qontract-reconcile 0.10.1rc479__py3-none-any.whl → 0.10.1rc488__py3-none-any.whl

{qontract_reconcile-0.10.1rc479.dist-info → qontract_reconcile-0.10.1rc488.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc479
+Version: 0.10.1rc488
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team
@@ -22,8 +22,8 @@ Requires-Dist: ldap3 <2.10.0,>=2.9.1
 Requires-Dist: anymarkup <0.9.0,>=0.7.0
 Requires-Dist: python-gitlab <1.12.0,>=1.11.0
 Requires-Dist: semver ~=2.13
-Requires-Dist: boto3 ==1.26.139
-Requires-Dist: botocore ==1.29.139
+Requires-Dist: boto3 ==1.34.15
+Requires-Dist: botocore ==1.34.15
 Requires-Dist: urllib3 <1.27.0,>=1.25.4
 Requires-Dist: slack-sdk <4.0,>=3.10
 Requires-Dist: pypd <1.2.0,>=1.1.0

{qontract_reconcile-0.10.1rc479.dist-info → qontract_reconcile-0.10.1rc488.dist-info}/RECORD

@@ -8,7 +8,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=2FIP7dyW9lxJwbJFyZou5noGIl0B0gEj9IKLNM0vk-I,81792
+reconcile/cli.py,sha256=ZH37Rliz2M_yZIJf4kQ5PPmpr79Ex1frk712PTU9ae4,81820
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -68,7 +68,7 @@ reconcile/openshift_namespaces.py,sha256=DboMc6t0vXD54lL9ZP9P9fQnCRo2g_0z5FWubtW
 reconcile/openshift_network_policies.py,sha256=_qqv7yj17OM1J8KJPsFmzFZ85gzESJeBocC672z4_WU,4231
 reconcile/openshift_resourcequotas.py,sha256=yUi56PiOn3inMMfq_x_FEHmaW-reGipzoorjdar372g,2415
 reconcile/openshift_resources.py,sha256=kwsY5cko7udEKNlhL2oKiKv_5wzEw9wmmwROE016ng8,1400
-reconcile/openshift_resources_base.py,sha256=aMrblZnviFMiAPS5SZsYWmGIRA-l8XlHwtxPr_klui0,45728
+reconcile/openshift_resources_base.py,sha256=ZhNVhotSbp2Ue3cMEqso-Cmug6vDV67lwX7pEvUpmbw,45787
 reconcile/openshift_rolebindings.py,sha256=0sEKajdqVuBSzlagyPbLxtNXQdI2vyabmbIRifs0des,6629
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
 reconcile/openshift_saas_deploy.py,sha256=MySDWBQN2N3rv_B8ifWzRY5t2Afq3DEVkFECHMpW_Sk,11908
@@ -118,7 +118,7 @@ reconcile/vpc_peerings_validator.py,sha256=Kv22HJVlTW9l9GB2eXwjPWqdDbr_VuvQBNPtt
 reconcile/aus/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aus/advanced_upgrade_service.py,sha256=DQ9FrphzhKsKaXbXeA2v3Qsg1ABXXEtPhD-R-FwUsBA,21007
 reconcile/aus/aus_label_source.py,sha256=X6FD4NYcX27llMUSmmBcCh-pG7U5FnBd0zl-0zwCj2U,4118
-reconcile/aus/base.py,sha256=aad4dkVOTZfeLLNmdDranLugt8Z3whQuae86yyYcgBU,44417
+reconcile/aus/base.py,sha256=Qdktz7W7J9TWVCYJZHwyKoIf4sVI7W9o_WwzsOBxLfQ,44912
 reconcile/aus/cluster_version_data.py,sha256=j4UyEBi5mQuvPq5Lo7a_L_0blxvH790wJV07uAiikFU,7126
 reconcile/aus/metrics.py,sha256=fIew-rzi_kYuI5Gxn3-4bQVIr2oNibiKPyGnhB-xKU4,3538
 reconcile/aus/models.py,sha256=muBmbovxYtSNLFrTLVRcJYZ4dx6JLh8n3Q1-DjWJOHM,7098
@@ -131,11 +131,11 @@ reconcile/aws_ami_cleanup/integration.py,sha256=IW95cpMj2P5ffs-AxsR_TDQCJnYFBhLI
 reconcile/aws_cloudwatch_log_retention/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_cloudwatch_log_retention/integration.py,sha256=0UcSZIrGvnGY4m9fj87oejIolIP_qTxtJInpmW9jrQ0,7772
