_pro_fips.feature (+12/-12)
features/ubuntu_upgrade.feature (+2/-2)
features/ubuntu_upgrade_unattached.feature (+1/-1)
features/unattached_commands.feature (+183/-13)
features/unattached_status.feature (+28/-12)
features/util.py (+9/-4)
integration-requirements.txt (+1/-4)
lib/apt_news.py (+7/-1)
lib/auto_attach.py (+7/-1)
lib/daemon.py (+12/-1)
lib/esm_cache.py (+7/-0)
lib/reboot_cmds.py (+75/-107)
lib/timer.py (+10/-3)
lib/upgrade_lts_contract.py (+6/-114)
pyproject.toml (+20/-0)
sru/release-27.14/test-migrate-user-config.sh (+46/-28)
systemd/ua-auto-attach.service (+11/-1)
systemd/ua-reboot-cmds.service (+9/-2)
systemd/ua-timer.service (+8/-1)
systemd/ua-timer.timer (+5/-1)
systemd/ubuntu-advantage.service (+4/-3)
tools/README.md (+14/-2)
tools/create-lp-release-branches.sh (+5/-5)
tools/run-integration-tests.py (+20/-13)
tools/ua.bash (+13/-3)
tox.ini (+46/-37)
uaclient/actions.py (+32/-6)
uaclient/api/api.py (+2/-0)
uaclient/api/exceptions.py (+2/-17)
uaclient/api/tests/test_api_u_pro_status_enabled_services_v1.py (+73/-0)
uaclient/api/u/pro/attach/auto/full_auto_attach/v1.py (+2/-1)
uaclient/api/u/pro/status/enabled_services/v1.py (+83/-0)
uaclient/api/u/pro/status/is_attached/__init__.py (+0/-0)
uaclient/api/u/pro/status/is_attached/v1.py (+29/-0)
uaclient/apt.py (+29/-14)
uaclient/apt_news.py (+4/-3)
uaclient/cli.py (+84/-20)
uaclient/clouds/azure.py (+17/-4)
uaclient/clouds/gcp.py (+2/-2)
uaclient/clouds/tests/test_azure.py (+27/-8)
uaclient/clouds/tests/test_gcp.py (+106/-20)
uaclient/clouds/tests/test_identity.py (+4/-3)
uaclient/config.py (+9/-35)
uaclient/conftest.py (+15/-1)
uaclient/contract.py (+103/-76)
uaclient/contract_data_types.py (+18/-0)
uaclient/daemon/poll_for_pro_license.py (+13/-4)
uaclient/daemon/retry_auto_attach.py (+4/-3)
uaclient/daemon/tests/test_poll_for_pro_license.py (+1/-1)
uaclient/daemon/tests/test_retry_auto_attach.py (+11/-4)
uaclient/data_types.py (+10/-10)
uaclient/defaults.py (+1/-1)
uaclient/entitlements/__init__.py (+9/-3)
uaclient/entitlements/base.py (+146/-23)
uaclient/entitlements/esm.py (+4/-4)
uaclient/entitlements/fips.py (+2/-2)
uaclient/entitlements/livepatch.py (+23/-13)
uaclient/entitlements/realtime.py (+64/-2)
uaclient/entitlements/repo.py (+29/-16)
uaclient/entitlements/tests/test_base.py (+170/-4)
uaclient/entitlements/tests/test_cc.py (+27/-34)
uaclient/entitlements/tests/test_cis.py (+21/-6)
uaclient/entitlements/tests/test_entitlements.py (+17/-1)
uaclient/entitlements/tests/test_esm.py (+8/-8)
uaclient/entitlements/tests/test_fips.py (+58/-41)
uaclient/entitlements/tests/test_livepatch.py (+70/-63)
uaclient/entitlements/tests/test_realtime.py (+61/-0)
uaclient/entitlements/tests/test_repo.py (+34/-46)
uaclient/event_logger.py (+7/-0)
uaclient/exceptions.py (+51/-2)
uaclient/files/files.py (+7/-0)
uaclient/files/state_files.py (+5/-6)
uaclient/livepatch.py (+85/-26)
uaclient/log.py (+28/-2)
uaclient/messages.py (+131/-13)
uaclient/security.py (+390/-146)
uaclient/security_status.py (+162/-69)
uaclient/status.py (+133/-58)
uaclient/system.py (+191/-46)
uaclient/testing/fakes.py (+2/-5)
uaclient/tests/constraints/constraints-jammy.txt (+8/-0)
uaclient/tests/test_actions.py (+25/-11)
uaclient/tests/test_apt.py (+78/-13)
uaclient/tests/test_apt_news.py (+3/-3)
uaclient/tests/test_cli.py (+168/-51)
uaclient/tests/test_cli_api.py (+2/-1)
uaclient/tests/test_cli_attach.py (+33/-11)
uaclient/tests/test_cli_auto_attach.py (+39/-15)
uaclient/tests/test_cli_collect_logs.py (+34/-4)
uaclient/tests/test_cli_detach.py (+1/-0)
uaclient/tests/test_cli_disable.py (+8/-1)
uaclient/tests/test_cli_enable.py (+41/-3)
uaclient/tests/test_cli_fix.py (+12/-3)
uaclient/tests/test_cli_reboot_required.py (+2/-1)
uaclient/tests/test_cli_refresh.py (+5/-2)
uaclient/tests/test_cli_security_status.py (+4/-0)
uaclient/tests/test_cli_status.py (+8/-0)
uaclient/tests/test_config.py (+7/-53)
uaclient/tests/test_contract.py (+146/-117)
uaclient/tests/test_data_types.py (+8/-1)
uaclient/tests/test_livepatch.py (+143/-41)
uaclient/tests/test_reboot_cmds.py (+163/-154)
uaclient/tests/test_security.py (+542/-113)
uaclient/tests/test_security_status.py (+63/-28)
uaclient/tests/test_status.py (+74/-7)
uaclient/tests/test_system.py (+396/-101)
uaclient/tests/test_upgrade_lts_contract.py (+32/-66)
uaclient/tests/test_util.py (+32/-9)
uaclient/timer/__init__.py (+20/-0)
uaclient/timer/metering.py (+3/-2)
uaclient/timer/tests/__init__.py (+0/-0)
uaclient/timer/tests/test_update_contract_info.py (+2/-2)
uaclient/timer/tests/test_update_messaging.py (+10/-12)
uaclient/timer/update_contract_info.py (+2/-1)
uaclient/timer/update_messaging.py (+4/-5)
uaclient/upgrade_lts_contract.py (+104/-0)
uaclient/util.py (+4/-1)
uaclient/version.py (+1/-1)
ubuntu-advantage.1 (+1/-1)
Reviewer Review Type Date Requested Status
Lucas Kanashiro (community) Approve
Robie Basak Needs Fixing
Canonical Server Reporter Pending
Review via email: mp+443833@code.launchpad.net

Description of the change

This is release 28 of ubuntu-advantage-tools.
This replaces the 27.15 MP, which I will close shortly.

SRU Bug: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2017949

To post a comment you must log in.
Revision history for this message
Grant Orndorff (orndorffgrant) wrote :
Download full text (8.0 KiB)

* Staging PPA Test Triggers:
  - Source ubuntu-advantage-tools/28~rc1: Pending
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=mantic&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F28~rc1&ppa=ua-client%2Fstaging
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=mantic&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F28~rc1&ppa=ua-client%2Fstaging
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=mantic&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F28~rc1&ppa=ua-client%2Fstaging
    + ppc64el: https://autopkgtest.ubuntu.com/request.cgi?release=mantic&package=ubuntu-advantage-tools&arch=ppc64el&trigger=ubuntu-advantage-tools%2F28~rc1&ppa=ua-client%2Fstaging
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=mantic&package=ubuntu-advantage-tools&arch=s390x&trigger=ubuntu-advantage-tools%2F28~rc1&ppa=ua-client%2Fstaging
    + riscv64: https://autopkgtest.ubuntu.com/request.cgi?release=mantic&package=ubuntu-advantage-tools&arch=riscv64&trigger=ubuntu-advantage-tools%2F28~rc1&ppa=ua-client%2Fstaging
  - Source ubuntu-advantage-tools/28~23.04~rc1: Pending
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F28~23.04~rc1&ppa=ua-client%2Fstaging
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F28~23.04~rc1&ppa=ua-client%2Fstaging
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F28~23.04~rc1&ppa=ua-client%2Fstaging
    + ppc64el: https://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=ubuntu-advantage-tools&arch=ppc64el&trigger=ubuntu-advantage-tools%2F28~23.04~rc1&ppa=ua-client%2Fstaging
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=ubuntu-advantage-tools&arch=s390x&trigger=ubuntu-advantage-tools%2F28~23.04~rc1&ppa=ua-client%2Fstaging
    + riscv64: https://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=ubuntu-advantage-tools&arch=riscv64&trigger=ubuntu-advantage-tools%2F28~23.04~rc1&ppa=ua-client%2Fstaging
  - Source ubuntu-advantage-tools/28~22.10~rc1: Pending
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=kinetic&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F28~22.10~rc1&ppa=ua-client%2Fstaging
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=kinetic&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F28~22.10~rc1&ppa=ua-client%2Fstaging
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=kinetic&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F28~22.10~rc1&ppa=ua-client%2Fstaging
    + ppc64el: https://autopkgtest.ubuntu.com/request.cgi?release=kinetic&package=ubuntu-advantage-tools&arch=ppc64el&trigger=ubuntu-advantage-tools%2F28~22.10~rc1&ppa=ua-client%2Fstaging
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=kin...

Read more...

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

All tests were triggered.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :
Download full text (4.5 KiB)

Review:

As I am not familiar to the code base and my review here is more related to the
interaction with the system, I kind of skipped most changes related to tests
(the ones not executed during build time), CI and docs and tried to focus on the
code. Bear in mind this is my first pro-client review, so if there is something
you believe I should change in my approach please let me know.

I started reviewing the difference between the content in the archive (git tag
pkg/import/27.14.4) and the proposed branch for 27.15 (branch
upload-27.15-mantic). This branch contains just a partial set of changes of the
proposed upload (upload-28-mantic branch) but it was a good way to review it in
smaller chunks.

# Diff between 27.14.4 and 27.15 (never released)

- The initial commits are related to the diff between the packaging branch and
  upstream tag for that release that Robie raised to the Pro team on MM. Grant
  added those missing changes to the package now with splitted commits. Thanks
  Grant! There is still a delta in d/changelog which is fixed in version 28,
  and the .gitignore changes which still remains in version 28.

- A bunch of refactoring was done.

- A bunch of logging related changes, plus a apport script update to include
  those logs when reporting a bug. Now non-root user logging is supported.

- postinst change to better catch when the "ua_config" option is used. The
  regex was updated to check if the line starts with "ua_config", which makes
  sure that the option is not commented out. This change seems safe enough to
  me.

- The code which tries to load uaclient.conf from CWD was removed, considered
  unintuitive and unexpected behavior by the Pro team. I believe this has no
  impact in the package itself, since the config is loaded from somewhere else.

- Livepatch related changes. Nothing that I believe it will impact the package.
  The kernel architecture is now treated differently than the other packages,
  they use uname.machine to track it. So instead of amd64 we have x86_64 for
  kernels, which seems to be what the livepatch service supports.

- When getting OS info via os-release, now Pro tries to checkout /etc/os-release
  and then fallback to /usr/lib/os-release, as the doc suggests.

- Update the ua-reboot-cmds.service and ua-timer.timer to start only if
  /var/lib/ubuntu-advantage/private/machine-token.json exists, which means that
  it is already attached. I do not foresee any issue with that change.

- Pro security status now shows available/installed counts for ESM packages
  even if it is not enabled/attached. The output of the command was also
  updated to facilitate users searching for packages via grep, and some other
  small changes. The pro status message was also improved.

- Bionic specific urls where added to apt messaging.

- The apt config file adding infra-security and apps-security to
  Unattended-Upgrade:Allowed-Origins was removed from the Pro code base, it is
  now shipped by the unattended-upgrades package. I confirmed that it is true to
  supported releases.

- Pro now supports variants for services, such as variants for kernel vendors
  like Intel and NVIDIA.

# Diff between 27.15 (never re...

Read more...

review: Needs Fixing
Revision history for this message
Grant Orndorff (orndorffgrant) wrote :

Thank you for the review Lucas!

I've addressed your requests: The changelog references version 28 only now (since 27.15 never happened - I'll be deleting the 27.15 tag on GitHub as well). And the commit about the new return code now accurately says the new code is 4.

I'll also post the autopkgtest results so far in a separate comment. They're all passing so far, but some are still in the queue.

Revision history for this message
Grant Orndorff (orndorffgrant) wrote :
Download full text (3.9 KiB)

* Staging PPA Test Results:
  - ubuntu-advantage-tools/28~16.04~rc1
    + ✅ ubuntu-advantage-tools on xenial for amd64 @ 31.05.23 15:23:13 Log 🗒
    + ✅ ubuntu-advantage-tools on xenial for arm64 @ 31.05.23 15:27:09 Log 🗒
    + ✅ ubuntu-advantage-tools on xenial for armhf @ 31.05.23 15:22:36 Log 🗒
    + ✅ ubuntu-advantage-tools on xenial for i386 @ 31.05.23 15:38:47 Log 🗒
    + ✅ ubuntu-advantage-tools on xenial for ppc64el @ 31.05.23 15:22:47 Log 🗒
    + ✅ ubuntu-advantage-tools on xenial for s390x @ 31.05.23 15:40:53 Log 🗒
  - ubuntu-advantage-tools/28~18.04~rc1
    + ✅ ubuntu-advantage-tools on bionic for amd64 @ 01.06.23 02:12:58 Log 🗒
    + ✅ ubuntu-advantage-tools on bionic for arm64 @ 31.05.23 15:30:36 Log 🗒
    + ✅ ubuntu-advantage-tools on bionic for armhf @ 31.05.23 15:22:43 Log 🗒
    + ✅ ubuntu-advantage-tools on bionic for i386 @ 01.06.23 03:17:17 Log 🗒
    + ✅ ubuntu-advantage-tools on bionic for ppc64el @ 31.05.23 15:23:53 Log 🗒
  - ubuntu-advantage-tools/28~20.04~rc1
    + ✅ ubuntu-advantage-tools on focal for arm64 @ 31.05.23 22:38:53 Log 🗒
    + ✅ ubuntu-advantage-tools on focal for armhf @ 31.05.23 15:23:20 Log 🗒
    + ✅ ubuntu-advantage-tools on focal for ppc64el @ 31.05.23 15:24:49 Log 🗒
  - ubuntu-advantage-tools/28~22.04~rc1
    + ✅ ubuntu-advantage-tools on jammy for arm64 @ 01.06.23 00:58:01 Log 🗒
    + ✅ ubuntu-advantage-tools on jammy for armhf @ 31.05.23 15:30:03 Log 🗒
    + ✅ ubuntu-advantage-tools on jammy for ppc64el @ 31.05.23 15:23:18 Log 🗒
  - ubuntu-advantage-tools/28~22.10~rc1
    + ✅ ubuntu-advantage-tools on kinetic for amd64 @ 01.06.23 12:38:43 Log 🗒
    + ✅ ubuntu-advantage-tools on kinetic for armhf @ 31.05.23 15:21:52 Log 🗒
    + ✅ ubuntu-advantage-tools on kinetic for ppc64el @ 31.05.23 15:22:56 Log 🗒
  - ubuntu-advantage-tools/28~23.04~rc1
    + ✅ ubuntu-advantage-tools on lunar for armhf @ 31.05.23 15:21:03 Log 🗒
    + ✅ ubuntu-advantage-tools on lunar for ppc64el @ 31.05.23 15:23:05 Log 🗒
  - ubuntu-advantage-tools/28~rc1
    + ✅ ubuntu-advantage-tools on mantic for amd64 @ 31.05.23 15:25:13 Log 🗒
    + ✅ ubuntu-advantage-tools on mantic for arm64 @ 31.05.23 15:48:51 Log 🗒
    + ✅ ubuntu-advantage-tools on mantic for armhf @ 31.05.23 15:21:18 Log 🗒
    + ✅ ubuntu-advantage-tools on mantic for ppc64el @ 31.05.23 15:20:24 Log 🗒
    + ✅ ubuntu-advantage-tools on mantic for s390x @ 31.05.23 16:18:27 Log 🗒
* Waiting:
  # Q-num pkg release arch ppa trigger
  - 716 ubuntu-advantage-tools bionic s390x ua-client/staging ubuntu-advantage-tools/28~18.04~rc1
  - 60 ubuntu-advantage-tools focal amd64 ua-client/staging ubuntu-advantage-tools/28~20.04~rc1
  - 1340 ubuntu-advantage-tools focal s390x ua-client/staging ubuntu-advantage-tools/28~20.04~rc1
  - 1748 ubuntu-advantage-tools jammy s390x ua-client/staging ubuntu-advantage-tools/2...

Read more...

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for addressing my comments Grant!

I built the package locally and then ran lintian against it, and I noticed that the lintian overrides that you have in place seems to not be working. I got the following lintian error:

E: ubuntu-advantage-tools source: missing-build-dependency-for-dh-addon systemd (does not satisfy debhelper:any (>= 9.20160709~) | debhelper-compat:any | dh-sequence-systemd:any | dh-systemd:any) [debian/rules]

I see you have it in d/source/lintian-overrides:

$ cat debian/source/lintian-overrides | grep dh-addon
ubuntu-advantage-tools: missing-build-dependency-for-dh-addon systemd => dh-systemd

Could we try to fix it? I saw the comment in d/control regarding this change.

There are also some lintian warnings that are not mandatory to fix TBH, but they are kind of annoying and some of them have a good reason to be ignored, so maybe documenting it via a lintian override is a good way. I am going to list all the warnings below and based on your judgement override them or not.

W: ubuntu-advantage-tools: command-with-path-in-maintainer-script /usr/bin/python3 (plain script) [postinst:113]
W: ubuntu-advantage-tools: command-with-path-in-maintainer-script /usr/bin/python3 (plain script) [postinst:281]
W: ubuntu-advantage-tools: command-with-path-in-maintainer-script /usr/bin/python3 (plain script) [postinst:347]
W: ubuntu-advantage-tools: command-with-path-in-maintainer-script /usr/bin/python3 (plain script) [prerm:6]

I believe you know what you are doing, hard-coding python3 interpreter there :)

W: ubuntu-advantage-tools: maintainer-script-calls-systemctl [postinst:255]
W: ubuntu-advantage-tools: maintainer-script-calls-systemctl [postinst:258]

Since in Ubuntu we support just systemd there I think it is fine to call it directly. Ideally, we should use deb-systemd-invoke.

W: ubuntu-advantage-tools source: mismatched-override missing-build-dependency-for-dh-addon systemd => dh-systemd [debian/source/lintian-overrides:3]

This warning should be fixed when we fix the lintian error mentioned above.

W: ubuntu-advantage-tools source: package-uses-deprecated-debhelper-compat-version 9

We can override this one, I understand you use debhelper compat level 9 because you backport this package to old releases.

W: ubuntu-advantage-tools: possible-bashism-in-maintainer-script 'machine_token_file.read()' [postinst:284]

This one is a false positive, this line is called in a python code snippet.

W: ubuntu-advantage-tools: possibly-insecure-handling-of-tmp-files-in-maintainer-script /tmp [postinst:58]

I also believe you know what you are doing :)

W: ubuntu-advantage-tools: uses-dpkg-database-directly [usr/lib/ubuntu-advantage/apt-esm-json-hook]

And I think this is needed.

In short, the lintian error I'd like to get it fixed before uploading it, but the warnings is up to you, feel free to override or ignore them :)

review: Needs Fixing
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

While taking a look and executing the DEP-8 test, I noticed that it is really trivial. You should add 'superficial' to Restrictions to signalize that the successful pass of this test does not mean that your package is fully functional, since you are simply calling "ua --help" and "ua version". This may not be something you want to do now but I think you should do it at some point.

Revision history for this message
Grant Orndorff (orndorffgrant) wrote :

Thank you Lucas!

I think you've assessed the state of our lintian errors and warnings very well.

I've addressed the lintian error with an adjusted lintian-override in the latest commit I just pushed.

I've created issues on our GitHub repository to represent:
- overriding/resolving all of the lintian warnings: https://github.com/canonical/ubuntu-pro-client/issues/2608
- marking our current dep-8 tests as superficial: https://github.com/canonical/ubuntu-pro-client/issues/2609
- updating our dep-8 tests to be non-superficial: https://github.com/canonical/ubuntu-pro-client/issues/2610

Let me know if there is anything else!

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thank you Grant! LGTM now, +1.

review: Approve
Revision history for this message
Grant Orndorff (orndorffgrant) wrote :

The final autopkgtests have finished

  - ubuntu-advantage-tools/28~18.04~rc1
    + ✅ ubuntu-advantage-tools on bionic for s390x @ 02.06.23 17:18:56 Log 🗒
  - ubuntu-advantage-tools/28~20.04~rc1
    + ✅ ubuntu-advantage-tools on focal for amd64 @ 01.06.23 19:02:55 Log 🗒
    + ✅ ubuntu-advantage-tools on focal for s390x @ 03.06.23 12:32:58 Log 🗒
  - ubuntu-advantage-tools/28~22.04~rc1
    + ✅ ubuntu-advantage-tools on jammy for amd64 @ 01.06.23 18:12:44 Log 🗒
    + ✅ ubuntu-advantage-tools on jammy for s390x @ 03.06.23 19:33:52 Log 🗒
  - ubuntu-advantage-tools/28~22.10~rc1
    + ✅ ubuntu-advantage-tools on kinetic for arm64 @ 01.06.23 20:39:32 Log 🗒
  - ubuntu-advantage-tools/28~23.04~rc1
    + ✅ ubuntu-advantage-tools on lunar for amd64 @ 02.06.23 15:01:23 Log 🗒
    + ✅ ubuntu-advantage-tools on lunar for arm64 @ 01.06.23 16:03:26 Log 🗒
    + ✅ ubuntu-advantage-tools on lunar for s390x @ 02.06.23 11:32:14 Log 🗒

Revision history for this message
Robie Basak (racb) wrote :

Thank you Lucas for the excellent summary and review! Generally this looks good to me with no specific issues from an SRU perspective. However I did notice an issue that I thought is severe enough to need attention. There's also one other minor request that doesn't need to block this.

---

[Must be fixed or needs further discussion]

> 1c9bc854 subp: use system environment vars by default

This is dangerous for a number of reasons:

1) env.update(os.environ) will update the *caller's* copy. This is made even
worse by run_apt_command defining env={} as a default, so this will not only
change the caller's copy, it will mutate that default.

2) If a caller were relying on overriding an option in the environment by
specifying it here, that will no longer work as the entry in os.environ will
override it. Have you checked all callers?

3) Doesn't this make for a really surprising API? I'd expect the API to be
identical to the Python subprocess module use of env. Failing that, one would
expect env=None to mean "use the current process environment, and if env is not
None, for this to mean that either the entries present should either override
the current process environment or that the entries present should be used
ignoring the current process environment (I think Python does the latter). The
behaviour should be clearly stated in the docstring. For it to instead be the
behaviour in the previous point is surprising.

Suggestions:

1. Stick to the Python library's meaning of env. This is what developers
expect, and then the docstring can just refer to the subprocess module's
behaviour.

2. Never use the "foo={}" default value pattern unless you're actually trying
to create globally mutable state. Always use foo=None, and if required, "if foo
is None: foo = {}" to make sure you get an empty one every time.

3. Fix issue 2527 without changing the subp API's definition of env. For
example you could add an additional_env parameter to subp to make it explicit,
instead of overloading the meaning of env. This could be implemented like this:

if additional_env:
    final_env = dict(env) if env else {}
    final_env.update(additional_env)

As I've done here, it's generally a good idea to use a different name for every
variable with different semantics instead of mutating an existing one - this is
why I did not do "env = dict(env)...".

I see lots of use of env={} and haven't inspected the entire call graph to
understand the use of env throughout. This probably needs doing to make sure
the design accommodates everything.

---

[Optional/feature]

Some files in systemd/* contain some excellent comments explaining to
interested users what the services do, the circumstances under which they
(won't) activate and how to turn them off. Other files are less well commented.
For example, "attach" is a term that we understand, but users disinterested in
Pro do not.

Commits 697bbac1 and 9cd7fe26 touch these files. Maybe this is an opportunity
to improve the comments?

review: Needs Fixing
Revision history for this message
Grant Orndorff (orndorffgrant) wrote :

Thank you Robie!

Yes that is an excellent point about our overall usage of "env" and we should fix it. After taking a look at all of our uses of that argument, I've discovered that it is exclusively there to support setting DEBIAN_FRONTEND=noninteractive for some apt subprocesses. With that in mind, I've created an upstream PR that changes the name and the semantics of the argument to be more in line with what we're using it for. That includes changing it so that the arg overrides os.environ instead of the other way around. I've also tried to address your points about mutating caller args and mutable default args in the refactor.

Please take a look here when you have time: https://github.com/canonical/ubuntu-pro-client/pull/2623

I also went ahead and included more explanatory comments in our systemd unit files in that same PR - separate commit. Let me know if you think they make sense to include now or if not then we can workshop them and add them later.

Revision history for this message
Robie Basak (racb) wrote :

> I also went ahead and included more explanatory comments in our systemd unit files in that same PR - separate commit. Let me know if you think they make sense to include now or if not then we can workshop them and add them later.

I think it makes sense to include now, assuming that's easiest for you. Fine if not.

Revision history for this message
Grant Orndorff (orndorffgrant) wrote :

Thank you for the upstream review Robie!

We merged the fix upstream, and I just included it here in this branch. Please double check the last two commits I just pushed and let me know if you find anything else that needs fixing.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for the fixes Grant! I talked to Robie and he asked me just to make sure that what you proposed here matches the changes he approved in the upstream PR. I checked and the changes are the same. I'll be uploading those changes to Mantic.

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Package uploaded:

