qontract-reconcile 0.10.1rc705__py3-none-any.whl → 0.10.1rc707__py3-none-any.whl

{qontract_reconcile-0.10.1rc705.dist-info → qontract_reconcile-0.10.1rc707.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc705
+Version: 0.10.1rc707
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc705.dist-info → qontract_reconcile-0.10.1rc707.dist-info}/RECORD

@@ -9,7 +9,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=deAj6fNIYnrEKgOKv2UYZKAvuvEmYVUWj4nDSG6y99U,96070
+reconcile/cli.py,sha256=Xci_L0O3nPUPK3HA1NhIhbrzcPLZkXT65fCaJA66Tvg,96354
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -18,6 +18,7 @@ reconcile/dashdotdb_dora.py,sha256=n9EJXhxCoMYuldj4Fa5s0TqfiiolSrqDEOCaLBV3uag,1
 reconcile/dashdotdb_dvo.py,sha256=YXqpI6fBQAql-ybGI0grj9gWMzmKiAvPE__pNju6obk,8996
 reconcile/dashdotdb_slo.py,sha256=bf1WSh5JP9obHVQsMy0OO71_VTYZgwAopElFZM6DmRo,6714
 reconcile/database_access_manager.py,sha256=42dBJyihdwx4WjEBjwi3lUiDzQ1t_2ZFViJri2c4_aE,25716
+reconcile/deadmanssnitch.py,sha256=lePZWxya1Xz_EqKxyBXoeTeFSWuJEn0-mU91SEHs93g,7707
 reconcile/dynatrace_token_provider.py,sha256=P5jvMavremWp64LVknz1kCZI4aagwLrDDfXkmJ9diwY,17212
 reconcile/email_sender.py,sha256=-5L-Ag_jaEYSzYRoMr52KQBRXz1E8yx9GqLbg2X4XFU,3533
 reconcile/gabi_authorized_users.py,sha256=9kpSJGyMe_qYVHIgTFHhYf8E3lKSLO0Ia1WwK9ADNIE,4502
@@ -136,7 +137,7 @@ reconcile/aus/version_gates/ingress_gate_handler.py,sha256=ZCtyggBzzcb0prtdbMpJs
 reconcile/aus/version_gates/ocp_gate_handler.py,sha256=RW1ppDaCZXVegV9AzzqYXxDUu_Z_7d43Z5h2Pk_piKc,716
 reconcile/aus/version_gates/sts_version_gate_handler.py,sha256=PhJ7yBh2q-rv9CJcfFhc0H11nyDyG7NAryNS3F74xdY,3697
 reconcile/aws_account_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/aws_account_manager/integration.py,sha256=eYWP5zrLwSOYcAN8ym0RxU1Gri_Fwovho_X1AxUQMXc,15049
+reconcile/aws_account_manager/integration.py,sha256=FRZ1_jaK4maY4ClJmVGB7dCkDxZCaQP4yMDlYF-Lc3E,15042
 reconcile/aws_account_manager/merge_request_manager.py,sha256=zZct3NxWMBQupl4QfD7ULxnt4ipt_2FBoH_NusboIuw,3781
 reconcile/aws_account_manager/metrics.py,sha256=YB10ea4kIGwJfs5N14RF-RoXPb-QQWaDBz1jLZ3YWE0,917
 reconcile/aws_account_manager/reconciler.py,sha256=AqAA3TIEfuYzIogHSBgwYTebxbTy1D6JhcxdLiOfCsc,13588
@@ -215,12 +216,14 @@ reconcile/gql_definitions/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
 reconcile/gql_definitions/common/alerting_services_settings.py,sha256=mT7cobC9mR_bhFSYeQX1apVA5zMqSbu5fYcdd4iZ9mg,1802
 reconcile/gql_definitions/common/app_code_component_repos.py,sha256=eGlv8SRiLl-QUYNDl_gAvtQGMB2Hr31EqUXYQO_wOcg,1835
 reconcile/gql_definitions/common/app_interface_custom_messages.py,sha256=5a-rmQqR0qmews01K1WiTw1ZHUIUmQoznF9v8_Uw9QQ,2000
+reconcile/gql_definitions/common/app_interface_dms_settings.py,sha256=h-N7-XGpmH7O9d3UBPhJJl48tpZvqihLloamZKdlgVg,2568
 reconcile/gql_definitions/common/app_interface_repo_settings.py,sha256=rud0rz9NIFF-h1fFdk3MnwGmx73rhwrn1taN_HefvyU,1754
 reconcile/gql_definitions/common/app_interface_state_settings.py,sha256=VXIK0Hmyv6GTShI86IGkjxyHGwufqUBAh617XKUAKaI,2507
 reconcile/gql_definitions/common/app_interface_vault_settings.py,sha256=w8quvdG0cSq71ZyJokPPp7MyMpoDb6-HLQ3o9JHVGRQ,1771
 reconcile/gql_definitions/common/aws_vpcs.py,sha256=Dss9dQ3xagnz3Ltg1e9mtG2PAmQGBbUzKCmmzvuN28s,1892
 reconcile/gql_definitions/common/clusters.py,sha256=eJIbMQltj-Sc7h_QVIeFkbRy1b_QJIkHATfbagxM-yU,21527
 reconcile/gql_definitions/common/clusters_minimal.py,sha256=yZpjS9qWyusCEiWtD8wzf0tak298uQyxiN4lC6KNo4s,4475
+reconcile/gql_definitions/common/clusters_with_dms.py,sha256=GJ53P8tgMLh1NfVkaV9_AmaqF9pNUqJZcDkcKzKzUy0,2242
 reconcile/gql_definitions/common/clusters_with_peering.py,sha256=6mv1m8lc9UDzMWXatkTbYHwBaXoHIIC62qXULsfQN5Y,11822
 reconcile/gql_definitions/common/github_orgs.py,sha256=rZ0pDAA2_9hF9N-ykRZIxPtEmczTSjuA_k3nkp0k1W0,2039
 reconcile/gql_definitions/common/jira_settings.py,sha256=Fmjxhlhr69kc4jkG_0k17fuYlQVucbNex0jXYu83wbY,1990
