PyPI - qontract-reconcile - Versions diffs - 0.10.1rc734__py3-none-any.whl → 0.10.1rc736__py3-none-any.whl - Mend

qontract-reconcile 0.10.1rc734py3-none-any.whl → 0.10.1rc736py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

{qontract_reconcile-0.10.1rc734.dist-info → qontract_reconcile-0.10.1rc736.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc734
+Version: 0.10.1rc736
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc734.dist-info → qontract_reconcile-0.10.1rc736.dist-info}/RECORD RENAMED Viewed

@@ -1,4 +1,5 @@
 reconcile/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/acs_notifiers.py,sha256=1UBRTGsLrMUxpgm3WGceNyCmY9MZwUht4t26eIMWOLU,5589
 reconcile/acs_policies.py,sha256=1iRYmMdz0YtqyQgA9O0uGQdmMKUCCe-ApRa6LIEAdps,8769
 reconcile/acs_rbac.py,sha256=JEDevU4AdhTjMW-fAnNG3iw6Od5tYxGuYSirmu9KurI,22657
 reconcile/aws_ami_share.py,sha256=eeu0TI3M5yyUaozyAq_aW3tir-9be4YFguOXvIvKHSo,3757
@@ -9,7 +10,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=lAZ68_w6IcvXfB6C8D97DtdRlpodqjrCGLLYGvRUkSs,96887
+reconcile/cli.py,sha256=XBUVgDXU9vIUWu4F3qkNN39FlMH7XN8kaGjzfShPWGM,97162
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -185,7 +186,7 @@ reconcile/glitchtip_project_dsn/integration.py,sha256=qt2a33FOUUlCyonSHm3nUb7pNX
 reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
-reconcile/gql_definitions/acs/acs_policies.py,sha256=Z6Z7duvS9W4cbciBED4oK40Vg9QyYti3zXvoEXM-fak,4422
+reconcile/gql_definitions/acs/acs_policies.py,sha256=negfb87RDVH7WT1qiouD8ywfgH4Iumsv9Q2bf9rbjcA,7089
 reconcile/gql_definitions/acs/acs_rbac.py,sha256=cZsIlCWliPQdQHgmBsIMx54fJNOtkdRXLzmOKZmJNHk,3009
 reconcile/gql_definitions/advanced_upgrade_service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py,sha256=zrZCHaxkffdX2bvFUt1Hd_czViI3v3FPhZz5vJQ73jI,4301
@@ -285,6 +286,8 @@ reconcile/gql_definitions/integrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JC
 reconcile/gql_definitions/integrations/integrations.py,sha256=LfpgVbCCCk20ohwP5pDea5fwxMFGrcgE6J_WHBuGqek,11595
 reconcile/gql_definitions/jenkins_configs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/jenkins_configs/jenkins_configs.py,sha256=0nMkH0G-AjQwu53fqHykth6X6jjbHdW2hBp5n7N-r24,2766
+reconcile/gql_definitions/jira/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reconcile/gql_definitions/jira/jira_servers.py,sha256=i8_P30m-r5Ek6TMgZpqN9fSChDcOf9nLkWD966CXdNw,2102
 reconcile/gql_definitions/jira_permissions_validator/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py,sha256=7p-GA-dGeuouUcAvOIMBbgGJJtIXPG5Jx4n024to97M,3856
 reconcile/gql_definitions/jumphosts/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -328,8 +331,8 @@ reconcile/gql_definitions/status_board/status_board.py,sha256=vHEzncabujkqbjJ-ib
 reconcile/gql_definitions/statuspage/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/statuspage/statuspages.py,sha256=gxDb42H93nwtBg7oFRb6Gk9pbAZpsWk_y4Y0s3_g3nE,3520
 reconcile/gql_definitions/templating/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/gql_definitions/templating/template_collection.py,sha256=QYqEsy8BBdX9GK4SuOdSe_hqOHK4IHNz9eJ5P2f4TRQ,3007
-reconcile/gql_definitions/templating/templates.py,sha256=ujPPFZm9BbkRrxkcR7ZyReDYfFem4uxONYoPuzgiBTc,2735
+reconcile/gql_definitions/templating/template_collection.py,sha256=lS0vzEKV2ZrzOqOEriqpy0yBgKjb2Ftrzgx6PIH46_4,3310
+reconcile/gql_definitions/templating/templates.py,sha256=ejAvQ13zfNMQTz3FWtRUic6dSvio3aAgBKEqt600hbk,2821
 reconcile/gql_definitions/terraform_cloudflare_dns/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py,sha256=eyGX9HcTF6MZbOYZ6Kl6Mg3k6nJTUtwqs9gDxBP_8Dk,1920
 reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py,sha256=uVZYu5EUcvdAQYBK5YKD0mjoMKDb5inSuCJrrOD5KpE,5704
