PyPI - qontract-reconcile - Versions diffs - 0.10.0__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl - Mend

qontract-reconcile 0.10.0py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (844) hide show

qontract_reconcile-0.10.1.dev1203.dist-info/METADATA +500 -0
qontract_reconcile-0.10.1.dev1203.dist-info/RECORD +771 -0
{qontract_reconcile-0.10.0.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/WHEEL +1 -2
{qontract_reconcile-0.10.0.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/entry_points.txt +4 -2
reconcile/acs_notifiers.py +126 -0
reconcile/acs_policies.py +243 -0
reconcile/acs_rbac.py +596 -0
reconcile/aus/advanced_upgrade_service.py +621 -8
reconcile/aus/aus_label_source.py +115 -0
reconcile/aus/base.py +1053 -353
reconcile/{utils → aus}/cluster_version_data.py +27 -12
reconcile/aus/healthchecks.py +77 -0
reconcile/aus/metrics.py +158 -0
reconcile/aus/models.py +245 -5
reconcile/aus/node_pool_spec.py +35 -0
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +225 -110
reconcile/aus/ocm_upgrade_scheduler.py +76 -71
reconcile/aus/ocm_upgrade_scheduler_org.py +81 -23
reconcile/aus/version_gate_approver.py +204 -0
reconcile/aus/version_gates/__init__.py +12 -0
reconcile/aus/version_gates/handler.py +33 -0
reconcile/aus/version_gates/ingress_gate_handler.py +32 -0
reconcile/aus/version_gates/ocp_gate_handler.py +26 -0
reconcile/aus/version_gates/sts_version_gate_handler.py +100 -0
reconcile/aws_account_manager/README.md +5 -0
reconcile/aws_account_manager/integration.py +373 -0
reconcile/aws_account_manager/merge_request_manager.py +114 -0
reconcile/aws_account_manager/metrics.py +39 -0
reconcile/aws_account_manager/reconciler.py +403 -0
reconcile/aws_account_manager/utils.py +41 -0
reconcile/aws_ami_cleanup/integration.py +273 -0
reconcile/aws_ami_share.py +18 -14
reconcile/aws_cloudwatch_log_retention/integration.py +253 -0
reconcile/aws_iam_keys.py +1 -1
reconcile/aws_iam_password_reset.py +56 -20
reconcile/aws_saml_idp/integration.py +204 -0
reconcile/aws_saml_roles/integration.py +322 -0
reconcile/aws_support_cases_sos.py +2 -2
reconcile/aws_version_sync/integration.py +430 -0
reconcile/aws_version_sync/merge_request_manager/merge_request.py +156 -0
reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py +160 -0
reconcile/aws_version_sync/utils.py +64 -0
reconcile/blackbox_exporter_endpoint_monitoring.py +2 -5
reconcile/change_owners/README.md +34 -0
reconcile/change_owners/approver.py +7 -9
reconcile/change_owners/bundle.py +134 -9
reconcile/change_owners/change_log_tracking.py +236 -0
reconcile/change_owners/change_owners.py +204 -194
reconcile/change_owners/change_types.py +183 -265
reconcile/change_owners/changes.py +488 -0
reconcile/change_owners/decision.py +120 -41
reconcile/change_owners/diff.py +63 -92
reconcile/change_owners/implicit_ownership.py +19 -16
reconcile/change_owners/self_service_roles.py +158 -35
reconcile/change_owners/tester.py +20 -18
reconcile/checkpoint.py +4 -6
reconcile/cli.py +1523 -242
reconcile/closedbox_endpoint_monitoring_base.py +10 -17
reconcile/cluster_auth_rhidp/integration.py +257 -0
reconcile/cluster_deployment_mapper.py +2 -5
reconcile/cna/assets/asset.py +4 -7
reconcile/cna/assets/null.py +2 -5
reconcile/cna/integration.py +2 -3
reconcile/cna/state.py +6 -9
reconcile/dashdotdb_base.py +31 -10
reconcile/dashdotdb_cso.py +3 -6
reconcile/dashdotdb_dora.py +530 -0
reconcile/dashdotdb_dvo.py +10 -13
reconcile/dashdotdb_slo.py +75 -19
reconcile/database_access_manager.py +753 -0
reconcile/deadmanssnitch.py +207 -0
reconcile/dynatrace_token_provider/dependencies.py +69 -0
reconcile/dynatrace_token_provider/integration.py +656 -0
reconcile/dynatrace_token_provider/metrics.py +62 -0
reconcile/dynatrace_token_provider/model.py +14 -0
reconcile/dynatrace_token_provider/ocm.py +140 -0
reconcile/dynatrace_token_provider/validate.py +48 -0
reconcile/endpoints_discovery/integration.py +348 -0
reconcile/endpoints_discovery/merge_request.py +96 -0
reconcile/endpoints_discovery/merge_request_manager.py +178 -0
reconcile/external_resources/aws.py +204 -0
reconcile/external_resources/factories.py +163 -0
reconcile/external_resources/integration.py +194 -0
reconcile/external_resources/integration_secrets_sync.py +47 -0
reconcile/external_resources/manager.py +405 -0
reconcile/external_resources/meta.py +17 -0
reconcile/external_resources/metrics.py +95 -0
reconcile/external_resources/model.py +350 -0
reconcile/external_resources/reconciler.py +265 -0
reconcile/external_resources/secrets_sync.py +465 -0
reconcile/external_resources/state.py +258 -0
reconcile/gabi_authorized_users.py +19 -11
reconcile/gcr_mirror.py +43 -34
reconcile/github_org.py +4 -6
reconcile/github_owners.py +1 -1
reconcile/github_repo_invites.py +2 -5
reconcile/gitlab_fork_compliance.py +14 -13
reconcile/gitlab_housekeeping.py +185 -91
reconcile/gitlab_labeler.py +15 -14
reconcile/gitlab_members.py +126 -120
reconcile/gitlab_owners.py +53 -66
reconcile/gitlab_permissions.py +167 -6
reconcile/glitchtip/README.md +150 -0
reconcile/glitchtip/integration.py +99 -51
reconcile/glitchtip/reconciler.py +99 -70
reconcile/glitchtip_project_alerts/__init__.py +0 -0
reconcile/glitchtip_project_alerts/integration.py +333 -0
reconcile/glitchtip_project_dsn/integration.py +43 -43
reconcile/gql_definitions/acs/__init__.py +0 -0
reconcile/gql_definitions/acs/acs_instances.py +83 -0
reconcile/gql_definitions/acs/acs_policies.py +239 -0
reconcile/gql_definitions/acs/acs_rbac.py +111 -0
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +46 -8
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +38 -8
reconcile/gql_definitions/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +61 -0
reconcile/gql_definitions/aws_account_manager/__init__.py +0 -0
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +177 -0
reconcile/gql_definitions/aws_ami_cleanup/__init__.py +0 -0
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +161 -0
reconcile/gql_definitions/aws_saml_idp/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/roles.py +97 -0
reconcile/gql_definitions/aws_version_sync/__init__.py +0 -0
reconcile/gql_definitions/aws_version_sync/clusters.py +83 -0
reconcile/gql_definitions/aws_version_sync/namespaces.py +143 -0
reconcile/gql_definitions/change_owners/queries/change_types.py +16 -29
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +45 -11
reconcile/gql_definitions/cluster_auth_rhidp/__init__.py +0 -0
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +128 -0
reconcile/gql_definitions/cna/queries/cna_provisioners.py +6 -8
reconcile/gql_definitions/cna/queries/cna_resources.py +3 -5
reconcile/gql_definitions/common/alerting_services_settings.py +2 -2
reconcile/gql_definitions/common/app_code_component_repos.py +9 -5
reconcile/gql_definitions/{glitchtip/glitchtip_settings.py → common/app_interface_custom_messages.py} +14 -16
reconcile/gql_definitions/common/app_interface_dms_settings.py +86 -0
reconcile/gql_definitions/common/app_interface_repo_settings.py +2 -2
reconcile/gql_definitions/common/app_interface_state_settings.py +3 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +3 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +120 -0
reconcile/gql_definitions/common/apps.py +72 -0
reconcile/gql_definitions/common/aws_vpc_requests.py +109 -0
reconcile/gql_definitions/common/aws_vpcs.py +84 -0
reconcile/gql_definitions/common/clusters.py +120 -254
reconcile/gql_definitions/common/clusters_minimal.py +11 -35
reconcile/gql_definitions/common/clusters_with_dms.py +72 -0
reconcile/gql_definitions/common/clusters_with_peering.py +70 -98
reconcile/gql_definitions/common/github_orgs.py +2 -2
reconcile/gql_definitions/common/jira_settings.py +68 -0
reconcile/gql_definitions/common/jiralert_settings.py +68 -0
reconcile/gql_definitions/common/namespaces.py +74 -32
reconcile/gql_definitions/common/namespaces_minimal.py +4 -10
reconcile/gql_definitions/common/ocm_env_telemeter.py +95 -0
reconcile/gql_definitions/common/ocm_environments.py +4 -2
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -11
reconcile/gql_definitions/common/pipeline_providers.py +45 -90
reconcile/gql_definitions/common/quay_instances.py +64 -0
reconcile/gql_definitions/common/quay_orgs.py +68 -0
