PyPI - kubernetes-watch - Versions diffs - 0.1.9__tar.gz → 0.1.11__tar.gz - Mend

kubernetes-watch 0.1.9tar.gz → 0.1.11tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: kubernetes-watch
-Version: 0.1.9
+Version: 0.1.11
 Summary:
 Author: bmotevalli
 Author-email: b.motevalli@gmail.com
@@ -15,7 +15,7 @@ Requires-Dist: boto3 (>=1.34.68,<2.0.0)
 Requires-Dist: humps (>=0.2.2,<0.3.0)
 Requires-Dist: hvac (>=2.1.0,<3.0.0)
 Requires-Dist: kubernetes (>=29.0.0,<30.0.0)
-Requires-Dist: prefect (>=3.4.17,<4.0.0)
+Requires-Dist: prefect (==3.4.18)
 Requires-Dist: psycopg2 (>=2.9.10,<3.0.0)
 Requires-Dist: pydantic (>=2.11.7,<3.0.0)
 Requires-Dist: requests (>=2.32.3,<3.0.0)
@@ -81,6 +81,14 @@ workflow:
       inputsArgType: arg
       conditional:
         tasks: ["Task_B"]
+    - name: Task_external
+      module: <module_external_path>
+      plugin_path: <path_to_module>
+      task: <func_name>
+      inputsArgType: arg
+      conditional:
+        tasks: ["Task_B"]
 ```
@@ -88,6 +96,10 @@ workflow:
 **module**: all modules are located in 'modules' directory in kube_watch. This is where you can extend the library and add new tasks / modules. Below modules, there are submodules such as providers, clusters, and logic. Within each of this submodules, specific modules are defined. For example: providers.aws contains a series of tasks related to AWS. In this case, <module_path> = providers.aws. To add new tasks, add a new module with a similar pattern and refer the path in your task block.
+**plugin_path**: you can add new funtions outside the library without needing to modify this library. If plugin_path is defined, the
+library assumes you are referring to a module outside the library (e.g. in your app or workflow). The plugin_path is path to your
+py script (the folder). Then, provide your script name as module and function name as task.
 **task**: task is simply the name function that you put in the <module_path>. i.e. as you define a function in a module, you can simply start to use it in your manifests.
 **inputArgType**: arg | dict | list: if the task functions accept known-fixed number of parameters, then use arg.

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/README.md RENAMED Viewed

@@ -58,6 +58,14 @@ workflow:
       inputsArgType: arg
       conditional:
         tasks: ["Task_B"]
+    - name: Task_external
+      module: <module_external_path>
+      plugin_path: <path_to_module>
+      task: <func_name>
+      inputsArgType: arg
+      conditional:
+        tasks: ["Task_B"]
 ```
@@ -65,6 +73,10 @@ workflow:
 **module**: all modules are located in 'modules' directory in kube_watch. This is where you can extend the library and add new tasks / modules. Below modules, there are submodules such as providers, clusters, and logic. Within each of this submodules, specific modules are defined. For example: providers.aws contains a series of tasks related to AWS. In this case, <module_path> = providers.aws. To add new tasks, add a new module with a similar pattern and refer the path in your task block.
+**plugin_path**: you can add new funtions outside the library without needing to modify this library. If plugin_path is defined, the
+library assumes you are referring to a module outside the library (e.g. in your app or workflow). The plugin_path is path to your
+py script (the folder). Then, provide your script name as module and function name as task.
 **task**: task is simply the name function that you put in the <module_path>. i.e. as you define a function in a module, you can simply start to use it in your manifests.
 **inputArgType**: arg | dict | list: if the task functions accept known-fixed number of parameters, then use arg.