Uploading ubuntu-advantage-tools_28.dsc
Uploading ubuntu-advantage-tools_28.tar.xz
Uploading ubuntu-advantage-tools_28_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
2index abf1338..7faa407 100644
3--- a/.github/PULL_REQUEST_TEMPLATE.md
4+++ b/.github/PULL_REQUEST_TEMPLATE.md
5@@ -1,5 +1,13 @@
6-## Proposed Commit Message
7-<!-- Include a proposed commit message because all PRs can be merged in a variety of ways by the reviewer -->
8+## Why is this needed?
9+<!-- This information should be captured in your commit messages, so any description here can be very brief -->
10+This PR solves all of our problems because...
11+
12+<!--
13+By default, we rebase PRs and will ask for a clean well-organized commit history in the PR before rebasing.
14+If your PR is small enough and you prefer, uncomment the following section and fill it out to request a squashed PR.
15+-->
16+<!--
17+## Please Squash this PR with this commit message
18
19 ```
20 summary: no more than 70 characters
21@@ -14,6 +22,7 @@ If you need to write multiple paragraphs, feel free.
22 LP: #NNNNNNN (replace with the appropriate Launchpad bug reference if applicable)
23 Fixes: #NNNNNNN (replace with the appropriate github issue if applicable)
24 ```
25+-->
26
27 ## Test Steps
28 <!-- Please include any steps necessary to verify (and reproduce if
29@@ -21,6 +30,16 @@ this is a bug fix) this change on a live deployed system,
30 including any necessary configuration files, user-data,
31 setup, and teardown. Scripts used may be attached directly to this PR. -->
32
33+<!-- Example:
34+```
35+env SHELL_BEFORE=1 ./tools/test-in-lxd.sh xenial
36+# Set up test scenario before upgrade
37+exit # new version gets installed after exit and lxc shell is re-started
38+sudo pro new-sub-command --new-flag
39+# Assert something
40+```
41+-->
42+
43 ## Checklist
44 <!-- Go over all the following points, and put an `x` in all the boxes
45 that apply. -->
46diff --git a/.github/actions/bug-refs/action.yml b/.github/actions/bug-refs/action.yml
47new file mode 100644
48index 0000000..458d152
49--- /dev/null
50+++ b/.github/actions/bug-refs/action.yml
51@@ -0,0 +1,9 @@
52+name: 'Require Bug References'
53+description: 'Block PRs on missing bug references'
54+inputs:
55+ repo-token:
56+ description: 'Token for the repository. Can be passed in using {{ secrets.GITHUB_TOKEN }}'
57+ required: true
58+runs:
59+ using: 'node16'
60+ main: 'index.js'
61diff --git a/.github/actions/bug-refs/index.js b/.github/actions/bug-refs/index.js
62new file mode 100644
63index 0000000..b603793
64--- /dev/null
65+++ b/.github/actions/bug-refs/index.js
66@@ -0,0 +1,107 @@
67+const core = require('@actions/core');
68+const github = require('@actions/github');
69+
70+const commentHeader = "<!-- ubuntu-pro-client-bug-refs -->";
71+
72+function createCommentBody(commits, title) {
73+ let newComment = "";
74+ newComment += commentHeader;
75+ newComment += "\n";
76+
77+ newComment += "Jira: ";
78+ const jiraMatches = title.toLocaleUpperCase().match(/SC-\d+/g);
79+ if (jiraMatches === null || jiraMatches.length === 0) {
80+ newComment += "This PR is not related to a Jira item. (The PR title does not include a SC-#### reference)\n";
81+ } else {
82+ const jiraID = jiraMatches[0];
83+ newComment += `[${jiraID}](https://warthogs.atlassian.net/browse/${jiraID})\n`;
84+ }
85+ newComment += "\n";
86+
87+ let lpBugs = [];
88+ let ghIssues = [];
89+ commits.forEach(commit => {
90+ const message = commit.commit.message.toLocaleUpperCase();
91+ lpBugs = lpBugs.concat(Array.from(message.matchAll(/LP: #(\d+)/g)).map(m => m[1]));
92+ ghIssues = ghIssues.concat(Array.from(message.matchAll(/FIXES: #(\d+)/g)).map(m => m[1]));
93+ ghIssues = ghIssues.concat(Array.from(message.matchAll(/CLOSES: #(\d+)/g)).map(m => m[1]));
94+ });
95+
96+ newComment += "GitHub Issues:";
97+ if (ghIssues.length === 0) {
98+ newComment += " No GitHub issues are fixed by this PR. (No commits have Fixes: #### references)\n";
99+ } else {
100+ newComment += "\n";
101+ ghIssues.forEach(issue => {
102+ newComment += `- Fixes: #${issue}\n`;
103+ });
104+ }
105+ newComment += "\n";
106+
107+ newComment += "Launchpad Bugs:";
108+ if (lpBugs.length === 0) {
109+ newComment += " No Launchpad bugs are fixed by this PR. (No commits have LP: #### references)\n";
110+ } else {
111+ newComment += "\n";
112+ lpBugs.forEach(bug => {
113+ newComment += `- LP: [#${bug}](https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/${bug})\n`;
114+ });
115+ }
116+ newComment += "\n";
117+
118+ newComment += "👍 this comment to confirm that this is correct.";
119+
120+ return newComment;
121+}
122+
123+async function run() {
124+ const context = github.context;
125+ if (context.eventName !== "pull_request") {
126+ console.log(
127+ 'The event that triggered this action was not a pull request, skipping.'
128+ );
129+ return;
130+ }
131+
132+ const client = github.getOctokit(
133+ core.getInput('repo-token', {required: true})
134+ );
135+ const commits = await client.rest.pulls.listCommits({
136+ owner: context.issue.owner,
137+ repo: context.issue.repo,
138+ pull_number: context.issue.number,
139+ });
140+ const comments = await client.rest.issues.listComments({
141+ owner: context.issue.owner,
142+ repo: context.issue.repo,
143+ issue_number: context.issue.number,
144+ });
145+ const theComment = comments.data.find(c => c.body.includes(commentHeader));
146+ if (theComment) {
147+ // comment already exists, update it appropriately
148+ const existingBody = theComment.body;
149+ const newBody = createCommentBody(commits.data, context.payload.pull_request.title);
150+ if (existingBody !== newBody) {
151+ client.rest.issues.updateComment({
152+ owner: context.issue.owner,
153+ repo: context.issue.repo,
154+ comment_id: theComment.id,
155+ body: newBody,
156+ });
157+ }
158+ } else {
159+ // first run, comment doesn't exist yet
160+ const newBody = createCommentBody(commits.data, context.payload.pull_request.title);
161+ client.rest.issues.createComment({
162+ owner: context.issue.owner,
163+ repo: context.issue.repo,
164+ issue_number: context.issue.number,
165+ body: newBody,
166+ });
167+ }
168+}
169+
170+run().catch(error => {
171+ console.error(error);
172+ core.setFailed(error.message);
173+})
174diff --git a/.github/actions/bug-refs/package-lock.json b/.github/actions/bug-refs/package-lock.json
175new file mode 100644
176index 0000000..f9ad26b
177--- /dev/null
178+++ b/.github/actions/bug-refs/package-lock.json
179@@ -0,0 +1,430 @@
180+{
181+ "name": "bug-refs",
182+ "version": "1.0.0",
183+ "lockfileVersion": 2,
184+ "requires": true,
185+ "packages": {
186+ "": {
187+ "name": "bug-refs",
188+ "version": "1.0.0",
189+ "dependencies": {
190+ "@actions/core": "^1.10.0",
191+ "@actions/github": "^5.1.1"
192+ }
193+ },
194+ "node_modules/@actions/core": {
195+ "version": "1.10.0",
196+ "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
197+ "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
198+ "dependencies": {
199+ "@actions/http-client": "^2.0.1",
200+ "uuid": "^8.3.2"
201+ }
202+ },
203+ "node_modules/@actions/github": {
204+ "version": "5.1.1",
205+ "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
206+ "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
207+ "dependencies": {
208+ "@actions/http-client": "^2.0.1",
209+ "@octokit/core": "^3.6.0",
210+ "@octokit/plugin-paginate-rest": "^2.17.0",
211+ "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
212+ }
213+ },
214+ "node_modules/@actions/http-client": {
215+ "version": "2.1.0",
216+ "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
217+ "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
218+ "dependencies": {
219+ "tunnel": "^0.0.6"
220+ }
221+ },
222+ "node_modules/@octokit/auth-token": {
223+ "version": "2.5.0",
224+ "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz",
225+ "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==",
226+ "dependencies": {
227+ "@octokit/types": "^6.0.3"
228+ }
229+ },
230+ "node_modules/@octokit/core": {
231+ "version": "3.6.0",
232+ "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz",
233+ "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==",
234+ "dependencies": {
235+ "@octokit/auth-token": "^2.4.4",
236+ "@octokit/graphql": "^4.5.8",
237+ "@octokit/request": "^5.6.3",
238+ "@octokit/request-error": "^2.0.5",
239+ "@octokit/types": "^6.0.3",
240+ "before-after-hook": "^2.2.0",
241+ "universal-user-agent": "^6.0.0"
242+ }
243+ },
244+ "node_modules/@octokit/endpoint": {
245+ "version": "6.0.12",
246+ "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz",
247+ "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==",
248+ "dependencies": {
249+ "@octokit/types": "^6.0.3",
250+ "is-plain-object": "^5.0.0",
251+ "universal-user-agent": "^6.0.0"
252+ }
253+ },
254+ "node_modules/@octokit/graphql": {
255+ "version": "4.8.0",
256+ "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz",
257+ "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==",
258+ "dependencies": {
259+ "@octokit/request": "^5.6.0",
260+ "@octokit/types": "^6.0.3",
261+ "universal-user-agent": "^6.0.0"
262+ }
263+ },
264+ "node_modules/@octokit/openapi-types": {
265+ "version": "12.11.0",
266+ "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz",
267+ "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ=="
268+ },
269+ "node_modules/@octokit/plugin-paginate-rest": {
270+ "version": "2.21.3",
271+ "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz",
272+ "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==",
273+ "dependencies": {
274+ "@octokit/types": "^6.40.0"
275+ },
276+ "peerDependencies": {
277+ "@octokit/core": ">=2"
278+ }
279+ },
280+ "node_modules/@octokit/plugin-rest-endpoint-methods": {
281+ "version": "5.16.2",
282+ "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz",
283+ "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==",
284+ "dependencies": {
285+ "@octokit/types": "^6.39.0",
286+ "deprecation": "^2.3.1"
287+ },
288+ "peerDependencies": {
289+ "@octokit/core": ">=3"
290+ }
291+ },
292+ "node_modules/@octokit/request": {
293+ "version": "5.6.3",
294+ "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz",
295+ "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==",
296+ "dependencies": {
297+ "@octokit/endpoint": "^6.0.1",
298+ "@octokit/request-error": "^2.1.0",
299+ "@octokit/types": "^6.16.1",
300+ "is-plain-object": "^5.0.0",
301+ "node-fetch": "^2.6.7",
302+ "universal-user-agent": "^6.0.0"
303+ }
304+ },
305+ "node_modules/@octokit/request-error": {
306+ "version": "2.1.0",
307+ "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
308+ "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
309+ "dependencies": {
310+ "@octokit/types": "^6.0.3",
311+ "deprecation": "^2.0.0",
312+ "once": "^1.4.0"
313+ }
314+ },
315+ "node_modules/@octokit/types": {
316+ "version": "6.41.0",
317+ "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
318+ "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==",
319+ "dependencies": {
320+ "@octokit/openapi-types": "^12.11.0"
321+ }
322+ },
323+ "node_modules/before-after-hook": {
324+ "version": "2.2.3",
325+ "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
326+ "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="
327+ },
328+ "node_modules/deprecation": {
329+ "version": "2.3.1",
330+ "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
331+ "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
332+ },
333+ "node_modules/is-plain-object": {
334+ "version": "5.0.0",
335+ "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
336+ "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==",
337+ "engines": {
338+ "node": ">=0.10.0"
339+ }
340+ },
341+ "node_modules/node-fetch": {
342+ "version": "2.6.9",
343+ "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz",
344+ "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==",
345+ "dependencies": {
346+ "whatwg-url": "^5.0.0"
347+ },
348+ "engines": {
349+ "node": "4.x || >=6.0.0"
350+ },
351+ "peerDependencies": {
352+ "encoding": "^0.1.0"
353+ },
354+ "peerDependenciesMeta": {
355+ "encoding": {
356+ "optional": true
357+ }
358+ }
359+ },
360+ "node_modules/once": {
361+ "version": "1.4.0",
362+ "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
363+ "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
364+ "dependencies": {
365+ "wrappy": "1"
366+ }
367+ },
368+ "node_modules/tr46": {
369+ "version": "0.0.3",
370+ "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
371+ "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
372+ },
373+ "node_modules/tunnel": {
374+ "version": "0.0.6",
375+ "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
376+ "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
377+ "engines": {
378+ "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
379+ }
380+ },
381+ "node_modules/universal-user-agent": {
382+ "version": "6.0.0",
383+ "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
384+ "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
385+ },
386+ "node_modules/uuid": {
387+ "version": "8.3.2",
388+ "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
389+ "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
390+ "bin": {
391+ "uuid": "dist/bin/uuid"
392+ }
393+ },
394+ "node_modules/webidl-conversions": {
395+ "version": "3.0.1",
396+ "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
397+ "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
398+ },
399+ "node_modules/whatwg-url": {
400+ "version": "5.0.0",
401+ "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
402+ "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
403+ "dependencies": {
404+ "tr46": "~0.0.3",
405+ "webidl-conversions": "^3.0.0"
406+ }
407+ },
408+ "node_modules/wrappy": {
409+ "version": "1.0.2",
410+ "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
411+ "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
412+ }
413+ },
414+ "dependencies": {
415+ "@actions/core": {
416+ "version": "1.10.0",
417+ "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
418+ "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
419+ "requires": {
420+ "@actions/http-client": "^2.0.1",
421+ "uuid": "^8.3.2"
422+ }
423+ },
424+ "@actions/github": {
425+ "version": "5.1.1",
426+ "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
427+ "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
428+ "requires": {
429+ "@actions/http-client": "^2.0.1",
430+ "@octokit/core": "^3.6.0",
431+ "@octokit/plugin-paginate-rest": "^2.17.0",
432+ "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
433+ }
434+ },
435+ "@actions/http-client": {
436+ "version": "2.1.0",
437+ "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
438+ "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
439+ "requires": {
440+ "tunnel": "^0.0.6"
441+ }
442+ },
443+ "@octokit/auth-token": {
444+ "version": "2.5.0",
445+ "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz",
446+ "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==",
447+ "requires": {
448+ "@octokit/types": "^6.0.3"
449+ }
450+ },
451+ "@octokit/core": {
452+ "version": "3.6.0",
453+ "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz",
454+ "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==",
455+ "requires": {
456+ "@octokit/auth-token": "^2.4.4",
457+ "@octokit/graphql": "^4.5.8",
458+ "@octokit/request": "^5.6.3",
459+ "@octokit/request-error": "^2.0.5",
460+ "@octokit/types": "^6.0.3",
461+ "before-after-hook": "^2.2.0",
462+ "universal-user-agent": "^6.0.0"
463+ }
464+ },
465+ "@octokit/endpoint": {
466+ "version": "6.0.12",
467+ "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz",
468+ "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==",
469+ "requires": {
470+ "@octokit/types": "^6.0.3",
471+ "is-plain-object": "^5.0.0",
472+ "universal-user-agent": "^6.0.0"
473+ }
474+ },
475+ "@octokit/graphql": {
476+ "version": "4.8.0",
477+ "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz",
478+ "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==",
479+ "requires": {
480+ "@octokit/request": "^5.6.0",
481+ "@octokit/types": "^6.0.3",
482+ "universal-user-agent": "^6.0.0"
483+ }
484+ },
485+ "@octokit/openapi-types": {
486+ "version": "12.11.0",
487+ "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz",
488+ "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ=="
489+ },
490+ "@octokit/plugin-paginate-rest": {
491+ "version": "2.21.3",
492+ "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz",
493+ "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==",
494+ "requires": {
495+ "@octokit/types": "^6.40.0"
496+ }
497+ },
498+ "@octokit/plugin-rest-endpoint-methods": {
499+ "version": "5.16.2",
500+ "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz",
501+ "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==",
502+ "requires": {
503+ "@octokit/types": "^6.39.0",
504+ "deprecation": "^2.3.1"
505+ }
506+ },
507+ "@octokit/request": {
508+ "version": "5.6.3",
509+ "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz",
510+ "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==",
511+ "requires": {
512+ "@octokit/endpoint": "^6.0.1",
513+ "@octokit/request-error": "^2.1.0",
514+ "@octokit/types": "^6.16.1",
515+ "is-plain-object": "^5.0.0",
516+ "node-fetch": "^2.6.7",
517+ "universal-user-agent": "^6.0.0"
518+ }
519+ },
520+ "@octokit/request-error": {
521+ "version": "2.1.0",
522+ "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
523+ "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
524+ "requires": {
525+ "@octokit/types": "^6.0.3",
526+ "deprecation": "^2.0.0",
527+ "once": "^1.4.0"
528+ }
529+ },
530+ "@octokit/types": {
531+ "version": "6.41.0",
532+ "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
533+ "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==",
534+ "requires": {
535+ "@octokit/openapi-types": "^12.11.0"
536+ }
537+ },
538+ "before-after-hook": {
539+ "version": "2.2.3",
540+ "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
541+ "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="
542+ },
543+ "deprecation": {
544+ "version": "2.3.1",
545+ "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
546+ "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
547+ },
548+ "is-plain-object": {
549+ "version": "5.0.0",
550+ "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
551+ "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="
552+ },
553+ "node-fetch": {
554+ "version": "2.6.9",
555+ "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz",
556+ "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==",
557+ "requires": {
558+ "whatwg-url": "^5.0.0"
559+ }
560+ },
561+ "once": {
562+ "version": "1.4.0",
563+ "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
564+ "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
565+ "requires": {
566+ "wrappy": "1"
567+ }
568+ },
569+ "tr46": {
570+ "version": "0.0.3",
571+ "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
572+ "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
573+ },
574+ "tunnel": {
575+ "version": "0.0.6",
576+ "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
577+ "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
578+ },
579+ "universal-user-agent": {
580+ "version": "6.0.0",
581+ "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
582+ "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
583+ },
584+ "uuid": {
585+ "version": "8.3.2",
586+ "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
587+ "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
588+ },
589+ "webidl-conversions": {
590+ "version": "3.0.1",
591+ "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
592+ "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
593+ },
594+ "whatwg-url": {
595+ "version": "5.0.0",
596+ "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
597+ "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
598+ "requires": {
599+ "tr46": "~0.0.3",
600+ "webidl-conversions": "^3.0.0"
601+ }
602+ },
603+ "wrappy": {
604+ "version": "1.0.2",
605+ "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
606+ "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
607+ }
608+ }
609+}
610diff --git a/.github/actions/bug-refs/package.json b/.github/actions/bug-refs/package.json
611new file mode 100644
612index 0000000..14ceb07
613--- /dev/null
614+++ b/.github/actions/bug-refs/package.json
615@@ -0,0 +1,10 @@
616+{
617+ "name": "bug-refs",
618+ "version": "1.0.0",
619+ "description": "Block PRs on missing bug references",
620+ "main": "index.js",
621+ "dependencies": {
622+ "@actions/core": "^1.10.0",
623+ "@actions/github": "^5.1.1"
624+ }
625+}
626diff --git a/.github/workflows/ci-base.yaml b/.github/workflows/ci-base.yaml
627index 59174bf..dab17d3 100644
628--- a/.github/workflows/ci-base.yaml
629+++ b/.github/workflows/ci-base.yaml
630@@ -29,6 +29,8 @@ jobs:
631 run: tox -e mypy
632 - name: Version Consistency
633 run: python3 ./tools/check-versions-are-consistent.py
634+ - name: Docs
635+ run: tox -e docs
636 unit-tests:
637 name: Unit Tests
638 runs-on: ubuntu-22.04
639diff --git a/.github/workflows/ci-integration.yaml b/.github/workflows/ci-integration.yaml
640index 62df9e3..937de39 100644
641--- a/.github/workflows/ci-integration.yaml
642+++ b/.github/workflows/ci-integration.yaml
643@@ -92,6 +92,9 @@ jobs:
644 # in a way that is incompatible with lxd.
645 # https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker
646 sudo iptables -I DOCKER-USER -j ACCEPT
647+ - name: Refresh LXD
648+ if: matrix.platform == 'lxd' || matrix.platform == 'vm'
649+ run: sudo snap refresh --channel latest/stable lxd
650 - name: Initialize LXD
651 if: matrix.platform == 'lxd' || matrix.platform == 'vm'
652 run: sudo lxd init --auto
653diff --git a/.github/workflows/custom_pr_checks.yaml b/.github/workflows/custom_pr_checks.yaml
654new file mode 100644
655index 0000000..b3be667
656--- /dev/null
657+++ b/.github/workflows/custom_pr_checks.yaml
658@@ -0,0 +1,27 @@
659+---
660+
661+name: Custom PR Checks
662+
663+on:
664+ pull_request:
665+ types:
666+ - opened
667+ - synchronize
668+ - reopened
669+ - edited
670+ branches:
671+ - main
672+
673+jobs:
674+ bug-refs:
675+ runs-on: ubuntu-latest
676+ steps:
677+ - name: Git checkout
678+ uses: actions/checkout@v3
679+ - name: Install dependencies
680+ run: cd ./.github/actions/bug-refs && npm install
681+ - name: Check for bug references
682+ uses: ./.github/actions/bug-refs
683+ id: bug-refs
684+ with:
685+ repo-token: ${{ secrets.GITHUB_TOKEN }}
686diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
687index 829d39d..d3ba122 100644
688--- a/.pre-commit-config.yaml
689+++ b/.pre-commit-config.yaml
690@@ -4,7 +4,7 @@ repos:
691 hooks:
692 - id: black
693 - repo: https://github.com/pycqa/isort
694- rev: 5.8.0 # Also stored in dev-requirements.txt; update both together!
695+ rev: 5.12.0 # Also stored in dev-requirements.txt; update both together!
696 hooks:
697 - id: isort
698 - repo: https://github.com/shellcheck-py/shellcheck-py
699diff --git a/apport/source_ubuntu-advantage-tools.py b/apport/source_ubuntu-advantage-tools.py
700index 193d557..f2c4f1a 100644
701--- a/apport/source_ubuntu-advantage-tools.py
702+++ b/apport/source_ubuntu-advantage-tools.py
703@@ -2,6 +2,7 @@ import os
704 import tempfile
705
706 from apport.hookutils import attach_file_if_exists
707+from uaclient import defaults
708 from uaclient.actions import collect_logs
709 from uaclient.config import UAConfig
710
711@@ -12,7 +13,7 @@ def add_info(report, ui=None):
712 cfg = UAConfig()
713 with tempfile.TemporaryDirectory() as output_dir:
714 collect_logs(cfg, output_dir)
715- auto_include_log_files = [
716+ auto_include_log_files = {
717 "cloud-id.txt",
718 "cloud-id.txt-error",
719 "ua-status.json",
720@@ -24,6 +25,9 @@ def add_info(report, ui=None):
721 os.path.basename(cfg.timer_log_file),
722 os.path.basename(cfg.daemon_log_file),
723 os.path.basename(cfg.data_path("jobs-status")),
724- ]
725+ os.path.basename(defaults.CONFIG_DEFAULTS["log_file"]),
726+ os.path.basename(defaults.CONFIG_DEFAULTS["timer_log_file"]),
727+ os.path.basename(defaults.CONFIG_DEFAULTS["daemon_log_file"]),
728+ }
729 for f in auto_include_log_files:
730 attach_file_if_exists(report, os.path.join(output_dir, f), key=f)
731diff --git a/apt-hook/json-hook.cc b/apt-hook/json-hook.cc
732index 1d36bd2..61548b7 100644
733--- a/apt-hook/json-hook.cc
734+++ b/apt-hook/json-hook.cc
735@@ -218,13 +218,17 @@ CloudID get_cloud_id() {
736 return ret;
737 }
738
739-bool is_xenial() {
740+enum ESMInfraSeries {NOT_ESM_INFRA, XENIAL, BIONIC};
741+
742+ESMInfraSeries get_esm_infra_series() {
743 std::ifstream os_release_file("/etc/os-release");
744- bool ret = false;
745+ ESMInfraSeries ret = NOT_ESM_INFRA;
746 if (os_release_file.is_open()) {
747 std::string os_release_str((std::istreambuf_iterator<char>(os_release_file)), (std::istreambuf_iterator<char>()));
748 if (os_release_str.find("xenial") != os_release_str.npos) {
749- ret = true;
750+ ret = XENIAL;
751+ } else if (os_release_str.find("bionic") != os_release_str.npos) {
752+ ret = BIONIC;
753 }
754 os_release_file.close();
755 }
756@@ -238,27 +242,39 @@ struct ESMContext {
757
758 ESMContext get_esm_context() {
759 CloudID cloud_id = get_cloud_id();
760- bool is_x = is_xenial();
761+ ESMInfraSeries esm_infra_series = get_esm_infra_series();
762
763 ESMContext ret;
764 ret.context = "";
765 ret.url = "https://ubuntu.com/pro";
766
767- if (cloud_id != AZURE && is_x) {
768- ret.context = " for 16.04";
769- ret.url = "https://ubuntu.com/16-04";
770- } else if (cloud_id == AZURE && !is_x) {
771- ret.context = " on Azure";
772- ret.url = "https://ubuntu.com/azure/pro";
773- } else if (cloud_id == AZURE && is_x) {
774- ret.context = " for 16.04 on Azure";
775- ret.url = "https://ubuntu.com/16-04/azure";
776- } else if (cloud_id == AWS && !is_x) {
777- ret.context = " on AWS";
778- ret.url = "https://ubuntu.com/aws/pro";
779- } else if (cloud_id == GCE && !is_x) {
780- ret.context = " on GCP";
781- ret.url = "https://ubuntu.com/gcp/pro";
782+ if (esm_infra_series == XENIAL) {
783+ if (cloud_id == AZURE) {
784+ ret.context = " for 16.04 on Azure";
785+ ret.url = "https://ubuntu.com/16-04/azure";
786+ } else {
787+ ret.context = " for 16.04";
788+ ret.url = "https://ubuntu.com/16-04";
789+ }
790+ } else if (esm_infra_series == BIONIC) {
791+ if (cloud_id == AZURE) {
792+ ret.context = " for 18.04 on Azure";
793+ ret.url = "https://ubuntu.com/18-04/azure";
794+ } else {
795+ ret.context = " for 18.04";
796+ ret.url = "https://ubuntu.com/18-04";
797+ }
798+ } else {
799+ if (cloud_id == AZURE) {
800+ ret.context = " on Azure";
801+ ret.url = "https://ubuntu.com/azure/pro";
802+ } else if (cloud_id == AWS) {
803+ ret.context = " on AWS";
804+ ret.url = "https://ubuntu.com/aws/pro";
805+ } else if (cloud_id == GCE) {
806+ ret.context = " on GCP";
807+ ret.url = "https://ubuntu.com/gcp/pro";
808+ }
809 }
810
811 return ret;
812diff --git a/apt.conf.d/51ubuntu-advantage-esm b/apt.conf.d/51ubuntu-advantage-esm
813deleted file mode 100644
814index e9b1c3a..0000000
815--- a/apt.conf.d/51ubuntu-advantage-esm
816+++ /dev/null
817@@ -1,6 +0,0 @@
818-Unattended-Upgrade::Allowed-Origins {
819- "${distro_id}ESM:${distro_codename}-infra-security";
820-};
821-Unattended-Upgrade::Allowed-Origins {
822- "${distro_id}ESMApps:${distro_codename}-apps-security";
823-};
824diff --git a/debian/changelog b/debian/changelog
825index 69290bb..6a53910 100644
826--- a/debian/changelog
827+++ b/debian/changelog
828@@ -1,3 +1,57 @@
829+ubuntu-advantage-tools (28) mantic; urgency=medium
830+
831+ * d/ubuntu-advantage-tools.postinst:
832+ - more specific regex for ua_config warning
833+ * d/source/lintian-overrides
834+ - adjust missing-build-dependency-for-dh-addon systemd override to work
835+ for the different but related error message on jammy onwards
836+ * New upstream release 28 (LP: #2017949)
837+ - api:
838+ + new endpoint: u.pro.status.is_attached.v1
839+ + new endpoint: u.pro.status.enabled_services.v1
840+ - apport: collect default log files if present for bug reports
841+ - apt messaging: add bionic-specific urls
842+ - auto-attach:
843+ + check for new Azure UBUNTU_PRO license on-boot of non-pro instances
844+ + exit 4 if attach succeeds but service enablement fails
845+ - cli:
846+ + avoid unnecessary network calls during autocomplete (GH: #2556)
847+ + warn users to not rely on human-readable output in scripts
848+ - config: no longer load uaclient.conf from current working directory
849+ - fix:
850+ + add support for --no-related flag
851+ + separate target USN from related USNs
852+ - general:
853+ + logs to user cache directory when run as non-root
854+ + fix bug where non-root commands failed with file permission error
855+ accessing /tmp/ubuntu-advantage (GH: #2567)
856+ + use system environment vars by default in sub processes (GH: #2527)
857+ + fall back to /usr/lib/os-release for release info
858+ + start logging to default log file until config is loaded
859+ + remove small timeout from contract checking request
860+ + avoid crashes when processing unicode text (LP: #2019729)
861+ - livepatch:
862+ + use uname.machine for kernel arch when checking support
863+ (GH: #2517)
864+ + display tailored warning messages for granular support statuses
865+ - realtime-kernel: add support for intel-iotg variant
866+ - reboot-required: new criteria for "yes-kernel-livepatches-applied"
867+ livepatch status must be either "applied" or "nothing-to-apply" and
868+ livepatch support status must say "supported"
869+ - security-status:
870+ + always show available/installed counts for esm packages
871+ + include hint to run apt-get update for up-to-date info (GH: #2443)
872+ + improve visibility of installed and available updates (GH: #2442)
873+ + change package info message hint to recommend apt-cache show
874+ + avoids unnecessary network calls (LP: #2015286, GH: #2536)
875+ - systemd: update service unit for reboot_cmds to not run if not attached
876+ - status:
877+ + add hint for pro status --all
878+ + better message if no services are available (LP: #1994923)
879+ - timer: only run timer when attached
880+
881+ -- Grant Orndorff <grant.orndorff@canonical.com> Thu, 27 Apr 2023 16:34:55 -0400
882+
883 ubuntu-advantage-tools (27.14.4) lunar; urgency=medium
884
885 * timer: disable update_contract_info job (LP: #2015302)
886diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
887index e7419bd..b1ce79a 100644
888--- a/debian/source/lintian-overrides
889+++ b/debian/source/lintian-overrides
890@@ -1,6 +1,8 @@
