qontract-reconcile 0.10.1rc1146__py3-none-any.whl → 0.10.1rc1148__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/METADATA +1 -1
- {qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/RECORD +8 -8
- reconcile/dashdotdb_slo.py +12 -1
- reconcile/test/test_vault_replication.py +23 -4
- reconcile/vault_replication.py +14 -6
- {qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/WHEEL +0 -0
- {qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/entry_points.txt +0 -0
- {qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: qontract-reconcile
|
|
3
|
-
Version: 0.10.
|
|
3
|
+
Version: 0.10.1rc1148
|
|
4
4
|
Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
|
|
5
5
|
Home-page: https://github.com/app-sre/qontract-reconcile
|
|
6
6
|
Author: Red Hat App-SRE Team
|
{qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/RECORD
RENAMED
|
@@ -17,7 +17,7 @@ reconcile/dashdotdb_base.py,sha256=l34QDu1G96_Ctnh7ZXdxXgSeCE93GQMdLAkWxmN6vDA,4
|
|
|
17
17
|
reconcile/dashdotdb_cso.py,sha256=IkI_KSZuH_kPn0cIQKXitJXiPPFSyHykrOuFy9h9ZpU,3643
|
|
18
18
|
reconcile/dashdotdb_dora.py,sha256=YmfxD02tKUAQQzku2aj2DXv1oKkAr4V_2lrPVtTFGyI,17674
|
|
19
19
|
reconcile/dashdotdb_dvo.py,sha256=lCkZ0iby6HrNQb-3kYb6xrt8wCjVUZYxKzz9SiStfHU,8946
|
|
20
|
-
reconcile/dashdotdb_slo.py,sha256=
|
|
20
|
+
reconcile/dashdotdb_slo.py,sha256=LWn0xmMLxpLXls6U4W2R40MqLH6VpBySolapdoK8T8E,8338
|
|
21
21
|
reconcile/database_access_manager.py,sha256=FfyXnYcUdX54BYR_6B9PWFmhT8xdNrPCfoz3Q7q39tg,25646
|
|
22
22
|
reconcile/deadmanssnitch.py,sha256=n-5W-djUgwzpmdDM4eQIZpkkDmHY0vndt-42LJXI4Y8,7491
|
|
23
23
|
reconcile/email_sender.py,sha256=-5L-Ag_jaEYSzYRoMr52KQBRXz1E8yx9GqLbg2X4XFU,3533
|
|
@@ -117,7 +117,7 @@ reconcile/terraform_resources.py,sha256=-sgMMHDtNvnQyNR05-MKebI_pSiyxSWAg8LmeA2_
|
|
|
117
117
|
reconcile/terraform_tgw_attachments.py,sha256=09svJG9pAiwWp4aY0xRoQRV90T4ZNwHG3r8flI-ZS_s,18810
|
|
118
118
|
reconcile/terraform_users.py,sha256=HqSm3ev3b8dZ9J6F_phDZB-FQsnlsdeKp9RPoY1cU94,10188
|
|
119
119
|
reconcile/terraform_vpc_peerings.py,sha256=VLSfuO7FvHN5McopRiKoKJDHCmIhYtlJEHv_hxV5kcM,27669
|
|
120
|
-
reconcile/vault_replication.py,sha256=
|
|
120
|
+
reconcile/vault_replication.py,sha256=1MFau4dyMYXYxWQB3DIYjrQKMK5OMnKAhgiL8YC6tYg,17642
|
|
121
121
|
reconcile/vpc_peerings_validator.py,sha256=-upvNg3ggKCxcJ4kqZcqJVsiltlhQ8MyyLZiWX8eYmE,7068
|
|
122
122
|
reconcile/aus/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
123
123
|
reconcile/aus/advanced_upgrade_service.py,sha256=NF3UQ02MdUpVPup50EqnTbTn3dRHGoXoSfFLZxOjr8Q,23744
|
|
@@ -574,7 +574,7 @@ reconcile/test/test_terraform_vpc_peerings.py,sha256=bpjCjhmic07cw3XKSHf-2JvmLuW
|
|
|
574
574
|
reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=cHmr1_yhRgfdqlFX6TMw-aiKXebaRv0szl16M9YRJic,49988
