qontract-reconcile 0.10.1rc1189__py3-none-any.whl → 0.10.1rc1191__py3-none-any.whl

{qontract_reconcile-0.10.1rc1189.dist-info → qontract_reconcile-0.10.1rc1191.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc1189
+Version: 0.10.1rc1191
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc1189.dist-info → qontract_reconcile-0.10.1rc1191.dist-info}/RECORD

@@ -72,7 +72,7 @@ reconcile/openshift_network_policies.py,sha256=DyjaeJvSFHmslbM8nyHCxpF9EtU2m-MJo
 reconcile/openshift_prometheus_rules.py,sha256=onowXab248zmHH8SbYDTc1W1bl7JiqRFU1xdTkZyLFg,1332
 reconcile/openshift_resourcequotas.py,sha256=yUi56PiOn3inMMfq_x_FEHmaW-reGipzoorjdar372g,2415
 reconcile/openshift_resources.py,sha256=I2nO_C37mG3rfyGrd4cGwN3mVseVGuTAHAyhFzLyqF4,1518
-reconcile/openshift_resources_base.py,sha256=1A5_699p0rdsMwRQRPzePEfjhhq5eB2Obwxx4Ibr8jA,41205
+reconcile/openshift_resources_base.py,sha256=mNP-wCeodvBLX5ykntw12D0xcvC4nHIF65EEFt8ez-g,41485
 reconcile/openshift_rolebindings.py,sha256=9mlJ2FjWUoH-rsjtasreA_hV-K5Z_YR00qR_RR60OZM,6555
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
 reconcile/openshift_saas_deploy.py,sha256=T1dvb9zajisaJNjbnR6-AZHU-itscHtr4oCqLj8KCK0,13037
@@ -655,7 +655,7 @@ reconcile/unleash_feature_toggles/integration.py,sha256=nx7BhtzCsTfPbOp60vI5MkNw
 reconcile/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/aggregated_list.py,sha256=km0xadW0jO4G_CqZPsXmoBURQ8c90FaTu5x4X1K1cZs,3357
 reconcile/utils/amtool.py,sha256=ngtBuVPETH6oAy5RnKzvreVbjwQCaATS_PYYwBprzjQ,2288
-reconcile/utils/aws_api.py,sha256=8LeEweWeydLJB9t-neYkYSN6EneDJontGwcglg0xmS0,67652
+reconcile/utils/aws_api.py,sha256=WWttyohsXAH0CCIbW0R5iZBjAiyfeEjcT_DefvM-V7c,67920
 reconcile/utils/aws_helper.py,sha256=MDbv5jrNdqqJ5pfBxniGdJXBBO_EYc2_Uf2w9ZzeMNs,2854
 reconcile/utils/batches.py,sha256=TtEm64a8lWhFuNbUVpFEmXVdU2Q0sTBrP_I0Cjbgh7g,320
 reconcile/utils/binary.py,sha256=7MaAFBpzuBUTJ_aA6G6-eult_BPMVyiXbBLD0Y6F-DM,2301
@@ -882,8 +882,8 @@ tools/test/test_qontract_cli.py,sha256=iuzKbQ6ahinvjoQmQLBrG4shey0z-1rB6qCgS8T6d
 tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc1189.dist-info/METADATA,sha256=NVuBKGEqAXmlVCYwyO-M5Cnu8hcOq0-pJJ9g7a9JCro,2213
-qontract_reconcile-0.10.1rc1189.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
-qontract_reconcile-0.10.1rc1189.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc1189.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc1189.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc1191.dist-info/METADATA,sha256=PYtZqqEcXMwJNmaFvFxZTdM7fWRL05zlsWrO6ZboOOQ,2213
+qontract_reconcile-0.10.1rc1191.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
+qontract_reconcile-0.10.1rc1191.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc1191.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc1191.dist-info/RECORD,,

reconcile/openshift_resources_base.py

@@ -34,6 +34,7 @@ import reconcile.openshift_base as ob
 import reconcile.utils.jinja2.utils as jinja2_utils
 from reconcile import queries
 from reconcile.change_owners.diff import IDENTIFIER_FIELD_NAME
+from reconcile.external_resources.meta import SECRET_UPDATED_AT
 from reconcile.utils import (
     amtool,
     gql,
@@ -233,6 +234,9 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 9, 2)
 QONTRACT_BASE64_SUFFIX = "_qb64"
 KUBERNETES_SECRET_DATA_KEY_RE = "^[-._a-zA-Z0-9]+$"
 
+# Keys in vault secrets that do not need to land
+# into K8S secrets.
+VAULT_SECRETS_EXCLUDED_KEYS = {SECRET_UPDATED_AT}
 _log_lock = Lock()
 
 
@@ -401,7 +405,11 @@ def fetch_provider_vault_secret(
 ) -> OR:
     # get the fields from vault
     secret_reader = SecretReader(settings)
-    raw_data = secret_reader.read_all({"path": path, "version": version})
+    raw_data = {
+        k: v
+        for k, v in secret_reader.read_all({"path": path, "version": version}).items()
+        if k not in VAULT_SECRETS_EXCLUDED_KEYS
+    }
 
     if validate_alertmanager_config:
         check_alertmanager_config(raw_data, path, alertmanager_config_key)

reconcile/utils/aws_api.py

@@ -979,12 +979,15 @@ class AWSApi:  # pylint: disable=too-many-public-methods
             raise ValueError(
                 f"exactly one VPC endpoint for private API router in VPC {vpc_id} expected but {len(endpoints)} found"
             )
-        vpc_endpoint_id = endpoints[0]["VpcEndpointId"]
+        endpoint = endpoints[0]
+        vpc_endpoint_id = endpoint["VpcEndpointId"]
         # https://github.com/openshift/hypershift/blob/c855f68e84e78924ccc9c2132b75dc7e30c4e1d8/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go#L4243
+        # https://github.com/openshift/hypershift/blob/2569f3353ef5ac0858eace9ee77310c3cc38b8e0/control-plane-operator/controllers/awsprivatelink/awsprivatelink_controller.go#L787
         security_groups = [
             sg
-            for sg in endpoints[0]["Groups"]
+            for sg in endpoint["Groups"]
             if sg["GroupName"].endswith("-default-sg")
+            or sg["GroupName"].endswith("-vpce-private-router")
         ]
         if len(security_groups) != 1:
             raise ValueError(