qontract-reconcile 0.10.1rc516__py3-none-any.whl → 0.10.1rc518__py3-none-any.whl

{qontract_reconcile-0.10.1rc516.dist-info → qontract_reconcile-0.10.1rc518.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc516
+Version: 0.10.1rc518
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc516.dist-info → qontract_reconcile-0.10.1rc518.dist-info}/RECORD

@@ -114,7 +114,7 @@ reconcile/terraform_repo.py,sha256=c0GZFuY3rCm6VHjHqYbsgOHrEkRWKF_1LrMThsn2XDw,1
 reconcile/terraform_resources.py,sha256=x5Do4xBBhjJdIVRi0Gy4h-ryCCZ6kU7bT_iB0_mGing,17105
 reconcile/terraform_tgw_attachments.py,sha256=_g7QSHM03YZzTU7O189S4HYtUn7WmwOBq67G4AieU24,15298
 reconcile/terraform_users.py,sha256=kXRUxCUchKCP2dbXXOzctynqMii4oyCP6bYZHQTrlTg,10202
-reconcile/terraform_vpc_peerings.py,sha256=UoxjkOw_w5esHP2IeIsphxYPuhdvbDAfY97ubfnEH0g,25029
+reconcile/terraform_vpc_peerings.py,sha256=rnDH1u93OyzrBM8Hib0HwSnlxZtx4ScRQaZAcn3mx-k,25402
 reconcile/vault_replication.py,sha256=b23ZfsQwS470GMvPPv1E6TU8MLBg3HX31_9IvMzE1tk,17280
 reconcile/vpc_peerings_validator.py,sha256=Kv22HJVlTW9l9GB2eXwjPWqdDbr_VuvQBNPttox6s5o,7177
 reconcile/aus/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -375,7 +375,7 @@ reconcile/templates/jira-checkpoint-missinginfo.j2,sha256=c_Vvg-lEENsB3tgxm9B6Y9
 reconcile/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/test/conftest.py,sha256=rQousYrxUz-EwAIbsYO6bIwR1B4CrOz9y_zaUVo2lfI,4466
 reconcile/test/fixtures.py,sha256=9SDWAUlSd1rCx7z3GhULHcpr-I6FyCsXxaFAZIqYQsQ,591
-reconcile/test/test_acs_policies.py,sha256=52pZXzsLZXsvWoFW7IgP1nGjQw9a2Pd3axjfRHWUUfc,15083
+reconcile/test/test_acs_policies.py,sha256=2hioxQ1AlbtW-jerw9YiQ8aIb0YjFpzDFs1j6pvn-Nc,15133
 reconcile/test/test_acs_rbac.py,sha256=lvNd8GY0-GHzcOdOn13QWdrqbBXXKzNT7EEDHNH7cjM,28272
 reconcile/test/test_aggregated_list.py,sha256=iiWitQuNYC58aimWaiBoE4NROHjr1NCgQ91MnHEG_Ro,6412
 reconcile/test/test_amtool.py,sha256=vxRhGieeydMBOb9UI2ziMHjJa8puMeGNsUhGhy-yMnk,1032
@@ -444,7 +444,7 @@ reconcile/test/test_terraform_resources.py,sha256=1ny_QSFuRjV9jxZY8EeT4NVJ5dMv7c
 reconcile/test/test_terraform_tgw_attachments.py,sha256=cAq6exc-K-jtLla1CZUZQzVnBkyDnIlL7jybnddhLKc,36861
 reconcile/test/test_terraform_users.py,sha256=Xn4y6EcxnNQb6XcPoOhz_Ikxmh9Nrsu88OM1scN9hzY,5434
 reconcile/test/test_terraform_vpc_peerings.py,sha256=ubcsKh0TrUIwuI1-W3ETIgzsFvzAyeoFmEJFC-IK6JY,20538
-reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=Pyw8Jbp8lX5Tsk1yWZ0-4NJmwxqdwK1NnVYk6peLIQc,47440
+reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=DAfpb12I0PlqnuVUHK2vh4LH4d1OylT3H2GE_3TGZZI,47852
 reconcile/test/test_three_way_diff_strategy.py,sha256=2fjEqE2w4pIzKq18PRcADTSe01aGwsZfMGloU8xfNaE,3346
 reconcile/test/test_unleash.py,sha256=c1s_FRAZrAzzd3FbZrzHYjJzHELhoxPHBZnEzqsfMQg,6416
 reconcile/test/test_vault_replication.py,sha256=wlc4jm9f8P641UvvxIFFFc5_unJysNkOVrKJscjhQr0,16867
@@ -590,7 +590,7 @@ reconcile/utils/vaultsecretref.py,sha256=3Ed2uBy36TzSvL0B-l4FoWQqB2SbBKDKEuUPIO6
 reconcile/utils/vcs.py,sha256=o1r0n_IrU2El75CED_6sjR2GZGM-exuWsj5F7jONaMU,6779
 reconcile/utils/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/acs/base.py,sha256=Qih-xZ3RBJZEE291iHHlv7lUY6ShcAvSj1PA3_aTTnM,2276
-reconcile/utils/acs/policies.py,sha256=ucmvWhcu9I5uumOyFIr5POb64TqHNNJ8LutZWo2Jw7k,5099
+reconcile/utils/acs/policies.py,sha256=utDmFKb6pbBN3W6JFxRrlr9yFwL3aQurGDywaFGM6w0,5196
 reconcile/utils/acs/rbac.py,sha256=ugsLM9Pb7FbUbdq85E3VzXGMaB9ZovXob7tdWCxwqZ8,8808
 reconcile/utils/cloud_resource_best_practice/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/cloud_resource_best_practice/aws_rds.py,sha256=EvE6XKLsrZ531MJptKqPht2lOETrOjySTHXk6CzMgo0,2279
@@ -668,8 +668,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=d18KrdhtUGqoC7_kWZU128U0-VJEj-0rjFkLVufcI6I,2755
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc516.dist-info/METADATA,sha256=9Z_YOmiM3ChqwRNLidMapCItgS0rD5W6yekyzJehljo,2349
-qontract_reconcile-0.10.1rc516.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-qontract_reconcile-0.10.1rc516.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
-qontract_reconcile-0.10.1rc516.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc516.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc518.dist-info/METADATA,sha256=ZHIKdYpB_uP2Zw1T7VGzb55Zemh_NrefQFPc8opTj4Q,2349
+qontract_reconcile-0.10.1rc518.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+qontract_reconcile-0.10.1rc518.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
+qontract_reconcile-0.10.1rc518.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc518.dist-info/RECORD,,

