kubernetes-watch 0.1.12__py3-none-any.whl → 0.1.13__py3-none-any.whl

kube_watch/modules/clusters/kube.py

@@ -146,7 +146,45 @@ def restart_deployment(deployment, namespace):
         api_response = v1.patch_namespaced_deployment(name=deployment, namespace=namespace, body=body)
         logger.info(f"Deployment restarted. Name: {api_response.metadata.name}")
     except ApiException as e:
-        logger.error(f"Exception when restarting deployment: {e}")
+        logger.error(
+            "Failed to restart deployment. status=%s reason=%s body=%s",
+            e.status, e.reason, e.body
+        )
+        # raise
+
+    except Exception as e:
+        # Everything else: connectivity, config, TLS, serialization, etc.
+        logger.error("Unexpected error restarting deployment: %s", e)
+        # raise
+
+
+def delete_pod(namespace: str, label_selector: str, max_pods: int | None = 1):
+    v1 = client.CoreV1Api()
+
+
+    pods = v1.list_namespaced_pod(namespace=namespace, label_selector=label_selector)
+    if not pods.items:
+        raise RuntimeError(f"No pods found for selector: {label_selector}")
+    
+
+    for i, pod in enumerate(pods.items):
+        if max_pods is not None and i >= max_pods:
+            break
+
+        try:
+            v1.delete_namespaced_pod(
+                name=pod,
+                namespace=namespace,
+                grace_period_seconds=30,
+            )
+            print(f"Deleted pod: {pod}")
+        except ApiException as e:
+            logger.error(f"Failed to delete pod: status={e.status} reason={e.reason} body={e.body}")
+            # raise
+        except Exception as e:
+            # Everything else: connectivity, config, TLS, serialization, etc.
+            logger.error("Unexpected error restarting deployment: %s", e)
+            # raise
 
 
 def has_mismatch_image_digest(repo_digest, label_selector, namespace):

kube_watch/modules/providers/git.py

@@ -1,33 +1,65 @@
 import os
 import shutil
+import time
 import subprocess
 import tempfile
 from pathlib import Path
 
+import jwt
+import requests
+from git import Repo
+
 from prefect import get_run_logger
 
 logger = get_run_logger()
 
 
-def clone_pat_repo(git_pat, git_url, clone_base_path):
+def is_ssh_clone(git_method: str) -> bool:
+    """ Determine if the git clone method is SSH based on the provided method string. """
+    result = git_method.lower() == 'ssh'
+    logger.info(f"Checking if git method '{git_method}' is SSH: {result}")
+    return result
+
+def is_pat_clone(git_method: str) -> bool:
+    """ Determine if the git clone method is PAT based on the provided method string. """
+    result = git_method.lower() == 'pat'
+    logger.info(f"Checking if git method '{git_method}' is PAT: {result}")
+    return result
+
+def is_gh_apps_clone(git_method: str) -> bool:
+    """ Determine if the git clone method is GitHub App based on the provided method string. """
+    result = git_method.lower() == 'apps'
+    logger.info(f"Checking if git method '{git_method}' is GitHub Apps: {result}")
+    return result
+
+
+def clone_repo_pat(git_pat, git_url, clone_base_path):
     """ Clone a Git repository using a Personal Access Token (PAT) for authentication."""
+    logger.info(f"Starting PAT-based git clone for URL: {git_url}")
+    logger.info(f"Clone base path: {clone_base_path}")
+    
     # Retrieve environment variables
     access_token = git_pat # os.environ.get('GIT_PAT')
     repo_url = git_url # os.environ.get('GIT_URL')
     
     if not access_token or not repo_url:
+        logger.error("Missing required parameters: git_pat or git_url")
         raise ValueError("Environment variables GIT_PAT or GIT_URL are not set")
 
