qontract-reconcile 0.10.1rc1002__py3-none-any.whl → 0.10.1rc1004__py3-none-any.whl

{qontract_reconcile-0.10.1rc1002.dist-info → qontract_reconcile-0.10.1rc1004.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc1002
+Version: 0.10.1rc1004
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc1002.dist-info → qontract_reconcile-0.10.1rc1004.dist-info}/RECORD

@@ -61,7 +61,7 @@ reconcile/ocm_groups.py,sha256=-rTPMewkdyo1De6gs4u-294p3z34oUbGfuNi8ov56Sk,3424
 reconcile/ocm_machine_pools.py,sha256=poGfITOCJEMwYAJpiuL8SytgTcBmGIKEZPgNGld80TY,16563
 reconcile/ocm_update_recommended_version.py,sha256=IYkfLXIprOW1jguZeELcGP1iBPuj-b53R-FTqKulMl8,4204
 reconcile/ocm_upgrade_scheduler_org_updater.py,sha256=aLgyInt9oIWAg0XtCiwJRUSwdPx3masKV8kHzkyEEOQ,4282
-reconcile/openshift_base.py,sha256=7CCzyM2Kxlrz305t4aWjKxBhxCLqTpGzF_lXgt7LYfs,52362
+reconcile/openshift_base.py,sha256=ZcyB6FU0MSibu8mLCQrQFOcEIoGITGBjR-g3vbdNKHE,52647
 reconcile/openshift_cluster_bots.py,sha256=1aGPaKUOoWuqDt6Jv6hdxc7NfdvjstrCmcDHHFfatIk,10942
 reconcile/openshift_clusterrolebindings.py,sha256=sDgHi_t2ayE3O6zZ5CLao7uBmihxRK8K70w2GSADz-w,5822
 reconcile/openshift_groups.py,sha256=sK2wLWwNupztbfyFPl32VH42s_s8Mu3g-URdlisnwJc,9382
@@ -167,7 +167,7 @@ reconcile/change_owners/changes.py,sha256=CH38-hyOfbH6xFYWidw_LAniyPisKq9nGRQhUa
 reconcile/change_owners/decision.py,sha256=iUJcIc_N_RqXIAY8D10RZqPMC2OinsHTMcqI6f6uylE,7606
 reconcile/change_owners/diff.py,sha256=0vyu29xCL24ZhUa7hqBni0NaxoCYRXLwvA-h8V23YQ4,9009
 reconcile/change_owners/implicit_ownership.py,sha256=6BehZvx4IjrphmOt_LLLk9_02Fl5BY5jd00Wuz_PBZk,4234
-reconcile/change_owners/self_service_roles.py,sha256=wxCxtROuQ9_0KjLke82ENRzNfVLh93gnXlPRjXahgfA,9683
+reconcile/change_owners/self_service_roles.py,sha256=U-eU7G4YGg7atEKaJ8RpYgLUKden6xwggUHA7xJMowI,9714
 reconcile/change_owners/tester.py,sha256=yY15ABnWx_3g9QeeR38-cQAaql0aq7JIxBv_7KtC91U,8955
 reconcile/cluster_auth_rhidp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/cluster_auth_rhidp/integration.py,sha256=KIAiP_XFjsOA2OE8oFJa8lD0T1a7EwOmhct2xbj7tr8,9560
@@ -229,7 +229,7 @@ reconcile/gql_definitions/aws_version_sync/namespaces.py,sha256=eBLyXlSjWdmEE-jY
 reconcile/gql_definitions/change_owners/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/change_owners/queries/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/change_owners/queries/change_types.py,sha256=9S2YRNnSAvutjzuubZIQQe35yd8V2rGKvWSUI6yl11Q,5017
-reconcile/gql_definitions/change_owners/queries/self_service_roles.py,sha256=-7f7JO7_iYTQXAgPVwTDpgGi8NG8YR8cGv-wcC-KPVU,4699
+reconcile/gql_definitions/change_owners/queries/self_service_roles.py,sha256=BcTQvnefPiShG90ajU_l2V6HUYSEXgdAzgiwY89vQew,4790
 reconcile/gql_definitions/cluster_auth_rhidp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/cluster_auth_rhidp/clusters.py,sha256=Pp9P3Q30Be3szcVqOEOtPfYUNiGTq1xc5Juz-ApMMw0,3283
 reconcile/gql_definitions/cna/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -857,8 +857,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
 tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc1002.dist-info/METADATA,sha256=cpLKYw0dgJTf1_TCc5eUVZtGvBAS0_zmRqsEZplhVx8,2263
-qontract_reconcile-0.10.1rc1002.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc1002.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc1002.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc1002.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc1004.dist-info/METADATA,sha256=a3aKyUnQQ5uLMR9YPT37jtYEY6XYSRMyLWX5v9LLF7g,2263
+qontract_reconcile-0.10.1rc1004.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc1004.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc1004.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc1004.dist-info/RECORD,,

