qontract-reconcile 0.10.1rc1147__py3-none-any.whl → 0.10.1rc1149__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/METADATA +1 -1
- {qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/RECORD +7 -7
- reconcile/test/test_vault_replication.py +22 -4
- reconcile/vault_replication.py +14 -6
- {qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/WHEEL +0 -0
- {qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/entry_points.txt +0 -0
- {qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: qontract-reconcile
|
|
3
|
-
Version: 0.10.
|
|
3
|
+
Version: 0.10.1rc1149
|
|
4
4
|
Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
|
|
5
5
|
Home-page: https://github.com/app-sre/qontract-reconcile
|
|
6
6
|
Author: Red Hat App-SRE Team
|
{qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/RECORD
RENAMED
|
@@ -117,7 +117,7 @@ reconcile/terraform_resources.py,sha256=-sgMMHDtNvnQyNR05-MKebI_pSiyxSWAg8LmeA2_
|
|
|
117
117
|
reconcile/terraform_tgw_attachments.py,sha256=09svJG9pAiwWp4aY0xRoQRV90T4ZNwHG3r8flI-ZS_s,18810
|
|
118
118
|
reconcile/terraform_users.py,sha256=HqSm3ev3b8dZ9J6F_phDZB-FQsnlsdeKp9RPoY1cU94,10188
|
|
119
119
|
reconcile/terraform_vpc_peerings.py,sha256=VLSfuO7FvHN5McopRiKoKJDHCmIhYtlJEHv_hxV5kcM,27669
|
|
120
|
-
reconcile/vault_replication.py,sha256=
|
|
120
|
+
reconcile/vault_replication.py,sha256=1MFau4dyMYXYxWQB3DIYjrQKMK5OMnKAhgiL8YC6tYg,17642
|
|
121
121
|
reconcile/vpc_peerings_validator.py,sha256=-upvNg3ggKCxcJ4kqZcqJVsiltlhQ8MyyLZiWX8eYmE,7068
|
|
122
122
|
reconcile/aus/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
123
123
|
reconcile/aus/advanced_upgrade_service.py,sha256=NF3UQ02MdUpVPup50EqnTbTn3dRHGoXoSfFLZxOjr8Q,23744
|
|
@@ -574,7 +574,7 @@ reconcile/test/test_terraform_vpc_peerings.py,sha256=bpjCjhmic07cw3XKSHf-2JvmLuW
|
|
|
574
574
|
reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=cHmr1_yhRgfdqlFX6TMw-aiKXebaRv0szl16M9YRJic,49988
|
|
575
575
|
reconcile/test/test_three_way_diff_strategy.py,sha256=v3rNkQFNy5e1uyfeNSlNBA07fvrPGD0aXD91Lgv8oxc,4062
|
|
576
576
|
reconcile/test/test_utils_jinja2.py,sha256=rKugJEPl0qFC9joenJBXyk2qe-9md31-4EdxvQ2h5cs,4058
|
|
577
|
-
reconcile/test/test_vault_replication.py,sha256=
|
|
577
|
+
reconcile/test/test_vault_replication.py,sha256=WO18WnkXXQDqJ0FnSCl2HOiTfSY3LdRnKn_y6-Gre3w,17490
|
|
578
578
|
reconcile/test/test_vault_utils.py,sha256=vbJnc89XAuE07qbTuWxHM5o9F6R9SO5aHXA38fwxT7A,1122
|
|
579
579
|
reconcile/test/test_version_bump.py,sha256=q6-3Y1roriI6YWpFwaHOMN7emEP3yL33sh_0VdbmG7E,511
|
|
580
580
|
reconcile/test/test_vpc_peerings_validator.py,sha256=dFSmjc_dMN2GqMbntCFpa7PUZmyYuQ9DKffh-T5wmxM,6639
|
|
@@ -871,8 +871,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
|
|
|
871
871
|
tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
|
|
872
872
|
tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
|
|
873
873
|
tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
|
|
874
|
-
qontract_reconcile-0.10.
|
|
875
|
-
qontract_reconcile-0.10.
|
|
876
|
-
qontract_reconcile-0.10.
|
|
877
|
-
qontract_reconcile-0.10.
|
|
878
|
-
qontract_reconcile-0.10.
