qontract-reconcile 0.10.1rc517__py3-none-any.whl → 0.10.1rc519__py3-none-any.whl

{qontract_reconcile-0.10.1rc517.dist-info → qontract_reconcile-0.10.1rc519.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc517
+Version: 0.10.1rc519
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc517.dist-info → qontract_reconcile-0.10.1rc519.dist-info}/RECORD

@@ -61,7 +61,7 @@ reconcile/ocm_machine_pools.py,sha256=eebJ6iiTdUcuKE5zBcfNxW1OGmPOvgBtmVu3xNVOoy
 reconcile/ocm_update_recommended_version.py,sha256=IYkfLXIprOW1jguZeELcGP1iBPuj-b53R-FTqKulMl8,4204
 reconcile/ocm_upgrade_scheduler_org_updater.py,sha256=ta8hMJ-su5mRcPpYrvB1COsojXV-SU3PzLPbQhy2Q0I,4190
 reconcile/openshift_base.py,sha256=7aifvl-ay5wpY6encbUX9pGbKdjiwJmevZ3XWGRzpCM,49696
-reconcile/openshift_cluster_bots.py,sha256=6L4eQuT76AmZGr-tN8hymqqCyCBgOj07nod-35PJtHw,10165
+reconcile/openshift_cluster_bots.py,sha256=8cb-1j9ksIUxhfn_9oD--5YN9OznTCZky83MX8KgffM,10873
 reconcile/openshift_clusterrolebindings.py,sha256=QfSy1Ik8eEY5XObc1Q4xyhqyErZenJmbPv_u9wcDNNo,5864
 reconcile/openshift_groups.py,sha256=d-qGI1aUEpZZLZq7PuSnjVDgsy5EB063CQr2tNvYPCE,9419
 reconcile/openshift_limitranges.py,sha256=UvCGo_OQ4XoDK55TJmn55qEhhlkhLzhU12tX8nT5kPQ,3442
@@ -114,7 +114,7 @@ reconcile/terraform_repo.py,sha256=c0GZFuY3rCm6VHjHqYbsgOHrEkRWKF_1LrMThsn2XDw,1
 reconcile/terraform_resources.py,sha256=x5Do4xBBhjJdIVRi0Gy4h-ryCCZ6kU7bT_iB0_mGing,17105
 reconcile/terraform_tgw_attachments.py,sha256=_g7QSHM03YZzTU7O189S4HYtUn7WmwOBq67G4AieU24,15298
 reconcile/terraform_users.py,sha256=kXRUxCUchKCP2dbXXOzctynqMii4oyCP6bYZHQTrlTg,10202
-reconcile/terraform_vpc_peerings.py,sha256=UoxjkOw_w5esHP2IeIsphxYPuhdvbDAfY97ubfnEH0g,25029
+reconcile/terraform_vpc_peerings.py,sha256=rnDH1u93OyzrBM8Hib0HwSnlxZtx4ScRQaZAcn3mx-k,25402
 reconcile/vault_replication.py,sha256=b23ZfsQwS470GMvPPv1E6TU8MLBg3HX31_9IvMzE1tk,17280
 reconcile/vpc_peerings_validator.py,sha256=Kv22HJVlTW9l9GB2eXwjPWqdDbr_VuvQBNPttox6s5o,7177
 reconcile/aus/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -411,7 +411,7 @@ reconcile/test/test_ocm_machine_pools.py,sha256=3qo6t2Jfr1Wee0NUacyLTDmatp0o7CUN
 reconcile/test/test_ocm_update_recommended_version.py,sha256=iA4BVirTGVXlwcOyeR52IuNO81X_8NR6ZNd7ZFE7igs,4328
 reconcile/test/test_ocm_upgrade_scheduler_org_updater.py,sha256=zYRGUX7pAmxSv9oFYw2ZnPGa-YAPgDfmqXOJM4eE-8A,4353
 reconcile/test/test_openshift_base.py,sha256=uVsnMghAQhHaJTreeOw4x2INTKJ6qeiZiiteWeKflW8,33874
-reconcile/test/test_openshift_cluster_bots.py,sha256=GzwG73V-psL3qZ2R1ekiSWr9L6935eLduw7tls5KaUI,7928
+reconcile/test/test_openshift_cluster_bots.py,sha256=-h1wDki9wh_WsNvNdPGuf-EjXP1MKWGRIIF9GcSuGjw,7928
 reconcile/test/test_openshift_namespace_labels.py,sha256=P1hqi6P88NijNrurdXG_QR2usyo3EYZSy9zpwYHvDsM,12104
 reconcile/test/test_openshift_namespaces.py,sha256=HmRnCE5EnFt3MYceVEFHmk8wWRtCrxu2AFGFkY9pdyA,9214
 reconcile/test/test_openshift_resource.py,sha256=lbTf48jX1q6rGnRiA5pPvfU0uPfY8zhNylMtryn0sLI,12995
@@ -444,7 +444,7 @@ reconcile/test/test_terraform_resources.py,sha256=1ny_QSFuRjV9jxZY8EeT4NVJ5dMv7c
 reconcile/test/test_terraform_tgw_attachments.py,sha256=cAq6exc-K-jtLla1CZUZQzVnBkyDnIlL7jybnddhLKc,36861
 reconcile/test/test_terraform_users.py,sha256=Xn4y6EcxnNQb6XcPoOhz_Ikxmh9Nrsu88OM1scN9hzY,5434
 reconcile/test/test_terraform_vpc_peerings.py,sha256=ubcsKh0TrUIwuI1-W3ETIgzsFvzAyeoFmEJFC-IK6JY,20538
-reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=Pyw8Jbp8lX5Tsk1yWZ0-4NJmwxqdwK1NnVYk6peLIQc,47440
+reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=DAfpb12I0PlqnuVUHK2vh4LH4d1OylT3H2GE_3TGZZI,47852
 reconcile/test/test_three_way_diff_strategy.py,sha256=2fjEqE2w4pIzKq18PRcADTSe01aGwsZfMGloU8xfNaE,3346
 reconcile/test/test_unleash.py,sha256=c1s_FRAZrAzzd3FbZrzHYjJzHELhoxPHBZnEzqsfMQg,6416
 reconcile/test/test_vault_replication.py,sha256=wlc4jm9f8P641UvvxIFFFc5_unJysNkOVrKJscjhQr0,16867
@@ -668,8 +668,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=d18KrdhtUGqoC7_kWZU128U0-VJEj-0rjFkLVufcI6I,2755
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc517.dist-info/METADATA,sha256=pm8ptXrk2UwiZZY4b3yOIkczJdFRVa5afyr01T7loMw,2349
-qontract_reconcile-0.10.1rc517.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-qontract_reconcile-0.10.1rc517.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
-qontract_reconcile-0.10.1rc517.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc517.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc519.dist-info/METADATA,sha256=PkWYKrPAojcwXRY7Pu263rk2RvG9DyNwH8Tsqzg_JqA,2349
+qontract_reconcile-0.10.1rc519.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+qontract_reconcile-0.10.1rc519.dist-info/entry_points.txt,sha256=rTjAv28I_CHLM8ID3OPqMI_suoQ9s7tFbim4aYjn9kk,376
+qontract_reconcile-0.10.1rc519.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc519.dist-info/RECORD,,

