qontract-reconcile 0.10.1rc122__py3-none-any.whl → 0.10.1rc124__py3-none-any.whl

{qontract_reconcile-0.10.1rc122.dist-info → qontract_reconcile-0.10.1rc124.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc122
+Version: 0.10.1rc124
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc122.dist-info → qontract_reconcile-0.10.1rc124.dist-info}/RECORD

@@ -105,7 +105,7 @@ reconcile/terraform_cloudflare_resources.py,sha256=BQg12mHm1iaxf086FFPZutPbWKUMa
 reconcile/terraform_cloudflare_users.py,sha256=Bv0f9lOO_wTM7st8iltb8FR8gu4KpKu3qavMzAYcoMc,13965
 reconcile/terraform_repo.py,sha256=0TNwHyc3P4hlkSQdQ-ST6QLmAiG6Rb9r1G5tzJu-tPE,11816
 reconcile/terraform_resources.py,sha256=gQ-LT0TGwf9OR4RF5EWDmNHUnKWnbhrIMtyIdUgP4D4,16782
-reconcile/terraform_tgw_attachments.py,sha256=ootT8zPxcm3-VHy9OiG0zBP0X7wzrvTCh53eYbxJvfI,13725
+reconcile/terraform_tgw_attachments.py,sha256=6PVhBYeIvNnz2PwBdPF0I222_83EzOWX6VKJnqz7UPo,13915
 reconcile/terraform_users.py,sha256=AzDvEQCdLpsXoS3nLbIQRraQvJHa8JmL40lZFv8YXMk,9321
 reconcile/terraform_vpc_peerings.py,sha256=fI76pTN6LjoPPSBxjyOhKbhzDfsJfg2ymXQTrk0J6uM,21422
 reconcile/vault_replication.py,sha256=xobxnsOfUcwvdQ-RZ7JH_sZCDh8rpEY7MJ36nkvfFqE,17262
@@ -361,13 +361,13 @@ reconcile/test/test_terraform_cloudflare_resources.py,sha256=cWNE2UIhz19rLSWdpJG
 reconcile/test/test_terraform_cloudflare_users.py,sha256=8iAFjz-zbUW4xLS10Lk1XvYSk4B_W__YT9rgrBuigcQ,27482
 reconcile/test/test_terraform_repo.py,sha256=RrRzlc9ThVYbEJq4k99sSRN2xGZP0zIqzGkaxTwgcm8,7014
 reconcile/test/test_terraform_resources.py,sha256=dEpJwaTzE_FzkRjCozDtGzE4egBrb-VrwSoWr2Benv4,7955
-reconcile/test/test_terraform_tgw_attachments.py,sha256=ddf04h_uKYroJOWKOFGZxuJNL-1PSjW5EyddQB3CLSw,33744
+reconcile/test/test_terraform_tgw_attachments.py,sha256=GgDA8hlQ1ujh5g8PtzbYQbJGpNScEgZ8PvDbMFbn68g,35493
 reconcile/test/test_terraform_users.py,sha256=Yt4iN5FMtn7cfVlVqBJ1MMH94Z0DGchyByhpfNUJFxM,1570
 reconcile/test/test_terraform_vpc_peerings.py,sha256=fRDgoyM9wyOdzIwjCno-vzhIA4vy0dRNnE7j3ytWyEg,18948
 reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=43EIGnrm5xAdtuSL6tKDh-nepk4WOKkONMNUOU1BN_Y,37236
 reconcile/test/test_unleash.py,sha256=a4jT0Hzlje6AEkwhMmeDUkzo6rsD_WGSZicwFg47mmM,4192
 reconcile/test/test_utils_aws_api.py,sha256=GwUByT-ZXjVHlHBzoomyWjngNVp5uYA3-UcgDjzxWko,8997
-reconcile/test/test_utils_aws_helper.py,sha256=2FjZ3cY2VLuHpkt2t-6S0xkJnpTbesx8pprP_75-7xI,2307
+reconcile/test/test_utils_aws_helper.py,sha256=kqmj1QPOJjjHGlWvaKWZUkEXo0K0qVeZBW3slwBUtVY,2297
 reconcile/test/test_utils_aws_rds.py,sha256=gr2S_s5YBz-jGlcZMbvU9DSJ2co0CAJ3K7opxdAdf7w,1062