@@ -436,6 +439,7 @@ reconcile/test/test_cli.py,sha256=qx_iBwh4Z-YkK3sbjK1wEziPTgn060EN-baf9DNvR3k,10
 reconcile/test/test_closedbox_endpoint_monitoring.py,sha256=isMHYwRWMFARU2nbJgbl69kD6H0eA86noCM4MPVI1fo,7151
 reconcile/test/test_dashdotdb_dora.py,sha256=MfHGAsX2eSQSvBVt9_1Sah3aQKNJBXA9Iu86X0NWD6c,7705
 reconcile/test/test_database_access_manager.py,sha256=-9fYo8wMNhbJUTK_bd7g_fS5zYsAlqQ0rBDDYBMZvZQ,19595
+reconcile/test/test_deadmanssnitch.py,sha256=tSeFRG9JUOR-Y7W4S5adv9ZqfgAhbQOgnqW-EhCXggU,9445
 reconcile/test/test_gabi_authorized_users.py,sha256=6XnV5Q9inxP81ktGMVKyWucjBTUj8Imy2L0HG3YHyUE,2496
 reconcile/test/test_gcr_mirror.py,sha256=A0y8auKZzr62-mGoxSQ__JnN0-ijZUltzjwR5miBgso,490
 reconcile/test/test_github_org.py,sha256=j3KeB4OnSln1gm2hidce49xdMru-j75NS3cM-AEgzZc,4511
@@ -534,12 +538,14 @@ reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas
 reconcile/typed_queries/__init__.py,sha256=rRk4CyslLsBr4vAh1pIPgt6s3P4R1M9NSEPLnyQgBpk,61
 reconcile/typed_queries/alerting_services_settings.py,sha256=sX6s8GY-BB0UHogMC1ICeREVab-IYrNm1c-hqMGEdYQ,864
 reconcile/typed_queries/app_interface_custom_messages.py,sha256=5HWr68_kb4bEL8pDCIH0ez6GOrdwdbGF6w88xV0_Ccs,718
+reconcile/typed_queries/app_interface_deadmanssnitch_settings.py,sha256=y30_SmS0JkxUN1qbpNqYnl8gEUBmom8UIEH4i9_Pl2E,683
 reconcile/typed_queries/app_interface_repo_url.py,sha256=ePr_nvjDeyZPR4sHsDQFubV2gslj9lPUSzIWWhm0syo,609
 reconcile/typed_queries/app_interface_state_settings.py,sha256=ytNAf3feg8JwmdCC4vO1WtVb-Ok5_ZtNAL3mXe2d1Pw,479
 reconcile/typed_queries/app_interface_vault_settings.py,sha256=uFS7qLjjGnrK8gm2fkUT8RFd7s_5kxTWWpxZRhr1Ndo,746
 reconcile/typed_queries/aws_vpcs.py,sha256=bM7dWpVHV6J1WYjgHOe2rfAl4vKpUoC8khPQSdtkxVQ,371
 reconcile/typed_queries/clusters.py,sha256=tptLP2Ov1lNqtDGuPKBOVvpDtREm5CQFDDVyp0xKkRQ,506
 reconcile/typed_queries/clusters_minimal.py,sha256=flvs4oXVR4b971h-zMTK3C2GL3bjMnvZgrAeI3XgBQQ,517
+reconcile/typed_queries/clusters_with_dms.py,sha256=hyNPaHBgUIhnAeuOSY5SG46U1zDp9KytUXEobkZdRlQ,551
 reconcile/typed_queries/clusters_with_peering.py,sha256=lIai7SJJD0bqIJbe7virgrbYRqjLouSL2OpJD0itpAY,330
 reconcile/typed_queries/get_state_aws_account.py,sha256=CSJjVPWsUZ2rkGIt8ehoQt7hokFqrUDgG9HFlg2lVD8,492
 reconcile/typed_queries/github_orgs.py,sha256=UZhoPl8qvA_tcO7CZlN8GuMKckt3ywd47Suu61rgHsc,258
@@ -572,6 +578,7 @@ reconcile/utils/binary.py,sha256=EsOGg82Y2QJh91SGJE0tYpBKqU0iaaagQVoYONBtQn8,235
 reconcile/utils/config.py,sha256=aId5zrPjM_84u_T4yTRE_Psu3zo5-5_JCR6_7Wgv5UQ,990
 reconcile/utils/constants.py,sha256=pOUd97bqZdsAu5RWJ8NUs9cwCY7K9y0eW9VVeJ4fZIU,138
 reconcile/utils/data_structures.py,sha256=VyKfnlNJTiRvZKNpfgIrjESQ2YgmEpWuPQXT14WA1vI,311
+reconcile/utils/deadmanssnitch_api.py,sha256=hkfbfbRAhzLpI39o6Du7FZKVtf4UVJ1OljOQNUkmODM,2478
 reconcile/utils/defer.py,sha256=SniUsbgOEs9Pa8JkecLu0F94O63yQPByKXaElDYe0FI,377
 reconcile/utils/differ.py,sha256=kJmUp9ZffFPSUEviaAw3s9c92ErwRJeHaRexGPai7wA,7643
 reconcile/utils/disabled_integrations.py,sha256=avdDsFyl_LdTsrPVzlcIhWzT_V4C4MXw1ZC__aOtluE,1126
@@ -754,8 +761,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=UEwAW7PA_GIrbqzaLxpkCxbuVjEFLNvnVG-6VyoCGIc,4147
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc705.dist-info/METADATA,sha256=YtGSBbEgiTX-KjpVXGWDJUurUpGAlTHRnByM79rRMd4,2382
-qontract_reconcile-0.10.1rc705.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc705.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
-qontract_reconcile-0.10.1rc705.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc705.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc707.dist-info/METADATA,sha256=2sMuicUof6ZemdDsl2x77zDnjVZkgPZowU7C4iUrFPk,2382
+qontract_reconcile-0.10.1rc707.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc707.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
+qontract_reconcile-0.10.1rc707.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc707.dist-info/RECORD,,