@@ -416,16 +419,17 @@ reconcile/templates/jira-checkpoint-missinginfo.j2,sha256=c_Vvg-lEENsB3tgxm9B6Y9
 reconcile/templates/rosa-classic-cluster-creation.sh.j2,sha256=0UHfYtXRVJqP07VJQx456cRI6EbZNBgamtP_8nb4WPY,2353
 reconcile/templates/rosa-hcp-cluster-creation.sh.j2,sha256=O7Bf3WQIJhsZoEqaYA0wRktUO4yXXCb4BQkuvvp-C80,2385
 reconcile/templating/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/templating/renderer.py,sha256=JUUzXGXzhcq-bhj81se7lLWgVfrUIEpO5vh6JgppbrI,10178
-reconcile/templating/validator.py,sha256=QGH2VSk7sVBuojhk9quRAbj_XBykHN-KZ53DbEneUJs,4391
+reconcile/templating/renderer.py,sha256=2FWbnefT2siozQpXXkuvVKUo6cePMqLY4BMYpqXg6xM,10652
+reconcile/templating/validator.py,sha256=pvDEc6veznEZzjypkoRJUGMMFLWosU-zd7i3j7JeNjE,4670
 reconcile/templating/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/templating/lib/merge_request_manager.py,sha256=El3ufdVjHP4EW-LztX7zPiI9syJBJ6ETGRmiM9K4Nqw,5112
-reconcile/templating/lib/model.py,sha256=TYiH2xL63awd30U-fkZDLEzuxkLdUEgzJ913DEzpFoM,265
+reconcile/templating/lib/merge_request_manager.py,sha256=JUkfF3smaQ8onzKF5F7UpmA7MWaQpftANy6dDo1FCug,5464
+reconcile/templating/lib/model.py,sha256=fb6FYYLQjmoh2DjVKO7TEWCuDPf1Q34xmOx0M9Z07ek,324
 reconcile/templating/lib/rendering.py,sha256=_BVQ2gqip8K1AgLYfaTWh8NKJFTW6VjUZ6rBI_GH30E,5061
 reconcile/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/test/conftest.py,sha256=rQousYrxUz-EwAIbsYO6bIwR1B4CrOz9y_zaUVo2lfI,4466
 reconcile/test/fixtures.py,sha256=9SDWAUlSd1rCx7z3GhULHcpr-I6FyCsXxaFAZIqYQsQ,591
-reconcile/test/test_acs_policies.py,sha256=pffUzH4IHKuXntvGMi-iV0Epg4YsCBF2G2-R9nYIt40,15699
+reconcile/test/test_acs_notifiers.py,sha256=LIVXu7EBlfKh5CWgR5jcA0vJ4IhUtxkZM6-1im204rc,12865
+reconcile/test/test_acs_policies.py,sha256=9TPGbF4mS2B18S7ldibZrugztaTQvcrBFvzs5eXbN-E,19211
 reconcile/test/test_acs_rbac.py,sha256=lvNd8GY0-GHzcOdOn13QWdrqbBXXKzNT7EEDHNH7cjM,28272
 reconcile/test/test_aggregated_list.py,sha256=iiWitQuNYC58aimWaiBoE4NROHjr1NCgQ91MnHEG_Ro,6412
 reconcile/test/test_amtool.py,sha256=vxRhGieeydMBOb9UI2ziMHjJa8puMeGNsUhGhy-yMnk,1032
@@ -655,7 +659,8 @@ reconcile/utils/vault.py,sha256=S0eHqvZ9N3fya1E8YDaUffEvLk_fdtpzL4rvWn6f828,1499
 reconcile/utils/vaultsecretref.py,sha256=3Ed2uBy36TzSvL0B-l4FoWQqB2SbBKDKEuUPIO608Bo,931
 reconcile/utils/vcs.py,sha256=o1r0n_IrU2El75CED_6sjR2GZGM-exuWsj5F7jONaMU,6779
 reconcile/utils/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/utils/acs/base.py,sha256=8qZhCYteLCe3xSIeiNj-HXm6J0nBLFGBbZ7b7xXlA6I,2381
+reconcile/utils/acs/base.py,sha256=kjcxLGIMe8oLNFOxZ_bDcClFqGCL7Auwug5is0yNGbw,2555
+reconcile/utils/acs/notifiers.py,sha256=LfWw9LGq7hA90A69n8Ie9f-NozvCGdYwXEXRLIc17rY,3735
 reconcile/utils/acs/policies.py,sha256=_jAz6cv8KRYtDsXjGoJgNbD8_9PUa5LSwwVlpK4A_cQ,5505
 reconcile/utils/acs/rbac.py,sha256=ugsLM9Pb7FbUbdq85E3VzXGMaB9ZovXob7tdWCxwqZ8,8808
 reconcile/utils/aws_api_typed/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -765,8 +770,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=w2l4BHB09k1d-BGJ1jBUNCqDv7zkqYrMHojQXg-21kQ,4155
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc734.dist-info/METADATA,sha256=4yl8FRQHqk6s4yWQgBGblLVlgOJiOKeSuEo-S5mcl8I,2382
-qontract_reconcile-0.10.1rc734.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc734.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
-qontract_reconcile-0.10.1rc734.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc734.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc736.dist-info/METADATA,sha256=HGDJxGb77YYojenQNeOYhLfp3EOLLqkOwx8Tat8ONWA,2382
+qontract_reconcile-0.10.1rc736.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc736.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
+qontract_reconcile-0.10.1rc736.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc736.dist-info/RECORD,,