reconcile/gql_definitions/common/reserved_networks.py +94 -0
reconcile/gql_definitions/common/saas_files.py +133 -95
reconcile/gql_definitions/common/saas_target_namespaces.py +41 -26
reconcile/gql_definitions/common/saasherder_settings.py +2 -2
reconcile/gql_definitions/common/slack_workspaces.py +62 -0
reconcile/gql_definitions/common/smtp_client_settings.py +2 -2
reconcile/gql_definitions/common/state_aws_account.py +77 -0
reconcile/gql_definitions/common/users.py +3 -2
reconcile/gql_definitions/cost_report/__init__.py +0 -0
reconcile/gql_definitions/cost_report/app_names.py +68 -0
reconcile/gql_definitions/cost_report/cost_namespaces.py +86 -0
reconcile/gql_definitions/cost_report/settings.py +77 -0
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +42 -12
reconcile/gql_definitions/dynatrace_token_provider/__init__.py +0 -0
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +79 -0
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +84 -0
reconcile/gql_definitions/endpoints_discovery/__init__.py +0 -0
reconcile/gql_definitions/endpoints_discovery/namespaces.py +127 -0
reconcile/gql_definitions/external_resources/__init__.py +0 -0
reconcile/gql_definitions/external_resources/aws_accounts.py +73 -0
reconcile/gql_definitions/external_resources/external_resources_modules.py +78 -0
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +1111 -0
reconcile/gql_definitions/external_resources/external_resources_settings.py +98 -0
reconcile/gql_definitions/fragments/aus_organization.py +34 -39
reconcile/gql_definitions/fragments/aws_account_common.py +62 -0
reconcile/gql_definitions/fragments/aws_account_managed.py +57 -0
reconcile/gql_definitions/fragments/aws_account_sso.py +35 -0
reconcile/gql_definitions/fragments/aws_infra_management_account.py +2 -2
reconcile/gql_definitions/fragments/aws_vpc.py +47 -0
reconcile/gql_definitions/fragments/aws_vpc_request.py +65 -0
reconcile/gql_definitions/fragments/aws_vpc_request_subnet.py +29 -0
reconcile/gql_definitions/fragments/deplopy_resources.py +7 -7
reconcile/gql_definitions/fragments/disable.py +28 -0
reconcile/gql_definitions/fragments/jumphost_common_fields.py +2 -2
reconcile/gql_definitions/fragments/membership_source.py +47 -0
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +29 -0
reconcile/gql_definitions/fragments/oc_connection_cluster.py +4 -9
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +30 -0
reconcile/gql_definitions/fragments/prometheus_instance.py +48 -0
reconcile/gql_definitions/fragments/resource_limits_requirements.py +29 -0
reconcile/gql_definitions/fragments/{resource_requirements.py → resource_requests_requirements.py} +3 -3
reconcile/gql_definitions/fragments/resource_values.py +2 -2
reconcile/gql_definitions/fragments/saas_target_namespace.py +55 -12
reconcile/gql_definitions/fragments/serviceaccount_token.py +38 -0
reconcile/gql_definitions/fragments/terraform_state.py +36 -0
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -3
reconcile/gql_definitions/fragments/user.py +3 -2
reconcile/gql_definitions/fragments/vault_secret.py +2 -2
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +6 -2
reconcile/gql_definitions/gitlab_members/permissions.py +3 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +16 -2
reconcile/gql_definitions/glitchtip/glitchtip_project.py +22 -23
reconcile/gql_definitions/glitchtip_project_alerts/__init__.py +0 -0
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +173 -0
reconcile/gql_definitions/integrations/integrations.py +62 -45
reconcile/gql_definitions/introspection.json +51176 -0
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +13 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +79 -0
reconcile/gql_definitions/jira/__init__.py +0 -0
reconcile/gql_definitions/jira/jira_servers.py +80 -0
reconcile/gql_definitions/jira_permissions_validator/__init__.py +0 -0
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +131 -0
reconcile/gql_definitions/jumphosts/jumphosts.py +3 -5
reconcile/gql_definitions/ldap_groups/__init__.py +0 -0
reconcile/gql_definitions/ldap_groups/roles.py +111 -0
reconcile/gql_definitions/ldap_groups/settings.py +79 -0
reconcile/gql_definitions/maintenance/__init__.py +0 -0
reconcile/gql_definitions/maintenance/maintenances.py +101 -0
reconcile/gql_definitions/membershipsources/__init__.py +0 -0
reconcile/gql_definitions/membershipsources/roles.py +112 -0
reconcile/gql_definitions/ocm_labels/__init__.py +0 -0
reconcile/gql_definitions/ocm_labels/clusters.py +112 -0
reconcile/gql_definitions/ocm_labels/organizations.py +78 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +126 -0
reconcile/gql_definitions/openshift_groups/managed_groups.py +2 -2
reconcile/gql_definitions/openshift_groups/managed_roles.py +3 -2
reconcile/gql_definitions/openshift_serviceaccount_tokens/__init__.py +0 -0
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +132 -0
reconcile/gql_definitions/quay_membership/quay_membership.py +3 -5
reconcile/gql_definitions/rhidp/__init__.py +0 -0
reconcile/gql_definitions/rhidp/organizations.py +96 -0
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +2 -2
reconcile/gql_definitions/service_dependencies/service_dependencies.py +9 -31
reconcile/gql_definitions/sharding/aws_accounts.py +2 -2
reconcile/gql_definitions/sharding/ocm_organization.py +63 -0
reconcile/gql_definitions/skupper_network/site_controller_template.py +2 -2
reconcile/gql_definitions/skupper_network/skupper_networks.py +12 -38
reconcile/gql_definitions/slack_usergroups/clusters.py +2 -2
reconcile/gql_definitions/slack_usergroups/permissions.py +8 -15
reconcile/gql_definitions/slack_usergroups/users.py +3 -2
reconcile/gql_definitions/slo_documents/__init__.py +0 -0
reconcile/gql_definitions/slo_documents/slo_documents.py +142 -0
reconcile/gql_definitions/status_board/__init__.py +0 -0
reconcile/gql_definitions/status_board/status_board.py +163 -0
reconcile/gql_definitions/statuspage/statuspages.py +56 -7
reconcile/gql_definitions/templating/__init__.py +0 -0
reconcile/gql_definitions/templating/template_collection.py +130 -0
reconcile/gql_definitions/templating/templates.py +108 -0
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +8 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +6 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +45 -56
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +4 -8
reconcile/gql_definitions/terraform_init/__init__.py +0 -0
reconcile/gql_definitions/terraform_init/aws_accounts.py +93 -0
reconcile/gql_definitions/terraform_repo/__init__.py +0 -0
reconcile/gql_definitions/terraform_repo/terraform_repo.py +141 -0
reconcile/gql_definitions/terraform_resources/database_access_manager.py +158 -0
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +153 -162
reconcile/gql_definitions/terraform_tgw_attachments/__init__.py +0 -0
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +119 -0
reconcile/gql_definitions/unleash_feature_toggles/__init__.py +0 -0
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +113 -0
reconcile/gql_definitions/vault_instances/vault_instances.py +17 -50
reconcile/gql_definitions/vault_policies/vault_policies.py +2 -2
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +49 -12
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +7 -2
reconcile/integrations_manager.py +25 -13
reconcile/jenkins/types.py +5 -1
reconcile/jenkins_base.py +36 -0
reconcile/jenkins_job_builder.py +10 -48
reconcile/jenkins_job_builds_cleaner.py +40 -25
reconcile/jenkins_job_cleaner.py +1 -3
reconcile/jenkins_roles.py +22 -26
reconcile/jenkins_webhooks.py +9 -6
reconcile/jenkins_worker_fleets.py +11 -6
reconcile/jira_permissions_validator.py +340 -0
reconcile/jira_watcher.py +3 -5
reconcile/ldap_groups/__init__.py +0 -0
reconcile/ldap_groups/integration.py +279 -0
reconcile/ldap_users.py +3 -0
reconcile/ocm/types.py +39 -59
reconcile/ocm_additional_routers.py +0 -1
reconcile/ocm_addons_upgrade_tests_trigger.py +10 -15
reconcile/ocm_aws_infrastructure_access.py +30 -32
reconcile/ocm_clusters.py +217 -130
reconcile/ocm_external_configuration_labels.py +15 -0
reconcile/ocm_github_idp.py +1 -1
reconcile/ocm_groups.py +25 -5
reconcile/ocm_internal_notifications/__init__.py +0 -0
reconcile/ocm_internal_notifications/integration.py +119 -0
reconcile/ocm_labels/__init__.py +0 -0
