qontract-reconcile 0.10.1rc696__py3-none-any.whl → 0.10.1rc702__py3-none-any.whl

{qontract_reconcile-0.10.1rc696.dist-info → qontract_reconcile-0.10.1rc702.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc696
+Version: 0.10.1rc702
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc696.dist-info → qontract_reconcile-0.10.1rc702.dist-info}/RECORD

@@ -9,7 +9,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=Xj_msd-518yR9r1hy39FI3Q9gBRZQsfM9HRA-Ep6CKY,93661
+reconcile/cli.py,sha256=deAj6fNIYnrEKgOKv2UYZKAvuvEmYVUWj4nDSG6y99U,96070
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -92,7 +92,7 @@ reconcile/quay_mirror.py,sha256=9NzbNoxl-NdD8CwImcXNG5xTdHmUJxBfeVk5XHH41J8,1488
 reconcile/quay_mirror_org.py,sha256=Oq-t3kSkgfeSAOUDjLCDRBeEvOIEBacfX38qrX_s0oc,10801
 reconcile/quay_permissions.py,sha256=9KOutS1w4RFQqkvMSy54VtsKNx56-phzP6yI_rEW-B8,4244
 reconcile/quay_repos.py,sha256=cuEYG0HUe0ut5yvLdEwOF5-CmccpXQHRb_wDazvDrvQ,6895
-reconcile/queries.py,sha256=hgQizeUT5_a1ZI9i8wH-ajr7e956u5ynIp90zKMeRCA,50560
+reconcile/queries.py,sha256=NFYbAkPkffZDU6rW1tn9r16jjLSmqWLPKBO6FkSbUWg,50829
 reconcile/query_validator.py,sha256=BAjGrU8_VhzTOv5k0-uz0hY9ziZyconv8VAhgre1Auc,1497
 reconcile/requests_sender.py,sha256=914iluuF4UVgG3VyxxtnHOu4yf6YKS2fIy6PViSsFTQ,3875
 reconcile/resource_scraper.py,sha256=vo1N9vLJCYWvXlTwFRIpEuWjx_39ZV9zxJlpoPq4g3U,2330
@@ -135,20 +135,25 @@ reconcile/aus/version_gates/handler.py,sha256=S_isQPYHbG4DERiUEvQBZ6ngiFX3uMmATA
 reconcile/aus/version_gates/ingress_gate_handler.py,sha256=ZCtyggBzzcb0prtdbMpJsVkj5leYN-vS7srM9vbq9xo,1096
 reconcile/aus/version_gates/ocp_gate_handler.py,sha256=RW1ppDaCZXVegV9AzzqYXxDUu_Z_7d43Z5h2Pk_piKc,716
 reconcile/aus/version_gates/sts_version_gate_handler.py,sha256=PhJ7yBh2q-rv9CJcfFhc0H11nyDyG7NAryNS3F74xdY,3697
+reconcile/aws_account_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/aws_account_manager/integration.py,sha256=TLlhxnHXRCVz2GYJQei-dBdSpeLseEkoVUwHhgi41fk,13804
+reconcile/aws_account_manager/merge_request_manager.py,sha256=zZct3NxWMBQupl4QfD7ULxnt4ipt_2FBoH_NusboIuw,3781
+reconcile/aws_account_manager/reconciler.py,sha256=AqAA3TIEfuYzIogHSBgwYTebxbTy1D6JhcxdLiOfCsc,13588
+reconcile/aws_account_manager/utils.py,sha256=K4rAjEMK-eQ_Sv4lOf6dPynQy97xZ4h-n6cJn5Z6zVw,1248
 reconcile/aws_ami_cleanup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_ami_cleanup/integration.py,sha256=IW95cpMj2P5ffs-AxsR_TDQCJnYFBhLIfP2de7dz_8A,10109
 reconcile/aws_cloudwatch_log_retention/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_cloudwatch_log_retention/integration.py,sha256=0UcSZIrGvnGY4m9fj87oejIolIP_qTxtJInpmW9jrQ0,7772
 reconcile/aws_saml_idp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/aws_saml_idp/integration.py,sha256=uqec-EnxnfGOgQtg33S-Q1wTCv0sVBHNo02aT94hXrw,4807
+reconcile/aws_saml_idp/integration.py,sha256=q0usjBp79aydlcD8kAq-5T2NKhZgEblGLvBBPHiJdKw,4956
 reconcile/aws_saml_roles/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_saml_roles/integration.py,sha256=kC4Rnbuy07TMvZO4rjUEcQkJev10M0Ro6r7YXcB7j_c,9530
 reconcile/aws_version_sync/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/aws_version_sync/integration.py,sha256=4XFCwlndYVwqajOl0oUaq7F7_uvqGKU3jDVqLhZoLus,17306
+reconcile/aws_version_sync/integration.py,sha256=uI6k0nNS_jRrVaIcgm30Hj_M6GIJmexU2X-6Dxe0CZo,17271
 reconcile/aws_version_sync/utils.py,sha256=sVv-48PKi2VITlqqvmpbjnFDOPeGqfKzgkpIszlmjL0,1708
