qontract-reconcile 0.10.1rc174__py3-none-any.whl → 0.10.1rc175__py3-none-any.whl

{qontract_reconcile-0.10.1rc174.dist-info → qontract_reconcile-0.10.1rc175.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc174
+Version: 0.10.1rc175
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc174.dist-info → qontract_reconcile-0.10.1rc175.dist-info}/RECORD

@@ -177,8 +177,8 @@ reconcile/gql_definitions/common/ocm_environments.py,sha256=yV4UVjdnNmqbR5trQCOA
 reconcile/gql_definitions/common/pagerduty_instances.py,sha256=8NBHKRXg_OKG9NsJv6FOj8UVFcjkdJg-9E16ZqZIRPQ,2006
 reconcile/gql_definitions/common/pgp_reencryption_settings.py,sha256=tS68-tBBd7BJYmfTjtdTlxpABF3f_z9eJdtaKnyZc0Q,2305
 reconcile/gql_definitions/common/pipeline_providers.py,sha256=khAU9bbLNHbP6O3yeKRitU0A6umBnV-pSvi80wfMNu0,9311
-reconcile/gql_definitions/common/saas_files.py,sha256=bGrXxo1DHixi09JuHBtf2DatDGIdUbjfga2wtjysVQo,15190
-reconcile/gql_definitions/common/saas_target_namespaces.py,sha256=wdrsA4POEiuE9FHFuZN4BqgG6nEEH5MYsZec7nwda5c,2634
+reconcile/gql_definitions/common/saas_files.py,sha256=fpqUB5m5eF1D9p7YPVBpSDvwPkBMKFKklLOX_S-3BuI,15029
+reconcile/gql_definitions/common/saas_target_namespaces.py,sha256=m5QWGQsATyqkkyiSZOGX7QpKGKsT0tb2gzMiKUmVZuc,2674
 reconcile/gql_definitions/common/saasherder_settings.py,sha256=jxrFr03NmiwV3uegKCxQgB5iveC2IaGZIoguXoiNMgs,1797
 reconcile/gql_definitions/common/smtp_client_settings.py,sha256=Pb8VgTGFqCh4_rI0BOHoXuicfdNyol1kIN8NLONHaxI,2252
 reconcile/gql_definitions/common/users.py,sha256=C5EvC5gNBHqWuY4tvOG5oZUiFV4eognyu-KjBRsIkMM,1685
@@ -194,7 +194,7 @@ reconcile/gql_definitions/fragments/oc_connection_cluster.py,sha256=L8v52wkcHpnF
 reconcile/gql_definitions/fragments/ocm_environment.py,sha256=DOfBY4fb02UF5R3ZxtwHBTlxhPYOOBJaqGeENElX7oc,1037
 reconcile/gql_definitions/fragments/resource_requirements.py,sha256=p7bMDzeIMr008A_4skrZjXAwVXA4PtO2rX93iGBYqvk,732
 reconcile/gql_definitions/fragments/resource_values.py,sha256=DS3KqzgjT_wJ36SWPZ9HyNXOBNvbhhGnh06IMQmrFXQ,746
-reconcile/gql_definitions/fragments/saas_target_namespace.py,sha256=RJEsksPlDvSyy0kztszw5PFFZnvN7TQVDAAqsZ5otR8,2156
+reconcile/gql_definitions/fragments/saas_target_namespace.py,sha256=MoStxN1XmAk1JUVWkVpvVFhWnl5s6bvQhkgoSj5SDBs,2320
 reconcile/gql_definitions/fragments/terraform_state.py,sha256=mh7ra7xX2jrWCjoWVZ6Z2fsUgZ_EXgzv4sh07jkAhKQ,1042
 reconcile/gql_definitions/fragments/upgrade_policy.py,sha256=73VyC3kbkZ_g3aXmhD016a0axoJxKlIJSGmcue1A2Ow,1077
 reconcile/gql_definitions/fragments/user.py,sha256=6RVsHZVHjOrZKcH8rWGQG9V1OtPpACSZ3wNwca3H8pA,943
@@ -360,7 +360,7 @@ reconcile/test/test_queries.py,sha256=SpH3RmNpBjEr_ne3VjAMCgKK8RE1z1zo7bypkT5uoO
 reconcile/test/test_repo_owners.py,sha256=uRYMLbMmh-9usF0TerabZTZV-Z1CS4I6ybT-LQqCLe8,1423
 reconcile/test/test_requests_sender.py,sha256=7fd9C2kEFS0-CYtlsif66N1kO9c44pzuBPAJKR9igqU,5385