 reconcile/aws_version_sync/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/aws_version_sync/integration.py,sha256=otccsHGCUyv0K2qhj8DmH9bXyKhHiYNF5wKQW3xJCz8,12260
+reconcile/aws_version_sync/integration.py,sha256=dN_lZIeM5i0p6-yHYadGg65QgDs0nVWYJkPzU-KGwuo,15196
 reconcile/aws_version_sync/utils.py,sha256=sVv-48PKi2VITlqqvmpbjnFDOPeGqfKzgkpIszlmjL0,1708
 reconcile/aws_version_sync/merge_request_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_version_sync/merge_request_manager/merge_request.py,sha256=FeNcQaory5AXNVuVk-jJxPwtI4uSoURgkTH3rXAb2cc,6198
-reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py,sha256=B2zc1l11Cyk_hWGEKV8FbHwncns67T2RPAjC1qpvM2U,8300
+reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py,sha256=6gYFzpdJ-KcftPtOP3nhe3F9N184-UGfo_f8MQrzGxg,8322
 reconcile/change_owners/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/change_owners/approver.py,sha256=GV8nwS-YJOJ8O-b9v3u60RSYECYH2EKAycjpoW6VmvU,2228
 reconcile/change_owners/bundle.py,sha256=dZ-GRCIgpSYwKzZD9rs64Ie09OptzDc8aR2X2msnt3Q,5363
@@ -175,7 +175,7 @@ reconcile/gql_definitions/aws_ami_cleanup/__init__.py,sha256=47DEQpj8HBSa-_TImW-
 reconcile/gql_definitions/aws_ami_cleanup/asg_namespaces.py,sha256=OJmeTu7uirLGAysZ3IQTtRXqMyL8noi_QZxPuWYxxmI,3678
 reconcile/gql_definitions/aws_version_sync/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/aws_version_sync/clusters.py,sha256=2TOJOFxpTkZ2HKuqAGUo6tQkzOINSfO-bYDINVpJeL0,2295
-reconcile/gql_definitions/aws_version_sync/namespaces.py,sha256=AqjbVMm2ZfSb7GKPIiW7rMiNAIJGroHgV46vRTtAy-4,3886
+reconcile/gql_definitions/aws_version_sync/namespaces.py,sha256=eBLyXlSjWdmEE-jY9M2Ocgk7JGi2OsWisTkjHLfgU_A,4311
 reconcile/gql_definitions/change_owners/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/change_owners/queries/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/change_owners/queries/change_types.py,sha256=C0Y3M9q7ZZRrawZ0QUOoCJ-EUDEqTUFhJf6fUlby4pY,4935
@@ -548,7 +548,7 @@ reconcile/utils/oc_map.py,sha256=nT69J5pdPeIDnIYjD9fwY6GkE3BMQCf-AF0rmHJuUNw,906
 reconcile/utils/ocm_base_client.py,sha256=UV-tQYrjg9kLYw2NE5nixrWlRz5bhyZsz8Q4WUhvBRA,6096
 reconcile/utils/openshift_resource.py,sha256=WYLetCNItODjoOVeYqbCaEx_Lv-ntsj6I97x-1o2yAk,25116
 reconcile/utils/openssl.py,sha256=QVvhzhpChq_4Daf_5wE1qeZJr4thg3DDjJPn4bOPD4E,365
-reconcile/utils/output.py,sha256=htcMXMe0y2dNnwu8MW8x0JZ5YBaEJRy5w4tR8yLF0OU,1738
+reconcile/utils/output.py,sha256=4tObxIS_-EdJY_YCOOOmaYvHY40Q72IpYjWhjpJR1Ec,1856
 reconcile/utils/pagerduty_api.py,sha256=ckZZMn_ri7mUFsmMb8Lejuw5Lf_0-OWv8MbOzPc2zkQ,7567
 reconcile/utils/parse_dhms_duration.py,sha256=TONpLnec5gHeF7k815YNJpQyDjXhkxZIcv9s8ffbTSY,1840
 reconcile/utils/password_validator.py,sha256=XwuWg-8CPlcuG7dl_oQ1G1h2gSVSnfMym_VkuprpWVg,2183
@@ -567,7 +567,7 @@ reconcile/utils/state.py,sha256=-a3fOnGZnDRcTXw9Hg3QtGdKePGtnmoCkPeCt-5HgbE,1367
 reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=V7AMQOEU4tvUOT-LQN2cXLqcphD5L93PMGMfurQQyPY,31753
-reconcile/utils/terrascript_aws_client.py,sha256=zGVd9DLUKLucyCiYlNqt5O39kLTwEdgSGwKE86326DE,262689
+reconcile/utils/terrascript_aws_client.py,sha256=67MwR-IOvuBJXUsKxokbWk4utyKe9EnhT688d6xJcDU,262986
 reconcile/utils/three_way_diff_strategy.py,sha256=nyqeQsLCoPI6e16k2CF3b9KNgQLU-rPf5RtfdUfVMwE,4468
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/unleash.py,sha256=1D56CsZfE3ShDtN3IErE1T2eeIwNmxhK-yYbCotJ99E,3601
@@ -599,7 +599,7 @@ reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py,sha256=RzEKRT_BhvB2ud9py
 reconcile/utils/mr/user_maintenance.py,sha256=cHPBn8zrReWLHalyk-EFdkFJe9zjVjRoZhT4t2zZfGE,3956
 reconcile/utils/ocm/__init__.py,sha256=5Pcf5cyftDWT5XRi1EzvNklOVxGplJi-v12HN3TDarc,57
 reconcile/utils/ocm/addons.py,sha256=8wVrt16i69KkXq1fQByVheSQRhrRELbuOHb7Tz9bKT0,1675
-reconcile/utils/ocm/base.py,sha256=iFGYzlXrGD-kKDat2IFkHFGO2m3nq7I0olQ5kbKvLww,11698
+reconcile/utils/ocm/base.py,sha256=7jm37vMoIIaSnOZe02_6VZFIh0IDa-VVIqfR1FoddZQ,11872
 reconcile/utils/ocm/cluster_groups.py,sha256=F8oqVqN_4QUnGL0K61zZhoYIzJeP57EcmZpwmoV0mr4,1751
 reconcile/utils/ocm/clusters.py,sha256=Q6g5kGSNfxZUZ56LPFAYjOz8xJ2c6QG76V78GvyLxB0,7448
 reconcile/utils/ocm/identity_providers.py,sha256=dKed09N8iWmn39tI_MpwgVe47x23eLsknGbjMUxtwr4,2175
@@ -639,7 +639,7 @@ tools/app_interface_metrics_exporter.py,sha256=zkwkxdAUAxjdc-pzx2_oJXG25fo0Fnyd5
 tools/app_interface_reporter.py,sha256=upA-J-n-HXHKVDINRuMR7vTt-iJvQORKUVi9D3leQto,17738
 tools/glitchtip_access_reporter.py,sha256=oPBnk_YoDuljU3v0FaChzOwwnk4vap1xEE67QEjzdqs,2948
 tools/glitchtip_access_revalidation.py,sha256=8kbBJk04mkq28kWoRDDkfCGIF3GRg3pJrFAh1sW0dbk,2821
-tools/qontract_cli.py,sha256=-zYPdrQKoFHGziVrHSxnlam-xw8T1Us15ABQldIjD-c,99735
+tools/qontract_cli.py,sha256=I6q8SuJ5vM7ZUJpJK_EGKZhuf1Wl2D-7LLpLH46JIv4,99697
 tools/sd_app_sre_alert_report.py,sha256=e9vAdyenUz2f5c8-z-5WY0wv-SJ9aePKDH2r4IwB6pc,5063
 tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/cli_commands/gpg_encrypt.py,sha256=w8hl4jIEWk5wKbEFN6fVEOwUJGmdlvOqYodW3XSN7mU,4978
@@ -650,8 +650,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc479.dist-info/METADATA,sha256=YHoqqZ7Hx-X-H_4gcWuf-q7XhNc1tYZhvqxrwEY17sY,2348
-qontract_reconcile-0.10.1rc479.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-qontract_reconcile-0.10.1rc479.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
-qontract_reconcile-0.10.1rc479.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc479.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc488.dist-info/METADATA,sha256=YzozXNG0W7es94FZSYSMBbZPR1DPRh0cv5gM4wIuLTo,2346
+qontract_reconcile-0.10.1rc488.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+qontract_reconcile-0.10.1rc488.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
+qontract_reconcile-0.10.1rc488.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc488.dist-info/RECORD,,

