PyPI - qontract-reconcile - Versions diffs - 0.10.1rc473__py3-none-any.whl → 0.10.1rc474__py3-none-any.whl - Mend

qontract-reconcile 0.10.1rc473py3-none-any.whl → 0.10.1rc474py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

{qontract_reconcile-0.10.1rc473.dist-info → qontract_reconcile-0.10.1rc474.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc473
+Version: 0.10.1rc474
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc473.dist-info → qontract_reconcile-0.10.1rc474.dist-info}/RECORD RENAMED Viewed

@@ -68,7 +68,7 @@ reconcile/openshift_namespaces.py,sha256=DboMc6t0vXD54lL9ZP9P9fQnCRo2g_0z5FWubtW
 reconcile/openshift_network_policies.py,sha256=_qqv7yj17OM1J8KJPsFmzFZ85gzESJeBocC672z4_WU,4231
 reconcile/openshift_resourcequotas.py,sha256=yUi56PiOn3inMMfq_x_FEHmaW-reGipzoorjdar372g,2415
 reconcile/openshift_resources.py,sha256=kwsY5cko7udEKNlhL2oKiKv_5wzEw9wmmwROE016ng8,1400
-reconcile/openshift_resources_base.py,sha256=H8pxBzHgp9dC5W7plFTnm6iai1oQvPj6sW1S2khct3U,44866
+reconcile/openshift_resources_base.py,sha256=aMrblZnviFMiAPS5SZsYWmGIRA-l8XlHwtxPr_klui0,45728
 reconcile/openshift_rolebindings.py,sha256=0sEKajdqVuBSzlagyPbLxtNXQdI2vyabmbIRifs0des,6629
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
 reconcile/openshift_saas_deploy.py,sha256=MySDWBQN2N3rv_B8ifWzRY5t2Afq3DEVkFECHMpW_Sk,11908
@@ -402,7 +402,7 @@ reconcile/test/test_openshift_base.py,sha256=uVsnMghAQhHaJTreeOw4x2INTKJ6qeiZiit
 reconcile/test/test_openshift_namespace_labels.py,sha256=P1hqi6P88NijNrurdXG_QR2usyo3EYZSy9zpwYHvDsM,12104
 reconcile/test/test_openshift_namespaces.py,sha256=HmRnCE5EnFt3MYceVEFHmk8wWRtCrxu2AFGFkY9pdyA,9214
 reconcile/test/test_openshift_resource.py,sha256=lbTf48jX1q6rGnRiA5pPvfU0uPfY8zhNylMtryn0sLI,12995
-reconcile/test/test_openshift_resources_base.py,sha256=i4tk9knD5F1DppSsjBJ5pfrLSm1aP7lt--OSx3gmO9M,14058
+reconcile/test/test_openshift_resources_base.py,sha256=4UucdsD0nCMFT1WmgNXf4r7ZZ11cJ_MP13IcK7_Vs0g,15042
 reconcile/test/test_openshift_saas_deploy.py,sha256=YLJGkc--u5aP0UkQ-b9ZGEFGS2gw25jjcSgknQdI3Ic,5892
 reconcile/test/test_openshift_saas_deploy_change_tester.py,sha256=1yVe54Hx9YdVjn6qdnKge5Sa_s732c-8uZqCnuT1gGI,12871
 reconcile/test/test_openshift_tekton_resources.py,sha256=RtRWsdm51S13OSkENC9nY_rOH0QELSCaO5tjF0XqIDI,11222
@@ -650,8 +650,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc473.dist-info/METADATA,sha256=Rnigg-CBRz8a3ixHxvm6IblRrV35SbamdffbAThCeJM,2348
-qontract_reconcile-0.10.1rc473.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-qontract_reconcile-0.10.1rc473.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
-qontract_reconcile-0.10.1rc473.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc473.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc474.dist-info/METADATA,sha256=ny9B6p1OQXpsG5S6qvXUJ4U64v1WFkOdm6Qzti96uG4,2348
+qontract_reconcile-0.10.1rc474.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+qontract_reconcile-0.10.1rc474.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
+qontract_reconcile-0.10.1rc474.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc474.dist-info/RECORD,,