 reconcile/test/test_saasherder.py,sha256=LPRKvuu5hjIVSMQ7_u0BtY2gdGUNy4N-FHiqT08atLY,37484
-reconcile/test/test_saasherder_allowed_secret_paths.py,sha256=86ffYbbN0Xng8CTiXf3yR_3VD8qyqRpVTByJFycdXp0,4899
+reconcile/test/test_saasherder_allowed_secret_paths.py,sha256=FmNkc1dEHhTQ5TM_PLCrWCj9QV0VhoLcbcDsiim5gaM,4807
 reconcile/test/test_secret_reader.py,sha256=kz7nzcPjvA08cytnvcA_PMA98AEyqJWsESkYeRn5xCk,4994
 reconcile/test/test_slack_base.py,sha256=gpbWOLNxMMX6fyAbs1JakhLTnwfedb3f7WpUae4tQZE,5060
 reconcile/test/test_slack_usergroups.py,sha256=O2CNs2t1kNdAG_NqUhf5yr4K0Q-9ZLuXdQ4G_kYxatw,23647
@@ -581,9 +581,9 @@ reconcile/utils/runtime/meta.py,sha256=X44HzyXIBprf3zcsGr2XLCgoeFkz6r3U2nlFXM1H7
 reconcile/utils/runtime/runner.py,sha256=72cc-I6yXyPov8UCLHpyERRy1eiMLpGite2roO0yUlo,7979
 reconcile/utils/runtime/sharding.py,sha256=gGmfYFeplEbjSBQIGAue2uj83-EOI6caaK63i_kcjfk,13626
 reconcile/utils/saasherder/__init__.py,sha256=J3MBZBFa5YmhqYm08QsjBXz8mFcVOCiOCkyIcw41t7E,343
-reconcile/utils/saasherder/interfaces.py,sha256=5td8aFU1v0V7_I1r1U3b39AsrDvzNeVrCAVSP_CffHg,8935
+reconcile/utils/saasherder/interfaces.py,sha256=J3Q-cS0l5Xf_5FjZW23C7Q_ATRKn51vBtU_0F1K506Y,8754
 reconcile/utils/saasherder/models.py,sha256=R_6Gx71GnK_eWBG1onBbHfHwkektecKGmMTttbKe33E,4725
-reconcile/utils/saasherder/saasherder.py,sha256=rOtB2fo7RWst4qMf3nfdHo1Qo6KAplN3gqQRE8wSiqI,81246
+reconcile/utils/saasherder/saasherder.py,sha256=V_VIyrDMbaJ1WLqKMhXvvWZWImeKv4v8N8T7mfUEzLc,81091
 reconcile/utils/terraform/__init__.py,sha256=zNbiyTWo35AT1sFTElL2j_AA0jJ_yWE_bfFn-nD2xik,250
 reconcile/utils/terraform/config.py,sha256=5UVrd563TMcvi4ooa5JvWVDW1I3bIWg484u79evfV_8,164
 reconcile/utils/terraform/config_client.py,sha256=t4novdX7GeYPMYms97C_BBtLmt0M8CJCmCT7QHENwxg,4687
@@ -609,8 +609,8 @@ tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sd_app_sre_alert_report.py,sha256=JeLhgzpKCPgLvptwg_4ZvJHLVWKNG1T5845HXTkMBxA,1826
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc174.dist-info/METADATA,sha256=YdtzuZVFXXRkB_7Zbf2F4uRshHSGFmpHTQ-J7ei1nis,2320
-qontract_reconcile-0.10.1rc174.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-qontract_reconcile-0.10.1rc174.dist-info/entry_points.txt,sha256=Af70EWPJxsTiCNF6gA-pWdw1A0Heqn-PZF-oBc5NmiU,302
-qontract_reconcile-0.10.1rc174.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc174.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc175.dist-info/METADATA,sha256=hIn9NPTRVv7ikfB-EKs1hBs3NeCNLIZiBaghvDuh5rU,2320
+qontract_reconcile-0.10.1rc175.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+qontract_reconcile-0.10.1rc175.dist-info/entry_points.txt,sha256=Af70EWPJxsTiCNF6gA-pWdw1A0Heqn-PZF-oBc5NmiU,302
+qontract_reconcile-0.10.1rc175.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc175.dist-info/RECORD,,