reconcile/openshift_cluster_bots.py

@@ -124,7 +124,11 @@ def retrieve_token(kubeconfig: str, namespace: str, sa: str) -> str:
 
 
 def create_sa(
-    kubeconfig: str, namespace: str, sa: str, create_namespace: bool = False
+    kubeconfig: str,
+    namespace: str,
+    sa: str,
+    create_namespace: bool = False,
+    cluster_admin: bool = False,
 ) -> str:
     items: list[dict] = []
     if create_namespace:
@@ -159,6 +163,26 @@ def create_sa(
             "type": "kubernetes.io/service-account-token",
         },
     ])
+    if cluster_admin:
+        items.append({
+            "apiVersion": "rbac.authorization.k8s.io/v1",
+            "kind": "ClusterRoleBinding",
+            "metadata": {
+                "name": f"{namespace}-{sa}",
+            },
+            "roleRef": {
+                "apiGroup": "rbac.authorization.k8s.io",
+                "kind": "ClusterRole",
+                "name": "cluster-admin",
+            },
+            "subjects": [
+                {
+                    "kind": "ServiceAccount",
+                    "name": sa,
+                    "namespace": namespace,
+                }
+            ],
+        })
 
     oc_apply(kubeconfig, namespace, items)
     token = retrieve_token(kubeconfig, namespace, sa)
@@ -200,6 +224,7 @@ def create_cluster_bots(
                         config.cluster_admin_ns,
                         config.cluster_admin_sa,
                         create_namespace=True,
+                        cluster_admin=True,
                     )
     except subprocess.CalledProcessError as e:
         logging.error(e.stderr)

reconcile/terraform_vpc_peerings.py

@@ -210,9 +210,11 @@ def build_desired_state_single_cluster(
             )
         )
         if requester_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"[{cluster_name}] could not find VPC ID for cluster"
+            logging.warning(
+                f"[{cluster_name}] could not find VPC ID for cluster. "
+                f"Skipping {peer_connection_provider} connection {peer_connection['name']}"
             )
+            continue
 