 reconcile/aws_version_sync/merge_request_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_version_sync/merge_request_manager/merge_request.py,sha256=2FbqLLdqxycWNvX1eNbwMjWSVBb7q0p-8t5Db0m7b4Q,4842
-reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py,sha256=NGk16KTblMPhsALYFcvB1agVs0BAka8ph9B2wuiuRb0,8236
+reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py,sha256=3bRpw7DluiYw3daRg0yAyCSGYf39Ru0d8lUjoepDSpU,5525
 reconcile/change_owners/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/change_owners/approver.py,sha256=GV8nwS-YJOJ8O-b9v3u60RSYECYH2EKAycjpoW6VmvU,2228
 reconcile/change_owners/bundle.py,sha256=dZ-GRCIgpSYwKzZD9rs64Ie09OptzDc8aR2X2msnt3Q,5363
@@ -185,6 +190,8 @@ reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py,sha256=zrZCHa
 reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py,sha256=uFx75cLe1a4xyArr6ekoAUbrzSRnhR7S2vaR3G5Fzbw,3299
 reconcile/gql_definitions/app_interface_metrics_exporter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py,sha256=uVEEqU6YYmKsNTo6EWlFnoVmqha2rvBDx-wiD64VmG0,1679
+reconcile/gql_definitions/aws_account_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/gql_definitions/aws_account_manager/aws_accounts.py,sha256=c3RmQwbHa9UlfGwruufkA8PUfeiRJZ-lXEDInAREZqE,4405
 reconcile/gql_definitions/aws_ami_cleanup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/aws_ami_cleanup/asg_namespaces.py,sha256=OJmeTu7uirLGAysZ3IQTtRXqMyL8noi_QZxPuWYxxmI,3678
 reconcile/gql_definitions/aws_saml_idp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -230,6 +237,9 @@ reconcile/gql_definitions/common/saasherder_settings.py,sha256=nqQLcMwYxLseqq0BE
 reconcile/gql_definitions/common/smtp_client_settings.py,sha256=JU6t6D-Qj-z1gLlgUiHKe0W7AxWQdty9jlv-ig_43tM,2248
 reconcile/gql_definitions/common/state_aws_account.py,sha256=LAdpCG2-ykVpWBPO0Zu1WvG-hwKXyDC0fJQxJRpbqCk,2198
 reconcile/gql_definitions/common/users.py,sha256=uDiEDqa4QP89I2oFuKhCtVB61ZviIt7Y75fgrcCm7M4,1681
+reconcile/gql_definitions/cost_report/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/gql_definitions/cost_report/app_names.py,sha256=fzqYXyiTSll359J1F1o7qapco0MSxgs3sr_Ssb2Kbns,1786
+reconcile/gql_definitions/cost_report/settings.py,sha256=0nhBDJ5MZ1m7XkNDGrRLmsnUbzqZ4WRh_DDEEzKhcxU,2153
 reconcile/gql_definitions/dashdotdb_slo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py,sha256=zUa-CmpOwiymVmOV6KwDHH5mMl06p000320FcOas6hU,4315
 reconcile/gql_definitions/dynatrace_token_provider/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -237,6 +247,7 @@ reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py
 reconcile/gql_definitions/fragments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/fragments/aus_organization.py,sha256=ARI87YAbC0VjFri9eVGYrRPBc4s0kWsa25RR8FFoq7E,4433
 reconcile/gql_definitions/fragments/aws_account_common.py,sha256=d_FwpS_dY8o8DCLa3NERs93FVxQLiDUIPm5tGNac-iw,2320
+reconcile/gql_definitions/fragments/aws_account_managed.py,sha256=zXbux0Bb7QZ37fU4LLMKB4m0rT3Y8bD10C1TuOsH_ZQ,1470
 reconcile/gql_definitions/fragments/aws_account_sso.py,sha256=ITR3PLz4Iq1SiWAoYGWPDuHJnAmTyZ0QQqs2Zsi8pxA,979
 reconcile/gql_definitions/fragments/aws_infra_management_account.py,sha256=uAmALVRF2gBM3p_Dmez_ew6KVAtetamwOPkRIPZAlGc,1254
 reconcile/gql_definitions/fragments/aws_vpc.py,sha256=T2egTwi2Rb0IRBBmsyag8xKpu_m6GbIAy80fhZNZwk8,1434
@@ -400,10 +411,10 @@ reconcile/templates/jira-checkpoint-missinginfo.j2,sha256=c_Vvg-lEENsB3tgxm9B6Y9
 reconcile/templates/rosa-classic-cluster-creation.sh.j2,sha256=0UHfYtXRVJqP07VJQx456cRI6EbZNBgamtP_8nb4WPY,2353
