qontract-reconcile 0.10.1rc417__py3-none-any.whl → 0.10.1rc418__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. {qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/METADATA +1 -1
  2. {qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/RECORD +6 -6
  3. reconcile/acs_rbac.py +7 -3
  4. {qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/WHEEL +0 -0
  5. {qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/entry_points.txt +0 -0
  6. {qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: qontract-reconcile
3
- Version: 0.10.1rc417
3
+ Version: 0.10.1rc418
4
4
  Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
5
5
  Home-page: https://github.com/app-sre/qontract-reconcile
6
6
  Author: Red Hat App-SRE Team
{qontract_reconcile-0.10.1rc417.dist-info → qontract_reconcile-0.10.1rc418.dist-info}/RECORD RENAMED
@@ -1,5 +1,5 @@
1
1
  reconcile/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
2
- reconcile/acs_rbac.py,sha256=OggKBiNGOGQJBsE3jJXwt0NT7zsTebdgDNKllE8cQMs,23537
2
+ reconcile/acs_rbac.py,sha256=Jr9qIR1VjH16xpADZqjkigqsDW7iDnMD9nn7GxU4z0Y,23828
3
3
  reconcile/aws_ami_share.py,sha256=yLNSjtepxk4UL5f4Ix9oRp17jy9OXza0MIr71mhuqEA,3665
4
4
  reconcile/aws_ecr_image_pull_secrets.py,sha256=TGEc_0nv8oxV2HqA8VdcM4HHP-B1YqmNOOU6FPwVFTY,2328
5
5
  reconcile/aws_garbage_collector.py,sha256=ddwU8IKTueAJc0TzymcREr7hcoVui9kOGvdH1B2EcuM,450
@@ -636,8 +636,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=dmEcNwZltP1rd_4DbxIYakO
636
636
  tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
637
637
  tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
638
638
  tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
639
- qontract_reconcile-0.10.1rc417.dist-info/METADATA,sha256=qVCp5XoYQncnPYXv4depIwHI3RastqoUxTf1pDAkvro,2347
640
- qontract_reconcile-0.10.1rc417.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
641
- qontract_reconcile-0.10.1rc417.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
642
- qontract_reconcile-0.10.1rc417.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
643
- qontract_reconcile-0.10.1rc417.dist-info/RECORD,,
639
+ qontract_reconcile-0.10.1rc418.dist-info/METADATA,sha256=bYR73yjW15cE_wXs6HuU9pT1haQ-xRZBBOnXU4whpII,2347
640
+ qontract_reconcile-0.10.1rc418.dist-info/WHEEL,sha256=Xo9-1PvkuimrydujYJAjF7pCkriuXBpUPEjma1nZyJ0,92
641
+ qontract_reconcile-0.10.1rc418.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
642
+ qontract_reconcile-0.10.1rc418.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
643
+ qontract_reconcile-0.10.1rc418.dist-info/RECORD,,
reconcile/acs_rbac.py CHANGED
@@ -353,6 +353,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
353
353
  role: AcsRole,
354
354
  acs: AcsApi,
355
355
  access_scope_id: str,
356
+ admin_access_scope_id: str,
356
357
  groups: list[Group],
357
358
  dry_run: bool,
358
359
  ) -> None:
@@ -383,9 +384,11 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
383
384
  acs.delete_role(role.name)
384
385
  logging.info("Deleted role: %s", role.name)
385
386
 
386
- if not dry_run:
387
- acs.delete_access_scope(access_scope_id)
388
- logging.info("Deleted access scope: %s", role.access_scope.name)
387
+ # do not attempt deletion of system default 'Unrestricted' scope referenced by a custom role
388
+ if access_scope_id != admin_access_scope_id:
389
+ if not dry_run:
390
+ acs.delete_access_scope(access_scope_id)
391
+ logging.info("Deleted access scope: %s", role.access_scope.name)
389
392
 
390
393
  def delete_rbac(
391
394
  self,
@@ -416,6 +419,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
416
419
  role=role,
417
420
  acs=acs,
418
421
  access_scope_id=access_scope_id_map[role.access_scope.name],
422
+ admin_access_scope_id=access_scope_id_map[DEFAULT_ADMIN_SCOPE_NAME],
419
423
  groups=role_group_mappings[role.name],
420
424
  dry_run=dry_run,
421
425
  )