         requester = {
             "cidr_block": cluster_info["network"]["vpc"],
@@ -234,9 +236,11 @@ def build_desired_state_single_cluster(
             hcp_vpc_endpoint_sg=_private_hosted_control_plane(peer_cluster),
         )
         if accepter_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"[{peer_cluster_name}] could not find VPC ID for cluster"
+            logging.warning(
+                f"[{peer_cluster_name}] could not find VPC ID for cluster. "
+                f"Skipping {peer_info['provider']} connection {peer_info['name']}"
             )
+            continue
 
         requester["peer_owner_id"] = acc_aws["uid"]
         if acc_aws.get("assume_role"):
@@ -340,10 +344,11 @@ def build_desired_state_vpc_mesh_single_cluster(
         )
 
         if requester_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"{cluster} could not find VPC ID for cluster and "
-                f"peer account {account}"
+            logging.warning(
+                f"[{cluster}] could not find VPC ID for cluster and peer account {account}. "
+                f"Skipping {peer_connection_provider} connection {peer_connection['name']}"
             )
+            continue
 
         requester["vpc_id"] = requester_vpc_id
         requester["route_table_ids"] = requester_route_table_ids
@@ -478,9 +483,11 @@ def build_desired_state_vpc_single_cluster(
         )
 
         if requester_vpc_id is None:
-            raise BadTerraformPeeringState(
-                f"[{cluster}] could not find VPC ID for cluster"
+            logging.warning(
+                f"[{cluster}] could not find VPC ID for cluster. "
+                f"Skipping {peer_connection_provider} connection {peer_connection['name']}"
             )
+            continue
 
         requester["vpc_id"] = requester_vpc_id
         requester["route_table_ids"] = requester_route_table_ids

reconcile/test/test_openshift_cluster_bots.py

@@ -234,6 +234,6 @@ def test_run_cluster_admin(
     )
     mocks.oc.return_value = {"data": {"token": "mytoken"}}
     ocb.run(**integ_params)
-    assert mocks.oc.call_count == 7
+    assert mocks.oc.call_count == 8
     mocks.vault.assert_called_once()
     mocks.submit_mr.assert_called_once()

reconcile/test/test_terraform_vpc_peerings_build_desired_state.py

@@ -466,11 +466,10 @@ def test_c2c_no_vpc_in_aws(mocker):
 
     awsapi = MockAWSAPI()
 
-    with pytest.raises(sut.BadTerraformPeeringState) as ex:
-        sut.build_desired_state_single_cluster(
-            requester_cluster, ocm, awsapi, account_filter=None
-        )
-    assert str(ex.value).endswith("could not find VPC ID for cluster")
+    desired_state = sut.build_desired_state_single_cluster(
+        requester_cluster, ocm, awsapi, account_filter=None
+    )
+    assert desired_state == []
 
 
 def test_c2c_no_peer_account(mocker):
@@ -936,10 +935,10 @@ class TestBuildDesiredStateVpcMeshSingleCluster(testslide.TestCase):
             None,
         )).and_assert_called_once()
 
-        with self.assertRaises(sut.BadTerraformPeeringState):
-            sut.build_desired_state_vpc_mesh_single_cluster(
-                self.cluster, self.ocm, self.awsapi, None
-            )
+        desired_state = sut.build_desired_state_vpc_mesh_single_cluster(
+            self.cluster, self.ocm, self.awsapi, None
+        )
+        assert desired_state == []
 
 
 class TestBuildDesiredStateVpc(testslide.TestCase):
@@ -1341,7 +1340,22 @@ class TestBuildDesiredStateVpcSingleCluster(testslide.TestCase):
             self.ocm, "get_aws_infrastructure_access_terraform_assume_role"
         ).to_return_value("a:role:that:you:will:like").and_assert_called_once()
 
-        with self.assertRaises(sut.BadTerraformPeeringState):
+        desired_state = sut.build_desired_state_vpc_single_cluster(
+            self.cluster, self.ocm, self.awsapi, None
+        )
+        assert desired_state == []
+
+    def test_aws_exception(self):
+        exc_txt = "AWS Problem!"
+        self.mock_callable(self.awsapi, "get_cluster_vpc_details").to_raise(
+            Exception(exc_txt)
+        )
+
+        self.mock_callable(
+            self.ocm, "get_aws_infrastructure_access_terraform_assume_role"
+        ).to_return_value("a:role:that:you:will:like").and_assert_called_once()
+
+        with pytest.raises(Exception, match=exc_txt):
             sut.build_desired_state_vpc_single_cluster(
                 self.cluster, self.ocm, self.awsapi, None
             )