 reconcile/test/test_utils_cluster_version_data.py,sha256=ua2zivisH5PsZtZxjuQ3QXFVzF2SRUIVbxHdbmn-clc,6019
 reconcile/test/test_utils_data_structures.py,sha256=ZDa-15vxe7v6TG4pLDF_R9rGFbBDEYG9rUDDf2Dyjjk,342
@@ -467,7 +467,7 @@ reconcile/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/aggregated_list.py,sha256=svF8qu2U8iAIUPrGbKiMzuzz2RffI0GOJzWDxBDgSIQ,3332
 reconcile/utils/amtool.py,sha256=9p9FYkv4RYPnkDICuN1apcqJyZ5n8WbHF6vC0FIiQIw,2166
 reconcile/utils/aws_api.py,sha256=bbNisd1Y7mjqaKhDdr5ocSjERhItHNs8aAvCYENMSZ4,59770
-reconcile/utils/aws_helper.py,sha256=WXSz4UG0BEkY8IE9osGhbBOzsep4lPpegO5SAq3N0H0,1691
+reconcile/utils/aws_helper.py,sha256=E8NHkStoHRmvLVjRll2f5kGtU3i3f7ekp5V6nrn7B_M,1691
 reconcile/utils/binary.py,sha256=3IBnwjKakHM367skPPvG6yVSQYjKt5muQlFNdoa63DU,2352
 reconcile/utils/cluster_version_data.py,sha256=HPBPDosEdoGrMgBQMJvsicL5oPxVjqKHlhpFokUlsio,6680
 reconcile/utils/config.py,sha256=ZhYy3ZKI0vB_QvrYr14JPxu0EAVM5gS8cKRbM8ECRSE,992
@@ -531,7 +531,7 @@ reconcile/utils/state.py,sha256=_SmE7fOEReET3iy9jRQ1pyuaJebg5962Zs9Iy1dzTJk,9530
 reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=fR5HscDYZblw27tb_lqhJM-CSshcPDyfNORdYJMzNOE,30509
-reconcile/utils/terrascript_aws_client.py,sha256=HEyOWJ4n9DCLRtbBM7Il-0Zc3euFWamxIABILY9qim8,261916
+reconcile/utils/terrascript_aws_client.py,sha256=1nF_oiKJHiQp0U_GbWXT8nEg6Nqp4CqYchN7ESjAqGI,261977
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/unleash.py,sha256=QGANGA8BHG7oC_bt39c2M7uRa2ycjzmahN8_m7Zovos,3094
 reconcile/utils/vault.py,sha256=CnhNu0pZfqS14kD1dQmBldITvTcSJHaHfk-KPNNDC7k,14471
@@ -597,8 +597,8 @@ tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y
 tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc122.dist-info/METADATA,sha256=7L4haj9vbG0djfWguAQZmNSt8IE01Gnb_-ZvDWHxQfg,2291
-qontract_reconcile-0.10.1rc122.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-qontract_reconcile-0.10.1rc122.dist-info/entry_points.txt,sha256=Af70EWPJxsTiCNF6gA-pWdw1A0Heqn-PZF-oBc5NmiU,302
-qontract_reconcile-0.10.1rc122.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc122.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc124.dist-info/METADATA,sha256=8vXlksnwd7GI4vBp37d_iwA7IqQwMCaXlMTKaSMo_eo,2291
+qontract_reconcile-0.10.1rc124.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+qontract_reconcile-0.10.1rc124.dist-info/entry_points.txt,sha256=Af70EWPJxsTiCNF6gA-pWdw1A0Heqn-PZF-oBc5NmiU,302
+qontract_reconcile-0.10.1rc124.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc124.dist-info/RECORD,,