reconcile/aws_account_manager/integration.py

@@ -320,7 +320,7 @@ class AwsAccountMgmtIntegration(
                         flavor=self.params.flavor,
                         payer_account=payer_account.name,
                     ),
-                    value=sum([len(payer_account.organization_accounts or [])]),
+                    value=len(payer_account.organization_accounts or []),
                 )
             metrics_container.set_gauge(
                 NonOrgAccountCounter(flavor=self.params.flavor),

reconcile/cli.py

@@ -3431,6 +3431,17 @@ def acs_policies(ctx):
     )
 
 
+@integration.command(short_help="Automate Deadmanssnitch Creation/Deletion")
+@click.pass_context
+def deadmanssnitch(ctx):
+    from reconcile import deadmanssnitch
+
+    run_class_integration(
+        integration=deadmanssnitch.DeadMansSnitchIntegration(),
+        ctx=ctx.obj,
+    )
+
+
 def get_integration_cli_meta() -> dict[str, IntegrationMeta]:
     """
     returns all integrations known to cli.py via click introspection

reconcile/deadmanssnitch.py

@@ -0,0 +1,208 @@
+import logging
+from typing import (
+    Optional,
+    cast,
+)
+
+from reconcile.gql_definitions.common.clusters_with_dms import ClusterV1
+from reconcile.typed_queries.app_interface_deadmanssnitch_settings import (
+    get_deadmanssnitch_settings,
+)
+from reconcile.typed_queries.clusters_with_dms import get_clusters_with_dms
+from reconcile.utils.deadmanssnitch_api import (
+    DeadMansSnitchApi,
+    Snitch,
+)
+from reconcile.utils.differ import diff_mappings
+from reconcile.utils.runtime.integration import (
+    NoParams,
+    QontractReconcileIntegration,
+)
+from reconcile.utils.secret_reader import (
+    SecretNotFound,
+)
+from reconcile.utils.semver_helper import make_semver
+from reconcile.utils.vault import (
+    SecretFieldNotFound,
+    VaultClient,
+    _VaultClient,
+)
+
+QONTRACT_INTEGRATION = "deadmanssnitch"
+SECRET_NOT_FOUND = "SECRET_NOT_FOUND"
+
+
+class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
+    """Integration to automate deadmanssnitch snitch api during cluster dressup."""
+
+    @property
+    def name(self) -> str:
+        return QONTRACT_INTEGRATION
+
+    def __init__(self) -> None:
+        super().__init__(NoParams())
+        self.qontract_integration_version = make_semver(0, 1, 0)
+        self.settings = get_deadmanssnitch_settings()
+        self.vault_client = cast(_VaultClient, VaultClient())
+
+    def write_snitch_to_vault(
+        self, cluster_name: str, snitch_url: Optional[str]
+    ) -> None:
+        if snitch_url:
+            self.vault_client.write(
+                {
+                    "path": self.settings.snitches_path,
+                    "data": {f"deadmanssnitch-{cluster_name}-url": snitch_url},
+                },
+                decode_base64=False,
+            )
+
+    def add_vault_data(
+        self, cluster_name: str, snitch: Snitch, snitch_secret_path: str
+    ) -> Snitch:
+        try:
+            full_secret_path = {
+                "path": snitch_secret_path,
+                "field": f"deadmanssnitch-{cluster_name}-url",
+            }
+            snitch.vault_data = self.secret_reader.read(full_secret_path).strip()
+        except (SecretNotFound, SecretFieldNotFound):
+            snitch.vault_data = SECRET_NOT_FOUND
+        return snitch
+
+    def create_snitch(
+        self, cluster_name: str, snitch: Snitch, deadmanssnitch_api: DeadMansSnitchApi
+    ) -> None:
+        payload = {
+            "name": snitch.name,
+            "alert_type": snitch.alert_type,
+            "interval": snitch.interval,
+            "tags": snitch.tags,
+            "alert_email": snitch.alert_email,
+            "notes": snitch.notes,
+        }
+        snitch_data = deadmanssnitch_api.create_snitch(payload=payload)
+        self.write_snitch_to_vault(
+            cluster_name=cluster_name, snitch_url=snitch_data.check_in_url
+        )
+
+    def reconcile(
+        self,
+        dry_run: bool,
+        current_state: dict[str, Snitch],
+        desired_state: dict[str, Snitch],
+        deadmanssnitch_api: DeadMansSnitchApi,
+    ) -> None:
+        diffs = diff_mappings(current=current_state, desired=desired_state)
+        errors = []
+        for cluster_name, snitch in diffs.add.items():
+            logging.info("[cluster_name:%s] [Action:create_snitch]", cluster_name)
+            try:
+                if not dry_run:
+                    self.create_snitch(cluster_name, snitch, deadmanssnitch_api)
+            except Exception as e:
+                errors.append(e)
+        for cluster_name, snitch in diffs.delete.items():
+            logging.info("[cluster_name:%s] [Action:delete_snitch]", cluster_name)
+            try:
+                if not dry_run:
+                    deadmanssnitch_api.delete_snitch(snitch.token)
+            except Exception as e:
+                errors.append(e)
+        for cluster_name, diff_pair in diffs.identical.items():
+            try:
+                if diff_pair.desired.needs_vault_update():
+                    self.write_snitch_to_vault(
+                        cluster_name=cluster_name,
+                        snitch_url=diff_pair.desired.check_in_url,
+                    )
+            except Exception as e:
+                errors.append(e)
+        if errors:
+            raise ExceptionGroup("Errors occurred while reconcile", errors)
+
+    def get_current_state(
+        self,
+        deadmanssnitch_api: DeadMansSnitchApi,
+        clusters: list[ClusterV1],
+        snitch_secret_path: str,
+        cluster_to_prometheus_mapping: dict[str, str],
+    ) -> dict[str, Snitch]:
+        # current state includes for deadmanssnithch response and associated secret in vault
+        snitches = deadmanssnitch_api.get_snitches(tags=self.settings.tags)
+        # create snitch_map only for  the desired clusters
+        snitches_with_cluster_mapping = {
+            cluster.name: snitch
+            for snitch in snitches
+            for cluster in clusters
+            if (cluster_to_prometheus_mapping.get(cluster.name) == snitch.name)
+        }
+        current_state = {
+            cluster.name: self.add_vault_data(cluster.name, snitch, snitch_secret_path)
+            for cluster in clusters
+            if (snitch := snitches_with_cluster_mapping.get(cluster.name))
+        }
+        return current_state
+
+    def get_desired_state(
+        self,
+        clusters: list[ClusterV1],
+        current_state: dict[str, Snitch],
+        cluster_to_prometheus_mapping: dict[str, str],
+    ) -> dict[str, Snitch]:
+        desired_state = {
+            cluster.name: self.map_desired_snitch_value(
+                cluster.name, current_state, cluster_to_prometheus_mapping
+            )
+            for cluster in clusters
+            if cluster.enable_dead_mans_snitch
+        }
+        return desired_state
+
+    # get snitch in case snitch available for desired state cluster
+    # return new snitch object in case  of new cluster
+    def map_desired_snitch_value(
+        self,
+        cluster_name: str,
+        current_state: dict[str, Snitch],
+        cluster_to_prometheus_mapping: dict[str, str],
+    ) -> Snitch:
+        if (snitch := current_state.get(cluster_name)) is not None:
+            return snitch
+        return Snitch(
+            name=cluster_to_prometheus_mapping.get(cluster_name),
+            check_in_url="",
+            status="",
+            href="",
+            token="",
+            alert_email=self.settings.alert_mail_addresses,
+            alert_type=self.settings.alert_type,
+            interval=self.settings.interval,
+            tags=self.settings.tags,
+            notes=self.settings.notes_link,
+        )
+
+    def run(self, dry_run: bool) -> None:
+        # Initialize deadmanssnitch_api
+        token = self.secret_reader.read({
+            "path": self.settings.token_creds.path,
+            "field": self.settings.token_creds.field,
+        })
+        with DeadMansSnitchApi(token=token) as deadmanssnitch_api:
+            # desired state - get the  clusters having enableDeadMansSnitch field
+            clusters = get_clusters_with_dms()
+            # create a mapping between prometheus url without the https:// and cluster name
+            cluster_to_prometheus_mapping = {
+                cluster.name: cluster.prometheus_url.replace("https://", "")
+                for cluster in clusters
+            }
+            current_state = self.get_current_state(
+                deadmanssnitch_api,
+                clusters,
+                self.settings.snitches_path,
+                cluster_to_prometheus_mapping,
+            )
+            desired_state = self.get_desired_state(
+                clusters, current_state, cluster_to_prometheus_mapping
+            )
+            self.reconcile(dry_run, current_state, desired_state, deadmanssnitch_api)