reconcile/acs_notifiers.py ADDED Viewed

@@ -0,0 +1,156 @@
+import logging
+from typing import Any
+import reconcile.gql_definitions.acs.acs_policies as gql_acs_policies
+from reconcile.gql_definitions.jira.jira_servers import (
+    JiraServerV1,
+)
+from reconcile.gql_definitions.jira.jira_servers import (
+    query as query_jira_servers,
+)
+from reconcile.utils import gql
+from reconcile.utils.acs.notifiers import (
+    AcsNotifiersApi,
+    JiraCredentials,
+    JiraNotifier,
+    SeverityPriorityMapping,
+)
+from reconcile.utils.differ import diff_iterables
+from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.runtime.integration import (
+    NoParams,
+    QontractReconcileIntegration,
+)
+from reconcile.utils.semver_helper import make_semver
+class AcsNotifiersIntegration(QontractReconcileIntegration[NoParams]):
+    def __init__(self) -> None:
+        super().__init__(NoParams())
+        self.qontract_integration = "acs-notifiers"
+        self.qontract_integration_version = make_semver(0, 1, 0)
+    @property
+    def name(self) -> str:
+        return self.qontract_integration
+    def _get_escalation_policies(
+        self, acs_policies: list[gql_acs_policies.AcsPolicyV1]
+    ) -> list[gql_acs_policies.AppEscalationPolicyV1]:
+        return list(
+            {
+                p.integrations.notifiers.jira.escalation_policy.name: p.integrations.notifiers.jira.escalation_policy
+                for p in acs_policies
+                if p.integrations
+                and p.integrations.notifiers
+                and p.integrations.notifiers.jira
+                and integration_is_enabled(
+                    self.qontract_integration,
+                    p.integrations.notifiers.jira.escalation_policy.channels.jira_board[
+                        0
+                    ],
+                )
+            }.values()
+        )
+    def _build_jira_notifier(
+        self, escalation_policy: gql_acs_policies.AppEscalationPolicyV1
+    ) -> JiraNotifier:
+        jira_board = escalation_policy.channels.jira_board[0]
+        custom_fields: dict[str, Any] = {}
+        if jira_board.issue_security_id:
+            custom_fields["security"] = {"id": jira_board.issue_security_id}
+        if escalation_policy.channels.jira_component:
+            custom_fields["components"] = [
+                {"name": escalation_policy.channels.jira_component}
+            ]
+        if escalation_policy.channels.jira_labels:
+            custom_fields["labels"] = escalation_policy.channels.jira_labels
+        item = JiraNotifier(
+            name=f"jira-{escalation_policy.name}",
+            board=jira_board.name,
+            url=jira_board.server.server_url,
+            issue_type=jira_board.issue_type or "Task",
+            severity_priority_mappings=sorted(
+                [
+                    SeverityPriorityMapping(**vars(sp))
+                    for sp in jira_board.severity_priority_mappings.mappings
+                ],
+                key=lambda m: m.severity,
+            ),
+            custom_fields=custom_fields,
+        )
+        return item
+    def get_desired_state(
+        self, acs_policies: list[gql_acs_policies.AcsPolicyV1]
+    ) -> list[JiraNotifier]:
+        return [
+            self._build_jira_notifier(ep)
+            for ep in self._get_escalation_policies(acs_policies)
+        ]
+    def get_jira_credentials(
+        self, jira_servers: list[JiraServerV1]
+    ) -> dict[str, JiraCredentials]:
+        return {
+            server.server_url: JiraCredentials(
+                url=server.server_url,
+                username=server.username,
+                token=self.secret_reader.read_secret(server.token),
+            )
+            for server in jira_servers
+        }
+    def reconcile(
+        self,
+        current_state: list[JiraNotifier],
+        desired_state: list[JiraNotifier],
+        acs_api: AcsNotifiersApi,
+        jira_credentials: dict[str, JiraCredentials],
+        dry_run: bool,
+    ) -> None:
+        diff = diff_iterables(
+            current=current_state, desired=desired_state, key=lambda x: x.name
+        )
+        for a in diff.add.values():
+            logging.info(f"Create Jira notifier: {a.name}")
+            if not dry_run:
+                acs_api.create_jira_notifier(
+                    a,
+                    jira_credentials=jira_credentials[a.url],
+                )
+        for c in diff.change.values():
+            logging.info(f"Update Jira notifier: {c.desired.name}")
+            if not dry_run:
+                acs_api.update_jira_notifier(
+                    c.desired,
+                    jira_credentials=jira_credentials[c.desired.url],
+                )
+        for d in diff.delete.values():
+            logging.info(f"Delete Jira notifier: {d.name}")
+            if not dry_run:
+                acs_api.delete_jira_notifier(d)
+    def run(
+        self,
+        dry_run: bool,
+    ) -> None:
+        gql_api_query = gql.get_api().query
+        jira_credentials = self.get_jira_credentials(
+            query_jira_servers(query_func=gql_api_query).jira_servers or []
+        )
+        desired_state = self.get_desired_state(
+            gql_acs_policies.query(query_func=gql_api_query).acs_policies or []
+        )
+        instance = AcsNotifiersApi.get_acs_instance(query_func=gql_api_query)
+        with AcsNotifiersApi(
+            url=instance.url, token=self.secret_reader.read_secret(instance.credentials)
+        ) as acs_api:
+            current_state = acs_api.get_jira_notifiers()
+            self.reconcile(
+                desired_state, current_state, acs_api, jira_credentials, dry_run
+            )

