qontract-reconcile 0.10.1rc1156__py3-none-any.whl → 0.10.1rc1158__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/METADATA +1 -1
- {qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/RECORD +16 -16
- reconcile/external_resources/manager.py +1 -1
- reconcile/external_resources/model.py +20 -1
- reconcile/external_resources/reconciler.py +1 -2
- reconcile/gql_definitions/external_resources/external_resources_modules.py +4 -0
- reconcile/gql_definitions/external_resources/external_resources_namespaces.py +12 -0
- reconcile/gql_definitions/external_resources/external_resources_settings.py +4 -0
- reconcile/queries.py +27 -0
- reconcile/terraform_resources.py +10 -2
- reconcile/utils/external_resources.py +3 -7
- reconcile/utils/terrascript_aws_client.py +56 -7
- tools/cli_commands/erv2.py +1 -1
- {qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/WHEEL +0 -0
- {qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/entry_points.txt +0 -0
- {qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: qontract-reconcile
|
|
3
|
-
Version: 0.10.
|
|
3
|
+
Version: 0.10.1rc1158
|
|
4
4
|
Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
|
|
5
5
|
Home-page: https://github.com/app-sre/qontract-reconcile
|
|
6
6
|
Author: Red Hat App-SRE Team
|
{qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/RECORD
RENAMED
|
@@ -94,7 +94,7 @@ reconcile/quay_mirror.py,sha256=mFp4Z5Nwl-DcFbbsJBOB8f9ldohFT-V67o868d5ux1s,1536
|
|
|
94
94
|
reconcile/quay_mirror_org.py,sha256=utrJpJaKCs7U6WX6DODdfCeB0EmX-lUC8Y5fkmpgFSs,10764
|
|
95
95
|
reconcile/quay_permissions.py,sha256=9KOutS1w4RFQqkvMSy54VtsKNx56-phzP6yI_rEW-B8,4244
|
|
96
96
|
reconcile/quay_repos.py,sha256=cuEYG0HUe0ut5yvLdEwOF5-CmccpXQHRb_wDazvDrvQ,6895
|
|
97
|
-
reconcile/queries.py,sha256=
|
|
97
|
+
reconcile/queries.py,sha256=VaBYi8IU01Tjrncs_Ik0D4Q-cQvlinWFhH2_8cq5x7U,50812
|
|
98
98
|
reconcile/query_validator.py,sha256=MSh5pKLBksws4AqfuvT8nrIGucIbqX-IOzYyPYTLO7k,1491
|
|
99
99
|
reconcile/requests_sender.py,sha256=914iluuF4UVgG3VyxxtnHOu4yf6YKS2fIy6PViSsFTQ,3875
|
|
100
100
|
reconcile/resource_scraper.py,sha256=znXCHrU7YwPfKuxGBiUrV7T1tYtn4vlz9qmZlfy6Flg,2307
|
|
@@ -113,7 +113,7 @@ reconcile/terraform_cloudflare_dns.py,sha256=-aLEe2QnH5cJPu7HWqs-R9NmQ1NlFbcVUm0
|
|
|
113
113
|
reconcile/terraform_cloudflare_resources.py,sha256=pq8Ieo5NmB-dYQ9X2F0s6iEoINMzhiqGw2yQK4ovok4,14980
|
|
114
114
|
reconcile/terraform_cloudflare_users.py,sha256=iyTG5sj20Jg4J4qWJ144KVptfIHGOSfH8wQKxu0imq0,13942
|
|
115
115
|
reconcile/terraform_repo.py,sha256=TKqlodhQGoAtQ6nDm04TNlpx4wpgJ_n4atoUK5Rfd7o,16444
|
|
116
|
-
reconcile/terraform_resources.py,sha256
|
|
116
|
+
reconcile/terraform_resources.py,sha256=jpBtp6vezq79jQ7rWdk49_mW-PIUFVzFK54ilVSEZFM,19564
|
|
117
117
|
reconcile/terraform_tgw_attachments.py,sha256=09svJG9pAiwWp4aY0xRoQRV90T4ZNwHG3r8flI-ZS_s,18810
|
|
118
118
|
reconcile/terraform_users.py,sha256=HqSm3ev3b8dZ9J6F_phDZB-FQsnlsdeKp9RPoY1cU94,10188
|
|
119
119
|
reconcile/terraform_vpc_peerings.py,sha256=VLSfuO7FvHN5McopRiKoKJDHCmIhYtlJEHv_hxV5kcM,27669
|
|
@@ -196,11 +196,11 @@ reconcile/external_resources/aws.py,sha256=309Zui7rE8XFJA1ZBLupl55Vp8Y5KKgXdsKQW
|
|
|
196
196
|
reconcile/external_resources/factories.py,sha256=KrJDh52_8PeCEVjwfeVr1jwAJDdhMXRQ_XcBETfnKY4,4988
|
|
197
197
|
reconcile/external_resources/integration.py,sha256=gBVO5dE8JyZ3xYcYik-MTIp_18oU7_hpYc_oztyfElQ,6753
|
|
198
198
|
reconcile/external_resources/integration_secrets_sync.py,sha256=dX09O3r6KURziUYYfiki10orNjOGVma-XojhVqd0ww4,1667
|
|
199
|
-
reconcile/external_resources/manager.py,sha256=
|
|
199
|
+
reconcile/external_resources/manager.py,sha256=tgHOFvP-dcPLLIhcjMn6EIELTBCycbXFNAuS-NX7l2s,17929
|
|
200
200
|
reconcile/external_resources/meta.py,sha256=noaytFzmShpzLA_ebGh7wuP45mOfHIOnnoUxivjDa1I,672
|
|
201
201
|
reconcile/external_resources/metrics.py,sha256=nMbyonGZEJDD1lYzpQY2eR9TNwvxYC4ZCcpi6wrExcM,1037
|
|
202
|
-
reconcile/external_resources/model.py,sha256=
|
|
203
|
-
reconcile/external_resources/reconciler.py,sha256=
|
|
202
|
+
reconcile/external_resources/model.py,sha256=H3elpiqehg_jACy28fGV5_77n8gKclVO77-7cfbaMNA,9178
|
|
203
|
+
reconcile/external_resources/reconciler.py,sha256=Lhzg0O9Sw65KrCae-J14g9PV82xdp29O4jS_T5YNgEY,9661
|
|
204
204
|
reconcile/external_resources/secrets_sync.py,sha256=6n0oDPLjd9Ql0lf6zsr1AZw8A6EEe3yCzl20XodtgkE,16229
|
|
205
205
|
reconcile/external_resources/state.py,sha256=UupSa6tl4-73_J6Fhisn-qHal3v3uAUS5s5sk85LGDs,9343
|
|
206
206
|
reconcile/glitchtip/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -291,9 +291,9 @@ reconcile/gql_definitions/endpoints_discovery/__init__.py,sha256=47DEQpj8HBSa-_T
|
|
|
291
291
|
reconcile/gql_definitions/endpoints_discovery/namespaces.py,sha256=FqJ0H7NdsIm5BgVnuJV9wLcj7i667VhCN559tWJ-WsA,3054
|
|
292
292
|
reconcile/gql_definitions/external_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
293
293
|
reconcile/gql_definitions/external_resources/aws_accounts.py,sha256=XR69j9dpTQ0gv8y-AZN7AJ0dPvO-wbHscyCDgrax6Bk,2046
|
|
294
|
-
reconcile/gql_definitions/external_resources/external_resources_modules.py,sha256=
|
|
295
|
-
reconcile/gql_definitions/external_resources/external_resources_namespaces.py,sha256=
|
|
296
|
-
reconcile/gql_definitions/external_resources/external_resources_settings.py,sha256=
|
|
294
|
+
reconcile/gql_definitions/external_resources/external_resources_modules.py,sha256=cbbvGq1Te9DP8XiFg3bp4Y0q6LxpGYov8ugcROPyPLI,2647
|
|
295
|
+
reconcile/gql_definitions/external_resources/external_resources_namespaces.py,sha256=XkxcBuIqMcX_Rdb4eU1Fduasz3vgAL7IdmFNcNMxzRw,44220
|
|
296
|
+
reconcile/gql_definitions/external_resources/external_resources_settings.py,sha256=K8m9EKlfIVGP2KyqTduo7MMSKFjVC3yk5ZfO9hgdA7A,3192
|
|
297
297
|
reconcile/gql_definitions/fragments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
298
298
|
reconcile/gql_definitions/fragments/aus_organization.py,sha256=uBKbTuBa3CZmTXR5HOcGhRcu2U9kM93KbYmoWTxcpB0,4767
|
|
299
299
|
reconcile/gql_definitions/fragments/aws_account_common.py,sha256=3-7ZAP6GSff7Z2Syz2VQCLY4IySqBOSVmceaRiVNQpw,2385
|
|
@@ -674,7 +674,7 @@ reconcile/utils/exceptions.py,sha256=DwfnWUpVOotpP79RWZ2pycmG6nKCL00RBIeZLYkQPW4
|
|
|
674
674
|
reconcile/utils/expiration.py,sha256=3JaXH4psksR7z262k7FmdyREjCLqm66OpVMEbcfdWRo,1213
|
|
675
675
|
reconcile/utils/extended_early_exit.py,sha256=QSktrmfw37zSRMNk930tDbQsVeKxaPPPD43e79DGwZw,6754
|
|
676
676
|
reconcile/utils/external_resource_spec.py,sha256=bhH_xneFwATdFumTPkiQmcVKYI0gcaWuqV6FpFdf_P0,7006
|
|
677
|
-
reconcile/utils/external_resources.py,sha256=
|
|
677
|
+
reconcile/utils/external_resources.py,sha256=y7Wz32cOAmCsUhQ6T-1N6lktnLikGkaHQ0SdDpMse1w,7585
|
|
678
678
|
reconcile/utils/filtering.py,sha256=S4PbMHuFr3ED0P2Q_ea5CAaB7FimI62B-F5YTaKrphA,402
|
|
679
679
|
reconcile/utils/git.py,sha256=wzVIYAeKlMGW538U1mkJWUI6h_mFRUY4lawh2AR8hw4,2345
|
|
680
680
|
reconcile/utils/github_api.py,sha256=R8OvqyPdnRqvP-Efnv9RvIcbBlb4M0KC4RlbnJMD0Tg,2426
|
|
@@ -727,7 +727,7 @@ reconcile/utils/state.py,sha256=W0_awkLAPX18hNOF_60o73tkPxDUylqbzYNHfl_sDsk,1638
|
|
|
727
727
|
reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
|
|
728
728
|
reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
|
|
729
729
|
reconcile/utils/terraform_client.py,sha256=LjX2U2E0Dglt2S_KA5jWQ_dVC8sPn4FEAh0xW_d6JTk,35953
|
|
730
|
-
reconcile/utils/terrascript_aws_client.py,sha256=
|
|
730
|
+
reconcile/utils/terrascript_aws_client.py,sha256=aWaxp-lomSdlWz-yPvqAsaE-3W_jnxOIRvJuRXDGokY,283449
|
|
731
731
|
reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
|
|
732
732
|
reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
|
|
733
733
|
reconcile/utils/vault.py,sha256=pi0PuyopvCq1gW0cldvy1-Ff6bqLUlCKC2MW0sifvSE,15043
|
|
@@ -842,7 +842,7 @@ tools/qontract_cli.py,sha256=ndRUc8mjkubajPkZKaoE2IFVT2e4YXYRVtUaeLt3zzE,140496
|
|
|
842
842
|
tools/sd_app_sre_alert_report.py,sha256=e9vAdyenUz2f5c8-z-5WY0wv-SJ9aePKDH2r4IwB6pc,5063
|
|
843
843
|
tools/template_validation.py,sha256=qpKYaTgk0GOPGa2Ct5_5sKdwIHtCAKIBGzsMPuJU5fw,3371
|
|
844
844
|
tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
845
|
-
tools/cli_commands/erv2.py,sha256=
|
|
845
|
+
tools/cli_commands/erv2.py,sha256=fByRn6D_SBi5YptjAqR49yFedsjyAHBQBaIbsdO1QKQ,16412
|
|
846
846
|
tools/cli_commands/gpg_encrypt.py,sha256=x02JOMn834z89YSNvr5B-oJky7rR1C0begCkPh45eHk,4958
|
|
847
847
|
tools/cli_commands/systems_and_tools.py,sha256=EMHOF1AtUDaoSk0bbjl6oUKYAz4rTZjIBaF-6E6GspM,16816
|
|
848
848
|
tools/cli_commands/cost_report/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -880,8 +880,8 @@ tools/test/test_qontract_cli.py,sha256=iuzKbQ6ahinvjoQmQLBrG4shey0z-1rB6qCgS8T6d
|
|
|
880
880
|
tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
|
|
881
881
|
tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
|
|
882
882
|
tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
|
|
883
|
-
qontract_reconcile-0.10.
|
|
884
|
-
qontract_reconcile-0.10.
|
|
885
|
-
qontract_reconcile-0.10.
|
|
886
|
-
qontract_reconcile-0.10.
|
|
887
|
-
qontract_reconcile-0.10.