 reconcile/templates/rosa-hcp-cluster-creation.sh.j2,sha256=O7Bf3WQIJhsZoEqaYA0wRktUO4yXXCb4BQkuvvp-C80,2385
 reconcile/templating/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/templating/renderer.py,sha256=Dbrap_sR6pxdoS35uYndtFucn4y7qda4SYDQyOd5Usw,8515
+reconcile/templating/renderer.py,sha256=xXCzRuhkDOCPELRKzjkAARTgs4iOoNcdDN_hlKJxyjg,8516
 reconcile/templating/validator.py,sha256=QGH2VSk7sVBuojhk9quRAbj_XBykHN-KZ53DbEneUJs,4391
 reconcile/templating/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/templating/lib/merge_request_manager.py,sha256=tf4BJt-WEneuoE7-yDCj4e-AAa4XDOILW7_TpZ6q-dM,7750
+reconcile/templating/lib/merge_request_manager.py,sha256=El3ufdVjHP4EW-LztX7zPiI9syJBJ6ETGRmiM9K4Nqw,5112
 reconcile/templating/lib/model.py,sha256=TYiH2xL63awd30U-fkZDLEzuxkLdUEgzJ913DEzpFoM,265
 reconcile/templating/lib/rendering.py,sha256=_BVQ2gqip8K1AgLYfaTWh8NKJFTW6VjUZ6rBI_GH30E,5061
 reconcile/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -546,6 +557,9 @@ reconcile/typed_queries/tekton_pipeline_providers.py,sha256=2mpHBdsNPQB94tw0H9ae
 reconcile/typed_queries/terraform_namespaces.py,sha256=71ARJ-GzkU9tBM0IfJTL3NF4349SJy-Mgs_DwAgUz_g,444
 reconcile/typed_queries/app_interface_metrics_exporter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py,sha256=X-N1WJGOL6OR9940P0_K4-YJzkL5Vg4favhYrBxXD9A,327
+reconcile/typed_queries/cost_report/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/typed_queries/cost_report/app_names.py,sha256=HMEMIqAbMyVQfoQ5YXTXE4xDt7FaXBRz0QIHnsIZC1c,478
+reconcile/typed_queries/cost_report/settings.py,sha256=xbTMMUQnbub2pav4B-ctzzRe7ijjTv2bqfqdtb9OnO0,589
 reconcile/typed_queries/terraform_tgw_attachments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/typed_queries/terraform_tgw_attachments/aws_accounts.py,sha256=T5HSeyBcGKP-LzDmIzs-WlBwOtSenYpm0Odw5--xdOg,410
 reconcile/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -592,6 +606,7 @@ reconcile/utils/lean_terraform_client.py,sha256=zReyNPJbr2uOdrdh8Qfe-OZQBoRwxb5Z
 reconcile/utils/make.py,sha256=QaEwucrzbl8-VHS66Wfdjfo0ubmAcvt_hZGpiGsKU50,231
 reconcile/utils/metrics.py,sha256=7nXdctmZ0UtGMHPpS3V55sfH4xpMPqdYaJ3JKAUc_sM,18474
 reconcile/utils/models.py,sha256=It_Q1WNIvw_EDCsiSWzIgpSPr_X9jMgbJI-DR3N23xY,4677
+reconcile/utils/oauth2_backend_application_session.py,sha256=kWUX2LTwKniD01-0a7x-kV9ud3Q30DpLgh1xDbUhLSI,3298
 reconcile/utils/oc.py,sha256=ILAlP-AZMtWeyAepLoMnYbDJfyyMs-Z0fOEo9JXQfkE,65490
 reconcile/utils/oc_connection_parameters.py,sha256=85slrnDigYwYmzhyceVkMElWzFArp4ge1d-fHXVqh0w,9729
 reconcile/utils/oc_filters.py,sha256=R2Lf3fo0jQCeE62Ygeo_KN24XbAosq0QbjimYG6qHI4,1402
@@ -616,7 +631,7 @@ reconcile/utils/sharding.py,sha256=gkYf0lD3IUKQPEmdRJZ70mdDT1c9qWjbdP7evRsUis4,8
 reconcile/utils/slack_api.py,sha256=OPmzU6L9rJx2XXDlZkMlxLjOWu17yC-fVCoUItzQrXw,16295
 reconcile/utils/smtp_client.py,sha256=gJNbBQJpAt5PX4t_TaeNHsXM8vt50bFgndml6yK2b5o,2800
 reconcile/utils/sqs_gateway.py,sha256=gFl9DM4DmGnptuxTOe4lS3YTyE80eSAvK42ljS8h4dA,2287
-reconcile/utils/state.py,sha256=zjsprjbOb0WddzmAvh8ACqAt0fcayrX2YPfz7qceRWw,16090
+reconcile/utils/state.py,sha256=FK8NLT1xyumuXpYRm0Nk6pWpOE_U6-NovGn6zKCw8vw,16298
 reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=mZEKpu6nbfiQd60wRkc8-5sljBTUTOgaAKnF89itMzU,32085
@@ -632,10 +647,12 @@ reconcile/utils/acs/base.py,sha256=Qih-xZ3RBJZEE291iHHlv7lUY6ShcAvSj1PA3_aTTnM,2
 reconcile/utils/acs/policies.py,sha256=_jAz6cv8KRYtDsXjGoJgNbD8_9PUa5LSwwVlpK4A_cQ,5505