891 # Lintian doesn't see dh-systemd alternative when building on xenial
892 ubuntu-advantage-tools: missing-build-dependency-for-dh_-command dh_systemd_start => dh-systemd
893-ubuntu-advantage-tools: missing-build-dependency-for-dh-addon systemd => dh-systemd
894+
895+# Lintian can't handle the multiline debhelper/dh-systemd dependencies explained in debian/control
896+ubuntu-advantage-tools: missing-build-dependency-for-dh-addon *systemd*
897
898 # Lintian doesn't like mentioning riscv64 for older go package
899 ubuntu-advantage-tools: invalid-arch-string-in-source-relation riscv64 [build-depends: golang-1.10-go [!powerpc !riscv64]]
900diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst
901index 7d9d03e..31d93ae 100644
902--- a/debian/ubuntu-advantage-tools.postinst
903+++ b/debian/ubuntu-advantage-tools.postinst
904@@ -452,7 +452,7 @@ case "$1" in
905 migrate_user_config_post
906 fi
907
908- if grep -q "ua_config:" /etc/ubuntu-advantage/uaclient.conf; then
909+ if grep -q "^ua_config:" /etc/ubuntu-advantage/uaclient.conf; then
910 echo "Warning: uaclient.conf contains old ua_config field." >&2
911 echo " Please do the following:" >&2
912 echo " 1. Run 'pro config set field=value' for each field/value pair" >&2
913diff --git a/dev-docs/explanations/systemd_units.md b/dev-docs/explanations/systemd_units.md
914index b5f4f0a..577960a 100644
915--- a/dev-docs/explanations/systemd_units.md
916+++ b/dev-docs/explanations/systemd_units.md
917@@ -6,8 +6,8 @@
918 There are three methods by which a cloud instance may auto-attach to become Ubuntu Pro.
919
920 1. On boot auto-attach for known Pro cloud instances.
921-2. Upgrade-in-place for non-Pro instances that get modified via the Cloud platform to entitle them to become Ubuntu Pro (only on GCP for now)
922-3. Retry auto-attach in case of failures
923+2. Upgrade-in-place for non-Pro instances that get modified via the Cloud platform to entitle them to become Ubuntu Pro (only on Azure and GCP for now).
924+3. Retry auto-attach in case of failures.
925
926 (1) is handled by a systemd unit (`ua-auto-attach.service`) delivered by a separate package called `ubuntu-advantage-pro`. This package is only installed on Ubuntu Pro Cloud images. In this way, an instance launched from an Ubuntu Pro Cloud image knows that it needs to auto-attach.
927
928@@ -22,8 +22,8 @@ graph TD;
929 is_pro{Is -pro installed?}
930 auto_outcome{Success?}
931 is_attached{Attached?}
932- should_run_daemon{on GCP? or retry flag set?}
933- is_gcp{GCP?}
934+ should_run_daemon{on Azure? or GCP? or retry flag set?}
935+ is_gcp{Azure or GCP?}
936 is_retry{retry flag set?}
937 is_gcp_pro{Pro license detected?}
938 daemon_attach_outcome{Success?}
939@@ -33,11 +33,11 @@ graph TD;
940 auto_attach[/Try to Attach/]
941 trigger_retry[/Create Retry Flag File/]
942 trigger_retry2[/Create Retry Flag File/]
943- poll_gcp[/Poll for GCP Pro license/]
944+ poll_gcp[/Poll for cloud Pro license/]
945 daemon_attach[/Try to Attach/]
946 daemon_attach2[/Try to Attach/]
947 wait[/Wait a while/]
948-
949+
950 %%%% systemd units
951 auto(ua-auto-attach.service)
952 daemon(ubuntu-advantage.service)
953diff --git a/docs/README.md b/dev-docs/howtoguides/build-docs.md
954similarity index 100%
955rename from docs/README.md
956rename to dev-docs/howtoguides/build-docs.md
957diff --git a/dev-docs/howtoguides/building.md b/dev-docs/howtoguides/building.md
958index 17be892..40b4d70 100644
959--- a/dev-docs/howtoguides/building.md
960+++ b/dev-docs/howtoguides/building.md
961@@ -41,16 +41,3 @@ sbuild-launchpad-chroot create --architecture="riscv64" "--name=focal-riscv64" "
962 > # this script can be used to update all chroots
963 > sudo PATTERN=\* sh /usr/share/doc/sbuild/examples/sbuild-debian-developer-setup-update-all
964 > ```
965-
966-## Setting up an lxc development container
967-```shell
968-lxc launch ubuntu-daily:xenial dev-x -c user.user-data="$(cat tools/ua-dev-cloud-config.yaml)"
969-lxc exec dev-x bash
970-```
971-
972-## Setting up a kvm development environment with multipass
973-**Note:** There is a sample procedure documented in tools/multipass.md as well.
974-```shell
975-multipass launch daily:focal -n dev-f --cloud-init tools/ua-dev-cloud-config.yaml
976-multipass connect dev-f
977-```
978diff --git a/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md b/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md
979index 792c5d8..c06c32b 100644
980--- a/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md
981+++ b/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md
982@@ -28,7 +28,7 @@ It is expected for you to see the following json response:
983 "_schema_version": "v1",
984 "data": {
985 "meta": {
986- "environment_vars": []}
987+ "environment_vars": []
988 },
989 "attributes": {
990 "expires": "EXPIRE_DATE",
991diff --git a/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md b/dev-docs/howtoguides/release_a_new_version.md
992similarity index 75%
993rename from dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md
994rename to dev-docs/howtoguides/release_a_new_version.md
995index 7a067dc..44ebd48 100644
996--- a/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md
997+++ b/dev-docs/howtoguides/release_a_new_version.md
998@@ -31,6 +31,14 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
999 ```
1000 * You must have Launchpad already properly configured in your system in order to upload packages to the PPAs. Follow [this guide](https://help.launchpad.net/Packaging/PPA/Uploading) to get set up.
1001
1002+* In order to run the `ppa` command, install `ppa-dev-tools` from `bryce`'s PPA:
1003+ ```bash
1004+ sudo add-apt-repository ppa:bryce/ppa-dev-tools
1005+ sudo apt update
1006+ sudo apt install ppa-dev-tools
1007+ ```
1008+ When running `ppa` for the first time, there will be another round of launchpad authorization to be performed.
1009+
1010 ## I. Preliminary/staging release to team infrastructure
1011 1. Create a release PR:
1012
1013@@ -38,10 +46,10 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1014
1015 * This step is currently not well defined. We currently are using `release-27` for all `27.X` releases and have been cherry-picking/rebasing all commits from `main` into this branch for a release.
1016
1017- b Create a new entry in the `debian/changelog` file:
1018+ b. Create a new entry in the `debian/changelog` file:
1019
1020 * You can do that by running `dch --newversion <version-name>`.
1021- * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2~21.10.1`, with the appropriate pro-client and ubuntu/devel version numbers.
1022+ * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2`, with the appropriate pro-client version number.
1023 * Populate `debian/changelog` with the commits you have cherry-picked.
1024 * You can do that by running `git log <first-cherry-pick-commit>..<last-cherry-pick-commit> | log2dch`
1025 * This will generate a list of commits that could be included in the changelog.
1026@@ -51,26 +59,26 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1027 changelog.
1028 * To structure the changelog you can use the other entries as example. But we basically try to
1029 keep this order: debian changes, new features/modifications, testing. Within each section, bullet points should be alphabetized.
1030-
1031+
1032 c. Create a PR on GitHub into the release branch. Ask in the ~UA channel on Mattermost for review.
1033
1034 d. When reviewing the release PR, please use the following guidelines when reviewing the new changelog entry:
1035
1036- * Is the version correctly updated? We must ensure that the new version in the changelog is
1037- correct and it also targets the latest Ubuntu release at the moment.
1038- * Is the entry useful for the user? The changelog entries should be user focused, meaning
1039- that we should only add entries that we think users will care about (i.e. we don't need
1040- entries when fixing a test, as this doesn't provide meaningful information to the user).
1041- * Is this entry redundant? Sometimes we may have changes that affect separate modules of the
1042- code. We should have an entry only for the module that was most affected by it.
1043- * Is the changelog entry unique? We need to verify that the changelog entry is not already
1044- reflected in an earlier version of the changelog. If it is, we need not only to remove but double
1045- check the process we are using to cherry-pick the commits.
1046- * Is this entry actually reflected in the code? Sometimes, we can have changelog entries
1047- that are not reflected in the code anymore. This can happen during development when we are
1048- still unsure about the behaviour of a feature or when we fix a bug that removes the code
1049- that was added. We must verify each changelog entry that is added to be sure of their
1050- presence in the product.
1051+ * Is the version correctly updated? We must ensure that the new version in the changelog is
1052+ correct and it also targets the latest Ubuntu release at the moment.
1053+ * Is the entry useful for the user? The changelog entries should be user focused, meaning
1054+ that we should only add entries that we think users will care about (i.e. we don't need
1055+ entries when fixing a test, as this doesn't provide meaningful information to the user).
1056+ * Is this entry redundant? Sometimes we may have changes that affect separate modules of the
1057+ code. We should have an entry only for the module that was most affected by it.
1058+ * Is the changelog entry unique? We need to verify that the changelog entry is not already
1059+ reflected in an earlier version of the changelog. If it is, we need not only to remove but double
1060+ check the process we are using to cherry-pick the commits.
1061+ * Is this entry actually reflected in the code? Sometimes, we can have changelog entries
1062+ that are not reflected in the code anymore. This can happen during development when we are
1063+ still unsure about the behaviour of a feature or when we fix a bug that removes the code
1064+ that was added. We must verify each changelog entry that is added to be sure of their
1065+ presence in the product.
1066
1067 2. After the release PR is merged, tag the head of the release branch with the version number, e.g., `27.1`. Push this tag to GitHub.
1068
1069@@ -84,7 +92,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1070
1071 b. Edit the changelog
1072 * List yourself as the author of this release.
1073- * Edit the version number to look like: `27.2~20.04.1~rc1` (`<version>~<ubuntu-release-number>.<revno>~rc<release-candidate-number>`)
1074+ * Edit the version number to look like: `27.2~rc1` (`<version>~rc<release-candidate-number>`)
1075 * Edit the Ubuntu release name. Start with the ubuntu/devel release.
1076 * `git add debian/changelog && git commit -m "throwaway"` - Do **not** push this commit!
1077
1078@@ -95,9 +103,10 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1079 * If this succeeds move on. If this fails, debug and fix before continuing.
1080
1081 e. Repeat 3.b through 3.d for all supported Ubuntu Releases
1082- * PS: remember to also change the version number on the changelog. For example, suppose
1083- the new version is `1.1~20.04.1~rc1`. If you want to test Bionic now, change it to
1084- `1.1~18.04.1~rc1`.
1085+ * The version for series other than devel should be in the form `<version>~<ubuntu-release-number>~rc<release-candidate-number>`
1086+ This means you must add the release number in the changelog. For example, suppose
1087+ the devel version is `1.1~rc1`. If you want to build for jammy now, change it to
1088+ `1.1~22.04~rc1`.
1089
1090 f. For each release, dput to the staging PPA:
1091 * `dput ppa:ua-client/staging ../out/<package_name>_source.changes`
1092@@ -115,7 +124,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1093 b. Create a new bug on Launchpad for ubuntu-advantage-tools and use the format defined [here](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates#SRU_Template) for the description.
1094 * The title should be in the format `[SRU] ubuntu-advantage-tools (27.1 -> 27.2) Xenial, Bionic, Focal, Jammy`, substituting version numbers and release names as necessary.
1095 * If any of the changes for the SRU is in the [Early Review Sign-off list](../references/early_review_signoff.md), include a pointer in the `[Discussion]` section to where the discussion/approval of that feature took place (if possible).
1096-
1097+
1098 c. For each Launchpad bug fixed by this release (which should all be referenced in our changelog), add the SRU template to the description and fill out each section.
1099 * Leave the original description in the bug at the bottom under the header `[Original Description]`.
1100 * For the testing steps, include steps to reproduce the bug. Then include instructions for adding `ppa:ua-client/staging`, and steps to verify the bug is no longer present.
1101@@ -136,18 +145,21 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1102 e. `git checkout -B upload-<this-version>-kinetic`
1103 * This creates a new local branch name based on your detached branch.
1104
1105- f. Make sure the changelog version contains the release version in the name (e.g., `27.1~22.10.1`)
1106-
1107- g. `git push <your_launchpad_user> upload-<this-version>-kinetic`
1108+ f. `git push <your_launchpad_user> upload-<this-version>-kinetic`
1109
1110- h. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel`
1111- * For an example, see the [27.9 merge proposal](https://code.launchpad.net/~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/422906).
1112+ g. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel`
1113+ * For an example, see the [27.14.1 merge proposal](https://code.launchpad.net/~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/439507).
1114 * Add 2 review slots for `canonical-server-reporter` and `canonical-server-core-reviewers`.
1115
1116-4. Server Team Review and Pre-SRU Review
1117+ h. With the packages published to `ppa:ua-client/staging`, add links to the autopkgtest triggers to the Merge Proposal. The reviewer will have permission to trigger those tests. The links can be obtained by running `ppa tests -r <release> -a <arch1,arch2> ua-client/staging -L`
1118+ * Make sure to post links to all the architectures built for a given release.
1119+ * The riscv64 autopkgtests are not avaialble and don't need to be included.
1120+ * The `ppa test` command will have two variations of tests: the regular one, and one with `all-proposed=1`; only the regular test need to be there.
1121+
1122+3. Server Team Review and Pre-SRU Review
1123
1124 a. Ask the assigned ubuntu-advantage-tools reviewer/sponsor from Server team for a review of your MPs. If you don't know who that is, ask in ~Server. Include a link to the ubuntu/devel MP and to the SRU bug.
1125-
1126+
1127 b. If they request changes, create a PR into the release branch on GitHub and ask Pro Client team for review. After that is merged, cherry-pick the commit into your `upload-<this-version>-<devel-release>` branch and push to launchpad. Then notify the Server Team member that you have addressed their requests.
1128 * Some issues may just be filed for addressing in the future if they are not urgent or pertinent to this release.
1129 * Unless the changes are very minor, or only testing related, you should upload a new release candidate version to `ppa:ua-client/staging` as described in I.3.
1130@@ -160,7 +172,12 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1131 * Follow instructions in `II.4.b` if they request any changes.
1132
1133 e. Once the SRU team member gives a pre-SRU approval, create the branches for each stable release. They should be named `upload-<this-version>-<codename>`.
1134+ * The versions for the stable releases must include `~<release-number>`
1135 * If you've followed the instructions precisely so far, you can just run `bash tools/create-lp-release-branches.sh`.
1136+ - When using the `create-lp-release-branches.sh` script, an important parameter is `SRU_BUG`:
1137+ - In the vast majority of cases, this should be set to the overall SRU bug written in step II.1.b.
1138+ - In the case where an existing SRU never got released, and a new patch version was uploaded on top of it to fix a new bug discovered during review, then the bug should still be the overall SRU bug.
1139+ - If the release is exclusively a bugfix release and the previous version has already been successfully released all the way through the SRU process, then the bug should instead be the specific bugfix number.
1140
1141 f. Ask Server team member sponsor to upload to devel, and then the SRU proposed queue using the stable release branches you just created.
1142 * Ask them to tag the PR with the appropriate `upload/<version>` tag so git-ubuntu will import rich commit history.
1143@@ -170,7 +187,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1144
1145 h. Tell the SRU team member who performed the pre-SRU review that the packages are in the -proposed release queue. They will need to actually approve the package to move into -proposed.
1146
1147-5. -proposed verification and release to -updates
1148+4. -proposed verification and release to -updates
1149
1150 a. As soon as the SRU vanguard approves the packages, a bot in #ubuntu-release will announce that ubuntu-advantage-tools is accepted into the applicable -proposed pockets, or the [Xenial -proposed release rejection queue](https://launchpad.net/ubuntu/xenial/+queue?queue_state=4&queue_text=ubuntu-advantage-tools) will contain a reason for rejections. Double check the SRU process bug for any actionable review feedback.
1151 * Once accepted into `-proposed` by an SRU vanguard [ubuntu-advantage-tools shows up in the pending_sru page](https://people.canonical.com/~ubuntu-archive/pending-sru.html), check `rmadison ubuntu-advantage-tools | grep -proposed` to see if the upload exists in -proposed yet.
1152@@ -182,19 +199,21 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t
1153 * There may also be one-time test scripts added in the `sru/` directory for this release.
1154
1155 d. After all tests have passed, tarball all of the output files and upload them to the SRU bug with a message that looks like this:
1156+
1157 ```
1158 We have run the full ubuntu-advantage-tools integration test suite against the version in -proposed. The results are attached. All tests passed.
1159-
1160+
1161 You can verify the correct version was used by checking the output of the first test in each file, which prints the version number.
1162
1163 I am marking the verification done for this SRU.
1164 ```
1165+
1166 Change the tags on the bug from `verification-needed` to `verification-done` (including the verification tags for each Ubuntu release).
1167
1168 e. For any other related Launchpad bugs that are fixed in this release, perform the verification steps necessary for those bugs and mark them `verification-done` as needed. This will likely involve following the test steps, but instead of adding the staging PPA, enabling -proposed.
1169
1170 f. Once all SRU bugs are tagged as `verification*-done`, all SRU-bugs should be listed as green in [the pending_sru page](https://people.canonical.com/~ubuntu-archive/pending-sru.html).
1171-
1172+
1173 g. After the pending SRU page says that ubuntu-advantage-tools has been in proposed for 7 days, it is now time to ping the [current SRU vanguard](https://wiki.ubuntu.com/StableReleaseUpdates#Publishing) for acceptance of ubuntu-advantage-tools into -updates.
1174
1175 h. Check `rmadison ubuntu-advantage-tools` for updated version in -updates.
1176diff --git a/dev-docs/howtoguides/testing.md b/dev-docs/howtoguides/testing.md
1177index fb0519a..24706d4 100644
1178--- a/dev-docs/howtoguides/testing.md
1179+++ b/dev-docs/howtoguides/testing.md
1180@@ -139,13 +139,13 @@ This adds an upfront cost that is amortized across several test scenarios.
1181 Based on some rough testing in July 2021, these are the situations
1182 when you should set UACLIENT_BEHAVE_SNAPSHOT_STRATEGY=1
1183
1184-> At time of writing, starting a lxd.vm instance from a local snapshot takes
1185-> longer than starting a fresh lxd.vm instance and installing ua.
1186+> At time of writing, starting a lxd-vm instance from a local snapshot takes
1187+> longer than starting a fresh lxd-vm instance and installing ua.
1188
1189 | machine_type | condition |
1190 | ------------- | ------------------ |
1191-| lxd.container | num_scenarios > 7 |
1192-| lxd.vm | never |
1193+| lxd-container | num_scenarios > 7 |
1194+| lxd-vm | never |
1195 | gcp | num_scenarios > 5 |
1196 | azure | num_scenarios > 14 |
1197 | aws | num_scenarios > 11 |
1198@@ -175,17 +175,6 @@ To specifically run non-ubuntu pro tests using canonical cloud-images an
1199 additional token obtained from https://ubuntu.com/pro needs to be set:
1200 - UACLIENT_BEHAVE_CONTRACT_TOKEN=<your_token>
1201
1202-By default, the public AMIs for Ubuntu Pro testing used for each Ubuntu
1203-release are defined in features/aws-ids.yaml. These ami-ids are determined by
1204-running `./tools/refresh-aws-pro-ids`.
1205-
1206-Integration tests will read features/aws-ids.yaml to determine which default
1207-AMI id to use for each supported Ubuntu release.
1208-
1209-To update `features/aws-ids.yaml`, run `./tools/refresh-aws-pro-ids` and put up
1210-a pull request against this repo to updated that content from the ua-contracts
1211-marketplace definitions.
1212-
1213 * To manually run EC2 integration tests with a specific AMI Id provide the
1214 following environment variable to launch your specific AMI instead of building
1215 a daily ubuntu-advantage-tools image.
1216diff --git a/dev-docs/references/directory_layout.md b/dev-docs/references/directory_layout.md
1217index 241fa36..1fc1f77 100644
1218--- a/dev-docs/references/directory_layout.md
1219+++ b/dev-docs/references/directory_layout.md
1220@@ -9,12 +9,11 @@ The following describes the intent of Ubuntu Pro Client related directories:
1221 | ./uaclient/ | collection of python modules which will be packaged into ubuntu-advantage-tools package to deliver the Ubuntu Pro Client CLI |
1222 | uaclient.entitlements | Service-specific \*Entitlement class definitions which perform enable, disable, status, and entitlement operations etc. All classes derive from base.py:UAEntitlement and many derive from repo.py:RepoEntitlement |
1223 | ./uaclient/cli.py | The entry-point for the command-line client
1224-| ./uaclient/clouds/ | Cloud-platform detection logic used in Ubuntu Pro to determine if a given should be auto-attached to a contract |
1225+| ./uaclient/clouds/ | Cloud-platform detection logic used in Ubuntu Pro to determine if a given instance should be auto-attached to a contract |
1226 | uaclient.contract | Module for interacting with the Contract Server API |
1227 | uaclient.messages | Module that contains the messages delivered by `pro` to the user |
1228 | uaclient.security | Module that hold the logic used to run `pro fix` commands |
1229 | ./apt-hook/ | the C++ apt-hook delivering MOTD and apt command notifications about Ubuntu Pro support services |
1230-| ./apt-conf.d/ | apt config files delivered to /etc/apt/apt-conf.d to automatically allow unattended upgrades of ESM security-related components. If apt proxy settings are configured, an additional apt config file will be placed here to configure the apt proxy. |
1231 | /etc/ubuntu-advantage/uaclient.conf | Configuration file for the Ubuntu Pro Client.|
1232 | /var/lib/ubuntu-advantage/private | `root` read-only directory containing Contract API responses, machine-tokens and service credentials |
1233 | /var/lib/ubuntu-advantage/machine-token.json | `world` readable file containing redacted Contract API responses, machine-tokens and service credentials |
1234@@ -23,6 +22,7 @@ The following describes the intent of Ubuntu Pro Client related directories:
1235 ## Note
1236
1237 We have two `machine-token.json` files, located at:
1238+
1239 - /var/lib/ubuntu-advantage/private/machine-token.json
1240 - /var/lib/ubuntu-advantage/machine-token.json
1241
1242diff --git a/dev-docs/references/enabling_a_service.md b/dev-docs/references/enabling_a_service.md
1243index 17429d0..d799972 100644
1244--- a/dev-docs/references/enabling_a_service.md
1245+++ b/dev-docs/references/enabling_a_service.md
1246@@ -17,5 +17,5 @@ The Ubuntu Pro Client is simple in that it relies on the machine token on the at
1247 machine to describe whether a service is applicable for an environment and what
1248 configuration is required to properly enable that service.
1249
1250-Any interactions with the Contract server API are defined as UAContractClient
1251+Any interactions with the Contract Server API are defined as UAContractClient
1252 class methods in [uaclient/contract.py](../../uaclient/contract.py).
1253diff --git a/dev-docs/references/terminology.md b/dev-docs/references/terminology.md
1254index cc79893..0459eb7 100644
1255--- a/dev-docs/references/terminology.md
1256+++ b/dev-docs/references/terminology.md
1257@@ -5,8 +5,8 @@ Ubuntu Pro Client performs:
1258
1259 | Term | Meaning |
1260 | -------- | -------- |
1261-| Ubuntu Pro Client | The python command line client represented in this ubuntu-advantage-client repository. It is installed on each Ubuntu machine and is the entry-point to enable any Ubuntu Pro commercial service on an Ubuntu machine. |
1262-| Contract Server | The backend service exposing a REST API to which Ubuntu Pro Client authenticates in order to obtain contract and commercial service information and manage which support services are active on a machine.|
1263+| Ubuntu Pro Client | The python command line client represented in this ubuntu-pro-client repository. It is installed on each Ubuntu machine and is the entry-point to enable any Ubuntu Pro commercial service on an Ubuntu machine |
1264+| Contract Server | The backend service exposing a REST API to which Ubuntu Pro Client authenticates in order to obtain contract and commercial service information and manage which support services are active on a machine |
1265 | Entitlement/Service | An Ubuntu Pro commercial support service such as FIPS, ESM, Livepatch, CIS-Audit to which a contract may be entitled |
1266 | Affordance | Service-specific list of applicable architectures and Ubuntu series on which a service can run |
1267 | Directives | Service-specific configuration values which are applied to a service when enabling that service |
1268diff --git a/dev-docs/references/version_string_formatting.md b/dev-docs/references/version_string_formatting.md
1269index 98c150e..59f163c 100644
1270--- a/dev-docs/references/version_string_formatting.md
1271+++ b/dev-docs/references/version_string_formatting.md
1272@@ -5,10 +5,10 @@ Below are the versioning schemes used for publishing debs:
1273 | Build target | Version Format |
1274 | --------------------------------------------------------------------------------- | ------------------------------------------ |
1275 | [Daily PPA](https://code.launchpad.net/~canonical-server/+recipe/ua-client-daily) | `XX.YY-<revno>~g<commitish>~ubuntu22.04.1` |
1276-| Staging PPA | `XX.YY~22.04.1~rc1` |
1277-| Stable PPA | `XX.YY~22.04.1~stableppa1` |
1278-| Archive release | `XX.YY~22.04.1` |
1279-| Archive bugfix release | `XX.YY.Z~22.04.1` |
1280+| Staging PPA | `XX.YY~22.04~rc1` |
1281+| Stable PPA | `XX.YY~22.04~stableppa1` |
1282+| Archive release | `XX.YY~22.04` |
1283+| Archive bugfix release | `XX.YY.Z~22.04` |
1284
1285 ## Supported upgrade paths on same upstream version
1286
1287@@ -18,10 +18,10 @@ This table demonstrates upgrade paths between sources for one particular upstrea
1288
1289 | Upgrade path | Version diff example |
1290 | ------------------------------- | ----------------------------------------------------------------------- |
1291-| Staging to Next Staging rev | `31.4~22.04.1~rc1` ➜ `31.4~22.04.1~rc2` |
1292-| Staging to Stable | `31.4~22.04.1~rc2` ➜ `31.4~22.04.1~stableppa1` |
1293-| Stable to Next Stable rev | `31.4~22.04.1~stableppa1` ➜ `31.4~22.04.1~stableppa2` |
1294-| Stable to Archive | `31.4~22.04.1~stableppa2` ➜ `31.4~22.04.1` |
1295-| LTS Archive to Next LTS Archive | `31.4~22.04.1` ➜ `31.4~24.04.1` |
1296-| Archive to Daily | `31.4~24.04.1` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` |
1297+| Staging to Next Staging rev | `31.4~22.04~rc1` ➜ `31.4~22.04~rc2` |
1298+| Staging to Stable | `31.4~22.04~rc2` ➜ `31.4~22.04~stableppa1` |
1299+| Stable to Next Stable rev | `31.4~22.04~stableppa1` ➜ `31.4~22.04~stableppa2` |
1300+| Stable to Archive | `31.4~22.04~stableppa2` ➜ `31.4~22.04` |
1301+| LTS Archive to Next LTS Archive | `31.4~22.04` ➜ `31.4~24.04` |
1302+| Archive to Daily | `31.4~24.04` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` |
1303 | Daily to Next Daily | `31.4-1500~g75fa134~ubuntu24.04.1` ➜ `31.4-1501~g3836375~ubuntu24.04.1` |
1304diff --git a/dev-docs/references/what_happens_during_attach.md b/dev-docs/references/what_happens_during_attach.md
1305index 21ad455..05854e1 100644
1306--- a/dev-docs/references/what_happens_during_attach.md
1307+++ b/dev-docs/references/what_happens_during_attach.md
1308@@ -1,7 +1,7 @@
1309 ### What happens during attach
1310 After running the command `pro attach TOKEN`, Ubuntu Pro Client will perform the following steps:
1311
1312-* read the config from /etc/ubuntu-advantage/uaclient.conf to obtain
1313+* Read the config from /etc/ubuntu-advantage/uaclient.conf to obtain
1314 the contract\_url (default: https://contracts.canonical.com)
1315 * POSTs to the Contract Server API @
1316 <contract_url>/api/v1/context/machines/token providing the \<contractToken\>
1317diff --git a/dev-requirements.txt b/dev-requirements.txt
1318index 06712bf..00dd2fb 100644
1319--- a/dev-requirements.txt
1320+++ b/dev-requirements.txt
1321@@ -1,6 +1,6 @@
1322 # The black, isort and shellcheck-py versions are also in .pre-commit-config.yaml;
1323 # make sure to update both together
1324 black==22.3.0
1325-isort==5.8.0
1326+isort==5.12.0
1327 pre-commit
1328 shellcheck-py==0.8.0.4
1329diff --git a/docs/_static/js/github_issue_links.js b/docs/_static/js/github_issue_links.js
1330index e449b4e..d339060 100644
1331--- a/docs/_static/js/github_issue_links.js
1332+++ b/docs/_static/js/github_issue_links.js
1333@@ -2,7 +2,7 @@ window.onload = function() {
1334 const link = document.createElement("a");
1335 link.classList.add("muted-link");
1336 link.classList.add("github-issue-link");
1337- link.text = "Have a question?";
1338+ link.text = "Give feedback";
1339 link.href = (
1340 "https://github.com/canonical/ubuntu-pro-client/issues/new?"