reconcile/gql_definitions/common/app_interface_dms_settings.py

@@ -0,0 +1,86 @@
+"""
+Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+"""
+from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
+from datetime import datetime  # noqa: F401 # pylint: disable=W0611
+from enum import Enum  # noqa: F401 # pylint: disable=W0611
+from typing import (  # noqa: F401 # pylint: disable=W0611
+    Any,
+    Optional,
+    Union,
+)
+
+from pydantic import (  # noqa: F401 # pylint: disable=W0611
+    BaseModel,
+    Extra,
+    Field,
+    Json,
+)
+
+
+DEFINITION = """
+query DeadMansSnitchSettings {
+  settings: app_interface_settings_v1 {
+    deadMansSnitchSettings {
+      alertMailAddresses
+      notesLink
+      snitchesPath
+      tokenCreds {
+        path
+        field
+      }
+      tags
+      alertType
+      interval
+    }
+  }
+}
+"""
+
+
+class ConfiguredBaseModel(BaseModel):
+    class Config:
+        smart_union=True
+        extra=Extra.forbid
+
+
+class VaultSecretV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+    field: str = Field(..., alias="field")
+
+
+class DeadMansSnitchSettingsV1(ConfiguredBaseModel):
+    alert_mail_addresses: list[str] = Field(..., alias="alertMailAddresses")
+    notes_link: str = Field(..., alias="notesLink")
+    snitches_path: str = Field(..., alias="snitchesPath")
+    token_creds: VaultSecretV1 = Field(..., alias="tokenCreds")
+    tags: list[str] = Field(..., alias="tags")
+    alert_type: str = Field(..., alias="alertType")
+    interval: str = Field(..., alias="interval")
+
+
+class AppInterfaceSettingsV1(ConfiguredBaseModel):
+    dead_mans_snitch_settings: Optional[DeadMansSnitchSettingsV1] = Field(..., alias="deadMansSnitchSettings")
+
+
+class DeadMansSnitchSettingsQueryData(ConfiguredBaseModel):
+    settings: Optional[list[AppInterfaceSettingsV1]] = Field(..., alias="settings")
+
+
+def query(query_func: Callable, **kwargs: Any) -> DeadMansSnitchSettingsQueryData:
+    """
+    This is a convenience function which queries and parses the data into
+    concrete types. It should be compatible with most GQL clients.
+    You do not have to use it to consume the generated data classes.
+    Alternatively, you can also mime and alternate the behavior
+    of this function in the caller.
+
+    Parameters:
+        query_func (Callable): Function which queries your GQL Server
+        kwargs: optional arguments that will be passed to the query function
+
+    Returns:
+        DeadMansSnitchSettingsQueryData: queried data parsed into generated classes
+    """
+    raw_data: dict[Any, Any] = query_func(DEFINITION, **kwargs)
+    return DeadMansSnitchSettingsQueryData(**raw_data)

reconcile/gql_definitions/common/clusters_with_dms.py

@@ -0,0 +1,72 @@
+"""
+Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+"""
+from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
+from datetime import datetime  # noqa: F401 # pylint: disable=W0611
+from enum import Enum  # noqa: F401 # pylint: disable=W0611
+from typing import (  # noqa: F401 # pylint: disable=W0611
+    Any,
+    Optional,
+    Union,
+)
+
+from pydantic import (  # noqa: F401 # pylint: disable=W0611
+    BaseModel,
+    Extra,
+    Field,
+    Json,
+)
+
+
+DEFINITION = """
+query ClustersWithMonitoring($filter: JSON){
+  clusters: clusters_v1(filter: $filter) {
+    name
+    serverUrl
+    consoleUrl
+    alertmanagerUrl
+    prometheusUrl
+    managedClusterRoles
+    enableDeadMansSnitch
+  }
+}
+"""
+
+
+class ConfiguredBaseModel(BaseModel):
+    class Config:
+        smart_union=True
+        extra=Extra.forbid
+
+
+class ClusterV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+    server_url: str = Field(..., alias="serverUrl")
+    console_url: str = Field(..., alias="consoleUrl")
+    alertmanager_url: str = Field(..., alias="alertmanagerUrl")
+    prometheus_url: str = Field(..., alias="prometheusUrl")
+    managed_cluster_roles: Optional[bool] = Field(..., alias="managedClusterRoles")
+    enable_dead_mans_snitch: Optional[bool] = Field(..., alias="enableDeadMansSnitch")
+
+
+class ClustersWithMonitoringQueryData(ConfiguredBaseModel):
+    clusters: Optional[list[ClusterV1]] = Field(..., alias="clusters")
+
+
+def query(query_func: Callable, **kwargs: Any) -> ClustersWithMonitoringQueryData:
+    """
+    This is a convenience function which queries and parses the data into
+    concrete types. It should be compatible with most GQL clients.
+    You do not have to use it to consume the generated data classes.
+    Alternatively, you can also mime and alternate the behavior
+    of this function in the caller.
+
+    Parameters:
+        query_func (Callable): Function which queries your GQL Server
+        kwargs: optional arguments that will be passed to the query function
+
+    Returns:
+        ClustersWithMonitoringQueryData: queried data parsed into generated classes
+    """
+    raw_data: dict[Any, Any] = query_func(DEFINITION, **kwargs)
+    return ClustersWithMonitoringQueryData(**raw_data)