 reconcile/utils/acs/rbac.py,sha256=ugsLM9Pb7FbUbdq85E3VzXGMaB9ZovXob7tdWCxwqZ8,8808
 reconcile/utils/aws_api_typed/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/utils/aws_api_typed/api.py,sha256=ICBrpoZ1Y8ShMaNOQmzPzChmw-Ffdg0tCsu97fVwZ-w,6374
-reconcile/utils/aws_api_typed/iam.py,sha256=wH82lA2kUgEKR5McmyU5gB8ASfemT5xAk3Bb9cairVo,1508
-reconcile/utils/aws_api_typed/organization.py,sha256=dJ7J02BNHu7UDyFa9083b92vSamIX8DtHIoF8VwEijY,3675
+reconcile/utils/aws_api_typed/api.py,sha256=gqfZISSQLp6tHEAwEsroLWwyU4ZdbwHi9p0rNBQyLuI,7901
+reconcile/utils/aws_api_typed/iam.py,sha256=ka46H2-SzTCgy6EJYapKTzyZK9vR1bkfD0wF8bDdy1Q,2201
+reconcile/utils/aws_api_typed/organization.py,sha256=oXftcLVuSs9qej6efdssl38FvjeZaQC5R2Wj3NzxX4U,5529
+reconcile/utils/aws_api_typed/service_quotas.py,sha256=OU1D8LCmMw1IT87nt45LqXhguzcWwC8AaBdDTI7tz98,3018
 reconcile/utils/aws_api_typed/sts.py,sha256=5Sauncj9Fif3YDLkJYkBZrtOX0v0bGAqOmY0A5Bh9yA,1237
+reconcile/utils/aws_api_typed/support.py,sha256=PH3UW96Ne4_8I1J-_Vqj-DsK73gYGeVdOH13eD1783c,2447
 reconcile/utils/cloud_resource_best_practice/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/cloud_resource_best_practice/aws_rds.py,sha256=EvE6XKLsrZ531MJptKqPht2lOETrOjySTHXk6CzMgo0,2279
 reconcile/utils/clusterhealth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -659,6 +676,7 @@ reconcile/utils/membershipsources/app_interface_resolver.py,sha256=IlDiRtJZ0AfAG
 reconcile/utils/membershipsources/models.py,sha256=IFu6KHFe-HUTJPiAO3fEw7i22yv4_ytgBW-h_wrO6V4,2015
 reconcile/utils/membershipsources/resolver.py,sha256=meERrCZqeVJZR2lHdZEznaZDsCsUb194UEMOjbE4aYA,3168
 reconcile/utils/merge_request_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/utils/merge_request_manager/merge_request_manager.py,sha256=6i2uwSJoeYiZSRwcnBG5ICQXyIC8umvQ_TzubR7_jvA,3374
 reconcile/utils/merge_request_manager/parser.py,sha256=5pGoz8Q6EuYXlUc1z-D0FahdRP2YLO8CpACoa9HcgtQ,2098
 reconcile/utils/mr/__init__.py,sha256=JQS8xmLZdG4TgjAFZp2ltuV9c1sDFHIHJmpn1bkY9rM,2386
 reconcile/utils/mr/app_interface_reporter.py,sha256=6Kpg93V9FvcOke9Jimkva359MQ-ZyBIkUpf8QIA6-to,1793
@@ -717,20 +735,26 @@ tools/app_interface_metrics_exporter.py,sha256=zkwkxdAUAxjdc-pzx2_oJXG25fo0Fnyd5
 tools/app_interface_reporter.py,sha256=upA-J-n-HXHKVDINRuMR7vTt-iJvQORKUVi9D3leQto,17738
 tools/glitchtip_access_reporter.py,sha256=oPBnk_YoDuljU3v0FaChzOwwnk4vap1xEE67QEjzdqs,2948
 tools/glitchtip_access_revalidation.py,sha256=8kbBJk04mkq28kWoRDDkfCGIF3GRg3pJrFAh1sW0dbk,2821
-tools/qontract_cli.py,sha256=fxXsgjmLBzC1zDkmNnB5jfOnwL-kGci5xC_4BsoIe3M,111648
+tools/qontract_cli.py,sha256=AdOUq_74y-s1nDbF6Yh0z1sTQ1r8yS3nPG9yP-slWfE,111846
 tools/sd_app_sre_alert_report.py,sha256=e9vAdyenUz2f5c8-z-5WY0wv-SJ9aePKDH2r4IwB6pc,5063
 tools/template_validation.py,sha256=-U-lTGeLaci8yWPEblCJeev2DOlY1jM9QOOh-O1zts8,3376
 tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/cli_commands/gpg_encrypt.py,sha256=w8hl4jIEWk5wKbEFN6fVEOwUJGmdlvOqYodW3XSN7mU,4978
+tools/cli_commands/cost_report/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tools/cli_commands/cost_report/command.py,sha256=ecT4SjCwhoWNFF9Xb1spqYzI7QMwX9EFWz6XFSW4bas,6317
+tools/cli_commands/cost_report/cost_management_api.py,sha256=IuPbrtNpgt1wvzHAPQjGPdCobXIkvkusqP8uXv3G204,1743
+tools/cli_commands/cost_report/model.py,sha256=blNk52T6KIDy-7w4V6qvZhGFWplxgDfZ5jRZimPDYJo,593
+tools/cli_commands/cost_report/response.py,sha256=lOmIohSuwJBxoSAC9LCwihBsyWgutHCIW-nvd6_HX5Y,867