1341 + "title=docs%3A+TYPE+YOUR+QUESTION+HERE"
1342diff --git a/docs/conf.py b/docs/conf.py
1343index 8dd4d59..33da04c 100644
1344--- a/docs/conf.py
1345+++ b/docs/conf.py
1346@@ -38,6 +38,8 @@ extensions = [
1347
1348 templates_path = ["_templates"]
1349
1350+html_extra_path = ["googleaf254801a5285c31.html", "sitemap-index.xml"]
1351+
1352 # List of patterns, relative to source directory, that match files and
1353 # directories to ignore when looking for source files.
1354 # This pattern also affects html_static_path and html_extra_path.
1355@@ -100,7 +102,7 @@ html_static_path = ["_static"]
1356 html_css_files = [
1357 "css/logo.css",
1358 "css/github_issue_links.css",
1359- "css/custom.css"
1360+ "css/custom.css",
1361 ]
1362 html_js_files = [
1363 "js/github_issue_links.js",
1364diff --git a/docs/explanations.rst b/docs/explanations.rst
1365index a424451..78adb85 100644
1366--- a/docs/explanations.rst
1367+++ b/docs/explanations.rst
1368@@ -27,6 +27,7 @@ selection of some of the commands -- what they do, and how they work.
1369 :maxdepth: 1
1370
1371 explanations/how_to_interpret_the_security_status_command.md
1372+ explanations/how_to_interpret_output_of_unattended_upgrades.md
1373 explanations/status_columns.md
1374 explanations/what_refresh_does.md
1375
1376@@ -48,6 +49,7 @@ Other Pro features explained
1377 .. toctree::
1378 :maxdepth: 1
1379
1380+ explanations/cves_and_usns_explained.md
1381 explanations/what_are_the_timer_jobs.md
1382 explanations/what_is_the_daemon.md
1383 explanations/why_trusty_is_no_longer_supported.md
1384diff --git a/docs/explanations/apt_messages.md b/docs/explanations/apt_messages.md
1385index d4e62ef..edd50d2 100644
1386--- a/docs/explanations/apt_messages.md
1387+++ b/docs/explanations/apt_messages.md
1388@@ -25,7 +25,7 @@ Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04
1389
1390 ## LTS series with esm-apps service disabled
1391
1392-When you are running `apt upgraded` on a LTS release, like Focal, we advertise
1393+When you are running `apt upgrade` on a LTS release, like Focal, we advertise
1394 the `esm-apps` service if packages could be upgraded by enabling the service:
1395
1396 ```
1397diff --git a/docs/explanations/cves_and_usns_explained.md b/docs/explanations/cves_and_usns_explained.md
1398new file mode 100644
1399index 0000000..272c1d8
1400--- /dev/null
1401+++ b/docs/explanations/cves_and_usns_explained.md
1402@@ -0,0 +1,44 @@
1403+# CVEs and USNs explained
1404+
1405+## What is a CVE
1406+
1407+Common Vulnerabilities and Exposures (CVEs) are a way to catalogue and track public security
1408+vulnerabilities for a given software. Every CVE is identified through a unique identifier,
1409+for example [CVE-2023-0465](https://www.cve.org/CVERecord?id=CVE-2023-0465).
1410+
1411+CVEs are maintained by the [MITRE Corporation](https://cve.mitre.org/) and the goal of the project
1412+is to provide naming conventions for the public known security issues while also maintaining a
1413+centralised repository for all of the security issues. This makes it easier for an organization to
1414+submit a new security flaw though the CVE convention while also analysing any other existing CVEs
1415+in the database.
1416+
1417+You can search for any existing CVE related to Ubuntu using
1418+[the Ubuntu CVE page](https://ubuntu.com/security/cves).
1419+
1420+## What is a USN?
1421+
1422+An Ubuntu Security Notice (USN) is the way that Canonical publicly catalogues and displays security
1423+vulneratibilities for Ubuntu packages. Usually, a USN is composed of one or more
1424+[CVEs](#what-is-a-cve) and it also contains update instructions to fix the issue, if a fix is
1425+already available.
1426+
1427+USNs follow a naming convention of the format: [USN-5963-1](https://ubuntu.com/security/notices/USN-5963-1)
1428+
1429+You can search for any existing USN using
1430+[the Ubuntu Security Notices page](https://ubuntu.com/security/notices).
1431+
1432+## What are related USNs?
1433+
1434+A USN is composed of different CVEs. If the same CVE appears on multiple USNs, we say that those USNs are related.
1435+In the following image, we can see a visual representation of that concept, where USN-789 and USN-321
1436+are related USNs because both are affected by CVE-2:
1437+
1438+![Related USN example](../images/usn-related.png)
1439+
1440+
1441+A real example can be seen in [USN-5573-1](https://ubuntu.com/security/notices/USN-5573-1).
1442+In the section **Related notices**, it shows that both **USN-5570-1**
1443+and **USN-5570-2** are related to **USN-5573-1**.
1444+
1445+This information is useful for users that want to tackle
1446+all related USNs at once, making sure that a CVE is fully fixed on their Ubuntu machine.
1447diff --git a/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md
1448new file mode 100644
1449index 0000000..714c14a
1450--- /dev/null
1451+++ b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md
1452@@ -0,0 +1,82 @@
1453+# How to interpret the output of unattended-upgrades
1454+
1455+On Pro Client version 27.14~, we introduced the `u.pro.unattended_upgrades.status.v1` endpoint.
1456+This endpoint is designed to provide users with an overview of the configuration and setup for
1457+unattended-upgrades on the machine. The expected output follows this JSON example:
1458+
1459+```json
1460+{
1461+ "_schema_version": "v1",
1462+ "data": {
1463+ "attributes": {
1464+ "apt_periodic_job_enabled": true,
1465+ "package_lists_refresh_frequency_days": 1,
1466+ "systemd_apt_timer_enabled": true,
1467+ "unattended_upgrades_allowed_origins": [
1468+ "${distro_id}:${distro_codename}",
1469+ "${distro_id}:${distro_codename}-security",
1470+ "${distro_id}ESMApps:${distro_codename}-apps-security",
1471+ "${distro_id}ESM:${distro_codename}-infra-security"
1472+ ],
1473+ "unattended_upgrades_disabled_reason": null,
1474+ "unattended_upgrades_frequency_days": 1,
1475+ "unattended_upgrades_last_run": null,
1476+ "unattended_upgrades_running": true
1477+ },
1478+ "meta": {
1479+ "environment_vars": [],
1480+ "raw_config": {
1481+ "APT::Periodic::Enable": "1",
1482+ "APT::Periodic::Unattended-Upgrade": "1",
1483+ "APT::Periodic::Update-Package-Lists": "1",
1484+ "Unattended-Upgrade::Allowed-Origins": [
1485+ "${distro_id}:${distro_codename}",
1486+ "${distro_id}:${distro_codename}-security",
1487+ "${distro_id}ESMApps:${distro_codename}-apps-security",
1488+ "${distro_id}ESM:${distro_codename}-infra-security"
1489+ ]
1490+ }
1491+ },
1492+ "type": "UnattendedUpgradesStatus"
1493+ },
1494+ "errors": [],
1495+ "result": "success",
1496+ "version": "27.14~16.04.1",
1497+ "warnings": []
1498+}
1499+```
1500+
1501+As we can see from this output, we have a variable named `unattended_upgrades_running`. That variable
1502+indicates if unattended-upgrades is properly configured and running on the machine.
1503+The value of this field will only be `true` if *ALL* of the following prerequisites are also true:
1504+
1505+* *`apt_periodic_job_enable` is true*: That variable indicates if the APT::Periodic::Enable configuration variable
1506+ is turned on. If it is turned off, unattended-upgrades will not automatically run on the machine.
1507+* *`package_lists_refresh_frequency_days` is non-zero*: That variable shows the value of APT::Periodic::Package-List-Frequency.
1508+ This configuration defines the daily frequency for updating package sources in the background. If it has a zero value, this step will never
1509+ happen and unattended-upgrades might not be able to install new versions of the packages.
1510+* *`systemd_apt_timer_enabled` is true*: This variable is true if both `apt-daily.timer` and `apt-daily-upgrade.timer` are running
1511+ on the machine. These timers are the ones that control when unattended-upgrades run. The first job, `apt-daily.timer` is responsible
1512+ for triggering the code that downloads the lastest package information on the system. The second job, `apt-daily-upgrade.timer` is
1513+ responsible for running unattended-upgrades to download the latest version of the packages. If one of these jobs is disabled,
1514+ unattended-upgrades might not work as expected.
1515+* *`unattended_upgrades_allowed_origins` is not empty*: This variable defines the origins that
1516+ unattended-upgrades can use to install a package. If that list is empty, no packages can be
1517+ installed and unattended-upgrades will not work as expected.
1518+* *`unattended_upgrades_frequency_days` is non-zero*: That variable shows the value of
1519+ APT::Periodic::Unattended-Upgrade. This configuration defines the daily frequency for running
1520+ unattended-upgrades in the background. Therefore, if it has a zero value, the command will never
1521+ run.
1522+
1523+
1524+If any of those conditions are not met, the variable
1525+*unattended_upgrades_disabled_reason* will contain an object explaining why unattended-upgrades is
1526+not running. For example, if `package_lists_refresh_frequency_days` has a zero value, we will see
1527+the following value for *unattended_upgrades_disabled_reason*:
1528+
1529+```json
1530+{
1531+ "msg": "APT::Periodic::Update-Package-Lists is turned off",
1532+ "code": "unattended-upgrades-cfg-value-turned-off"
1533+}
1534+```
1535diff --git a/docs/explanations/how_to_interpret_the_security_status_command.md b/docs/explanations/how_to_interpret_the_security_status_command.md
1536index 21be0b4..b0a56e9 100644
1537--- a/docs/explanations/how_to_interpret_the_security_status_command.md
1538+++ b/docs/explanations/how_to_interpret_the_security_status_command.md
1539@@ -1,7 +1,200 @@
1540 # What does `security-status` do?
1541
1542-The `security-status` command is used to get an overview of the packages
1543-installed on your machine.
1544+The `security-status` command provides an overview of all the packages
1545+installed on your machine, and the security coverage that applies to those
1546+packages.
1547+
1548+The output of the `security-status` command varies, depending on the configuration of the machine you run it on. In this article, we'll take a look at the different outputs of `security-status` and the situations in which you might see them.
1549+
1550+## Command output
1551+
1552+If you run the `pro security-status` command, the first blocks of information
1553+you see look like:
1554+
1555+```
1556+2871 packages installed:
1557+ 2337 packages from Ubuntu Main/Restricted repository
1558+ 504 packages from Ubuntu Universe/Multiverse repository
1559+ 8 packages from third parties
1560+ 22 packages no longer available for download
1561+
1562+To get more information about the packages, run
1563+ pro security-status --help
1564+for a list of available options.
1565+```
1566+
1567+Those are counts for the `apt` packages installed in the system, sorted
1568+between the packages in main, universe, third party packages, and packages
1569+that are no longer available. You will also see a hint to run
1570+`pro security-status --help` to get more information.
1571+
1572+### `apt update` hint
1573+
1574+To get accurate package information, the `apt` caches must be up to date. If
1575+your cache was not updated recently, you may see a message in the output with
1576+a hint to update.
1577+
1578+```
1579+The system apt cache may be outdated. Make sure to run
1580+ sudo apt-get update
1581+to get the latest package information from apt.
1582+```
1583+
1584+### LTS coverage
1585+
1586+If `esm-infra` is disabled in your system, main/restricted packages will be
1587+covered during the LTS period - this information is presented right after the
1588+hints. A covered system will present this message:
1589+
1590+```
1591+This machine is receiving security patching for Ubuntu Main/Restricted
1592+repository until <year>.
1593+```
1594+
1595+On a system where the LTS period ended, you'll see:
1596+
1597+```
1598+This machine is NOT receiving security patches because the LTS period has ended
1599+and esm-infra is not enabled.
1600+```
1601+
1602+### Ubuntu Pro coverage
1603+
1604+An Ubuntu Pro subscription provides more security coverage than a standard LTS.
1605+The next blocks of information are related to Ubuntu Pro itself:
1606+
1607+```
1608+This machine is attached to an Ubuntu Pro subscription.
1609+
1610+Main/Restricted packages are receiving security updates from
1611+Ubuntu Pro with 'esm-infra' enabled until 2032.
1612+
1613+Universe/Multiverse packages are receiving security updates from
1614+Ubuntu Pro with 'esm-apps' enabled until 2032. You have received 21 security
1615+updates.
1616+```
1617+
1618+This system is already attached to Pro! It is a Jammy machine, which has
1619+installed some updates from `esm-apps`. Running the same command on a Xenial
1620+system without Pro enabled, the output looks like:
1621+
1622+```
1623+This machine is NOT attached to an Ubuntu Pro subscription.
1624+
1625+Ubuntu Pro with 'esm-infra' enabled provides security updates for
1626+Main/Restricted packages until 2026. There are 170 pending security updates.
1627+
1628+Ubuntu Pro with 'esm-apps' enabled provides security updates for
1629+Universe/Multiverse packages until 2026. There is 1 pending security update.
1630+
1631+Try Ubuntu Pro with a free personal subscription on up to 5 machines.
1632+Learn more at https://ubuntu.com/pro
1633+```
1634+
1635+There are lots of `esm-infra` updates for this machine, and even an `esm-apps`
1636+update. The hint in the end of the output has a link to the main Pro website,
1637+so the user can learn more about Pro and get their subscription.
1638+
1639+### Interim releases
1640+
1641+If you are running an interim release, the output is slightly different because
1642+there are no Ubuntu Pro services available. You will still see the package
1643+counts and support period though - your main/restricted packages are supported
1644+for 9 months from the release date.
1645+
1646+```
1647+613 packages installed:
1648+ 601 packages from Ubuntu Main/Restricted repository
1649+ 12 packages from Ubuntu Universe/Multiverse repository
1650+
1651+To get more information about the packages, run
1652+ pro security-status --help
1653+for a list of available options.
1654+
1655+Main/Restricted packages receive updates until 1/2024.
1656+
1657+Ubuntu Pro is not available for non-LTS releases.
1658+```
1659+
1660+### Optional flags for specific package sets
1661+
1662+Some flags can be passed to `security-status` to get information about coverage
1663+of specific package sets. As an example, let's look at the output of
1664+`pro security-status --esm-infra`:
1665+
1666+```
1667+442 packages installed:
1668+ 441 packages from Ubuntu Main/Restricted repository
1669+
1670+Main/Restricted packages are receiving security updates from
1671+Ubuntu Pro with 'esm-infra' enabled until 2026. You have received 3 security
1672+updates. There are 160 pending security updates.
1673+
1674+Run 'pro help esm-infra' to learn more
1675+
1676+Installed packages with an available esm-infra update:
1677+( ... list of packages ... )
1678+
1679+Installed packages with an esm-infra update applied:
1680+( ... list of packages ... )
1681+
1682+Further installed packages covered by esm-infra:
1683+( ... list of packages ... )
1684+
1685+For example, run:
1686+ apt-cache show tcpdump
1687+to learn more about that package.
1688+```
1689+
1690+Besides the support information of main/restricted (which Ubuntu Pro with
1691+`esm-infra` extends) there are lists of:
1692+- packages which have some updated version available in esm-infra repositories
1693+- packages which have an installed version from the esm-infra repositories
1694+- packages which are covered by esm-infra
1695+
1696+You will see a similar output when running `pro security-status --esm-apps`,
1697+but with information regarding universe/multiverse packages.
1698+
1699+You can also get a list of the third-party packages installed in the system:
1700+
1701+```
1702+$ pro security-status --thirdparty
1703+2871 packages installed:
1704+ 8 packages from third parties
1705+
1706+Packages from third parties are not provided by the official Ubuntu
1707+archive, for example packages from Personal Package Archives in Launchpad.
1708+
1709+Packages:
1710+( ... list of packages ... )
1711+
1712+For example, run:
1713+ apt-cache show <package_name>
1714+to learn more about that package.
1715+```
1716+
1717+And also a list of unavailable packages (which no longer have any installation
1718+source):
1719+
1720+```
1721+$ pro security-status --unavailable
1722+2871 packages installed:
1723+ 22 packages no longer available for download
1724+
1725+Packages that are not available for download may be left over from a
1726+previous release of Ubuntu, may have been installed directly from a
1727+.deb file, or are from a source which has been disabled.
1728+
1729+Packages:
1730+( ... list of packages ... )
1731+
1732+
1733+For example, run:
1734+ apt-cache show <package_name>
1735+to learn more about that package.
1736+```
1737+
1738+## Machine-readable output
1739
1740 If you run the `pro security-status --format yaml` command on your machine, you
1741 should expect to see an output that follows this structure:
1742@@ -41,10 +234,10 @@ livepatch:
1743 Patched: true
1744 ```
1745
1746-Let's understand what each key means in the output of the `pro security-status`
1747-command:
1748+Let's understand what each key means in the output of the
1749+`pro security-status --format yaml` command:
1750
1751-## `summary`
1752+### `summary`
1753
1754 This provides a summary of the system related to Ubuntu Pro and the different
1755 package sources in the system:
1756@@ -102,7 +295,7 @@ package sources in the system:
1757 * **`entitled_services`**: A list of services that are entitled on your
1758 Ubuntu Pro subscription. If unattached, this will always be an empty list.
1759
1760-## `packages`
1761+### `packages`
1762
1763 This provides a list of security updates for packages installed on the system.
1764 Every entry on the list will follow this structure:
1765@@ -123,7 +316,7 @@ Every entry on the list will follow this structure:
1766 * **`download_size`**: The number of bytes that would be downloaded in order to
1767 install the update.
1768
1769-## `livepatch`
1770+### `livepatch`
1771
1772 This displays Livepatch-related information. Currently, the only information
1773 presented is **`fixed_cves`**. This represents a list of CVEs that were fixed
1774diff --git a/docs/explanations/motd_messages.md b/docs/explanations/motd_messages.md
1775index 337a4bd..6a8f22b 100644
1776--- a/docs/explanations/motd_messages.md
1777+++ b/docs/explanations/motd_messages.md
1778@@ -2,21 +2,51 @@
1779
1780 When the Ubuntu Pro Client (`pro`) is installed on the system, it delivers
1781 custom messages on ["Message of the Day" (MOTD)](https://wiki.debian.org/motd).
1782-Those messages are generated directly by two different sources.
1783+Those messages are generated directly by three different sources.
1784
1785-## Python-scripted MOTD
1786+* MOTD about available updates
1787+* MOTD about important subscription conditions
1788+* MOTD about ESM being available
1789+
1790+## MOTD about available updates
1791
1792 The [update-notifier](https://wiki.ubuntu.com/UpdateNotifier) delivers a script
1793-called `apt_check.py`. With regards to Ubuntu Pro, this script is responsible
1794-for:
1795-
1796+via the `update-notifier-common` package called
1797+`/usr/lib/update-notifier/apt_check.py.
1798+With regards to Ubuntu Pro, this script is responsible for:
1799+
1800 * Informing the user about the status of one of the ESM services; `esm-apps` if
1801 the machine is an LTS series, or `esm-infra` if the series is in ESM mode.
1802 * Showing the number of `esm-infra` or `esm-apps` packages that can be upgraded
1803 on the machine.
1804
1805-For example, here is the output of the `apt_check.py` script on a LTS machine
1806-when both of those services are enabled:
1807+`update-notifier` has always added information about potential updates to
1808+MOTD to raise user awareness. With the advent of Ubuntu Pro they are
1809+just more differentiated.
1810+
1811+Note that if you run `apt_check.py` directly it might give you rather
1812+unreadable output as it is meant for program use. You can add `--human-readable`
1813+to see the information as it would be presented in MOTD.
1814+
1815+### Machine is unattached
1816+
1817+On a machine that runs an Ubuntu release for which the `esm-apps` service
1818+is available, but not yet attached to an Ubuntu Pro subscription, there will
1819+be a message notifying the user that there may be more security updates
1820+available through ESM Apps.
1821+
1822+```
1823+Expanded Security Maintenance for Applications is not enabled.
1824+
1825+0 updates can be applied immediately.
1826+
1827+Enable ESM Apps to receive additional future security updates.
1828+See https://ubuntu.com/esm or run: sudo pro status
1829+```
1830+
1831+### Machine is fully attached
1832+
1833+In the opposite situation, if an LTS machine has the `esm-infra` and `esm-apps` services enabled then users will see the following output in MOTD:
1834
1835 ```
1836 Expanded Security Maintenance for Applications is enabled.
1837@@ -28,8 +58,16 @@ Expanded Security Maintenance for Applications is enabled.
1838 To see these additional updates run: apt list --upgradable
1839 ```
1840
1841-However, if we were running this on an ESM series, we would instead see
1842-`esm-infra` being advertised:
1843+### Machine is fully attached, on an older release
1844+
1845+Above you have seen examples of recent (as in "still in their first 5
1846+years of support") Ubuntu releases, where the hint is about ESM Apps
1847+extending the coverage to the universe repositories.
1848+
1849+However, if running on an Ubuntu release that has is already past the initial
1850+5 years of support and has thereby entered Expanded Security Maintenance
1851+(["ESM"](https://ubuntu.com/security/esm)), we would instead see
1852+`esm-infra` (which provides coverage for another 5 years) being shown:
1853
1854 ```
1855 Expanded Security Maintenance Infrastructure is enabled.
1856@@ -41,17 +79,19 @@ Expanded Security Maintenance Infrastructure is enabled.
1857 To see these additional updates run: apt list --upgradable
1858 ```
1859
1860+### Partial service enablement
1861+
1862 Now let's consider a scenario where one of these services is not enabled. For
1863 example, if `esm-apps` was disabled, the output will be:
1864
1865 ```
1866 Expanded Security Maintenance for Applications is not enabled.
1867-
1868+
1869 6 updates can be applied immediately.
1870 1 of these updates is a ESM Infra security update.
1871 5 of these updates are standard security updates.
1872 To see these additional updates run: apt list --upgradable
1873-
1874+
1875 5 additional security updates can be applied with ESM Apps
1876 Learn more about enabling ESM Apps for Ubuntu 16.04 at
1877 https://ubuntu.com/16-04
1878@@ -62,13 +102,13 @@ upgraded if that service was enabled. Note that we would deliver the same
1879 information for `esm-infra` if the service was disabled and the series running
1880 on the machine is in ESM state.
1881
1882-## MOTD through Ubuntu Pro timer jobs
1883+## MOTD about important subscription conditions
1884
1885-One of the timer jobs Ubuntu Pro uses can insert additional messages into MOTD.
1886-These messages will be always delivered before or after the content created by
1887-the Python script delivered by `update-notifier`. These additional messages are
1888-generated when `pro` detects that certain conditions on the machine have been
1889-met. They are:
1890+One of the [timer jobs](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/explanations/what_are_the_timer_jobs.html)
1891+Ubuntu Pro uses can insert additional messages into MOTD.
1892+These messages will be always delivered next to the content created by
1893+`update-notifier`. These additional messages are generated when `pro`
1894+detects that certain conditions on the machine have been met. They are:
1895
1896 ### Subscription expired
1897
1898@@ -104,8 +144,69 @@ coverage for your applications.
1899 Your grace period will expire in 9 days.
1900 ```
1901
1902-### How are these messages updated and inserted into MOTD?
1903+## MOTD about ESM being available
1904+
1905+When Ubuntu Pro became generally available, a temporary announcement was made
1906+through MOTD. This was intended to raise awareness of Pro now being available
1907+and free for personal use, and was shown on systems that could be covered
1908+by `esm-apps`.
1909+It looked like:
1910+
1911+```
1912+ * Introducing Expanded Security Maintenance for Applications.
1913+ Receive updates to over 25,000 software packages with your
1914+ Ubuntu Pro subscription. Free for personal use.
1915+
1916+ https://ubuntu.com/pro
1917+```
1918+
1919+Since this message was intended as a limited-time announcement to coincide
1920+with the release of Ubuntu Pro into general availability, it was removed in
1921+27.14.
1922+
1923+## How are these messages inserted into MOTD and how can I disable them?
1924+
1925+Just as there are different purposes to the messages outlined above,
1926+there are different sources producing these MOTD elements that one
1927+sees at login.
1928+
1929+Those messages are considered important to ensure user awareness about
1930+the free additional security coverage provided by Ubuntu Pro and about
1931+not-yet-applied potential updates in general. Therefore it is generally not
1932+recommended to disable them. But still, you can selectively disable them
1933+by removing the config files that add them, as outlined below.
1934+
1935+Removing those files is considered a conffile change to customize a program
1936+and they will stay removed even on future upgrades or re-installations of the
1937+related packages.
1938+
1939+If you realize that you actually need them back you need
1940+to reinstall the related packages and tell apt/dpkg to offer you to restore
1941+those files via:
1942+
1943+```
1944+sudo apt install --reinstall -o Dpkg::Options::="--force-confask" ubuntu-advantage-tools update-notifier-common
1945+```
1946+
1947+## Source: MOTD about available updates
1948+
1949+1. `update-notifier-common` has a hook `/etc/apt/apt.conf.d/99update-notifier` that runs after `apt update`.
1950+2. That hook will update the information in `/var/lib/update-notifier/updates-available` matching the new package information that was just fetched by using `/usr/lib/update-notifier/apt-check --human-readable`.
1951+3. At MOTD generation time, the script located at `/etc/update-motd.d/90-updates-available` checks if `/var/lib/update-notifier/updates-available` exists and if it does, inserts the message into the full MOTD.
1952+
1953+If you want to disable any message of update-notifier (not just related to Ubuntu Pro and ESM) about potentially available updates remove `/etc/update-motd.d/90-updates-available`.
1954
1955-1. The contract status is checked periodically in the background when the machine is attached to an Ubuntu Pro contract.
1956-2. If one of the above messages applies to the contract that the machine is attached to, then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`.
1957+## Source: MOTD about important subscription conditions
1958+
1959+1. The subscription status is checked periodically in the background when the machine is attached to an Ubuntu Pro subscription.
1960+2. If one of the above conditions applies to the subscription that the machine is attached to (there are no messages generated by this for unattached machines), then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`.
1961 3. At MOTD generation time, the script located at `/etc/update-motd.d/91-contract-ua-esm-status` checks if `/var/lib/ubuntu-advantage/messages/motd-contract-status` exists and if it does, inserts the message into the full MOTD.
1962+
1963+If you want to disable any message about important conditions of your attached subscription remove `/etc/update-motd.d/91-contract-ua-esm-status`.
1964+
1965+## Source: MOTD about ESM being available
1966+
1967+1. `pro` checks regularly if a system would have `esm-apps` available to it and if so places a message in `/var/lib/ubuntu-advantage/messages/motd-esm-announce`.
1968+2. At MOTD generation time, the script located at `/etc/update-motd.d/88-esm-announce` checks if `/var/lib/ubuntu-advantage/messages/motd-esm-announce` exists and if it does, inserts the message into the full MOTD.
1969+
1970+If you want to disable the ESM announcement remove `/etc/update-motd.d/88-esm-announce` (or upgrade to 27.14 or later which will remove it for you).
1971diff --git a/docs/explanations/status_columns.md b/docs/explanations/status_columns.md
1972index 1447b44..6e79449 100644
1973--- a/docs/explanations/status_columns.md
1974+++ b/docs/explanations/status_columns.md
1975@@ -101,3 +101,105 @@ allow_beta: True
1976 It's important to keep in mind that any feature defined like this will be
1977 listed, even if it is invalid or typed the wrong way. Those appear in `status`
1978 output for informational and debugging purposes.
1979+
1980+## Machine-readable output
1981+
1982+The `pro status` command supports a `--format` flag with options including `json` and `yaml`. These result in a machine-readable form of the information presented by the `pro status` command.
1983+
1984+```{note}
1985+`pro status` should return the same results whether using `sudo` or not, but earlier versions did not always do this. We recommend using `sudo` whenever possible.
1986+```
1987+
1988+For example, running `sudo pro status --format=json` on an attached machine may give you something like this:
1989+```javascript
1990+{
1991+ "_doc": "Content provided in json response is currently considered Experimental and may change",
1992+ "_schema_version": "0.1",
1993+ "account": {
1994+ "created_at": "2000-01-02T03:04:05+06:00",
1995+ "id": "account_id",
1996+ "name": "Test"
1997+ },
1998+ "attached": true,
1999+ "config": { ...effectiveConfiguration },
2000+ "config_path": "/etc/ubuntu-advantage/uaclient.conf",
2001+ "contract": {
2002+ "created_at": "2000-01-02T03:04:05+06:00",
2003+ "id": "contract_id",
2004+ "name": "contract_name",
2005+ "products": [ "uaa-essential" ],
2006+ "tech_support_level": "essential"
2007+ },
2008+ "effective": null,
2009+ "environment_vars": [...proClientEnvironmentVariables],
2010+ "errors": [],
2011+ "execution_details": "No Ubuntu Pro operations are running",
2012+ "execution_status": "inactive",
2013+ "expires": "9999-12-31T00:00:00+00:00",
2014+ "features": {},
2015+ "machine_id": "machine_id",
