qontract-reconcile 0.10.1rc1137__py3-none-any.whl → 0.10.1rc1139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. {qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/METADATA +1 -1
  2. {qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/RECORD +9 -9
  3. reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +2 -0
  4. reconcile/utils/aws_api.py +8 -0
  5. reconcile/utils/terrascript_aws_client.py +2 -1
  6. tools/qontract_cli.py +79 -0
  7. {qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/WHEEL +0 -0
  8. {qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/entry_points.txt +0 -0
  9. {qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: qontract-reconcile
3
- Version: 0.10.1rc1137
3
+ Version: 0.10.1rc1139
4
4
  Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
5
5
  Home-page: https://github.com/app-sre/qontract-reconcile
6
6
  Author: Red Hat App-SRE Team
{qontract_reconcile-0.10.1rc1137.dist-info → qontract_reconcile-0.10.1rc1139.dist-info}/RECORD RENAMED
@@ -400,7 +400,7 @@ reconcile/gql_definitions/terraform_repo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5
400
400
  reconcile/gql_definitions/terraform_repo/terraform_repo.py,sha256=nm4CH7Vog4aabdvCKmhVSUvoUb7dxSLx8nwAEJAVqG0,3706
401
401
  reconcile/gql_definitions/terraform_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
402
402
  reconcile/gql_definitions/terraform_resources/database_access_manager.py,sha256=yv0_YC-LmhaKD_gyGG3le1w5BtypBjlsO894-Zgdg4U,4813
403
- reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=KnqoorTaTJhkdvGiUfnA7qqzgDDf7X9wre7kbKCUARk,42597
403
+ reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=7FErGZ8VZDwT6m5uFhdLHydsgzH5rzsuQE3c-RWfklo,42687
404
404
  reconcile/gql_definitions/terraform_tgw_attachments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
405
405
  reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py,sha256=FPyPEikpkZ_kvHfXqnkzSUDNmxMMTiUwhI-eLQtuIHM,2616
406
406
  reconcile/gql_definitions/unleash_feature_toggles/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -655,7 +655,7 @@ reconcile/unleash_feature_toggles/integration.py,sha256=nx7BhtzCsTfPbOp60vI5MkNw
655
655
  reconcile/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
656
656
  reconcile/utils/aggregated_list.py,sha256=km0xadW0jO4G_CqZPsXmoBURQ8c90FaTu5x4X1K1cZs,3357
657
657
  reconcile/utils/amtool.py,sha256=ngtBuVPETH6oAy5RnKzvreVbjwQCaATS_PYYwBprzjQ,2288
658
- reconcile/utils/aws_api.py,sha256=1EC9l2cxMW2IvnhsXaIcq6iohZ4rRgqyHJsXPs9Vtes,67398
658
+ reconcile/utils/aws_api.py,sha256=Mp5-euZUfKfnVzgMZd3LoWbegm1OrNjzpP1A-n2EiF0,67640
659
659
  reconcile/utils/aws_helper.py,sha256=MDbv5jrNdqqJ5pfBxniGdJXBBO_EYc2_Uf2w9ZzeMNs,2854
660
660
  reconcile/utils/batches.py,sha256=TtEm64a8lWhFuNbUVpFEmXVdU2Q0sTBrP_I0Cjbgh7g,320
661
661
  reconcile/utils/binary.py,sha256=7MaAFBpzuBUTJ_aA6G6-eult_BPMVyiXbBLD0Y6F-DM,2301
@@ -727,7 +727,7 @@ reconcile/utils/state.py,sha256=W0_awkLAPX18hNOF_60o73tkPxDUylqbzYNHfl_sDsk,1638
727
727
  reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
728
728
  reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
729
729
  reconcile/utils/terraform_client.py,sha256=LjX2U2E0Dglt2S_KA5jWQ_dVC8sPn4FEAh0xW_d6JTk,35953
730
- reconcile/utils/terrascript_aws_client.py,sha256=YqMsqSJl5_P8kXPzcaWLAMxdIxhq1supwL94Xd5qPB4,281298
730
+ reconcile/utils/terrascript_aws_client.py,sha256=0xHh8NbMbISv9zIxwcXxuYVer8dTM_2t7f6Jf4TuU2I,281362
731
731
  reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
732
732
  reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
733
733
  reconcile/utils/vault.py,sha256=pi0PuyopvCq1gW0cldvy1-Ff6bqLUlCKC2MW0sifvSE,15043
@@ -838,7 +838,7 @@ tools/app_interface_metrics_exporter.py,sha256=zkwkxdAUAxjdc-pzx2_oJXG25fo0Fnyd5
838
838
  tools/app_interface_reporter.py,sha256=oZPib4HPq0aZ2Zui1QGJGk6qQdfpeihujGDBnSdKyGE,17627
839
839
  tools/glitchtip_access_reporter.py,sha256=oPBnk_YoDuljU3v0FaChzOwwnk4vap1xEE67QEjzdqs,2948
840
840
  tools/glitchtip_access_revalidation.py,sha256=8kbBJk04mkq28kWoRDDkfCGIF3GRg3pJrFAh1sW0dbk,2821