     # Correctly format the URL with the PAT
+    logger.info("Formatting URL with PAT authentication")
     if 'https://' in repo_url:
         # Splitting the URL and inserting the PAT
         parts = repo_url.split('https://', 1)
         repo_url = f'https://{access_token}@{parts[1]}'
+        logger.info("Successfully formatted URL with PAT")
     else:
+        logger.error(f"Invalid URL format: {repo_url}. Must begin with https://")
         raise ValueError("URL must begin with https:// for PAT authentication")
 
     # Directory where the repo will be cloned
     repo_path = os.path.join(clone_base_path, 'manifest-repo')
+    logger.info(f"Target repository path: {repo_path}")
 
     # Clone the repository
     if not os.path.exists(repo_path):
@@ -38,7 +70,7 @@ def clone_pat_repo(git_pat, git_url, clone_base_path):
         logger.info(f"Repository already exists at {repo_path}")
 
 
-def clone_ssh_repo(
+def clone_repo_ssh(
     git_url: str,
     clone_base_path: str,
     repo_dir_name: str = "manifest-repo",
@@ -51,23 +83,33 @@ def clone_ssh_repo(
     - GIT_SSH_PRIVATE_KEY: full private key (BEGIN/END ...)
     - GIT_SSH_KNOWN_HOSTS: lines from `ssh-keyscan github.com`
     """
+    logger.info(f"Starting SSH-based git clone for URL: {git_url}")
+    logger.info(f"Clone base path: {clone_base_path}, repo directory: {repo_dir_name}")
+    logger.info(f"Clone depth: {depth}")
+    
     if not git_url.startswith("git@"):
+        logger.error(f"Invalid SSH URL format: {git_url}")
         raise ValueError("git_url must be an SSH URL like 'git@github.com:org/repo.git'")
 
+    logger.info(f"Reading SSH credentials from environment variables: {ssh_key_env}, {known_hosts_env}")
     priv_key = os.environ.get(ssh_key_env)
     kh_data  = os.environ.get(known_hosts_env)
     if not priv_key:
+        logger.error(f"Missing SSH private key environment variable: {ssh_key_env}")
         raise ValueError(f"Missing env var {ssh_key_env}")
     if not kh_data:
+        logger.error(f"Missing SSH known hosts environment variable: {known_hosts_env}")
         raise ValueError(f"Missing env var {known_hosts_env}")
 
     base = Path(clone_base_path).expanduser().resolve()
     base.mkdir(parents=True, exist_ok=True)
     repo_path = base / repo_dir_name
+    logger.info(f"Target repository path: {repo_path}")
 
     tmpdir = Path(tempfile.mkdtemp(prefix="git_ssh_"))
     key_path = tmpdir / "id_rsa"
     kh_path  = tmpdir / "known_hosts"
+    logger.info(f"Created temporary directory for SSH keys: {tmpdir}")
 
     try:
         key_path.write_text(priv_key, encoding="utf-8")
@@ -88,18 +130,28 @@ def clone_ssh_repo(
         env["GIT_SSH_COMMAND"] = ssh_cmd
 
         if not repo_path.exists():
+            logger.info(f"Repository doesn't exist, performing fresh clone")
             cmd = ["git", "clone"]
             if depth and depth > 0:
                 cmd += ["--depth", str(depth)]
             cmd += [git_url, str(repo_path)]
+            logger.info(f"Executing git clone command: {' '.join(cmd[:-1])} <repo_path>")
             subprocess.check_call(cmd, env=env)
+            logger.info("Git clone completed successfully")
         else:
+            logger.info(f"Repository already exists at {repo_path}, updating existing repo")
             if not (repo_path / ".git").exists():
+                logger.error(f"Path exists but is not a git repository: {repo_path}")
                 raise RuntimeError(f"Path exists but is not a git repo: {repo_path}")
+            logger.info("Updating remote URL")
             subprocess.check_call(["git", "remote", "set-url", "origin", git_url], cwd=repo_path, env=env)
+            logger.info("Fetching latest changes")
             subprocess.check_call(["git", "fetch", "--all", "--prune"], cwd=repo_path, env=env)
+            logger.info("Pulling latest changes")
             subprocess.check_call(["git", "pull", "--ff-only", "origin"], cwd=repo_path, env=env)
+            logger.info("Repository update completed successfully")
 