reconcile/ocm_labels/integration.py +409 -0
reconcile/ocm_machine_pools.py +517 -108
reconcile/ocm_upgrade_scheduler_org_updater.py +15 -11
reconcile/openshift_base.py +609 -207
reconcile/openshift_cluster_bots.py +344 -0
reconcile/openshift_clusterrolebindings.py +15 -15
reconcile/openshift_groups.py +42 -45
reconcile/openshift_limitranges.py +1 -0
reconcile/openshift_namespace_labels.py +22 -28
reconcile/openshift_namespaces.py +22 -22
reconcile/openshift_network_policies.py +4 -8
reconcile/openshift_prometheus_rules.py +43 -0
reconcile/openshift_resourcequotas.py +2 -16
reconcile/openshift_resources.py +12 -10
reconcile/openshift_resources_base.py +304 -328
reconcile/openshift_rolebindings.py +18 -20
reconcile/openshift_saas_deploy.py +105 -21
reconcile/openshift_saas_deploy_change_tester.py +30 -35
reconcile/openshift_saas_deploy_trigger_base.py +39 -36
reconcile/openshift_saas_deploy_trigger_cleaner.py +41 -27
reconcile/openshift_saas_deploy_trigger_configs.py +1 -2
reconcile/openshift_saas_deploy_trigger_images.py +1 -2
reconcile/openshift_saas_deploy_trigger_moving_commits.py +1 -2
reconcile/openshift_saas_deploy_trigger_upstream_jobs.py +1 -2
reconcile/openshift_serviceaccount_tokens.py +138 -74
reconcile/openshift_tekton_resources.py +89 -24
reconcile/openshift_upgrade_watcher.py +110 -62
reconcile/openshift_users.py +16 -15
reconcile/openshift_vault_secrets.py +11 -6
reconcile/oum/__init__.py +0 -0
reconcile/oum/base.py +387 -0
reconcile/oum/labelset.py +55 -0
reconcile/oum/metrics.py +71 -0
reconcile/oum/models.py +69 -0
reconcile/oum/providers.py +59 -0
reconcile/oum/standalone.py +196 -0
reconcile/prometheus_rules_tester/integration.py +31 -23
reconcile/quay_base.py +4 -1
reconcile/quay_membership.py +1 -2
reconcile/quay_mirror.py +111 -61
reconcile/quay_mirror_org.py +34 -21
reconcile/quay_permissions.py +7 -3
reconcile/quay_repos.py +24 -32
reconcile/queries.py +263 -198
reconcile/query_validator.py +3 -5
reconcile/resource_scraper.py +3 -4
reconcile/{template_tester.py → resource_template_tester.py} +3 -3
reconcile/rhidp/__init__.py +0 -0
reconcile/rhidp/common.py +214 -0
reconcile/rhidp/metrics.py +20 -0
reconcile/rhidp/ocm_oidc_idp/__init__.py +0 -0
reconcile/rhidp/ocm_oidc_idp/base.py +221 -0
reconcile/rhidp/ocm_oidc_idp/integration.py +56 -0
reconcile/rhidp/ocm_oidc_idp/metrics.py +22 -0
reconcile/rhidp/sso_client/__init__.py +0 -0
reconcile/rhidp/sso_client/base.py +266 -0
reconcile/rhidp/sso_client/integration.py +60 -0
reconcile/rhidp/sso_client/metrics.py +39 -0
reconcile/run_integration.py +293 -0
reconcile/saas_auto_promotions_manager/integration.py +69 -24
reconcile/saas_auto_promotions_manager/merge_request_manager/batcher.py +208 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/desired_state.py +28 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request.py +3 -4
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager_v2.py +172 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/metrics.py +42 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/mr_parser.py +226 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/open_merge_requests.py +23 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +108 -32
reconcile/saas_auto_promotions_manager/meta.py +4 -0
reconcile/saas_auto_promotions_manager/publisher.py +32 -4
reconcile/saas_auto_promotions_manager/s3_exporter.py +77 -0
reconcile/saas_auto_promotions_manager/subscriber.py +110 -23
reconcile/saas_auto_promotions_manager/utils/saas_files_inventory.py +48 -41
reconcile/saas_file_validator.py +16 -6
reconcile/sendgrid_teammates.py +27 -12
reconcile/service_dependencies.py +0 -3
reconcile/signalfx_endpoint_monitoring.py +2 -5
reconcile/skupper_network/integration.py +10 -11
reconcile/skupper_network/models.py +3 -5
reconcile/skupper_network/reconciler.py +28 -35
reconcile/skupper_network/site_controller.py +8 -8
reconcile/slack_base.py +4 -7
reconcile/slack_usergroups.py +249 -171
reconcile/sql_query.py +324 -171
reconcile/status.py +0 -1
reconcile/status_board.py +275 -0
reconcile/statuspage/__init__.py +0 -5
reconcile/statuspage/atlassian.py +219 -80
reconcile/statuspage/integration.py +9 -97
reconcile/statuspage/integrations/__init__.py +0 -0
reconcile/statuspage/integrations/components.py +77 -0
reconcile/statuspage/integrations/maintenances.py +111 -0
reconcile/statuspage/page.py +107 -72
reconcile/statuspage/state.py +6 -11
reconcile/statuspage/status.py +8 -12
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +60 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +61 -0
reconcile/templating/__init__.py +0 -0
reconcile/templating/lib/__init__.py +0 -0
reconcile/templating/lib/merge_request_manager.py +180 -0
reconcile/templating/lib/model.py +20 -0
reconcile/templating/lib/rendering.py +191 -0
reconcile/templating/renderer.py +410 -0
reconcile/templating/validator.py +153 -0
reconcile/terraform_aws_route53.py +13 -10
reconcile/terraform_cloudflare_dns.py +92 -122
reconcile/terraform_cloudflare_resources.py +15 -13
reconcile/terraform_cloudflare_users.py +27 -27
reconcile/terraform_init/__init__.py +0 -0
reconcile/terraform_init/integration.py +165 -0
reconcile/terraform_init/merge_request.py +57 -0
reconcile/terraform_init/merge_request_manager.py +102 -0
reconcile/terraform_repo.py +403 -0
reconcile/terraform_resources.py +266 -168
reconcile/terraform_tgw_attachments.py +417 -167
reconcile/terraform_users.py +40 -17
reconcile/terraform_vpc_peerings.py +310 -142
reconcile/terraform_vpc_resources/__init__.py +0 -0
reconcile/terraform_vpc_resources/integration.py +220 -0
reconcile/terraform_vpc_resources/merge_request.py +57 -0
reconcile/terraform_vpc_resources/merge_request_manager.py +107 -0
reconcile/typed_queries/alerting_services_settings.py +1 -2
reconcile/typed_queries/app_interface_custom_messages.py +24 -0
reconcile/typed_queries/app_interface_deadmanssnitch_settings.py +17 -0
reconcile/typed_queries/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py +13 -0
reconcile/typed_queries/app_interface_repo_url.py +1 -2
reconcile/typed_queries/app_interface_state_settings.py +1 -3
reconcile/typed_queries/app_interface_vault_settings.py +1 -2
reconcile/typed_queries/app_quay_repos_escalation_policies.py +14 -0
reconcile/typed_queries/apps.py +11 -0
reconcile/typed_queries/aws_vpc_requests.py +9 -0
reconcile/typed_queries/aws_vpcs.py +12 -0
reconcile/typed_queries/cloudflare.py +10 -0
reconcile/typed_queries/clusters.py +7 -5
reconcile/typed_queries/clusters_minimal.py +6 -5
reconcile/typed_queries/clusters_with_dms.py +16 -0
reconcile/typed_queries/cost_report/__init__.py +0 -0
reconcile/typed_queries/cost_report/app_names.py +22 -0
reconcile/typed_queries/cost_report/cost_namespaces.py +43 -0
reconcile/typed_queries/cost_report/settings.py +15 -0
reconcile/typed_queries/dynatrace.py +10 -0
reconcile/typed_queries/dynatrace_environments.py +14 -0
reconcile/typed_queries/dynatrace_token_provider_token_specs.py +14 -0
reconcile/typed_queries/external_resources.py +46 -0
reconcile/typed_queries/get_state_aws_account.py +20 -0
reconcile/typed_queries/glitchtip.py +10 -0
reconcile/typed_queries/jenkins.py +25 -0
reconcile/typed_queries/jira.py +7 -0
reconcile/typed_queries/jira_settings.py +16 -0
reconcile/typed_queries/jiralert_settings.py +22 -0
reconcile/typed_queries/ocm.py +8 -0
reconcile/typed_queries/pagerduty_instances.py +2 -7
reconcile/typed_queries/quay.py +23 -0
reconcile/typed_queries/repos.py +20 -8
reconcile/typed_queries/reserved_networks.py +12 -0
reconcile/typed_queries/saas_files.py +221 -167
reconcile/typed_queries/slack.py +7 -0
reconcile/typed_queries/slo_documents.py +12 -0
reconcile/typed_queries/status_board.py +58 -0
reconcile/typed_queries/tekton_pipeline_providers.py +1 -2
reconcile/typed_queries/terraform_namespaces.py +1 -2
reconcile/typed_queries/terraform_tgw_attachments/__init__.py +0 -0
reconcile/typed_queries/terraform_tgw_attachments/aws_accounts.py +16 -0
reconcile/typed_queries/unleash.py +10 -0
reconcile/typed_queries/users.py +11 -0
reconcile/typed_queries/vault.py +10 -0
reconcile/unleash_feature_toggles/__init__.py +0 -0
reconcile/unleash_feature_toggles/integration.py +287 -0
reconcile/utils/acs/__init__.py +0 -0
reconcile/utils/acs/base.py +81 -0