reconcile/terraform_vpc_peerings.py

@@ -210,9 +210,11 @@ def build_desired_state_single_cluster(
             )
         )
         if requester_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"[{cluster_name}] could not find VPC ID for cluster"
+            logging.warning(
+                f"[{cluster_name}] could not find VPC ID for cluster. "
+                f"Skipping {peer_connection_provider} connection {peer_connection['name']}"
             )
+            continue
 
         requester = {
             "cidr_block": cluster_info["network"]["vpc"],
@@ -234,9 +236,11 @@ def build_desired_state_single_cluster(
             hcp_vpc_endpoint_sg=_private_hosted_control_plane(peer_cluster),
         )
         if accepter_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"[{peer_cluster_name}] could not find VPC ID for cluster"
+            logging.warning(
+                f"[{peer_cluster_name}] could not find VPC ID for cluster. "
+                f"Skipping {peer_info['provider']} connection {peer_info['name']}"
             )
+            continue
 
         requester["peer_owner_id"] = acc_aws["uid"]
         if acc_aws.get("assume_role"):
@@ -340,10 +344,11 @@ def build_desired_state_vpc_mesh_single_cluster(
         )
 
         if requester_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"{cluster} could not find VPC ID for cluster and "
-                f"peer account {account}"
+            logging.warning(
+                f"[{cluster}] could not find VPC ID for cluster and peer account {account}. "
+                f"Skipping {peer_connection_provider} connection {peer_connection['name']}"
             )
+            continue
 
         requester["vpc_id"] = requester_vpc_id
         requester["route_table_ids"] = requester_route_table_ids
@@ -478,9 +483,11 @@ def build_desired_state_vpc_single_cluster(
         )
 
         if requester_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"[{cluster}] could not find VPC ID for cluster"
+            logging.warning(
+                f"[{cluster}] could not find VPC ID for cluster. "
+                f"Skipping {peer_connection_provider} connection {peer_connection['name']}"
             )
+            continue
 
         requester["vpc_id"] = requester_vpc_id
         requester["route_table_ids"] = requester_route_table_ids