2016+ "notices": [],
2017+ "result": "success",
2018+ "services": [
2019+ {
2020+ "available": "yes",
2021+ "blocked_by": [],
2022+ "description": "Expanded Security Maintenance for Applications",
2023+ "description_override": null,
2024+ "entitled": "yes",
2025+ "name": "esm-apps",
2026+ "status": "enabled",
2027+ "status_details": "Ubuntu Pro: ESM Apps is active",
2028+ "warning": null
2029+ },
2030+ {
2031+ "available": "yes",
2032+ "blocked_by": [],
2033+ "description": "Expanded Security Maintenance for Infrastructure",
2034+ "description_override": null,
2035+ "entitled": "yes",
2036+ "name": "esm-infra",
2037+ "status": "enabled",
2038+ "status_details": "Ubuntu Pro: ESM Infra is active",
2039+ "warning": null
2040+ },
2041+ {
2042+ "available": "yes",
2043+ "blocked_by": [],
2044+ "description": "Canonical Livepatch service",
2045+ "description_override": null,
2046+ "entitled": "yes",
2047+ "name": "livepatch",
2048+ "status": "enabled",
2049+ "status_details": "",
2050+ "warning": null
2051+ },
2052+ ...otherServiceStatusObjects
2053+ ],
2054+ "simulated": false,
2055+ "version": "27.13.6~18.04.1",
2056+ "warnings": []
2057+}
2058+```
2059+
2060+Some particularly important attributes in the output include:
2061+* `attached`: This boolean value indicates whether this machine is attached to an Ubuntu Pro account. This does not tell you if any particular service (e.g. `esm-infra`) is enabled. You must check the individual service item in the `services` list for that status (described below).
2062+* `expires`: This is the date that the Ubuntu Pro subscription is valid until (in RFC3339 format). After this date has passed the machine should be treated as if not attached and no services are enabled. `attached` may still say `true` and services may still say they are `entitled` and `enabled`, but if the `expires` date has passed, you should assume the services are not functioning.
2063+* `services`: This is a list of Ubuntu Pro services. Each item has its own attributes. Widely applicable services include those with `name` equal to `esm-infra`, `esm-apps`, and `livepatch`. Some important fields in each service object are:
2064+ * `name`: The name of the service.
2065+ * `entitled`: A boolean indicating whether the attached Ubuntu Pro account is allowed to enable this service.
2066+ * `status`: A string indicating the service's current status on the machine. Any value other than `enabled` should be treated as if the service is not enabled and not working properly on the machine. Possible values are:
2067+ * `enabled`: The service is enabled and working.
2068+ * `disabled`: The service can be enabled but is not currently.
2069+ * `n/a`: The service cannot be enabled on this machine.
2070+ * `warning`: The service is supposed to be enabled but something is wrong. Check the `warning` field in the service item for additional information.
2071+
2072+For example, if you want to programatically find the status of esm-infra on a particular machine, you can use the following command:
2073+```shell
2074+sudo pro status --format=json | jq '.services[] | select(.name == "esm-infra").status'
2075+```
2076+That command will print one of the `status` values defined above.
2077+
2078+```{attention}
2079+In an future version of Ubuntu Pro Client, there will be an [API](../references/api.md) function to access this information. For now, though, `pro status --format=json` is the recommended machine-readable interface to this data.
2080+```
2081diff --git a/docs/googleaf254801a5285c31.html b/docs/googleaf254801a5285c31.html
2082new file mode 100644
2083index 0000000..b603071
2084--- /dev/null
2085+++ b/docs/googleaf254801a5285c31.html
2086@@ -0,0 +1 @@
2087+google-site-verification: googleaf254801a5285c31.html
2088\ No newline at end of file
2089diff --git a/docs/howtoguides.rst b/docs/howtoguides.rst
2090index 7127394..5b93de6 100644
2091--- a/docs/howtoguides.rst
2092+++ b/docs/howtoguides.rst
2093@@ -59,6 +59,7 @@ How to use ``pro`` commands
2094 :maxdepth: 1
2095
2096 Run `fix` in "dry run" mode <howtoguides/how_to_run_fix_in_dry_run_mode.md>
2097+ Skip fixing related USNs <howtoguides/how_to_not_fix_related_usns.md>
2098
2099 ``refresh``
2100 -----------
2101diff --git a/docs/howtoguides/enable_fips.md b/docs/howtoguides/enable_fips.md
2102index 8f614fb..4fe8b8a 100644
2103--- a/docs/howtoguides/enable_fips.md
2104+++ b/docs/howtoguides/enable_fips.md
2105@@ -36,5 +36,5 @@ been installed:
2106 ```
2107 Installing FIPS packages
2108 FIPS enabled
2109-A reboot is required to complete installl
2110+A reboot is required to complete install.
2111 ```
2112diff --git a/docs/howtoguides/get_rid_of_corrupt_lock.md b/docs/howtoguides/get_rid_of_corrupt_lock.md
2113index 03da4a3..17e8e37 100644
2114--- a/docs/howtoguides/get_rid_of_corrupt_lock.md
2115+++ b/docs/howtoguides/get_rid_of_corrupt_lock.md
2116@@ -2,7 +2,7 @@
2117
2118 Some pro commands (`attach`, `enable`, `detach` and `disable`) will potentially change the
2119 internal state of your system. Since those commands can run in parallel, we have a lock file
2120-mechanism to guarantee that only one of these commands can run at the same time. The lock follow
2121+mechanism to guarantee that only one of these commands can run at the same time. The lock follows
2122 this pattern:
2123
2124 ```
2125diff --git a/docs/howtoguides/get_token_and_attach.md b/docs/howtoguides/get_token_and_attach.md
2126index 41726ef..ff15c15 100644
2127--- a/docs/howtoguides/get_token_and_attach.md
2128+++ b/docs/howtoguides/get_token_and_attach.md
2129@@ -1,10 +1,21 @@
2130 # How to get an Ubuntu Pro token and attach to a subscription
2131
2132+## Get an Ubuntu Pro token
2133+
2134 Retrieve your Ubuntu Pro token from the
2135-[Ubuntu Pro portal](https://ubuntu.com/pro/). You will log in with your "Single
2136+[Ubuntu Pro portal](https://ubuntu.com/pro/). Log in with your "Single
2137 Sign On" credentials, the same credentials you use for https://login.ubuntu.com.
2138-Note that you can obtain a free personal token, which provides you with access
2139-to several of the Ubuntu Pro services.
2140+
2141+Being logged in you can then go to the
2142+[Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard) that is associated to
2143+your user. It will show you all subscriptions currently available to you and
2144+for each the associated token.
2145+
2146+Note that even without buying anything you can always obtain a free personal
2147+token that way, which provides you with access to several of the Ubuntu Pro
2148+services.
2149+
2150+## Attach to a subscription
2151
2152 Once that token is obtained, to attach your machine to a subscription, just run:
2153
2154@@ -35,3 +46,26 @@ Enable services with: pro enable <service>
2155 Once the Ubuntu Pro Client is attached to your Ubuntu Pro account, you can use
2156 it to activate various services, including: access to ESM packages, Livepatch,
2157 FIPS, and CIS. Some features are specific to certain LTS releases.
2158+
2159+## Control of auto-enabled services
2160+
2161+Your subscription controls which services are available to you and which ones
2162+you can manage via the [Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard).
2163+
2164+Recommended services are auto-enabled by default when attaching a system.
2165+You can choose which of the available services will be automatically
2166+enabled or disabled when you attach by toggling them in the
2167+[Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard).
2168+Available services can always be enabled or disabled on the command line
2169+with `pro enable` and `pro disable` after attaching.
2170+
2171+![Toggling recommended services in the Pro Dashboard](pro-dashboard-service-toggles.png)
2172+
2173+If your subscription does not permit you to change the default
2174+enabled services via the Dashboard, or if you want to keep the
2175+defaults but do not want to auto-enable any services while attaching a particular
2176+machine, you can pass the `--no-auto-enable` flag to `attach` using the following command:
2177+
2178+```
2179+$ sudo pro attach YOUR_TOKEN --no-auto-enable
2180+```
2181diff --git a/docs/howtoguides/how_to_not_fix_related_usns.md b/docs/howtoguides/how_to_not_fix_related_usns.md
2182new file mode 100644
2183index 0000000..c9fabf0
2184--- /dev/null
2185+++ b/docs/howtoguides/how_to_not_fix_related_usns.md
2186@@ -0,0 +1,65 @@
2187+# How to not fix related USNs
2188+
2189+When running the `pro fix` command for a USN, by default we also try to fix
2190+any related USNs as well. To better understand the concept of related USNs,
2191+you can refer to our [related USNs guide](../explanations/cves_and_usns_explained.md).
2192+To make this clear, let's take a look into the following example:
2193+
2194+```
2195+USN-5573-1: rsync vulnerability
2196+Found CVEs:
2197+ - https://ubuntu.com/security/CVE-2022-37434
2198+
2199+Fixing requested USN-5573-1
2200+1 affected source package is installed: rsync
2201+(1/1) rsync:
2202+A fix is available in Ubuntu standard updates.
2203+{ apt update && apt install --only-upgrade -y rsync }
2204+
2205+✔ USN-5573-1 is resolved.
2206+
2207+Found related USNs:
2208+- USN-5570-1
2209+- USN-5570-2
2210+
2211+Fixing related USNs:
2212+- USN-5570-1
2213+No affected source packages are installed.
2214+
2215+✔ USN-5570-1 does not affect your system.
2216+
2217+- USN-5570-2
2218+1 affected source package is installed: zlib
2219+(1/1) zlib:
2220+A fix is available in Ubuntu standard updates.
2221+{ apt update && apt install --only-upgrade -y zlib1g }
2222+
2223+✔ USN-5570-2 is resolved.
2224+
2225+Summary:
2226+✔ USN-5573-1 [requested] is resolved.
2227+✔ USN-5570-1 [related] does not affect your system.
2228+✔ USN-5570-2 [related] is resolved.
2229+```
2230+
2231+We can see here that the `pro fix` command fixed the requested **USN-5573-1** while also
2232+handling both **USN-5570-1** and **USN-5570-2**, which are related to the requested USN.
2233+If you don't want to fix any related USNs during the `fix` operation, just use the
2234+`--no-related` flag. By running the command `pro fix USN-5573-1 --no-related` we would get
2235+the following output instead:
2236+
2237+```
2238+USN-5573-1: rsync vulnerability
2239+Found CVEs:
2240+ - https://ubuntu.com/security/CVE-2022-37434
2241+
2242+Fixing requested USN-5573-1
2243+1 affected source package is installed: rsync
2244+(1/1) rsync:
2245+A fix is available in Ubuntu standard updates.
2246+{ apt update && apt install --only-upgrade -y rsync }
2247+
2248+✔ USN-5573-1 is resolved.
2249+```
2250+
2251+Note that we have not analysed or tried to fix any related USNs
2252diff --git a/docs/howtoguides/pro-dashboard-service-toggles.png b/docs/howtoguides/pro-dashboard-service-toggles.png
2253new file mode 100644
2254index 0000000..90095f5
2255Binary files /dev/null and b/docs/howtoguides/pro-dashboard-service-toggles.png differ
2256diff --git a/docs/images/usn-related.png b/docs/images/usn-related.png
2257new file mode 100644
2258index 0000000..9db73c0
2259Binary files /dev/null and b/docs/images/usn-related.png differ
2260diff --git a/docs/index.rst b/docs/index.rst
2261index b63cce0..d07dd4d 100644
2262--- a/docs/index.rst
2263+++ b/docs/index.rst
2264@@ -63,9 +63,10 @@ using it!
2265
2266 - **Having trouble?**
2267 We would like to help! To get help on a specific page in this documentation,
2268- simply click on the "Have a question?" link at the top of that page. This
2269+ simply click on the "Give feedback" link at the top of that page. This
2270 will open up an issue in GitHub where you can tell us more about the problem
2271- you're having and we will do our best to resolve it for you.
2272+ you're having or suggestion you'd like to make, and we will do our best to
2273+ resolve it for you.
2274
2275 - **Found a bug?**
2276 You can `Report bugs on Launchpad`_!
2277diff --git a/docs/references/api.md b/docs/references/api.md
2278index 4708d9b..117875e 100644
2279--- a/docs/references/api.md
2280+++ b/docs/references/api.md
2281@@ -75,6 +75,28 @@ except ImportError:
2282
2283 You could do something similar by catching certain errors when using the `pro api` subcommand, but there are more cases that could indicate an old version, and it generally isn't recommended.
2284
2285+
2286+### Errors and Warnings fields
2287+
2288+When using the API through the CLI, we use two distinct fields to list issues to the users; *errors*
2289+and *warnings*. Both of those fields will contain a list of JSON objects explaining unexpected
2290+behavior during the execution of a command. For example, the *errors* field will be populated like
2291+this if we have a connectivity issue when running a `pro api` command:
2292+
2293+```json
2294+[
2295+ {
2296+ "msg": "Failed to connect to authentication server",
2297+ "code": "connectivity-error",
2298+ "meta": {}
2299+ }
2300+]
2301+```
2302+
2303+Finally, *warnings* follow the exact same structure as *errors*. The only difference is that
2304+*warnings* means that the command was able to complete although unexpected scenarios happened
2305+when executing the command.
2306+
2307 ## Available endpoints
2308 The currently available endpoints are:
2309 - [u.pro.version.v1](#uproversionv1)
2310@@ -88,7 +110,10 @@ The currently available endpoints are:
2311 - [u.pro.security.status.reboot_required.v1](#uprosecuritystatusreboot_requiredv1)
2312 - [u.pro.packages.summary.v1](#upropackagessummaryv1)
2313 - [u.pro.packages.updates.v1](#upropackagesupdatesv1)
2314+- [u.pro.status.is_attached.v1](#uprostatusis_attachedv1)
2315+- [u.pro.status.enabled_services.v1](#uprostatusenabled_servicesv1)
2316 - [u.security.package_manifest.v1](#usecuritypackage_manifestv1)
2317+- [u.unattended_upgrades.status.v1](#uunattended_upgradesstatusv1)
2318
2319 ## u.pro.version.v1
2320
2321@@ -753,6 +778,86 @@ pro api u.pro.packages.updates.v1
2322 }
2323 ```
2324
2325+## u.pro.status.is_attached.v1
2326+
2327+Introduced in Ubuntu Pro Client Version: `28~`
2328+
2329+Shows if the machine is attached to a Pro subscription.
2330+
2331+### Args
2332+
2333+This endpoint takes no arguments.
2334+
2335+### Python API interaction
2336+
2337+#### Calling from Python code
2338+
2339+```python
2340+from uaclient.api.u.pro.status.is_attached.v1 import is_attached
2341+
2342+result = is_attached()
2343+```
2344+
2345+#### Expected return object:
2346+
2347+`uaclient.api.u.pro.status.is_attached.v1.IsAttachedResult`
2348+
2349+|Field Name|Type|Description|
2350+|-|-|-|
2351+|`is_attached`|*bool*|If the machine is attached to a Pro subscription|
2352+
2353+### CLI interaction
2354+
2355+#### Calling from the CLI:
2356+
2357+```bash
2358+pro api u.pro.status.is_attached.v1
2359+```
2360+
2361+## u.pro.status.enabled_services.v1
2362+
2363+Introduced in Ubuntu Pro Client Version: `28~`
2364+
2365+Shows the Pro services that are enabled in the machine.
2366+
2367+### Args
2368+
2369+This endpoint takes no arguments.
2370+
2371+### Python API interaction
2372+
2373+#### Calling from Python code
2374+
2375+```python
2376+from uaclient.api.u.pro.status.enabled_services.v1 import enabled_services
2377+
2378+result = enabled_services()
2379+```
2380+
2381+#### Expected return object:
2382+
2383+`uaclient.api.u.pro.status.enabled_services.v1.EnabledServicesResult`
2384+
2385+|Field Name|Type|Description|
2386+|-|-|-|
2387+|`enabled_services`|*List[EnabledService]*|A list of EnabledServices objects|
2388+
2389+`uaclient.api.u.pro.status.enabled_services.v1.EnabledService`
2390+
2391+|Field Name|Type|Description|
2392+|-|-|-|
2393+|`name` |*str* |name of the service |
2394+|`variant_enabled`|*bool* |If a variant of the service is enabled |
2395+|`variant_name` |*Optional[str]* |name of the variant, if a variant is enabled|
2396+
2397+### CLI interaction
2398+
2399+#### Calling from the CLI:
2400+
2401+```bash
2402+pro api u.pro.status.enabled_services.v1
2403+```
2404+
2405 ## u.security.package_manifest.v1
2406
2407 Introduced in Ubuntu Pro Client Version: `27.12~`
2408@@ -801,3 +906,105 @@ pro api u.security.package_manifest.v1
2409 "package_manifest":"package1\t1.0\npackage2\t2.3\n"
2410 }
2411 ```
2412+
2413+## u.unattended_upgrades.status.v1
2414+
2415+Introduced in Ubuntu Pro Client Version: `27.14~`
2416+
2417+Returns the status around unattended-upgrades. The focus of the endpoint
2418+is to verify if the application is running and how it is configured on
2419+the machine.
2420+
2421+```{important}
2422+For this endpoint, we deliver a unique key under `meta` called `raw_config`. This field contains
2423+all related unattended-upgrades configurations unparsed. This means that this field will maintain
2424+both original name and values for those configurations.
2425+```
2426+
2427+### Args
2428+
2429+This endpoint takes no arguments.
2430+
2431+### Python API interaction
2432+
2433+#### Calling from Python code
2434+
2435+```python
2436+from uaclient.api.u.unattended_upgrades.status.v1 import status
2437+
2438+result = status()
2439+```
2440+
2441+#### Expected return object:
2442+`uaclient.api.u.unattended_upgrades.status.v1.UnattendedUpgradesStatusResult
2443+
2444+|Field Name|Type|Description|
2445+|-|-|-|
2446+|`systemd_apt_timer_enabled`|*bool*|Indicate if the apt-daily.timer jobs are enabled|
2447+|`apt_periodic_job_enabled`|*bool*|Indicate if the APT::Periodic::Enabled configuration is turned off|
2448+|`package_lists_refresh_frequency_days`|*int*|The value of the APT::Periodic::Update-Package-Lists configuration|
2449+|`unattended_upgrades_frequency_days`|*int*|The value of the APT::Periodic::Unattended-Upgrade configuration|
2450+|`unattended_upgrades_allowed_origins`|*List[str]*|The value of the Unattended-Upgrade::Allowed-Origins configuration|
2451+|`unattended_upgrades_running`|*bool*|Indicate if the unattended-upgrade service is correctly configured and running|
2452+|`unattended_upgrades_disabled_reason`|*object*|Object that explains why unattended-upgrades is not running. In case the application is running, the object will be null|
2453+|`unatteded_upgrades_last_run`|`datetime.datetime`|The last time unattended-upgrades has run|
2454+
2455+`uaclient.api.u.unattended_upgrades.status.v1.UnattendedUpgradesStatusDisabledReason`
2456+
2457+|Field Name|Type|Description|
2458+|-|-|-|
2459+|`msg`|*str*|The reason why unattended-upgrades is not running in the system|
2460+|`code`|*str*|The message code associated with the message|
2461+
2462+### Raised exceptions
2463+
2464+- `UnattendedUpgradesError`: Raised in case we cannot run a necessary command to show the status
2465+ of unattended-upgrades
2466+
2467+### CLI interaction
2468+
2469+#### Calling from the CLI:
2470+
2471+```bash
2472+pro api u.unattended_upgrades.status.v1
2473+```
2474+
2475+#### Expected attributes in JSON structure
2476+
2477+```json
2478+{
2479+ "apt_periodic_job_enabled": true,
2480+ "package_lists_refresh_frequency_days": 1,
2481+ "systemd_apt_timer_enabled": true,
2482+ "unattended_upgrades_allowed_origins": [
2483+ "${distro_id}:${distro_codename}",
2484+ "${distro_id}:${distro_codename}-security",
2485+ "${distro_id}ESMApps:${distro_codename}-apps-security",
2486+ "${distro_id}ESM:${distro_codename}-infra-security"
2487+ ],
2488+ "unattended_upgrades_disabled_reason": null,
2489+ "unattended_upgrades_frequency_days": 1,
2490+ "unattended_upgrades_last_run": null,
2491+ "unattended_upgrades_running": true
2492+}
2493+```
2494+
2495+#### Possible attributes in JSON meta field
2496+```json
2497+{
2498+ "meta": {
2499+ "environment_vars": [],
2500+ "raw_config": {
2501+ "APT::Periodic::Enable": "1",
2502+ "APT::Periodic::Unattended-Upgrade": "1",
2503+ "APT::Periodic::Update-Package-Lists": "1",
2504+ "Unattended-Upgrade::Allowed-Origins": [
2505+ "${distro_id}:${distro_codename}",
2506+ "${distro_id}:${distro_codename}-security",
2507+ "${distro_id}ESMApps:${distro_codename}-apps-security",
2508+ "${distro_id}ESM:${distro_codename}-infra-security"
2509+ ]
2510+ }
2511+ }
2512+}
2513+```
2514diff --git a/docs/references/network_requirements.md b/docs/references/network_requirements.md
2515index cb25256..66d01df 100644
2516--- a/docs/references/network_requirements.md
2517+++ b/docs/references/network_requirements.md
2518@@ -1,35 +1,41 @@
2519 # Ubuntu Pro Client network requirements
2520
2521-Using the Ubuntu Pro Client to enable support services will rely on network
2522-access to:
2523-
2524-- Obtain updated service credentials
2525-- Add APT repositories to install `deb` packages
2526-- Install [`snap` packages](https://snapcraft.io/about) when Livepatch is
2527- enabled.
2528+The Ubuntu Pro Client (`pro`) and Ubuntu Pro services need to make network requests to certain services to function correctly.
2529
2530 ```{seealso}
2531-
2532-You can also refer to our [Proxy Configuration guide](/../howtoguides/configure_proxies.md)
2533+You can also refer to our [Proxy Configuration guide](../howtoguides/configure_proxies.md)
2534 to learn how to inform Ubuntu Pro Client of HTTP(S)/APT proxies.
2535 ```
2536
2537-## Network-limited
2538+## Authentication
2539+`pro` needs to authenticate with Canonical servers to provision credentials for access to the individual Ubuntu Pro services.
2540
2541-Ensure the managed system has access to the following port:urls if in a
2542-network-limited environment:
2543+Necessary endpoints:
2544+- `contracts.canonical.com:443`
2545
2546-* `443:https://contracts.canonical.com/`: HTTP PUTs, GETs and POSTs for Ubuntu
2547- Pro Client interaction.
2548-* `443:https://esm.ubuntu.com/\*`: APT repository access for most services.
2549
2550-## Enable kernel Livepatch
2551+## APT package based services
2552+Many services are delivered via authenticated APT repositories. These include:
2553+- `esm-infra` and `esm-apps`
2554+- `fips` and `fips-updates`
2555+- `cis` and `usg`
2556+- `cc-eal`
2557+- `ros` and `ros-updates`
2558+- `realtime-kernel`
2559
2560-Enabling kernel Livepatch requires additional network egress:
2561+Necessary endpoints:
2562+- `esm.ubuntu.com:443`
2563
2564-* `snap` endpoints required in order to install and run snaps as defined in
2565- [snap forum network-requirements post](https://forum.snapcraft.io/t/network-requirements/5147)
2566-* `443:api.snapcraft.io`
2567-* `443:dashboard.snapcraft.io`
2568-* `443:login.ubuntu.com`
2569-* `443:\*.snapcraftcontent.com` - Download CDNs
2570+## Livepatch
2571+`livepatch` requires a `snap`-packaged client, so `snap`-related endpoints are necessary. The Livepatch client itself also requires network access to download the patches from the Livepatch server.
2572+```{seealso}
2573+The [snap documentation page](https://snapcraft.io/docs/network-requirements) may have more up-to-date information on snap-related network requirements.
2574+```
2575+Necessary endpoints for `snap`:
2576+- `api.snapcraft.io:443`
2577+- `dashboard.snapcraft.io:443`
2578+- `login.ubuntu.com:443`
2579+- `*.snapcraftcontent.com:443`
2580+
2581+Necessary endpoints for `livepatch`:
2582+- `livepatch.canonical.com:443`
2583diff --git a/docs/sitemap-index.xml b/docs/sitemap-index.xml
2584new file mode 100644
2585index 0000000..efce50f
2586--- /dev/null
2587+++ b/docs/sitemap-index.xml
2588@@ -0,0 +1,8 @@
2589+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
2590+ <url>
2591+ <loc>https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/</loc>
2592+ <changefreq>weekly</changefreq>
2593+ <priority>1.0</priority>
2594+ </url>
2595+</urlset>
2596+
2597diff --git a/docs/tutorials/create_a_fips_updates_pro_cloud_image.md b/docs/tutorials/create_a_fips_updates_pro_cloud_image.md
2598index e4427bc..10b87b3 100644
2599--- a/docs/tutorials/create_a_fips_updates_pro_cloud_image.md
2600+++ b/docs/tutorials/create_a_fips_updates_pro_cloud_image.md
2601@@ -1,8 +1,8 @@
2602-# Customised Cloud Ubuntu Pro images with FIPS updates
2603+# How to customise a cloud Ubuntu Pro image with FIPS updates
2604
2605 ## Launch an Ubuntu Pro instance on your cloud
2606
2607-See the following links for up to date information for each supported Cloud:
2608+See the following links for up to date information for each supported cloud:
2609
2610 * https://ubuntu.com/aws/pro
2611 * https://ubuntu.com/azure/pro
2612@@ -10,20 +10,20 @@ See the following links for up to date information for each supported Cloud:
2613
2614 ## Enable FIPS updates
2615
2616-First, we need to wait for the standard Ubuntu Pro services to be set up:
2617+Wait for the standard Ubuntu Pro services to be set up:
2618
2619 ```bash
2620 sudo pro status --wait
2621 ```
2622
2623-We can then use [the `enable` command](../howtoguides/enable_fips.md) to set up
2624+Use [the `enable` command](../howtoguides/enable_fips.md) to set up
2625 FIPS updates.
2626
2627 ```bash
2628 sudo pro enable fips-updates --assume-yes
2629 ```
2630
2631-Now, we need to reboot the instance:
2632+Now, reboot the instance:
2633
2634 ```bash
2635 sudo reboot
2636@@ -49,12 +49,12 @@ Cloud-specific instructions are here:
2637 * [Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource)
2638 * [GCP](https://cloud.google.com/compute/docs/machine-images/create-machine-images)
2639
2640-## Launch your custom image!
2641+## Launch your custom image
2642
2643-Use your specific Cloud to launch a new instance from your custom image.
2644+Use your specific cloud to launch a new instance from the custom image.
2645
2646 ````{note}
2647-For versions prior to 27.11, you will need to re-enable `fips-updates` on each
2648+For versions of the Ubuntu Pro Client prior to 27.11, you will need to re-enable `fips-updates` on each
2649 instance launched from the custom image.
2650
2651 This won't require a reboot and is only necessary to ensure the instance gets
2652@@ -64,7 +64,7 @@ updates to FIPS packages when they become available.
2653 sudo pro enable fips-updates --assume-yes
2654 ```
2655
2656-You can easily script this using [cloud-init user data](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) at launch time:
2657+This can be scripted using [cloud-init user data](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) at launch time:
2658 ```yaml
2659 #cloud-config
2660 # Enable fips-updates after pro auto-attach and reboot after cloud-init completes
2661diff --git a/docs/tutorials/fix_scenarios.md b/docs/tutorials/fix_scenarios.md
2662index fe6f8e2..1c96800 100644
2663--- a/docs/tutorials/fix_scenarios.md
2664+++ b/docs/tutorials/fix_scenarios.md
2665@@ -81,7 +81,9 @@ You should see an output like this:
2666 ```
2667 CVE-2020-15180: MariaDB vulnerabilities
2668 https://ubuntu.com/security/CVE-2020-15180
2669+
2670 No affected source packages are installed.
2671+
2672 ✔ CVE-2020-15180 does not affect your system.
2673 ```
2674
2675@@ -110,10 +112,12 @@ You will then see the following output:
2676 ```
2677 CVE-2020-25686: Dnsmasq vulnerabilities
2678 https://ubuntu.com/security/CVE-2020-25686
2679+
2680 1 affected package is installed: dnsmasq
2681 (1/1) dnsmasq:
2682 A fix is available in Ubuntu standard updates.
2683 { apt update && apt install --only-upgrade -y dnsmasq }
2684+
2685 ✔ CVE-2020-25686 is resolved.
2686 ```
2687
2688@@ -137,10 +141,12 @@ run the `pro fix` command again, and we should now see the following:
2689 ```
2690 CVE-2020-25686: Dnsmasq vulnerabilities
2691 https://ubuntu.com/security/CVE-2020-25686
2692+
2693 1 affected package is installed: dnsmasq
2694 (1/1) dnsmasq:
2695 A fix is available in Ubuntu standard updates.
2696 The update is already installed.
2697+
2698 ✔ CVE-2020-25686 is resolved.
2699 ```
2700
2701@@ -151,30 +157,34 @@ let you know! Before we reproduce this scenario, let us first install a package
2702 that we know has no fix available by running:
2703
2704 ```console
2705-$ sudo apt install -y libawl-php
2706+$ sudo apt-get install -y expat=2.1.0-7 swish-e matanza ghostscript
2707 ```
2708
2709 Now, we can confirm that there is no fix by running the following command:
2710
2711 ```console
2712-$ pro fix USN-4539-1
2713+$ pro fix CVE-2017-9233
2714 ```
2715
2716 You will see the following output:
2717
2718 ```
2719-USN-4539-1: AWL vulnerability
2720-Found CVEs:
2721-https://ubuntu.com/security/CVE-2020-11728
2722-1 affected source package is installed: awl
2723-(1/1) awl:
2724-Sorry, no fix is available.
2725-1 package is still affected: awl
2726-✘ USN-4539-1 is not resolved.
2727+CVE-2017-9233: Coin3D vulnerability
2728+ - https://ubuntu.com/security/CVE-2017-9233
2729+
2730+3 affected source packages are installed: expat, matanza, swish-e
2731+(1/3, 2/3) matanza, swish-e:
2732+Ubuntu security engineers are investigating this issue.
2733+(3/3) expat:
2734+A fix is available in Ubuntu standard updates.
2735+{ apt update && apt install --only-upgrade -y expat }
2736+
2737+2 packages are still affected: matanza, swish-e
2738+✘ CVE-2017-9233 is not resolved.
2739 ```
2740
2741-As you can see, we are informed by `pro fix` that there is no fix available. In
2742-the last line, we can also see that the USN is not resolved.
2743+As you can see, we are informed by `pro fix` that some packages do not have a fix available. In
2744+the last line, we can also see that the CVE is not resolved.
2745
2746 ## CVE/USN that require an Ubuntu Pro subscription
2747
2748@@ -193,6 +203,8 @@ USN-5079-2: curl vulnerabilities
2749 Found CVEs:
2750 https://ubuntu.com/security/CVE-2021-22946
2751 https://ubuntu.com/security/CVE-2021-22947
2752+
2753+Fixing requested USN-5079-2
2754 1 affected package is installed: curl
2755 (1/1) curl:
2756 A fix is available in Ubuntu Pro: ESM Infra.
2757@@ -222,6 +234,7 @@ USN-5079-2: curl vulnerabilities
2758 Found CVEs:
2759 https://ubuntu.com/security/CVE-2021-22946
2760 https://ubuntu.com/security/CVE-2021-22947
2761+
2762 1 affected package is installed: curl
2763 (1/1) curl:
2764 A fix is available in Ubuntu Pro: ESM Infra.
2765@@ -258,22 +271,40 @@ Enable services with: pro enable <service>
2766 Technical support level: essential
2767 { apt update && apt install --only-upgrade -y curl libcurl3-gnutls }
2768 ✔ USN-5079-2 is resolved.
2769+
2770+Found related USNs:
2771+- USN-5079-1
2772+
2773+Fixing related USNs:
2774+- USN-5079-1
2775+No affected source packages are installed.
2776+
2777+✔ USN-5079-1 does not affect your system.
2778+
2779+Summary:
2780+✔ USN-5079-2 [requested] is resolved.
2781+✔ USN-5079-1 [related] does not affect your system.
2782 ```
2783
2784-We can see that that the attach command was successful, which can be verified
2785+We can see that this command also fixed related USN **USN-5079-1**.
2786+If you want to learn more about related USNs, refer to [our explanation guide](../explanations/cves_and_usns_explained.md#what-are-related-usns)