reconcile/gql_definitions/common/saas_files.py

@@ -79,6 +79,9 @@ fragment SaasTargetNamespace on Namespace_v1 {
       name
     }
     labels
+    selfServiceRoles {
+      name
+    }
   }
   cluster {
     ...OcConnectionCluster
@@ -104,6 +107,9 @@ query SaasFiles {
       parentApp {
         name
       }
+      selfServiceRoles {
+        name
+      }
     }
     pipelinesProvider {
       name
@@ -255,13 +261,7 @@ query SaasFiles {
       }
     }
     selfServiceRoles {
-      users {
-        org_username
-        tag_on_merge_requests
-      }
-      bots {
-        org_username
-      }
+      name
     }
   }
 }
@@ -278,9 +278,14 @@ class AppV1_AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
 
 
+class RoleV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+
+
 class AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     parent_app: Optional[AppV1_AppV1] = Field(..., alias="parentApp")
+    self_service_roles: Optional[list[RoleV1]] = Field(..., alias="selfServiceRoles")
 
 
 class PipelinesProviderV1(ConfiguredBaseModel):
@@ -491,18 +496,8 @@ class SaasResourceTemplateV2(ConfiguredBaseModel):
     targets: list[SaasResourceTemplateTargetV2] = Field(..., alias="targets")
 
 
-class UserV1(ConfiguredBaseModel):
-    org_username: str = Field(..., alias="org_username")
-    tag_on_merge_requests: Optional[bool] = Field(..., alias="tag_on_merge_requests")
-
-
-class BotV1(ConfiguredBaseModel):
-    org_username: Optional[str] = Field(..., alias="org_username")
-
-
-class RoleV1(ConfiguredBaseModel):
-    users: list[UserV1] = Field(..., alias="users")
-    bots: list[BotV1] = Field(..., alias="bots")
+class SaasFileV2_RoleV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
 
 
 class SaasFileV2(ConfiguredBaseModel):
@@ -539,7 +534,9 @@ class SaasFileV2(ConfiguredBaseModel):
     resource_templates: list[SaasResourceTemplateV2] = Field(
         ..., alias="resourceTemplates"
     )
-    self_service_roles: Optional[list[RoleV1]] = Field(..., alias="selfServiceRoles")
+    self_service_roles: Optional[list[SaasFileV2_RoleV1]] = Field(
+        ..., alias="selfServiceRoles"
+    )
 
 
 class SaasFilesQueryData(ConfiguredBaseModel):

reconcile/gql_definitions/common/saas_target_namespaces.py

@@ -75,6 +75,9 @@ fragment SaasTargetNamespace on Namespace_v1 {
       name
     }
     labels
+    selfServiceRoles {
+      name
+    }
   }
   cluster {
     ...OcConnectionCluster

reconcile/gql_definitions/fragments/saas_target_namespace.py

@@ -47,10 +47,15 @@ class AppV1_AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
 
 
+class RoleV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+
+
 class AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     parent_app: Optional[AppV1_AppV1] = Field(..., alias="parentApp")
     labels: Optional[Json] = Field(..., alias="labels")
+    self_service_roles: Optional[list[RoleV1]] = Field(..., alias="selfServiceRoles")
 
 
 class NamespaceSkupperSiteConfigV1(ConfiguredBaseModel):

reconcile/test/test_saasherder_allowed_secret_paths.py

@@ -41,7 +41,7 @@ def test_saasherder_allowed_secret_paths(
                 "name": "a1",
                 "managedResourceTypes": [],
                 "allowedSecretParameterPaths": [allowed_secret_parameter_path],
-                "app": {"name": "app1"},
+                "app": {"name": "app1", "selfServiceRoles": [{"name": "test"}]},
                 "pipelinesProvider": {
                     "name": "tekton-app-sre-pipelines-appsres03ue1",
                     "provider": "tekton",
@@ -106,9 +106,6 @@ def test_saasherder_allowed_secret_paths(
                         ],
                     },
                 ],
-                "selfServiceRoles": [
-                    {"users": [{"org_username": "theirname"}], "bots": []}
-                ],
             },
         )
     ]

reconcile/utils/saasherder/interfaces.py

@@ -58,6 +58,10 @@ class SaasApp(Protocol):
     def parent_app(self) -> Optional[SaasParentApp]:
         ...
 
+    @property
+    def self_service_roles(self) -> Optional[Sequence[SaasRole]]:
+        ...
+
 
 class SaasPipelinesProvider(Protocol):
     name: str
@@ -360,23 +364,8 @@ class SaasResourceTemplate(HasParameters, HasSecretParameters, Protocol):
         ...
 
 
-class SaasUser(Protocol):
-    org_username: str
-    tag_on_merge_requests: Optional[bool]
-
-
-class SaasBot(Protocol):
-    org_username: Optional[str]
-
-
 class SaasRole(Protocol):
-    @property
-    def users(self) -> Sequence[SaasUser]:
-        ...
-
-    @property
-    def bots(self) -> Sequence[SaasBot]:
-        ...
+    name: str
 
 
 SaasPipelinesProviders = Union[SaasPipelinesProviderTekton, SaasPipelinesProvider]

reconcile/utils/saasherder/saasherder.py

@@ -256,14 +256,9 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
             saas_file_name_path_map.setdefault(saas_file.name, [])
             saas_file_name_path_map[saas_file.name].append(saas_file.path)
 
-            saas_file_owners = [
-                u.org_username
-                for r in saas_file.self_service_roles or []
-                for u in list(r.users) + list(r.bots)
-            ]
-            if not saas_file_owners:
+            if not saas_file.app.self_service_roles:
                 logging.error(
-                    f"saas file {saas_file.name} has no owners: {saas_file.path}"
+                    f"app {saas_file.app.name} has no self-service roles (saas file {saas_file.name})"
                 )
                 self.valid = False