PyPI - qontract-reconcile - Versions diffs - 0.10.1rc506__py3-none-any.whl → 0.10.1rc507__py3-none-any.whl - Mend

qontract-reconcile 0.10.1rc506py3-none-any.whl → 0.10.1rc507py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

{qontract_reconcile-0.10.1rc506.dist-info → qontract_reconcile-0.10.1rc507.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc506
+Version: 0.10.1rc507
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc506.dist-info → qontract_reconcile-0.10.1rc507.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,6 @@
 reconcile/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/acs_rbac.py,sha256=Jr9qIR1VjH16xpADZqjkigqsDW7iDnMD9nn7GxU4z0Y,23828
+reconcile/acs_policies.py,sha256=Mop44Z5T0DxXghme13ZVvy1hr5KphZKzc_ZevxAJBQ0,8784
+reconcile/acs_rbac.py,sha256=YoKu5wTRTtb3EGT0PV3r279LDgvw2ECb-0_0j4suScg,23032
 reconcile/aws_ami_share.py,sha256=eeu0TI3M5yyUaozyAq_aW3tir-9be4YFguOXvIvKHSo,3757
 reconcile/aws_ecr_image_pull_secrets.py,sha256=TGEc_0nv8oxV2HqA8VdcM4HHP-B1YqmNOOU6FPwVFTY,2328
 reconcile/aws_garbage_collector.py,sha256=ddwU8IKTueAJc0TzymcREr7hcoVui9kOGvdH1B2EcuM,450
@@ -8,7 +9,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=bI6iACTMbjI3hngvhIl1L6PqY-k2XfkVunLV95yGPSk,82112
+reconcile/cli.py,sha256=3IRugyi6JemMe5RhL5gGiAycQHdFb-9hB989BeT2Tw0,82390
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -165,6 +166,7 @@ reconcile/glitchtip_project_dsn/integration.py,sha256=PlOsRaaftzODZE_uf1I-XSM732
 reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
+reconcile/gql_definitions/acs/acs_policies.py,sha256=Z6Z7duvS9W4cbciBED4oK40Vg9QyYti3zXvoEXM-fak,4422
 reconcile/gql_definitions/acs/acs_rbac.py,sha256=cZsIlCWliPQdQHgmBsIMx54fJNOtkdRXLzmOKZmJNHk,3009
 reconcile/gql_definitions/advanced_upgrade_service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py,sha256=2-OnknXDUI2pnZknEmjzMPBXUpWStoE32lpQQStobao,4221
@@ -368,7 +370,8 @@ reconcile/templates/jira-checkpoint-missinginfo.j2,sha256=c_Vvg-lEENsB3tgxm9B6Y9
 reconcile/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/test/conftest.py,sha256=rQousYrxUz-EwAIbsYO6bIwR1B4CrOz9y_zaUVo2lfI,4466
 reconcile/test/fixtures.py,sha256=9SDWAUlSd1rCx7z3GhULHcpr-I6FyCsXxaFAZIqYQsQ,591