reconcile/utils/acs/notifiers.py +143 -0
reconcile/utils/acs/policies.py +163 -0
reconcile/utils/acs/rbac.py +277 -0
reconcile/utils/aggregated_list.py +11 -9
reconcile/utils/amtool.py +6 -4
reconcile/utils/aws_api.py +279 -66
reconcile/utils/aws_api_typed/__init__.py +0 -0
reconcile/utils/aws_api_typed/account.py +23 -0
reconcile/utils/aws_api_typed/api.py +273 -0
reconcile/utils/aws_api_typed/dynamodb.py +16 -0
reconcile/utils/aws_api_typed/iam.py +67 -0
reconcile/utils/aws_api_typed/organization.py +152 -0
reconcile/utils/aws_api_typed/s3.py +26 -0
reconcile/utils/aws_api_typed/service_quotas.py +79 -0
reconcile/utils/aws_api_typed/sts.py +36 -0
reconcile/utils/aws_api_typed/support.py +79 -0
reconcile/utils/aws_helper.py +42 -3
reconcile/utils/batches.py +11 -0
reconcile/utils/binary.py +7 -9
reconcile/utils/cloud_resource_best_practice/__init__.py +0 -0
reconcile/utils/cloud_resource_best_practice/aws_rds.py +66 -0
reconcile/utils/clusterhealth/__init__.py +0 -0
reconcile/utils/clusterhealth/providerbase.py +39 -0
reconcile/utils/clusterhealth/telemeter.py +39 -0
reconcile/utils/config.py +3 -4
reconcile/utils/deadmanssnitch_api.py +86 -0
reconcile/utils/differ.py +205 -0
reconcile/utils/disabled_integrations.py +4 -6
reconcile/utils/dynatrace/__init__.py +0 -0
reconcile/utils/dynatrace/client.py +93 -0
reconcile/utils/early_exit_cache.py +289 -0
reconcile/utils/elasticsearch_exceptions.py +5 -0
reconcile/utils/environ.py +2 -2
reconcile/utils/exceptions.py +4 -0
reconcile/utils/expiration.py +4 -8
reconcile/utils/extended_early_exit.py +210 -0
reconcile/utils/external_resource_spec.py +34 -12
reconcile/utils/external_resources.py +48 -20
reconcile/utils/filtering.py +16 -0
reconcile/utils/git.py +49 -16
reconcile/utils/github_api.py +10 -9
reconcile/utils/gitlab_api.py +333 -190
reconcile/utils/glitchtip/client.py +97 -100
reconcile/utils/glitchtip/models.py +89 -11
reconcile/utils/gql.py +157 -58
reconcile/utils/grouping.py +17 -0
reconcile/utils/helm.py +89 -18
reconcile/utils/helpers.py +51 -0
reconcile/utils/imap_client.py +5 -6
reconcile/utils/internal_groups/__init__.py +0 -0
reconcile/utils/internal_groups/client.py +160 -0
reconcile/utils/internal_groups/models.py +71 -0
reconcile/utils/jenkins_api.py +10 -34
reconcile/utils/jinja2/__init__.py +0 -0
reconcile/utils/{jinja2_ext.py → jinja2/extensions.py} +6 -4
reconcile/utils/jinja2/filters.py +142 -0
reconcile/utils/jinja2/utils.py +278 -0
reconcile/utils/jira_client.py +165 -8
reconcile/utils/jjb_client.py +47 -35
reconcile/utils/jobcontroller/__init__.py +0 -0
reconcile/utils/jobcontroller/controller.py +413 -0
reconcile/utils/jobcontroller/models.py +195 -0
reconcile/utils/jsonpath.py +4 -5
reconcile/utils/jump_host.py +13 -12
reconcile/utils/keycloak.py +106 -0
reconcile/utils/ldap_client.py +35 -6
reconcile/utils/lean_terraform_client.py +115 -6
reconcile/utils/membershipsources/__init__.py +0 -0
reconcile/utils/membershipsources/app_interface_resolver.py +60 -0
reconcile/utils/membershipsources/models.py +91 -0
reconcile/utils/membershipsources/resolver.py +110 -0
reconcile/utils/merge_request_manager/__init__.py +0 -0
reconcile/utils/merge_request_manager/merge_request_manager.py +99 -0
reconcile/utils/merge_request_manager/parser.py +67 -0
reconcile/utils/metrics.py +511 -1
reconcile/utils/models.py +123 -0
reconcile/utils/mr/README.md +198 -0
reconcile/utils/mr/__init__.py +14 -10
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/aws_access.py +4 -4
reconcile/utils/mr/base.py +51 -31
reconcile/utils/mr/clusters_updates.py +10 -7
reconcile/utils/mr/glitchtip_access_reporter.py +2 -4
reconcile/utils/mr/labels.py +14 -1
reconcile/utils/mr/notificator.py +1 -3
reconcile/utils/mr/ocm_update_recommended_version.py +1 -2
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +7 -3
reconcile/utils/mr/promote_qontract.py +203 -0
reconcile/utils/mr/user_maintenance.py +24 -4
reconcile/utils/oauth2_backend_application_session.py +132 -0
reconcile/utils/oc.py +194 -170
reconcile/utils/oc_connection_parameters.py +40 -51
reconcile/utils/oc_filters.py +11 -13
reconcile/utils/oc_map.py +14 -35
reconcile/utils/ocm/__init__.py +30 -1
reconcile/utils/ocm/addons.py +228 -0
reconcile/utils/ocm/base.py +618 -5
reconcile/utils/ocm/cluster_groups.py +5 -56
reconcile/utils/ocm/clusters.py +111 -99
reconcile/utils/ocm/identity_providers.py +66 -0
reconcile/utils/ocm/label_sources.py +75 -0
reconcile/utils/ocm/labels.py +139 -54
reconcile/utils/ocm/manifests.py +39 -0
reconcile/utils/ocm/ocm.py +182 -928
reconcile/utils/ocm/products.py +758 -0
reconcile/utils/ocm/search_filters.py +20 -28
reconcile/utils/ocm/service_log.py +32 -79
reconcile/utils/ocm/sre_capability_labels.py +51 -0
reconcile/utils/ocm/status_board.py +66 -0
reconcile/utils/ocm/subscriptions.py +49 -59
reconcile/utils/ocm/syncsets.py +39 -0
reconcile/utils/ocm/upgrades.py +181 -0
reconcile/utils/ocm_base_client.py +71 -36
reconcile/utils/openshift_resource.py +113 -67
reconcile/utils/output.py +18 -11
reconcile/utils/pagerduty_api.py +16 -10
reconcile/utils/parse_dhms_duration.py +13 -1
reconcile/utils/prometheus.py +123 -0
reconcile/utils/promotion_state.py +56 -19
reconcile/utils/promtool.py +5 -8
reconcile/utils/quay_api.py +13 -25
reconcile/utils/raw_github_api.py +3 -5
reconcile/utils/repo_owners.py +2 -8
reconcile/utils/rest_api_base.py +126 -0
reconcile/utils/rosa/__init__.py +0 -0
reconcile/utils/rosa/rosa_cli.py +310 -0
reconcile/utils/rosa/session.py +201 -0
reconcile/utils/ruamel.py +16 -0
reconcile/utils/runtime/__init__.py +0 -1
reconcile/utils/runtime/desired_state_diff.py +9 -20
reconcile/utils/runtime/environment.py +33 -8
reconcile/utils/runtime/integration.py +28 -12
reconcile/utils/runtime/meta.py +1 -3
reconcile/utils/runtime/runner.py +8 -11
reconcile/utils/runtime/sharding.py +93 -36
reconcile/utils/saasherder/__init__.py +1 -1
reconcile/utils/saasherder/interfaces.py +143 -138
reconcile/utils/saasherder/models.py +201 -43
reconcile/utils/saasherder/saasherder.py +508 -378
reconcile/utils/secret_reader.py +22 -27
reconcile/utils/semver_helper.py +15 -1
reconcile/utils/slack_api.py +124 -36
reconcile/utils/smtp_client.py +1 -2
reconcile/utils/sqs_gateway.py +10 -6
reconcile/utils/state.py +276 -127
reconcile/utils/terraform/config_client.py +6 -7
reconcile/utils/terraform_client.py +284 -125
reconcile/utils/terrascript/cloudflare_client.py +38 -17
reconcile/utils/terrascript/cloudflare_resources.py +67 -18
reconcile/utils/terrascript/models.py +2 -3
reconcile/utils/terrascript/resources.py +1 -2
reconcile/utils/terrascript_aws_client.py +1292 -540
reconcile/utils/three_way_diff_strategy.py +157 -0
reconcile/utils/unleash/__init__.py +11 -0
reconcile/utils/{unleash.py → unleash/client.py} +35 -29
reconcile/utils/unleash/server.py +145 -0
reconcile/utils/vault.py +42 -32
reconcile/utils/vaultsecretref.py +2 -4
reconcile/utils/vcs.py +250 -0
reconcile/vault_replication.py +38 -31
reconcile/vpc_peerings_validator.py +82 -13
tools/app_interface_metrics_exporter.py +70 -0
tools/app_interface_reporter.py +44 -157
tools/cli_commands/container_images_report.py +154 -0
tools/cli_commands/cost_report/__init__.py +0 -0
tools/cli_commands/cost_report/aws.py +137 -0
tools/cli_commands/cost_report/cost_management_api.py +155 -0
tools/cli_commands/cost_report/model.py +49 -0
tools/cli_commands/cost_report/openshift.py +166 -0
tools/cli_commands/cost_report/openshift_cost_optimization.py +187 -0
tools/cli_commands/cost_report/response.py +124 -0
tools/cli_commands/cost_report/util.py +72 -0
tools/cli_commands/cost_report/view.py +524 -0
tools/cli_commands/erv2.py +620 -0
tools/cli_commands/gpg_encrypt.py +5 -8
tools/cli_commands/systems_and_tools.py +489 -0
tools/glitchtip_access_revalidation.py +1 -1
tools/qontract_cli.py +2301 -673
tools/saas_metrics_exporter/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/channel.py +63 -0
tools/saas_metrics_exporter/commit_distance/commit_distance.py +103 -0
tools/saas_metrics_exporter/commit_distance/metrics.py +19 -0
tools/saas_metrics_exporter/main.py +99 -0
tools/saas_promotion_state/__init__.py +0 -0
tools/saas_promotion_state/saas_promotion_state.py +105 -0
tools/sd_app_sre_alert_report.py +145 -0
tools/template_validation.py +107 -0