+tools/cli_commands/cost_report/view.py,sha256=LtM5AVv1pZ9yT1C_IcTrHHyXlQkRWeS3nnDf5XQVoVQ,8554
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
 tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvftCWEEf-g1mfXOtgCog-g,1271
-tools/test/test_qontract_cli.py,sha256=OvalpVRfY4pNmpMaWHHYqBjV68b1eGQjX8SCyTAXb1w,3501
+tools/test/test_qontract_cli.py,sha256=UEwAW7PA_GIrbqzaLxpkCxbuVjEFLNvnVG-6VyoCGIc,4147
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc696.dist-info/METADATA,sha256=Ze93vzm8KdoglmXqBmbo4n-_lPtbMFpnX5J8ng2LFbQ,2382
-qontract_reconcile-0.10.1rc696.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc696.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
-qontract_reconcile-0.10.1rc696.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc696.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc702.dist-info/METADATA,sha256=Sk3NS11248E7ukRziTkbkvYPypcX1zWYqHoDJBXKxB4,2382
+qontract_reconcile-0.10.1rc702.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc702.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
+qontract_reconcile-0.10.1rc702.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc702.dist-info/RECORD,,

reconcile/aws_account_manager/integration.py

@@ -0,0 +1,342 @@
+from collections.abc import Callable, Iterable
+from datetime import datetime, timezone
+from typing import Any
+
+import jinja2
+
+from reconcile.aws_account_manager.merge_request_manager import MergeRequestManager
+from reconcile.aws_account_manager.reconciler import AWSReconciler
+from reconcile.aws_account_manager.utils import validate
+from reconcile.gql_definitions.aws_account_manager.aws_accounts import (
+    AWSAccountManaged,
+    AWSAccountRequestV1,
+    AWSAccountV1,
+)
+from reconcile.gql_definitions.aws_account_manager.aws_accounts import (
+    query as aws_accounts_query,
+)
+from reconcile.typed_queries.app_interface_repo_url import get_app_interface_repo_url
+from reconcile.typed_queries.github_orgs import get_github_orgs
+from reconcile.typed_queries.gitlab_instances import get_gitlab_instances
+from reconcile.utils import gql
+from reconcile.utils.aws_api_typed.api import AWSApi, AWSStaticCredentials
+from reconcile.utils.aws_api_typed.iam import AWSAccessKey
+from reconcile.utils.defer import defer
+from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.runtime.integration import (
+    PydanticRunParams,
+    QontractReconcileIntegration,
+)
+from reconcile.utils.semver_helper import make_semver
+from reconcile.utils.state import init_state
+from reconcile.utils.unleash import get_feature_toggle_state
+from reconcile.utils.vcs import VCS
+
+QONTRACT_INTEGRATION = "aws-account-manager"
+QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
+
+
+class AwsAccountMgmtIntegrationParams(PydanticRunParams):
+    account_name: str | None
+    flavor: str
+    organization_account_role: str = "OrganizationAccountAccessRole"
+    default_tags: dict[str, str] = {}
+    initial_user_name: str = "terraform"
+    initial_user_policy_arn: str = "arn:aws:iam::aws:policy/AdministratorAccess"
+    initial_user_secret_vault_path: str = (
+        "app-sre/creds/terraform/{account_name}/config"
+    )
+    account_tmpl_resource: str = "/aws-account-manager/account-tmpl.yml"
+    template_collection_root_path: str = "data/templating/collections/aws-account"
+
+
+class AwsAccountMgmtIntegration(
+    QontractReconcileIntegration[AwsAccountMgmtIntegrationParams]
+):
+    """Create and manage AWS accounts."""