reconcile/cli.py CHANGED Viewed

@@ -3441,6 +3441,17 @@ def acs_policies(ctx):
     )
+@integration.command(short_help="Manages RHACS notifier configurations")
+@click.pass_context
+def acs_notifiers(ctx):
+    from reconcile import acs_notifiers
+    run_class_integration(
+        integration=acs_notifiers.AcsNotifiersIntegration(),
+        ctx=ctx.obj,
+    )
 @integration.command(short_help="Automate Deadmanssnitch Creation/Deletion")
 @click.pass_context
 def deadmanssnitch(ctx):

reconcile/gql_definitions/acs/acs_policies.py CHANGED Viewed

@@ -25,6 +25,37 @@ query AcsPolicy {
     description
     severity
     notifiers
+    integrations {
+      notifiers {
+        jira {
+          escalationPolicy {
+            name
+            channels {
+              jiraBoard {
+                name
+                server {
+                  serverUrl
+                }
+                severityPriorityMappings {
+                  name
+                  mappings {
+                    severity
+                    priority
+                  }
+                }
+                issueType
+                issueSecurityId
+                disable {
+                  integrations
+                }
+              }
+              jiraComponent
+              jiraLabels
+            }
+          }
+        }
+      }
+    }
     categories
     scope {
       level
@@ -74,6 +105,56 @@ class ConfiguredBaseModel(BaseModel):
         extra=Extra.forbid
+class JiraServerV1(ConfiguredBaseModel):
+    server_url: str = Field(..., alias="serverUrl")
+class SeverityPriorityMappingV1(ConfiguredBaseModel):
+    severity: str = Field(..., alias="severity")
+    priority: str = Field(..., alias="priority")
+class JiraSeverityPriorityMappingsV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+    mappings: list[SeverityPriorityMappingV1] = Field(..., alias="mappings")
+class DisableJiraBoardAutomationsV1(ConfiguredBaseModel):
+    integrations: Optional[list[str]] = Field(..., alias="integrations")
+class JiraBoardV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+    server: JiraServerV1 = Field(..., alias="server")
+    severity_priority_mappings: JiraSeverityPriorityMappingsV1 = Field(..., alias="severityPriorityMappings")
+    issue_type: Optional[str] = Field(..., alias="issueType")
+    issue_security_id: Optional[str] = Field(..., alias="issueSecurityId")
+    disable: Optional[DisableJiraBoardAutomationsV1] = Field(..., alias="disable")
+class AppEscalationPolicyChannelsV1(ConfiguredBaseModel):
+    jira_board: list[JiraBoardV1] = Field(..., alias="jiraBoard")
+    jira_component: Optional[str] = Field(..., alias="jiraComponent")
+    jira_labels: Optional[list[str]] = Field(..., alias="jiraLabels")
+class AppEscalationPolicyV1(ConfiguredBaseModel):
+    name: str = Field(..., alias="name")
+    channels: AppEscalationPolicyChannelsV1 = Field(..., alias="channels")
+class AcsPolicyIntegrationNotifierJiraV1(ConfiguredBaseModel):
+    escalation_policy: AppEscalationPolicyV1 = Field(..., alias="escalationPolicy")
+class AcsPolicyIntegrationNotifiersV1(ConfiguredBaseModel):
+    jira: Optional[AcsPolicyIntegrationNotifierJiraV1] = Field(..., alias="jira")
+class AcsPolicyIntegrationsV1(ConfiguredBaseModel):
+    notifiers: Optional[AcsPolicyIntegrationNotifiersV1] = Field(..., alias="notifiers")
 class AcsPolicyScopeV1(ConfiguredBaseModel):
     level: str = Field(..., alias="level")
@@ -131,6 +212,7 @@ class AcsPolicyV1(ConfiguredBaseModel):
     description: Optional[str] = Field(..., alias="description")
     severity: str = Field(..., alias="severity")
     notifiers: Optional[list[str]] = Field(..., alias="notifiers")
+    integrations: Optional[AcsPolicyIntegrationsV1] = Field(..., alias="integrations")
     categories: list[str] = Field(..., alias="categories")
     scope: Union[AcsPolicyScopeClusterV1, AcsPolicyScopeNamespaceV1, AcsPolicyScopeV1] = Field(..., alias="scope")
     conditions: list[Union[AcsPolicyConditionsCvssV1, AcsPolicyConditionsSeverityV1, AcsPolicyConditionsImageTagV1, AcsPolicyConditionsCveV1, AcsPolicyConditionsImageAgeV1, AcsPolicyConditionsV1]] = Field(..., alias="conditions")