e2e_tests/cli.py +0 -83
e2e_tests/create_namespace.py +0 -43
e2e_tests/dedicated_admin_rolebindings.py +0 -44
e2e_tests/dedicated_admin_test_base.py +0 -39
e2e_tests/default_network_policies.py +0 -47
e2e_tests/default_project_labels.py +0 -52
e2e_tests/network_policy_test_base.py +0 -17
e2e_tests/test_base.py +0 -56
qontract_reconcile-0.10.0.dist-info/LICENSE +0 -201
qontract_reconcile-0.10.0.dist-info/METADATA +0 -63
qontract_reconcile-0.10.0.dist-info/RECORD +0 -586
qontract_reconcile-0.10.0.dist-info/top_level.txt +0 -4
reconcile/ecr_mirror.py +0 -152
reconcile/github_scanner.py +0 -74
reconcile/gitlab_integrations.py +0 -63
reconcile/gql_definitions/ocm_oidc_idp/clusters.py +0 -195
reconcile/gql_definitions/ocp_release_mirror/ocp_release_mirror.py +0 -287
reconcile/integrations_validator.py +0 -18
reconcile/jenkins_plugins.py +0 -129
reconcile/kafka_clusters.py +0 -208
reconcile/ocm_cluster_admin.py +0 -42
reconcile/ocm_oidc_idp.py +0 -198
reconcile/ocp_release_mirror.py +0 -373
reconcile/prometheus_rules_tester_old.py +0 -436
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager.py +0 -279
reconcile/saas_auto_promotions_manager/utils/vcs.py +0 -141
reconcile/sentry_config.py +0 -613
reconcile/sentry_helper.py +0 -69
reconcile/test/conftest.py +0 -187
reconcile/test/fixtures.py +0 -24
reconcile/test/saas_auto_promotions_manager/conftest.py +0 -69
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/conftest.py +0 -110
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/data_keys.py +0 -10
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_housekeeping.py +0 -200
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_merge_request_manager.py +0 -151
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/conftest.py +0 -63
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/data_keys.py +0 -4
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_multiple_namespaces.py +0 -46
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_namespace.py +0 -94
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_target.py +0 -44
reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py +0 -74
reconcile/test/saas_auto_promotions_manager/subscriber/data_keys.py +0 -11
reconcile/test/saas_auto_promotions_manager/subscriber/test_content_hash.py +0 -155
reconcile/test/saas_auto_promotions_manager/subscriber/test_diff.py +0 -173
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_config_hash.py +0 -226
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_moving_ref.py +0 -224
reconcile/test/saas_auto_promotions_manager/subscriber/test_single_channel_with_single_publisher.py +0 -350
reconcile/test/saas_auto_promotions_manager/test_integration_test.py +0 -129
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_multiple_publishers_for_single_channel.py +0 -70
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_use_target_config_hash.py +0 -63
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_with_auto_promote.py +0 -74
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_without_auto_promote.py +0 -65
reconcile/test/test_aggregated_list.py +0 -237
reconcile/test/test_amtool.py +0 -37
reconcile/test/test_auto_promoter.py +0 -295
reconcile/test/test_aws_ami_share.py +0 -68
reconcile/test/test_aws_iam_keys.py +0 -70
reconcile/test/test_aws_iam_password_reset.py +0 -35
reconcile/test/test_aws_support_cases_sos.py +0 -23
reconcile/test/test_checkpoint.py +0 -178
reconcile/test/test_cli.py +0 -41
reconcile/test/test_closedbox_endpoint_monitoring.py +0 -207
reconcile/test/test_gabi_authorized_users.py +0 -72
reconcile/test/test_github_org.py +0 -154
reconcile/test/test_github_repo_invites.py +0 -123
reconcile/test/test_gitlab_housekeeping.py +0 -88
reconcile/test/test_gitlab_labeler.py +0 -129
reconcile/test/test_gitlab_members.py +0 -283
reconcile/test/test_instrumented_wrappers.py +0 -18
reconcile/test/test_integrations_manager.py +0 -995
reconcile/test/test_jenkins_worker_fleets.py +0 -55
reconcile/test/test_jump_host.py +0 -117
reconcile/test/test_ldap_users.py +0 -123
reconcile/test/test_make.py +0 -28
reconcile/test/test_ocm_additional_routers.py +0 -134
reconcile/test/test_ocm_addons_upgrade_scheduler_org.py +0 -149
reconcile/test/test_ocm_clusters.py +0 -598
reconcile/test/test_ocm_clusters_manifest_updates.py +0 -89
reconcile/test/test_ocm_oidc_idp.py +0 -315
reconcile/test/test_ocm_update_recommended_version.py +0 -145
reconcile/test/test_ocm_upgrade_scheduler.py +0 -614
reconcile/test/test_ocm_upgrade_scheduler_org_updater.py +0 -129
reconcile/test/test_openshift_base.py +0 -730
reconcile/test/test_openshift_namespace_labels.py +0 -345
reconcile/test/test_openshift_namespaces.py +0 -256
reconcile/test/test_openshift_resource.py +0 -415
reconcile/test/test_openshift_resources_base.py +0 -440
reconcile/test/test_openshift_saas_deploy_change_tester.py +0 -310
reconcile/test/test_openshift_tekton_resources.py +0 -253
reconcile/test/test_openshift_upgrade_watcher.py +0 -146
reconcile/test/test_prometheus_rules_tester.py +0 -151
reconcile/test/test_prometheus_rules_tester_old.py +0 -77
reconcile/test/test_quay_membership.py +0 -86
reconcile/test/test_quay_mirror.py +0 -109
reconcile/test/test_quay_mirror_org.py +0 -70
reconcile/test/test_quay_repos.py +0 -59
reconcile/test/test_queries.py +0 -53
reconcile/test/test_repo_owners.py +0 -47
reconcile/test/test_requests_sender.py +0 -139
reconcile/test/test_saasherder.py +0 -1074
reconcile/test/test_saasherder_allowed_secret_paths.py +0 -127
reconcile/test/test_secret_reader.py +0 -153
reconcile/test/test_slack_base.py +0 -185
reconcile/test/test_slack_usergroups.py +0 -744
reconcile/test/test_sql_query.py +0 -19
reconcile/test/test_terraform_cloudflare_dns.py +0 -117
reconcile/test/test_terraform_cloudflare_resources.py +0 -106
reconcile/test/test_terraform_cloudflare_users.py +0 -749
reconcile/test/test_terraform_resources.py +0 -257
reconcile/test/test_terraform_tgw_attachments.py +0 -631
reconcile/test/test_terraform_users.py +0 -57
reconcile/test/test_terraform_vpc_peerings.py +0 -499
reconcile/test/test_terraform_vpc_peerings_build_desired_state.py +0 -1061
reconcile/test/test_unleash.py +0 -138
reconcile/test/test_utils_aws_api.py +0 -240
reconcile/test/test_utils_aws_helper.py +0 -80
reconcile/test/test_utils_cluster_version_data.py +0 -177
reconcile/test/test_utils_data_structures.py +0 -13
reconcile/test/test_utils_disabled_integrations.py +0 -86
reconcile/test/test_utils_expiration.py +0 -109
reconcile/test/test_utils_external_resource_spec.py +0 -383
reconcile/test/test_utils_external_resources.py +0 -247
reconcile/test/test_utils_github_api.py +0 -73
reconcile/test/test_utils_gitlab_api.py +0 -20
reconcile/test/test_utils_gpg.py +0 -69
reconcile/test/test_utils_gql.py +0 -81
reconcile/test/test_utils_helm.py +0 -306
reconcile/test/test_utils_helpers.py +0 -55
reconcile/test/test_utils_imap_client.py +0 -65
reconcile/test/test_utils_jjb_client.py +0 -52
reconcile/test/test_utils_jsonpath.py +0 -286
reconcile/test/test_utils_ldap_client.py +0 -51
reconcile/test/test_utils_mr.py +0 -226
reconcile/test/test_utils_mr_clusters_updates.py +0 -77
reconcile/test/test_utils_oc.py +0 -984
reconcile/test/test_utils_ocm.py +0 -110
reconcile/test/test_utils_pagerduty_api.py +0 -251
reconcile/test/test_utils_parse_dhms_duration.py +0 -34
reconcile/test/test_utils_password_validator.py +0 -155
reconcile/test/test_utils_quay_api.py +0 -86
reconcile/test/test_utils_semver_helper.py +0 -19
reconcile/test/test_utils_sharding.py +0 -56
reconcile/test/test_utils_slack_api.py +0 -439
reconcile/test/test_utils_smtp_client.py +0 -73
reconcile/test/test_utils_state.py +0 -256
reconcile/test/test_utils_terraform.py +0 -13
reconcile/test/test_utils_terraform_client.py +0 -585
reconcile/test/test_utils_terraform_config_client.py +0 -219
reconcile/test/test_utils_terrascript_aws_client.py +0 -277
reconcile/test/test_utils_terrascript_cloudflare_client.py +0 -597
reconcile/test/test_utils_terrascript_cloudflare_resources.py +0 -26
reconcile/test/test_vault_replication.py +0 -515
reconcile/test/test_vault_utils.py +0 -47
reconcile/test/test_version_bump.py +0 -18
reconcile/test/test_vpc_peerings_validator.py +0 -103
reconcile/test/test_wrong_region.py +0 -78