2787+
2788+Finally, we can see that that the attach command was successful, which can be verified
2789 by the status output we see when executing the command. Additionally, we can
2790 observe that the USN is indeed fixed, which you can confirm by running the
2791 `pro fix` command again:
2792
2793 ```
2794-N-5079-2: curl vulnerabilities
2795+USN-5079-2: curl vulnerabilities
2796 Found CVEs:
2797 https://ubuntu.com/security/CVE-2021-22946
2798 https://ubuntu.com/security/CVE-2021-22947
2799+
2800 1 affected package is installed: curl
2801 (1/1) curl:
2802 A fix is available in Ubuntu Pro: ESM Infra.
2803 The update is already installed.
2804+
2805 ✔ USN-5079-2 is resolved.
2806 ```
2807
2808@@ -308,6 +339,7 @@ prompted):
2809 ```
2810 CVE-2021-44731: snapd vulnerabilities
2811 https://ubuntu.com/security/CVE-2021-44731
2812+
2813 1 affected package is installed: snapd
2814 (1/1) snapd:
2815 A fix is available in Ubuntu Pro: ESM Infra.
2816@@ -321,6 +353,7 @@ One moment, checking your subscription first
2817 Updating package lists
2818 Ubuntu Pro: ESM Infra enabled
2819 { apt update && apt install --only-upgrade -y ubuntu-core-launcher snapd }
2820+
2821 ✔ CVE-2021-44731 is resolved.
2822 ```
2823
2824@@ -342,13 +375,15 @@ $ sudo pro fix CVE-2022-0778
2825 Then you will see the following output:
2826
2827 ```
2828-VE-2022-0778: OpenSSL vulnerability
2829+CVE-2022-0778: OpenSSL vulnerability
2830 https://ubuntu.com/security/CVE-2022-0778
2831+
2832 1 affected package is installed: openssl
2833 (1/1) openssl:
2834 A fix is available in Ubuntu Pro: ESM Infra.
2835 { apt update && apt install --only-upgrade -y libssl1.0.0 openssl }
2836 A reboot is required to complete fix operation.
2837+
2838 ✘ CVE-2022-0778 is not resolved.
2839 ```
2840
2841@@ -358,10 +393,12 @@ indeed fixed:
2842 ```
2843 CVE-2022-0778: OpenSSL vulnerability
2844 https://ubuntu.com/security/CVE-2022-0778
2845+
2846 1 affected package is installed: openssl
2847 (1/1) openssl:
2848 A fix is available in Ubuntu Pro: ESM Infra.
2849 The update is already installed.
2850+
2851 ✔ CVE-2022-0778 is resolved.
2852 ```
2853
2854@@ -390,6 +427,7 @@ And you will see the following output:
2855 ```
2856 CVE-2017-9233: Expat vulnerability
2857 https://ubuntu.com/security/CVE-2017-9233
2858+
2859 3 affected packages are installed: expat, matanza, swish-e
2860 (1/3, 2/3) matanza, swish-e:
2861 Sorry, no fix is available.
2862@@ -397,6 +435,7 @@ Sorry, no fix is available.
2863 A fix is available in Ubuntu standard updates.
2864 { apt update && apt install --only-upgrade -y expat }
2865 2 packages are still affected: matanza, swish-e
2866+
2867 ✘ CVE-2017-9233 is not resolved.
2868 ```
2869
2870diff --git a/features/_version.feature b/features/_version.feature
2871index 2a575d8..3530d3d 100644
2872--- a/features/_version.feature
2873+++ b/features/_version.feature
2874@@ -2,17 +2,17 @@ Feature: Pro is expected version
2875
2876 @series.all
2877 @uses.config.check_version
2878- @uses.config.machine_type.lxd.container
2879- @uses.config.machine_type.lxd.vm
2880+ @uses.config.machine_type.lxd-container
2881+ @uses.config.machine_type.lxd-vm
2882 @uses.config.machine_type.aws.generic
2883 @uses.config.machine_type.aws.pro
2884- @uses.config.machine_type.aws.pro.fips
2885+ @uses.config.machine_type.aws.pro-fips
2886 @uses.config.machine_type.azure.generic
2887 @uses.config.machine_type.azure.pro
2888- @uses.config.machine_type.azure.pro.fips
2889+ @uses.config.machine_type.azure.pro-fips
2890 @uses.config.machine_type.gcp.generic
2891 @uses.config.machine_type.gcp.pro
2892- @uses.config.machine_type.gcp.pro.fips
2893+ @uses.config.machine_type.gcp.pro-fips
2894 Scenario Outline: Check pro version
2895 Given a `<release>` machine with ubuntu-advantage-tools installed
2896 When I run `dpkg-query --showformat='${Version}' --show ubuntu-advantage-tools` with sudo
2897@@ -44,7 +44,7 @@ Feature: Pro is expected version
2898
2899 @series.all
2900 @uses.config.check_version
2901- @uses.config.machine_type.lxd.container
2902+ @uses.config.machine_type.lxd-container
2903 @upgrade
2904 Scenario Outline: Check pro version
2905 Given a `<release>` machine with ubuntu-advantage-tools installed
2906diff --git a/features/airgapped.feature b/features/airgapped.feature
2907index 707d25b..2997971 100644
2908--- a/features/airgapped.feature
2909+++ b/features/airgapped.feature
2910@@ -2,7 +2,7 @@
2911 Feature: Performing attach using ua-airgapped
2912
2913 @series.jammy
2914- @uses.config.machine_type.lxd.container
2915+ @uses.config.machine_type.lxd-container
2916 Scenario Outline: Attached enable Common Criteria service in an ubuntu lxd container
2917 Given a `<release>` machine with ubuntu-advantage-tools installed
2918 # set up the apt mirror configuration
2919diff --git a/features/api.feature b/features/api.feature
2920index 8ac86f4..950b012 100644
2921--- a/features/api.feature
2922+++ b/features/api.feature
2923@@ -1,7 +1,7 @@
2924 Feature: Client behaviour for the API endpoints
2925
2926 @series.all
2927- @uses.config.machine_type.lxd.container
2928+ @uses.config.machine_type.lxd-container
2929 Scenario Outline: API invalid endpoint or args
2930 Given a `<release>` machine with ubuntu-advantage-tools installed
2931 When I verify that running `pro api invalid.endpoint` `with sudo` exits `1`
2932@@ -25,7 +25,7 @@ Feature: Client behaviour for the API endpoints
2933 | lunar |
2934
2935 @series.all
2936- @uses.config.machine_type.lxd.container
2937+ @uses.config.machine_type.lxd-container
2938 Scenario Outline: Basic endpoints
2939 Given a `<release>` machine with ubuntu-advantage-tools installed
2940 When I run `pro api u.pro.version.v1` with sudo
2941@@ -43,6 +43,16 @@ Feature: Client behaviour for the API endpoints
2942 """
2943 {"_schema_version": "v1", "data": {"attributes": {"should_auto_attach": false}, "meta": {"environment_vars": \[\]}, "type": "ShouldAutoAttach"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]}
2944 """
2945+ When I run `ua api u.pro.status.is_attached.v1` with sudo
2946+ Then stdout matches regexp:
2947+ """
2948+ {"_schema_version": "v1", "data": {"attributes": {"is_attached": false}, "meta": {"environment_vars": \[\]}, "type": "IsAttached"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]}
2949+ """
2950+ When I run `ua api u.pro.status.enabled_services.v1` with sudo
2951+ Then stdout matches regexp:
2952+ """
2953+ {"_schema_version": "v1", "data": {"attributes": {"enabled_services": \[\]}, "meta": {"environment_vars": \[\]}, "type": "EnabledServices"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]}
2954+ """
2955
2956 Examples: ubuntu release
2957 | release |
2958diff --git a/features/api_configure_retry_service.feature b/features/api_configure_retry_service.feature
2959index d3d6edb..31ef305 100644
2960--- a/features/api_configure_retry_service.feature
2961+++ b/features/api_configure_retry_service.feature
2962@@ -1,7 +1,7 @@
2963 Feature: api.u.pro.attach.auto.configure_retry_service
2964
2965 @series.lts
2966- @uses.config.machine_type.lxd.container
2967+ @uses.config.machine_type.lxd-container
2968 Scenario Outline: v1 successfully triggers retry service when run during startup
2969 Given a `<release>` machine with ubuntu-advantage-tools installed
2970 When I change contract to staging with sudo
2971diff --git a/features/api_full_auto_attach.feature b/features/api_full_auto_attach.feature
2972index c65fca5..9df2f69 100644
2973--- a/features/api_full_auto_attach.feature
2974+++ b/features/api_full_auto_attach.feature
2975@@ -27,7 +27,7 @@ Feature: Full Auto-Attach Endpoint
2976 """
2977 Then stdout matches regexp:
2978 """
2979- livepatch +yes +(disabled|n/a) +Canonical Livepatch service
2980+ livepatch +yes +(disabled|n/a) +(Canonical Livepatch service|Current kernel is not supported)
2981 """
2982 Examples:
2983 | release |
2984diff --git a/features/api_magic_attach.feature b/features/api_magic_attach.feature
2985index 4ab6592..2364a81 100644
2986--- a/features/api_magic_attach.feature
2987+++ b/features/api_magic_attach.feature
2988@@ -1,7 +1,7 @@
2989 Feature: Magic Attach endpoints
2990
2991 @series.lts
2992- @uses.config.machine_type.lxd.container
2993+ @uses.config.machine_type.lxd-container
2994 Scenario Outline: Call magic attach endpoints
2995 Given a `<release>` machine with ubuntu-advantage-tools installed
2996 When I change contract to staging with sudo
2997diff --git a/features/api_packages.feature b/features/api_packages.feature
2998index e22798b..da63bbc 100644
2999--- a/features/api_packages.feature
3000+++ b/features/api_packages.feature
3001@@ -1,7 +1,7 @@
3002 Feature: Package related API endpoints
3003
3004 @series.all
3005- @uses.config.machine_type.lxd.container
3006+ @uses.config.machine_type.lxd-container
3007 @uses.config.contract_token
3008 Scenario Outline: Call packages API endpoints to see information in a Ubuntu machine
3009 Given a `<release>` machine with ubuntu-advantage-tools installed
3010diff --git a/features/api_security.feature b/features/api_security.feature
3011index 85e8ae8..c682bee 100644
3012--- a/features/api_security.feature
3013+++ b/features/api_security.feature
3014@@ -1,7 +1,7 @@
3015 Feature: API security/security status tests
3016
3017 @series.xenial
3018- @uses.config.machine_type.lxd.vm
3019+ @uses.config.machine_type.lxd-vm
3020 @uses.config.contract_token
3021 Scenario: Call Livepatched CVEs endpoint
3022 Given a `xenial` machine with ubuntu-advantage-tools installed
3023@@ -17,7 +17,7 @@ Feature: API security/security status tests
3024 """
3025
3026 @series.lts
3027- @uses.config.machine_type.lxd.container
3028+ @uses.config.machine_type.lxd-container
3029 @uses.config.contract_token
3030 Scenario Outline: Call package manifest endpoint for machine
3031 Given a `<release>` machine with ubuntu-advantage-tools installed
3032diff --git a/features/api_unattended_upgrades.feature b/features/api_unattended_upgrades.feature
3033index 43f0ef6..9449ef5 100644
3034--- a/features/api_unattended_upgrades.feature
3035+++ b/features/api_unattended_upgrades.feature
3036@@ -1,7 +1,7 @@
3037 Feature: api.u.unattended_upgrades.status.v1
3038
3039 @series.all
3040- @uses.config.machine_type.lxd.container
3041+ @uses.config.machine_type.lxd-container
3042 Scenario Outline: v1 unattended upgrades status
3043 Given a `<release>` machine with ubuntu-advantage-tools installed
3044 When I run `pro api u.unattended_upgrades.status.v1` as non-root
3045diff --git a/features/apt_messages.feature b/features/apt_messages.feature
3046index 401360d..90ed066 100644
3047--- a/features/apt_messages.feature
3048+++ b/features/apt_messages.feature
3049@@ -1,7 +1,7 @@
3050 Feature: APT Messages
3051
3052 @series.xenial
3053- @uses.config.machine_type.lxd.container
3054+ @uses.config.machine_type.lxd-container
3055 Scenario Outline: APT JSON Hook prints package counts correctly on xenial
3056 Given a `<release>` machine with ubuntu-advantage-tools installed
3057 When I attach `contract_token` with sudo
3058@@ -99,7 +99,7 @@ Feature: APT Messages
3059 | xenial | accountsservice=0.6.40-2ubuntu10 libaccountsservice0=0.6.40-2ubuntu10 | curl=7.47.0-1ubuntu2 libcurl3-gnutls=7.47.0-1ubuntu2 | hello=2.10-1 |
3060
3061 @series.xenial
3062- @uses.config.machine_type.lxd.container
3063+ @uses.config.machine_type.lxd-container
3064 Scenario Outline: APT Hook advertises esm-infra on upgrade
3065 Given a `<release>` machine with ubuntu-advantage-tools installed
3066 When I run `apt-get update` with sudo
3067@@ -157,7 +157,7 @@ Feature: APT Messages
3068 @series.bionic
3069 @series.focal
3070 @series.jammy
3071- @uses.config.machine_type.lxd.container
3072+ @uses.config.machine_type.lxd-container
3073 Scenario Outline: APT Hook advertises esm-apps on upgrade
3074 Given a `<release>` machine with ubuntu-advantage-tools installed
3075 When I run `apt-get update` with sudo
3076@@ -175,7 +175,7 @@ Feature: APT Messages
3077 Calculating upgrade...
3078 Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
3079 <package>
3080- Learn more about Ubuntu Pro at https://ubuntu.com/pro
3081+ <learn_more_msg>
3082 0 upgraded, 0 newly installed, 0 to remove and \d+ not upgraded.
3083 """
3084 When I run `apt-get upgrade` with sudo
3085@@ -211,13 +211,13 @@ Feature: APT Messages
3086 0 upgraded, 0 newly installed, 0 to remove and \d+ not upgraded\.
3087 """
3088 Examples: ubuntu release
3089- | release | package |
3090- | bionic | ansible |
3091- | focal | hello |
3092- | jammy | hello |
3093+ | release | package | learn_more_msg |
3094+ | bionic | ansible | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 |
3095+ | focal | hello | Learn more about Ubuntu Pro at https://ubuntu.com/pro |
3096+ | jammy | hello | Learn more about Ubuntu Pro at https://ubuntu.com/pro |
3097
3098 @series.all
3099- @uses.config.machine_type.lxd.container
3100+ @uses.config.machine_type.lxd-container
3101 Scenario Outline: APT News
3102 Given a `<release>` machine with ubuntu-advantage-tools installed
3103 When I attach `contract_token` with sudo
3104@@ -613,60 +613,35 @@ Feature: APT Messages
3105
3106 @series.xenial
3107 @series.bionic
3108+ @series.focal
3109+ @uses.config.machine_type.any
3110 @uses.config.machine_type.aws.generic
3111- Scenario Outline: AWS URLs
3112- Given a `<release>` machine with ubuntu-advantage-tools installed
3113- When I run `apt-get update` with sudo
3114- When I run `apt-get install ansible -y` with sudo
3115- When I run `apt-get update` with sudo
3116- When I run `apt upgrade --dry-run` with sudo
3117- Then stdout matches regexp:
3118- """
3119- <msg>
3120- """
3121- Examples: ubuntu release
3122- | release | msg |
3123- | xenial | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 |
3124- | bionic | Learn more about Ubuntu Pro on AWS at https:\/\/ubuntu\.com\/aws\/pro |
3125-
3126- @series.xenial
3127- @series.bionic
3128 @uses.config.machine_type.azure.generic
3129- Scenario Outline: Azure URLs
3130- Given a `<release>` machine with ubuntu-advantage-tools installed
3131- When I run `apt-get update` with sudo
3132- When I run `apt-get install ansible -y` with sudo
3133- When I run `apt-get update` with sudo
3134- When I run `apt upgrade --dry-run` with sudo
3135- Then stdout matches regexp:
3136- """
3137- <msg>
3138- """
3139- Examples: ubuntu release
3140- | release | msg |
3141- | xenial | Learn more about Ubuntu Pro for 16\.04 on Azure at https:\/\/ubuntu\.com\/16-04\/azure |
3142- | bionic | Learn more about Ubuntu Pro on Azure at https:\/\/ubuntu\.com\/azure\/pro |
3143-
3144- @series.xenial
3145- @series.bionic
3146 @uses.config.machine_type.gcp.generic
3147- Scenario Outline: GCP URLs
3148- Given a `<release>` machine with ubuntu-advantage-tools installed
3149+ Scenario Outline: Cloud and series-specific URLs
3150+ Given a `<release>` `<machine_type>` machine with ubuntu-advantage-tools installed
3151 When I run `apt-get update` with sudo
3152 When I run `apt-get install ansible -y` with sudo
3153 When I run `apt-get update` with sudo
3154 When I run `apt upgrade --dry-run` with sudo
3155- Then stdout matches regexp:
3156+ Then stdout contains substring:
3157 """
3158 <msg>
3159 """
3160- Examples: ubuntu release
3161- | release | msg |
3162- | xenial | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 |
3163- | bionic | Learn more about Ubuntu Pro on GCP at https:\/\/ubuntu\.com\/gcp\/pro |
3164+ Examples: release-per-machine-type
3165+ | release | machine_type | msg |
3166+ | xenial | aws.generic | Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 |
3167+ | xenial | azure.generic | Learn more about Ubuntu Pro for 16.04 on Azure at https://ubuntu.com/16-04/azure |
3168+ | xenial | gcp.generic | Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 |
3169+ | bionic | aws.generic | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 |
3170+ | bionic | azure.generic | Learn more about Ubuntu Pro for 18.04 on Azure at https://ubuntu.com/18-04/azure |
3171+ | bionic | gcp.generic | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 |
3172+ | focal | aws.generic | Learn more about Ubuntu Pro on AWS at https://ubuntu.com/aws/pro |
3173+ | focal | azure.generic | Learn more about Ubuntu Pro on Azure at https://ubuntu.com/azure/pro |
3174+ | focal | gcp.generic | Learn more about Ubuntu Pro on GCP at https://ubuntu.com/gcp/pro |
3175
3176 @series.kinetic
3177- @uses.config.machine_type.lxd.container
3178+ @uses.config.machine_type.lxd-container
3179 Scenario Outline: APT Hook do not advertises esm-apps on upgrade for interim releases
3180 Given a `<release>` machine with ubuntu-advantage-tools installed
3181 When I run `apt-get update` with sudo
3182diff --git a/features/attach_invalidtoken.feature b/features/attach_invalidtoken.feature
3183index d3c145d..5897668 100644
3184--- a/features/attach_invalidtoken.feature
3185+++ b/features/attach_invalidtoken.feature
3186@@ -2,7 +2,7 @@ Feature: Command behaviour when trying to attach a machine to an Ubuntu
3187 Pro subscription using an invalid token
3188
3189 @series.all
3190- @uses.config.machine_type.lxd.container
3191+ @uses.config.machine_type.lxd-container
3192 Scenario Outline: Attach command failure on invalid token
3193 Given a `<release>` machine with ubuntu-advantage-tools installed
3194 When I verify that running `pro attach INVALID_TOKEN` `with sudo` exits `1`
3195@@ -32,7 +32,7 @@ Feature: Command behaviour when trying to attach a machine to an Ubuntu
3196 | lunar |
3197
3198 @series.all
3199- @uses.config.machine_type.lxd.container
3200+ @uses.config.machine_type.lxd-container
3201 @uses.config.contract_token_staging_expired
3202 Scenario Outline: Attach command failure on expired token
3203 Given a `<release>` machine with ubuntu-advantage-tools installed
3204diff --git a/features/attach_validtoken.feature b/features/attach_validtoken.feature
3205index da04c06..e894c1e 100644
3206--- a/features/attach_validtoken.feature
3207+++ b/features/attach_validtoken.feature
3208@@ -4,22 +4,35 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
3209
3210 @series.kinetic
3211 @series.lunar
3212- @uses.config.machine_type.lxd.container
3213+ @uses.config.machine_type.lxd-container
3214 Scenario Outline: Attached command in a non-lts ubuntu machine
3215 Given a `<release>` machine with ubuntu-advantage-tools installed
3216 When I attach `contract_token` with sudo
3217- And I run `pro status --all` as non-root
3218+ And I run `pro status` as non-root
3219 Then stdout matches regexp:
3220- """
3221- SERVICE +ENTITLED STATUS DESCRIPTION
3222- cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages
3223- cis +yes +n/a +Security compliance and audit tools
3224- esm-apps +yes +n/a +Expanded Security Maintenance for Applications
3225- esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure
3226- fips +yes +n/a +NIST-certified core packages
3227- fips-updates +yes +n/a +NIST-certified core packages with priority security updates
3228- livepatch +yes +n/a +Canonical Livepatch service
3229- """
3230+ """
3231+ No Ubuntu Pro services are available to this system.
3232+ """
3233+ And stdout matches regexp:
3234+ """
3235+ For a list of all Ubuntu Pro services, run 'pro status --all'
3236+ """
3237+ When I run `pro status --all` as non-root
3238+ Then stdout matches regexp:
3239+ """
3240+ SERVICE +ENTITLED STATUS DESCRIPTION
3241+ cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages
3242+ cis +yes +n/a +Security compliance and audit tools
3243+ esm-apps +yes +n/a +Expanded Security Maintenance for Applications
3244+ esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure
3245+ fips +yes +n/a +NIST-certified core packages
3246+ fips-updates +yes +n/a +NIST-certified core packages with priority security updates
3247+ livepatch +yes +n/a +Canonical Livepatch service
3248+ """
3249+ And stdout does not match regexp:
3250+ """
3251+ For a list of all Ubuntu Pro services, run 'pro status --all'
3252+ """
3253
3254 Examples: ubuntu release
3255 | release |
3256@@ -27,7 +40,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
3257 | lunar |
3258
3259 @series.lts
3260- @uses.config.machine_type.lxd.container
3261+ @uses.config.machine_type.lxd-container
3262 Scenario Outline: Attach command in a ubuntu lxd container
3263 Given a `<release>` machine with ubuntu-advantage-tools installed
3264 When I run `apt-get update` with sudo, retrying exit [100]
3265@@ -83,10 +96,10 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
3266 | xenial | libkrad0=1.13.2+dfsg-5 | disabled | cis | disabled | disabled | Canonical Livepatch service |
3267 | bionic | libkrad0=1.16-2build1 | disabled | cis | disabled | disabled | Canonical Livepatch service |
3268 | focal | hello=2.10-2ubuntu2 | n/a | usg | disabled | disabled | Canonical Livepatch service |
3269- | jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Available with the HWE kernel |
3270+ | jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Canonical Livepatch service |
3271
3272 @series.lts
3273- @uses.config.machine_type.lxd.container
3274+ @uses.config.machine_type.lxd-container
3275 Scenario Outline: Attach command with attach config
3276 Given a `<release>` machine with ubuntu-advantage-tools installed
3277 # simplest happy path
3278@@ -306,7 +319,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
3279 | jammy | enabled | n/a | n/a | usg | n/a |
3280
3281 @series.all
3282- @uses.config.machine_type.lxd.container
3283+ @uses.config.machine_type.lxd-container
3284 Scenario Outline: Attach command with json output
3285 Given a `<release>` machine with ubuntu-advantage-tools installed
3286 When I verify that running attach `as non-root` with json response exits `1`
3287@@ -334,7 +347,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
3288 | jammy | n/a |
3289
3290 @series.all
3291- @uses.config.machine_type.lxd.container
3292+ @uses.config.machine_type.lxd-container
3293 Scenario Outline: Attach and Check for contract change in status checking
3294 Given a `<release>` machine with ubuntu-advantage-tools installed
3295 When I attach `contract_token` with sudo
3296@@ -380,6 +393,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
3297
3298 Examples: ubuntu release livepatch status
3299 | release |
3300- | xenial |
3301- | bionic |
3302- | focal |
3303+ # removing until we add this feature back in a way that doesn't hammer the server
3304+ #| xenial |
3305+ #| bionic |
3306+ #| focal |
3307diff --git a/features/attached_commands.feature b/features/attached_commands.feature
3308index 524e4e0..2681466 100644
3309--- a/features/attached_commands.feature
3310+++ b/features/attached_commands.feature
3311@@ -2,7 +2,7 @@
3312 Feature: Command behaviour when attached to an Ubuntu Pro subscription
3313
3314 @series.all
3315- @uses.config.machine_type.lxd.container
3316+ @uses.config.machine_type.lxd-container
3317 Scenario Outline: Attached refresh in a ubuntu machine
3318 Given a `<release>` machine with ubuntu-advantage-tools installed
3319 When I attach `contract_token` with sudo
3320@@ -60,7 +60,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3321 | lunar |
3322
3323 @series.all
3324- @uses.config.machine_type.lxd.container
3325+ @uses.config.machine_type.lxd-container
3326 Scenario Outline: Attached disable of an already disabled service in a ubuntu machine
3327 Given a `<release>` machine with ubuntu-advantage-tools installed
3328 When I attach `contract_token` with sudo
3329@@ -86,7 +86,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3330 | lunar |
3331
3332 @series.lts
3333- @uses.config.machine_type.lxd.container
3334+ @uses.config.machine_type.lxd-container
3335 Scenario Outline: Attached disable with json format
3336 Given a `<release>` machine with ubuntu-advantage-tools installed
3337 When I attach `contract_token` with sudo
3338@@ -144,7 +144,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3339 @series.xenial
3340 @series.bionic
3341 @series.jammy
3342- @uses.config.machine_type.lxd.container
3343+ @uses.config.machine_type.lxd-container
3344 Scenario Outline: Attached disable of a service in a ubuntu machine
3345 Given a `<release>` machine with ubuntu-advantage-tools installed
3346 When I attach `contract_token` with sudo
3347@@ -183,7 +183,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3348 | jammy | Try cc-eal, esm-apps, esm-infra, fips, fips-updates, livepatch, realtime-kernel,\nros, ros-updates, usg. |
3349
3350 @series.focal
3351- @uses.config.machine_type.lxd.container
3352+ @uses.config.machine_type.lxd-container
3353 Scenario: Attached disable of a service in a ubuntu machine
3354 Given a `focal` machine with ubuntu-advantage-tools installed
3355 When I attach `contract_token` with sudo
3356@@ -218,86 +218,91 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3357
3358
3359 @series.lts
3360- @uses.config.machine_type.lxd.container
3361+ @uses.config.machine_type.lxd-container
3362 Scenario Outline: Attached detach in an ubuntu machine
3363 Given a `<release>` machine with ubuntu-advantage-tools installed
3364 When I attach `contract_token` with sudo
3365+ And I run `pro api u.pro.status.enabled_services.v1` as non-root
3366+ Then stdout matches regexp:
3367+ """
3368+ {"_schema_version": "v1", "data": {"attributes": {"enabled_services": \[{"name": "esm-apps", "variant_enabled": false, "variant_name": null}, {"name": "esm-infra", "variant_enabled": false, "variant_name": null}\]}, "meta": {"environment_vars": \[\]}, "type": "EnabledServices"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]}
3369+ """
3370 Then I verify that running `pro detach` `as non-root` exits `1`
3371 And stderr matches regexp:
3372- """
3373- This command must be run as root \(try using sudo\).
3374- """
3375+ """
3376+ This command must be run as root \(try using sudo\).
3377+ """
3378 When I run `pro detach --assume-yes` with sudo
3379 Then I will see the following on stdout:
3380- """
3381- Detach will disable the following services:
3382- esm-apps
3383- esm-infra
3384- Updating package lists
3385- Updating package lists
3386- This machine is now detached.
3387- """
3388+ """
3389+ Detach will disable the following services:
3390+ esm-apps
3391+ esm-infra
3392+ Updating package lists
3393+ Updating package lists
3394+ This machine is now detached.
3395+ """
3396 When I run `pro status --all` as non-root
3397 Then stdout matches regexp:
3398- """
3399- SERVICE +AVAILABLE DESCRIPTION
3400- cc-eal +<cc-eal> +Common Criteria EAL2 Provisioning Packages
3401- """
3402+ """
3403+ SERVICE +AVAILABLE DESCRIPTION
3404+ cc-eal +<cc-eal> +Common Criteria EAL2 Provisioning Packages
3405+ """
3406 Then stdout matches regexp:
3407- """
3408- esm-apps +<esm-apps> +Expanded Security Maintenance for Applications
3409- esm-infra +yes +Expanded Security Maintenance for Infrastructure
3410- fips +<fips> +NIST-certified core packages
3411- fips-updates +<fips> +NIST-certified core packages with priority security updates
3412- livepatch +(yes|no) +(Canonical Livepatch service|Current kernel is not supported)
3413- realtime-kernel +<realtime-kernel> +Ubuntu kernel with PREEMPT_RT patches integrated
3414- ros +<ros> +Security Updates for the Robot Operating System
3415- ros-updates +<ros> +All Updates for the Robot Operating System
3416- """
3417+ """
3418+ esm-apps +<esm-apps> +Expanded Security Maintenance for Applications
3419+ esm-infra +yes +Expanded Security Maintenance for Infrastructure
3420+ fips +<fips> +NIST-certified core packages
3421+ fips-updates +<fips> +NIST-certified core packages with priority security updates
3422+ livepatch +(yes|no) +(Canonical Livepatch service|Current kernel is not supported)
3423+ realtime-kernel +<realtime-kernel> +Ubuntu kernel with PREEMPT_RT patches integrated
3424+ ros +<ros> +Security Updates for the Robot Operating System
3425+ ros-updates +<ros> +All Updates for the Robot Operating System
3426+ """
3427 Then stdout matches regexp:
3428- """
3429- <cis_or_usg> +<cis> +Security compliance and audit tools
3430- """
3431+ """
3432+ <cis_or_usg> +<cis> +Security compliance and audit tools
3433+ """
3434 And stdout matches regexp:
3435- """
3436- This machine is not attached to an Ubuntu Pro subscription.
3437- """
3438+ """
3439+ This machine is not attached to an Ubuntu Pro subscription.
3440+ """
3441 And I verify that running `apt update` `with sudo` exits `0`
3442 When I attach `contract_token` with sudo
3443 Then I verify that running `pro enable foobar --format json` `as non-root` exits `1`
3444 And stdout is a json matching the `ua_operation` schema
3445 And I will see the following on stdout:
3446- """
3447- {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
3448- """
3449+ """
3450+ {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
3451+ """
3452 Then I verify that running `pro enable foobar --format json` `with sudo` exits `1`
3453 And stdout is a json matching the `ua_operation` schema
3454 And I will see the following on stdout:
3455- """
3456- {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
3457- """
3458+ """
3459+ {"_schema_version": "0.1", "errors": [{"message": "json formatted response requires --assume-yes flag.", "message_code": "json-format-require-assume-yes", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
3460+ """
3461 Then I verify that running `pro detach --format json --assume-yes` `as non-root` exits `1`
3462 And stdout is a json matching the `ua_operation` schema
3463 And I will see the following on stdout:
3464- """
3465- {"_schema_version": "0.1", "errors": [{"message": "This command must be run as root (try using sudo).", "message_code": "nonroot-user", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
3466- """
3467+ """
3468+ {"_schema_version": "0.1", "errors": [{"message": "This command must be run as root (try using sudo).", "message_code": "nonroot-user", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []}
3469+ """
3470 When I run `pro detach --format json --assume-yes` with sudo
3471 Then stdout is a json matching the `ua_operation` schema
3472 And I will see the following on stdout:
3473- """
3474- {"_schema_version": "0.1", "errors": [], "failed_services": [], "needs_reboot": false, "processed_services": ["esm-apps", "esm-infra"], "result": "success", "warnings": []}
3475- """
3476+ """
3477+ {"_schema_version": "0.1", "errors": [], "failed_services": [], "needs_reboot": false, "processed_services": ["esm-apps", "esm-infra"], "result": "success", "warnings": []}
3478+ """
3479
3480 Examples: ubuntu release
3481 | release | esm-apps | cc-eal | cis | fips | fips-update | ros | cis_or_usg | realtime-kernel |
3482 | xenial | yes | yes | yes | yes | yes | yes | cis | no |