reconcile/aus/base.py

@@ -163,7 +163,7 @@ class AdvancedUpgradeSchedulerBaseIntegration(
             self.process_upgrade_policies_in_org(dry_run, org_upgrade_spec)
         else:
             logging.debug(
-                f"Skip org {org_name} in {ocm_env} because it defines no upgrade policies"
+                f"Skip org {org_upgrade_spec.org.org_id}/{org_name} in {ocm_env} because it defines no upgrade policies"
             )
 
     def get_upgrade_specs(self) -> dict[str, dict[str, OrganizationUpgradeSpec]]:
@@ -729,7 +729,7 @@ def gates_for_minor_version(
 
 def gates_to_agree(
     gates: list[OCMVersionGate],
-    cluster_id: str,
+    cluster: OCMCluster,
     ocm_api: OCMBaseClient,
 ) -> list[OCMVersionGate]:
     """Check via OCM if a version is agreed
@@ -750,12 +750,18 @@ def gates_to_agree(
         #       once we have proper and secure handling get gate agreements for STS clusters, we can use this condition:
         #       `and (not g.sts_only or g.sts_only == cluster.is_sts())`
         if not g.sts_only
+        # consider only gates after the clusters current minor version
+        # OCM onls supports creating gate agreements for later minor versions than the
+        # current cluster version
+        and semver.match(
+            f"{cluster.minor_version()}.0", f"<{g.version_raw_id_prefix}.0"
+        )
     ]
 
     if applicable_gates:
         current_agreements = {
             agreement["version_gate"]["id"]
-            for agreement in get_version_agreement(ocm_api, cluster_id)
+            for agreement in get_version_agreement(ocm_api, cluster.id)
         }
         return [gate for gate in applicable_gates if gate.id not in current_agreements]
     return []
@@ -806,18 +812,18 @@ def verify_current_should_skip(
         next_run = current.next_run
         if next_run and datetime.strptime(next_run, "%Y-%m-%dT%H:%M:%SZ") < now:
             logging.warning(
-                f"[{desired.org.org_id}/{desired.cluster.name}] currently upgrading to blocked version '{version}'"
+                f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] currently upgrading to blocked version '{version}'"
             )
             return True, None
         logging.debug(
-            f"[{desired.org.org_id}/{desired.cluster.name}] found planned upgrade policy "
+            f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] found planned upgrade policy "
             + f"with blocked version {version}"
         )
         return False, UpgradePolicyHandler(action="delete", policy=current)
 
     # else
     logging.debug(
-        f"[{desired.org.org_id}/{desired.cluster.name}] skipping cluster with existing upgrade policy"
+        f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster with existing upgrade policy"
     )
     return True, None
 
@@ -849,7 +855,7 @@ def verify_schedule_should_skip(
         within_upgrade_timeframe = next_schedule_in_seconds / 60 <= 10
     if not within_upgrade_timeframe:
         logging.debug(
-            f"[{desired.org.org_id}/{desired.cluster.name}] skipping cluster with no upcoming upgrade"
+            f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster with no upcoming upgrade"
         )
         return None
     return next_schedule.strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -862,7 +868,7 @@ def verify_lock_should_skip(
     if any(lock in locked for lock in mutexes):
         locking = {lock: locked[lock] for lock in mutexes if lock in locked}
         logging.debug(
-            f"[{desired.org.org_id}/{desired.cluster.name}] skipping cluster: locked out by {locking}"
+            f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster: locked out by {locking}"
         )
         return True
     return False
@@ -1003,7 +1009,8 @@ def calculate_diff(
             else:
                 target_version_prefix = get_version_prefix(version)
                 minor_version_gates = gates_for_minor_version(
-                    gates, target_version_prefix
+                    gates=gates,
+                    target_version_prefix=target_version_prefix,
                 )
                 # skipping upgrades when there are no version gates is a safety
                 # precaution to prevent cluster upgrades being scheduled.
@@ -1013,7 +1020,7 @@ def calculate_diff(
                 # this might change in the future - revisite for 4.16
                 if not minor_version_gates:
                     logging.debug(
-                        f"[{spec.org.org_id}/{spec.cluster.name}] no gates found for {target_version_prefix}. "
+                        f"[{spec.org.org_id}/{spec.org.name}/{spec.cluster.name}] no gates found for {target_version_prefix}. "
                         "Skip creation of an upgrade policy."
                     )
                     continue
@@ -1025,7 +1032,7 @@ def calculate_diff(
                             GateAgreement(gate=g)
                             for g in gates_to_agree(
                                 minor_version_gates,
-                                spec.cluster.id,
+                                spec.cluster,
                                 ocm_api,
                             )
                         ],