841
- tools/qontract_cli.py,sha256=PV2tqOqpFqAQh1_ZGNNf7up4OTBSPZmpGjN7eHxlQ0s,136187
841
+ tools/qontract_cli.py,sha256=3k3cPk2ohxpOipQiV9gcsooYR0DZmnwr6xwiRZ9t2dk,139124
842
842
  tools/sd_app_sre_alert_report.py,sha256=e9vAdyenUz2f5c8-z-5WY0wv-SJ9aePKDH2r4IwB6pc,5063
843
843
  tools/template_validation.py,sha256=qpKYaTgk0GOPGa2Ct5_5sKdwIHtCAKIBGzsMPuJU5fw,3371
844
844
  tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -871,8 +871,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
871
871
  tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
872
872
  tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
873
873
  tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
874
- qontract_reconcile-0.10.1rc1137.dist-info/METADATA,sha256=7ylXvyDsV2c3I5swlsdqaN4u2wGhqQWkrv6uiGaV67w,2213
875
- qontract_reconcile-0.10.1rc1137.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
876
- qontract_reconcile-0.10.1rc1137.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
877
- qontract_reconcile-0.10.1rc1137.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
878
- qontract_reconcile-0.10.1rc1137.dist-info/RECORD,,
874
+ qontract_reconcile-0.10.1rc1139.dist-info/METADATA,sha256=bXr1ZVaT9iTVuCUis_xtQiZcLxHtYvCRixacclFAXJs,2213
875
+ qontract_reconcile-0.10.1rc1139.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
876
+ qontract_reconcile-0.10.1rc1139.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
877
+ qontract_reconcile-0.10.1rc1139.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
878
+ qontract_reconcile-0.10.1rc1139.dist-info/RECORD,,
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py CHANGED
@@ -308,6 +308,7 @@ query TerraformResourcesNamespaces {
308
308
  enable_http2
309
309
  ip_address_type
310
310
  access_logs
311
+ ssl_policy
311
312
  targets {
312
313
  name
313
314
  default
@@ -876,6 +877,7 @@ class NamespaceTerraformResourceALBV1(NamespaceTerraformResourceAWSV1):
876
877
  enable_http2: Optional[bool] = Field(..., alias="enable_http2")
877
878
  ip_address_type: Optional[str] = Field(..., alias="ip_address_type")
878
879
  access_logs: Optional[bool] = Field(..., alias="access_logs")
880
+ ssl_policy: Optional[str] = Field(..., alias="ssl_policy")
879
881
  targets: list[NamespaceTerraformResourceALBTargetsV1] = Field(..., alias="targets")
880
882
  rules: list[NamespaceTerraformResourceALBRulesV1] = Field(..., alias="rules")
881
883
  output_resource_name: Optional[str] = Field(..., alias="output_resource_name")
reconcile/utils/aws_api.py CHANGED
@@ -1598,6 +1598,14 @@ class AWSApi: # pylint: disable=too-many-public-methods
1598
1598
  rds = self._account_rds_client(account_name, **optional_kwargs)
1599
1599
  return rds.describe_db_instances(DBInstanceIdentifier=db_instance_name)
1600
1600
 
1601
+ def describe_rds_recommendations(
1602
+ self,
1603
+ account_name: str,
1604
+ region_name: str | None = None,
1605
+ ):
1606
+ rds = self._account_rds_client(account_name, region_name)
1607
+ return rds.describe_db_recommendations()
1608
+
1601
1609
  def get_db_valid_upgrade_target(
1602
1610
  self,
1603
1611
  account_name: str,
reconcile/utils/terrascript_aws_client.py CHANGED
@@ -5313,12 +5313,13 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
5313
5313
  # forward
5314
5314
  if not default_target:
5315
5315
  raise KeyError("expected a single default target")
5316
+ ssl_policy = resource.get("ssl_policy") or "ELBSecurityPolicy-TLS13-1-0-2021-06"
5316
5317
  values = {
5317
5318
  "provider": provider,
5318
5319
  "load_balancer_arn": f"${{{lb_tf_resource.arn}}}",
5319
5320
  "port": 443,
5320
5321
  "protocol": "HTTPS",
5321
- "ssl_policy": "ELBSecurityPolicy-TLS-1-2-2017-01",
5322
+ "ssl_policy": ssl_policy,
5322
5323
  "certificate_arn": resource["certificate_arn"],
5323
5324
  "default_action": {
5324
5325
  "type": "forward",
tools/qontract_cli.py CHANGED
@@ -1749,6 +1749,85 @@ You can view the source of this Markdown to extract the JSON data.