3483 | bionic | yes | yes | yes | yes | yes | yes | cis | no |
3484 | focal | yes | no | yes | yes | yes | no | usg | no |
3485- | jammy | yes | no | no | no | no | no | usg | yes |
3486+ | jammy | yes | no | yes | no | no | no | usg | yes |
3487
3488 @series.all
3489- @uses.config.machine_type.lxd.container
3490+ @uses.config.machine_type.lxd-container
3491 Scenario Outline: Attached auto-attach in a ubuntu machine
3492 Given a `<release>` machine with ubuntu-advantage-tools installed
3493 When I attach `contract_token` with sudo
3494@@ -323,7 +328,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3495 | lunar |
3496
3497 @series.all
3498- @uses.config.machine_type.lxd.container
3499+ @uses.config.machine_type.lxd-container
3500 Scenario Outline: Attached show version in a ubuntu machine
3501 Given a `<release>` machine with ubuntu-advantage-tools installed
3502 When I attach `contract_token` with sudo
3503@@ -346,7 +351,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3504 | lunar |
3505
3506 @series.all
3507- @uses.config.machine_type.lxd.container
3508+ @uses.config.machine_type.lxd-container
3509 Scenario Outline: Attached status in a ubuntu machine with feature overrides
3510 Given a `<release>` machine with ubuntu-advantage-tools installed
3511 When I create the file `/tmp/machine-token-overlay.json` with the following:
3512@@ -416,7 +421,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3513
3514 @series.xenial
3515 @series.bionic
3516- @uses.config.machine_type.lxd.container
3517+ @uses.config.machine_type.lxd-container
3518 Scenario Outline: Attached disable of different services in a ubuntu machine
3519 Given a `<release>` machine with ubuntu-advantage-tools installed
3520 When I attach `contract_token` with sudo
3521@@ -463,7 +468,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3522 | jammy |
3523
3524 @series.focal
3525- @uses.config.machine_type.lxd.container
3526+ @uses.config.machine_type.lxd-container
3527 Scenario: Attached disable of different services in a ubuntu machine
3528 Given a `focal` machine with ubuntu-advantage-tools installed
3529 When I attach `contract_token` with sudo
3530@@ -504,7 +509,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3531 """
3532
3533 @series.all
3534- @uses.config.machine_type.lxd.container
3535+ @uses.config.machine_type.lxd-container
3536 Scenario Outline: Help command on an attached machine
3537 Given a `<release>` machine with ubuntu-advantage-tools installed
3538 When I attach `contract_token` with sudo
3539@@ -611,7 +616,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3540
3541 @series.jammy
3542 @series.focal
3543- @uses.config.machine_type.lxd.container
3544+ @uses.config.machine_type.lxd-container
3545 Scenario Outline: Help command on an attached machine
3546 Given a `<release>` machine with ubuntu-advantage-tools installed
3547 When I attach `contract_token` with sudo
3548@@ -727,7 +732,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3549 | jammy |
3550
3551 @series.lts
3552- @uses.config.machine_type.lxd.container
3553+ @uses.config.machine_type.lxd-container
3554 Scenario Outline: Enable command with invalid repositories in user machine
3555 Given a `<release>` machine with ubuntu-advantage-tools installed
3556 When I attach `contract_token` with sudo
3557@@ -753,7 +758,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3558 | jammy | cloud-init-dev-ubuntu-daily-jammy |
3559
3560 @series.all
3561- @uses.config.machine_type.lxd.container
3562+ @uses.config.machine_type.lxd-container
3563 Scenario Outline: Run timer script on an attached machine
3564 Given a `<release>` machine with ubuntu-advantage-tools installed
3565 When I run `systemctl stop ua-timer.timer` with sudo
3566@@ -831,7 +836,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3567 | lunar |
3568
3569 @series.lts
3570- @uses.config.machine_type.lxd.container
3571+ @uses.config.machine_type.lxd-container
3572 Scenario Outline: Run timer script to valid machine activity endpoint
3573 Given a `<release>` machine with ubuntu-advantage-tools installed
3574 When I attach `contract_token` with sudo
3575@@ -902,7 +907,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
3576 | jammy |
3577
3578 @series.lts
3579- @uses.config.machine_type.lxd.container
3580+ @uses.config.machine_type.lxd-container
3581 Scenario Outline: Run timer script to valid machine activity endpoint
3582 Given a `<release>` machine with ubuntu-advantage-tools installed
3583 When I attach `contract_token` with sudo
3584diff --git a/features/attached_enable.feature b/features/attached_enable.feature
3585index e833c54..d730fc8 100644
3586--- a/features/attached_enable.feature
3587+++ b/features/attached_enable.feature
3588@@ -4,7 +4,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3589 @slow
3590 @series.xenial
3591 @series.bionic
3592- @uses.config.machine_type.lxd.container
3593+ @uses.config.machine_type.lxd-container
3594 Scenario Outline: Attached enable Common Criteria service in an ubuntu lxd container
3595 Given a `<release>` machine with ubuntu-advantage-tools installed
3596 When I attach `contract_token` with sudo
3597@@ -30,7 +30,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3598
3599 @series.xenial
3600 @series.bionic
3601- @uses.config.machine_type.lxd.container
3602+ @uses.config.machine_type.lxd-container
3603 Scenario Outline: Enable cc-eal with --access-only
3604 Given a `<release>` machine with ubuntu-advantage-tools installed
3605 When I attach `contract_token` with sudo
3606@@ -52,7 +52,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3607 @series.jammy
3608 @series.kinetic
3609 @series.lunar
3610- @uses.config.machine_type.lxd.container
3611+ @uses.config.machine_type.lxd-container
3612 Scenario Outline: Attached enable Common Criteria service in an ubuntu lxd container
3613 Given a `<release>` machine with ubuntu-advantage-tools installed
3614 When I attach `contract_token` with sudo
3615@@ -75,7 +75,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3616 | lunar | 23.04 | Lunar Lobster |
3617
3618 @series.lts
3619- @uses.config.machine_type.lxd.container
3620+ @uses.config.machine_type.lxd-container
3621 Scenario Outline: Empty series affordance means no series, null means all series
3622 Given a `<release>` machine with ubuntu-advantage-tools installed
3623 When I attach `contract_token` with sudo and options `--no-auto-enable`
3624@@ -126,7 +126,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3625 | jammy |
3626
3627 @series.lts
3628- @uses.config.machine_type.lxd.container
3629+ @uses.config.machine_type.lxd-container
3630 Scenario Outline: Attached enable of different services using json format
3631 Given a `<release>` machine with ubuntu-advantage-tools installed
3632 When I attach `contract_token` with sudo
3633@@ -196,7 +196,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3634 | jammy | cc-eal, esm-apps, esm-infra, fips, fips-updates, livepatch, realtime-kernel,\nros, ros-updates, usg. |
3635
3636 @series.lts
3637- @uses.config.machine_type.lxd.container
3638+ @uses.config.machine_type.lxd-container
3639 Scenario Outline: Attached enable of a service in a ubuntu machine
3640 Given a `<release>` machine with ubuntu-advantage-tools installed
3641 When I attach `contract_token` with sudo
3642@@ -251,7 +251,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3643 | bionic | libkrad0 | https://esm.ubuntu.com/infra/ubuntu |
3644
3645 @series.focal
3646- @uses.config.machine_type.lxd.container
3647+ @uses.config.machine_type.lxd-container
3648 Scenario: Attached enable of a service in a ubuntu machine
3649 Given a `focal` machine with ubuntu-advantage-tools installed
3650 When I attach `contract_token` with sudo
3651@@ -302,7 +302,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3652 """
3653
3654 @series.all
3655- @uses.config.machine_type.lxd.container
3656+ @uses.config.machine_type.lxd-container
3657 Scenario Outline: Attached enable of non-container services in a ubuntu lxd container
3658 Given a `<release>` machine with ubuntu-advantage-tools installed
3659 When I attach `contract_token` with sudo
3660@@ -328,7 +328,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3661 | lunar |
3662
3663 @series.lts
3664- @uses.config.machine_type.lxd.container
3665+ @uses.config.machine_type.lxd-container
3666 Scenario Outline: Attached enable not entitled service in a ubuntu machine
3667 Given a `<release>` machine with ubuntu-advantage-tools installed
3668 When I set the machine token overlay to the following yaml
3669@@ -362,7 +362,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3670
3671 @series.xenial
3672 @series.bionic
3673- @uses.config.machine_type.lxd.container
3674+ @uses.config.machine_type.lxd-container
3675 Scenario Outline: Attached enable of cis service in a ubuntu machine
3676 Given a `<release>` machine with ubuntu-advantage-tools installed
3677 When I attach `contract_token` with sudo
3678@@ -446,7 +446,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3679 | xenial | Canonical_Ubuntu_16.04_CIS_v1.1.0-harden.sh |
3680
3681 @series.focal
3682- @uses.config.machine_type.lxd.container
3683+ @uses.config.machine_type.lxd-container
3684 Scenario Outline: Attached enable of cis service in a ubuntu machine
3685 Given a `<release>` machine with ubuntu-advantage-tools installed
3686 When I attach `contract_token` with sudo
3687@@ -526,7 +526,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3688
3689 @series.bionic
3690 @series.xenial
3691- @uses.config.machine_type.lxd.container
3692+ @uses.config.machine_type.lxd-container
3693 Scenario Outline: Attached enable of usg service in a ubuntu machine
3694 Given a `<release>` machine with ubuntu-advantage-tools installed
3695 When I attach `contract_token` with sudo
3696@@ -547,7 +547,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3697 | xenial |
3698
3699 @series.focal
3700- @uses.config.machine_type.lxd.container
3701+ @uses.config.machine_type.lxd-container
3702 Scenario Outline: Attached enable of usg service in a focal machine
3703 Given a `<release>` machine with ubuntu-advantage-tools installed
3704 When I attach `contract_token` with sudo
3705@@ -608,7 +608,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3706
3707 @series.bionic
3708 @series.xenial
3709- @uses.config.machine_type.lxd.vm
3710+ @uses.config.machine_type.lxd-vm
3711 Scenario Outline: Attached disable of livepatch in a lxd vm
3712 Given a `<release>` machine with ubuntu-advantage-tools installed
3713 When I attach `contract_token` with sudo
3714@@ -651,7 +651,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3715
3716 @series.xenial
3717 @series.bionic
3718- @uses.config.machine_type.lxd.vm
3719+ @uses.config.machine_type.lxd-vm
3720 Scenario Outline: Attach works when snapd cannot be installed
3721 Given a `<release>` machine with ubuntu-advantage-tools installed
3722 When I run `apt-get remove -y snapd` with sudo
3723@@ -690,7 +690,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3724
3725 @series.bionic
3726 @series.xenial
3727- @uses.config.machine_type.lxd.vm
3728+ @uses.config.machine_type.lxd-vm
3729 Scenario Outline: Attached enable livepatch
3730 Given a `<release>` machine with ubuntu-advantage-tools installed
3731 When I verify that running `canonical-livepatch status` `with sudo` exits `1`
3732@@ -722,7 +722,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3733
3734
3735 @series.xenial
3736- @uses.config.machine_type.lxd.vm
3737+ @uses.config.machine_type.lxd-vm
3738 Scenario Outline: Attached enable livepatch
3739 Given a `<release>` machine with ubuntu-advantage-tools installed
3740 When I attach `contract_token` with sudo
3741@@ -792,7 +792,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3742
3743 @slow
3744 @series.bionic
3745- @uses.config.machine_type.lxd.vm
3746+ @uses.config.machine_type.lxd-vm
3747 Scenario: Attached enable livepatch on a machine with fips active
3748 Given a `bionic` machine with ubuntu-advantage-tools installed
3749 When I attach `contract_token` with sudo
3750@@ -831,7 +831,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3751 """
3752
3753 @series.bionic
3754- @uses.config.machine_type.lxd.vm
3755+ @uses.config.machine_type.lxd-vm
3756 Scenario: Attached enable fips on a machine with livepatch active
3757 Given a `bionic` machine with ubuntu-advantage-tools installed
3758 When I attach `contract_token` with sudo
3759@@ -863,7 +863,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3760 @slow
3761 @series.xenial
3762 @series.bionic
3763- @uses.config.machine_type.lxd.vm
3764+ @uses.config.machine_type.lxd-vm
3765 Scenario Outline: Attached enable fips on a machine with livepatch active
3766 Given a `<release>` machine with ubuntu-advantage-tools installed
3767 When I attach `contract_token` with sudo
3768@@ -905,7 +905,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3769 @slow
3770 @series.xenial
3771 @series.bionic
3772- @uses.config.machine_type.lxd.vm
3773+ @uses.config.machine_type.lxd-vm
3774 Scenario Outline: Attached enable fips on a machine with fips-updates active
3775 Given a `<release>` machine with ubuntu-advantage-tools installed
3776 When I attach `contract_token` with sudo
3777@@ -943,7 +943,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3778 @series.xenial
3779 @series.bionic
3780 @uses.config.contract_token
3781- @uses.config.machine_type.lxd.container
3782+ @uses.config.machine_type.lxd-container
3783 Scenario Outline: Attached enable ros on a machine
3784 Given a `<release>` machine with ubuntu-advantage-tools installed
3785 When I attach `contract_token` with sudo
3786@@ -1158,7 +1158,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3787
3788 @series.xenial
3789 @uses.config.contract_token
3790- @uses.config.machine_type.lxd.container
3791+ @uses.config.machine_type.lxd-container
3792 Scenario Outline: APT auth file is edited correctly on enable
3793 Given a `<release>` machine with ubuntu-advantage-tools installed
3794 When I attach `contract_token` with sudo
3795@@ -1188,7 +1188,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3796 | xenial |
3797
3798 @series.lts
3799- @uses.config.machine_type.lxd.container
3800+ @uses.config.machine_type.lxd-container
3801 Scenario Outline: Attached enable esm-apps on a machine
3802 Given a `<release>` machine with ubuntu-advantage-tools installed
3803 When I attach `contract_token` with sudo
3804@@ -1231,7 +1231,7 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
3805 | focal | ant |
3806
3807 @series.lts
3808- @uses.config.machine_type.lxd.container
3809+ @uses.config.machine_type.lxd-container
3810 Scenario Outline: Attached enable with corrupt lock
3811 Given a `<release>` machine with ubuntu-advantage-tools installed
3812 When I attach `contract_token` with sudo
3813diff --git a/features/attached_status.feature b/features/attached_status.feature
3814index b01386e..ad086d0 100644
3815--- a/features/attached_status.feature
3816+++ b/features/attached_status.feature
3817@@ -2,7 +2,7 @@
3818 Feature: Attached status
3819
3820 @series.all
3821- @uses.config.machine_type.lxd.container
3822+ @uses.config.machine_type.lxd-container
3823 Scenario Outline: Attached status in a ubuntu machine - formatted
3824 Given a `<release>` machine with ubuntu-advantage-tools installed
3825 When I attach `contract_token` with sudo
3826@@ -42,7 +42,7 @@ Feature: Attached status
3827 | lunar |
3828
3829 @series.xenial
3830- @uses.config.machine_type.lxd.container
3831+ @uses.config.machine_type.lxd-container
3832 Scenario Outline: Non-root status can see in-progress operations
3833 Given a `<release>` machine with ubuntu-advantage-tools installed
3834 When I attach `contract_token` with sudo
3835@@ -83,7 +83,7 @@ Feature: Attached status
3836
3837 @series.xenial
3838 @series.bionic
3839- @uses.config.machine_type.lxd.container
3840+ @uses.config.machine_type.lxd-container
3841 Scenario Outline: Attached status in a ubuntu machine
3842 Given a `<release>` machine with ubuntu-advantage-tools installed
3843 When I attach `contract_token` with sudo
3844@@ -101,6 +101,7 @@ Feature: Attached status
3845 ros +yes +disabled +Security Updates for the Robot Operating System
3846 ros-updates +yes +disabled +All Updates for the Robot Operating System
3847
3848+ For a list of all Ubuntu Pro services, run 'pro status --all'
3849 Enable services with: pro enable <service>
3850 """
3851 When I verify root and non-root `pro status --all` calls have the same output
3852@@ -128,7 +129,7 @@ Feature: Attached status
3853 | bionic |
3854
3855 @series.focal
3856- @uses.config.machine_type.lxd.container
3857+ @uses.config.machine_type.lxd-container
3858 Scenario Outline: Attached status in a ubuntu machine
3859 Given a `<release>` machine with ubuntu-advantage-tools installed
3860 When I attach `contract_token` with sudo
3861@@ -143,6 +144,7 @@ Feature: Attached status
3862 fips-updates +yes +disabled +NIST-certified core packages with priority security updates
3863 usg +yes +disabled +Security compliance and audit tools
3864
3865+ For a list of all Ubuntu Pro services, run 'pro status --all'
3866 Enable services with: pro enable <service>
3867 """
3868 When I verify root and non-root `pro status --all` calls have the same output
3869@@ -169,7 +171,7 @@ Feature: Attached status
3870 | focal |
3871
3872 @series.jammy
3873- @uses.config.machine_type.lxd.container
3874+ @uses.config.machine_type.lxd-container
3875 Scenario Outline: Attached status in the latest LTS ubuntu machine
3876 Given a `<release>` machine with ubuntu-advantage-tools installed
3877 When I attach `contract_token` with sudo
3878@@ -180,7 +182,9 @@ Feature: Attached status
3879 SERVICE +ENTITLED +STATUS +DESCRIPTION
3880 esm-apps +yes +enabled +Expanded Security Maintenance for Applications
3881 esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure
3882+ usg +yes +disabled +Security compliance and audit tools
3883
3884+ For a list of all Ubuntu Pro services, run 'pro status --all'
3885 Enable services with: pro enable <service>
3886 """
3887 When I verify root and non-root `pro status --all` calls have the same output
3888@@ -197,7 +201,7 @@ Feature: Attached status
3889 realtime-kernel +yes +n/a +Ubuntu kernel with PREEMPT_RT patches integrated
3890 ros +yes +n/a +Security Updates for the Robot Operating System
3891 ros-updates +yes +n/a +All Updates for the Robot Operating System
3892- usg +yes +n/a +Security compliance and audit tools
3893+ usg +yes +disabled +Security compliance and audit tools
3894
3895 Enable services with: pro enable <service>
3896 """
3897diff --git a/features/cloud.py b/features/cloud.py
3898index 1a5d11b..8f3bcb0 100644
3899--- a/features/cloud.py
3900+++ b/features/cloud.py
3901@@ -15,8 +15,6 @@ class Cloud:
3902
3903 :cloud_credentials_path:
3904 A string containing the path for the pycloudlib cloud credentials file
3905- :machine_type:
3906- A string representing the type of machine to launch (pro or generic)
3907 :region:
3908 The region to create the cloud resources on
3909 :param tag:
3910@@ -30,7 +28,6 @@ class Cloud:
3911
3912 def __init__(
3913 self,
3914- machine_type: str,
3915 cloud_credentials_path: Optional[str],
3916 tag: Optional[str] = None,
3917 timestamp_suffix: bool = True,
3918@@ -39,11 +36,11 @@ class Cloud:
3919 self.tag = tag
3920 else:
3921 self.tag = "uaclient-ci"
3922- self.machine_type = machine_type
3923 self._api = None
3924 self.key_name = pycloudlib.util.get_timestamped_tag(self.tag)
3925 self.timestamp_suffix = timestamp_suffix
3926 self.cloud_credentials_path = cloud_credentials_path
3927+ self._ssh_key_managed = False
3928
3929 @property
3930 def pycloudlib_cls(self):
3931@@ -65,6 +62,7 @@ class Cloud:
3932 def _create_instance(
3933 self,
3934 series: str,
3935+ machine_type: str,
3936 instance_name: Optional[str] = None,
3937 image_name: Optional[str] = None,
3938 user_data: Optional[str] = None,
3939@@ -77,6 +75,8 @@ class Cloud:
3940 The ubuntu release to be used when creating an instance. We will
3941 create an image based on this value if the used does not provide
3942 a image_name value
3943+ :machine_type:
3944+ string representing the type of machine to launch (pro or generic)
3945 :param instance_name:
3946 The name of the instance to be created
3947 :param image_name:
3948@@ -115,6 +115,7 @@ class Cloud:
3949 def launch(
3950 self,
3951 series: str,
3952+ machine_type: str,
3953 instance_name: Optional[str] = None,
3954 image_name: Optional[str] = None,
3955 user_data: Optional[str] = None,
3956@@ -127,6 +128,8 @@ class Cloud:
3957 The ubuntu release to be used when creating an instance. We will
3958 create an image based on this value if the used does not provide
3959 a image_name value
3960+ :machine_type:
3961+ string representing the type of machine to launch (pro or generic)
3962 :param instance_name:
3963 The name of the instance to be created
3964 :param image_name:
3965@@ -143,6 +146,7 @@ class Cloud:
3966 """
3967 inst = self._create_instance(
3968 series=series,
3969+ machine_type=machine_type,
3970 instance_name=instance_name,
3971 image_name=image_name,
3972 user_data=user_data,
3973@@ -168,11 +172,15 @@ class Cloud:
3974 """
3975 return instance.id
3976
3977- def locate_image_name(self, series: str) -> str:
3978+ def locate_image_name(
3979+ self, series: str, machine_type: str, daily: bool = True
3980+ ) -> str:
3981 """Locate and return the image name to use for vm provision.
3982
3983 :param series:
3984 The ubuntu release to be used when locating the image name
3985+ :machine_type:
3986+ string representing the type of machine to launch (pro or generic)
3987
3988 :returns:
3989 A image name to use when provisioning a virtual machine
3990@@ -184,12 +192,19 @@ class Cloud:
3991 )
3992
3993 image_type = ImageType.GENERIC
3994- if "pro.fips" in self.machine_type:
3995+ if "pro-fips" in machine_type:
3996 image_type = ImageType.PRO_FIPS
3997- elif "pro" in self.machine_type:
3998+ elif "pro" in machine_type:
3999 image_type = ImageType.PRO
4000
4001- return self.api.daily_image(release=series, image_type=image_type)
4002+ if daily:
4003+ logging.debug("looking up daily image for {}".format(series))
4004+ return self.api.daily_image(release=series, image_type=image_type)
4005+ else:
4006+ logging.debug("looking up released image for {}".format(series))
4007+ return self.api.released_image(
4008+ release=series, image_type=image_type
4009+ )
4010
4011 def manage_ssh_key(
4012 self,
4013@@ -202,6 +217,11 @@ class Cloud:
4014 Location of the private key path to use. If None, the location
4015 will be a default location.
4016 """
4017+ if self._ssh_key_managed:
4018+ logging.debug("SSH key already set up")
4019+ return
4020+
4021+ logging.debug("Setting up SSH key")
4022 if key_name:
4023 self.key_name = key_name
4024 cloud_name = self.name.lower().replace("_", "-")
4025@@ -221,10 +241,17 @@ class Cloud:
4026 self.api.use_key(
4027 public_key_path=pub_key_path, private_key_path=priv_key_path
4028 )
4029+ self._ssh_key_managed = True
4030
4031
4032 class EC2(Cloud):
4033- """Class that represents the EC2 cloud provider."""
4034+ """
4035+ Class that represents the EC2 cloud provider.
4036+
4037+ For AWS, we need to specify on the pycloudlib config file that
4038+ the AWS region must be us-east-2. The reason for that is because
4039+ our image ids were captured using that region.
4040+ """
4041
4042 name = "aws"
4043
4044@@ -270,6 +297,7 @@ class EC2(Cloud):
4045 def _create_instance(
4046 self,
4047 series: str,
4048+ machine_type: str,
4049 instance_name: Optional[str] = None,
4050 image_name: Optional[str] = None,
4051 user_data: Optional[str] = None,
4052@@ -282,6 +310,8 @@ class EC2(Cloud):
4053 The ubuntu release to be used when creating an instance. We will
4054 create an image based on this value if the used does not provide
4055 a image_name value
4056+ :machine_type:
4057+ string representing the type of machine to launch (pro or generic)
4058 :param instance_name:
4059 The name of the instance to be created
4060 :param image_name:
4061@@ -297,7 +327,16 @@ class EC2(Cloud):
4062 An AWS cloud provider instance
4063 """
4064 if not image_name:
4065- image_name = self.locate_image_name(series)
4066+ if series == "xenial" and "pro" not in machine_type:
4067+ logging.debug(
4068+ "defaulting to non-daily image for awsgeneric-16.04"
4069+ )
4070+ daily = False
4071+ else:
4072+ daily = True
4073+ image_name = self.locate_image_name(
4074+ series, machine_type, daily=daily
4075+ )
4076
4077 logging.info(
4078 "--- Launching AWS image {}({})".format(image_name, series)
4079@@ -316,7 +355,7 @@ class EC2(Cloud):
4080 class Azure(Cloud):
4081 """Class that represents the Azure cloud provider."""
4082
4083- name = "Azure"
4084+ name = "azure"
4085
4086 @property
4087 def pycloudlib_cls(self):
4088@@ -376,6 +415,7 @@ class Azure(Cloud):
4089 def _create_instance(
4090 self,
4091 series: str,
4092+ machine_type: str,
4093 instance_name: Optional[str] = None,
4094 image_name: Optional[str] = None,
4095 user_data: Optional[str] = None,
4096@@ -388,6 +428,8 @@ class Azure(Cloud):
4097 The ubuntu release to be used when creating an instance. We will
4098 create an image based on this value if the used does not provide
4099 a image_name value
4100+ :machine_type:
4101+ string representing the type of machine to launch (pro or generic)
4102 :param instance_name:
4103 The name of the instance to be created
4104 :param image_name:
4105@@ -403,7 +445,7 @@ class Azure(Cloud):
4106 An Azure cloud provider instance
4107 """
4108 if not image_name:
4109- image_name = self.locate_image_name(series)
4110+ image_name = self.locate_image_name(series, machine_type)
4111
4112 logging.info(
4113 "--- Launching Azure image {}({})".format(image_name, series)
4114@@ -430,13 +472,11 @@ class GCP(Cloud):
4115
4116 def __init__(
4117 self,
4118- machine_type: str,
4119 cloud_credentials_path: Optional[str],
4120 tag: Optional[str] = None,
4121 timestamp_suffix: bool = True,
4122 ) -> None:
4123 super().__init__(
4124- machine_type=machine_type,
4125 cloud_credentials_path=cloud_credentials_path,
4126 tag=tag,
4127 timestamp_suffix=timestamp_suffix,
4128@@ -494,6 +534,7 @@ class GCP(Cloud):
4129 def _create_instance(
4130 self,
4131 series: str,
4132+ machine_type: str,
4133 instance_name: Optional[str] = None,
4134 image_name: Optional[str] = None,
4135 user_data: Optional[str] = None,
4136@@ -506,6 +547,8 @@ class GCP(Cloud):
4137 The ubuntu release to be used when creating an instance. We will
4138 create an image based on this value if the used does not provide
4139 a image_name value
4140+ :machine_type:
4141+ string representing the type of machine to launch (pro or generic)
4142 :param instance_name:
4143 The name of the instance to be created
4144 :param image_name:
4145@@ -521,7 +564,7 @@ class GCP(Cloud):
4146 An GCP cloud provider instance
4147 """
4148 if not image_name:
4149- image_name = self.locate_image_name(series)
4150+ image_name = self.locate_image_name(series, machine_type)
4151
4152 logging.info(
4153 "--- Launching GCP image {}({})".format(image_name, series)
4154@@ -536,6 +579,7 @@ class _LXD(Cloud):
4155 def _create_instance(
4156 self,
4157 series: str,
4158+ machine_type: str,
4159 instance_name: Optional[str] = None,
4160 image_name: Optional[str] = None,
4161 user_data: Optional[str] = None,
4162@@ -548,6 +592,8 @@ class _LXD(Cloud):
4163 The ubuntu release to be used when creating an instance. We will
4164 create an image based on this value if the used does not provide
4165 a image_name value
4166+ :machine_type:
4167+ string representing the type of machine to launch (pro or generic)
4168 :param instance_name:
4169 The name of the instance to be created
4170 :param image_name:
4171@@ -563,7 +609,7 @@ class _LXD(Cloud):
4172 An AWS cloud provider instance
4173 """
4174 if not image_name:
4175- image_name = self.locate_image_name(series)
4176+ image_name = self.locate_image_name(series, machine_type)
4177
4178 image_type = self.name.title().replace("-", " ")
4179
4180@@ -603,11 +649,15 @@ class _LXD(Cloud):
4181 # instead of the instance id
4182 return instance.name
4183
4184- def locate_image_name(self, series: str) -> str:
4185+ def locate_image_name(
4186+ self, series: str, machine_type: str, daily: bool = True
4187+ ) -> str:
4188 """Locate and return the image name to use for vm provision.
4189
4190 :param series:
4191 The ubuntu release to be used when locating the image name
4192+ :machine_type:
4193+ string representing the type of machine to launch (pro or generic)
4194
4195 :returns:
4196 A image name to use when provisioning a virtual machine
4197@@ -618,7 +668,13 @@ class _LXD(Cloud):
4198 "Must provide either series or image_name to launch azure"
4199 )
4200
4201- image_name = self.api.daily_image(release=series)
4202+ if daily:
4203+ logging.debug("looking up daily image for {}".format(series))
4204+ image_name = self.api.daily_image(release=series)
4205+ else:
4206+ logging.debug("looking up released image for {}".format(series))
4207+ image_name = self.api.released_image(release=series)
4208+
4209 return image_name
4210
4211
4212diff --git a/features/cloud_pro_clone.feature b/features/cloud_pro_clone.feature
4213index 6895c47..9ec5e0a 100644
4214--- a/features/cloud_pro_clone.feature
4215+++ b/features/cloud_pro_clone.feature
4216@@ -13,11 +13,7 @@ Feature: Creating golden images based on Cloud Ubuntu Pro instances
4217 log_file: /var/log/ubuntu-advantage.log
4218 """
4219 When I run `pro auto-attach` with sudo
4220- And I run `pro status --format yaml` with sudo
4221- Then stdout matches regexp:
4222- """
4223- attached: true
4224- """
4225+ Then the machine is attached
4226 When I run `apt install -y jq` with sudo
4227 When I save the `activityInfo.activityToken` value from the contract
4228 When I save the `activityInfo.activityID` value from the contract
4229@@ -37,11 +33,7 @@ Feature: Creating golden images based on Cloud Ubuntu Pro instances
4230 When I launch a `<release>` machine named `clone` from the snapshot of `system-under-test`
4231 # The clone will run auto-attach on boot
4232 When I run `pro status --wait` `with sudo` on the `clone` machine
4233- When I run `pro status --format yaml` `with sudo` on the `clone` machine
4234- Then stdout matches regexp:
4235- """
4236- attached: true
4237- """
4238+ Then the machine is attached
4239 When I run `python3 /usr/lib/ubuntu-advantage/timer.py` `with sudo` on the `clone` machine
4240 Then I verify that `activityInfo.activityToken` value has been updated on the contract on the `clone` machine
4241 Then I verify that `activityInfo.activityID` value has been updated on the contract on the `clone` machine