reconcile/aws_version_sync/integration.py

@@ -29,6 +29,7 @@ from reconcile.gql_definitions.aws_version_sync.clusters import query as cluster
 from reconcile.gql_definitions.aws_version_sync.namespaces import (
     AWSAccountV1,
     NamespaceTerraformProviderResourceAWSV1,
+    NamespaceTerraformResourceElastiCacheV1,
     NamespaceTerraformResourceRDSV1,
     NamespaceV1,
 )
@@ -73,6 +74,8 @@ class ExternalResource(BaseModel):
     resource_identifier: str
     resource_engine: str
     resource_engine_version: semver.VersionInfo
+    # used to map AWS cache name to resource_identifier
+    redis_replication_group_id: str | None = None
 
     class Config:
         arbitrary_types_allowed = True
@@ -98,6 +101,8 @@ class ExternalResource(BaseModel):
 
 AwsExternalResources = list[ExternalResource]
 AppInterfaceExternalResources = list[ExternalResource]
+UidAndReplicationGroupId = tuple[str, str]
+ReplicationGroupIdToIdentifier = dict[UidAndReplicationGroupId, str]
 
 
 class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
@@ -147,6 +152,7 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
         self,
         clusters: Iterable[ClusterV1],
         timeout: int,
+        elasticache_replication_group_id_to_identifier: ReplicationGroupIdToIdentifier,
         prom_get_func: Callable = prom_get,
     ) -> list[ExternalResource]:
         metrics: list[ExternalResource] = []
@@ -158,6 +164,7 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
                 else None
             )
             try:
+                # RDS resources
                 metrics += [
                     ExternalResource(
                         provider="aws",
@@ -170,8 +177,36 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
                         resource_engine_version=m["engine_version"],
                     )
                     for m in prom_get_func(
-                        cluster.prometheus_url,
-                        {"query": "aws_resources_exporter_rds_engineversion"},
+                        url=cluster.prometheus_url,
+                        params={"query": "aws_resources_exporter_rds_engineversion"},
+                        token=token,
+                        timeout=timeout,
+                    )
+                ]
+                # ElastiCache resources
+                metrics += [
+                    ExternalResource(
+                        provider="aws",
+                        provisioner=ExternalResourceProvisioner(
+                            uid=m["aws_account_id"]
+                        ),
+                        resource_provider="elasticache",
+                        # replication_group_id != resource_identifier!
+                        resource_identifier=elasticache_replication_group_id_to_identifier.get(
+                            (
+                                m["aws_account_id"],
+                                m["replication_group_id"],
+                            ),
+                            m["replication_group_id"],
+                        ),
+                        resource_engine=m["engine"],
+                        resource_engine_version=m["engine_version"],
+                    )
+                    for m in prom_get_func(
+                        url=cluster.prometheus_url,
+                        params={
+                            "query": "aws_resources_exporter_elasticache_redisversion"
+                        },
                         token=token,
                         timeout=timeout,
                     )
@@ -202,7 +237,11 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
                         continue
 
                     # make mypy happy
-                    assert isinstance(resource, NamespaceTerraformResourceRDSV1)
+                    assert isinstance(
+                        resource,
+                        NamespaceTerraformResourceElastiCacheV1
+                        | NamespaceTerraformResourceRDSV1,
+                    )
 
                     values = {}
                     # get/set the defaults file values from/to cache
@@ -214,6 +253,13 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
                             )
                             _defaults_cache[resource.defaults] = values
                     values = override_values(values, resource.overrides)
+                    if resource.provider.lower() == "elasticache" and values[
+                        "engine_version"
+                    ].lower().endswith("x"):
+                        # see https://gitlab.cee.redhat.com/service/app-interface/-/blob/master/docs/app-sre/sop/upgrade-redis-minor-version.md
+                        # minor version not managed by app-interface anymore. skip it
+                        continue
+
                     external_resources.append(
                         ExternalResource(
                             namespace_file=ns.path,
@@ -225,6 +271,11 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
                             resource_identifier=resource.identifier,
                             resource_engine=values["engine"],
                             resource_engine_version=values["engine_version"],
+                            redis_replication_group_id=values.get(
+                                "replication_group_id", resource.identifier
+                            )
+                            if resource.provider.lower() == "elasticache"
+                            else None,
                         )
                     )
 
