qontract-reconcile 0.10.1rc1025__py3-none-any.whl → 0.10.1rc1027__py3-none-any.whl

{qontract_reconcile-0.10.1rc1025.dist-info → qontract_reconcile-0.10.1rc1027.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc1025
+Version: 0.10.1rc1027
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc1025.dist-info → qontract_reconcile-0.10.1rc1027.dist-info}/RECORD

@@ -181,7 +181,7 @@ reconcile/cna/assets/asset_factory.py,sha256=7T7X_J6xIsoGETqBRI45_EyIKEdQcnRPt_G
 reconcile/cna/assets/null.py,sha256=85mVh97atCoC0aLuX47poTZiyOthmziJeBsUw0c924w,1658
 reconcile/dynatrace_token_provider/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/dynatrace_token_provider/dependencies.py,sha256=41q05A4C_eS3E8-MR4veeMxtQNsPoGdxmEa3d-OKxq4,2814
-reconcile/dynatrace_token_provider/integration.py,sha256=QY-k5vsbBOm80yW_RB6G2JZD5NY21zCyqHigos7GjRM,20876
+reconcile/dynatrace_token_provider/integration.py,sha256=jOpj2qtkI95b_Ih0IH3cYV5G63RBuxhG6kX4RADBWeg,23003
 reconcile/dynatrace_token_provider/metrics.py,sha256=xiKkl8fTEBQaXJelGCPNTZhHAWdO1M3pCXNr_Tei63c,1285
 reconcile/dynatrace_token_provider/model.py,sha256=gkpqo5rRRueBXnIMjp4EEHqBUBuU65TRI8zpdb8GJ0A,241
 reconcile/dynatrace_token_provider/ocm.py,sha256=iHMsgbsLs-dlrB9UXmWNDF7E4UDe49JOsLa9rnowKfo,4282
@@ -781,7 +781,7 @@ reconcile/utils/mr/labels.py,sha256=9QRTRjZAtq45zELd9SwavaraczMjwjn5no3RK1YxFTg,
 reconcile/utils/mr/notificator.py,sha256=cp80wFzu_ZzrJPye7L1pI0H6JRGb7hOGuNxJYUq4Yr8,2967
 reconcile/utils/mr/ocm_update_recommended_version.py,sha256=p_aVP0TGrlKk9WBwgQnYWqUDsED_Hg6G5Bqj0UvtRwA,1536
 reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py,sha256=ojnIjw-8vRnmCCxOGBOEgPZLH4nC1hcuef74LWw2Rpk,3004
-reconcile/utils/mr/promote_qontract.py,sha256=4rUMZJGor2AE84BMqnekSbmFyu3ZOUfkxwel8Hnc3-M,5948
+reconcile/utils/mr/promote_qontract.py,sha256=3o_Lpn3gQc8HP3kSJRB1d7TvaDoIAKWLap5bhagQRaM,5945
 reconcile/utils/mr/user_maintenance.py,sha256=cHPBn8zrReWLHalyk-EFdkFJe9zjVjRoZhT4t2zZfGE,3956
 reconcile/utils/ocm/__init__.py,sha256=xv7CJp7K9LCQfa4gL_W0MMCOD1P4qOy8t5aZj1xXNUE,808
 reconcile/utils/ocm/addons.py,sha256=_LDdJ-gapM3s5exKlIUt-MlXZTAUoHezbYBU0QmvfWQ,7335
@@ -865,8 +865,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
 tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc1025.dist-info/METADATA,sha256=dUsRqkEgrR_aSPJqnY-4retmHRgWmF0hqlNW9n8MXQA,2213
-qontract_reconcile-0.10.1rc1025.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
-qontract_reconcile-0.10.1rc1025.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc1025.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc1025.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc1027.dist-info/METADATA,sha256=NZ2RmjjS7vqLah46hp_j6Gny8RHEeRBbHu9EMHd49dc,2213
+qontract_reconcile-0.10.1rc1027.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
+qontract_reconcile-0.10.1rc1027.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc1027.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc1027.dist-info/RECORD,,

reconcile/dynatrace_token_provider/integration.py

@@ -1,6 +1,7 @@
 import base64
+import hashlib
 import logging
-from collections.abc import Iterable, Mapping
+from collections.abc import Iterable, Mapping, MutableMapping
 from datetime import timedelta
 from typing import Any
 
@@ -140,7 +141,7 @@ class DynatraceTokenProviderIntegration(
                             if tenant_id not in existing_dtp_tokens:
                                 existing_dtp_tokens[tenant_id] = (
                                     dt_client.get_token_ids_map_for_name_prefix(
-                                        prefix="dtp-"
+                                        prefix="dtp"
                                     )
                                 )
 