reconcile/test/test_deadmanssnitch.py

@@ -0,0 +1,279 @@
+from unittest.mock import MagicMock, create_autospec
+
+import pytest
+from pytest_mock import MockerFixture
+
+from reconcile.deadmanssnitch import (
+    DeadMansSnitchIntegration,
+)
+from reconcile.gql_definitions.common.app_interface_dms_settings import (
+    DeadMansSnitchSettingsV1,
+    VaultSecretV1,
+)
+from reconcile.gql_definitions.common.clusters_with_dms import (
+    ClusterV1,
+)
+from reconcile.utils.deadmanssnitch_api import (
+    DeadMansSnitchApi,
+    Snitch,
+)
+
+
+@pytest.fixture
+def deadmanssnitch_api() -> MockerFixture:
+    return create_autospec(DeadMansSnitchApi)
+
+
+@pytest.fixture
+def deadmanssnitch_settings() -> DeadMansSnitchSettingsV1:
+    settings = DeadMansSnitchSettingsV1(
+        alertMailAddresses=["test_email"],
+        notesLink="test_link",
+        snitchesPath="test_snitches_path",
+        tokenCreds=VaultSecretV1(path="test_path", field="test_field"),
+        tags=["test-tags"],
+        alertType="Heartbeat",
+        interval="15_minute",
+    )
+    return settings
+
+
+@pytest.fixture
+def vault_mock(mocker: MockerFixture) -> MockerFixture:
+    return mocker.patch("reconcile.utils.vault._VaultClient")
+
+
+@pytest.fixture
+def secret_reader(mocker: MockerFixture) -> MockerFixture:
+    mock_secretreader = mocker.patch(
+        "reconcile.utils.secret_reader.SecretReader", autospec=True
+    )
+    mock_secretreader.read.return_value = "secret"
+    mock_secretreader.read_secret.return_value = "secret"
+    return mock_secretreader
+
+
+def test_get_current_state(
+    secret_reader: MagicMock,
+    deadmanssnitch_api: MockerFixture,
+    mocker: MockerFixture,
+    deadmanssnitch_settings: DeadMansSnitchSettingsV1,
+) -> None:
+    deadmanssnitch_api.get_snitches.return_value = [
+        Snitch(
+            name="prometheus.test_cluster_1.net",
+            token="test",
+            href="testc",
+            status="healthy",
+            alert_type="basic",
+            alert_email=["test_mail"],
+            interval="15_minute",
+            check_in_url="test_url",
+            tags=["app-sre"],
+            notes="test_notes",
+        )
+    ]
+    clusters = [
+        ClusterV1(
+            name="test_cluster_1",
+            serverUrl="testurl",
+            consoleUrl="test_c_url",
+            alertmanagerUrl="test_alert_manager",
+            managedClusterRoles=True,
+            prometheusUrl="https://prometheus.test_cluster_1.net",
+            enableDeadMansSnitch=True,
+        ),
+        ClusterV1(
+            name="test_cluster_2",
+            serverUrl="testurl",
+            consoleUrl="test_c_url",
+            alertmanagerUrl="test_alert_manager",
+            managedClusterRoles=True,
+            prometheusUrl="https://prometheus.test_cluster_2.net",
+            enableDeadMansSnitch=True,
+        ),
+    ]
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
+    ).return_value = None
+    dms_integration = DeadMansSnitchIntegration()
+    dms_integration._secret_reader = secret_reader
+    dms_integration.settings = deadmanssnitch_settings
+    current_state = dms_integration.get_current_state(
+        deadmanssnitch_api=deadmanssnitch_api,
+        clusters=clusters,
+        snitch_secret_path="test_path",
+        cluster_to_prometheus_mapping={
+            "test_cluster_1": "prometheus.test_cluster_1.net",
+            "test_cluster_2": "https://prometheus.test_cluster_2.net",
+        },
+    )
+    assert current_state["test_cluster_1"].vault_data == "secret"
+
+
+def test_integration_for_create(
+    vault_mock: MagicMock,
+    deadmanssnitch_settings: DeadMansSnitchSettingsV1,
+    mocker: MockerFixture,
+    secret_reader: MagicMock,
+) -> None:
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
+    ).return_value = None
+    dms_integration = DeadMansSnitchIntegration()
+    dms_integration._secret_reader = secret_reader
+    dms_integration.settings = deadmanssnitch_settings
+    dms_integration.vault_client = vault_mock
+    mocker.patch("reconcile.deadmanssnitch.get_clusters_with_dms").return_value = [
+        ClusterV1(
+            name="create_cluster",
+            prometheusUrl="https://prometheus.create_cluster.devshift.net",
+            enableDeadMansSnitch=True,
+            alertmanagerUrl="alertmanager.create_cluster.devshift.net",
+            managedClusterRoles=True,
+            serverUrl="testurl",
+            consoleUrl="test_console",
+        )
+    ]
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchApi.get_snitches"
+    ).return_value = []
+    mock_create_snitch = mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.create_snitch"
+    )
+    mock_create_snitch.return_value = None