reconcile/terraform_tgw_attachments.py

@@ -369,6 +369,12 @@ def run(
     desired_state_data_source = _fetch_desired_state_data_source(account_name)
     accounts = [a.dict(by_alias=True) for a in desired_state_data_source.accounts]
 
+    if not accounts:
+        logging.warning(
+            f"No participating AWS accounts found, consider disabling this integration, account name: {account_name}"
+        )
+        return
+
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(vault_settings.vault)
     aws_api = AWSApi(1, accounts, secret_reader=secret_reader, init_users=False)

reconcile/test/test_terraform_tgw_attachments.py

@@ -561,6 +561,9 @@ def _setup_mocks(
     ).return_value
     mocked_tf.plan.return_value = (False, False)
     mocked_tf.apply.return_value = False
+
+    mocked_logging = mocker.patch("reconcile.terraform_tgw_attachments.logging")
+
     return {
         "tf": mocked_tf,
         "ts": mocked_ts,
@@ -571,16 +574,48 @@ def _setup_mocks(
         "ocm": mocked_ocm,
         "aws_api": mocked_aws_api,
         "gql_api": mocked_gql_api,
+        "logging": mocked_logging,
     }
 
 
+def test_empty_run(
+    mocker: MockerFixture,
+    app_interface_vault_settings: AppInterfaceSettingsV1,
+) -> None:
+    mocks = _setup_mocks(
+        mocker,
+        vault_settings=app_interface_vault_settings,
+    )
+
+    integ.run(False, enable_deletion=False)
+
+    mocks["logging"].warning.assert_called_once_with(
+        "No participating AWS accounts found, consider disabling this integration, account name: None"
+    )
+    mocks["get_clusters_with_peering"].assert_called_once_with(mocks["gql_api"])
+    mocks["get_aws_accounts"].assert_called_once_with(mocks["gql_api"], name=None)
+    mocks["get_app_interface_vault_settings"].assert_not_called()
+    mocks["tf"].plan.assert_not_called()
+    mocks["tf"].apply.assert_not_called()
+
+
 def test_dry_run(
     mocker: MockerFixture,
     app_interface_vault_settings: AppInterfaceSettingsV1,
+    cluster_with_tgw_connection: ClusterV1,
+    tgw_account: AWSAccountV1,
+    tgw: Mapping,
+    vpc_details: Mapping,
+    assume_role: str,
 ) -> None:
     mocks = _setup_mocks(
         mocker,
         vault_settings=app_interface_vault_settings,
+        clusters=[cluster_with_tgw_connection],
+        accounts=[tgw_account],
+        vpc_details=vpc_details,
+        tgws=[tgw],
+        assume_role=assume_role,
     )
 
     integ.run(True, enable_deletion=False)
@@ -595,10 +630,20 @@ def test_dry_run(
 def test_non_dry_run(
     mocker: MockerFixture,
     app_interface_vault_settings: AppInterfaceSettingsV1,
+    cluster_with_tgw_connection: ClusterV1,
+    tgw_account: AWSAccountV1,
+    tgw: Mapping,
+    vpc_details: Mapping,
+    assume_role: str,
 ) -> None:
     mocks = _setup_mocks(
         mocker,
         vault_settings=app_interface_vault_settings,
+        clusters=[cluster_with_tgw_connection],
+        accounts=[tgw_account],
+        vpc_details=vpc_details,
+        tgws=[tgw],
+        assume_role=assume_role,
     )
 
     integ.run(False, enable_deletion=False)
@@ -734,15 +779,12 @@ def test_run_when_cluster_with_vpc_connection_only(
 
     integ.run(True)
 
-    mocks["aws_api"].assert_called_once_with(
-        1,
-        [],
-        secret_reader=mocks["secret_reader"],
-        init_users=False,
-    )
+    mocks["aws_api"].assert_not_called()
     mocks["ocm"].assert_not_called()
-    mocks["ts"].populate_additional_providers.assert_called_once_with([])
-    mocks["ts"].populate_tgw_attachments.assert_called_once_with([])
+    mocks["ts"].populate_additional_providers.assert_not_called()
+    mocks["ts"].populate_tgw_attachments.assert_not_called()
+    mocks["tf"].plan.assert_not_called()
+    mocks["tf"].apply.assert_not_called()
 