1749
1749
  print_output(ctx.obj["options"], results, columns)
1750
1750
 
1751
1751
 
1752
+ @get.command
1753
+ @click.pass_context
1754
+ def rds_recommendations(ctx):
1755
+ IGNORED_STATUSES = ("resolved",)
1756
+ IGNORED_SEVERITIES = ("informational",)
1757
+
1758
+ settings = queries.get_app_interface_settings()
1759
+
1760
+ # Only check AWS accounts for which we have RDS resources defined
1761
+ targetted_accounts = []
1762
+ namespaces = queries.get_namespaces()
1763
+ for namespace_info in namespaces:
1764
+ if not managed_external_resources(namespace_info):
1765
+ continue
1766
+ for spec in get_external_resource_specs(namespace_info):
1767
+ if spec.provider == "rds":
1768
+ targetted_accounts.append(spec.provisioner_name)
1769
+
1770
+ accounts = [
1771
+ a for a in queries.get_aws_accounts() if a["name"] in targetted_accounts
1772
+ ]
1773
+ accounts.sort(key=lambda a: a["name"])
1774
+
1775
+ columns = [
1776
+ # 'RecommendationId',
1777
+ # 'TypeId',
1778
+ # 'ResourceArn',
1779
+ "ResourceName", # Non-AWS field
1780
+ "Severity",
1781
+ "Category",
1782
+ "Impact",
1783
+ "Status",
1784
+ "Detection",
1785
+ "Recommendation",
1786
+ "Description",
1787
+ # 'Source',
1788
+ # 'TypeDetection',
1789
+ # 'TypeRecommendation',
1790
+ # 'AdditionalInfo'
1791
+ ]
1792
+
1793
+ ctx.obj["options"]["sort"] = False
1794
+
1795
+ print("[TOC]")
1796
+ for account in accounts:
1797
+ account_name = account.get("name")
1798
+ account_deployment_regions = account.get("supportedDeploymentRegions")
1799
+ for region in account_deployment_regions or []:
1800
+ with AWSApi(1, [account], settings=settings, init_users=False) as aws:
1801
+ try:
1802
+ data = aws.describe_rds_recommendations(account_name, region)
1803
+ recommendations = data.get("DBRecommendations", [])
1804
+ except Exception as e:
1805
+ logging.error(f"Error describing RDS recommendations: {e}")
1806
+ continue
1807
+
1808
+ # Add field ResourceName infered from ResourceArn
1809
+ recommendations = [
1810
+ {**rec, "ResourceName": rec["ResourceArn"].split(":")[-1]}
1811
+ for rec in recommendations
1812
+ if rec.get("Status") not in IGNORED_STATUSES
1813
+ and rec.get("Severity") not in IGNORED_SEVERITIES
1814
+ ]
1815
+ # The Description field has \n that are causing issues with the markdown table
1816
+ recommendations = [
1817
+ {**rec, "Description": rec["Description"].replace("\n", " ")}
1818
+ for rec in recommendations
1819
+ ]
1820
+ # If we have no recommendations to show, skip
1821
+ if not recommendations:
1822
+ continue
1823
+ # Sort by ResourceName
1824
+ recommendations.sort(key=lambda r: r["ResourceName"])
1825
+
1826
+ print(f"# {account_name} - {region}")
1827
+ print("Note: Severity informational is not shown.")
1828
+ print_output(ctx.obj["options"], recommendations, columns)
1829
+
1830
+
1752
1831
  @get.command()
1753
1832
  @click.pass_context
1754
1833
  def products(ctx):