reconcile/typed_queries/glitchtip_settings.py +0 -18
reconcile/typed_queries/ocp_release_mirror.py +0 -11
reconcile/unleash_watcher.py +0 -120
reconcile/utils/git_secrets.py +0 -63
reconcile/utils/mr/auto_promoter.py +0 -218
reconcile/utils/sentry_client.py +0 -383
release/test_version.py +0 -50
release/version.py +0 -100
tools/test/test_qontract_cli.py +0 -60
tools/test/test_sre_checkpoints.py +0 -79
/e2e_tests/__init__.py → /reconcile/aus/upgrades.py +0 -0
/reconcile/{gql_definitions/ocp_release_mirror → aws_account_manager}/__init__.py +0 -0
/reconcile/{test → aws_ami_cleanup}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager → aws_cloudwatch_log_retention}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager → aws_saml_idp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager → aws_saml_roles}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/renderer → aws_version_sync}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/subscriber → aws_version_sync/merge_request_manager}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils → cluster_auth_rhidp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils/saas_files_inventory → dynatrace_token_provider}/__init__.py +0 -0
{release → reconcile/endpoints_discovery}/__init__.py +0 -0
{tools/test → reconcile/external_resources}/__init__.py +0 -0

reconcile/utils/terraform_client.py CHANGED Viewed

@@ -1,35 +1,39 @@
 import json
 import logging
+import re
 import shutil
+import tempfile
 from collections import defaultdict
 from collections.abc import (
+    Generator,
     Iterable,
     Mapping,
 )
+from contextlib import contextmanager
 from dataclasses import dataclass
 from datetime import (
     datetime,
     timedelta,
 )
+from subprocess import CalledProcessError
 from threading import Lock
 from typing import (
+    IO,
     Any,
-    Optional,
     cast,
 )
 from botocore.errorfactory import ClientError
-from python_terraform import (
-    IsFlagged,
-    Terraform,
-    TerraformCommandError,
-)
+from packaging import version as pkg_version
 from sretoolbox.utils import (
     retry,
     threaded,
 )
 import reconcile.utils.lean_terraform_client as lean_tf
+from reconcile.typed_queries.app_interface_custom_messages import (
+    get_app_interface_custom_message,
+)
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.aws_helper import get_region_from_availability_zone
 from reconcile.utils.external_resource_spec import (
@@ -37,8 +41,15 @@ from reconcile.utils.external_resource_spec import (
     ExternalResourceSpecInventory,
 )
-ALLOWED_TF_SHOW_FORMAT_VERSION = "0.1"
+ALLOWED_TF_SHOW_FORMAT_VERSION = "1.2"
 DATE_FORMAT = "%Y-%m-%d"
+PROVIDER_LOG_REGEX = (
+    r""".*\s(?:\[INFO]|\[WARN]|\[ERROR])\s.+\s(?:\[WARN]|\[ERROR])\s.*"""
+)
+PROVIDER_LOG_IGNORE_REGEX = (
+    r""".*(?:ObjectLockConfigurationNotFoundError|WaitForState).*"""
+)
+TERRAFORM_LOG_LEVEL = "TRACE"  # can change to INFO after tf 0.15
 @dataclass
@@ -47,6 +58,20 @@ class AccountUser:
     user: str
+@dataclass(frozen=True, eq=True)
+class TerraformSpec:
+    name: str
+    working_dir: str
+class TerraformCommandError(CalledProcessError):
+    pass
+class RdsUpgradeValidationError(Exception):
+    pass
 class DeletionApprovalExpirationValueError(Exception):
     pass
@@ -60,7 +85,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         accounts: Iterable[Mapping[str, Any]],
         working_dirs: Mapping[str, str],
         thread_pool_size: int,
-        aws_api: Optional[AWSApi] = None,
+        aws_api: AWSApi | None = None,
         init_users=False,
     ):
         self.integration = integration
@@ -72,27 +97,32 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         self.thread_pool_size = thread_pool_size
         self._aws_api = aws_api
         self._log_lock = Lock()
-        self.should_apply = False
+        self.apply_count = 0
+        self.specs: list[TerraformSpec] = []
         self.init_specs()
+        self.outputs: dict = {}
         self.init_outputs()
         self.OUTPUT_TYPE_SECRETS = "Secrets"
         self.OUTPUT_TYPE_PASSWORDS = "enc-passwords"
         self.OUTPUT_TYPE_CONSOLEURLS = "console-urls"
+        self.users: dict = {}
         if init_users:
             self.init_existing_users()
     def init_existing_users(self):
-        all_users = {}
-        for account, output in self.outputs.items():
-            users = []
-            user_passwords = self.format_output(output, self.OUTPUT_TYPE_PASSWORDS)
-            for user_name in user_passwords:
-                users.append(user_name)
-            all_users[account] = users
-        self.users = all_users
+        self.users = {
+            account: list(self.format_output(output, self.OUTPUT_TYPE_PASSWORDS).keys())
+            for account, output in self.outputs.items()
+        }
+    def increment_apply_count(self):
+        self.apply_count += 1
+    def should_apply(self) -> bool:
+        return self.apply_count > 0
     def get_new_users(self):
         new_users = []
@@ -103,37 +133,54 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
             for user_name, enc_password in user_passwords.items():
                 if AccountUser(account, user_name) not in self.created_users:
                     continue
-                new_users.append(
-                    (account, console_urls[account], user_name, enc_password)
-                )
+                new_users.append((
+                    account,
+                    console_urls[account],
+                    user_name,
+                    enc_password,
+                ))
         return new_users
     def init_specs(self):
-        wd_specs = [{"name": name, "wd": wd} for name, wd in self.working_dirs.items()]
-        results = threaded.run(self.terraform_init, wd_specs, self.thread_pool_size)
-        self.specs = [{"name": name, "tf": tf} for name, tf in results]
+        self.specs = [
+            TerraformSpec(name=name, working_dir=wd)
+            for name, wd in self.working_dirs.items()
+        ]
+        for spec in self.specs:
+            self.terraform_init(spec)
+    @contextmanager
+    def _terraform_log_file(
+        self, working_dir: str
+    ) -> Generator[tuple[IO, dict[str, str]], None, None]:
+        with tempfile.NamedTemporaryFile(dir=working_dir) as f:
+            env = {
+                "TF_LOG": TERRAFORM_LOG_LEVEL,
+                "TF_LOG_PATH": f.name,
+            }
+            yield f, env
     @retry(exceptions=TerraformCommandError)
-    def terraform_init(self, init_spec):
-        name = init_spec["name"]
-        wd = init_spec["wd"]
-        tf = Terraform(working_dir=wd)
-        return_code, stdout, stderr = tf.init()
-        error = self.check_output(name, "init", return_code, stdout, stderr)
+    def terraform_init(self, spec: TerraformSpec):
+        with self._terraform_log_file(spec.working_dir) as (f, env):
+            return_code, stdout, stderr = lean_tf.init(spec.working_dir, env=env)
+            log = f.read().decode("utf-8")
+        error = self.check_output(spec.name, "init", return_code, stdout, stderr, log)
         if error:
-            raise TerraformCommandError(return_code, "init", out=stdout, err=stderr)
-        return name, tf
+            raise TerraformCommandError(
+                return_code, "init", output=stdout, stderr=stderr
+            )
     def init_outputs(self):
         results = threaded.run(self.terraform_output, self.specs, self.thread_pool_size)
         self.outputs = dict(results)
     @retry(exceptions=TerraformCommandError)
-    def terraform_output(self, spec):
-        name = spec["name"]
-        tf = spec["tf"]
-        return_code, stdout, stderr = tf.output_cmd(json=IsFlagged)
-        error = self.check_output(name, "output", return_code, stdout, stderr)
+    def terraform_output(self, spec: TerraformSpec):
+        with self._terraform_log_file(spec.working_dir) as (f, env):
+            return_code, stdout, stderr = lean_tf.output(spec.working_dir, env=env)
+            log = f.read().decode("utf-8")
+        error = self.check_output(spec.name, "output", return_code, stdout, stderr, log)
         no_output_error = (
             "The module root could not be found. There is nothing to output."