-reconcile/test/test_acs_rbac.py,sha256=BADHTYfXBkoge5Tl4DOoh3pwU7EsN4yzLIy3gNQ8XHM,28409
+reconcile/test/test_acs_policies.py,sha256=52pZXzsLZXsvWoFW7IgP1nGjQw9a2Pd3axjfRHWUUfc,15083
+reconcile/test/test_acs_rbac.py,sha256=lvNd8GY0-GHzcOdOn13QWdrqbBXXKzNT7EEDHNH7cjM,28272
 reconcile/test/test_aggregated_list.py,sha256=iiWitQuNYC58aimWaiBoE4NROHjr1NCgQ91MnHEG_Ro,6412
 reconcile/test/test_amtool.py,sha256=vxRhGieeydMBOb9UI2ziMHjJa8puMeGNsUhGhy-yMnk,1032
 reconcile/test/test_aws_ami_cleanup.py,sha256=cHumkZD33vIIblNbrMKNCva-WeE3sMv8kiFA0A96wwk,8733
@@ -502,7 +505,6 @@ reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py,sha2
 reconcile/typed_queries/terraform_tgw_attachments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/typed_queries/terraform_tgw_attachments/aws_accounts.py,sha256=T5HSeyBcGKP-LzDmIzs-WlBwOtSenYpm0Odw5--xdOg,410
 reconcile/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/utils/acs_api.py,sha256=AworbL61gIzw1asDaz0A1qbuZ2QDupF_EfrjQhXCCc8,10020
 reconcile/utils/aggregated_list.py,sha256=pkYoBj7WwmaNgEefETqEOFTnQMcUzHE3mdsVdzGYj60,3372
 reconcile/utils/amtool.py,sha256=JV5-to_e_FaIcvJWTKYA9d6L3LwzwijM0MjUWn83eD4,2204
 reconcile/utils/aws_api.py,sha256=I6a_-aW1ptL8287I-6GnAdtavjjYMMsMeNHMT3WwA_I,65033
@@ -655,8 +657,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=d18KrdhtUGqoC7_kWZU128U0-VJEj-0rjFkLVufcI6I,2755
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc506.dist-info/METADATA,sha256=KyLQsQavGHDzRLeLyPUb8Y6hrFFEPByFL1Q6XNifBfQ,2349
-qontract_reconcile-0.10.1rc506.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-qontract_reconcile-0.10.1rc506.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
-qontract_reconcile-0.10.1rc506.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc506.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc507.dist-info/METADATA,sha256=MFhlaeZXsE2DxlrU5_8jeDSAc67WNz_TKbo_tydbkmE,2349
+qontract_reconcile-0.10.1rc507.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+qontract_reconcile-0.10.1rc507.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
+qontract_reconcile-0.10.1rc507.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc507.dist-info/RECORD,,

