qontract-reconcile 0.10.1rc1190__py3-none-any.whl → 0.10.1rc1192__py3-none-any.whl

{qontract_reconcile-0.10.1rc1190.dist-info → qontract_reconcile-0.10.1rc1192.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc1190
+Version: 0.10.1rc1192
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc1190.dist-info → qontract_reconcile-0.10.1rc1192.dist-info}/RECORD

@@ -72,7 +72,7 @@ reconcile/openshift_network_policies.py,sha256=DyjaeJvSFHmslbM8nyHCxpF9EtU2m-MJo
 reconcile/openshift_prometheus_rules.py,sha256=onowXab248zmHH8SbYDTc1W1bl7JiqRFU1xdTkZyLFg,1332
 reconcile/openshift_resourcequotas.py,sha256=yUi56PiOn3inMMfq_x_FEHmaW-reGipzoorjdar372g,2415
 reconcile/openshift_resources.py,sha256=I2nO_C37mG3rfyGrd4cGwN3mVseVGuTAHAyhFzLyqF4,1518
-reconcile/openshift_resources_base.py,sha256=1A5_699p0rdsMwRQRPzePEfjhhq5eB2Obwxx4Ibr8jA,41205
+reconcile/openshift_resources_base.py,sha256=mNP-wCeodvBLX5ykntw12D0xcvC4nHIF65EEFt8ez-g,41485
 reconcile/openshift_rolebindings.py,sha256=9mlJ2FjWUoH-rsjtasreA_hV-K5Z_YR00qR_RR60OZM,6555
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
 reconcile/openshift_saas_deploy.py,sha256=T1dvb9zajisaJNjbnR6-AZHU-itscHtr4oCqLj8KCK0,13037
@@ -818,7 +818,7 @@ reconcile/utils/runtime/sharding.py,sha256=r0ieUtNed7NvknSw6qQrCkKpVXE1shuHGnfFc
 reconcile/utils/saasherder/__init__.py,sha256=3U8plqMAPRE1kjwZ5YnIsYsggTf4_gS7flRUEuXVBAs,343
 reconcile/utils/saasherder/interfaces.py,sha256=C2wrw34OXypshVocAsPrVZsSHptgw4g9u7Haa2wulZQ,9087
 reconcile/utils/saasherder/models.py,sha256=z8ln03zi2a8cu716NcNUDHp8Dv1VcVbhqdWVxCl7x9A,10148
-reconcile/utils/saasherder/saasherder.py,sha256=t7dqcXj9FFULROG_gUmdoSNQOLKfhdlquzwxw710yOA,85358
+reconcile/utils/saasherder/saasherder.py,sha256=120A33jOQefZfYUpeDzaeNR4-Twe5V5bsBSe0DoOCSo,86115
 reconcile/utils/terraform/__init__.py,sha256=zNbiyTWo35AT1sFTElL2j_AA0jJ_yWE_bfFn-nD2xik,250
 reconcile/utils/terraform/config.py,sha256=5UVrd563TMcvi4ooa5JvWVDW1I3bIWg484u79evfV_8,164
 reconcile/utils/terraform/config_client.py,sha256=gRL1rQ0AqvShei_rcGqC3HDYGskOFKE1nPrJyJE9yno,4676
@@ -882,8 +882,8 @@ tools/test/test_qontract_cli.py,sha256=iuzKbQ6ahinvjoQmQLBrG4shey0z-1rB6qCgS8T6d
 tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc1190.dist-info/METADATA,sha256=69iNqyU2r_9XepM9SB9pwV0I87hdxLq4lw8oTmeqabc,2213
-qontract_reconcile-0.10.1rc1190.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
-qontract_reconcile-0.10.1rc1190.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc1190.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc1190.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc1192.dist-info/METADATA,sha256=xvVSmRGPTAuwy6U0jB-TwMzTgaD5b8OZIP5Em_jdZlo,2213
+qontract_reconcile-0.10.1rc1192.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
+qontract_reconcile-0.10.1rc1192.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc1192.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc1192.dist-info/RECORD,,

reconcile/openshift_resources_base.py

@@ -34,6 +34,7 @@ import reconcile.openshift_base as ob
 import reconcile.utils.jinja2.utils as jinja2_utils
 from reconcile import queries
 from reconcile.change_owners.diff import IDENTIFIER_FIELD_NAME
+from reconcile.external_resources.meta import SECRET_UPDATED_AT
 from reconcile.utils import (
     amtool,
     gql,
@@ -233,6 +234,9 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 9, 2)
 QONTRACT_BASE64_SUFFIX = "_qb64"
 KUBERNETES_SECRET_DATA_KEY_RE = "^[-._a-zA-Z0-9]+$"
 
+# Keys in vault secrets that do not need to land
+# into K8S secrets.
+VAULT_SECRETS_EXCLUDED_KEYS = {SECRET_UPDATED_AT}
 _log_lock = Lock()
 
 
@@ -401,7 +405,11 @@ def fetch_provider_vault_secret(
 ) -> OR:
     # get the fields from vault
     secret_reader = SecretReader(settings)
-    raw_data = secret_reader.read_all({"path": path, "version": version})
+    raw_data = {
+        k: v
+        for k, v in secret_reader.read_all({"path": path, "version": version}).items()
+        if k not in VAULT_SECRETS_EXCLUDED_KEYS
+    }
 
     if validate_alertmanager_config:
         check_alertmanager_config(raw_data, path, alertmanager_config_key)

reconcile/utils/saasherder/saasherder.py

@@ -1112,29 +1112,54 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
                 username, password = (
                     base64.b64decode(auth["auth"]).decode("utf-8").split(":")
                 )
-                with suppress(Exception):
-                    return Image(
-                        image,
-                        username=username,
-                        password=password,
-                        auth_server=image_auth.auth_server,
-                        timeout=REQUEST_TIMEOUT,
-                    )
+
+                return SaasHerder._get_and_validate_image(
+                    full_image_path=image,
+                    username=username,
+                    password=password,
+                    auth_server=image_auth.auth_server,
+                    timeout=REQUEST_TIMEOUT,
+                    error_prefix=error_prefix,
+                )
 
         # basic auth fallback for backwards compatibility
+        return SaasHerder._get_and_validate_image(
+            full_image_path=image,
+            username=image_auth.username,
+            password=image_auth.password,
+            auth_server=image_auth.auth_server,
+            timeout=REQUEST_TIMEOUT,
+            error_prefix=error_prefix,
+        )
+
+    @staticmethod
+    def _get_and_validate_image(
+        full_image_path: str,
+        username: str | Any,
+        password: str | Any,
+        auth_server: str | Any,
+        timeout: int,
+        error_prefix: str,
+    ) -> Image | None:
         try:
-            return Image(
-                image,
-                username=image_auth.username,
-                password=image_auth.password,
-                auth_server=image_auth.auth_server,
-                timeout=REQUEST_TIMEOUT,
+            img = Image(
+                full_image_path,
+                username=username,
+                password=password,
+                auth_server=auth_server,
+                timeout=timeout,
             )
+            if img:
+                return img
+            else:
+                logging.error(
+                    f"{error_prefix} Image : {full_image_path} does not exist"
+                )
         except Exception as e:
             logging.error(
-                f"{error_prefix} Image is invalid: {image}. " + f"details: {e!s}"
+                f"{error_prefix} Image is invalid: {full_image_path}. "
+                + f"details: {e!s}"
             )
-
         return None
 
     def _check_images(