reconcile/gql_definitions/jira/__init__.py ADDED Viewed

File without changes

reconcile/gql_definitions/jira/jira_servers.py ADDED Viewed

@@ -0,0 +1,76 @@
+"""
+Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+"""
+from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
+from datetime import datetime  # noqa: F401 # pylint: disable=W0611
+from enum import Enum  # noqa: F401 # pylint: disable=W0611
+from typing import (  # noqa: F401 # pylint: disable=W0611
+    Any,
+    Optional,
+    Union,
+)
+from pydantic import (  # noqa: F401 # pylint: disable=W0611
+    BaseModel,
+    Extra,
+    Field,
+    Json,
+)
+DEFINITION = """
+query JiraServers {
+  jira_servers: jira_servers_v1 {
+    serverUrl
+    username
+    token {
+      path
+      version
+      field
+      format
+    }
+  }
+}
+"""
+class ConfiguredBaseModel(BaseModel):
+    class Config:
+        smart_union=True
+        extra=Extra.forbid
+class VaultSecretV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+    version: Optional[int] = Field(..., alias="version")
+    field: str = Field(..., alias="field")
+    q_format: Optional[str] = Field(..., alias="format")
+class JiraServerV1(ConfiguredBaseModel):
+    server_url: str = Field(..., alias="serverUrl")
+    username: str = Field(..., alias="username")
+    token: VaultSecretV1 = Field(..., alias="token")
+class JiraServersQueryData(ConfiguredBaseModel):
+    jira_servers: Optional[list[JiraServerV1]] = Field(..., alias="jira_servers")
+def query(query_func: Callable, **kwargs: Any) -> JiraServersQueryData:
+    """
+    This is a convenience function which queries and parses the data into
+    concrete types. It should be compatible with most GQL clients.
+    You do not have to use it to consume the generated data classes.
+    Alternatively, you can also mime and alternate the behavior
+    of this function in the caller.
+    Parameters:
+        query_func (Callable): Function which queries your GQL Server
+        kwargs: optional arguments that will be passed to the query function
+    Returns:
+        JiraServersQueryData: queried data parsed into generated classes
+    """
+    raw_data: dict[Any, Any] = query_func(DEFINITION, **kwargs)
+    return JiraServersQueryData(**raw_data)

reconcile/gql_definitions/templating/template_collection.py CHANGED Viewed

@@ -22,7 +22,9 @@ DEFINITION = """
 query TemplateCollection_v1 {
   template_collection_v1 {
     name
+    additionalMrLabels
     description
+    enableAutoApproval
     variables {
       static
       dynamic {
@@ -32,6 +34,7 @@ query TemplateCollection_v1 {
     }
     templates {
       name
+      autoApproved
       condition
       targetPath
       patch {
@@ -68,6 +71,7 @@ class TemplatePatchV1(ConfiguredBaseModel):
 class TemplateV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
+    auto_approved: Optional[bool] = Field(..., alias="autoApproved")
     condition: Optional[str] = Field(..., alias="condition")
     target_path: str = Field(..., alias="targetPath")
     patch: Optional[TemplatePatchV1] = Field(..., alias="patch")
@@ -76,7 +80,9 @@ class TemplateV1(ConfiguredBaseModel):
 class TemplateCollectionV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
+    additional_mr_labels: Optional[list[str]] = Field(..., alias="additionalMrLabels")
     description: str = Field(..., alias="description")
+    enable_auto_approval: Optional[bool] = Field(..., alias="enableAutoApproval")
     variables: Optional[TemplateCollectionVariablesV1] = Field(..., alias="variables")
     templates: list[TemplateV1] = Field(..., alias="templates")

reconcile/gql_definitions/templating/templates.py CHANGED Viewed

@@ -22,6 +22,7 @@ DEFINITION = """
 query Templatev1 {
   template_v1 {
     name
+    autoApproved
     condition
     patch {
       path
@@ -64,6 +65,7 @@ class TemplateTestV1(ConfiguredBaseModel):
 class TemplateV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
+    auto_approved: Optional[bool] = Field(..., alias="autoApproved")
     condition: Optional[str] = Field(..., alias="condition")
     patch: Optional[TemplatePatchV1] = Field(..., alias="patch")
     target_path: str = Field(..., alias="targetPath")

reconcile/templating/lib/merge_request_manager.py CHANGED Viewed

@@ -13,6 +13,7 @@ from reconcile.utils.merge_request_manager.parser import (
     Parser,
 )
 from reconcile.utils.mr import MergeRequestBase
+from reconcile.utils.mr.labels import AUTO_MERGE
 from reconcile.utils.vcs import VCS
 DATA_SEPARATOR = (
@@ -120,16 +121,23 @@ class TemplateRenderingMR(MergeRequestBase):
                 )
+class MrData(BaseModel):
+    data: list[TemplateOutput]
+    auto_approved: bool
 class MergeRequestManager(MergeRequestManagerBase[TemplateInfo]):
     def __init__(self, vcs: VCS, parser: Parser):
         super().__init__(vcs, parser, TR_LABEL)
-    def create_merge_request(self, output: list[TemplateOutput]) -> None:
+    def create_merge_request(self, data: MrData) -> None:
         if not self._housekeeping_ran:
             self.housekeeping()
-        collections = {o.input.collection for o in output if o.input}
-        collection_hashes = {o.input.collection_hash for o in output if o.input}
+        output = data.data
+        collections = {o.input.collection for o in output}
+        collection_hashes = {o.input.collection_hash for o in output}
+        additional_labels = {label for o in output for label in o.input.labels}
         # From the way the code is written, we can assert that there is only one collection and one template hash
         assert len(collections) == 1
         assert len(collection_hashes) == 1
@@ -158,6 +166,12 @@ class MergeRequestManager(MergeRequestManagerBase[TemplateInfo]):
         logging.info("Opening MR for %s with hash (%s)", collection, collection_hash)
         mr_labels = [TR_LABEL]
+        if data.auto_approved:
+            mr_labels.append(AUTO_MERGE)
+        if additional_labels:
+            mr_labels.extend(additional_labels)
         self._vcs.open_app_interface_merge_request(
             mr=TemplateRenderingMR(
                 title=title,