|
|
575
575
|
reconcile/test/test_three_way_diff_strategy.py,sha256=v3rNkQFNy5e1uyfeNSlNBA07fvrPGD0aXD91Lgv8oxc,4062
|
|
576
576
|
reconcile/test/test_utils_jinja2.py,sha256=rKugJEPl0qFC9joenJBXyk2qe-9md31-4EdxvQ2h5cs,4058
|
|
577
|
-
reconcile/test/test_vault_replication.py,sha256=
|
|
577
|
+
reconcile/test/test_vault_replication.py,sha256=auadux0xrZb82xh7gKXThCQMct5nhbvujR-6m8um0yE,17522
|
|
578
578
|
reconcile/test/test_vault_utils.py,sha256=vbJnc89XAuE07qbTuWxHM5o9F6R9SO5aHXA38fwxT7A,1122
|
|
579
579
|
reconcile/test/test_version_bump.py,sha256=q6-3Y1roriI6YWpFwaHOMN7emEP3yL33sh_0VdbmG7E,511
|
|
580
580
|
reconcile/test/test_vpc_peerings_validator.py,sha256=dFSmjc_dMN2GqMbntCFpa7PUZmyYuQ9DKffh-T5wmxM,6639
|
|
@@ -871,8 +871,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
|
|
|
871
871
|
tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
|
|
872
872
|
tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
|
|
873
873
|
tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
|
|
874
|
-
qontract_reconcile-0.10.
|
|
875
|
-
qontract_reconcile-0.10.
|
|
876
|
-
qontract_reconcile-0.10.
|
|
877
|
-
qontract_reconcile-0.10.
|
|
878
|
-
qontract_reconcile-0.10.
|
|
874
|
+
qontract_reconcile-0.10.1rc1148.dist-info/METADATA,sha256=D-ZIpS5GYoipyMcDl5QuXJTq3n-DsESc0GbyvYDrNjM,2213
|
|
875
|
+
qontract_reconcile-0.10.1rc1148.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
|
|
876
|
+
qontract_reconcile-0.10.1rc1148.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
|
|
877
|
+
qontract_reconcile-0.10.1rc1148.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
|
|
878
|
+
qontract_reconcile-0.10.1rc1148.dist-info/RECORD,,
|
reconcile/dashdotdb_slo.py
CHANGED
|
@@ -136,6 +136,7 @@ class DashdotdbSLO(DashdotdbBase):
|
|
|
136
136
|
template = jinja2.Template(expr)
|
|
137
137
|
window = slo.slo_parameters.window
|
|
138
138
|
promquery = template.render({"window": window})
|
|
139
|
+
|
|
139
140
|
try:
|
|
140
141
|
prom_response = self._promget(
|
|
141
142
|
url=promurl,
|
|
@@ -149,9 +150,19 @@ class DashdotdbSLO(DashdotdbBase):
|
|
|
149
150
|
# and some prometheus URL are openshift service names. The trick is to run
|
|
150
151
|
# with `oc port-forward` and update the local hosts file if we need to query those.
|
|
151
152
|
LOG.error(
|
|
152
|
-
f"{self.logmarker} Could not reach prometheus at {promurl}: {error}.
|
|
153
|
+
f"{self.logmarker} Could not reach prometheus at {promurl}: {error}."
|
|
154
|
+
f"Skipping SLOs from SLO doc {slo_document.name}"
|
|
153
155
|
)
|
|
156
|
+
# cannot connect to this prometheus, skip all
|
|
154
157
|
raise
|
|
158
|
+
except requests.exceptions.HTTPError as error:
|
|
159
|
+
LOG.error(
|
|
160
|
+
f"{self.logmarker} Error wile querying {promurl}: {error}."