@@ -268,7 +319,7 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
                 resource_provider=app_interface_resource.resource_provider,
                 resource_identifier=app_interface_resource.resource_identifier,
                 resource_engine=app_interface_resource.resource_engine,
-                resource_engine_version=aws_resource.resource_engine_version,
+                resource_engine_version=str(aws_resource.resource_engine_version),
             )
 
     @defer
@@ -303,15 +354,24 @@ class AVSIntegration(QontractReconcileIntegration[AVSIntegrationParams]):
             gql_api.query,
             self.params.aws_resource_exporter_clusters,
         )
-        external_resources_aws = self.get_aws_metrics(
-            aws_resource_exporter_clusters,
-            timeout=self.params.prometheus_timeout,
-        )
         external_resources_app_interface = self.get_external_resource_specs(
             gql_api.get_resource,
             namespaces,
             supported_providers=self.params.supported_providers,
         )
+        external_resources_aws = self.get_aws_metrics(
+            aws_resource_exporter_clusters,
+            timeout=self.params.prometheus_timeout,
+            elasticache_replication_group_id_to_identifier={
+                (
+                    external_resource.provisioner.uid,
+                    external_resource.redis_replication_group_id,
+                ): external_resource.resource_identifier
+                for external_resource in external_resources_app_interface
+                if external_resource.redis_replication_group_id
+            },
+        )
+
         self.reconcile(
             merge_request_manager=merge_request_manager,
             external_resources_aws=external_resources_aws,

reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py

@@ -222,7 +222,7 @@ class MergeRequestManager:
             resource_engine_version=resource_engine_version,
         )
         title = self._renderer.render_title(resource_identifier=resource_identifier)
-        logging.info("Open MR for %s", resource_identifier)
+        logging.info("Open MR for %s (%s)", resource_identifier, resource_engine)
         mr_labels = [AVS_LABEL]
         if self._auto_merge_enabled:
             mr_labels.append(AUTO_MERGE)

reconcile/cli.py

@@ -1661,7 +1661,7 @@ def ldap_groups(ctx):
 )
 @click.option(
     "--supported-providers",
-    help="A comma seperated list of supported external resource providers to operator on. Default: rds",
+    help="A comma seperated list of supported external resource providers to operator on. Default: rds, elasticache",
     required=False,
     envvar="AVS_SUPPORTED_PROVIDERS",
 )
@@ -1692,7 +1692,7 @@ def aws_version_sync(
                 ),
                 supported_providers=supported_providers.split(",")
                 if supported_providers
-                else ["rds"],
+                else ["rds", "elasticache"],
                 clusters=clusters.split(",") if clusters else [],
                 prometheus_timeout=int(prometheus_timeout)
                 if prometheus_timeout

reconcile/gql_definitions/aws_version_sync/namespaces.py

@@ -42,6 +42,11 @@ query AVSNamespaces {
             defaults
             overrides
           }
+          ... on NamespaceTerraformResourceElastiCache_v1 {
+            identifier
+            defaults
+            overrides
+          }
         }
       }
     }
@@ -87,8 +92,14 @@ class NamespaceTerraformResourceRDSV1(NamespaceTerraformResourceAWSV1):
     overrides: Optional[Json] = Field(..., alias="overrides")
 