+
+    @property
+    def name(self) -> str:
+        return QONTRACT_INTEGRATION
+
+    def get_early_exit_desired_state(
+        self, query_func: Callable | None = None
+    ) -> dict[str, Any]:
+        """Return the desired state for early exit."""
+        if not query_func:
+            query_func = gql.get_api().query
+        payer_accounts, non_organization_accounts = self.get_aws_accounts(
+            query_func, account_name=self.params.account_name
+        )
+        return {
+            "payer_accounts": [account.dict() for account in payer_accounts],
+            "non_organization_accounts": [
+                account.dict() for account in non_organization_accounts
+            ],
+        }
+
+    @staticmethod
+    def render_account_tmpl_file(
+        template: str, account_request: AWSAccountRequestV1, uid: str, settings: dict
+    ) -> str:
+        for k, v in settings.items():
+            if not isinstance(v, str):
+                continue
+            # render string templates with account name
+            settings[k] = v.format(account_name=account_request.name)
+        tmpl = jinja2.Template(
+            template,
+            undefined=jinja2.StrictUndefined,
+            trim_blocks=True,
+            lstrip_blocks=True,
+            keep_trailing_newline=True,
+        ).render({
+            "accountRequest": account_request.dict(by_alias=True),
+            "uid": uid,
+            "settings": settings,
+            "timestamp": int(datetime.now(tz=timezone.utc).timestamp()),
+        })
+        return tmpl
+
+    def get_aws_accounts(
+        self, query_func: Callable, account_name: str | None = None
+    ) -> tuple[list[AWSAccountV1], list[AWSAccountV1]]:
+        """Get all AWS payer and non-organization accounts."""
+        data = aws_accounts_query(query_func)
+
+        all_aws_accounts = [
+            account
+            for account in data.accounts or []
+            if integration_is_enabled(self.name, account)
+            and (not account_name or account.name == account_name)
+        ]
+        for account in all_aws_accounts:
+            validate(account)
+
+        payer_accounts = [
+            account
+            for account in all_aws_accounts
+            if account.organization_accounts or account.account_requests
+        ]
+        all_organization_account_names = {
+            org_account.name
+            for payer_account in payer_accounts
+            for org_account in payer_account.organization_accounts or []
+        }
+
+        non_organization_accounts = [
+            account
+            for account in all_aws_accounts
+            if account.name not in all_organization_account_names
+        ]
+        return payer_accounts, non_organization_accounts
+
+    def save_access_key(self, account: str, access_key: AWSAccessKey) -> None:
+        """Write the AWS secret to Vault."""
+        self.secret_reader.vault_client.write(  # type: ignore[attr-defined] # mypy doesn't recognize the VaultClient.__new__ method
+            secret={
+                "data": {
+                    "aws_access_key_id": access_key.access_key_id,
+                    "aws_secret_access_key": access_key.secret_access_key,
+                },
+                "path": self.params.initial_user_secret_vault_path.format(
+                    account_name=account
+                ).strip("/"),
+            },
+            decode_base64=False,
+        )
+
+    def create_accounts(
+        self,
+        aws_api: AWSApi,
+        reconciler: AWSReconciler,
+        merge_request_manager: MergeRequestManager,
+        account_template: str,
+        account_requests: Iterable[AWSAccountRequestV1],
+    ) -> None:
+        """Create new AWS accounts."""
+        for account_request in account_requests:
+            if not (
+                uid := reconciler.create_organization_account(
+                    aws_api=aws_api,
+                    name=account_request.name,
+                    email=account_request.account_owner.email,
+                )
+            ):
+                continue
+
+            with aws_api.assume_role(
+                account_id=uid, role=self.params.organization_account_role
+            ) as account_role_api:
+                if access_key := reconciler.create_iam_user(
+                    aws_api=account_role_api,
+                    name=account_request.name,
+                    user_name=self.params.initial_user_name,
+                    user_policy_arn=self.params.initial_user_policy_arn,
+                ):
+                    self.save_access_key(account_request.name, access_key)
+
+            merge_request_manager.create_account_file(
+                title=f"{account_request.name}: AWS account template collection file",
+                account_tmpl_file_path=f"{self.params.template_collection_root_path}/{account_request.name}.yml",
+                account_tmpl_file_content=self.render_account_tmpl_file(
+                    template=account_template,
+                    account_request=account_request,
+                    uid=uid,
+                    settings=self.params.dict(),
+                ),
+                account_request_file_path=f"data/{account_request.path.strip('/')}",
+            )
+
+    def reconcile_organization_accounts(
+        self,
+        aws_api: AWSApi,
+        reconciler: AWSReconciler,
+        organization_accounts: Iterable[AWSAccountManaged],
+    ) -> None:
+        """Reconcile organization accounts."""