+        logger.info(f"SSH clone operation completed, returning path: {repo_path}")
         return repo_path
 
     finally:
@@ -107,3 +159,151 @@ def clone_ssh_repo(
             shutil.rmtree(tmpdir)
         except Exception:
             pass
+
+
+
+def _ghapp_installation_token(app_id: str, installation_id: str, private_key_pem: str) -> str:
+    """Create an App-signed JWT and exchange it for a short-lived installation token (~1h)."""
+    logger.info(f"Creating GitHub App installation token for app_id: {app_id}, installation_id: {installation_id}")
+    
+    now = int(time.time())
+    payload = {"iat": now - 60, "exp": now + 9 * 60, "iss": app_id}  # JWT max 10m
+    app_jwt = jwt.encode(payload, private_key_pem, algorithm="RS256")
+    logger.info("JWT token created successfully")
+
+    headers = {"Authorization": f"Bearer {app_jwt}", "Accept": "application/vnd.github+json"}
+    logger.info("Requesting installation access token from GitHub API")
+    resp = requests.post(
+        f"https://api.github.com/app/installations/{installation_id}/access_tokens",
+        headers=headers,
+        timeout=20,
+    )
+    resp.raise_for_status()
+    logger.info("Installation access token retrieved successfully")
+    return resp.json()["token"]  # valid ~1 hour
+
+
+def _to_https_url(git_url: str) -> str:
+    """
+    Accepts either SSH ('git@github.com:org/repo.git') or HTTPS.
+    Returns HTTPS form required for GitHub App tokens:
+      'https://github.com/org/repo.git'
+    """
+    logger.info(f"Converting git URL to HTTPS format: {git_url}")
+    
+    if git_url.startswith("git@github.com:"):
+        org_repo = git_url.split("git@github.com:", 1)[1]
+        https_url = f"https://github.com/{org_repo}"
+        logger.info(f"Converted SSH URL to HTTPS: {https_url}")
+        return https_url
+    if git_url.startswith("https://"):
+        logger.info("URL is already in HTTPS format")
+        return git_url
+    
+    logger.error(f"Invalid git URL format: {git_url}")
+    raise ValueError("git_url must be an SSH url for github.com or an https:// URL")
+
+
+def clone_repo_github_app(
+    git_url: str,
+    clone_base_path: str,
+    repo_dir_name: str = "manifest-repo",
+    depth: int = 1,
+    app_id_env: str = "GITHUB_APP_ID",
+    installation_id_env: str = "GITHUB_INSTALLATION_ID",
+    private_key_env: str = "GITHUB_APP_PRIVATE_KEY",
+) -> Path:
+    """
+    Clone/update a repo using a GitHub App installation token (HTTPS).
+
+    Env vars required:
+      - GITHUB_APP_ID              : the App ID (numeric string)
+      - GITHUB_INSTALLATION_ID     : the installation ID (numeric string)
+      - GITHUB_APP_PRIVATE_KEY     : the App private key PEM (BEGIN/END ...)
+
+    Notes:
+      - Token is minted on the fly and embedded in the clone URL:
+          https://x-access-token:<token>@github.com/org/repo.git
+      - No SSH keys / known_hosts needed.
+    """
+    logger.info(f"Starting GitHub App-based git clone for URL: {git_url}")
+    logger.info(f"Clone base path: {clone_base_path}, repo directory: {repo_dir_name}")
+    logger.info(f"Clone depth: {depth}")
+    
+    logger.info(f"Reading GitHub App credentials from environment variables: {app_id_env}, {installation_id_env}, {private_key_env}")
+    app_id = os.environ.get(app_id_env)
+    inst_id = os.environ.get(installation_id_env)
+    pem     = os.environ.get(private_key_env)