 
+class NamespaceTerraformResourceElastiCacheV1(NamespaceTerraformResourceAWSV1):
+    identifier: str = Field(..., alias="identifier")
+    defaults: str = Field(..., alias="defaults")
+    overrides: Optional[Json] = Field(..., alias="overrides")
+
+
 class NamespaceTerraformProviderResourceAWSV1(NamespaceExternalResourceV1):
-    resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
+    resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
 
 
 class DisableClusterAutomationsV1(ConfiguredBaseModel):

reconcile/openshift_resources_base.py

@@ -224,7 +224,6 @@ NAMESPACES_QUERY = """
 QONTRACT_INTEGRATION = "openshift_resources_base"
 QONTRACT_INTEGRATION_VERSION = make_semver(1, 9, 2)
 QONTRACT_BASE64_SUFFIX = "_qb64"
-APP_INT_BASE_URL = "https://gitlab.cee.redhat.com/service/app-interface"
 KUBERNETES_SECRET_DATA_KEY_RE = "^[-._a-zA-Z0-9]+$"
 
 _log_lock = Lock()
@@ -536,6 +535,9 @@ def fetch_provider_resource(
 
     if add_path_to_prom_rules:
         if body["kind"] == "PrometheusRule":
+            app_int_base_url = "https://gitlab.cee.redhat.com/service/app-interface"
+            if settings and "repoUrl" in settings:
+                app_int_base_url = settings["repoUrl"]
             try:
                 groups = body["spec"]["groups"]
                 for group in groups:
@@ -544,9 +546,8 @@ def fetch_provider_resource(
                         annotations = rule.get("annotations")
                         if not annotations:
                             continue
-                        # TODO(mafriedm): make this better
                         rule["annotations"]["html_url"] = (
-                            f"{APP_INT_BASE_URL}/blob/master/resources{path}"
+                            f"{app_int_base_url}/blob/master/resources{path}"
                         )
             except Exception:
                 logging.warning(

reconcile/utils/ocm/base.py

@@ -8,6 +8,7 @@ from typing import (
     TypeVar,
 )
 
+import semver
 from pydantic import (
     BaseModel,
     Field,
@@ -188,6 +189,10 @@ class OCMCluster(BaseModel):
 
     external_configuration: Optional[OCMExternalConfiguration]
 
+    def minor_version(self) -> str:
+        version_info = semver.parse(self.version.raw_id)
+        return f"{version_info['major']}.{version_info['minor']}"
+
     def available_upgrades(self) -> list[str]:
         return self.version.available_upgrades
 

reconcile/utils/output.py

@@ -53,6 +53,8 @@ def format_table(content, columns, table_format="simple") -> str:
                     cell = "<br />".join(cell)
                 else:
                     cell = "\n".join(cell)
+            if table_format == "github" and isinstance(cell, str):
+                cell = cell.replace("|", "&#124;")
             row_data.append(cell)
         table_data.append(row_data)
     return tabulate(table_data, headers=headers, tablefmt=table_format)

reconcile/utils/terrascript_aws_client.py

@@ -2620,7 +2620,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
         if "subscriptions" in common_values.keys():
             subscriptions = common_values.get("subscriptions")
-            for sub in subscriptions:
+            for index, sub in enumerate(subscriptions):
                 sub_values = {}
                 sub_values["topic_arn"] = "${aws_sns_topic" + "." + identifier + ".arn}"
                 protocol = sub["protocol"]
@@ -2630,7 +2630,11 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                     raise ValueError(msg)
                 sub_values["protocol"] = protocol
                 sub_values["endpoint"] = endpoint
-                sub_identifier = f"{identifier}_{protocol}_aws_sns_topic_subscription"
+                # append suffix only in case there are multiple subscriptions
+                suffix = f"_{index + 1}" if len(subscriptions) > 1 else ""
+                sub_identifier = (
+                    f"{identifier}_{protocol}_aws_sns_topic_subscription{suffix}"
+                )
                 sub_tf_resource = aws_sns_topic_subscription(
                     sub_identifier, **sub_values
                 )
@@ -6018,6 +6022,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                     "${aws_cloudwatch_log_group.waf_log_group.arn}"
                 ],
                 resource_arn="${aws_wafv2_web_acl.api_waf.arn}",
+                redacted_fields={"single_header": {"name": "authorization"}},
             )
         )
 

tools/qontract_cli.py

@@ -2347,7 +2347,7 @@ def cluster_admin(ctx, org_name, cluster_name):
 
 
 @root.group()
-@environ(["APP_INTERFACE_STATE_BUCKET", "APP_INTERFACE_STATE_BUCKET_ACCOUNT"])
+@environ(["APP_INTERFACE_STATE_BUCKET"])
 @click.pass_context
 def state(ctx):
     pass