+        for account in organization_accounts:
+            assert account.organization  # mypy
+            reconciler.reconcile_organization_account(
+                aws_api=aws_api,
+                name=account.name,
+                uid=account.uid,
+                ou=account.organization.ou,
+                tags=self.params.default_tags
+                | account.organization.tags
+                | {"app-interface-name": account.name},
+                enterprise_support=account.premium_support,
+            )
+
+            with aws_api.assume_role(
+                account_id=account.uid, role=self.params.organization_account_role
+            ) as account_role_api:
+                self.reconcile_account(account_role_api, reconciler, account)
+
+    def reconcile_account(
+        self,
+        aws_api: AWSApi,
+        reconciler: AWSReconciler,
+        account: AWSAccountManaged,
+        create_initial_user: bool = True,
+    ) -> None:
+        """Reconcile an AWS account."""
+        reconciler.reconcile_account(
+            aws_api=aws_api,
+            name=account.name,
+            alias=account.alias,
+            quotas=[q for ql in account.quota_limits or [] for q in ql.quotas],
+        )
+
+    def reconcile_payer_accounts(
+        self,
+        reconciler: AWSReconciler,
+        merge_request_manager: MergeRequestManager,
+        default_state_path: str,
+        account_template: str,
+        payer_accounts: Iterable[AWSAccountV1],
+    ) -> None:
+        """Reconcile all payer accounts including account creation."""
+        # reconcile accounts within payer accounts, aka organization accounts
+        for payer_account in payer_accounts:
+            # having a state per flavor and payer account makes it easier in a shared environment
+            reconciler.state.state_path = default_state_path
+            reconciler.state.state_path += f"/{payer_account.name}"
+            aws_account_manager_role = (
+                payer_account.automation_role.aws_account_manager
+                if payer_account.automation_role
+                else None
+            )
+            if not aws_account_manager_role:
+                raise ValueError(
+                    f"awsAccountManager role is not defined for account {payer_account.name}"
+                )
+
+            secret = self.secret_reader.read_all_secret(payer_account.automation_token)
+            with AWSApi(
+                AWSStaticCredentials(
+                    access_key_id=secret["aws_access_key_id"],
+                    secret_access_key=secret["aws_secret_access_key"],
+                    region=payer_account.resources_default_region,
+                )
+            ) as payer_account_aws_api:
+                with payer_account_aws_api.assume_role(
+                    account_id=payer_account.uid,
+                    role=aws_account_manager_role,
+                ) as acct_manager_role_aws_api:
+                    self.create_accounts(
+                        acct_manager_role_aws_api,
+                        reconciler,
+                        merge_request_manager,
+                        account_template,
+                        payer_account.account_requests or [],
+                    )
+                    self.reconcile_organization_accounts(
+                        acct_manager_role_aws_api,
+                        reconciler,
+                        payer_account.organization_accounts or [],
+                    )
+
+    def reconcile_non_organization_accounts(
+        self,
+        reconciler: AWSReconciler,
+        default_state_path: str,
+        non_organization_accounts: Iterable[AWSAccountV1],
+    ) -> None:
+        """Reconcile accounts not part of an organization via a payer account (e.g. payer accounts themselves)"""
+        for account in non_organization_accounts:
+            reconciler.state.state_path = default_state_path
+            reconciler.state.state_path += f"/{account.name}"
+            secret = self.secret_reader.read_all_secret(account.automation_token)
+            with AWSApi(
+                AWSStaticCredentials(
+                    access_key_id=secret["aws_access_key_id"],
+                    secret_access_key=secret["aws_secret_access_key"],
+                    region=account.resources_default_region,
+                )
+            ) as account_aws_api:
+                self.reconcile_account(account_aws_api, reconciler, account)
+
+    @defer
+    def run(self, dry_run: bool, defer: Callable | None = None) -> None:
+        """Run the integration."""
