qontract-reconcile 0.10.1rc711__py3-none-any.whl → 0.10.1rc712__py3-none-any.whl

{qontract_reconcile-0.10.1rc711.dist-info → qontract_reconcile-0.10.1rc712.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc711
+Version: 0.10.1rc712
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc711.dist-info → qontract_reconcile-0.10.1rc712.dist-info}/RECORD

@@ -18,7 +18,7 @@ reconcile/dashdotdb_dora.py,sha256=n9EJXhxCoMYuldj4Fa5s0TqfiiolSrqDEOCaLBV3uag,1
 reconcile/dashdotdb_dvo.py,sha256=YXqpI6fBQAql-ybGI0grj9gWMzmKiAvPE__pNju6obk,8996
 reconcile/dashdotdb_slo.py,sha256=bf1WSh5JP9obHVQsMy0OO71_VTYZgwAopElFZM6DmRo,6714
 reconcile/database_access_manager.py,sha256=42dBJyihdwx4WjEBjwi3lUiDzQ1t_2ZFViJri2c4_aE,25716
-reconcile/deadmanssnitch.py,sha256=ET4gUX1WvmWsILI10GgcPDOuJL2f3bDwwvKORWvyFhc,7339
+reconcile/deadmanssnitch.py,sha256=n-5W-djUgwzpmdDM4eQIZpkkDmHY0vndt-42LJXI4Y8,7491
 reconcile/dynatrace_token_provider.py,sha256=P5jvMavremWp64LVknz1kCZI4aagwLrDDfXkmJ9diwY,17212
 reconcile/email_sender.py,sha256=-5L-Ag_jaEYSzYRoMr52KQBRXz1E8yx9GqLbg2X4XFU,3533
 reconcile/gabi_authorized_users.py,sha256=9kpSJGyMe_qYVHIgTFHhYf8E3lKSLO0Ia1WwK9ADNIE,4502
@@ -440,7 +440,7 @@ reconcile/test/test_cli.py,sha256=qx_iBwh4Z-YkK3sbjK1wEziPTgn060EN-baf9DNvR3k,10
 reconcile/test/test_closedbox_endpoint_monitoring.py,sha256=isMHYwRWMFARU2nbJgbl69kD6H0eA86noCM4MPVI1fo,7151
 reconcile/test/test_dashdotdb_dora.py,sha256=MfHGAsX2eSQSvBVt9_1Sah3aQKNJBXA9Iu86X0NWD6c,7705
 reconcile/test/test_database_access_manager.py,sha256=-9fYo8wMNhbJUTK_bd7g_fS5zYsAlqQ0rBDDYBMZvZQ,19595
-reconcile/test/test_deadmanssnitch.py,sha256=3AiarCKkSPU1cEkVwooglwU3sQgDifMAiXuJb1P9_vI,9220
+reconcile/test/test_deadmanssnitch.py,sha256=qtn1zwWgIQYw5JULLPvDLaj0GWiecYnvky0HcuETjdo,9843
 reconcile/test/test_gabi_authorized_users.py,sha256=6XnV5Q9inxP81ktGMVKyWucjBTUj8Imy2L0HG3YHyUE,2496
 reconcile/test/test_gcr_mirror.py,sha256=A0y8auKZzr62-mGoxSQ__JnN0-ijZUltzjwR5miBgso,490
 reconcile/test/test_github_org.py,sha256=j3KeB4OnSln1gm2hidce49xdMru-j75NS3cM-AEgzZc,4511
@@ -764,8 +764,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=UEwAW7PA_GIrbqzaLxpkCxbuVjEFLNvnVG-6VyoCGIc,4147
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc711.dist-info/METADATA,sha256=C66Bft6HzT9sQVAcNyckeGBHPW2gAhwMv7dGVxGcF_Y,2382
-qontract_reconcile-0.10.1rc711.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc711.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
-qontract_reconcile-0.10.1rc711.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc711.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc712.dist-info/METADATA,sha256=MeTu0tcuNA_jlvS3yM5lz9s0oR5AQtaXj5SbIG8_qjk,2382
+qontract_reconcile-0.10.1rc712.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc712.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
+qontract_reconcile-0.10.1rc712.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc712.dist-info/RECORD,,

reconcile/deadmanssnitch.py

@@ -1,6 +1,5 @@
 import logging
 from typing import (
-    Optional,
     cast,
 )
 