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/kube_watch/modules/clusters/kube.py RENAMED Viewed

@@ -183,4 +183,76 @@ def has_mismatch_image_digest(repo_digest, label_selector, namespace):
     logger.info("Images are in-sync.")
     logger.info(f"Repo digest: {repo_digest}")
     logger.info(f"Curr digest: {current_image_id.split('@')[-1]}")
-    return False
+    return False
+def update_deployment_image_if_needed(namespace, deployment_name, container_name, new_tag):
+    """
+    Updates the deployment's container image tag only if it differs from the current one.
+    The repository URI is extracted automatically from the current image reference.
+    Args:
+        namespace: Kubernetes namespace where the deployment resides.
+        deployment_name: Name of the deployment to patch.
+        container_name: Name of the container inside the deployment.
+        new_tag: The new image tag to set, e.g. 'v1.2.3'
+    Returns:
+        True if the image was updated and rollout triggered, False otherwise.
+    """
+    try:
+        # Load kube config (works both in-cluster and local)
+        try:
+            config.load_incluster_config()
+        except config.ConfigException:
+            config.load_kube_config()
+        apps_v1 = client.AppsV1Api()
+        # Read the current deployment
+        deployment = apps_v1.read_namespaced_deployment(deployment_name, namespace)
+        # Find the container we want to update
+        containers = deployment.spec.template.spec.containers
+        target_container = next((c for c in containers if c.name == container_name), None)
+        if not target_container:
+            logger.error(f"Container '{container_name}' not found in deployment '{deployment_name}'.")
+            return False
+        current_image = target_container.image
+        if ':' in current_image:
+            repo_uri, current_tag = current_image.rsplit(':', 1)
+        else:
+            repo_uri, current_tag = current_image, "latest"
+        if current_tag == new_tag:
+            logger.info(f"No update needed. Deployment '{deployment_name}' already using tag '{new_tag}'.")
+            return False
+        # Build the new image reference using same repo
+        new_image = f"{repo_uri}:{new_tag}"
+        patch = {
+            "spec": {
+                "template": {
+                    "spec": {
+                        "containers": [
+                            {"name": container_name, "image": new_image}
+                        ]
+                    }
+                }
+            }
+        }
+        logger.info(f"Updating '{deployment_name}' from '{current_image}' to '{new_image}'")
+        apps_v1.patch_namespaced_deployment(
+            name=deployment_name,
+            namespace=namespace,
+            body=patch
+        )
+        logger.info(f"Deployment '{deployment_name}' successfully updated to {new_image}")
+        return True
+    except Exception as e:
+        logger.error(f"Failed to update deployment '{deployment_name}': {e}")
+        return False

kubernetes_watch-0.1.11/kube_watch/modules/logic/checks.py ADDED Viewed

@@ -0,0 +1,15 @@
+from prefect import get_run_logger
+logger = get_run_logger()
+def dicts_has_diff(dict_a, dict_b):
+    return dict_a != dict_b
+def remove_keys(d, keys):
+    return {k: v for k, v in d.items() if k not in keys}
+def print_data(data, indicator = None):
+    if indicator:
+        logger.info(indicator)
+    logger.info(data)

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/kube_watch/modules/logic/merge.py RENAMED Viewed

@@ -1,6 +1,6 @@
 from typing import Any, List, Dict
 from kube_watch.enums.logic import Operations
+from copy import deepcopy
 def merge_logical_outputs(inp_dict: Dict):
     if 'operation' not in inp_dict.keys():
@@ -25,7 +25,8 @@ def partial_dict_update(orig_data, new_data):
     This function is used when some key value pairs in orig_data should
     be updated from new_data.
     """
+    orig_data_copy = deepcopy(orig_data)
     for k, v in new_data.items():
-        orig_data[k] = v
+        orig_data_copy[k] = v
-    return orig_data
+    return orig_data_copy

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/kube_watch/modules/providers/aws.py RENAMED Viewed