reconcile/templating/lib/model.py CHANGED Viewed

@@ -1,15 +1,16 @@
-from typing import Optional
 from pydantic import BaseModel
 class TemplateInput(BaseModel):
     collection: str
     collection_hash: str
+    enable_auto_approval: bool = False
+    labels: list[str] = []
 class TemplateOutput(BaseModel):
-    input: Optional[TemplateInput]
+    input: TemplateInput
     is_new: bool = False
     path: str
     content: str
+    auto_approved: bool = False

reconcile/templating/renderer.py CHANGED Viewed

@@ -17,6 +17,7 @@ from reconcile.gql_definitions.templating.template_collection import (
 )
 from reconcile.templating.lib.merge_request_manager import (
     MergeRequestManager,
+    MrData,
     create_parser,
 )
 from reconcile.templating.lib.model import TemplateInput, TemplateOutput
@@ -59,6 +60,19 @@ class FilePersistence(ABC):
     def read(self, path: str) -> Optional[str]:
         pass
+    @staticmethod
+    def _read_local_file(path: str) -> Optional[str]:
+        try:
+            with open(
+                path,
+                "r",
+                encoding="utf-8",
+            ) as f:
+                return f.read()
+        except FileNotFoundError:
+            logging.debug(f"File not found: {path}, need to create it")
+        return None
 class LocalFilePersistence(FilePersistence):
     """
@@ -80,16 +94,7 @@ class LocalFilePersistence(FilePersistence):
                 f.write(output.content)
     def read(self, path: str) -> Optional[str]:
-        try:
-            with open(
-                f"{join_path(self.app_interface_data_path, path)}",
-                "r",
-                encoding="utf-8",
-            ) as f:
-                return f.read()
-        except FileNotFoundError:
-            logging.debug(f"File not found: {path}, need to create it")
-        return None
+        return self._read_local_file(join_path(self.app_interface_data_path, path))
 class PersistenceTransaction(FilePersistence):
@@ -127,6 +132,8 @@ class ClonedRepoGitlabPersistence(FilePersistence):
     """
     This class is used to persist the rendered templates in a cloned gitlab repo
     Reads are from the local filesystem, writes are done via utils.VCS abstraction
+    Only one MR is created per run. Auto-approval MRs are prefered.
     """
     def __init__(self, local_path: str, vcs: VCS, mr_manager: MergeRequestManager):
@@ -136,19 +143,19 @@ class ClonedRepoGitlabPersistence(FilePersistence):
     def write(self, outputs: list[TemplateOutput]) -> None:
         self.mr_manager.housekeeping()
-        self.mr_manager.create_merge_request(outputs)
+        if any([o.input.enable_auto_approval for o in outputs]):
+            auto_approved = [o for o in outputs if o.auto_approved]
+            if auto_approved:
+                self.mr_manager.create_merge_request(
+                    MrData(data=auto_approved, auto_approved=True)
+                )
+                return
+        self.mr_manager.create_merge_request(MrData(data=outputs, auto_approved=False))
     def read(self, path: str) -> Optional[str]:
-        try:
-            with open(
-                f"{join_path(self.local_path, path)}",
-                "r",
-                encoding="utf-8",
-            ) as f:
-                return f.read()
-        except FileNotFoundError:
-            logging.debug(f"File not found: {path}, need to create it")
-        return None
+        return self._read_local_file(join_path(self.local_path, path))
 def unpack_static_variables(
@@ -187,6 +194,7 @@ class TemplateRendererIntegration(QontractReconcileIntegration):
         variables: dict,
         persistence: FilePersistence,
         ruaml_instance: yaml.YAML,
+        template_input: TemplateInput,
     ) -> Optional[TemplateOutput]:
         r = create_renderer(
             template,
@@ -217,6 +225,8 @@ class TemplateRendererIntegration(QontractReconcileIntegration):
                     path=target_path,
                     content=output,
                     is_new=current_str is None,
+                    auto_approved=template.auto_approved or False,
+                    input=template_input,
                 )
         return None
@@ -244,18 +254,17 @@ class TemplateRendererIntegration(QontractReconcileIntegration):
             ).hexdigest()
             with PersistenceTransaction(persistence, dry_run) as p:
+                input = TemplateInput(
+                    collection=c.name,
+                    collection_hash=template_hash,
+                    enable_auto_approval=c.enable_auto_approval or False,
+                    labels=c.additional_mr_labels or [],
+                )
                 for template in c.templates:
                     output = self.process_template(
-                        template,
-                        variables,
-                        p,
-                        ruamel_instance,
+                        template, variables, p, ruamel_instance, input
                     )
                     if output:
-                        output.input = TemplateInput(
-                            collection=c.name,
-                            collection_hash=template_hash,
-                        )
                         outputs.append(output)
                 if not dry_run:

reconcile/templating/validator.py CHANGED Viewed

@@ -127,7 +127,11 @@ class TemplateValidatorIntegration(QontractReconcileIntegration):
         if diffs:
             for diff in diffs:
                 logging.error(f"template: {diff.template}, test: {diff.test}")
-                logging.debug(diff.diff)
+                # This log should never be added except for local debugging.
+                # Credentials could be leaked, i.e. creating an MR with a diff,
+                # using a template, that uses the vault function.
+                # Use template-validator CLI instead.
+                # logging.debug(diff.diff)
             raise ValueError("Template validation failed")
     @property

reconcile/test/test_acs_notifiers.py ADDED Viewed

@@ -0,0 +1,399 @@
+import copy
+from typing import Any
+import pytest
+from pytest_mock import MockerFixture
+from reconcile.acs_notifiers import AcsNotifiersIntegration
+from reconcile.gql_definitions.acs.acs_policies import (
+    AcsPolicyIntegrationNotifierJiraV1,
+    AcsPolicyIntegrationNotifiersV1,
+    AcsPolicyIntegrationsV1,
+    AcsPolicyScopeClusterV1,
+    AcsPolicyScopeNamespaceV1,
+    AcsPolicyV1,
+    AppEscalationPolicyChannelsV1,
+    AppEscalationPolicyV1,
+    DisableJiraBoardAutomationsV1,
+    JiraBoardV1,
+    JiraServerV1,
+    JiraSeverityPriorityMappingsV1,
+    SeverityPriorityMappingV1,
+)
+from reconcile.utils.acs.notifiers import (
+    AcsNotifiersApi,
+    JiraCredentials,
+    JiraNotifier,
+    SeverityPriorityMapping,
+)
+@pytest.fixture
+def severity_priority_mapping() -> SeverityPriorityMapping:
+    return SeverityPriorityMapping(severity="critical", priority="Critical")
+@pytest.fixture
+def severity_priority_mapping_api_payload() -> dict[str, str]:
+    return {
+        "severity": "CRITICAL_SEVERITY",
+        "priorityName": "Critical",
+    }
+def test_severity_priority_mappings_to_api(
+    severity_priority_mapping: SeverityPriorityMapping,
+    severity_priority_mapping_api_payload: dict[str, str],
+) -> None:
+    assert severity_priority_mapping.to_api() == severity_priority_mapping_api_payload
+def test_severity_priority_mappings_from_api(
+    severity_priority_mapping: SeverityPriorityMapping,
+    severity_priority_mapping_api_payload: dict[str, str],
+) -> None:
+    assert (
+        SeverityPriorityMapping.from_api(severity_priority_mapping_api_payload)
+        == severity_priority_mapping
+    )
+@pytest.fixture
+def jira_credentials() -> JiraCredentials:
+    return JiraCredentials(
+        url="https://jira.example.com",
+        username="jirabot",
+        token="topsecret",
+    )
+@pytest.fixture
+def jira_notifier(
+    severity_priority_mapping: SeverityPriorityMapping,
+    jira_credentials: JiraCredentials,
+) -> JiraNotifier:
+    return JiraNotifier(
+        name="jira-notifier-1",
+        board="JIRAPLAY",
+        url=jira_credentials.url,
+        issue_type="Task",
+        severity_priority_mappings=[severity_priority_mapping],
+        custom_fields={"security": {"id": "0"}},
+    )
+@pytest.fixture
+def jira_notifier_api_payload(
+    severity_priority_mapping: SeverityPriorityMapping,
+    jira_credentials: JiraCredentials,
+) -> dict[str, Any]:
+    return {
+        "name": "jira-notifier-1",
+        "type": "jira",
+        "uiEndpoint": "https://acs.example.com",
+        "labelDefault": "JIRAPLAY",
+        "jira": {
+            "url": jira_credentials.url,
+            "username": jira_credentials.username,
+            "password": jira_credentials.token,
+            "issueType": "Task",
+            "priorityMappings": [severity_priority_mapping.to_api()],
+            "defaultFieldsJson": '{"security": {"id": "0"}}',
+        },
+    }
+def test_jira_notifier_to_api(
+    jira_notifier: JiraNotifier,
+    jira_credentials: JiraCredentials,
+    jira_notifier_api_payload: dict[str, Any],
+) -> None:
+    assert (
+        jira_notifier.to_api(
+            ui_endpoint="https://acs.example.com", jira_credentials=jira_credentials
+        )
+        == jira_notifier_api_payload
+    )
+@pytest.fixture
+def acs_notifier_api() -> AcsNotifiersApi:
+    return AcsNotifiersApi(
+        url="https://acs.example.com",
+        token="topsecret",
+    )
+@pytest.fixture
+def acs_notifier_api_notifiers_api_payload(
+    jira_notifier: JiraNotifier,
+    jira_credentials: JiraCredentials,
+) -> list[Any]:
+    return [
+        jira_notifier.to_api(
+            ui_endpoint="https://acs.example.com", jira_credentials=jira_credentials
+        )
+    ]
+def test_acs_notifier_api_get_notifiers(
+    mocker: MockerFixture,