|
|
161
|
+
f"Skipping SLO '{slo.name} from SLO doc {slo_document.name}"
|
|
162
|
+
)
|
|
163
|
+
# it could be a query issue, keep processing other SLOs from this doc
|
|
164
|
+
continue
|
|
165
|
+
|
|
155
166
|
prom_result = prom_response["data"]["result"]
|
|
156
167
|
if not prom_result:
|
|
157
168
|
continue
|
|
@@ -504,13 +504,32 @@ def test_get_policy_secret_list(mocker):
|
|
|
504
504
|
vault_client.list_all.side_effect = [
|
|
505
505
|
["policy/path/1/secret1", "policy/path/1/secret2"],
|
|
506
506
|
["policy/path/2/secret1", "policy/path/2/secret2"],
|
|
507
|
+
["my-policy/path_to_it/3/secret1"],
|
|
507
508
|
]
|
|
508
509
|
|
|
509
|
-
assert
|
|
510
|
-
|
|
511
|
-
|
|
510
|
+
assert set(
|
|
511
|
+
integ.get_policy_secret_list(
|
|
512
|
+
vault_client,
|
|
513
|
+
["policy/path/1/*", "policy/path/2/*", "policy/path/3/secret1"],
|
|
514
|
+
)
|
|
515
|
+
) == {
|
|
512
516
|
"policy/path/1/secret1",
|
|
513
517
|
"policy/path/1/secret2",
|
|
514
518
|
"policy/path/2/secret1",
|
|
515
519
|
"policy/path/2/secret2",
|
|
516
|
-
|
|
520
|
+
"policy/path/3/secret1",
|
|
521
|
+
}
|
|
522
|
+
|
|
523
|
+
|
|
524
|
+
@pytest.mark.parametrize(
|
|
525
|
+
"paths",
|
|
526
|
+
[
|
|
527
|
+
["policy/path*"],
|
|
528
|
+
["policy/p*th"],
|
|
529
|
+
["policy/+/p*th"],
|
|
530
|
+
],
|
|
531
|
+
)
|
|
532
|
+
def test_get_policy_secret_list_failure(paths, mocker):
|
|
533
|
+
vault_client = mocker.patch("reconcile.utils.vault._VaultClient", autospec=True)
|
|
534
|
+
with pytest.raises(integ.VaultInvalidPaths):
|
|
535
|
+
integ.get_policy_secret_list(vault_client, paths)
|
reconcile/vault_replication.py
CHANGED
|
@@ -34,6 +34,7 @@ from reconcile.utils.vault import (
|
|
|
34
34
|
)
|
|
35
35
|
|
|
36
36
|
QONTRACT_INTEGRATION = "vault-replication"
|
|
37
|
+
SECRET_PATH_PATTERN = re.compile(r"^[\w/-]+?(?P<folder>/\*?)?$")
|
|
37
38
|
|
|
38
39
|
|
|
39
40
|
class VaultInvalidPaths(Exception):
|
|
@@ -232,14 +233,21 @@ def get_policy_secret_list(
|
|
|
232
233
|
vault_instance: _VaultClient, policy_paths: Iterable[str]
|
|
233
234
|
) -> list[str]:
|
|
234
235
|
"""Returns a list of secrets to be copied from the given policy"""
|
|
235
|
-
|
|
236
|
+
secrets = set()
|
|
236
237
|
for path in policy_paths:
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
238
|
+
match = SECRET_PATH_PATTERN.match(path)
|
|
239
|
+
if not match:
|
|
240
|
+
logging.error(["get_policy_secret_list", "Invalid path to replicate", path])
|
|
241
|
+
raise VaultInvalidPaths
|
|
241
242
|
|
|
242
|
-
|
|
243
|
+
if match.group("folder"):
|
|
244
|
+
# Remove the * at the end of the path because list method expects
|
|
245
|
+
# a folder path without any secret or wilcard
|
|
246
|
+
secrets.update(vault_instance.list_all(path.rstrip("*")))
|
|
247
|
+
else:
|
|
248
|
+
secrets.add(path)
|
|
249
|
+
|
|
250
|
+
return list(secrets)
|
|
243
251
|
|
|
244
252
|
|
|
245
253
|
def get_jenkins_secret_list(
|
{qontract_reconcile-0.10.1rc1146.dist-info → qontract_reconcile-0.10.1rc1148.dist-info}/WHEEL
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|