reconcile/acs_policies.py ADDED Viewed

@@ -0,0 +1,232 @@
+import logging
+from collections.abc import Callable
+from typing import cast
+import reconcile.gql_definitions.acs.acs_policies as gql_acs_policies
+from reconcile.gql_definitions.acs.acs_policies import (
+    AcsPolicyConditionsV1,
+    AcsPolicyV1,
+)
+from reconcile.typed_queries.app_interface_vault_settings import (
+    get_app_interface_vault_settings,
+)
+from reconcile.utils import gql
+from reconcile.utils.acs.policies import AcsPolicyApi, Policy, PolicyCondition, Scope
+from reconcile.utils.differ import diff_iterables
+from reconcile.utils.runtime.integration import (
+    NoParams,
+    QontractReconcileIntegration,
+)
+from reconcile.utils.secret_reader import create_secret_reader
+from reconcile.utils.semver_helper import make_semver
+# proceeding constants map schema enum values to corresponding acs api defaults
+POLICY_CATEGORIES = {
+    "anomalous-activity": "Anomalous Activity",
+    "devops-best-practices": "DevOps Best Practices",
+    "kubernetes": "Kubernetes",
+    "privileges": "Privileges",
+    "security-best-practices": "Security Best Practices",
+    "vulnerability-management": "Vulnerability Management",
+}
+POLICY_CONDITION_COMPARISONS = {
+    "gt": ">",
+    "gte": ">=",
+    "eq": "",
+    "lt": "<",
+    "lte": "<=",
+}
+POLICY_CONDITION_FIELD_NAMES = {
+    "cvss": "CVSS",
+    "severity": "Severity",
+    "imageTag": "Image Tag",
+    "imageAge": "Image Age",
+    "cve": "Fixable",
+}
+class AcsPoliciesIntegration(QontractReconcileIntegration[NoParams]):
+    def __init__(self) -> None:
+        super().__init__(NoParams())
+        self.qontract_integration = "acs_policies"
+        self.qontract_integration_version = make_semver(0, 1, 0)
+    @property
+    def name(self) -> str:
+        return self.qontract_integration.replace("_", "-")
+    def _build_policy(
+        self, gql_policy: AcsPolicyV1, notifier_name_to_id: dict[str, str]
+    ) -> Policy:
+        conditions = [
+            pc for c in gql_policy.conditions if (pc := self._build_policy_condition(c))
+        ]
+        return Policy(
+            name=gql_policy.name,
+            description=gql_policy.description,
+            notifiers=sorted([notifier_name_to_id[n] for n in gql_policy.notifiers])
+            if gql_policy.notifiers
+            else [],
+            severity=f"{gql_policy.severity.upper()}_SEVERITY",  # align with acs api severity value format
+            scope=sorted(
+                [
+                    Scope(cluster=cs.name, namespace="")
+                    for cs in cast(
+                        gql_acs_policies.AcsPolicyScopeClusterV1,
+                        gql_policy.scope,
+                    ).clusters
+                ],
+                key=lambda s: s.cluster,
+            )
+            if gql_policy.scope.level == "cluster"
+            else sorted(
+                [
+                    Scope(cluster=ns.cluster.name, namespace=ns.name)
+                    for ns in cast(
+                        gql_acs_policies.AcsPolicyScopeNamespaceV1,
+                        gql_policy.scope,
+                    ).namespaces
+                ],
+                key=lambda s: s.cluster,
+            ),
+            categories=sorted([POLICY_CATEGORIES[pc] for pc in gql_policy.categories]),
+            conditions=conditions,
+        )
+    def _build_policy_condition(
+        self, condition: AcsPolicyConditionsV1
+    ) -> PolicyCondition | None:
+        field_name = POLICY_CONDITION_FIELD_NAMES[condition.policy_field]
+        match condition.policy_field:
+            case "cvss":
+                cvss_condition = cast(
+                    gql_acs_policies.AcsPolicyConditionsCvssV1, condition
+                )
+                return PolicyCondition(
+                    field_name=field_name,
+                    negate=False,
+                    values=[
+                        f"{POLICY_CONDITION_COMPARISONS[cvss_condition.comparison]}{cvss_condition.score}"
+                    ],
+                )
+            case "severity":
+                severity_condition = cast(
+                    gql_acs_policies.AcsPolicyConditionsSeverityV1, condition
+                )
+                return PolicyCondition(
+                    field_name=field_name,
+                    negate=False,
+                    values=[
+                        f"{POLICY_CONDITION_COMPARISONS[severity_condition.comparison]}{severity_condition.level.upper()}"