+    dms_integration.run(dry_run=False)
+    mock_create_snitch.assert_called_once()
+
+
+def test_integration_for_delete(
+    deadmanssnitch_settings: DeadMansSnitchSettingsV1,
+    vault_mock: MagicMock,
+    mocker: MockerFixture,
+    secret_reader: MagicMock,
+) -> None:
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
+    ).return_value = None
+    dms_integration = DeadMansSnitchIntegration()
+    dms_integration._secret_reader = secret_reader
+    dms_integration.settings = deadmanssnitch_settings
+    dms_integration.vault_client = vault_mock
+    mocker.patch("reconcile.deadmanssnitch.get_clusters_with_dms").return_value = [
+        ClusterV1(
+            name="create_cluster",
+            prometheusUrl="https://prometheus.create_cluster.devshift.net",
+            enableDeadMansSnitch=False,
+            alertmanagerUrl="alertmanager.create_cluster.devshift.net",
+            managedClusterRoles=True,
+            serverUrl="testurl",
+            consoleUrl="test_console",
+        )
+    ]
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchApi.get_snitches"
+    ).return_value = [
+        Snitch(
+            name="prometheus.create_cluster.devshift.net",
+            token="test",
+            href="testc",
+            status="healthy",
+            alert_type="basic",
+            alert_email=["test_mail"],
+            interval="15_minute",
+            check_in_url="test_url",
+            tags=["app-sre"],
+            notes="test_notes",
+        )
+    ]
+    mock_delete_snitch = mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchApi.delete_snitch"
+    )
+    mock_delete_snitch.return_value = None
+    dms_integration.run(dry_run=False)
+    mock_delete_snitch.assert_called_once_with("test")
+
+
+def test_integration_for_update_vault(
+    deadmanssnitch_settings: DeadMansSnitchSettingsV1,
+    vault_mock: MagicMock,
+    mocker: MockerFixture,
+    secret_reader: MagicMock,
+) -> None:
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
+    ).return_value = None
+    dms_integration = DeadMansSnitchIntegration()
+    dms_integration._secret_reader = secret_reader
+    dms_integration.settings = deadmanssnitch_settings
+    dms_integration.vault_client = vault_mock
+    mocker.patch("reconcile.deadmanssnitch.get_clusters_with_dms").return_value = [
+        ClusterV1(
+            name="test_cluster",
+            prometheusUrl="https://prometheus.create_cluster.devshift.net",
+            enableDeadMansSnitch=True,
+            alertmanagerUrl="alertmanager.create_cluster.devshift.net",
+            managedClusterRoles=True,
+            serverUrl="testurl",
+            consoleUrl="test_console",
+        )
+    ]
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchApi.get_snitches"
+    ).return_value = [
+        Snitch(
+            name="prometheus.create_cluster.devshift.net",
+            token="test",
+            href="testc",
+            status="healthy",
+            alert_type="basic",
+            alert_email=["test_mail"],
+            interval="15_minute",
+            check_in_url="test_url",
+            tags=["app-sre"],
+            notes="test_notes",
+        )
+    ]
+    dms_integration.run(dry_run=False)
+    vault_mock.write.assert_called_once_with(
+        {
+            "path": deadmanssnitch_settings.snitches_path,
+            "data": {"deadmanssnitch-test_cluster-url": "test_url"},
+        },
+        decode_base64=False,
+    )
+
+
+def test_integration_while_failed(
+    deadmanssnitch_settings: DeadMansSnitchSettingsV1,
+    vault_mock: MagicMock,
+    mocker: MockerFixture,
+    secret_reader: MagicMock,
+) -> None:
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
+    ).return_value = None
+    dms_integration = DeadMansSnitchIntegration()
+    dms_integration._secret_reader = secret_reader
+    dms_integration.settings = deadmanssnitch_settings
+    dms_integration.vault_client = vault_mock
+    mocker.patch("reconcile.deadmanssnitch.get_clusters_with_dms").return_value = [
+        ClusterV1(
+            name="create_cluster",
+            prometheusUrl="https://prometheus.create_cluster.devshift.net",
+            enableDeadMansSnitch=True,
+            alertmanagerUrl="alertmanager.create_cluster.devshift.net",
+            managedClusterRoles=True,
+            serverUrl="testurl",
+            consoleUrl="test_console",
+        )
+    ]
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchApi.get_snitches"
+    ).return_value = []
+    mocker.patch(
+        "reconcile.deadmanssnitch.DeadMansSnitchIntegration.create_snitch",
+        side_effect=Exception("mock vault"),
+    )
+    with pytest.raises(ExceptionGroup):
+        dms_integration.run(dry_run=False)