|
|
874
|
+
qontract_reconcile-0.10.1rc1149.dist-info/METADATA,sha256=Nm_UnTQqjHtOQmjpgR8izLobnzDXO1UJxvKd0sLsy5s,2213
|
|
875
|
+
qontract_reconcile-0.10.1rc1149.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
|
|
876
|
+
qontract_reconcile-0.10.1rc1149.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
|
|
877
|
+
qontract_reconcile-0.10.1rc1149.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
|
|
878
|
+
qontract_reconcile-0.10.1rc1149.dist-info/RECORD,,
|
|
@@ -506,11 +506,29 @@ def test_get_policy_secret_list(mocker):
|
|
|
506
506
|
["policy/path/2/secret1", "policy/path/2/secret2"],
|
|
507
507
|
]
|
|
508
508
|
|
|
509
|
-
assert
|
|
510
|
-
|
|
511
|
-
|
|
509
|
+
assert set(
|
|
510
|
+
integ.get_policy_secret_list(
|
|
511
|
+
vault_client,
|
|
512
|
+
["policy/path/1/*", "policy/path/2/*", "policy/p-a_th/3/secret1_1-1"],
|
|
513
|
+
)
|
|
514
|
+
) == {
|
|
512
515
|
"policy/path/1/secret1",
|
|
513
516
|
"policy/path/1/secret2",
|
|
514
517
|
"policy/path/2/secret1",
|
|
515
518
|
"policy/path/2/secret2",
|
|
516
|
-
|
|
519
|
+
"policy/p-a_th/3/secret1_1-1",
|
|
520
|
+
}
|
|
521
|
+
|
|
522
|
+
|
|
523
|
+
@pytest.mark.parametrize(
|
|
524
|
+
"paths",
|
|
525
|
+
[
|
|
526
|
+
["policy/path*"],
|
|
527
|
+
["policy/p*th"],
|
|
528
|
+
["policy/+/p*th"],
|
|
529
|
+
],
|
|
530
|
+
)
|
|
531
|
+
def test_get_policy_secret_list_failure(paths, mocker):
|
|
532
|
+
vault_client = mocker.patch("reconcile.utils.vault._VaultClient", autospec=True)
|
|
533
|
+
with pytest.raises(integ.VaultInvalidPaths):
|
|
534
|
+
integ.get_policy_secret_list(vault_client, paths)
|
reconcile/vault_replication.py
CHANGED
|
@@ -34,6 +34,7 @@ from reconcile.utils.vault import (
|
|
|
34
34
|
)
|
|
35
35
|
|
|
36
36
|
QONTRACT_INTEGRATION = "vault-replication"
|
|
37
|
+
SECRET_PATH_PATTERN = re.compile(r"^[\w/-]+?(?P<folder>/\*?)?$")
|
|
37
38
|
|
|
38
39
|
|
|
39
40
|
class VaultInvalidPaths(Exception):
|
|
@@ -232,14 +233,21 @@ def get_policy_secret_list(
|
|
|
232
233
|
vault_instance: _VaultClient, policy_paths: Iterable[str]
|
|
233
234
|
) -> list[str]:
|
|
234
235
|
"""Returns a list of secrets to be copied from the given policy"""
|
|
235
|
-
|
|
236
|
+
secrets = set()
|
|
236
237
|
for path in policy_paths:
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
238
|
+
match = SECRET_PATH_PATTERN.match(path)
|
|
239
|
+
if not match:
|
|
240
|
+
logging.error(["get_policy_secret_list", "Invalid path to replicate", path])
|
|
241
|
+
raise VaultInvalidPaths
|
|
241
242
|
|
|
242
|
-
|
|
243
|
+
if match.group("folder"):
|
|
244
|
+
# Remove the * at the end of the path because list method expects
|
|
245
|
+
# a folder path without any secret or wilcard
|
|
246
|
+
secrets.update(vault_instance.list_all(path.rstrip("*")))
|
|
247
|
+
else:
|
|
248
|
+
secrets.add(path)
|
|
249
|
+
|
|
250
|
+
return list(secrets)
|
|
243
251
|
|
|
244
252
|
|
|
245
253
|
def get_jenkins_secret_list(
|
{qontract_reconcile-0.10.1rc1147.dist-info → qontract_reconcile-0.10.1rc1149.dist-info}/WHEEL
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|