@@ -20,12 +19,8 @@ from reconcile.utils.runtime.integration import (
     NoParams,
     QontractReconcileIntegration,
 )
-from reconcile.utils.secret_reader import (
-    SecretNotFound,
-)
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.vault import (
-    SecretFieldNotFound,
     VaultClient,
     _VaultClient,
 )
@@ -62,37 +57,24 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
     def get_snitch_name(cluster: ClusterV1) -> str:
         return cluster.prometheus_url.replace("https://", "")
 
-    def write_snitch_to_vault(
-        self, cluster_name: str, snitch_url: Optional[str]
-    ) -> None:
-        if snitch_url:
-            self.vault_client.write(
-                {
-                    "path": self.settings.snitches_path,
-                    "data": {f"deadmanssnitch-{cluster_name}-url": snitch_url},
-                },
-                decode_base64=False,
-            )
+    @staticmethod
+    def get_vault_key(cluster_name: str) -> str:
+        return f"deadmanssnitch-{cluster_name}-url"
 
     def add_vault_data(
-        self, cluster_name: str, snitch: Snitch, snitch_secret_path: str
+        self, cluster_name: str, snitch: Snitch, vault_snitch_map: dict[str, str]
     ) -> Snitch:
-        try:
-            full_secret_path = {
-                "path": snitch_secret_path,
-                "field": f"deadmanssnitch-{cluster_name}-url",
-            }
-            snitch.vault_data = self.secret_reader.read(full_secret_path).strip()
-        except (SecretNotFound, SecretFieldNotFound):
+        if snitch_url := vault_snitch_map.get(self.get_vault_key(cluster_name)):
+            snitch.vault_data = snitch_url
+        else:
             snitch.vault_data = SECRET_NOT_FOUND
         return snitch
 
     def create_snitch(
         self,
-        cluster_name: str,
         snitch_spec: SnitchSpec,
         deadmanssnitch_api: DeadMansSnitchApi,
-    ) -> None:
+    ) -> Snitch:
         payload = {
             "name": snitch_spec.name,
             "alert_type": snitch_spec.alert_type,
@@ -102,9 +84,7 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
             "notes": snitch_spec.notes,
         }
         snitch_data = deadmanssnitch_api.create_snitch(payload=payload)
-        self.write_snitch_to_vault(
-            cluster_name=cluster_name, snitch_url=snitch_data.check_in_url
-        )
+        return snitch_data
 
     def reconcile(
         self,
@@ -112,6 +92,7 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
         current_state: dict[str, Snitch],
         desired_state: dict[str, SnitchSpec],
         deadmanssnitch_api: DeadMansSnitchApi,
+        vault_snitch_map: dict[str, str],
     ) -> None:
         diffs = diff_mappings(
             current=current_state,
@@ -119,11 +100,15 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
             equal=lambda current, desired: current.name == desired.name,
         )
         errors = []
+        vault_snitch_map_copy = vault_snitch_map.copy()
         for cluster_name, snitch in diffs.add.items():
             logging.info("[cluster_name:%s] [Action:create_snitch]", cluster_name)
             if not dry_run:
                 try:
-                    self.create_snitch(cluster_name, snitch, deadmanssnitch_api)
+                    snitch_data = self.create_snitch(snitch, deadmanssnitch_api)
+                    vault_snitch_map_copy[self.get_vault_key(cluster_name)] = (
+                        snitch_data.check_in_url
+                    )
                 except Exception as e:
                     errors.append(e)
         for cluster_name, snitch_value in diffs.delete.items():
@@ -136,14 +121,23 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
         for cluster_name, diff_pair in diffs.identical.items():
             if diff_pair.current.needs_vault_update():
                 logging.info("[cluster_name:%s] [Action:update_vault]", cluster_name)
-                if not dry_run:
-                    try:
-                        self.write_snitch_to_vault(
-                            cluster_name=cluster_name,
-                            snitch_url=diff_pair.current.check_in_url,
-                        )
-                    except Exception as e:
-                        errors.append(e)
+                vault_snitch_map_copy[self.get_vault_key(cluster_name)] = (
+                    diff_pair.current.check_in_url
+                )
+
+        # write to vault in case there is change in secret i.e in case of creation/update
+        if vault_snitch_map != vault_snitch_map_copy and not dry_run:
+            try:
+                self.vault_client.write(
+                    {
+                        "path": self.settings.snitches_path,
+                        "data": vault_snitch_map_copy,
+                    },
+                    decode_base64=False,
+                )
+            except Exception as e:
+                errors.append(e)
+
         if errors:
             raise ExceptionGroup("Errors occurred while reconcile", errors)
 