@@ -3,6 +3,7 @@
 #========================================================================
 import json
 import base64
+from packaging import version
 from datetime            import datetime   , timezone, timedelta
 import boto3
 from botocore.exceptions import ClientError
@@ -73,6 +74,50 @@ def task_get_latest_image_digest(session, resource, region, repository_name, tag
     raise ValueError('Unknown resource')
+def task_get_highest_version_tag(session, resource, region, repository_name, tag_pattern=r"^v?(?P<version>\d+\.\d+\.\d+([-+][0-9A-Za-z.-]+)?)$"):
+    """
+    Fetches the highest versioned tag from an ECR repository, similar to FluxCD's semver filter.
+    Args:
+        session: boto3 session
+        resource: AwsResources enum
+        region: AWS region
+        repository_name: Name of the ECR repository
+        tag_pattern: Regex pattern to extract version component (default: semver)
+    Returns:
+        The highest matching tag or None if not found.
+    """
+    if resource == AwsResources.ECR:
+        ecr_client = session.client('ecr', region_name=region)
+        try:
+            pattern = re.compile(tag_pattern)
+            paginator = ecr_client.get_paginator('describe_images')
+            matched_tags = []
+            for page in paginator.paginate(repositoryName=repository_name, filter={'tagStatus': 'TAGGED'}):
+                for image in page.get('imageDetails', []):
+                    for tag in image.get('imageTags', []):
+                        match = pattern.match(tag)
+                        if match:
+                            ver_str = match.group('version')
+                            matched_tags.append((tag, version.parse(ver_str)))
+            if not matched_tags:
+                logger.info(f"No tags matching pattern '{tag_pattern}' found in repository {repository_name}.")
+                return None
+            # Sort by semantic version and pick the highest
+            highest_tag, _ = max(matched_tags, key=lambda t: t[1])
+            return highest_tag
+        except Exception as e:
+            logger.error(f"Error fetching highest version tag from {repository_name}: {e}")
+            return None
+    raise ValueError('Unknown resource')
 #========================================================================================
 # IAM Cred update
 #========================================================================================

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/kube_watch/modules/providers/git.py RENAMED Viewed