4242diff --git a/features/collect_logs.feature b/features/collect_logs.feature
4243index f45046f..bc9cb39 100644
4244--- a/features/collect_logs.feature
4245+++ b/features/collect_logs.feature
4246@@ -2,7 +2,7 @@
4247 Feature: Command behaviour when attached to an Ubuntu Pro subscription
4248
4249 @series.all
4250- @uses.config.machine_type.lxd.container
4251+ @uses.config.machine_type.lxd-container
4252 Scenario Outline: Run collect-logs on an unattached machine
4253 Given a `<release>` machine with ubuntu-advantage-tools installed
4254 When I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
4255@@ -51,7 +51,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
4256 | lunar |
4257
4258 @series.lts
4259- @uses.config.machine_type.lxd.container
4260+ @uses.config.machine_type.lxd-container
4261 Scenario Outline: Run collect-logs on an attached machine
4262 Given a `<release>` machine with ubuntu-advantage-tools installed
4263 When I attach `contract_token` with sudo
4264diff --git a/features/config.feature b/features/config.feature
4265index 47b21d5..1c99798 100644
4266--- a/features/config.feature
4267+++ b/features/config.feature
4268@@ -3,7 +3,7 @@ Feature: pro config sub-command
4269 @series.xenial
4270 @series.jammy
4271 @series.kinetic
4272- @uses.config.machine_type.lxd.container
4273+ @uses.config.machine_type.lxd-container
4274 Scenario Outline: old ua_config in uaclient.conf is still supported
4275 Given a `<release>` machine with ubuntu-advantage-tools installed
4276 When I run `pro config show` with sudo
4277diff --git a/features/daemon.feature b/features/daemon.feature
4278index ed74ec5..42d999d 100644
4279--- a/features/daemon.feature
4280+++ b/features/daemon.feature
4281@@ -2,7 +2,7 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4282
4283 @series.all
4284 @uses.config.contract_token
4285- @uses.config.machine_type.lxd.container
4286+ @uses.config.machine_type.lxd-container
4287 Scenario Outline: cloud-id-shim service is not installed on anything other than xenial
4288 Given a `<release>` machine with ubuntu-advantage-tools installed
4289 Then I verify that running `systemctl status ubuntu-advantage-cloud-id-shim.service` `with sudo` exits `4`
4290@@ -20,7 +20,7 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4291
4292 @series.lts
4293 @uses.config.contract_token
4294- @uses.config.machine_type.lxd.container
4295+ @uses.config.machine_type.lxd-container
4296 Scenario Outline: cloud-id-shim should run in postinst and on boot
4297 Given a `<release>` machine with ubuntu-advantage-tools installed
4298 # verify installing pro created the cloud-id file
4299@@ -105,10 +105,10 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4300 Active: active \(running\)
4301 """
4302 # TODO find out what caused memory to go up, try to lower it again
4303- Then on `xenial`, systemd status output says memory usage is less than `16` MB
4304- Then on `bionic`, systemd status output says memory usage is less than `14` MB
4305- Then on `focal`, systemd status output says memory usage is less than `12` MB
4306- Then on `jammy`, systemd status output says memory usage is less than `13` MB
4307+ Then on `xenial`, systemd status output says memory usage is less than `17` MB
4308+ Then on `bionic`, systemd status output says memory usage is less than `15` MB
4309+ Then on `focal`, systemd status output says memory usage is less than `13` MB
4310+ Then on `jammy`, systemd status output says memory usage is less than `14` MB
4311
4312 When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo
4313 Then stdout matches regexp:
4314@@ -208,10 +208,79 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4315 | focal |
4316 | jammy |
4317
4318+ @series.lts
4319+ @uses.config.contract_token
4320+ @uses.config.machine_type.azure.generic
4321+ Scenario Outline: daemon should run when appropriate on azure generic lts
4322+ Given a `<release>` machine with ubuntu-advantage-tools installed
4323+ # verify its enabled, but stops itself when not configured to poll
4324+ When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo
4325+ Then stdout matches regexp:
4326+ """
4327+ daemon starting
4328+ """
4329+ Then stdout matches regexp:
4330+ """
4331+ Configured to not poll for pro license, shutting down
4332+ """
4333+ Then stdout matches regexp:
4334+ """
4335+ daemon ending
4336+ """
4337+ When I run `systemctl is-enabled ubuntu-advantage.service` with sudo
4338+ Then stdout matches regexp:
4339+ """
4340+ enabled
4341+ """
4342+ Then I verify that running `systemctl is-failed ubuntu-advantage.service` `with sudo` exits `1`
4343+ Then stdout matches regexp:
4344+ """
4345+ inactive
4346+ """
4347+
4348+ # verify it stays on when configured to do so
4349+ When I create the file `/var/lib/ubuntu-advantage/user-config.json` with the following:
4350+ """
4351+ { "poll_for_pro_license": true }
4352+ """
4353+ When I run `systemctl restart ubuntu-advantage.service` with sudo
4354+ # give it time to get past the initial request
4355+ When I wait `5` seconds
4356+ When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo
4357+ Then stdout matches regexp:
4358+ """
4359+ daemon starting
4360+ """
4361+ Then stdout matches regexp:
4362+ """
4363+ Cancelling polling
4364+ """
4365+ Then stdout matches regexp:
4366+ """
4367+ daemon ending
4368+ """
4369+ When I run `systemctl is-enabled ubuntu-advantage.service` with sudo
4370+ Then stdout matches regexp:
4371+ """
4372+ enabled
4373+ """
4374+ Then I verify that running `systemctl is-failed ubuntu-advantage.service` `with sudo` exits `1`
4375+ Then stdout matches regexp:
4376+ """
4377+ inactive
4378+ """
4379+ Examples: version
4380+ | release |
4381+ | xenial |
4382+ | bionic |
4383+ | focal |
4384+ | jammy |
4385+
4386 @series.kinetic
4387 @uses.config.contract_token
4388+ @uses.config.machine_type.azure.generic
4389 @uses.config.machine_type.gcp.generic
4390- Scenario Outline: daemon does not start on gcp generic non lts
4391+ Scenario Outline: daemon does not start on gcp,azure generic non lts
4392 Given a `<release>` machine with ubuntu-advantage-tools installed
4393 When I wait `1` seconds
4394 When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo
4395@@ -233,11 +302,10 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4396
4397 @series.all
4398 @uses.config.contract_token
4399- @uses.config.machine_type.lxd.container
4400- @uses.config.machine_type.lxd.vm
4401+ @uses.config.machine_type.lxd-container
4402+ @uses.config.machine_type.lxd-vm
4403 @uses.config.machine_type.aws.generic
4404- @uses.config.machine_type.azure.generic
4405- Scenario Outline: daemon does not start when not on gcpgeneric
4406+ Scenario Outline: daemon does not start when not on gcpgeneric or azuregeneric
4407 Given a `<release>` machine with ubuntu-advantage-tools installed
4408 Then I verify that running `systemctl status ubuntu-advantage.service` `with sudo` exits `3`
4409 Then stdout matches regexp:
4410@@ -266,8 +334,7 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4411
4412 @series.lts
4413 @uses.config.machine_type.aws.pro
4414- @uses.config.machine_type.azure.pro
4415- Scenario Outline: daemon does not start when not on gcpgeneric
4416+ Scenario Outline: daemon does not start when not on gcpgeneric or azuregeneric
4417 Given a `<release>` machine with ubuntu-advantage-tools installed
4418 When I create the file `/etc/ubuntu-advantage/uaclient.conf` with the following:
4419 """
4420@@ -301,7 +368,8 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary
4421
4422 @series.lts
4423 @uses.config.machine_type.gcp.pro
4424- Scenario Outline: daemon does not start when not on gcpgeneric
4425+ @uses.config.machine_type.azure.pro
4426+ Scenario Outline: daemon does not start when not on gcpgeneric or azuregeneric
4427 Given a `<release>` machine with ubuntu-advantage-tools installed
4428 When I create the file `/etc/ubuntu-advantage/uaclient.conf` with the following:
4429 """
4430diff --git a/features/docker.feature b/features/docker.feature
4431index 2e82266..6724512 100644
4432--- a/features/docker.feature
4433+++ b/features/docker.feature
4434@@ -4,7 +4,7 @@ Feature: Build docker images with pro services
4435 @slow
4436 @docker
4437 @series.focal
4438- @uses.config.machine_type.lxd.vm
4439+ @uses.config.machine_type.lxd-vm
4440 Scenario Outline: Build docker images with pro services
4441 Given a `focal` machine with ubuntu-advantage-tools installed
4442 When I have the `<container_release>` debs under test in `/home/ubuntu`
4443@@ -77,4 +77,3 @@ Feature: Build docker images with pro services
4444 | focal | xenial | [ esm-infra ] | curl | esm |
4445 | focal | bionic | [ fips ] | openssl | fips |
4446 | focal | focal | [ esm-apps ] | hello | esm |
4447-
4448diff --git a/features/enable_fips_cloud.feature b/features/enable_fips_cloud.feature
4449index c14b39b..41edbb0 100644
4450--- a/features/enable_fips_cloud.feature
4451+++ b/features/enable_fips_cloud.feature
4452@@ -217,7 +217,7 @@ Feature: FIPS enablement in cloud based machines
4453 And I verify that `strongswan-hmac` is installed from apt source `<fips-apt-source>`
4454 When I run `apt-cache policy ubuntu-fips` as non-root
4455 Then stdout does not match regexp:
4456- ""
4457+ """
4458 .*Installed: \(none\)
4459 """
4460 When I reboot the machine
4461diff --git a/features/enable_fips_container.feature b/features/enable_fips_container.feature
4462index 178b6ad..a908d2b 100644
4463--- a/features/enable_fips_container.feature
4464+++ b/features/enable_fips_container.feature
4465@@ -5,7 +5,7 @@ Feature: FIPS enablement in lxd containers
4466 @series.xenial
4467 @series.bionic
4468 @series.focal
4469- @uses.config.machine_type.lxd.container
4470+ @uses.config.machine_type.lxd-container
4471 Scenario Outline: Attached enable of FIPS in an ubuntu lxd container
4472 Given a `<release>` machine with ubuntu-advantage-tools installed
4473 When I attach `contract_token` with sudo
4474@@ -100,7 +100,7 @@ Feature: FIPS enablement in lxd containers
4475 @series.xenial
4476 @series.bionic
4477 @series.focal
4478- @uses.config.machine_type.lxd.container
4479+ @uses.config.machine_type.lxd-container
4480 Scenario Outline: Try to enable FIPS after FIPS Updates in a lxd container
4481 Given a `<release>` machine with ubuntu-advantage-tools installed
4482 When I attach `contract_token` with sudo
4483diff --git a/features/enable_fips_vm.feature b/features/enable_fips_vm.feature
4484index ea6c38e..f27a5e9 100644
4485--- a/features/enable_fips_vm.feature
4486+++ b/features/enable_fips_vm.feature
4487@@ -4,14 +4,14 @@ Feature: FIPS enablement in lxd VMs
4488 @slow
4489 @series.xenial
4490 @series.bionic
4491- @uses.config.machine_type.lxd.vm
4492+ @uses.config.machine_type.lxd-vm
4493 Scenario Outline: Attached enable of FIPS in an ubuntu lxd vm
4494 Given a `<release>` machine with ubuntu-advantage-tools installed
4495 When I attach `contract_token` with sudo
4496 When I run `pro status --format json` with sudo
4497 Then stdout contains substring
4498 """
4499- {"available": "yes", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "disabled", "status_details": "FIPS is not configured"}
4500+ {"available": "yes", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "disabled", "status_details": "FIPS is not configured", "warning": null}
4501 """
4502 When I run `pro disable livepatch` with sudo
4503 And I run `DEBIAN_FRONTEND=noninteractive apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y openssh-client openssh-server strongswan` with sudo, retrying exit [100]
4504@@ -48,15 +48,14 @@ Feature: FIPS enablement in lxd VMs
4505 When I run `pro status --format json --all` with sudo
4506 Then stdout contains substring:
4507 """
4508- {"available": "no", "blocked_by": [{"name": "fips", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "Canonical Livepatch service", "description_override": null, "entitled": "yes", "name": "livepatch", "status": "n/a", "status_details": "Cannot enable Livepatch when FIPS is enabled."}
4509+ {"available": "no", "blocked_by": [{"name": "fips", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "Canonical Livepatch service", "description_override": null, "entitled": "yes", "name": "livepatch", "status": "n/a", "status_details": "Cannot enable Livepatch when FIPS is enabled.", "warning": null}
4510 """
4511-
4512 When I reboot the machine
4513 And I run `uname -r` as non-root
4514 Then stdout matches regexp:
4515- """
4516- fips
4517- """
4518+ """
4519+ fips
4520+ """
4521 When I run `cat /proc/sys/crypto/fips_enabled` with sudo
4522 Then I will see the following on stdout:
4523 """
4524@@ -64,24 +63,24 @@ Feature: FIPS enablement in lxd VMs
4525 """
4526 When I run `pro status --all` with sudo
4527 Then stdout does not match regexp:
4528- """
4529- FIPS support requires system reboot to complete configuration
4530- """
4531+ """
4532+ FIPS support requires system reboot to complete configuration
4533+ """
4534 When I run `pro disable <fips-service>` `with sudo` and stdin `y`
4535 Then stdout matches regexp:
4536- """
4537- This will disable the FIPS entitlement but the FIPS packages will remain installed.
4538- """
4539+ """
4540+ This will disable the FIPS entitlement but the FIPS packages will remain installed.
4541+ """
4542 And stdout matches regexp:
4543- """
4544- Updating package lists
4545- A reboot is required to complete disable operation
4546- """
4547+ """
4548+ Updating package lists
4549+ A reboot is required to complete disable operation
4550+ """
4551 When I run `pro status --all` with sudo
4552 Then stdout matches regexp:
4553- """
4554- Disabling FIPS requires system reboot to complete operation
4555- """
4556+ """
4557+ Disabling FIPS requires system reboot to complete operation
4558+ """
4559 When I run `apt-cache policy ubuntu-fips` as non-root
4560 Then stdout matches regexp:
4561 """
4562@@ -103,13 +102,13 @@ Feature: FIPS enablement in lxd VMs
4563 """
4564 When I run `pro status --all` with sudo
4565 Then stdout matches regexp:
4566- """
4567- <fips-service> +yes disabled
4568- """
4569+ """
4570+ <fips-service> +yes disabled
4571+ """
4572 Then stdout does not match regexp:
4573- """
4574- Disabling FIPS requires system reboot to complete operation
4575- """
4576+ """
4577+ Disabling FIPS requires system reboot to complete operation
4578+ """
4579 When I run `pro enable <fips-service> --assume-yes --format json --assume-yes` with sudo
4580 Then stdout is a json matching the `ua_operation` schema
4581 And I will see the following on stdout:
4582@@ -125,9 +124,9 @@ Feature: FIPS enablement in lxd VMs
4583 """
4584 When I run `pro status --all` with sudo
4585 Then stdout matches regexp:
4586- """
4587- <fips-service> +yes disabled
4588- """
4589+ """
4590+ <fips-service> +yes disabled
4591+ """
4592
4593 Examples: ubuntu release
4594 | release | fips-name | fips-service |fips-apt-source |
4595@@ -137,7 +136,7 @@ Feature: FIPS enablement in lxd VMs
4596 @slow
4597 @series.xenial
4598 @series.bionic
4599- @uses.config.machine_type.lxd.vm
4600+ @uses.config.machine_type.lxd-vm
4601 Scenario Outline: Attached enable of FIPS-updates in an ubuntu lxd vm
4602 Given a `<release>` machine with ubuntu-advantage-tools installed
4603 When I attach `contract_token` with sudo
4604@@ -171,7 +170,7 @@ Feature: FIPS enablement in lxd VMs
4605 When I run `pro status --all --format json` with sudo
4606 Then stdout contains substring:
4607 """
4608- {"available": "no", "blocked_by": [{"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled."}
4609+ {"available": "no", "blocked_by": [{"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled.", "warning": null}
4610 """
4611
4612 When I reboot the machine
4613@@ -245,7 +244,7 @@ Feature: FIPS enablement in lxd VMs
4614 When I run `pro status --all --format json` with sudo
4615 Then stdout contains substring:
4616 """
4617- {"available": "no", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}, {"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled."}
4618+ {"available": "no", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}, {"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled.", "warning": null}
4619 """
4620 When I run `pro disable <fips-service> --assume-yes` with sudo
4621 And I run `pro enable <fips-service> --assume-yes --format json --assume-yes` with sudo
4622@@ -275,7 +274,7 @@ Feature: FIPS enablement in lxd VMs
4623 @slow
4624 @series.xenial
4625 @series.bionic
4626- @uses.config.machine_type.lxd.vm
4627+ @uses.config.machine_type.lxd-vm
4628 Scenario Outline: Attached enable FIPS-updates while livepatch is enabled
4629 Given a `<release>` machine with ubuntu-advantage-tools installed
4630 When I attach `contract_token` with sudo
4631@@ -332,7 +331,7 @@ Feature: FIPS enablement in lxd VMs
4632
4633 @slow
4634 @series.focal
4635- @uses.config.machine_type.lxd.vm
4636+ @uses.config.machine_type.lxd-vm
4637 Scenario Outline: Attached enable of FIPS in an ubuntu lxd vm
4638 Given a `<release>` machine with ubuntu-advantage-tools installed
4639 When I attach `contract_token` with sudo
4640@@ -342,7 +341,6 @@ Feature: FIPS enablement in lxd VMs
4641 """
4642 Updating package lists
4643 Installing <fips-name> packages
4644- FIPS strongswan-hmac package could not be installed
4645 <fips-name> enabled
4646 A reboot is required to complete install
4647 """
4648@@ -376,6 +374,8 @@ Feature: FIPS enablement in lxd VMs
4649 When I reboot the machine
4650 Then I verify that `openssh-server` installed version matches regexp `fips`
4651 And I verify that `openssh-client` installed version matches regexp `fips`
4652+ And I verify that `strongswan` installed version matches regexp `fips`
4653+ And I verify that `strongswan-hmac` installed version matches regexp `fips`
4654 When I run `apt-mark unhold openssh-client openssh-server strongswan` with sudo
4655 Then I will see the following on stdout:
4656 """
4657@@ -395,7 +395,7 @@ Feature: FIPS enablement in lxd VMs
4658
4659 @slow
4660 @series.focal
4661- @uses.config.machine_type.lxd.vm
4662+ @uses.config.machine_type.lxd-vm
4663 Scenario Outline: Attached enable of FIPS-updates in an ubuntu lxd vm
4664 Given a `<release>` machine with ubuntu-advantage-tools installed
4665 When I attach `contract_token` with sudo
4666@@ -465,7 +465,7 @@ Feature: FIPS enablement in lxd VMs
4667
4668 @slow
4669 @series.lts
4670- @uses.config.machine_type.lxd.vm
4671+ @uses.config.machine_type.lxd-vm
4672 Scenario Outline: Attached enable fips-updates on fips enabled vm
4673 Given a `<release>` machine with ubuntu-advantage-tools installed
4674 When I attach `contract_token` with sudo
4675@@ -520,7 +520,7 @@ Feature: FIPS enablement in lxd VMs
4676 """
4677 And stdout matches regexp:
4678 """
4679- livepatch +yes enabled
4680+ livepatch +yes (enabled|warning)
4681 """
4682 When I run `uname -r` as non-root
4683 Then stdout matches regexp:
4684@@ -542,7 +542,7 @@ Feature: FIPS enablement in lxd VMs
4685 @slow
4686 @series.xenial
4687 @series.bionic
4688- @uses.config.machine_type.lxd.vm
4689+ @uses.config.machine_type.lxd-vm
4690 Scenario Outline: FIPS enablement message when cloud init didn't run properly
4691 Given a `<release>` machine with ubuntu-advantage-tools installed
4692 When I delete the file `/run/cloud-init/instance-data.json`
4693@@ -566,7 +566,7 @@ Feature: FIPS enablement in lxd VMs
4694
4695 @slow
4696 @series.focal
4697- @uses.config.machine_type.lxd.vm
4698+ @uses.config.machine_type.lxd-vm
4699 Scenario Outline: FIPS enablement message when cloud init didn't run properly
4700 Given a `<release>` machine with ubuntu-advantage-tools installed
4701 When I delete the file `/run/cloud-init/instance-data.json`
4702diff --git a/features/environment.py b/features/environment.py
4703index 8c3f685..7e553b4 100644
4704--- a/features/environment.py
4705+++ b/features/environment.py
4706@@ -6,6 +6,7 @@ import random
4707 import re
4708 import string
4709 import sys
4710+import tarfile
4711 from typing import Dict, List, Optional, Tuple, Union # noqa: F401
4712
4713 import pycloudlib # type: ignore # noqa: F401
4714@@ -46,7 +47,7 @@ class UAClientBehaveConfig:
4715 This indicates whether the image created for this test run should be
4716 cleaned up when all tests are complete.
4717 :param machine_type:
4718- The default machine_type to test: lxd.container, lxd.vm, azure.pro,
4719+ The default machine_type to test: lxd-container, lxd-vm, azure.pro,
4720 azure.generic, aws.pro or aws.generic
4721 :param private_key_file:
4722 Optional path to pre-existing private key file to use when connecting
4723@@ -105,8 +106,6 @@ class UAClientBehaveConfig:
4724 # This variable is used in .from_environ() but also to emit the "Config
4725 # options" stanza in __init__
4726 all_options = boolean_options + str_options
4727- cloud_api = None # type: pycloudlib.cloud.BaseCloud
4728- cloud_manager = None # type: cloud.Cloud
4729
4730 def __init__(
4731 self,
4732@@ -116,15 +115,15 @@ class UAClientBehaveConfig:
4733 destroy_instances: bool = True,
4734 ephemeral_instance: bool = False,
4735 snapshot_strategy: bool = False,
4736- machine_type: str = "lxd.container",
4737+ machine_type: str = "lxd-container",
4738 private_key_file: Optional[str] = None,
4739 private_key_name: str = "uaclient-integration",
4740 reuse_image: Optional[str] = None,
4741 contract_token: Optional[str] = None,
4742 contract_token_staging: Optional[str] = None,
4743 contract_token_staging_expired: Optional[str] = None,
4744- artifact_dir: Optional[str] = None,
4745- install_from: InstallationSource = InstallationSource.DAILY,
4746+ artifact_dir: str = "artifacts",
4747+ install_from: InstallationSource = InstallationSource.LOCAL,
4748 custom_ppa: Optional[str] = None,
4749 debs_path: Optional[str] = None,
4750 userdata_file: Optional[str] = None,
4751@@ -214,47 +213,39 @@ class UAClientBehaveConfig:
4752 )
4753 timed_job_tag += "-" + random_suffix
4754
4755- if "aws" in self.machine_type:
4756- # For AWS, we need to specify on the pycloudlib config file that
4757- # the AWS region must be us-east-2. The reason for that is because
4758- # our image ids were captured using that region.
4759- self.cloud_manager = cloud.EC2(
4760- machine_type=self.machine_type,
4761+ self.clouds = {
4762+ "aws": cloud.EC2(
4763 cloud_credentials_path=self.cloud_credentials_path,
4764 tag=timed_job_tag,
4765 timestamp_suffix=False,
4766- )
4767- self.cloud = "aws"
4768- elif "azure" in self.machine_type:
4769- self.cloud_manager = cloud.Azure(
4770- machine_type=self.machine_type,
4771+ ),
4772+ "azure": cloud.Azure(
4773 cloud_credentials_path=self.cloud_credentials_path,
4774 tag=timed_job_tag,
4775 timestamp_suffix=False,
4776- )
4777- self.cloud = "azure"
4778- elif "gcp" in self.machine_type:
4779- self.cloud_manager = cloud.GCP(
4780- machine_type=self.machine_type,
4781+ ),
4782+ "gcp": cloud.GCP(
4783 cloud_credentials_path=self.cloud_credentials_path,
4784 tag=timed_job_tag,
4785 timestamp_suffix=False,
4786- )
4787- self.cloud = "gcp"
4788- elif "lxd.vm" in self.machine_type:
4789- self.cloud_manager = cloud.LXDVirtualMachine(
4790- machine_type=self.machine_type,
4791+ ),
4792+ "lxd-vm": cloud.LXDVirtualMachine(
4793 cloud_credentials_path=self.cloud_credentials_path,
4794- )
4795- self.cloud = "lxd.vm"
4796- else:
4797- self.cloud_manager = cloud.LXDContainer(
4798- machine_type=self.machine_type,
4799+ ),
4800+ "lxd-container": cloud.LXDContainer(
4801 cloud_credentials_path=self.cloud_credentials_path,
4802- )
4803- self.cloud = "lxd"
4804-
4805- self.cloud_api = self.cloud_manager.api
4806+ ),
4807+ }
4808+ if "aws" in self.machine_type:
4809+ self.default_cloud = self.clouds["aws"]
4810+ elif "azure" in self.machine_type:
4811+ self.default_cloud = self.clouds["azure"]
4812+ elif "gcp" in self.machine_type:
4813+ self.default_cloud = self.clouds["gcp"]
4814+ elif "lxd-vm" in self.machine_type:
4815+ self.default_cloud = self.clouds["lxd-vm"]
4816+ else:
4817+ self.default_cloud = self.clouds["lxd-container"]
4818
4819 # Finally, print the config options. This helps users debug the use of
4820 # config options, and means they'll be included in test logs in CI.
4821@@ -299,6 +290,9 @@ class UAClientBehaveConfig:
4822 bool_value = False
4823 kwargs[key] = bool_value
4824
4825+ # userdata should override environment variables
4826+ kwargs.update(config.userdata)
4827+
4828 if "install_from" in kwargs:
4829 kwargs["install_from"] = InstallationSource(kwargs["install_from"])
4830
4831@@ -329,17 +323,16 @@ def before_all(context: Context) -> None:
4832 print(" - {} = {}".format(key, value))
4833 context.series_image_name = {}
4834 context.series_reuse_image = ""
4835- context.config = UAClientBehaveConfig.from_environ(context.config)
4836- context.config.cloud_manager.manage_ssh_key()
4837+ context.pro_config = UAClientBehaveConfig.from_environ(context.config)
4838 context.snapshots = {}
4839 context.machines = {}
4840
4841- if context.config.reuse_image:
4842+ if context.pro_config.reuse_image:
4843 series = lxc_get_property(
4844- context.config.reuse_image, property_name="series", image=True
4845+ context.pro_config.reuse_image, property_name="series", image=True
4846 )
4847 machine_type = lxc_get_property(
4848- context.config.reuse_image,
4849+ context.pro_config.reuse_image,
4850 property_name="machine_type",
4851 image=True,
4852 )
4853@@ -347,26 +340,26 @@ def before_all(context: Context) -> None:
4854 print("Found machine_type: {vm_type}".format(vm_type=machine_type))
4855 if series is not None:
4856 context.series_reuse_image = series
4857- context.series_image_name[series] = context.config.reuse_image
4858+ context.series_image_name[series] = context.pro_config.reuse_image
4859 else:
4860 print(" Could not check image series. It will not be used. ")
4861- context.config.reuse_image = None
4862+ context.pro_config.reuse_image = None
4863
4864
4865 def _should_skip_tags(context: Context, tags: List) -> str:
4866 """Return a reason if a feature or scenario should be skipped"""
4867- machine_type = getattr(context.config, "machine_type", "")
4868+ machine_type = getattr(context.pro_config, "machine_type", "")
4869 machine_types = []
4870
4871 for tag in tags:
4872 parts = tag.split(".")
4873- if parts[0] != "uses":
4874- continue # Only process @uses.* tags for skipping:
4875- val = context
4876- for idx, attr in enumerate(parts[1:], 1):
4877+ if parts[0] != "uses" or parts[1] != "config":
4878+ continue # Only process @uses.config.* tags for skipping:
4879+ val = context.pro_config
4880+ for idx, attr in enumerate(parts[2:], 1):
4881 val = getattr(val, attr, None)
4882 if attr == "machine_type":
4883- curr_machine_type = ".".join(parts[idx + 1 :])
4884+ curr_machine_type = ".".join(parts[idx + 2 :])
4885 machine_types.append(curr_machine_type)
4886 if curr_machine_type == machine_type:
4887 return ""
4888@@ -397,9 +390,9 @@ def before_scenario(context: Context, scenario: Scenario):
4889 scenario.skip(reason=reason)
4890 return
4891
4892- filter_series = context.config.filter_series
4893+ filter_series = context.pro_config.filter_series
4894 given_a_series_match = re.match(
4895- "a `(.*)` machine with ubuntu-advantage-tools installed",
4896+ "a `([a-z]*)` machine with ubuntu-advantage-tools installed",
4897 scenario.steps[0].name,
4898 )
4899 if filter_series and given_a_series_match:
4900@@ -415,6 +408,38 @@ def before_scenario(context: Context, scenario: Scenario):
4901 )
4902 return
4903
4904+ if hasattr(scenario, "_row") and scenario._row is not None:
4905+ row_release = scenario._row.get("release")
4906+ if (
4907+ row_release
4908+ and len(filter_series) > 0
4909+ and row_release not in filter_series
4910+ ):
4911+ scenario.skip(
4912+ reason=(
4913+ "Skipping scenario outline series `{series}`."
4914+ " Cmdline provided @series tags: {cmdline_series}".format(
4915+ series=row_release, cmdline_series=filter_series
4916+ )
4917+ )
4918+ )
4919+ return
4920+ row_machine_type = scenario._row.get("machine_type")
4921+ if (
4922+ row_machine_type
4923+ and context.pro_config.machine_type != "any"
4924+ and row_machine_type != context.pro_config.machine_type
4925+ ):
4926+ scenario.skip(
4927+ reason=(
4928+ "Skipping scenario outline machine_type `{}`."
4929+ " Cmdline provided machine_type: {}".format(
4930+ row_machine_type, context.pro_config.machine_type
4931+ )
4932+ )
4933+ )
4934+ return
4935+
4936 # before_step doesn't execute early enough to modify the step
4937 # so we perform step text surgery here
4938 # Also, logging capture is not set up when before_scenario is called,
4939@@ -431,61 +456,30 @@ def before_scenario(context: Context, scenario: Scenario):
4940 )
4941
4942
4943-FAILURE_FILES = (
4944- "/etc/ubuntu-advantage/uaclient.log",
4945- "/var/log/cloud-init.log",
4946- "/var/log/ubuntu-advantage.log",
4947- "/var/log/ubuntu-advantage-daemon.log",
4948- "/var/log/ubuntu-advantage-timer.log",
4949- "/var/lib/cloud/instance/user-data.txt",
4950- "/var/lib/cloud/instance/vendor-data.txt",
4951-)
4952-FAILURE_CMDS = {
4953- "ua-version": ["pro", "version"],
4954- "cloud-init-analyze": ["cloud-init", "analyze", "show"],
4955- "cloud-init.status": ["cloud-init", "status", "--long"],
4956- "status.yaml": ["pro", "status", "--all", "--format=yaml"],
4957- "journal.log": ["journalctl", "-b", "0"],
4958- "systemd-analyze-blame": ["systemd-analyze", "blame"],
4959- "systemctl-status": ["systemctl", "status"],
4960- "systemctl-status-ua-auto-attach": [
4961- "systemctl",
4962- "status",
4963- "ua-auto-attach.service",
4964- ],
4965- "systemctl-status-ua-reboot-cmds": [
4966- "systemctl",
4967- "status",
4968- "ua-reboot-cmds.service",
4969- ],
4970- "systemctl-status-ubuntu-advantage": [
4971- "systemctl",
4972- "status",
4973- "ubuntu-advantage.service",
4974- ],
4975- "systemctl-status-apt-news": [
4976- "systemctl",
4977- "status",
4978- "apt-news.service",
4979- ],
4980-}
4981-
4982-
4983 def after_step(context, step):
4984 """Collect test artifacts in the event of failure."""
4985 if step.status == "failed":
4986- if context.config.artifact_dir:
4987- artifacts_dir = context.config.artifact_dir
4988- else:
4989- artifacts_dir = "artifacts"
4990- artifacts_dir = os.path.join(
4991- artifacts_dir,
4992+ logging.warning("STEP FAILED. Collecting logs.")
4993+ inner_dir = os.path.join(
4994+ datetime.datetime.now().strftime("%Y-%m-%dT%H-%M-%S"),
4995 "{}_{}".format(os.path.basename(step.filename), step.line),
4996 )
4997+ new_artifacts_dir = os.path.join(
4998+ context.pro_config.artifact_dir,
4999+ inner_dir,
5000+ )
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to status/vote changes: