PyPI - qontract-reconcile - Versions diffs - 0.10.1rc1180__py3-none-any.whl → 0.10.1rc1182__py3-none-any.whl - Mend

qontract-reconcile 0.10.1rc1180py3-none-any.whl → 0.10.1rc1182py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

{qontract_reconcile-0.10.1rc1180.dist-info → qontract_reconcile-0.10.1rc1182.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc1180
+Version: 0.10.1rc1182
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc1180.dist-info → qontract_reconcile-0.10.1rc1182.dist-info}/RECORD RENAMED Viewed

@@ -32,7 +32,7 @@ reconcile/github_validator.py,sha256=cVTVxJIGR4a1Jz8wrdXEAb_CMpXUzvykVmUURX4cook
 reconcile/gitlab_fork_compliance.py,sha256=c7UfqSAsW04c1bWJmXXaQDwtUcG4Kb6nCJAyRU2uAuw,4449
 reconcile/gitlab_housekeeping.py,sha256=D0DOqC-xuMBMct04_MI8Lq32OAi_QMvvGLOz_E-77Dw,22482
 reconcile/gitlab_labeler.py,sha256=4xJHmVX155fclrHqkR926sL1GH6RTN5XfZ8PnqNXbRA,4534
-reconcile/gitlab_members.py,sha256=PrJE9OhDRdGG_gHM_77nQojLb4B18jtUu8DxgLsRS88,8417
+reconcile/gitlab_members.py,sha256=MUIgYDLeJx2-_vMypyq2Pa17cpKdXATYhtVACS2ghpQ,8297
 reconcile/gitlab_mr_sqs_consumer.py,sha256=O46mdziPgGOndbU-0_UJKJVUaiEoVzJPEgKm4_UvYoI,2571
 reconcile/gitlab_owners.py,sha256=sn9njaKOtqcvnhi2qtm-faAfAR4zNqflbSuusA9RUuI,13456
 reconcile/gitlab_permissions.py,sha256=6ZBPnQci4-1LVJBvaUS-c0QwIJjITNKVflCeH-Y5Lbk,7507
@@ -520,7 +520,7 @@ reconcile/test/test_github_org.py,sha256=aGWeMhkz1fjogvaAQGjemSKR201L5gEZZOe0iMQ
 reconcile/test/test_github_repo_invites.py,sha256=WrPn5ROAoJYK0ihzlZcFR0V9Pu2HcMs13I6nazf7hq4,3307
 reconcile/test/test_gitlab_housekeeping.py,sha256=ScD9Tgf9OOgGfAFfTy6Kn2222l2wH_A3gMRKdpvoWe0,10053
 reconcile/test/test_gitlab_labeler.py,sha256=PmYXiU2g0_O5OTdMGPzdeqBAfat92U9bhjjfeyiGSmQ,4336
-reconcile/test/test_gitlab_members.py,sha256=yjfQRUFG_F0kLYegax4_ec5VIBAnCPrvAgqMcN1GXzc,9985
+reconcile/test/test_gitlab_members.py,sha256=bupl1dsLor-913LGYCuRtJMKqDsXo_d_2nbtDe6B1Us,7016
 reconcile/test/test_gitlab_permissions.py,sha256=aMf5SUeVp-aQ1bWGQPQLYa85auzRlyfZVTWqyybJ6mo,5850
 reconcile/test/test_instrumented_wrappers.py,sha256=CZzhnQH0c4i7-Rxjg7-0dfFMvVPegLHL46z5NHOOCwo,608
 reconcile/test/test_integrations_manager.py,sha256=xpyQAVz57wAbovrcQzAeuyq8VzdItUyW2d2kp1WW_5c,38184
@@ -678,7 +678,7 @@ reconcile/utils/external_resources.py,sha256=y7Wz32cOAmCsUhQ6T-1N6lktnLikGkaHQ0S
 reconcile/utils/filtering.py,sha256=S4PbMHuFr3ED0P2Q_ea5CAaB7FimI62B-F5YTaKrphA,402
 reconcile/utils/git.py,sha256=wzVIYAeKlMGW538U1mkJWUI6h_mFRUY4lawh2AR8hw4,2345
 reconcile/utils/github_api.py,sha256=R8OvqyPdnRqvP-Efnv9RvIcbBlb4M0KC4RlbnJMD0Tg,2426
-reconcile/utils/gitlab_api.py,sha256=C1nsHQKKybsmFdaG9vsItBjJm69ym4VWbqbKfAEf7oY,29305
+reconcile/utils/gitlab_api.py,sha256=ar3D1gaPGm71ecQReMvbMbBzCa8TRs3Pn1ZZJP_lwSw,28453
 reconcile/utils/gpg.py,sha256=EKG7_fdMv8BMlV5yUdPiqoTx-KrzmVSEAl2sLkaKwWI,1123
 reconcile/utils/gql.py,sha256=C0thIm_k9MBldfqwHzyqtYZk9sIvMdm9IbbnXLGwjD8,14158
 reconcile/utils/grouping.py,sha256=vr9SFHZ7bqmHYrvYcEZt-Er3-yQYfAAdq5sHLZVmXPY,456
@@ -838,10 +838,11 @@ tools/app_interface_metrics_exporter.py,sha256=zkwkxdAUAxjdc-pzx2_oJXG25fo0Fnyd5
 tools/app_interface_reporter.py,sha256=oZPib4HPq0aZ2Zui1QGJGk6qQdfpeihujGDBnSdKyGE,17627
 tools/glitchtip_access_reporter.py,sha256=oPBnk_YoDuljU3v0FaChzOwwnk4vap1xEE67QEjzdqs,2948
 tools/glitchtip_access_revalidation.py,sha256=8kbBJk04mkq28kWoRDDkfCGIF3GRg3pJrFAh1sW0dbk,2821
-tools/qontract_cli.py,sha256=YMOYkmP9WZFMX8wPxoJZ5ddstK3YyXMMx6ReXnCiH0w,140707
+tools/qontract_cli.py,sha256=KfmjfaCuyd8F68oY1hHd2tEf0PY0kLd6t8sWqR81nmc,142498
 tools/sd_app_sre_alert_report.py,sha256=e9vAdyenUz2f5c8-z-5WY0wv-SJ9aePKDH2r4IwB6pc,5063
 tools/template_validation.py,sha256=qpKYaTgk0GOPGa2Ct5_5sKdwIHtCAKIBGzsMPuJU5fw,3371
 tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tools/cli_commands/container_images_report.py,sha256=PCJIzvUqiYmTdn5xJFcxHocCYp6dprrsJ_lkYdl3ET8,4417
 tools/cli_commands/erv2.py,sha256=469qdhyaf7thpPQ4hJSurvmxBqYDJsoI8H4AigQIF7U,20737
 tools/cli_commands/gpg_encrypt.py,sha256=x02JOMn834z89YSNvr5B-oJky7rR1C0begCkPh45eHk,4958
 tools/cli_commands/systems_and_tools.py,sha256=EMHOF1AtUDaoSk0bbjl6oUKYAz4rTZjIBaF-6E6GspM,16816
@@ -876,12 +877,13 @@ tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/conftest.py,sha256=CsDbu4otrxb7X7kXKKGyV3ZEzu3pCkgjCoCGiHNx6zc,2401
 tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvftCWEEf-g1mfXOtgCog-g,1271
 tools/test/test_erv2.py,sha256=EAS7QuJkHisRVO9bMGxm662L5B6i66wF_mT9PAjVzrU,3128
+tools/test/test_get_container_images.py,sha256=L2XzfmYAd6WZ17UXNnr8Z4iwoGcCvQ0vN6gxAZ7gEws,6097
 tools/test/test_qontract_cli.py,sha256=iuzKbQ6ahinvjoQmQLBrG4shey0z-1rB6qCgS8T6dgU,5789
 tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc1180.dist-info/METADATA,sha256=5FtpxYHIFj662mfS5_AXkrDYRFw4uWWBGxXElRlLS24,2213
-qontract_reconcile-0.10.1rc1180.dist-info/WHEEL,sha256=bFJAMchF8aTQGUgMZzHJyDDMPTO3ToJ7x23SLJa1SVo,92
-qontract_reconcile-0.10.1rc1180.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc1180.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc1180.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc1182.dist-info/METADATA,sha256=gdReu60z2THXeO2P__JA2nYHErSt6uI8EoVgnxsl5ro,2213
+qontract_reconcile-0.10.1rc1182.dist-info/WHEEL,sha256=bFJAMchF8aTQGUgMZzHJyDDMPTO3ToJ7x23SLJa1SVo,92
+qontract_reconcile-0.10.1rc1182.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc1182.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc1182.dist-info/RECORD,,

reconcile/gitlab_members.py CHANGED Viewed

@@ -1,8 +1,11 @@
-import enum
 import logging
 from collections.abc import Callable
 from typing import Any
+from gitlab.v4.objects import (
+    Group,
+    GroupMember,
+)
 from pydantic import BaseModel
 from reconcile import queries
@@ -23,6 +26,7 @@ from reconcile.gql_definitions.gitlab_members.permissions import (
 )
 from reconcile.utils import gql
 from reconcile.utils.defer import defer
+from reconcile.utils.differ import diff_mappings
 from reconcile.utils.exceptions import AppInterfaceSettingsError
 from reconcile.utils.gitlab_api import GitLabApi
 from reconcile.utils.pagerduty_api import (
@@ -37,50 +41,51 @@ QONTRACT_INTEGRATION = "gitlab-members"
 class GitlabUser(BaseModel):
     user: str
-    access_level: str
+    access_level: int
-State = dict[str, list[GitlabUser]]
+class CurrentStateSpec(BaseModel):
+    members: dict[str, GroupMember]
+    class Config:
+        arbitrary_types_allowed = True
-class Action(enum.Enum):
-    add_user_to_group = enum.auto()
-    remove_user_from_group = enum.auto()
-    change_access = enum.auto()
+class DesiredStateSpec(BaseModel):
+    members: dict[str, GitlabUser]
+    class Config:
+        arbitrary_types_allowed = True
-class Diff(BaseModel):
-    action: Action
-    group: str
-    user: str
-    access_level: str
+CurrentState = dict[str, CurrentStateSpec]
+DesiredState = dict[str, DesiredStateSpec]
-def get_current_state(instance: GitlabInstanceV1, gl: GitLabApi) -> State:
+def get_current_state(
+    instance: GitlabInstanceV1, gl: GitLabApi, gitlab_groups_map: dict[str, Group]
+) -> CurrentState:
     """Get current gitlab group members for all managed groups."""
     return {
-        g: [
-            GitlabUser(user=u["user"], access_level=u["access_level"])
-            for u in gl.get_group_members(g)
-        ]
+        g: CurrentStateSpec(
+            members={
+                u.username: u for u in gl.get_group_members(gitlab_groups_map.get(g))
+            },
+        )
         for g in instance.managed_groups
     }
 def add_or_update_user(
-    group_members: State, group_name: str, gitlab_user: GitlabUser
+    desired_state_spec: DesiredStateSpec, gitlab_user: GitlabUser
 ) -> None:
-    existing_users = [
-        gu for gu in group_members[group_name] if gu.user == gitlab_user.user
-    ]
-    if not existing_users:
-        group_members[group_name].append(gitlab_user)
+    existing_user = desired_state_spec.members.get(gitlab_user.user)
+    if not existing_user:
+        desired_state_spec.members[gitlab_user.user] = gitlab_user
     else:
-        existing_user = existing_users[0]
-        if GitLabApi.get_access_level(
-            existing_user.access_level
-        ) < GitLabApi.get_access_level(gitlab_user.access_level):
-            existing_user.access_level = gitlab_user.access_level
+        existing_user.access_level = max(
+            existing_user.access_level, gitlab_user.access_level
+        )
 def get_desired_state(
@@ -88,95 +93,41 @@ def get_desired_state(
     pagerduty_map: PagerDutyMap,
     permissions: list[PermissionGitlabGroupMembershipV1],
     all_users: list[User],
-) -> State:
+) -> DesiredState:
     """Fetch all desired gitlab users from app-interface."""
-    desired_group_members: State = {g: [] for g in instance.managed_groups}
-    for g in desired_group_members:
-        for p in permissions:
-            if p.group == g:
-                for r in p.roles or []:
-                    for u in (r.users or []) + (r.bots or []):
-                        gu = GitlabUser(user=u.org_username, access_level=p.access)
-                        add_or_update_user(desired_group_members, g, gu)
-                if p.pagerduty:
-                    usernames_from_pagerduty = get_usernames_from_pagerduty(
-                        p.pagerduty,
-                        all_users,
-                        g,
-                        pagerduty_map,
-                        get_username_method=lambda u: u.org_username,
-                    )
-                    for u in usernames_from_pagerduty:
-                        gu = GitlabUser(user=u, access_level=p.access)
-                        add_or_update_user(desired_group_members, g, gu)
+    desired_group_members: DesiredState = {
+        g: build_desired_state_spec(g, permissions, pagerduty_map, all_users)
+        for g in instance.managed_groups
+    }
     return desired_group_members
-def calculate_diff(current_state: State, desired_state: State) -> list[Diff]:
-    """Compare current and desired state and return all differences."""
-    diff: list[Diff] = []
-    diff += subtract_states(desired_state, current_state, Action.add_user_to_group)
-    diff += subtract_states(current_state, desired_state, Action.remove_user_from_group)
-    diff += check_access(current_state, desired_state)
-    return diff
-def subtract_states(
-    from_state: State, subtract_state: State, action: Action
-) -> list[Diff]:
-    """Return diff objects for items in from_state but not in subtract_state."""
-    result = []
-    for f_group, f_users in from_state.items():
-        s_group = subtract_state[f_group]
-        for f_user in f_users:
-            found = False
-            for s_user in s_group:
-                if f_user.user != s_user.user:
-                    continue
-                found = True
-                break
-            if not found:
-                result.append(
-                    Diff(
-                        action=action,
-                        group=f_group,
-                        user=f_user.user,
-                        access_level=f_user.access_level,
-                    )
+def build_desired_state_spec(
+    group_name: str,
+    permissions: list[PermissionGitlabGroupMembershipV1],
+    pagerduty_map: PagerDutyMap,
+    all_users: list[User],
+) -> DesiredStateSpec:
+    desired_state_spec = DesiredStateSpec(members={})
+    for p in permissions:
+        if p.group == group_name:
+            p_access_level = GitLabApi.get_access_level(p.access)
+            for r in p.roles or []:
+                for u in (r.users or []) + (r.bots or []):
+                    gu = GitlabUser(user=u.org_username, access_level=p_access_level)
+                    add_or_update_user(desired_state_spec, gu)
+            if p.pagerduty:
+                usernames_from_pagerduty = get_usernames_from_pagerduty(
+                    p.pagerduty,
+                    all_users,
+                    group_name,
+                    pagerduty_map,
+                    get_username_method=lambda u: u.org_username,
                 )
-    return result
-def check_access(current_state: State, desired_state: State) -> list[Diff]:
-    """Return diff objects for item where access level is different."""
-    result = []
-    for d_group, d_users in desired_state.items():
-        c_group = current_state[d_group]
-        for d_user in d_users:
-            for c_user in c_group:
-                if d_user.user == c_user.user:
-                    if d_user.access_level != c_user.access_level:
-                        result.append(
-                            Diff(
-                                action=Action.change_access,
-                                group=d_group,
-                                user=c_user.user,
-                                access_level=d_user.access_level,
-                            )
-                        )
-                    break
-    return result
-def act(diff: Diff, gl: GitLabApi) -> None:
-    """Apply a diff object."""
-    if diff.action == Action.remove_user_from_group:
-        gl.remove_group_member(diff.group, diff.user)
-    if diff.action == Action.add_user_to_group:
-        gl.add_group_member(diff.group, diff.user, diff.access_level)
-    if diff.action == Action.change_access:
-        gl.change_access(diff.group, diff.user, diff.access_level)
+                for u in usernames_from_pagerduty:
+                    gu = GitlabUser(user=u, access_level=p_access_level)
+                    add_or_update_user(desired_state_spec, gu)
+    return desired_state_spec
 def get_permissions(query_func: Callable) -> list[PermissionGitlabGroupMembershipV1]:
@@ -197,6 +148,11 @@ def get_gitlab_instance(query_func: Callable) -> GitlabInstanceV1:
     raise AppInterfaceSettingsError("No gitlab instance found!")
+def get_managed_groups_map(group_names: list[str], gl: GitLabApi) -> dict[str, Group]:
+    gitlab_groups = {group_name: gl.get_group(group_name) for group_name in group_names}
+    return gitlab_groups
 @defer
 def run(
     dry_run: bool,
@@ -228,17 +184,58 @@ def run(
     pagerduty_map = get_pagerduty_map(
         secret_reader, pagerduty_instances=pagerduty_instances
     )
-    # act
-    current_state = get_current_state(instance, gl)
+    managed_groups_map = get_managed_groups_map(instance.managed_groups, gl)
+    current_state = get_current_state(instance, gl, managed_groups_map)
     desired_state = get_desired_state(instance, pagerduty_map, permissions, all_users)
-    diffs = calculate_diff(current_state, desired_state)
-    for diff in diffs:
-        logging.info(diff)
-        if not dry_run:
-            act(diff, gl)
+    for group_name in instance.managed_groups:
+        reconcile_gitlab_members(
+            current_state_spec=current_state.get(group_name),
+            desired_state_spec=desired_state.get(group_name),
+            group=managed_groups_map.get(group_name),
+            gl=gl,
+            dry_run=dry_run,
+        )
+def reconcile_gitlab_members(
+    current_state_spec: CurrentStateSpec | None,
+    desired_state_spec: DesiredStateSpec | None,
+    group: Group | None,
+    gl: GitLabApi,
+    dry_run: bool,
+) -> None:
+    if current_state_spec and desired_state_spec and group:
+        diff_data = diff_mappings(
+            current=current_state_spec.members,
+            desired=desired_state_spec.members,
+            equal=lambda current, desired: current.access_level == desired.access_level,
+        )
+        for key, gitlab_user in diff_data.add.items():
+            logging.info([
+                key,
+                "add_user_to_group",
+                group.name,
+                gl.get_access_level_string(gitlab_user.access_level),
+            ])
+            if not dry_run:
+                gl.add_group_member(group, gitlab_user)
+        for key, group_member in diff_data.delete.items():
+            logging.info([
+                key,
+                "remove_user_from_group",
+                group.name,
+            ])
+            if not dry_run:
+                gl.remove_group_member(group, group_member.id)
+        for key, diff_pair in diff_data.change.items():
+            logging.info([
+                key,
+                "change_access",
+                group.name,
+                gl.get_access_level_string(diff_pair.desired.access_level),
+            ])
+            if not dry_run:
+                gl.change_access(diff_pair.current, diff_pair.desired.access_level)
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:

reconcile/test/test_gitlab_members.py CHANGED Viewed

@@ -1,15 +1,20 @@
-import copy
 from typing import Any
+from unittest.mock import create_autospec
 import pytest
+from gitlab.v4.objects import (
+    Group,
+    GroupMember,
+)
 from pytest_mock import MockerFixture
 from reconcile import gitlab_members
 from reconcile.gitlab_members import (
-    Action,
-    Diff,
+    CurrentState,
+    CurrentStateSpec,
+    DesiredState,
+    DesiredStateSpec,
     GitlabUser,
-    State,
     add_or_update_user,
     get_permissions,
 )
@@ -37,16 +42,41 @@ def instance(vault_secret: VaultSecret) -> GitlabInstanceV1:
 @pytest.fixture()
-def state() -> State:
+def gitlab_groups_map() -> dict[str, Group]:
+    group1 = create_autospec(Group, name="group1", id="123")
+    group1.name = "group1"
+    group2 = create_autospec(Group, name="group2", id="124")
+    group2.name = "group2"
     return {
-        "group1": [
-            GitlabUser(access_level="developer", user="user1"),
-            GitlabUser(access_level="maintainer", user="user2"),
-        ],
-        "group2": [
-            GitlabUser(access_level="developer", user="user3"),
-            GitlabUser(access_level="maintainer", user="user4"),
-        ],
+        "group1": group1,
+        "group2": group2,
+    }
+@pytest.fixture()
+def all_users() -> list[GroupMember]:
+    user1 = create_autospec(GroupMember, username="user1", id="123", access_level=30)
+    user2 = create_autospec(GroupMember, username="user2", id="124", access_level=40)
+    user3 = create_autospec(GroupMember, username="user3", id="125", access_level=30)
+    user4 = create_autospec(GroupMember, username="user4", id="126", access_level=40)
+    return [user1, user2, user3, user4]
+@pytest.fixture()
+def current_state(all_users: list[GroupMember]) -> CurrentState:
+    return {
+        "group1": CurrentStateSpec(
+            members={
+                "user1": all_users[0],
+                "user2": all_users[1],
+            },
+        ),
+        "group2": CurrentStateSpec(
+            members={
+                "user3": all_users[2],
+                "user4": all_users[3],
+            },
+        ),
     }
@@ -72,20 +102,27 @@ def user() -> User:
 def test_gitlab_members_get_current_state(
-    mocker: MockerFixture, instance: GitlabInstanceV1, state: State
+    mocker: MockerFixture,
+    instance: GitlabInstanceV1,
+    current_state: CurrentState,
+    gitlab_groups_map: dict[str, Group],
+    all_users: list[GroupMember],
 ) -> None:
     gl_mock = mocker.create_autospec(GitLabApi)
     gl_mock.get_group_members.side_effect = [
         [
-            {"user": "user1", "access_level": "developer"},
-            {"user": "user2", "access_level": "maintainer"},
+            all_users[0],
+            all_users[1],
         ],
         [
-            {"user": "user3", "access_level": "developer"},
-            {"user": "user4", "access_level": "maintainer"},
+            all_users[2],
+            all_users[3],
         ],
     ]
-    assert gitlab_members.get_current_state(instance, gl_mock) == state
+    assert (
+        gitlab_members.get_current_state(instance, gl_mock, gitlab_groups_map)
+        == current_state
+    )
 def test_gitlab_members_get_desired_state(
@@ -103,210 +140,80 @@ def test_gitlab_members_get_desired_state(
     assert gitlab_members.get_desired_state(
         instance, mock_pagerduty_map, permissions, [user]
     ) == {
-        "group1": [GitlabUser(user="devtools-bot", access_level="owner")],
-        "group2": [
-            GitlabUser(user="devtools-bot", access_level="owner"),
-            GitlabUser(user="user1", access_level="owner"),
-            GitlabUser(user="user2", access_level="owner"),
-            GitlabUser(user="user3", access_level="owner"),
-            GitlabUser(user="user4", access_level="owner"),
-            GitlabUser(user="another-bot", access_level="owner"),
-        ],
-    }
-def test_gitlab_members_calculate_diff_no_changes(state: State) -> None:
-    # pylint: disable-next=use-implicit-booleaness-not-comparison # for better readability
-    assert gitlab_members.calculate_diff(state, state) == []
-def test_gitlab_members_subtract_states_no_changes_add(state: State) -> None:
-    # pylint: disable-next=use-implicit-booleaness-not-comparison # for better readability
-    assert gitlab_members.subtract_states(state, state, Action.add_user_to_group) == []
-def test_gitlab_members_subtract_states_no_changes_remove(state: State) -> None:
-    # pylint: disable=use-implicit-booleaness-not-comparison # for better readability
-    assert (
-        gitlab_members.subtract_states(state, state, Action.remove_user_from_group)
-        == []
-    )
-def test_gitlab_members_subtract_states_add(state: State) -> None:
-    current_state = copy.deepcopy(state)
-    # enforce add users to groups
-    current_state["group2"] = [GitlabUser(access_level="maintainer", user="otherone")]
-    del current_state["group1"][1]
-    desired_state = state
-    assert gitlab_members.subtract_states(
-        desired_state, current_state, Action.add_user_to_group
-    ) == [
-        Diff(
-            action=Action.add_user_to_group,
-            group="group1",
-            user="user2",
-            access_level="maintainer",
-        ),
-        Diff(
-            action=Action.add_user_to_group,
-            group="group2",
-            user="user3",
-            access_level="developer",
-        ),
-        Diff(
-            action=Action.add_user_to_group,
-            group="group2",
-            user="user4",
-            access_level="maintainer",
-        ),
-    ]
-def test_gitlab_members_subtract_states_remove(state: State) -> None:
-    current_state = copy.deepcopy(state)
-    # enforce remove user from group
-    current_state["group2"] = [GitlabUser(access_level="maintainer", user="otherone")]
-    desired_state = state
-    assert gitlab_members.subtract_states(
-        current_state, desired_state, Action.remove_user_from_group
-    ) == [
-        Diff(
-            action=Action.remove_user_from_group,
-            group="group2",
-            user="otherone",
-            access_level="maintainer",
-        )
-    ]
-def test_gitlab_members_check_access_no_changes(state: State) -> None:
-    # pylint: disable-next=use-implicit-booleaness-not-comparison # for better readability
-    assert gitlab_members.check_access(state, state) == []
-def test_gitlab_members_check_access(state: State) -> None:
-    current_state = copy.deepcopy(state)
-    # enforce access change
-    current_state["group1"][0].access_level = "owner"
-    desired_state = state
-    assert gitlab_members.check_access(current_state, desired_state) == [
-        Diff(
-            action=Action.change_access,
-            group="group1",
-            user="user1",
-            access_level="developer",
-        ),
-    ]
-def test_gitlab_members_calculate_diff_changes(state: State) -> None:
-    current_state = copy.deepcopy(state)
-    # enforce remove user from group
-    current_state["group2"] = [GitlabUser(access_level="maintainer", user="otherone")]
-    # enforce add user to group
-    del current_state["group1"][1]
-    # enforce access change
-    current_state["group1"][0].access_level = "owner"
-    desired_state = state
-    assert gitlab_members.calculate_diff(current_state, desired_state) == [
-        Diff(
-            action=Action.add_user_to_group,
-            group="group1",
-            user="user2",
-            access_level="maintainer",
-        ),
-        Diff(
-            action=Action.add_user_to_group,
-            group="group2",
-            user="user3",
-            access_level="developer",
-        ),
-        Diff(
-            action=Action.add_user_to_group,
-            group="group2",
-            user="user4",
-            access_level="maintainer",
-        ),
-        Diff(
-            action=Action.remove_user_from_group,
-            group="group2",
-            user="otherone",
-            access_level="maintainer",
+        "group1": DesiredStateSpec(
+            members={"devtools-bot": GitlabUser(user="devtools-bot", access_level=50)},
         ),
-        Diff(
-            action=Action.change_access,
-            group="group1",
-            user="user1",
-            access_level="developer",
+        "group2": DesiredStateSpec(
+            members={
+                "devtools-bot": GitlabUser(user="devtools-bot", access_level=50),
+                "user1": GitlabUser(user="user1", access_level=50),
+                "user2": GitlabUser(user="user2", access_level=50),
+                "user3": GitlabUser(user="user3", access_level=50),
+                "user4": GitlabUser(user="user4", access_level=50),
+                "another-bot": GitlabUser(user="another-bot", access_level=50),
+            },
         ),
-    ]
-def test_gitlab_members_act_add(mocker: MockerFixture) -> None:
-    gl_mock = mocker.create_autospec(GitLabApi)
-    diff = Diff(
-        action=Action.add_user_to_group,
-        group="group2",
-        user="user4",
-        access_level="maintainer",
-    )
-    gitlab_members.act(diff, gl_mock)
-    gl_mock.add_group_member.assert_called_once()
-    gl_mock.remove_group_member.assert_not_called()
-    gl_mock.change_access.assert_not_called()
-def test_gitlab_members_act_remove(mocker: MockerFixture) -> None:
-    gl_mock = mocker.create_autospec(GitLabApi)
-    diff = Diff(
-        action=Action.remove_user_from_group,
-        group="group2",
-        user="otherone",
-        access_level="maintainer",
-    )
-    gitlab_members.act(diff, gl_mock)
-    gl_mock.add_group_member.assert_not_called()
-    gl_mock.remove_group_member.assert_called_once()
-    gl_mock.change_access.assert_not_called()
+    }
-def test_gitlab_members_act_change(mocker: MockerFixture) -> None:
+def test_gitlab_members_reconcile_gitlab_members(
+    gitlab_groups_map: dict[str, Group],
+    mocker: MockerFixture,
+    all_users: list[GroupMember],
+) -> None:
     gl_mock = mocker.create_autospec(GitLabApi)
-    diff = Diff(
-        action=Action.change_access,
-        group="group1",
-        user="user1",
-        access_level="developer",
+    current_state: CurrentState = {
+        "group1": CurrentStateSpec(
+            members={
+                "user1": all_users[0],
+                "user3": all_users[2],
+                "user4": all_users[3],
+            },
+        )
+    }
+    new_user = GitlabUser(user="new_user", access_level=40)
+    desired_state: DesiredState = {
+        "group1": DesiredStateSpec(
+            members={
+                "user1": GitlabUser(user="user1", access_level=30),
+                "new_user": new_user,
+                "user3": GitlabUser(user="user3", access_level=50),
+            }
+        )
+    }
+    group = gitlab_groups_map.get("group1")
+    gitlab_members.reconcile_gitlab_members(
+        current_state_spec=current_state.get("group1"),
+        desired_state_spec=desired_state.get("group1"),
+        group=group,
+        dry_run=False,
+        gl=gl_mock,
     )
-    gitlab_members.act(diff, gl_mock)
-    gl_mock.add_group_member.assert_not_called()
-    gl_mock.remove_group_member.assert_not_called()
-    gl_mock.change_access.assert_called_once()
+    gl_mock.add_group_member.assert_called_once_with(group, new_user)
+    gl_mock.change_access.assert_called_once_with(all_users[2], 50)
+    gl_mock.remove_group_member.assert_called_once_with(group, all_users[3].id)
 def test_add_or_update_user_add():
-    group_members: State = {"t": []}
-    gu = GitlabUser(user="u", access_level="owner")
-    add_or_update_user(group_members, "t", gu)
-    assert group_members == {"t": [gu]}
+    desired_state_spec: DesiredStateSpec = DesiredStateSpec(members={})
+    gu = GitlabUser(user="u", access_level=50, id="1234")
+    add_or_update_user(desired_state_spec, gu)
+    assert desired_state_spec == DesiredStateSpec(members={"u": gu})
 def test_add_or_update_user_update_higher():
-    group_members: State = {"t": []}
-    gu1 = GitlabUser(user="u", access_level="maintainer")
-    gu2 = GitlabUser(user="u", access_level="owner")
-    add_or_update_user(group_members, "t", gu1)
-    add_or_update_user(group_members, "t", gu2)
-    assert group_members == {"t": [gu2]}
+    desired_state_spec: DesiredStateSpec = DesiredStateSpec(members={})
+    gu1 = GitlabUser(user="u", access_level=40)
+    gu2 = GitlabUser(user="u", access_level=50)
+    add_or_update_user(desired_state_spec, gu1)
+    add_or_update_user(desired_state_spec, gu2)
+    assert desired_state_spec == DesiredStateSpec(members={"u": gu2})
 def test_add_or_update_user_update_lower():
-    group_members: State = {"t": []}
-    gu1 = GitlabUser(user="u", access_level="owner")
-    gu2 = GitlabUser(user="u", access_level="maintainer")
-    add_or_update_user(group_members, "t", gu1)
-    add_or_update_user(group_members, "t", gu2)
-    assert group_members == {"t": [gu1]}
+    desired_state_spec: DesiredStateSpec = DesiredStateSpec(members={})
+    gu1 = GitlabUser(user="u", access_level=50)
+    gu2 = GitlabUser(user="u", access_level=40)
+    add_or_update_user(desired_state_spec, gu1)
+    add_or_update_user(desired_state_spec, gu2)
+    assert desired_state_spec == DesiredStateSpec(members={"u": gu1})

reconcile/utils/gitlab_api.py CHANGED Viewed

@@ -29,6 +29,7 @@ from gitlab.const import (
 from gitlab.v4.objects import (
     CurrentUser,
     Group,
+    GroupMember,
     PersonalAccessToken,
     Project,
     ProjectIssue,
@@ -84,6 +85,7 @@ GROUP_BOT_NAME_REGEX = re.compile(r"group_.+_bot_.+")
 class GLGroupMember(TypedDict):
+    id: str
     user: str
     access_level: str
@@ -288,17 +290,13 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         """
         return GROUP_BOT_NAME_REGEX.match(username) is not None
-    def get_group_members(self, group_name: str) -> list[GLGroupMember]:
-        group = self.get_group_if_exists(group_name)
+    def get_group_members(self, group: Group | None) -> list[GroupMember]:
         if group is None:
-            logging.error(group_name + " group not found")
+            logging.error("no group provided")
             return []
         else:
             return [
-                {
-                    "user": m.username,
-                    "access_level": self.get_access_level_string(m.access_level),
-                }
+                m
                 for m in self.get_items(group.members.list)
                 if not self._is_bot_username(m.username)
             ]
@@ -315,40 +313,27 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
             member.access_level = access_level
             member.save()
-    def add_group_member(self, group_name, username, access):
-        group = self.get_group_if_exists(group_name)
-        if not group:
-            logging.error(group_name + " group not found")
-        else:
-            user = self.get_user(username)
-            access_level = self.get_access_level(access)
-            if user is not None:
-                gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-                try:
-                    group.members.create({
-                        "user_id": user.id,
-                        "access_level": access_level,
-                    })
-                except gitlab.exceptions.GitlabCreateError:
-                    gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-                    member = group.members.get(user.id)
-                    member.access_level = access_level
-    def remove_group_member(self, group_name, username):
-        gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-        group = self.gl.groups.get(group_name)
-        user = self.get_user(username)
-        if user is not None:
+    def add_group_member(self, group, user):
+        gitlab_user = self.get_user(user.user)
+        if gitlab_user is not None:
             gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-            group.members.delete(user.id)
+            try:
+                group.members.create({
+                    "user_id": gitlab_user.id,
+                    "access_level": user.access_level,
+                })
+            except gitlab.exceptions.GitlabCreateError:
+                gitlab_request.labels(integration=INTEGRATION_NAME).inc()
+                member = group.members.get(user.user)
+                member.access_level = user.access_level
+                member.save()
-    def change_access(self, group, username, access):
-        gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-        group = self.gl.groups.get(group)
-        user = self.get_user(username)
+    def remove_group_member(self, group, user_id):
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-        member = group.members.get(user.id)
-        member.access_level = self.get_access_level(access)
+        group.members.delete(user_id)
+    def change_access(self, member, access_level):
+        member.access_level = access_level
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         member.save()

tools/cli_commands/container_images_report.py ADDED Viewed

@@ -0,0 +1,129 @@
+import re
+from collections import defaultdict
+from collections.abc import Sequence
+from typing import Any
+from pydantic import BaseModel
+from sretoolbox.utils import threaded
+from reconcile.gql_definitions.common.namespaces_minimal import NamespaceV1
+from reconcile.typed_queries.app_interface_vault_settings import (
+    get_app_interface_vault_settings,
+)
+from reconcile.typed_queries.namespaces_minimal import get_namespaces_minimal
+from reconcile.utils.oc_filters import filter_namespaces_by_cluster_and_namespace
+from reconcile.utils.oc_map import OCMap, init_oc_map_from_namespaces
+from reconcile.utils.secret_reader import create_secret_reader
+IMAGE_NAME_REGEX = re.compile(r"^(?P<name>[a-zA-Z0-9][a-zA-Z0-9/_.-]+)(?:@sha256)?:.+$")
+class NamespaceImages(BaseModel):
+    namespace_name: str
+    image_names: list[str]
+def get_all_pods_images(
+    cluster_name: Sequence[str] | None = None,
+    namespace_name: Sequence[str] | None = None,
+    thread_pool_size: int = 10,
+    use_jump_host: bool = True,
+    include_pattern: str | None = None,
+    exclude_pattern: str | None = None,
+) -> list[dict[str, Any]]:
+    """Gets all the images in the clusters/namespaces given. Returns a list of dicts
+    with the following keys:
+      * name: image name
+      * namespaces:  a comma separated list of namespaces where the instance is used
+      * count: number of uses of the image
+    """
+    all_namespaces = get_namespaces_minimal()
+    namespaces = filter_namespaces_by_cluster_and_namespace(
+        namespaces=all_namespaces,
+        cluster_names=cluster_name,
+        namespace_names=namespace_name,
+    )
+    vault_settings = get_app_interface_vault_settings()
+    secret_reader = create_secret_reader(use_vault=vault_settings.vault)
+    oc_map = init_oc_map_from_namespaces(
+        namespaces=namespaces,
+        integration="qontract-cli-get-namespace_images",
+        secret_reader=secret_reader,
+        use_jump_host=use_jump_host,
+        thread_pool_size=thread_pool_size,
+        init_projects=True,
+    )
+    return fetch_pods_images_from_namespaces(
+        namespaces=namespaces,
+        oc_map=oc_map,
+        exclude_pattern=exclude_pattern,
+        include_pattern=include_pattern,
+        thread_pool_size=thread_pool_size,
+    )
+def fetch_pods_images_from_namespaces(
+    namespaces: list[NamespaceV1],
+    oc_map: OCMap,
+    include_pattern: str | None = None,
+    exclude_pattern: str | None = None,
+    thread_pool_size: int = 10,
+) -> list[dict[str, Any]]:
+    all_namespace_images = threaded.run(
+        func=_get_namespace_images,
+        iterable=namespaces,
+        thread_pool_size=thread_pool_size,
+        oc_map=oc_map,
+    )
+    result: defaultdict = defaultdict(_get_all_images_default)
+    for ni in all_namespace_images:
+        for name in ni.image_names:
+            result[name]["namespaces"].add(ni.namespace_name)
+            result[name]["count"] += 1
+    exclude_pattern_compiled: re.Pattern | None = None
+    if exclude_pattern:
+        exclude_pattern_compiled = re.compile(exclude_pattern)
+    include_pattern_compiled: re.Pattern | None = None
+    if include_pattern:
+        include_pattern_compiled = re.compile(include_pattern)
+    result_filtered_flattened: list[dict[str, Any]] = []
+    for name, value in result.items():
+        if include_pattern_compiled and not include_pattern_compiled.match(name):
+            continue
+        if exclude_pattern_compiled and exclude_pattern_compiled.match(name):
+            continue
+        result_filtered_flattened.append({
+            "name": name,
+            "namespaces": ",".join(sorted(value["namespaces"])),
+            "count": value["count"],
+        })
+    return result_filtered_flattened
+def _get_all_images_default() -> dict[str, Any]:
+    return {"namespaces": set(), "count": 0}
+def _get_namespace_images(ns: NamespaceV1, oc_map: OCMap) -> NamespaceImages:
+    image_names = []
+    oc = oc_map.get_cluster(ns.cluster.name)
+    pod_items = oc.get_items("Pod", namespace=ns.name)
+    for pod in pod_items:
+        containers = pod.get("spec", {}).get("containers", [])
+        containers.extend(pod.get("spec", {}).get("initContainers", []))
+        for c in containers:
+            if m := IMAGE_NAME_REGEX.match(c["image"]):
+                image_names.append(m.group("name"))
+    return NamespaceImages(
+        namespace_name=ns.name,
+        image_names=image_names,
+    )

tools/qontract_cli.py CHANGED Viewed

@@ -63,9 +63,14 @@ from reconcile.checkpoint import report_invalid_metadata
 from reconcile.cli import (
     TERRAFORM_VERSION,
     TERRAFORM_VERSION_REGEX,
+    cluster_name,
     config_file,
+    namespace_name,
     use_jump_host,
 )
+from reconcile.cli import (
+    threaded as thread_pool_size,
+)
 from reconcile.gql_definitions.advanced_upgrade_service.aus_clusters import (
     query as aus_clusters_query,
 )
@@ -136,7 +141,9 @@ from reconcile.utils.oc import (
     OC_Map,
     OCLogMsg,
 )
-from reconcile.utils.oc_map import init_oc_map_from_clusters
+from reconcile.utils.oc_map import (
+    init_oc_map_from_clusters,
+)
 from reconcile.utils.ocm import OCM_PRODUCT_ROSA, OCMMap
 from reconcile.utils.ocm_base_client import init_ocm_base_client
 from reconcile.utils.output import print_output
@@ -4313,5 +4320,68 @@ def migrate(ctx, dry_run: bool, skip_build: bool) -> None:
     rich_print(f"[b red]Please remove the temporary directory ({tempdir}) manually!")
+@get.command(help="Get all container images in app-interface defined namespaces")
+@cluster_name
+@namespace_name
+@thread_pool_size()
+@use_jump_host()
+@click.option("--exclude-pattern", help="Exclude images that match this pattern")
+@click.option("--include-pattern", help="Only include images that match this pattern")
+@click.pass_context
+def container_images(
+    ctx,
+    cluster_name,
+    namespace_name,
+    thread_pool_size,
+    use_jump_host,
+    exclude_pattern,
+    include_pattern,
+):
+    from tools.cli_commands.container_images_report import get_all_pods_images
+    results = get_all_pods_images(
+        cluster_name=cluster_name,
+        namespace_name=namespace_name,
+        thread_pool_size=thread_pool_size,
+        use_jump_host=use_jump_host,
+        exclude_pattern=exclude_pattern,
+        include_pattern=include_pattern,
+    )
+    if ctx.obj["options"]["output"] == "md":
+        json_table = {
+            "filter": True,
+            "fields": [
+                {"key": "name", "sortable": True},
+                {"key": "namespaces", "sortable": True},
+                {"key": "count", "sortable": True},
+            ],
+            "items": results,
+        }
+        print(
+            f"""
+You can view the source of this Markdown to extract the JSON data.
+{len(results)} container images found.
+exclude-pattern = {exclude_pattern}
+include-pattern = {include_pattern}
+```json:table
+{json.dumps(json_table)}
+```
+            """
+        )
+    else:
+        columns = [
+            "name",
+            "namespaces",
+            "count",
+        ]
+        ctx.obj["options"]["sort"] = False
+        print_output(ctx.obj["options"], results, columns)
 if __name__ == "__main__":
     root()  # pylint: disable=no-value-for-parameter