+
+    if not app_id or not inst_id or not pem:
+        logger.error(f"Missing GitHub App environment variables. Required: {app_id_env}, {installation_id_env}, {private_key_env}")
+        raise ValueError(f"Missing one of env vars: {app_id_env}, {installation_id_env}, {private_key_env}")
+
+    https_url = _to_https_url(git_url)
+    logger.info("Obtaining GitHub App installation token")
+    token = _ghapp_installation_token(app_id, inst_id, pem)
+
+    # Build an authenticated URL (avoids credential helpers)
+    authed_url = f"https://x-access-token:{token}@{https_url.split('https://',1)[1]}"
+    logger.info("Successfully created authenticated URL with installation token")
+
+    base = Path(clone_base_path).expanduser().resolve()
+    base.mkdir(parents=True, exist_ok=True)
+    repo_path = base / repo_dir_name
+    logger.info(f"Target repository path: {repo_path}")
+
+    # Ensure git won't prompt for creds in CI
+    env = os.environ.copy()
+    env.setdefault("GIT_TERMINAL_PROMPT", "0")
+    env.setdefault("GCM_INTERACTIVE", "Never")  # in case Git Credential Manager is present
+
+    if not repo_path.exists():
+        logger.info(f"Repository doesn't exist, performing fresh clone")
+        cmd = ["git", "clone"]
+        if depth and depth > 0:
+            cmd += ["--depth", str(depth)]
+        cmd += [authed_url, str(repo_path)]
+        logger.info(f"Executing git clone command with GitHub App authentication")
+        subprocess.check_call(cmd, env=env)
+        logger.info("Git clone completed successfully")
+    else:
+        logger.info(f"Repository already exists at {repo_path}, updating existing repo")
+        if not (repo_path / ".git").exists():
+            logger.error(f"Path exists but is not a git repository: {repo_path}")
+            raise RuntimeError(f"Path exists but is not a git repo: {repo_path}")
+        # Refresh remote URL & pull default branch
+        logger.info("Updating remote URL with new GitHub App token")
+        subprocess.check_call(["git", "remote", "set-url", "origin", authed_url], cwd=repo_path, env=env)
+        logger.info("Fetching latest changes")
+        subprocess.check_call(["git", "fetch", "--all", "--prune"], cwd=repo_path, env=env)
+        logger.info("Pulling latest changes")
+        subprocess.check_call(["git", "pull", "--ff-only", "origin"], cwd=repo_path, env=env)
+        logger.info("Repository update completed successfully")
+
+    logger.info(f"GitHub App clone operation completed, returning path: {repo_path}")
+    return repo_path
+
+
+
+def generate_github_creds(
+        app_id_env: str = "GITHUB_APP_ID",
+        installation_id_env: str = "GITHUB_INSTALLATION_ID",
+        private_key_env: str = "GITHUB_APP_PRIVATE_KEY",
+    ):
+    """
+    Generate GitHub credentials using a GitHub App installation token.
+    """
+    app_id = os.environ.get(app_id_env)
+    installation_id = os.environ.get(installation_id_env)
+    private_key = os.environ.get(private_key_env)
+
+    if not app_id or not installation_id or not private_key:
+        logger.error("Missing GitHub App environment variables.")
+        raise ValueError(f"Missing one of env vars: {app_id_env}, {installation_id_env}, {private_key_env}")
+    
+    token = _ghapp_installation_token(app_id, installation_id, private_key)
+
+    return {
+        "username": "x-access-token",
+        "password": token
+    }