+                    ],
+                )
+            case "cve":
+                cve_condition = cast(
+                    gql_acs_policies.AcsPolicyConditionsCveV1, condition
+                )
+                return PolicyCondition(
+                    field_name=field_name,
+                    negate=False,
+                    values=[str(cve_condition.fixable).lower()],
+                )
+            case "image_tag":
+                image_tag_condition = cast(
+                    gql_acs_policies.AcsPolicyConditionsImageTagV1, condition
+                )
+                return PolicyCondition(
+                    field_name=field_name,
+                    # negate utilized to enforce policy in which image tag should not be any
+                    # defined in list of values
+                    negate=image_tag_condition.negate or False,
+                    values=image_tag_condition.tags,
+                )
+            case "image_age":
+                image_age_condition = cast(
+                    gql_acs_policies.AcsPolicyConditionsImageAgeV1, condition
+                )
+                return PolicyCondition(
+                    field_name=field_name,
+                    negate=False,
+                    values=[str(image_age_condition.days)],
+                )
+            case _:
+                logging.warning(
+                    "unsupported policyField encountered: %s", condition.policy_field
+                )
+                return None
+    def get_desired_state(
+        self, query_func: Callable, notifiers: list[AcsPolicyApi.NotifierIdentifiers]
+    ) -> list[Policy]:
+        """
+        Get desired ACS security policies and convert to acs api policy object format
+        :param query_func: function which queries GQL server
+        :return: list of utils.acs.policies.Policy derived from acs-policy-1 definitions
+        """
+        notifier_name_to_id = {n.name: n.id for n in notifiers}
+        return [
+            self._build_policy(gql_policy, notifier_name_to_id)
+            for gql_policy in gql_acs_policies.query(query_func=query_func).acs_policies
+            or []
+        ]
+    def reconcile(
+        self,
+        desired: list[Policy],
+        current: list[Policy],
+        acs: AcsPolicyApi,
+        dry_run: bool,
+    ) -> None:
+        errors = []
+        diff = diff_iterables(current=current, desired=desired, key=lambda x: x.name)
+        for a in diff.add.values():
+            logging.info("Create policy: %s", a.name)
+            if not dry_run:
+                try:
+                    acs.create_or_update_policy(desired=a)
+                except Exception as e:
+                    errors.append(e)
+        if diff.delete or diff.change:
+            policy_id_by_name = {p["name"]: p["id"] for p in acs.list_custom_policies()}
+            for d in diff.delete.values():
+                logging.info("Delete policy: %s", d.name)
+                if not dry_run:
+                    try:
+                        acs.delete_policy(policy_id_by_name[d.name])
+                    except Exception as e:
+                        errors.append(e)
+            for c in diff.change.values():
+                logging.info("Update policy: %s", c.desired.name)
+                if not dry_run:
+                    try:
+                        acs.create_or_update_policy(
+                            desired=c.desired, id=policy_id_by_name[c.current.name]
+                        )
+                    except Exception as e:
+                        errors.append(e)
+        if errors:
+            raise ExceptionGroup("Reconcile errors occurred", errors)
+    def run(
+        self,
+        dry_run: bool,
+    ) -> None:
+        gqlapi = gql.get_api()
+        instance = AcsPolicyApi.get_acs_instance(gqlapi.query)
+        vault_settings = get_app_interface_vault_settings()
+        secret_reader = create_secret_reader(use_vault=vault_settings.vault)
+        token = secret_reader.read_all_secret(instance.credentials)
+        with AcsPolicyApi(
+            instance={"url": instance.url, "token": token[instance.credentials.field]}
+        ) as acs_api:
+            notifiers = acs_api.list_notifiers()
+            desired = self.get_desired_state(gqlapi.query, notifiers)
+            current = acs_api.get_custom_policies()
+            self.reconcile(
+                desired=desired, current=current, acs=acs_api, dry_run=dry_run
+            )