         )
@@ -142,9 +189,9 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                 stdout = "{}"
             else:
                 raise TerraformCommandError(
-                    return_code, "output", out=stdout, err=stderr
+                    return_code, "output", output=stdout, stderr=stderr
                 )
-        return name, json.loads(stdout)
+        return spec.name, json.loads(stdout)
     # terraform plan
     def plan(self, enable_deletion):
@@ -166,18 +213,31 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
             self.created_users.extend(created_users)
         return disabled_deletions_detected, errors
-    @retry()
+    def safe_plan(self, enable_deletion: bool) -> None:
+        """Raises exception if errors are detected at plan step"""
+        disable_deletions_detected, errors = self.plan(enable_deletion)
+        if errors:
+            raise RuntimeError("Terraform plan has errors")
+        if disable_deletions_detected:
+            raise RuntimeError("Terraform plan has disabled deletions detected")
+    @retry(no_retry_exceptions=RdsUpgradeValidationError)
     def terraform_plan(
-        self, plan_spec: dict, enable_deletion: bool
+        self, spec: TerraformSpec, enable_deletion: bool
     ) -> tuple[bool, list[AccountUser], bool]:
-        name = plan_spec["name"]
-        tf = plan_spec["tf"]
-        return_code, stdout, stderr = tf.plan(
-            detailed_exitcode=False, parallelism=self.parallelism, out=name
-        )
-        error = self.check_output(name, "plan", return_code, stdout, stderr)
+        with self._terraform_log_file(spec.working_dir) as (f, env):
+            return_code, stdout, stderr = lean_tf.plan(
+                spec.working_dir,
+                spec.name,
+                env=env,
+            )
+            log = f.read().decode("utf-8")
+        error = self.check_output(spec.name, "plan", return_code, stdout, stderr, log)
+        if error:
+            return False, [], error
         disabled_deletion_detected, created_users = self.log_plan_diff(
-            name, tf, enable_deletion
+            spec, enable_deletion
         )
         return disabled_deletion_detected, created_users, error
@@ -216,11 +276,11 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
     def log_plan_diff(
         self,
-        name: str,
-        tf: Terraform,
+        spec: TerraformSpec,
         enable_deletion: bool,
     ) -> tuple[bool, list]:
         disabled_deletion_detected = False
+        name = spec.name
         account_enable_deletion = self.accounts[name].get("enableDeletion") or False
         # deletions are allowed
         # if enableDeletion is true for an account
@@ -228,7 +288,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         deletions_allowed = enable_deletion or account_enable_deletion
         created_users: list[AccountUser] = []
-        output = self.terraform_show(name, tf.working_dir)
+        output = lean_tf.show_json(spec.working_dir, name)
         format_version = output.get("format_version")
         if format_version != ALLOWED_TF_SHOW_FORMAT_VERSION:
             raise NotImplementedError("terraform show untested format version")
@@ -245,7 +305,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
             after = output_change.get("after")
             if before != after:
                 logging.info(["update", name, "output", output_name])
-                self.should_apply = True
+                self.increment_apply_count()
         # A way to detect deleted outputs is by comparing
         # the prior state with the output changes.
@@ -258,7 +318,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         deleted_outputs = [po for po in prior_outputs if po not in output_changes]
         for output_name in deleted_outputs:
             logging.info(["delete", name, "output", output_name])
-            self.should_apply = True
+            self.increment_apply_count()
         resource_changes = output.get("resource_changes")
         if resource_changes is None:
@@ -267,6 +327,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         always_enabled_deletions = {
             "random_id",
             "aws_lb_target_group_attachment",
+            "aws_iam_user_policy",
             "cloudflare_record",  # This is because a zone can contain up to one thousand records and it's not practical to require adding each record to deletionApprovals
         }
@@ -274,14 +335,30 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         for resource_change in resource_changes:
             resource_type = resource_change["type"]
             resource_name = resource_change["name"]
+            resource_address = resource_change["address"]
+            resource_previous_address = resource_change.get("previous_address")
             resource_change = resource_change["change"]
             actions = resource_change["actions"]
             for action in actions:
+                if resource_previous_address:
+                    # the resource is being moved/renamed in the TF state
+                    with self._log_lock:
+                        logging.info([
+                            "move/rename",
+                            name,
+                            resource_previous_address,
+                            resource_address,
+                        ])
                 if action == "no-op":
                     logging.debug([action, name, resource_type, resource_name])
-                    continue
+                    if resource_previous_address:
+                        # apply resource renaming with no-op
+                        self.increment_apply_count()
+                    else:
+                        continue
                 if action == "update" and resource_type == "aws_db_instance":
-                    self._validate_db_upgrade(name, resource_name, resource_change)
+                    self.validate_db_upgrade(name, resource_name, resource_change)
                     # Ignore RDS modifications that are going to occur during the next
                     # maintenance window. This can be up to 7 days away and will cause
                     # unnecessary Terraform state updates until they complete.
@@ -294,16 +371,14 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                         )
                         continue
                 with self._log_lock:
-                    logging.info(
-                        [
-                            action,
-                            name,
-                            resource_type,
-                            resource_name,
-                            self._resource_diff_changed_fields(action, resource_change),
-                        ]
-                    )
-                    self.should_apply = True
+                    logging.info([
+                        action,
+                        name,
+                        resource_type,
+                        resource_name,
+                        self._resource_diff_changed_fields(action, resource_change),
+                    ])
+                    self.increment_apply_count()
                 if action == "create":
                     if resource_type == "aws_iam_user_login_profile":
                         created_users.append(AccountUser(name, resource_name))
@@ -315,11 +390,13 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                         name, resource_type, resource_name
                     ):
                         disabled_deletion_detected = True
-                        logging.error(
-                            "'delete' action is not enabled. "
-                            + "Please run the integration manually "
-                            + "with the '--enable-deletion' flag."