reconcile/openshift_resources_base.py CHANGED Viewed

@@ -3,6 +3,7 @@ import hashlib
 import itertools
 import json
 import logging
+import re
 import sys
 from collections import defaultdict
 from collections.abc import (
@@ -224,6 +225,7 @@ QONTRACT_INTEGRATION = "openshift_resources_base"
 QONTRACT_INTEGRATION_VERSION = make_semver(1, 9, 2)
 QONTRACT_BASE64_SUFFIX = "_qb64"
 APP_INT_BASE_URL = "https://gitlab.cee.redhat.com/service/app-interface"
+KUBERNETES_SECRET_DATA_KEY_RE = "^[-._a-zA-Z0-9]+$"
 _log_lock = Lock()
@@ -262,6 +264,10 @@ class ResourceTemplateRenderError(Exception):
     pass
+class SecretKeyFormatError(Exception):
+    pass
 class UnknownProviderError(Exception):
     def __init__(self, msg):
         super().__init__("unknown provider error: " + str(msg))
@@ -585,6 +591,8 @@ def fetch_provider_vault_secret(
     if labels:
         body["metadata"]["labels"] = labels
+    assert_valid_secret_keys(raw_data)
     # populate data
     for k, v in raw_data.items():
         if k.lower().endswith(QONTRACT_BASE64_SUFFIX):
@@ -600,6 +608,19 @@ def fetch_provider_vault_secret(
         raise FetchResourceError(str(e))
+# check to ensure that all of the keys are valid by looking to see if there are
+# any white space issues. If any issues are uncovered, an exception will be
+# raised.
+# we're receiving the full key: value information, not simply a list of keys.
+def assert_valid_secret_keys(secrets_data: dict[str, str]):
+    for k in secrets_data:
+        matches = re.search(KUBERNETES_SECRET_DATA_KEY_RE, k)
+        if not matches:
+            raise SecretKeyFormatError(
+                f"'{k}' is not valid key name for a Secret. a valid Secret key must consist of alphanumeric characters, '-', '_' or '.' (e.g. 'key.name',  or 'KEY_NAME',  or 'key-name', regex used for validation is '^[-._a-zA-Z0-9]+$')"
+            )
 def fetch_provider_route(resource: dict, tls_path, tls_version, settings=None) -> OR:
     path = resource["path"]
     openshift_resource = fetch_provider_resource(resource)

reconcile/test/test_openshift_resources_base.py CHANGED Viewed

@@ -482,3 +482,28 @@ def test_cluster_params():
     with pytest.raises(RuntimeError):
         orb.run(dry_run=False, cluster_name=["cluster-1", "cluster-2"])
+@pytest.mark.parametrize(
+    "test_parameters, exception_expected",
+    [
+        ({" leading_space": "test"}, orb.SecretKeyFormatError),
+        ({" space_padding ": "test"}, orb.SecretKeyFormatError),
+        ({"trailing_space ": "test"}, orb.SecretKeyFormatError),
+        ({"&invalidkey": "test"}, orb.SecretKeyFormatError),
+        ({"!invalidkey": "test"}, orb.SecretKeyFormatError),
+        ({"space issues": "test"}, orb.SecretKeyFormatError),
+        ({"/etc/passwd": "test"}, orb.SecretKeyFormatError),
+        ({"": "test"}, orb.SecretKeyFormatError),
+        ({".": "test"}, None),
+        ({"0validkey": "test"}, None),
+        ({"no_spacing": "test"}, None),
+        ({"-": "test"}, None),
+    ],
+)
+def test_secret_keys(test_parameters, exception_expected):
+    if exception_expected is not None:
+        with pytest.raises(exception_expected):
+            orb.assert_valid_secret_keys(test_parameters)
+    else:
+        orb.assert_valid_secret_keys(test_parameters)

{qontract_reconcile-0.10.1rc473.dist-info → qontract_reconcile-0.10.1rc474.dist-info}/WHEEL RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc473.dist-info → qontract_reconcile-0.10.1rc474.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc473.dist-info → qontract_reconcile-0.10.1rc474.dist-info}/top_level.txt RENAMED Viewed

File without changes

qontract-reconcile 0.10.1rc473__py3-none-any.whl → 0.10.1rc474__py3-none-any.whl

qontract-reconcile 0.10.1rc473py3-none-any.whl → 0.10.1rc474py3-none-any.whl