 
 def test_run_with_multiple_clusters(
@@ -921,6 +963,7 @@ def test_duplicate_tgw_connection_names(
     mocker: MockerFixture,
     app_interface_vault_settings: AppInterfaceSettingsV1,
     cluster_with_duplicate_tgw_connections: ClusterV1,
+    tgw_account: AWSAccountV1,
     tgw: AWSAccountV1,
     vpc_details: Mapping,
     assume_role: str,
@@ -929,6 +972,7 @@ def test_duplicate_tgw_connection_names(
         mocker,
         vault_settings=app_interface_vault_settings,
         clusters=[cluster_with_duplicate_tgw_connections],
+        accounts=[tgw_account],
         vpc_details=vpc_details,
         tgws=[tgw],
         assume_role=assume_role,
@@ -944,6 +988,7 @@ def test_missing_vpc_id(
     mocker: MockerFixture,
     app_interface_vault_settings: AppInterfaceSettingsV1,
     cluster_with_tgw_connection: ClusterV1,
+    tgw_account: AWSAccountV1,
     tgw: Mapping,
     vpc_details: Mapping,
     assume_role: str,
@@ -952,6 +997,7 @@ def test_missing_vpc_id(
         mocker,
         vault_settings=app_interface_vault_settings,
         clusters=[cluster_with_tgw_connection],
+        accounts=[tgw_account],
         vpc_details=None,
         tgws=[tgw],
         assume_role=assume_role,
@@ -967,6 +1013,7 @@ def test_error_in_tf_plan(
     mocker: MockerFixture,
     app_interface_vault_settings: AppInterfaceSettingsV1,
     cluster_with_tgw_connection: ClusterV1,
+    tgw_account: AWSAccountV1,
     account_tgw_connection: ClusterPeeringConnectionAccountTGWV1,
     tgw: Mapping,
     vpc_details: Mapping,
@@ -976,6 +1023,7 @@ def test_error_in_tf_plan(
         mocker,
         vault_settings=app_interface_vault_settings,
         clusters=[cluster_with_tgw_connection],
+        accounts=[tgw_account],
         vpc_details=vpc_details,
         tgws=[tgw],
         assume_role=assume_role,
@@ -992,6 +1040,7 @@ def test_disabled_deletions_detected_in_tf_plan(
     mocker: MockerFixture,
     app_interface_vault_settings: AppInterfaceSettingsV1,
     cluster_with_tgw_connection: ClusterV1,
+    tgw_account: AWSAccountV1,
     account_tgw_connection: ClusterPeeringConnectionAccountTGWV1,
     tgw: Mapping,
     vpc_details: Mapping,
@@ -1001,6 +1050,7 @@ def test_disabled_deletions_detected_in_tf_plan(
         mocker,
         vault_settings=app_interface_vault_settings,
         clusters=[cluster_with_tgw_connection],
+        accounts=[tgw_account],
         vpc_details=vpc_details,
         tgws=[tgw],
         assume_role=assume_role,
@@ -1018,6 +1068,7 @@ def test_error_in_terraform_apply(
     app_interface_vault_settings: AppInterfaceSettingsV1,
     cluster_with_tgw_connection: ClusterV1,
     account_tgw_connection: ClusterPeeringConnectionAccountTGWV1,
+    tgw_account: AWSAccountV1,
     tgw: Mapping,
     vpc_details: Mapping,
     assume_role: str,
@@ -1026,6 +1077,7 @@ def test_error_in_terraform_apply(
         mocker,
         vault_settings=app_interface_vault_settings,
         clusters=[cluster_with_tgw_connection],
+        accounts=[tgw_account],
         vpc_details=vpc_details,
         tgws=[tgw],
         assume_role=assume_role,

reconcile/test/test_utils_aws_helper.py

@@ -4,10 +4,10 @@ import reconcile.utils.aws_helper as awsh
 from reconcile.utils.secret_reader import SecretReader
 
 
-def test_get_user_id_from_arn():
+def test_get_id_from_arn():
     user_id = "id"
     arn = f"arn:aws:iam::12345:user/{user_id}"
-    result = awsh.get_user_id_from_arn(arn)
+    result = awsh.get_id_from_arn(arn)
     assert result == user_id
 
 

reconcile/utils/aws_helper.py

@@ -11,8 +11,8 @@ class AccountNotFoundError(Exception):
 Account = dict[str, Any]
 
 
-def get_user_id_from_arn(arn):
-    # arn:aws:iam::12345:user/id --> id
+def get_id_from_arn(arn):
+    # arn:aws:iam::12345:<arntype>/id --> id
     return arn.split("/")[1]
 
 

reconcile/utils/terrascript_aws_client.py

@@ -854,7 +854,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
     @staticmethod
     def get_alias_name_from_assume_role(assume_role):
         uid = awsh.get_account_uid_from_arn(assume_role)
-        return f"account-{uid}"
+        role_name = awsh.get_id_from_arn(assume_role)
+        return f"account-{uid}-{role_name}"
 
     def populate_additional_providers(self, accounts):
         for account in accounts:
@@ -2315,7 +2316,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                 role_grants = ocm.get_aws_infrastructure_access_role_grants(cluster)
                 for user_arn, _, state, switch_role_link in role_grants:
                     # find correct user by identifier
-                    user_id = awsh.get_user_id_from_arn(user_arn)
+                    user_id = awsh.get_id_from_arn(user_arn)
                     # output will only be added once
                     # terraform-resources created the user
                     # and ocm-aws-infrastructure-access granted it the role