+        gql_api = gql.get_api()
+        payer_accounts, non_organization_accounts = self.get_aws_accounts(
+            gql_api.query, account_name=self.params.account_name
+        )
+        state = init_state(self.name, self.secret_reader)
+        default_state_path = f"state/{self.name}/{self.params.flavor}"
+        reconciler = AWSReconciler(state, dry_run)
+        vcs = VCS(
+            secret_reader=self.secret_reader,
+            github_orgs=get_github_orgs(),
+            gitlab_instances=get_gitlab_instances(),
+            app_interface_repo_url=get_app_interface_repo_url(),
+            dry_run=dry_run,
+            allow_deleting_mrs=False,
+            allow_opening_mrs=True,
+        )
+        if defer:
+            defer(vcs.cleanup)
+        merge_request_manager = MergeRequestManager(
+            vcs=vcs,
+            auto_merge_enabled=get_feature_toggle_state(
+                integration_name=f"{self.name}-allow-auto-merge-mrs", default=False
+            ),
+        )
+        merge_request_manager.fetch_open_merge_requests()
+        account_template = gql_api.get_resource(path=self.params.account_tmpl_resource)[
+            "content"
+        ]
+        self.reconcile_payer_accounts(
+            reconciler=reconciler,
+            merge_request_manager=merge_request_manager,
+            default_state_path=default_state_path,
+            account_template=account_template,
+            payer_accounts=payer_accounts,
+        )
+        self.reconcile_non_organization_accounts(
+            reconciler=reconciler,
+            default_state_path=default_state_path,
+            non_organization_accounts=non_organization_accounts,
+        )

reconcile/aws_account_manager/merge_request_manager.py

@@ -0,0 +1,111 @@
+import logging
+
+from gitlab.exceptions import GitlabGetError
+from gitlab.v4.objects import ProjectMergeRequest
+
+from reconcile.utils.gitlab_api import GitLabApi
+from reconcile.utils.mr.base import MergeRequestBase
+from reconcile.utils.mr.labels import AUTO_MERGE
+from reconcile.utils.vcs import VCS
+
+AWS_MGR = "aws-account-manager"
+
+
+class AwsAccountMR(MergeRequestBase):
+    name = "AwsAccount"
+
+    def __init__(
+        self,
+        title: str,
+        description: str,
+        account_tmpl_file_path: str,
+        account_tmpl_file_content: str,
+        account_request_file_path: str,
+        labels: list[str],
+    ):
+        super().__init__()
+        self._title = title
+        self._description = description
+        self._account_tmpl_file_path = account_tmpl_file_path.lstrip("/")
+        self._account_tmpl_file_content = account_tmpl_file_content
+        self._account_request_file_path = account_request_file_path.lstrip("/")
+        self.labels = labels
+
+    @property
+    def title(self) -> str:
+        return self._title
+
+    @property
+    def description(self) -> str:
+        return self._description
+
+    def process(self, gitlab_cli: GitLabApi) -> None:
+        gitlab_cli.create_file(
+            branch_name=self.branch,
+            file_path=self._account_tmpl_file_path,
+            commit_message="add account template file",
+            content=self._account_tmpl_file_content,
+        )
+        gitlab_cli.delete_file(
+            branch_name=self.branch,
+            file_path=self._account_request_file_path,
+            commit_message="delete account request file",
+        )
+
+
+class MergeRequestManager:
+    """Manager for AWS account merge requests."""
+
+    def __init__(self, vcs: VCS, auto_merge_enabled: bool):
+        self._open_mrs: list[ProjectMergeRequest] = []
+        self._vcs = vcs
+        self._auto_merge_enabled = auto_merge_enabled
+
+    def _merge_request_already_exists(self, aws_acccount_file_path: str) -> bool:
+        return any(
+            aws_acccount_file_path == diff["new_path"]
+            for mr in self._open_mrs
+            for diff in mr.changes()["changes"]
+        )
+
+    def fetch_open_merge_requests(self) -> None:
+        all_open_mrs = self._vcs.get_open_app_interface_merge_requests()
+        self._open_mrs = [mr for mr in all_open_mrs if AWS_MGR in mr.labels]
+
+    def create_account_file(
+        self,
+        title: str,
+        account_tmpl_file_path: str,
+        account_tmpl_file_content: str,
+        account_request_file_path: str,
+    ) -> None:
+        """Open new MR (if not already present) for an AWS account and remove the account request file."""
+        if self._merge_request_already_exists(account_tmpl_file_path):
+            return None
+
+        try:
+            self._vcs.get_file_content_from_app_interface_master(
+                file_path=account_tmpl_file_path
+            )
+            # File already exists
+            raise FileExistsError(
+                f"File {account_tmpl_file_path} already exists in the repository"
+            )
+        except GitlabGetError as e:
+            if e.response_code != 404:
+                raise e
+
+        logging.info("Open MR for %s", account_tmpl_file_path)
+        mr_labels = [AWS_MGR]
+        if self._auto_merge_enabled:
+            mr_labels.append(AUTO_MERGE)
+        self._vcs.open_app_interface_merge_request(
+            mr=AwsAccountMR(
+                title=title,
+                description=f"New AWS account template collection file {account_tmpl_file_path}",
+                account_tmpl_file_path=account_tmpl_file_path,
+                account_tmpl_file_content=account_tmpl_file_content,
+                account_request_file_path=account_request_file_path,
+                labels=mr_labels,
+            )
+        )