reconcile/typed_queries/app_interface_deadmanssnitch_settings.py

@@ -0,0 +1,19 @@
+from typing import Optional
+
+from reconcile.gql_definitions.common.app_interface_dms_settings import (
+    DeadMansSnitchSettingsV1,
+    query,
+)
+from reconcile.utils import gql
+from reconcile.utils.exceptions import AppInterfaceSettingsError
+from reconcile.utils.gql import GqlApi
+
+
+def get_deadmanssnitch_settings(
+    gql_api: Optional[GqlApi] = None,
+) -> DeadMansSnitchSettingsV1:
+    api = gql_api if gql_api else gql.get_api()
+    data = query(query_func=api.query)
+    if data.settings and data.settings[0].dead_mans_snitch_settings is not None:
+        return data.settings[0].dead_mans_snitch_settings
+    raise AppInterfaceSettingsError("deadmanssnitch settings missing")

reconcile/typed_queries/clusters_with_dms.py

@@ -0,0 +1,18 @@
+from typing import Optional
+
+from reconcile.gql_definitions.common.clusters_with_dms import (
+    ClusterV1,
+    query,
+)
+from reconcile.utils import gql
+from reconcile.utils.gql import GqlApi
+
+
+def get_clusters_with_dms(
+    gql_api: Optional[GqlApi] = None,
+) -> list[ClusterV1]:
+    # get the clusters containing the filed enableDeadMansSnitch
+    variable = {"filter": {"enableDeadMansSnitch": {"ne": None}}}
+    api = gql_api if gql_api else gql.get_api()
+    data = query(query_func=api.query, variables=variable)
+    return data.clusters or []

reconcile/utils/deadmanssnitch_api.py

@@ -0,0 +1,85 @@
+import logging
+from typing import (
+    Any,
+    Optional,
+    Self,
+)
+
+import requests
+from pydantic import BaseModel
+
+BASE_URL = "https://api.deadmanssnitch.com/v1/snitches"
+REQUEST_TIMEOUT = 60
+
+
+class DeadManssnitchException(Exception):
+    pass
+
+
+class Snitch(BaseModel):
+    token: str
+    href: str
+    name: str
+    tags: list[str]
+    notes: str
+    status: str
+    check_in_url: str
+    interval: str
+    alert_type: str
+    alert_email: list[str]
+    vault_data: Optional[str]
+
+    def needs_vault_update(self) -> bool:
+        return self.vault_data is not None and self.check_in_url != self.vault_data
+
+
+class DeadMansSnitchApi:
+    def __init__(
+        self, token: str, url: str = BASE_URL, timeout: int = REQUEST_TIMEOUT
+    ) -> None:
+        self.token = token
+        self.url = url
+        self.timeout = timeout
+        self.session = requests.Session()
+
+    def __enter__(self) -> Self:
+        return self
+
+    def __exit__(self, exc_type: Any, exc_value: Any, traceback: Any) -> None:
+        self.session.close()
+
+    def get_snitches(self, tags: list[str]) -> list[Snitch]:
+        full_url = f"{self.url}?tags={','.join(tags)}"
+        logging.debug("Getting snitches for tags:%s", tags)
+        response = self.session.get(
+            url=full_url, auth=(self.token, ""), timeout=self.timeout
+        )
+        response.raise_for_status()
+        snitches = [Snitch(**item) for item in response.json()]
+        return snitches
+
+    def create_snitch(self, payload: dict) -> Snitch:
+        if payload.get("name") is None or payload.get("interval") is None:
+            raise DeadManssnitchException(
+                "Invalid payload,name and interval are mandatory"
+            )
+        headers = {"Content-Type": "application/json"}
+        logging.debug("Creating new snitch with name:: %s ", payload["name"])
+        response = self.session.post(
+            url=self.url,
+            json=payload,
+            auth=(self.token, ""),
+            headers=headers,
+            timeout=self.timeout,
+        )
+        response.raise_for_status()
+        response_json = response.json()
+        return Snitch(**response_json)
+
+    def delete_snitch(self, token: str) -> None:
+        delete_api_url = f"{self.url}/{token}"
+        response = self.session.delete(
+            url=delete_api_url, auth=(self.token, ""), timeout=self.timeout
+        )
+        response.raise_for_status()
+        logging.debug("Successfully deleted snich: %s", token)