|
|
883
|
+
qontract_reconcile-0.10.1rc1158.dist-info/METADATA,sha256=eMmlXcbujY4OpUxnwP4jD3BuN2P3RGmQo-btlbDJT4k,2213
|
|
884
|
+
qontract_reconcile-0.10.1rc1158.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
|
|
885
|
+
qontract_reconcile-0.10.1rc1158.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
|
|
886
|
+
qontract_reconcile-0.10.1rc1158.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
|
|
887
|
+
qontract_reconcile-0.10.1rc1158.dist-info/RECORD,,
|
|
@@ -247,7 +247,7 @@ class ExternalResourcesManager:
|
|
|
247
247
|
input=self._serialize_resource_input(resource),
|
|
248
248
|
action=Action.APPLY,
|
|
249
249
|
module_configuration=ExternalResourceModuleConfiguration.resolve_configuration(
|
|
250
|
-
module, spec
|
|
250
|
+
module, spec, self.settings
|
|
251
251
|
),
|
|
252
252
|
)
|
|
253
253
|
r.add(reconciliation)
|
|
@@ -29,6 +29,9 @@ from reconcile.gql_definitions.external_resources.external_resources_namespaces
|
|
|
29
29
|
NamespaceTerraformResourceRDSV1,
|
|
30
30
|
NamespaceV1,
|
|
31
31
|
)
|
|
32
|
+
from reconcile.gql_definitions.external_resources.external_resources_settings import (
|
|
33
|
+
ExternalResourcesSettingsV1,
|
|
34
|
+
)
|
|
32
35
|
from reconcile.utils.exceptions import FetchResourceError
|
|
33
36
|
from reconcile.utils.external_resource_spec import (
|
|
34
37
|
ExternalResourceSpec,
|
|
@@ -199,14 +202,22 @@ class ExternalResourceModuleConfiguration(BaseModel, frozen=True):
|
|
|
199
202
|
version: str = ""
|
|
200
203
|
reconcile_drift_interval_minutes: int = -1000
|
|
201
204
|
reconcile_timeout_minutes: int = -1000
|
|
205
|
+
outputs_secret_image: str = ""
|
|
206
|
+
outputs_secret_version: str = ""
|
|
202
207
|
|
|
203
208
|
@property
|
|
204
209
|
def image_version(self) -> str:
|
|
205
210
|
return f"{self.image}:{self.version}"
|
|
206
211
|
|
|
212
|
+
@property
|
|
213
|
+
def outputs_secret_image_version(self) -> str:
|
|
214
|
+
return f"{self.outputs_secret_image}:{self.outputs_secret_version}"
|
|
215
|
+
|
|
207
216
|
@staticmethod
|
|
208
217
|
def resolve_configuration(
|
|
209
|
-
module: ExternalResourcesModuleV1,
|
|
218
|
+
module: ExternalResourcesModuleV1,
|
|
219
|
+
spec: ExternalResourceSpec,
|
|
220
|
+
settings: ExternalResourcesSettingsV1,
|
|
210
221
|
) -> "ExternalResourceModuleConfiguration":
|
|
211
222
|
module_overrides = spec.metadata.get(
|
|
212
223
|
"module_overrides"
|
|
@@ -215,6 +226,8 @@ class ExternalResourceModuleConfiguration(BaseModel, frozen=True):
|
|
|
215
226
|
image=None,
|
|
216
227
|
version=None,
|
|
217
228
|
reconcile_timeout_minutes=None,
|
|
229
|
+
outputs_secret_image=None,
|
|
230
|
+
outputs_secret_version=None,
|
|
218
231
|
)
|
|
219
232
|
|
|
220
233
|
return ExternalResourceModuleConfiguration(
|
|
@@ -223,6 +236,12 @@ class ExternalResourceModuleConfiguration(BaseModel, frozen=True):
|
|
|
223
236
|
reconcile_drift_interval_minutes=module.reconcile_drift_interval_minutes,
|
|
224
237
|
reconcile_timeout_minutes=module_overrides.reconcile_timeout_minutes
|
|
225
238
|
or module.reconcile_timeout_minutes,
|
|
239
|
+
outputs_secret_image=module_overrides.outputs_secret_image
|
|
240
|
+
or module.outputs_secret_image
|
|
241
|
+
or settings.outputs_secret_image,
|
|
242
|
+
outputs_secret_version=module_overrides.outputs_secret_version
|
|
243
|
+
or module.outputs_secret_version
|
|
244
|
+
or settings.outputs_secret_version,
|
|
226
245
|
)
|
|
227
246
|
|
|
228
247
|
|
|
@@ -130,8 +130,7 @@ class ReconciliationK8sJob(K8sJob, BaseModel, frozen=True):
|
|
|
130
130
|
containers=[
|
|
131
131
|
V1Container(
|
|
132
132
|
name="outputs",
|
|
133
|
-
image=
|
|
134
|
-
command=["/bin/bash", "/app/entrypoint.sh"],
|
|
133
|
+
image=self.reconciliation.module_configuration.outputs_secret_image_version,
|
|
135
134
|
image_pull_policy="Always",
|
|
136
135
|
env=[
|
|
137
136
|
V1EnvVar(
|
|
@@ -29,6 +29,8 @@ query ExternalResourcesModules {
|
|
|
29
29
|
reconcile_drift_interval_minutes
|
|
30
30
|
reconcile_timeout_minutes
|
|
31
31
|
outputs_secret_sync
|
|
32
|
+
outputs_secret_image
|
|
33
|
+
outputs_secret_version
|
|
32
34
|
}
|
|
33
35
|
}
|
|
34
36
|
"""
|
|
@@ -49,6 +51,8 @@ class ExternalResourcesModuleV1(ConfiguredBaseModel):
|
|
|
49
51
|
reconcile_drift_interval_minutes: int = Field(..., alias="reconcile_drift_interval_minutes")
|
|
50
52
|
reconcile_timeout_minutes: int = Field(..., alias="reconcile_timeout_minutes")
|
|
51
53
|
outputs_secret_sync: bool = Field(..., alias="outputs_secret_sync")
|
|
54
|
+
outputs_secret_image: Optional[str] = Field(..., alias="outputs_secret_image")
|
|
55
|
+
outputs_secret_version: Optional[str] = Field(..., alias="outputs_secret_version")
|
|
52
56
|
|
|
53
57
|
|
|
54
58
|
class ExternalResourcesModulesQueryData(ConfiguredBaseModel):
|
|
@@ -115,6 +115,8 @@ query ExternalResourcesNamespaces {
|
|
|
115
115
|
image
|
|
116
116
|
version
|
|
117
117
|
reconcile_timeout_minutes
|
|
118
|
+
outputs_secret_image
|
|
119
|
+
outputs_secret_version
|
|
118
120
|
}
|
|
119
121
|
}
|
|
120
122
|
... on NamespaceTerraformResourceS3_v1 {
|
|
@@ -151,6 +153,8 @@ query ExternalResourcesNamespaces {
|
|
|
151
153
|
image
|
|
152
154
|
version
|
|
153
155
|
reconcile_timeout_minutes
|
|
156
|
+
outputs_secret_image
|
|
157
|
+
outputs_secret_version
|
|
154
158
|
}
|
|
155
159
|
}
|
|
156
160
|
... on NamespaceTerraformResourceServiceAccount_v1 {
|
|
@@ -482,6 +486,8 @@ query ExternalResourcesNamespaces {
|
|
|
482
486
|
image
|
|
483
487
|
version
|
|
484
488
|
reconcile_timeout_minutes
|
|
489
|
+
outputs_secret_image
|
|
490
|
+
outputs_secret_version
|
|
485
491
|
}
|
|
486
492
|
}
|
|
487
493
|
}
|
|
@@ -564,6 +570,8 @@ class ExternalResourcesModuleOverridesV1(ConfiguredBaseModel):
|
|
|
564
570
|
image: Optional[str] = Field(..., alias="image")
|
|
565
571
|
version: Optional[str] = Field(..., alias="version")
|
|
566
572
|
reconcile_timeout_minutes: Optional[int] = Field(..., alias="reconcile_timeout_minutes")
|
|
573
|
+
outputs_secret_image: Optional[str] = Field(..., alias="outputs_secret_image")
|
|
574
|
+
outputs_secret_version: Optional[str] = Field(..., alias="outputs_secret_version")
|
|
567
575
|
|
|
568
576
|
|
|
569
577
|
class NamespaceTerraformResourceRDSV1(NamespaceTerraformResourceAWSV1):
|
|
@@ -615,6 +623,8 @@ class NamespaceTerraformResourceElastiCacheV1_ExternalResourcesModuleOverridesV1
|
|
|
615
623
|
image: Optional[str] = Field(..., alias="image")
|
|
616
624
|
version: Optional[str] = Field(..., alias="version")
|
|
617
625
|
reconcile_timeout_minutes: Optional[int] = Field(..., alias="reconcile_timeout_minutes")
|
|
626
|
+
outputs_secret_image: Optional[str] = Field(..., alias="outputs_secret_image")
|
|
627
|
+
outputs_secret_version: Optional[str] = Field(..., alias="outputs_secret_version")
|
|
618
628
|
|
|
619
629
|
|
|
620
630
|
class NamespaceTerraformResourceElastiCacheV1(NamespaceTerraformResourceAWSV1):
|
|
@@ -1016,6 +1026,8 @@ class NamespaceTerraformResourceMskV1_ExternalResourcesModuleOverridesV1(Configu
|
|
|
1016
1026
|
image: Optional[str] = Field(..., alias="image")
|
|
1017
1027
|
version: Optional[str] = Field(..., alias="version")
|
|
1018
1028
|
reconcile_timeout_minutes: Optional[int] = Field(..., alias="reconcile_timeout_minutes")
|
|
1029
|
+
outputs_secret_image: Optional[str] = Field(..., alias="outputs_secret_image")
|
|
1030
|
+
outputs_secret_version: Optional[str] = Field(..., alias="outputs_secret_version")
|
|
1019
1031
|
|
|
1020
1032
|
|
|
1021
1033
|
class NamespaceTerraformResourceMskV1(NamespaceTerraformResourceAWSV1):
|
|
@@ -36,6 +36,8 @@ query ExternalResourcesSettings {
|
|
|
36
36
|
tf_state_region
|
|
37
37
|
tf_state_dynamodb_table
|
|
38
38
|
vault_secrets_path
|
|
39
|
+
outputs_secret_image
|
|
40
|
+
outputs_secret_version
|
|
39
41
|
}
|
|
40
42
|
}
|
|
41
43
|
"""
|
|
@@ -69,6 +71,8 @@ class ExternalResourcesSettingsV1(ConfiguredBaseModel):
|
|
|
69
71
|
tf_state_region: Optional[str] = Field(..., alias="tf_state_region")
|
|
70
72
|
tf_state_dynamodb_table: Optional[str] = Field(..., alias="tf_state_dynamodb_table")
|
|
71
73
|
vault_secrets_path: str = Field(..., alias="vault_secrets_path")
|
|
74
|
+
outputs_secret_image: str = Field(..., alias="outputs_secret_image")
|
|
75
|
+
outputs_secret_version: str = Field(..., alias="outputs_secret_version")
|
|
72
76
|
|
|
73
77
|
|
|
74
78
|
class ExternalResourcesSettingsQueryData(ConfiguredBaseModel):
|
reconcile/queries.py
CHANGED
|
@@ -102,6 +102,12 @@ APP_INTERFACE_SETTINGS_QUERY = """
|
|
|
102
102
|
readTimeout
|
|
103
103
|
connectTimeout
|
|
104
104
|
}
|
|
105
|
+
terraformResourcesProviderExclusionsByProvisioner {
|
|
106
|
+
provisioner {
|
|
107
|
+
name
|
|
108
|
+
}
|
|
109
|
+
excludedProviders
|
|
110
|
+
}
|
|
105
111
|
}
|
|
106
112
|
}
|
|
107
113
|
"""
|
|
@@ -2754,3 +2760,24 @@ JENKINS_CONFIGS = """
|
|
|
2754
2760
|
def get_jenkins_configs():
|
|
2755
2761
|
gqlapi = gql.get_api()
|
|
2756
2762
|
return gqlapi.query(JENKINS_CONFIGS)["jenkins_configs"]
|
|
2763
|
+
|
|
2764
|
+
|
|
2765
|
+
TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER = """
|
|
2766
|
+
{
|
|
2767
|
+
tf_provider_exclusions_by_provisioner: app_interface_settings_v1 {
|
|
2768
|
+
terraformResourcesProviderExclusionsByProvisioner {
|
|
2769
|
+
provisioner {
|
|
2770
|
+
name
|
|
2771
|
+
}
|
|
2772
|
+
excludedProviders
|
|
2773
|
+
}
|
|
2774
|
+
}
|
|
2775
|
+
}
|
|
2776
|
+
"""
|
|
2777
|
+
|
|
2778
|
+
|
|
2779
|
+
def get_tf_resources_provider_exclusions_by_provisioner():
|
|
2780
|
+
gqlapi = gql.get_api()
|
|
2781
|
+
return gqlapi.query(TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER)[
|
|
2782
|
+
"tf_provider_exclusions_by_provisioner"
|
|
2783
|
+
]
|
reconcile/terraform_resources.py
CHANGED
|
@@ -241,7 +241,7 @@ def setup(
|
|
|
241
241
|
vault_settings = get_app_interface_vault_settings()
|
|
242
242
|
secret_reader = create_secret_reader(use_vault=vault_settings.vault)
|
|
243
243
|
|
|
244
|
-
settings = queries.get_app_interface_settings()
|
|
244
|
+
settings = queries.get_app_interface_settings() or {}
|
|
245
245
|
# initialize terrascript (scripting engine to generate terraform manifests)
|
|
246
246
|
ts, working_dirs = init_working_dirs(accounts, thread_pool_size, settings=settings)
|
|
247
247
|
|
|
@@ -265,7 +265,15 @@ def setup(
|
|
|
265
265
|
else:
|
|
266
266
|
ocm_map = None
|
|
267
267
|
tf_namespaces_dicts = [ns.dict(by_alias=True) for ns in tf_namespaces]
|
|
268
|
-
|
|
268
|
+
|
|
269
|
+
provider_exclusions_by_provisioner = (
|
|
270
|
+
settings.get("terraformResourcesProviderExclusionsByProvisioner") or []
|
|
271
|
+
)
|
|
272
|
+
ts.init_populate_specs(
|
|
273
|
+
tf_namespaces_dicts,
|
|
274
|
+
account_names,
|
|
275
|
+
provider_exclusions_by_provisioner=provider_exclusions_by_provisioner,
|
|
276
|
+
)
|
|
269
277
|
tf.populate_terraform_output_secrets(
|
|
270
278
|
resource_specs=ts.resource_spec_inventory, init_rds_replica_source=True
|
|
271
279
|
)
|
|
@@ -1,9 +1,6 @@
|
|
|
1
1
|
import json
|
|
2
2
|
from collections import Counter
|
|
3
|
-
from collections.abc import
|
|
4
|
-
Mapping,
|
|
5
|
-
MutableMapping,
|
|
6
|
-
)
|
|
3
|
+
from collections.abc import Mapping, MutableMapping
|
|
7
4
|
from typing import Any
|
|
8
5
|
|
|
9
6
|
import anymarkup
|
|
@@ -25,7 +22,8 @@ PROVIDER_CLOUDFLARE = "cloudflare"
|
|
|
25
22
|
|
|
26
23
|
|
|
27
24
|
def get_external_resource_specs(
|
|
28
|
-
namespace_info: Mapping[str, Any],
|
|
25
|
+
namespace_info: Mapping[str, Any],
|
|
26
|
+
provision_provider: str | None = None,
|
|
29
27
|
) -> list[ExternalResourceSpec]:
|
|
30
28
|
specs: list[ExternalResourceSpec] = []
|
|
31
29
|
if not managed_external_resources(namespace_info):
|
|
@@ -34,8 +32,6 @@ def get_external_resource_specs(
|
|
|
34
32
|
external_resources = namespace_info.get("externalResources") or []
|
|
35
33
|
for e in external_resources:
|
|
36
34
|
for r in e.get("resources", []):
|
|
37
|
-
if r.get("managed_by_erv2"):
|
|
38
|
-
continue
|
|
39
35
|
spec = ExternalResourceSpec(
|
|
40
36
|
provision_provider=e["provider"],
|
|
41
37
|
provisioner=e["provisioner"],
|
|
@@ -8,11 +8,7 @@ import re
|
|
|
8
8
|
import string
|
|
9
9
|
import tempfile
|
|
10
10
|
from collections import Counter
|
|
11
|
-
from collections.abc import
|
|
12
|
-
Iterable,
|
|
13
|
-
Mapping,
|
|
14
|
-
MutableMapping,
|
|
15
|
-
)
|
|
11
|
+
from collections.abc import Iterable, Mapping, MutableMapping
|
|
16
12
|
from dataclasses import dataclass
|
|
17
13
|
from ipaddress import (
|
|
18
14
|
ip_address,
|
|
@@ -383,6 +379,16 @@ class ElasticSearchLogGroupInfo:
|
|
|
383
379
|
log_group_identifier: str
|
|
384
380
|
|
|
385
381
|
|
|
382
|
+
class ProviderExcludedError(Exception):
|
|
383
|
+
def __init__(self, spec: ExternalResourceSpec) -> None:
|
|
384
|
+
super().__init__(
|
|
385
|
+
self,
|
|
386
|
+
"The provider is not managed by terraform_resources in this provisioner. "
|
|
387
|
+
"Set the `managed_by_erv2: true` attribute in the external resource spec to fix it."
|
|
388
|
+
f"Provisioner: {spec.provisioner['name']}, Provider: {spec.provider}, Identifier: {spec.resource['identifier']}",
|
|
389
|
+
)
|
|
390
|
+
|
|
391
|
+
|
|
386
392
|
class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
387
393
|
"""
|
|
388
394
|
At a high-level, this class is responsible for generating Terraform configuration in
|
|
@@ -1537,10 +1543,38 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
1537
1543
|
for spec in specs:
|
|
1538
1544
|
self.populate_tf_resources(spec, ocm_map=ocm_map)
|
|
1539
1545
|
|
|
1546
|
+
def _get_provisioner_provider_exclusions(
|
|
1547
|
+
self,
|
|
1548
|
+
spec: ExternalResourceSpec,
|
|
1549
|
+
provider_exclusions_by_provisioner_name: Mapping[str, Iterable[str]],
|
|
1550
|
+
) -> list[str]:
|
|
1551
|
+
return list(
|
|
1552
|
+
provider_exclusions_by_provisioner_name.get(spec.provisioner["name"], [])
|
|
1553
|
+
)
|
|
1554
|
+
|
|
1555
|
+
def _filter_specs_managed_by_erv2(
|
|
1556
|
+
self,
|
|
1557
|
+
specs: Iterable[ExternalResourceSpec],
|
|
1558
|
+
provider_exclusions_by_provisioner_name: Mapping[str, Iterable[str]],
|
|
1559
|
+
) -> list[ExternalResourceSpec]:
|
|
1560
|
+
filtered_specs: list[ExternalResourceSpec] = []
|
|
1561
|
+
for spec in specs:
|
|
1562
|
+
if spec.resource.get("managed_by_erv2"):
|
|
1563
|
+
continue
|
|
1564
|
+
|
|
1565
|
+
if spec.provider in self._get_provisioner_provider_exclusions(
|
|
1566
|
+
spec, provider_exclusions_by_provisioner_name
|
|
1567
|
+
):
|
|
1568
|
+
raise ProviderExcludedError(spec)
|
|
1569
|
+
|
|
1570
|
+
filtered_specs.append(spec)
|
|
1571
|
+
return filtered_specs
|
|
1572
|
+
|
|
1540
1573
|
def init_populate_specs(
|
|
1541
1574
|
self,
|
|
1542
1575
|
namespaces: Iterable[Mapping[str, Any]],
|
|
1543
1576
|
account_names: Iterable[str] | None,
|
|
1577
|
+
provider_exclusions_by_provisioner: Iterable[Mapping[str, Any]] | None = None,
|
|
1544
1578
|
) -> None:
|
|
1545
1579
|
"""
|
|
1546
1580
|
Initiates resource specs from the definitions in app-interface
|
|
@@ -1551,9 +1585,24 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
1551
1585
|
self.account_resource_specs: dict[str, list[ExternalResourceSpec]] = {}
|
|
1552
1586
|
self.resource_spec_inventory: ExternalResourceSpecInventory = {}
|
|
1553
1587
|
|
|
1588
|
+
# Ensure provider exclusions are fetched
|
|
1589
|
+
if not provider_exclusions_by_provisioner:
|
|
1590
|
+
provider_exclusions_by_provisioner = (
|
|
1591
|
+
queries.get_tf_resources_provider_exclusions_by_provisioner() or []
|
|
1592
|
+
)
|
|
1593
|
+
|
|
1594
|
+
provider_exclusions_by_provisioner_name = {
|
|
1595
|
+
p["provisioner"]["name"]: p["excludedProviders"]
|
|
1596
|
+
for p in provider_exclusions_by_provisioner
|
|
1597
|
+
}
|
|
1598
|
+
|
|
1554
1599
|
for namespace_info in namespaces:
|
|
1555
|
-
|
|
1556
|
-
namespace_info,
|
|
1600
|
+
all_specs = get_external_resource_specs(
|
|
1601
|
+
namespace_info,
|
|
1602
|
+
provision_provider=PROVIDER_AWS,
|
|
1603
|
+
)
|
|
1604
|
+
specs = self._filter_specs_managed_by_erv2(
|
|
1605
|
+
all_specs, provider_exclusions_by_provisioner_name
|
|
1557
1606
|
)
|
|
1558
1607
|
name_counter = Counter(spec.output_resource_name for spec in specs)
|
|
1559
1608
|
duplicates = [name for name, count in name_counter.items() if count > 1]
|
tools/cli_commands/erv2.py
CHANGED
|
@@ -122,7 +122,7 @@ class Erv2Cli:
|
|
|
122
122
|
f.validate_external_resource(self._resource)
|
|
123
123
|
self._module_configuration = (
|
|
124
124
|
ExternalResourceModuleConfiguration.resolve_configuration(
|
|
125
|
-
m_inventory.get_from_spec(spec), spec
|
|
125
|
+
m_inventory.get_from_spec(spec), spec, self._er_settings
|
|
126
126
|
)
|
|
127
127
|
)
|
|
128
128
|
|
{qontract_reconcile-0.10.1rc1156.dist-info → qontract_reconcile-0.10.1rc1158.dist-info}/WHEEL
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|