reconcile/acs_rbac.py CHANGED Viewed

@@ -8,24 +8,17 @@ from typing import (
 from pydantic import BaseModel
-from reconcile.gql_definitions.acs.acs_instances import AcsInstanceV1
-from reconcile.gql_definitions.acs.acs_instances import query as acs_instances_query
 from reconcile.gql_definitions.acs.acs_rbac import OidcPermissionAcsV1
 from reconcile.gql_definitions.acs.acs_rbac import query as acs_rbac_query
 from reconcile.typed_queries.app_interface_vault_settings import (
     get_app_interface_vault_settings,
 )
 from reconcile.utils import gql
-from reconcile.utils.acs_api import (
-    AcsApi,
-    Group,
-    RbacResources,
-)
+from reconcile.utils.acs.rbac import AcsRbacApi, Group, RbacResources
 from reconcile.utils.differ import (
     DiffPair,
     diff_iterables,
 )
-from reconcile.utils.exceptions import AppInterfaceSettingsError
 from reconcile.utils.runtime.integration import (
     NoParams,
     QontractReconcileIntegration,
@@ -143,20 +136,6 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
     def name(self) -> str:
         return self.qontract_integration.replace("_", "-")
-    def get_acs_instance(self, query_func: Callable) -> AcsInstanceV1:
-        """
-        Get an ACS instance
-        :param query_func: function which queries GQL Server
-        """
-        if instances := acs_instances_query(query_func=query_func).instances:
-            # mirroring logic for gitlab instances
-            # current assumption is for appsre to only utilize one instance
-            if len(instances) != 1:
-                raise AppInterfaceSettingsError("More than one ACS instance found!")
-            return instances[0]
-        raise AppInterfaceSettingsError("No ACS instance found!")
     def get_desired_state(self, query_func: Callable) -> list[AcsRole]:
         """
         Get desired ACS roles and associated users from App Interface
@@ -255,7 +234,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
     def add_rbac_for_role(
         self,
         role: AcsRole,
-        acs: AcsApi,
+        acs: AcsRbacApi,
         admin_access_scope_id: str,
         permission_set_id: str,
         auth_id: str,
@@ -298,7 +277,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         if not dry_run:
             additions = [
-                AcsApi.GroupAdd(
+                AcsRbacApi.GroupAdd(
                     role_name=role.name,
                     key=a.key,
                     value=a.value,
@@ -317,7 +296,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         self,
         to_add: dict[str, AcsRole],
         rbac_api_resources: RbacResources,
-        acs: AcsApi,
+        acs: AcsRbacApi,
         auth_id: str,
         dry_run: bool,
     ) -> list[Exception]:
@@ -351,7 +330,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
     def delete_rbac_for_role(
         self,
         role: AcsRole,
-        acs: AcsApi,
+        acs: AcsRbacApi,
         access_scope_id: str,
         admin_access_scope_id: str,
         groups: list[Group],
@@ -394,7 +373,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         self,
         to_delete: dict[str, AcsRole],
         rbac_api_resources: RbacResources,
-        acs: AcsApi,
+        acs: AcsRbacApi,
         auth_id: str,
         dry_run: bool,
     ) -> list[Exception]:
@@ -430,7 +409,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
     def update_rbac_for_role(
         self,
         role_diff_pair: DiffPair[AcsRole, AcsRole],
-        acs: AcsApi,
+        acs: AcsRbacApi,
         role_group_mappings: dict[str, dict[str, Group]],
         access_scope_id: str,
         permission_set_id: str,
@@ -465,7 +444,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
                 for d in diff.delete.values()
             ]
             new = [
-                AcsApi.GroupAdd(
+                AcsRbacApi.GroupAdd(
                     role_name=role_diff_pair.desired.name,
                     key=a.key,
                     value=a.value,
@@ -513,7 +492,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         self,
         to_update: dict[str, DiffPair[AcsRole, AcsRole]],
         rbac_api_resources: RbacResources,
-        acs: AcsApi,
+        acs: AcsRbacApi,
         auth_id: str,
         dry_run: bool,
     ) -> list[Exception]:
@@ -558,7 +537,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         desired: list[AcsRole],
         current: list[AcsRole],
         rbac_api_resources: RbacResources,
-        acs: AcsApi,
+        acs: AcsRbacApi,
         auth_provider_id: str,
         dry_run: bool,
     ) -> None:
@@ -602,7 +581,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         dry_run: bool,
     ) -> None:
         gqlapi = gql.get_api()
-        instance = self.get_acs_instance(gqlapi.query)
+        instance = AcsRbacApi.get_acs_instance(gqlapi.query)
         vault_settings = get_app_interface_vault_settings()
         secret_reader = create_secret_reader(use_vault=vault_settings.vault)
@@ -610,7 +589,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
         desired = self.get_desired_state(gqlapi.query)
-        with AcsApi(
+        with AcsRbacApi(
             instance={"url": instance.url, "token": token[instance.credentials.field]}
         ) as acs_api:
             rbac_api_resources = acs_api.get_rbac_resources()

reconcile/cli.py CHANGED Viewed

@@ -2952,6 +2952,17 @@ def acs_rbac(ctx):
     )
+@integration.command(short_help="Manages RHACS security policy configurations")
+@click.pass_context
+def acs_policies(ctx):
+    from reconcile import acs_policies
+    run_class_integration(
+        integration=acs_policies.AcsPoliciesIntegration(),
+        ctx=ctx.obj,
+    )
 def get_integration_cli_meta() -> dict[str, IntegrationMeta]:
     """
     returns all integrations known to cli.py via click introspection