reconcile/test/test_acs_policies.py

@@ -129,7 +129,7 @@ def api_response_policies_summary() -> Any:
                 "severity": "HIGH_SEVERITY",
                 "notifiers": [JIRA_NOTIFIER_ID],
                 "disabled": False,
-                "lifecycleStages": ["BUILD"],
+                "lifecycleStages": ["BUILD", "DEPLOY"],
                 "lastUpdated": None,
                 "eventSource": "NOT_APPLICABLE",
                 "isDefault": False,
@@ -140,7 +140,7 @@ def api_response_policies_summary() -> Any:
                 "description": "image security policy violations of critical severity within app-sre namespaces",
                 "severity": "CRITICAL_SEVERITY",
                 "disabled": False,
-                "lifecycleStages": ["BUILD"],
+                "lifecycleStages": ["BUILD", "DEPLOY"],
                 "notifiers": [],
                 "lastUpdated": None,
                 "eventSource": "NOT_APPLICABLE",
@@ -152,7 +152,7 @@ def api_response_policies_summary() -> Any:
                 "description": "default policy that should not be included in reconcile",
                 "severity": "CRITICAL_SEVERITY",
                 "disabled": False,
-                "lifecycleStages": ["BUILD"],
+                "lifecycleStages": ["BUILD", "DEPLOY"],
                 "notifiers": [],
                 "lastUpdated": None,
                 "eventSource": "NOT_APPLICABLE",
@@ -171,7 +171,7 @@ def api_response_policies_specific() -> list[Any]:
             "description": "CVEs within app-sre clusters with CVSS score gte to 7 and fixable",
             "disabled": False,
             "categories": ["Vulnerability Management"],
-            "lifecycleStages": ["BUILD"],
+            "lifecycleStages": ["BUILD", "DEPLOY"],
             "eventSource": "NOT_APPLICABLE",
             "exclusions": [],
             "scope": [
@@ -211,7 +211,7 @@ def api_response_policies_specific() -> list[Any]:
             "description": "image security policy violations of critical severity within app-sre namespaces",
             "disabled": False,
             "categories": ["Vulnerability Management", "DevOps Best Practices"],
-            "lifecycleStages": ["BUILD"],
+            "lifecycleStages": ["BUILD", "DEPLOY"],
             "eventSource": "NOT_APPLICABLE",
             "exclusions": [],
             "scope": [

reconcile/test/test_terraform_vpc_peerings_build_desired_state.py

@@ -466,11 +466,10 @@ def test_c2c_no_vpc_in_aws(mocker):
 
     awsapi = MockAWSAPI()
 
-    with pytest.raises(sut.BadTerraformPeeringState) as ex:
-        sut.build_desired_state_single_cluster(
-            requester_cluster, ocm, awsapi, account_filter=None
-        )
-    assert str(ex.value).endswith("could not find VPC ID for cluster")
+    desired_state = sut.build_desired_state_single_cluster(
+        requester_cluster, ocm, awsapi, account_filter=None
+    )
+    assert desired_state == []
 
 
 def test_c2c_no_peer_account(mocker):
@@ -936,10 +935,10 @@ class TestBuildDesiredStateVpcMeshSingleCluster(testslide.TestCase):
             None,
         )).and_assert_called_once()
 
-        with self.assertRaises(sut.BadTerraformPeeringState):
-            sut.build_desired_state_vpc_mesh_single_cluster(
-                self.cluster, self.ocm, self.awsapi, None
-            )
+        desired_state = sut.build_desired_state_vpc_mesh_single_cluster(
+            self.cluster, self.ocm, self.awsapi, None
+        )
+        assert desired_state == []
 
 
 class TestBuildDesiredStateVpc(testslide.TestCase):
@@ -1341,7 +1340,22 @@ class TestBuildDesiredStateVpcSingleCluster(testslide.TestCase):
             self.ocm, "get_aws_infrastructure_access_terraform_assume_role"
         ).to_return_value("a:role:that:you:will:like").and_assert_called_once()
 
-        with self.assertRaises(sut.BadTerraformPeeringState):
+        desired_state = sut.build_desired_state_vpc_single_cluster(
+            self.cluster, self.ocm, self.awsapi, None
+        )
+        assert desired_state == []
+
+    def test_aws_exception(self):
+        exc_txt = "AWS Problem!"
+        self.mock_callable(self.awsapi, "get_cluster_vpc_details").to_raise(
+            Exception(exc_txt)
+        )
+
+        self.mock_callable(
+            self.ocm, "get_aws_infrastructure_access_terraform_assume_role"
+        ).to_return_value("a:role:that:you:will:like").and_assert_called_once()
+
+        with pytest.raises(Exception, match=exc_txt):
             sut.build_desired_state_vpc_single_cluster(
                 self.cluster, self.ocm, self.awsapi, None
             )

reconcile/utils/acs/policies.py

@@ -116,8 +116,10 @@ class AcsPolicyApi(AcsBaseApi):
                 {"cluster": s.cluster, "namespace": s.namespace} for s in desired.scope
             ],
             "lifecycleStages": [
-                "BUILD"
-            ],  # all currently supported policy criteria are classified as 'build' stage
+                "BUILD",
+                "DEPLOY",
+            ],  # all currently supported policy criteria are classified as 'build' or 'deploy'
+            # and created policies are evaluated at both stages
             "policySections": [
                 {
                     "sectionName": "primary",