@@ -172,7 +173,7 @@ class DynatraceTokenProviderIntegration(
         cluster: Cluster,
         dt_client: DynatraceClient,
         ocm_client: OCMClient,
-        existing_dtp_tokens: Mapping[str, str],
+        existing_dtp_tokens: MutableMapping[str, str],
         tenant_id: str,
         token_spec: DynatraceTokenProviderTokenSpecV1,
     ) -> None:
@@ -276,12 +277,52 @@ class DynatraceTokenProviderIntegration(
                     f"Patched {token_spec.name=} for {SYNCSET_AND_MANIFEST_ID} in {cluster.external_id=}."
                 )
 
+    def scopes_hash(self, scopes: Iterable[str], length: int) -> str:
+        m = hashlib.sha256()
+        msg = ",".join(sorted(scopes))
+        m.update(msg.encode("utf-8"))
+        return m.hexdigest()[:length]
+
+    def dynatrace_token_name(self, spec: DynatraceAPITokenV1, cluster_uuid: str) -> str:
+        scopes_hash = self.scopes_hash(scopes=spec.scopes, length=12)
+        # We have a limit of 100 chars
+        # cluster_uuid = 36 chars
+        # scopes_hash = 12 chars
+        # prefix + separators = 6 chars
+        return f"dtp_{spec.name[:46]}_{cluster_uuid}_{scopes_hash}"
+
+    def sync_token_in_dynatrace(
+        self,
+        token_id: str,
+        spec: DynatraceAPITokenV1,
+        cluster_uuid: str,
+        dt_client: DynatraceClient,
+        token_name_in_dt_api: str,
+        dry_run: bool,
+    ) -> None:
+        """
+        We ensure that the given token is properly configured in Dynatrace
+        according to the given spec.
+
+        A list query on the tokens does not return each tokens configuration.
+        We encode the token configuration in the token name to save API calls.
+        """
+        expected_name = self.dynatrace_token_name(spec=spec, cluster_uuid=cluster_uuid)
+        if token_name_in_dt_api != expected_name:
+            logging.info(
+                f"{token_name_in_dt_api=} != {expected_name=}. Sync dynatrace token {token_id=} with {spec=} for {cluster_uuid=}."
+            )
+            if not dry_run:
+                dt_client.update_token(
+                    token_id=token_id, name=expected_name, scopes=spec.scopes
+                )
+
     def generate_desired(
         self,
         dry_run: bool,
         current_k8s_secrets: Iterable[K8sSecret],
         desired_spec: DynatraceTokenProviderTokenSpecV1,
-        existing_dtp_tokens: Mapping[str, str],
+        existing_dtp_tokens: MutableMapping[str, str],
         dt_client: DynatraceClient,
         cluster_uuid: str,
     ) -> tuple[bool, Iterable[K8sSecret]]:
@@ -301,15 +342,24 @@ class DynatraceTokenProviderIntegration(
                 else {}
             )
             for desired_token in secret.tokens:
-                new_token = current_tokens_by_name.get(desired_token.name)
-                if not new_token or new_token.id not in existing_dtp_tokens:
+                cur_token = current_tokens_by_name.get(desired_token.name)
+                if not cur_token or cur_token.id not in existing_dtp_tokens:
                     has_diff = True
                     if not dry_run:
-                        new_token = self.create_dynatrace_token(
+                        cur_token = self.create_dynatrace_token(
                             dt_client, cluster_uuid, desired_token
                         )
-                if new_token:
-                    desired_tokens.append(new_token)
+                        existing_dtp_tokens[cur_token.id] = cur_token.name
+                if cur_token:
+                    self.sync_token_in_dynatrace(
+                        token_id=cur_token.id,
+                        spec=desired_token,
+                        cluster_uuid=cluster_uuid,
+                        dt_client=dt_client,
+                        dry_run=dry_run,
+                        token_name_in_dt_api=existing_dtp_tokens[cur_token.id],
+                    )
+                    desired_tokens.append(cur_token)
             desired.append(
                 K8sSecret(
                     secret_name=secret.name,
@@ -323,7 +373,7 @@ class DynatraceTokenProviderIntegration(
     def create_dynatrace_token(
         self, dt_client: DynatraceClient, cluster_uuid: str, token: DynatraceAPITokenV1
     ) -> DynatraceAPIToken:
-        token_name = f"dtp-{token.name}-{cluster_uuid}"
+        token_name = self.dynatrace_token_name(spec=token, cluster_uuid=cluster_uuid)
         new_token = dt_client.create_api_token(
             name=token_name,
             scopes=token.scopes,

reconcile/utils/mr/promote_qontract.py

@@ -169,5 +169,5 @@ class PromoteQontractReconcileCommercial(MergeRequestBase):
             gitlab_cli=gitlab_cli,
             path="data/pipelines/tekton-provider-global-defaults.yaml",
             search_text="$.taskTemplates[?(@.name == 'openshift-saas-deploy')].variables.qontract_reconcile_image_tag",
-            replace_text=self.commit_sha,
+            replace_text=self.version,
         )