@@ -151,6 +145,7 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
         self,
         deadmanssnitch_api: DeadMansSnitchApi,
         clusters: list[ClusterV1],
+        vault_snitch_map: dict[str, str],
     ) -> dict[str, Snitch]:
         snitch_name_to_cluster_name_mapping = {
             self.get_snitch_name(cluster): cluster.name for cluster in clusters
@@ -159,9 +154,7 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
         snitches = deadmanssnitch_api.get_snitches(tags=self.settings.tags)
         # create snitch_map only for  the desired clusters
         current_state = {
-            cluster_name: self.add_vault_data(
-                cluster_name, snitch, self.settings.snitches_path
-            )
+            cluster_name: self.add_vault_data(cluster_name, snitch, vault_snitch_map)
             for snitch in snitches
             if (cluster_name := snitch_name_to_cluster_name_mapping.get(snitch.name))
         }
@@ -191,6 +184,10 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
             "path": self.settings.token_creds.path,
             "field": self.settings.token_creds.field,
         })
+        # get all snitch secrets from vault
+        vault_snitch_map = self.secret_reader.read_all({
+            "path": self.settings.snitches_path
+        })
         with DeadMansSnitchApi(token=token) as deadmanssnitch_api:
             # desired state - get the  clusters having enableDeadMansSnitch field
             clusters = get_clusters_with_dms()
@@ -199,10 +196,12 @@ class DeadMansSnitchIntegration(QontractReconcileIntegration[NoParams]):
             current_state = self.get_current_state(
                 deadmanssnitch_api,
                 clusters,
+                vault_snitch_map,
             )
             self.reconcile(
                 dry_run,
                 current_state=current_state,
                 desired_state=desired_state,
                 deadmanssnitch_api=deadmanssnitch_api,
+                vault_snitch_map=vault_snitch_map,
             )

reconcile/test/test_deadmanssnitch.py

@@ -102,6 +102,7 @@ def test_get_current_state(
     current_state = dms_integration.get_current_state(
         deadmanssnitch_api=deadmanssnitch_api,
         clusters=clusters,
+        vault_snitch_map={"deadmanssnitch-test_cluster_1-url": "secret"},
     )
     assert current_state["test_cluster_1"].vault_data == "secret"
 
@@ -116,6 +117,7 @@ def test_integration_for_create(
         "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
     ).return_value = None
     dms_integration = DeadMansSnitchIntegration()
+    secret_reader.read_all.return_value = {}
     dms_integration._secret_reader = secret_reader
     dms_integration.settings = deadmanssnitch_settings
     dms_integration.vault_client = vault_mock
@@ -136,7 +138,18 @@ def test_integration_for_create(
     mock_create_snitch = mocker.patch(
         "reconcile.deadmanssnitch.DeadMansSnitchIntegration.create_snitch"
     )
-    mock_create_snitch.return_value = None
+    mock_create_snitch.return_value = Snitch(
+        name="prometheus.create_cluster.devshift.net",
+        token="test",
+        href="testc",
+        status="healthy",
+        alert_type="basic",
+        alert_email=["test_mail"],
+        interval="15_minute",
+        check_in_url="test_url",
+        tags=["app-sre"],
+        notes="test_notes",
+    )
     dms_integration.run(dry_run=False)
     mock_create_snitch.assert_called_once()
 
@@ -151,6 +164,7 @@ def test_integration_for_delete(
         "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
     ).return_value = None
     dms_integration = DeadMansSnitchIntegration()
+    secret_reader.read_all.return_value = {"deadmanssnitch-create_cluster-url": "test"}
     dms_integration._secret_reader = secret_reader
     dms_integration.settings = deadmanssnitch_settings
     dms_integration.vault_client = vault_mock
@@ -199,6 +213,7 @@ def test_integration_for_update_vault(
         "reconcile.deadmanssnitch.DeadMansSnitchIntegration.__init__"
     ).return_value = None
     dms_integration = DeadMansSnitchIntegration()
+    secret_reader.read_all.return_value = {"deadmanssnitch-test_cluster-url": "test"}
     dms_integration._secret_reader = secret_reader
     dms_integration.settings = deadmanssnitch_settings
     dms_integration.vault_client = vault_mock
@@ -230,10 +245,11 @@ def test_integration_for_update_vault(
         )
     ]
     dms_integration.run(dry_run=False)
+    data = {"deadmanssnitch-test_cluster-url": "test_url"}
     vault_mock.write.assert_called_once_with(
         {
             "path": deadmanssnitch_settings.snitches_path,
-            "data": {"deadmanssnitch-test_cluster-url": "test_url"},
+            "data": data,
         },
         decode_base64=False,
     )