Refactor download logic

[narrieta]

The code to download the artifact profile blob, manifests (agent and extensions), and extension ZIPs followed different code paths with different implementations of the retry logic, error reporting, etc.

This change refactors all that code into a common path.

The main difficulty for this refactoring is that the underlying code to do the network requests was using different functions that handle errors in different ways: some functions would return None, some would return False, some would raise exceptions and some would do a combination of these. In the past, that inconsistent error handling has produced issues in the Agent. While doing this refactoring I noticed that the extension download code was checking for None, while the underlying implementation was returning False, so errors downloading extensions were being ignored.

The refactored code reports errors consistently, by raising exceptions.

As part of these changes, I added error information to the telemetry event that reports download errors to include the error messages from the direct and HostGAPlugin calls. This makes monitoring telemetry data simpler. Sample error message:

2022-08-15T21:37:23.876662Z ERROR ExtHandler ExtHandler Event: name=Microsoft.Azure.Extensions.CustomScript, op=Download, message=Failed to download artifacts: [ExtensionDownloadError] Failed to download extension package from all URIs. 
Last error: [HttpError] Download failed both on the primary and fallback channels. 
Primary: [[HttpError] [HTTP Failed] GET https://umsalvlwk4lfvxs4w05v.blob.core.windows.net2/5237dd14-0aad-f051-0fad-1e33e1b63091/5237dd14-0aad-f051-0fad-1e33e1b63091_2.1.7.zip -- IOError [Errno -2] Name or service not known -- 6 attempts made] 
Fallback: [[ProtocolError] Fetch failed from [http://168.63.129.16:32526/extensionArtifact]: [HTTP Failed] [400: Bad Request] b''], duration=0

This refactoring will allow us to implement other changes needed in the agent much more easily: we need to add extra headers to the HostGAPlugin requests for Fast Track goal states, and we need to keep track of metrics for HostGAPlugin reliability.

While I was working on these changes I updated my workstation to Ubuntu 22.04, which comes with Python 3.10.4 and OpenSSL 3.0.2.

Pylint has additional checks on 3.10, and this PR includes fixes for those warnings on the files that I touched.

Some of the older test data for certificates are encrypted using a deprecated algorithm that is no longer supported by OpenSSL 3.0. This PR also updates those test data with samples taken from a current VM.

[narrieta]

The older test data is encrypted using an algorithm that is no longer supported on OpenSSL 3.0. All the changes in the data directory are to update the test data with new certificates pulled from a current live VM.

You will see updates of the certificate thumbprints throughout this PR, as well as the certificate data itself.

[codecov]

Codecov Report

Merging #2651 (06c2deb) into develop (e2b61fe) will decrease coverage by 0.05%.
The diff coverage is 92.30%.

@@             Coverage Diff             @@
##           develop    #2651      +/-   ##
===========================================
- Coverage    72.03%   71.97%   -0.06%     
===========================================
  Files          103      103              
  Lines        15760    15692      -68     
  Branches      2502     2486      -16     
===========================================
- Hits         11352    11295      -57     
+ Misses        3891     3881      -10     
+ Partials       517      516       -1     

Impacted Files	Coverage Δ
...protocol/extensions_goal_state_from_vm_settings.py	83.45% <ø> (ø)
azurelinuxagent/common/protocol/wire.py	78.54% <90.24%> (-0.04%)	⬇️
...ol/extensions_goal_state_from_extensions_config.py	92.05% <100.00%> (+0.82%)	⬆️
azurelinuxagent/ga/exthandlers.py	85.69% <100.00%> (-0.18%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[narrieta]

The main change in this function is that I moved the download logic to the WireClient class (method fetch_artifacts_profile_blob) to make it consistent with other downloads.

I also ensured that we send telemetry for the cases that we assume OnHold is False because there is an error fetching the artifacts profile)

[narrieta]

I made _fetch_extensions_on_hold() a static function, per pycharm's suggestion.

[narrieta]

This is part of a global update. See my comment for the changes in the "data" directory

[narrieta]

these are fixes for pylint warnings on Python 3.10

[narrieta]

These were refactored and moved to WireClient, where the other download methods are defined

[narrieta]

The agent used to have a disk cache for the goal state. We stopped using that cache a long time ago, but this function was still here and had a caller. Removed the function and modified the caller to use read_file directly.

[narrieta]

This is where the refactoring of the download logic begins. Most of the logic is in _download_with_fallback_channel() and _download_using_appropriate_channel(). fetch_artifacts_profile_blob(), fetch_manifest() and download_extension() just define the functions to use for the direct and HGAP call and then invoke _download_with_fallback_channel()

[narrieta]

I extended the error message to also include the errors from the direct and HGAP channels

[narrieta]

Now all these functions report errors consistently (using exceptions )

[narrieta]

removed the max_retry parameter, since it is no longer used. All downloads have the same strategy in terms of timeouts, retries and error reporting

[narrieta]

This code was trying to handle the different error values (False, None, exceptions) of the different downloads. Now all functions use exceptions so this is no longer needed

[narrieta]

same thing -- now the code uses exceptions

[narrieta]

This was a bug that would not detect errors downloading extensions. The stream() method used for the download use to return False on error and this is comparing against None.

This is no longer an issue, since the refactored code now uses exceptions to report errors

[narrieta]

This method use to return None for errors, or raise an exception for InvalidContainerError and ResourceGoneError. Now it always reports errors with exceptions

[narrieta]

Same thing here: __send_request_using_host_channel() and __send_request_using_direct_channel() attempted to provide a uniform interface to download report errors. They are no longer needed, since all the download functions use exceptions.

[narrieta]

This code was using fetch_cache(), which is a leftover from older agent versions that cached the goal state on disk. I removed that function and this code invokes read_file directly

[narrieta]

_call_hostplugin_with_container_check() implements retry logic when the HGAP returns 410 (ResourceGone). Those retries are needed only for the extensionsArtifact API. Upload log does not neeed this.

[narrieta]

This cleanup logic is now part of WireClient.stream()

[narrieta]

Download extension used to have its own retry logic. No longer needed. All the download logic is now in 1 single place and is consistent across artifact blob, manifests, and extension packages

[narrieta]

The timeout_in_minutes and timeout_in_ms parameters were used by test code only, so I removed them. Now the test code uses _DOWNLOAD_TIMEOUT instead.

[narrieta]

The mocks in this class have very internal knowledge of the code they are testing. They need rewriting, but for now I just defined a mock HGAP to account for the code I refactored.

[narrieta]

The behaviours here used to be in implemented by WireProtocol.download_ext_handler_pkg, but now they are implemented by WireClient.stream

[narrieta]

This code assumes there will be only 1 warning in the log. Other components could also log warnings (I added a couple). I fixed the code to filter out the wanings that are not relevant to these tests

[narrieta]

Upload logs does not need the retry logic for 410. I removed that code and its corresponding tests below

[narrieta]

The mocks need to be updated to raise exceptions instead of reporting errors with None or False

[narrieta]

Now errors raise exceptions

[nagworld9]

@narrieta Looks to me you haven't touch the agent artifacts and manifest download logic. it has its own logic inside the update.py. Is that something we want that way or have a plan to change that?

[narrieta]

@nagworld9 - Good point. The agent manifest should be covered by this PR. The Agent package is a lot trickier to address given the current code. I will refactor that on a separate PR.