@@ -1,5 +1,4 @@
 import os
-from git import Repo
 import shutil
 import subprocess
 import tempfile
@@ -10,6 +9,35 @@ from prefect import get_run_logger
 logger = get_run_logger()
+def clone_pat_repo(git_pat, git_url, clone_base_path):
+    """ Clone a Git repository using a Personal Access Token (PAT) for authentication."""
+    # Retrieve environment variables
+    access_token = git_pat # os.environ.get('GIT_PAT')
+    repo_url = git_url # os.environ.get('GIT_URL')
+    if not access_token or not repo_url:
+        raise ValueError("Environment variables GIT_PAT or GIT_URL are not set")
+    # Correctly format the URL with the PAT
+    if 'https://' in repo_url:
+        # Splitting the URL and inserting the PAT
+        parts = repo_url.split('https://', 1)
+        repo_url = f'https://{access_token}@{parts[1]}'
+    else:
+        raise ValueError("URL must begin with https:// for PAT authentication")
+    # Directory where the repo will be cloned
+    repo_path = os.path.join(clone_base_path, 'manifest-repo')
+    # Clone the repository
+    if not os.path.exists(repo_path):
+        logger.info(f"Cloning repository into {repo_path}")
+        repo = Repo.clone_from(repo_url, repo_path)
+        logger.info("Repository cloned successfully.")
+    else:
+        logger.info(f"Repository already exists at {repo_path}")
 def clone_ssh_repo(
     git_url: str,
     clone_base_path: str,
@@ -19,20 +47,9 @@ def clone_ssh_repo(
     known_hosts_env: str = "GIT_SSH_KNOWN_HOSTS",
 ) -> Path:
     """
-    Clone or update a Git repo using an SSH private key & known_hosts provided via env vars.
-    Env vars:
-      - GIT_SSH_PRIVATE_KEY: the full private key (RSA/ED25519) including BEGIN/END lines
-      - GIT_SSH_KNOWN_HOSTS: one or more known_hosts lines (from `ssh-keyscan github.com`)
-    Args:
-        git_url: SSH URL like 'git@github.com:your-org/your-repo.git'
-        clone_base_path: directory where repo_dir_name will be created
-        repo_dir_name: folder name for the clone
-        depth: shallow clone depth (1 == latest)
-    Returns:
-        Path to the cloned/updated repository.
+    Clone/update a repo via SSH using key + known_hosts from env vars.
+    - GIT_SSH_PRIVATE_KEY: full private key (BEGIN/END ...)
+    - GIT_SSH_KNOWN_HOSTS: lines from `ssh-keyscan github.com`
     """
     if not git_url.startswith("git@"):
         raise ValueError("git_url must be an SSH URL like 'git@github.com:org/repo.git'")
@@ -48,7 +65,6 @@ def clone_ssh_repo(
     base.mkdir(parents=True, exist_ok=True)
     repo_path = base / repo_dir_name
-    # Secure temp dir for SSH material
     tmpdir = Path(tempfile.mkdtemp(prefix="git_ssh_"))
     key_path = tmpdir / "id_rsa"
     kh_path  = tmpdir / "known_hosts"
@@ -56,16 +72,16 @@ def clone_ssh_repo(
     try:
         key_path.write_text(priv_key, encoding="utf-8")
         kh_path.write_text(kh_data, encoding="utf-8")
         try:
             os.chmod(key_path, 0o600)
         except PermissionError:
-            pass  # Windows quirk
+            pass  # ignore on platforms where chmod doesn't apply
+        # Note: no StrictModes here
         ssh_cmd = (
             f"ssh -i {key_path} -o IdentitiesOnly=yes "
             f"-o UserKnownHostsFile={kh_path} "
-            f"-o StrictHostKeyChecking=yes -o StrictModes=no"
+            f"-o StrictHostKeyChecking=yes"
         )
         env = os.environ.copy()
@@ -91,31 +107,3 @@ def clone_ssh_repo(
             shutil.rmtree(tmpdir)
         except Exception:
             pass
-def clone_pat_repo(git_pat, git_url, clone_base_path):
-    # Retrieve environment variables
-    access_token = git_pat # os.environ.get('GIT_PAT')
-    repo_url = git_url # os.environ.get('GIT_URL')
-    if not access_token or not repo_url:
-        raise ValueError("Environment variables GIT_PAT or GIT_URL are not set")
-    # Correctly format the URL with the PAT
-    if 'https://' in repo_url:
-        # Splitting the URL and inserting the PAT
-        parts = repo_url.split('https://', 1)
-        repo_url = f'https://{access_token}@{parts[1]}'
-    else:
-        raise ValueError("URL must begin with https:// for PAT authentication")
-    # Directory where the repo will be cloned
-    repo_path = os.path.join(clone_base_path, 'manifest-repo')
-    # Clone the repository
-    if not os.path.exists(repo_path):
-        logger.info(f"Cloning repository into {repo_path}")
-        repo = Repo.clone_from(repo_url, repo_path)
-        logger.info("Repository cloned successfully.")
-    else:
-        logger.info(f"Repository already exists at {repo_path}")

{kubernetes_watch-0.1.9 → kubernetes_watch-0.1.11}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "kubernetes-watch"
-version = "0.1.9"
+version = "0.1.11"
 description = ""
 authors = ["bmotevalli <b.motevalli@gmail.com>"]
 packages = [{include = "kube_watch"}]
@@ -8,7 +8,7 @@ readme = "README.md"
 [tool.poetry.dependencies]
 python = ">=3.10,<3.14"
-prefect = "^3.4.17"
+prefect = "3.4.18"
 boto3 = "^1.34.68"
 hvac = "^2.1.0"
 humps = "^0.2.2"

kubernetes_watch-0.1.9/kube_watch/modules/logic/checks.py DELETED Viewed

@@ -1,8 +0,0 @@
-def dicts_has_diff(dict_a, dict_b):
-    return dict_a != dict_b
-def remove_keys(d, keys):
-    return {k: v for k, v in d.items() if k not in keys}