+                        instructions = (
+                            get_app_interface_custom_message(
+                                "disabled-deletion-instructions"
+                            )
+                            or ""
                         )
+                        logging.error(f"'delete' action is not enabled. {instructions}")
                     if resource_type == "aws_db_instance":
                         deletion_protected = resource_change["before"].get(
                             "deletion_protection"
@@ -351,7 +428,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                     f"[{account_name}] expiration not does not match "
                     f"date format {DATE_FORMAT}. details: "
                     f"type: {da['type']}, name: {da['name']}"
-                )
+                ) from None
             if (
                 resource_type == da["type"]
                 and resource_name == da["name"]
@@ -361,28 +438,20 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         return False
-    @staticmethod
-    def terraform_show(name, working_dir):
-        return lean_tf.show_json(working_dir, name)
     # terraform apply
     def apply(self):
-        errors = False
-        results = threaded.run(self.terraform_apply, self.specs, self.thread_pool_size)
-        for error in results:
-            if error:
-                errors = True
-        return errors
-    def terraform_apply(self, apply_spec):
-        name = apply_spec["name"]
-        tf = apply_spec["tf"]
-        # adding var=None to allow applying the saved plan
-        # https://github.com/beelit94/python-terraform/issues/67
-        return_code, stdout, stderr = tf.apply(dir_or_plan=name, var=None)
-        error = self.check_output(name, "apply", return_code, stdout, stderr)
+        errors = threaded.run(self.terraform_apply, self.specs, self.thread_pool_size)
+        return any(errors)
+    def terraform_apply(self, spec: TerraformSpec):
+        with self._terraform_log_file(spec.working_dir) as (f, env):
+            return_code, stdout, stderr = lean_tf.apply(
+                spec.working_dir,
+                spec.name,
+                env=env,
+            )
+            log = f.read().decode("utf-8")
+        error = self.check_output(spec.name, "apply", return_code, stdout, stderr, log)
         return error
     def get_terraform_output_secrets(self) -> dict[str, dict[str, dict[str, str]]]:
@@ -411,9 +480,9 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                 replica_source_name = f'{replica_src}-{tf_resource.get("provider")}'
                 # Creating a dict that is convenient to use inside the
                 # loop processing the formatted_output
-                replicas_info[spec.provisioner_name][
-                    spec.output_prefix
-                ] = replica_source_name
+                replicas_info[spec.provisioner_name][spec.output_prefix] = (
+                    replica_source_name
+                )
         return replicas_info
@@ -423,12 +492,8 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         if output is None:
             return data
-        enc_pass_pfx = "{}_{}".format(
-            self.integration_prefix, self.OUTPUT_TYPE_PASSWORDS
-        )
-        console_urls_pfx = "{}_{}".format(
-            self.integration_prefix, self.OUTPUT_TYPE_CONSOLEURLS
-        )
+        enc_pass_pfx = f"{self.integration_prefix}_{self.OUTPUT_TYPE_PASSWORDS}"
+        console_urls_pfx = f"{self.integration_prefix}_{self.OUTPUT_TYPE_CONSOLEURLS}"
         for k, v in output.items():
             # the integration creates outputs of the form
             # 0.11: output_secret_name[secret_key] = secret_value
@@ -474,11 +539,11 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                 data[resource_name] = {}
             data[resource_name][field_key] = field_value
-        if len(data) == 1 and type in (
+        if len(data) == 1 and type in {
             self.OUTPUT_TYPE_PASSWORDS,
             self.OUTPUT_TYPE_CONSOLEURLS,
-        ):
-            return data[list(data.keys())[0]]
+        }:
+            return data[next(iter(data.keys()))]
         return data
     def populate_terraform_output_secrets(
@@ -541,7 +606,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
                         secret_copy["db.password"] = replica_src_password
             # clean metadata
-            for key in secret.keys():
+            for key in secret:
                 if integration_prefix in key:
                     secret_copy.pop(key)
@@ -552,22 +617,29 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
         name: str,
         cmd: str,
         return_code: int,
-        stdout: list[str],
-        stderr: list[str],
+        stdout: str,
+        stderr: str,
+        log: str,
     ) -> bool:
-        error_occured = False
+        error_occured = return_code != 0
         line_format = "[{} - {}] {}"
-        stdout, stderr = self.split_to_lines(stdout, stderr)
+        stdout, stderr, log = self.split_to_lines(stdout, stderr, log)
+        provider_log_re = re.compile(PROVIDER_LOG_REGEX)
+        provider_log_ignore_re = re.compile(PROVIDER_LOG_IGNORE_REGEX)
         with self._log_lock:
             for line in stdout:
                 logging.debug(line_format.format(name, cmd, line))
-            if return_code == 0:
+            if error_occured:
                 for line in stderr:
-                    logging.warning(line_format.format(name, cmd, line))
+                    logging.error(line_format.format(name, cmd, line))
             else:
                 for line in stderr:
-                    logging.error(line_format.format(name, cmd, line))
-                error_occured = True
+                    logging.warning(line_format.format(name, cmd, line))
+            for line in log:
+                if provider_log_re.match(line) and not provider_log_ignore_re.match(
+                    line
+                ):
+                    logging.warning(line_format.format(name, cmd, line))
         return error_occured
     @staticmethod
@@ -683,7 +755,7 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
             return not set(changed_resource_arguments) - set(changed_values)
         return False
-    def _validate_db_upgrade(
+    def validate_db_upgrade(
         self, account_name: str, resource_name: str, resource_change: Mapping[str, Any]
     ):
         """
@@ -711,23 +783,110 @@ class TerraformClient:  # pylint: disable=too-many-public-methods
             valid_upgrade_target = self._aws_api.get_db_valid_upgrade_target(
                 account_name, engine, before_version, region_name=region_name
             )
-            found = False
-            for t in valid_upgrade_target:
-                if t["EngineVersion"] == after_version:
-                    found = True
-                    if t["IsMajorVersionUpgrade"] and not after.get(
-                        "allow_major_version_upgrade", False
-                    ):
-                        raise ValueError(
-                            "allow_major_version_upgrade is not enabled for upgrading RDS instance: "
-                            f"{resource_name} to a new major version."
-                        )
-            if not found:
-                raise ValueError(
+            target = next(
+                (
+                    t
+                    for t in valid_upgrade_target
+                    if t["EngineVersion"] == after_version
+                ),
+                None,
+            )
+            if target is None:
+                raise RdsUpgradeValidationError(
                     f"Cannot upgrade RDS instance: {resource_name} "
                     f"from {before_version} to {after_version}"
                 )
+            allow_major_version_upgrade = after.get(
+                "allow_major_version_upgrade",
+                False,
+            )
+            if target["IsMajorVersionUpgrade"] and not allow_major_version_upgrade:
+                raise RdsUpgradeValidationError(
+                    "allow_major_version_upgrade is not enabled for upgrading RDS instance: "
+                    f"{resource_name} to a new major version."
+                )
+            blue_green_update = after.get("blue_green_update", [])
+            if blue_green_update and blue_green_update[0]["enabled"]:
+                changed_fields = self._resource_diff_changed_fields(
+                    "update", resource_change
+                )
+                replica = before["replicas"] != [] or before["replicate_source_db"]
+                self.validate_blue_green_update_requirements(
+                    account_name,
+                    resource_name,
+                    engine,
+                    before_version,
+                    replica,
+                    before["parameter_group_name"],
+                    region_name,
+                    changed_fields=changed_fields,
+                )
+    def validate_blue_green_update_requirements(
+        self,
+        account_name: str,
+        resource_name: str,
+        engine: str,
+        version: str,
+        replica: bool,
+        parameter_group: str,
+        region_name: str,
+        changed_fields: set[str],
+    ) -> None:
+        min_supported_versions = {
+            "mysql": [pkg_version.parse("5.7"), pkg_version.parse("8.0.15")],
+            "postgres": [
+                pkg_version.parse("11.21"),
+                pkg_version.parse("12.16"),
+                pkg_version.parse("13.12"),
+                pkg_version.parse("14.9"),
+                pkg_version.parse("15.4"),
+                pkg_version.parse("16.1"),
+            ],
+        }
+        def is_supported(engine, version):
+            parsed_version = pkg_version.parse(version)
+            if engine == "mysql":
+                return any(
+                    parsed_version >= min_version
+                    for min_version in min_supported_versions["mysql"]
+                )
+            elif engine == "postgres":
+                return any(
+                    parsed_version >= min_version
+                    for min_version in min_supported_versions["postgres"]
+                )
+            return False
+        if not is_supported(engine, version):
+            raise RdsUpgradeValidationError(
+                f"Cannot upgrade RDS instance: {resource_name}. "
+                f"Engine version {version} is not supported for blue/green updates."
+            )
+        if replica:
+            raise RdsUpgradeValidationError(
+                f"Cannot upgrade RDS instance: {resource_name}. "
+                "Blue/green updates are not supported for instances with read replicas."
+            )
+        if engine == "postgres" and self._aws_api is not None:
+            pg_details = self._aws_api.describe_db_parameter_group(
+                account_name, parameter_group, region_name
+            )
+            if pg_details.get("rds.logical_replication") != "1":
+                raise RdsUpgradeValidationError(
+                    f"Cannot upgrade RDS instance: {resource_name}. "
+                    f"Blue/green updates require logical replication to be enabled in the Parameter group {parameter_group}."
+                )
+        if "storage_type" in changed_fields or "allocated_storage" in changed_fields:
+            raise RdsUpgradeValidationError(
+                f"Cannot upgrade RDS instance: {resource_name}. "
+                f"Blue/green updates are not supported when 'storage_type' or 'allocated_storage' has changed."
+            )
 class TerraformPlanFailed(Exception):

qontract-reconcile 0.10.0__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl

qontract-reconcile 0.10.0py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl