qontract-reconcile 0.10.1rc1161__py3-none-any.whl → 0.10.1rc1162__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/METADATA +1 -1
- {qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/RECORD +8 -8
- reconcile/queries.py +14 -15
- reconcile/terraform_resources.py +2 -4
- reconcile/utils/terrascript_aws_client.py +40 -24
- {qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/WHEEL +0 -0
- {qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/entry_points.txt +0 -0
- {qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: qontract-reconcile
|
|
3
|
-
Version: 0.10.
|
|
3
|
+
Version: 0.10.1rc1162
|
|
4
4
|
Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
|
|
5
5
|
Home-page: https://github.com/app-sre/qontract-reconcile
|
|
6
6
|
Author: Red Hat App-SRE Team
|
{qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/RECORD
RENAMED
|
@@ -94,7 +94,7 @@ reconcile/quay_mirror.py,sha256=mFp4Z5Nwl-DcFbbsJBOB8f9ldohFT-V67o868d5ux1s,1536
|
|
|
94
94
|
reconcile/quay_mirror_org.py,sha256=utrJpJaKCs7U6WX6DODdfCeB0EmX-lUC8Y5fkmpgFSs,10764
|
|
95
95
|
reconcile/quay_permissions.py,sha256=9KOutS1w4RFQqkvMSy54VtsKNx56-phzP6yI_rEW-B8,4244
|
|
96
96
|
reconcile/quay_repos.py,sha256=cuEYG0HUe0ut5yvLdEwOF5-CmccpXQHRb_wDazvDrvQ,6895
|
|
97
|
-
reconcile/queries.py,sha256=
|
|
97
|
+
reconcile/queries.py,sha256=Iss6BEcK6ptz1JUfyw-sewaUX_vJmcvAqvvYa4D6p-U,51455
|
|
98
98
|
reconcile/query_validator.py,sha256=MSh5pKLBksws4AqfuvT8nrIGucIbqX-IOzYyPYTLO7k,1491
|
|
99
99
|
reconcile/requests_sender.py,sha256=914iluuF4UVgG3VyxxtnHOu4yf6YKS2fIy6PViSsFTQ,3875
|
|
100
100
|
reconcile/resource_scraper.py,sha256=znXCHrU7YwPfKuxGBiUrV7T1tYtn4vlz9qmZlfy6Flg,2307
|
|
@@ -113,7 +113,7 @@ reconcile/terraform_cloudflare_dns.py,sha256=-aLEe2QnH5cJPu7HWqs-R9NmQ1NlFbcVUm0
|
|
|
113
113
|
reconcile/terraform_cloudflare_resources.py,sha256=pq8Ieo5NmB-dYQ9X2F0s6iEoINMzhiqGw2yQK4ovok4,14980
|
|
114
114
|
reconcile/terraform_cloudflare_users.py,sha256=iyTG5sj20Jg4J4qWJ144KVptfIHGOSfH8wQKxu0imq0,13942
|
|
115
115
|
reconcile/terraform_repo.py,sha256=TKqlodhQGoAtQ6nDm04TNlpx4wpgJ_n4atoUK5Rfd7o,16444
|
|
116
|
-
reconcile/terraform_resources.py,sha256=
|
|
116
|
+
reconcile/terraform_resources.py,sha256=iufjMJs_aSEvmh7Cg11beCxKmV8nrOLOpEtiTryPNx0,19470
|
|
117
117
|
reconcile/terraform_tgw_attachments.py,sha256=09svJG9pAiwWp4aY0xRoQRV90T4ZNwHG3r8flI-ZS_s,18810
|
|
118
118
|
reconcile/terraform_users.py,sha256=HqSm3ev3b8dZ9J6F_phDZB-FQsnlsdeKp9RPoY1cU94,10188
|
|
119
119
|
reconcile/terraform_vpc_peerings.py,sha256=VLSfuO7FvHN5McopRiKoKJDHCmIhYtlJEHv_hxV5kcM,27669
|
|
@@ -727,7 +727,7 @@ reconcile/utils/state.py,sha256=W0_awkLAPX18hNOF_60o73tkPxDUylqbzYNHfl_sDsk,1638
|
|
|
727
727
|
reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
|
|
728
728
|
reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
|
|
729
729
|
reconcile/utils/terraform_client.py,sha256=LjX2U2E0Dglt2S_KA5jWQ_dVC8sPn4FEAh0xW_d6JTk,35953
|
|
730
|
-
reconcile/utils/terrascript_aws_client.py,sha256=
|
|
730
|
+
reconcile/utils/terrascript_aws_client.py,sha256=svDSrtrSzQAX9QTgR_i5FBipZd82AdyFhiaxwXpXHMU,283768
|
|
731
731
|
reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
|
|
732
732
|
reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
|
|
733
733
|
reconcile/utils/vault.py,sha256=pi0PuyopvCq1gW0cldvy1-Ff6bqLUlCKC2MW0sifvSE,15043
|
|
@@ -880,8 +880,8 @@ tools/test/test_qontract_cli.py,sha256=iuzKbQ6ahinvjoQmQLBrG4shey0z-1rB6qCgS8T6d
|
|
|
880
880
|
tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
|
|
881
881
|
tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
|
|
882
882
|
tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
|
|
883
|
-
qontract_reconcile-0.10.
|
|
884
|
-
qontract_reconcile-0.10.
|
|
885
|
-
qontract_reconcile-0.10.
|
|
886
|
-
qontract_reconcile-0.10.
|
|
887
|
-
qontract_reconcile-0.10.
|
|
883
|
+
qontract_reconcile-0.10.1rc1162.dist-info/METADATA,sha256=1uCFcuPzE35hUScMQgon77TW9lcpG6Ii7XKsOzDK06Y,2213
|
|
884
|
+
qontract_reconcile-0.10.1rc1162.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
|
|
885
|
+
qontract_reconcile-0.10.1rc1162.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
|
|
886
|
+
qontract_reconcile-0.10.1rc1162.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
|
|
887
|
+
qontract_reconcile-0.10.1rc1162.dist-info/RECORD,,
|
reconcile/queries.py
CHANGED
|
@@ -102,11 +102,12 @@ APP_INTERFACE_SETTINGS_QUERY = """
|
|
|
102
102
|
readTimeout
|
|
103
103
|
connectTimeout
|
|
104
104
|
}
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
105
|
+
terraformResourcesProviderExclusions {
|
|
106
|
+
provider
|
|
107
|
+
excludeProvisioners {
|
|
108
|
+
name
|
|
108
109
|
}
|
|
109
|
-
|
|
110
|
+
excludeAllProvisioners
|
|
110
111
|
}
|
|
111
112
|
}
|
|
112
113
|
}
|
|
@@ -2764,12 +2765,13 @@ def get_jenkins_configs():
|
|
|
2764
2765
|
|
|
2765
2766
|
TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER = """
|
|
2766
2767
|
{
|
|
2767
|
-
|
|
2768
|
-
|
|
2769
|
-
|
|
2770
|
-
|
|
2768
|
+
tf_provider_exclusions: app_interface_settings_v1 {
|
|
2769
|
+
terraformResourcesProviderExclusions {
|
|
2770
|
+
provider
|
|
2771
|
+
excludeProvisioners {
|
|
2772
|
+
name
|
|
2771
2773
|
}
|
|
2772
|
-
|
|
2774
|
+
excludeAllProvisioners
|
|
2773
2775
|
}
|
|
2774
2776
|
}
|
|
2775
2777
|
}
|
|
@@ -2781,13 +2783,10 @@ def get_tf_resources_provider_exclusions_by_provisioner() -> (
|
|
|
2781
2783
|
):
|
|
2782
2784
|
gqlapi = gql.get_api()
|
|
2783
2785
|
settings = gqlapi.query(TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER)[
|
|
2784
|
-
"
|
|
2786
|
+
"tf_provider_exclusions"
|
|
2785
2787
|
]
|
|
2786
|
-
if (
|
|
2787
|
-
|
|
2788
|
-
and "terraformResourcesProviderExclusionsByProvisioner" in settings[0]
|
|
2789
|
-
):
|
|
2790
|
-
return settings[0]["terraformResourcesProviderExclusionsByProvisioner"]
|
|
2788
|
+
if len(settings) == 1 and "terraformResourcesProviderExclusions" in settings[0]:
|
|
2789
|
+
return settings[0]["terraformResourcesProviderExclusions"]
|
|
2791
2790
|
return None
|
|
2792
2791
|
|
|
2793
2792
|
|
reconcile/terraform_resources.py
CHANGED
|
@@ -266,13 +266,11 @@ def setup(
|
|
|
266
266
|
ocm_map = None
|
|
267
267
|
tf_namespaces_dicts = [ns.dict(by_alias=True) for ns in tf_namespaces]
|
|
268
268
|
|
|
269
|
-
|
|
270
|
-
settings.get("terraformResourcesProviderExclusionsByProvisioner") or []
|
|
271
|
-
)
|
|
269
|
+
provider_exclusions = settings.get("terraformResourcesProviderExclusions") or []
|
|
272
270
|
ts.init_populate_specs(
|
|
273
271
|
tf_namespaces_dicts,
|
|
274
272
|
account_names,
|
|
275
|
-
|
|
273
|
+
provider_exclusions,
|
|
276
274
|
)
|
|
277
275
|
tf.populate_terraform_output_secrets(
|
|
278
276
|
resource_specs=ts.resource_spec_inventory, init_rds_replica_source=True
|
|
@@ -9,7 +9,7 @@ import string
|
|
|
9
9
|
import tempfile
|
|
10
10
|
from collections import Counter
|
|
11
11
|
from collections.abc import Iterable, Mapping, MutableMapping
|
|
12
|
-
from dataclasses import dataclass
|
|
12
|
+
from dataclasses import dataclass, field
|
|
13
13
|
from ipaddress import (
|
|
14
14
|
ip_address,
|
|
15
15
|
ip_network,
|
|
@@ -379,6 +379,12 @@ class ElasticSearchLogGroupInfo:
|
|
|
379
379
|
log_group_identifier: str
|
|
380
380
|
|
|
381
381
|
|
|
382
|
+
@dataclass
|
|
383
|
+
class Exclusion:
|
|
384
|
+
all: bool = False
|
|
385
|
+
provisioners: set[str] = field(default_factory=set)
|
|
386
|
+
|
|
387
|
+
|
|
382
388
|
class ProviderExcludedError(Exception):
|
|
383
389
|
def __init__(self, spec: ExternalResourceSpec) -> None:
|
|
384
390
|
super().__init__(
|
|
@@ -1543,38 +1549,49 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
1543
1549
|
for spec in specs:
|
|
1544
1550
|
self.populate_tf_resources(spec, ocm_map=ocm_map)
|
|
1545
1551
|
|
|
1546
|
-
def
|
|
1552
|
+
def _is_provisioner_excluded(
|
|
1547
1553
|
self,
|
|
1548
1554
|
spec: ExternalResourceSpec,
|
|
1549
|
-
|
|
1550
|
-
) ->
|
|
1551
|
-
|
|
1552
|
-
|
|
1553
|
-
|
|
1555
|
+
provider_exclusions: Mapping[str, Exclusion],
|
|
1556
|
+
) -> bool:
|
|
1557
|
+
e = provider_exclusions.get(spec.provider)
|
|
1558
|
+
if not e:
|
|
1559
|
+
return False
|
|
1560
|
+
return e.all or spec.provisioner_name in e.provisioners
|
|
1554
1561
|
|
|
1555
1562
|
def _filter_specs_managed_by_erv2(
|
|
1556
1563
|
self,
|
|
1557
1564
|
specs: Iterable[ExternalResourceSpec],
|
|
1558
|
-
|
|
1565
|
+
provider_exclusions: Mapping[str, Exclusion],
|
|
1559
1566
|
) -> list[ExternalResourceSpec]:
|
|
1560
|
-
filtered_specs
|
|
1561
|
-
|
|
1562
|
-
|
|
1563
|
-
continue
|
|
1567
|
+
filtered_specs = [
|
|
1568
|
+
spec for spec in specs if not spec.resource.get("managed_by_erv2")
|
|
1569
|
+
]
|
|
1564
1570
|
|
|
1565
|
-
|
|
1566
|
-
|
|
1567
|
-
):
|
|
1571
|
+
for spec in filtered_specs:
|
|
1572
|
+
if self._is_provisioner_excluded(spec, provider_exclusions):
|
|
1568
1573
|
raise ProviderExcludedError(spec)
|
|
1569
1574
|
|
|
1570
|
-
filtered_specs.append(spec)
|
|
1571
1575
|
return filtered_specs
|
|
1572
1576
|
|
|
1577
|
+
def _get_provider_exclusions_query_dict(
|
|
1578
|
+
self, provider_exclusions: Iterable[Mapping[str, Any]]
|
|
1579
|
+
) -> dict[str, Exclusion]:
|
|
1580
|
+
return {
|
|
1581
|
+
item["provider"]: Exclusion(
|
|
1582
|
+
all=item.get("excludeAllProvisioners") or False,
|
|
1583
|
+
provisioners={
|
|
1584
|
+
p["name"] for p in (item.get("excludeProvisioners") or [])
|
|
1585
|
+
},
|
|
1586
|
+
)
|
|
1587
|
+
for item in provider_exclusions
|
|
1588
|
+
}
|
|
1589
|
+
|
|
1573
1590
|
def init_populate_specs(
|
|
1574
1591
|
self,
|
|
1575
1592
|
namespaces: Iterable[Mapping[str, Any]],
|
|
1576
1593
|
account_names: Iterable[str] | None,
|
|
1577
|
-
|
|
1594
|
+
provider_exclusions: Iterable[Mapping[str, Any]] | None = None,
|
|
1578
1595
|
) -> None:
|
|
1579
1596
|
"""
|
|
1580
1597
|
Initiates resource specs from the definitions in app-interface
|
|
@@ -1586,15 +1603,14 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
1586
1603
|
self.resource_spec_inventory: ExternalResourceSpecInventory = {}
|
|
1587
1604
|
|
|
1588
1605
|
# Ensure provider exclusions are fetched
|
|
1589
|
-
if
|
|
1590
|
-
|
|
1606
|
+
if provider_exclusions is None:
|
|
1607
|
+
provider_exclusions = (
|
|
1591
1608
|
queries.get_tf_resources_provider_exclusions_by_provisioner() or []
|
|
1592
1609
|
)
|
|
1593
1610
|
|
|
1594
|
-
|
|
1595
|
-
|
|
1596
|
-
|
|
1597
|
-
}
|
|
1611
|
+
provider_exclusions_query_dict = self._get_provider_exclusions_query_dict(
|
|
1612
|
+
provider_exclusions
|
|
1613
|
+
)
|
|
1598
1614
|
|
|
1599
1615
|
for namespace_info in namespaces:
|
|
1600
1616
|
all_specs = get_external_resource_specs(
|
|
@@ -1602,7 +1618,7 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
1602
1618
|
provision_provider=PROVIDER_AWS,
|
|
1603
1619
|
)
|
|
1604
1620
|
specs = self._filter_specs_managed_by_erv2(
|
|
1605
|
-
all_specs,
|
|
1621
|
+
all_specs, provider_exclusions_query_dict
|
|
1606
1622
|
)
|
|
1607
1623
|
name_counter = Counter(spec.output_resource_name for spec in specs)
|
|
1608
1624
|
duplicates = [name for name, count in name_counter.items() if count > 1]
|
{qontract_reconcile-0.10.1rc1161.dist-info → qontract_reconcile-0.10.1rc1162.dist-info}/WHEEL
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|