{kubernetes_watch-0.1.12.dist-info → kubernetes_watch-0.1.13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: kubernetes-watch
-Version: 0.1.12
+Version: 0.1.13
 Summary: 
 Author: bmotevalli
 Author-email: b.motevalli@gmail.com

{kubernetes_watch-0.1.12.dist-info → kubernetes_watch-0.1.13.dist-info}/RECORD

@@ -9,7 +9,7 @@ kube_watch/models/common.py,sha256=FQktpX552zSCigMxEzm4S07SvrHv5RA7YwVJHgv7uuI,5
 kube_watch/models/workflow.py,sha256=ZFBMz_LmYgROcbz2amSvms38K770njnyZC6h1bpTXGU,1634
 kube_watch/modules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 kube_watch/modules/clusters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-kube_watch/modules/clusters/kube.py,sha256=ZvWpLrdgftLHexuigil8aa23BjqTZDmyeb6ZCAW6Y7w,10205
+kube_watch/modules/clusters/kube.py,sha256=DiHhXiX8p4UX7fbyu1xhjNWcZPm3nkHTI_NPW-JeLb4,11467
 kube_watch/modules/database/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 kube_watch/modules/database/model.py,sha256=MWG9UW6g0KuBzW6MjzPBtknAk7GmuncQrdAq6HHarTo,207
 kube_watch/modules/database/postgre.py,sha256=1Sq2YFwgCJM_FWKabV2S1bFAIl2GBwytTtPCuLfVhu8,8182
@@ -23,14 +23,14 @@ kube_watch/modules/mock/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG
 kube_watch/modules/mock/mock_generator.py,sha256=BKKQFCxxQgFW_GFgeIbkyIbuNU4328xTTaFfTwFLsS8,1262
 kube_watch/modules/providers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 kube_watch/modules/providers/aws.py,sha256=qKL7oGKeKOUO5AQRQqcrR35kzOpq42uNXuXumeU-gtw,10224
-kube_watch/modules/providers/git.py,sha256=5d7vkeTbVD_XN-mpCoPTRmM6lwgrwkDwcCIsjqYwmaQ,3778
+kube_watch/modules/providers/git.py,sha256=E1XJ1QN0ekoud7XQkwRkQTuZo3_5F-v7c_NJ9CjTos4,12934
 kube_watch/modules/providers/github.py,sha256=eQY8sLy2U6bOWMpFxA73DFCPVuswhTXSG25KmYSuo5s,5212
 kube_watch/modules/providers/vault.py,sha256=etzzHbTrUDsTUpeUN-xg0Xh8ulqC0-1FA3tHRZinIOo,7193
 kube_watch/standalone/metarecogen/ckan_to_gn.py,sha256=LWd7ikyxRIC1IGt6CtALnDOEoyuG07a8NoDHhgMkX4o,4635
 kube_watch/watch/__init__.py,sha256=9KE0Sf1nLUTNaFvXbiQCgf11vpG8Xgmb5ddeMAmak3Q,88
 kube_watch/watch/helpers.py,sha256=8BQnQ6AeLHs0JEq54iKYDvWURb1F-kROJxwIcl_nv_Y,6276
 kube_watch/watch/workflow.py,sha256=CaXHFuEWVsFjBv5dU4IfVMeTlGJWyKaE1But9-YzVWk,9769
-kubernetes_watch-0.1.12.dist-info/LICENSE,sha256=_H2QdL-2dXbivDmOpJ11DnqJewSFhSJwGpHx_WAE-CA,1075
-kubernetes_watch-0.1.12.dist-info/METADATA,sha256=zG9wEStvXgfYthz6Aa5i05Oyoh7ygmIMWtI8kdzRM00,5600
-kubernetes_watch-0.1.12.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-kubernetes_watch-0.1.12.dist-info/RECORD,,
+kubernetes_watch-0.1.13.dist-info/LICENSE,sha256=_H2QdL-2dXbivDmOpJ11DnqJewSFhSJwGpHx_WAE-CA,1075
+kubernetes_watch-0.1.13.dist-info/METADATA,sha256=wMEwoVLfacKPKBOppPCM6kEWYRmynt-LnjoxCOC7KVU,5600
+kubernetes_watch-0.1.13.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+kubernetes_watch-0.1.13.dist-info/RECORD,,