reconcile/change_owners/self_service_roles.py

@@ -19,7 +19,7 @@ from reconcile.gql_definitions.change_owners.queries.self_service_roles import (
     PermissionSlackUsergroupV1,
     RoleV1,
 )
-from reconcile.utils import gql
+from reconcile.utils import expiration, gql
 from reconcile.utils.membershipsources.models import (
     RoleBot,
     RoleMember,
@@ -45,7 +45,7 @@ class DatafileIncompatibleWithChangeTypeError(Exception):
 
 def fetch_self_service_roles(gql_api: gql.GqlApi) -> list[RoleV1]:
     roles: list[RoleV1] = []
-    for r in self_service_roles.query(gql_api.query).roles or []:
+    for r in expiration.filter(self_service_roles.query(gql_api.query).roles or []):
         if not r.self_service:
             continue
         validate_self_service_role(r)

reconcile/gql_definitions/change_owners/queries/self_service_roles.py

@@ -87,6 +87,7 @@ query SelfServiceRolesQuery($name: String) {
     memberSources {
       ...RoleMembershipSource
     }
+    expirationDate
   }
 }
 """
@@ -152,6 +153,7 @@ class RoleV1(ConfiguredBaseModel):
     bots: list[BotV1] = Field(..., alias="bots")
     permissions: Optional[list[Union[PermissionSlackUsergroupV1, PermissionGitlabGroupMembershipV1, PermissionV1]]] = Field(..., alias="permissions")
     member_sources: Optional[list[RoleMembershipSource]] = Field(..., alias="memberSources")
+    expiration_date: Optional[str] = Field(..., alias="expirationDate")
 
 
 class SelfServiceRolesQueryQueryData(ConfiguredBaseModel):

reconcile/openshift_base.py

@@ -128,6 +128,7 @@ def init_specs_to_fetch(
     clusters: Iterable[Mapping] | None = None,
     override_managed_types: Iterable[str] | None = None,
     managed_types_key: str = "managedResourceTypes",
+    cluster_admin: bool = False,
 ) -> list[StateSpec]:
     state_specs: list[StateSpec] = []
 
@@ -144,7 +145,9 @@ def init_specs_to_fetch(
                 continue
 
             cluster = namespace_info["cluster"]["name"]
-            privileged = namespace_info.get("clusterAdmin", False) is True
+            privileged = (
+                namespace_info.get("clusterAdmin", False) is True or cluster_admin
+            )
             try:
                 oc = oc_map.get_cluster(cluster, privileged)
             except OCLogMsg as ex:
@@ -348,6 +351,7 @@ def fetch_current_state(
         namespaces=namespaces,
         clusters=clusters,
         override_managed_types=override_managed_types,
+        cluster_admin=cluster_admin,
     )
     threaded.run(
         populate_current_state,
@@ -379,7 +383,14 @@ def apply(
     recycle_pods: bool = True,
     privileged: bool = False,
 ) -> None:
-    logging.info(["apply", cluster, namespace, resource_type, resource.name])
+    logging.info([
+        "apply",
+        f"privileged={privileged}",
+        cluster,
+        namespace,
+        resource_type,
+        resource.name,
+    ])
 
     try:
         oc = oc_map.get_cluster(cluster, privileged)
@@ -537,7 +548,14 @@ def delete(
     enable_deletion: bool,
     privileged: bool = False,
 ) -> None:
-    logging.info(["delete", cluster, namespace, resource_type, name])
+    logging.info([
+        "delete",
+        f"privileged={privileged}",
+        cluster,
+        namespace,
+        resource_type,
+        name,
+    ])
 
     if not enable_deletion:
         logging.error("'delete' action is disabled due to previous errors.")