reconcile/gql_definitions/acs/acs_policies.py ADDED Viewed

@@ -0,0 +1,159 @@
+"""
+Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+"""
+from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
+from datetime import datetime  # noqa: F401 # pylint: disable=W0611
+from enum import Enum  # noqa: F401 # pylint: disable=W0611
+from typing import (  # noqa: F401 # pylint: disable=W0611
+    Any,
+    Optional,
+    Union,
+)
+from pydantic import (  # noqa: F401 # pylint: disable=W0611
+    BaseModel,
+    Extra,
+    Field,
+    Json,
+)
+DEFINITION = """
+query AcsPolicy {
+  acs_policies: acs_policy_v1 {
+   	name
+    description
+    severity
+    notifiers
+    categories
+    scope {
+      level
+      ... on AcsPolicyScopeCluster_v1 {
+				clusters {
+          name
+        }
+      }
+      ... on AcsPolicyScopeNamespace_v1 {
+       	namespaces {
+          name
+          cluster {
+            name
+          }
+        }
+      }
+    }
+	  conditions {
+      policyField
+      ... on AcsPolicyConditionsCvss_v1 {
+        comparison
+        score
+      }
+      ... on AcsPolicyConditionsSeverity_v1 {
+        comparison
+        level
+      }
+      ... on AcsPolicyConditionsCve_v1 {
+        fixable
+      }
+      ... on AcsPolicyConditionsImageTag_v1 {
+        tags
+        negate
+      }
+      ... on AcsPolicyConditionsImageAge_v1 {
+        days
+      }
+    }
+  }
+}
+"""
+class ConfiguredBaseModel(BaseModel):
+    class Config:
+        smart_union=True
+        extra=Extra.forbid
+class AcsPolicyScopeV1(ConfiguredBaseModel):
+    level: str = Field(..., alias="level")
+class ClusterV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+class AcsPolicyScopeClusterV1(AcsPolicyScopeV1):
+    clusters: list[ClusterV1] = Field(..., alias="clusters")
+class NamespaceV1_ClusterV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+class NamespaceV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+    cluster: NamespaceV1_ClusterV1 = Field(..., alias="cluster")
+class AcsPolicyScopeNamespaceV1(AcsPolicyScopeV1):
+    namespaces: list[NamespaceV1] = Field(..., alias="namespaces")
+class AcsPolicyConditionsV1(ConfiguredBaseModel):
+    policy_field: str = Field(..., alias="policyField")
+class AcsPolicyConditionsCvssV1(AcsPolicyConditionsV1):
+    comparison: str = Field(..., alias="comparison")
+    score: int = Field(..., alias="score")
+class AcsPolicyConditionsSeverityV1(AcsPolicyConditionsV1):
+    comparison: str = Field(..., alias="comparison")
+    level: str = Field(..., alias="level")
+class AcsPolicyConditionsCveV1(AcsPolicyConditionsV1):
+    fixable: bool = Field(..., alias="fixable")
+class AcsPolicyConditionsImageTagV1(AcsPolicyConditionsV1):
+    tags: list[str] = Field(..., alias="tags")
+    negate: Optional[bool] = Field(..., alias="negate")
+class AcsPolicyConditionsImageAgeV1(AcsPolicyConditionsV1):
+    days: int = Field(..., alias="days")
+class AcsPolicyV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+    description: Optional[str] = Field(..., alias="description")
+    severity: str = Field(..., alias="severity")
+    notifiers: Optional[list[str]] = Field(..., alias="notifiers")
+    categories: list[str] = Field(..., alias="categories")
+    scope: Union[AcsPolicyScopeClusterV1, AcsPolicyScopeNamespaceV1, AcsPolicyScopeV1] = Field(..., alias="scope")
+    conditions: list[Union[AcsPolicyConditionsCvssV1, AcsPolicyConditionsSeverityV1, AcsPolicyConditionsImageTagV1, AcsPolicyConditionsCveV1, AcsPolicyConditionsImageAgeV1, AcsPolicyConditionsV1]] = Field(..., alias="conditions")
+class AcsPolicyQueryData(ConfiguredBaseModel):
+    acs_policies: Optional[list[AcsPolicyV1]] = Field(..., alias="acs_policies")
+def query(query_func: Callable, **kwargs: Any) -> AcsPolicyQueryData:
+    """
+    This is a convenience function which queries and parses the data into
+    concrete types. It should be compatible with most GQL clients.
+    You do not have to use it to consume the generated data classes.
+    Alternatively, you can also mime and alternate the behavior
+    of this function in the caller.
+    Parameters:
+        query_func (Callable): Function which queries your GQL Server
+        kwargs: optional arguments that will be passed to the query function
+    Returns:
+        AcsPolicyQueryData: queried data parsed into generated classes
+    """
+    raw_data: dict[Any, Any] = query_func(DEFINITION, **kwargs)
+    return AcsPolicyQueryData(**raw_data)

qontract-reconcile 0.10.1rc506__py3-none-any.whl → 0.10.1rc507__py3-none-any.whl

qontract-reconcile 0.10.1rc506py3-none-any.whl → 0.10.1rc507py3-none-any.whl