tools/test/test_get_container_images.py ADDED Viewed

@@ -0,0 +1,187 @@
+import pytest
+from pytest_mock import MockerFixture
+from reconcile.gql_definitions.common.namespaces_minimal import ClusterV1, NamespaceV1
+from reconcile.gql_definitions.fragments.vault_secret import VaultSecret
+from reconcile.test.fixtures import Fixtures
+from reconcile.utils.oc import OCNative
+from reconcile.utils.oc_map import OCMap
+from tools.cli_commands.container_images_report import (
+    fetch_pods_images_from_namespaces,
+)
+fxt = Fixtures("container_images_report")
+@pytest.fixture
+def observability_pods() -> list[dict]:
+    return fxt.get_anymarkup("app-sre-observability-stage-pods.yaml")
+@pytest.fixture
+def pipeline_pods() -> list[dict]:
+    return fxt.get_anymarkup("app-sre-pipelines-pods.yaml")
+@pytest.fixture
+def namespaces() -> list[NamespaceV1]:
+    return [
+        NamespaceV1(
+            name="app-sre-observability-stage",
+            delete=None,
+            labels="{}",
+            clusterAdmin=None,
+            cluster=ClusterV1(
+                name="appsres09ue1",
+                serverUrl="https://api.appsres09ue1.24ep.p3.openshiftapps.com:443",
+                insecureSkipTLSVerify=None,
+                jumpHost=None,
+                automationToken=VaultSecret(
+                    path="app-sre/integrations-output/openshift-cluster-bots/appsres09ue1",
+                    field="token",
+                    version=None,
+                    format=None,
+                ),
+                clusterAdminAutomationToken=VaultSecret(
+                    path="app-sre/integrations-output/openshift-cluster-bots/appsres09ue1-cluster-admin",
+                    field="token",
+                    version=None,
+                    format=None,
+                ),
+                internal=True,
+                disable=None,
+            ),
+        ),
+        NamespaceV1(
+            name="app-sre-pipelines",
+            delete=None,
+            labels='{"provider": "tekton"}',
+            clusterAdmin=None,
+            cluster=ClusterV1(
+                name="appsres09ue1",
+                serverUrl="https://api.appsres09ue1.24ep.p3.openshiftapps.com:443",
+                insecureSkipTLSVerify=None,
+                jumpHost=None,
+                automationToken=VaultSecret(
+                    path="app-sre/integrations-output/openshift-cluster-bots/appsres09ue1",
+                    field="token",
+                    version=None,
+                    format=None,
+                ),
+                clusterAdminAutomationToken=VaultSecret(
+                    path="app-sre/integrations-output/openshift-cluster-bots/appsres09ue1-cluster-admin",
+                    field="token",
+                    version=None,
+                    format=None,
+                ),
+                internal=True,
+                disable=None,
+            ),
+        ),
+    ]
+@pytest.fixture
+def oc(
+    mocker: MockerFixture,
+    observability_pods: list[dict],
+    pipeline_pods: list[dict],
+) -> OCNative:
+    oc = mocker.patch("reconcile.utils.oc.OCNative", autospec=True)
+    oc.get_items.side_effect = [observability_pods, pipeline_pods]
+    return oc
+@pytest.fixture
+def oc_map(mocker: MockerFixture, oc: OCNative) -> OCMap:
+    oc_map = mocker.patch("reconcile.utils.oc_map.OCMap", autospec=True)
+    oc_map.get_cluster.return_value = oc
+    return oc_map
+# convert a list of dicts into a set of tuples to use it in assertions
+def _to_set(list_of_dicts: list[dict]) -> set[tuple]:
+    return {tuple(d.items()) for d in list_of_dicts}
+def testfetch_no_filter(namespaces: list[NamespaceV1], oc_map: OCMap) -> None:
+    images = fetch_pods_images_from_namespaces(
+        namespaces=namespaces,
+        oc_map=oc_map,
+        thread_pool_size=2,
+    )
+    assert _to_set(images) == _to_set([
+        {
+            "name": "quay.io/prometheus/blackbox-exporter",
+            "namespaces": "app-sre-observability-stage",
+            "count": 1,
+        },
+        {
+            "name": "quay.io/redhat-services-prod/app-sre-tenant/gitlab-project-exporter-main/gitlab-project-exporter-main",
+            "namespaces": "app-sre-observability-stage",
+            "count": 1,
+        },
+        {
+            "name": "quay.io/app-sre/internal-redhat-ca",
+            "namespaces": "app-sre-observability-stage,app-sre-pipelines",
+            "count": 3,
+        },
+        {
+            "name": "quay.io/app-sre/clamav",
+            "namespaces": "app-sre-pipelines",
+            "count": 1,
+        },
+        {
+            "name": "quay.io/redhat-appstudio/clamav-db",
+            "namespaces": "app-sre-pipelines",
+            "count": 1,
+        },
+        {
+            "name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8",
+            "namespaces": "app-sre-pipelines",
+            "count": 3,
+        },
+        {
+            "name": "quay.io/redhatproductsecurity/rapidast",
+            "namespaces": "app-sre-pipelines",
+            "count": 1,
+        },
+    ])
+def testfetch_exclude_pattern(namespaces: list[NamespaceV1], oc_map: OCMap) -> None:
+    images = fetch_pods_images_from_namespaces(
+        namespaces=namespaces,
+        oc_map=oc_map,
+        thread_pool_size=2,
+        exclude_pattern="quay.io/redhat|quay.io/app-sre",
+    )
+    assert _to_set(images) == _to_set([
+        {
+            "name": "quay.io/prometheus/blackbox-exporter",
+            "namespaces": "app-sre-observability-stage",
+            "count": 1,
+        },
+        {
+            "name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8",
+            "namespaces": "app-sre-pipelines",
+            "count": 3,
+        },
+    ])
+def testfetch_include_pattern(namespaces: list[NamespaceV1], oc_map: OCMap) -> None:
+    images = fetch_pods_images_from_namespaces(
+        namespaces=namespaces,
+        oc_map=oc_map,
+        thread_pool_size=2,
+        include_pattern="^registry.redhat.io",
+    )
+    assert images == [
+        {
+            "name": "registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8",
+            "namespaces": "app-sre-pipelines",
+            "count": 3,
+        },
+    ]

{qontract_reconcile-0.10.1rc1180.dist-info → qontract_reconcile-0.10.1rc1182.dist-info}/WHEEL RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc1180.dist-info → qontract_reconcile-0.10.1rc1182.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc1180.dist-info → qontract_reconcile-0.10.1rc1182.dist-info}/top_level.txt RENAMED Viewed

File without changes

qontract-reconcile 0.10.1rc1180__py3-none-any.whl → 0.10.1rc1182__py3-none-any.whl

qontract-reconcile 0.10.1rc1180py3-none-any.whl → 0.10.1rc1182py3-none-any.whl