+    acs_notifier_api_notifiers_api_payload: list[Any],
+    acs_notifier_api: AcsNotifiersApi,
+) -> None:
+    generic_request_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.generic_request_json"
+    )
+    generic_request_mock.return_value = {
+        "notifiers": acs_notifier_api_notifiers_api_payload
+    }
+    assert acs_notifier_api.get_notifiers() == acs_notifier_api_notifiers_api_payload
+    generic_request_mock.assert_called_once_with("/v1/notifiers", "GET")
+def test_acs_notifier_api_get_jira_notifiers(
+    mocker: MockerFixture,
+    acs_notifier_api_notifiers_api_payload: list[Any],
+    acs_notifier_api: AcsNotifiersApi,
+    jira_notifier: JiraNotifier,
+) -> None:
+    get_notifiers_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.get_notifiers"
+    )
+    get_notifiers_mock.return_value = acs_notifier_api_notifiers_api_payload
+    assert acs_notifier_api.get_jira_notifiers() == [jira_notifier]
+def test_get_notifier_id_by_name(
+    mocker: MockerFixture,
+    acs_notifier_api_notifiers_api_payload: list[Any],
+    acs_notifier_api: AcsNotifiersApi,
+) -> None:
+    get_notifiers_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.get_notifiers"
+    )
+    get_notifiers_mock.return_value = acs_notifier_api_notifiers_api_payload
+    acs_notifier_api_notifiers_api_payload[0]["id"] = "jira-notifier-id-1"
+    assert (
+        acs_notifier_api.get_notifier_id_by_name("jira-notifier-1")
+        == "jira-notifier-id-1"
+    )
+    get_notifiers_mock.assert_called_once()
+def test_update_jira_notifier(
+    mocker: MockerFixture,
+    acs_notifier_api: AcsNotifiersApi,
+    jira_notifier: JiraNotifier,
+    jira_credentials: JiraCredentials,
+) -> None:
+    get_notifier_id_by_name_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.get_notifier_id_by_name"
+    )
+    get_notifier_id_by_name_mock.return_value = "jira-notifier-id-1"
+    generic_request_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.generic_request"
+    )
+    acs_notifier_api.update_jira_notifier(jira_notifier, jira_credentials)
+    get_notifier_id_by_name_mock.assert_called_once_with(jira_notifier.name)
+    body = jira_notifier.to_api(acs_notifier_api.url, jira_credentials)
+    generic_request_mock.assert_called_once_with(
+        "/v1/notifiers/jira-notifier-id-1", "PUT", body
+    )
+def test_create_jira_notifier(
+    mocker: MockerFixture,
+    acs_notifier_api: AcsNotifiersApi,
+    jira_notifier: JiraNotifier,
+    jira_credentials: JiraCredentials,
+) -> None:
+    generic_request_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.generic_request"
+    )
+    acs_notifier_api.create_jira_notifier(jira_notifier, jira_credentials)
+    body = jira_notifier.to_api(acs_notifier_api.url, jira_credentials)
+    generic_request_mock.assert_called_once_with("/v1/notifiers", "POST", body)
+def test_delete_jira_notifier(
+    mocker: MockerFixture,
+    acs_notifier_api: AcsNotifiersApi,
+    jira_notifier: JiraNotifier,
+) -> None:
+    get_notifier_id_by_name_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.get_notifier_id_by_name"
+    )
+    get_notifier_id_by_name_mock.return_value = "jira-notifier-id-1"
+    generic_request_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.generic_request"
+    )
+    acs_notifier_api.delete_jira_notifier(jira_notifier)
+    get_notifier_id_by_name_mock.assert_called_once_with(jira_notifier.name)
+    generic_request_mock.assert_called_once_with(
+        "/v1/notifiers/jira-notifier-id-1", "DELETE"
+    )
+@pytest.fixture
+def acs_notifier_integration() -> AcsNotifiersIntegration:
+    return AcsNotifiersIntegration()
+@pytest.fixture
+def escalation_policy() -> AppEscalationPolicyV1:
+    return AppEscalationPolicyV1(
+        name="notifier-1",
+        channels=AppEscalationPolicyChannelsV1(
+            jiraBoard=[
+                JiraBoardV1(
+                    name="JIRAPLAY",
+                    server=JiraServerV1(
+                        serverUrl="https://jira.example.com",
+                    ),
+                    severityPriorityMappings=JiraSeverityPriorityMappingsV1(
+                        name="sp",
+                        mappings=[
+                            SeverityPriorityMappingV1(
+                                severity="critical", priority="Critical"
+                            )
+                        ],
+                    ),
+                    issueType="Task",
+                    issueSecurityId="0",
+                    disable=DisableJiraBoardAutomationsV1(integrations=[]),
+                )
+            ],
+            jiraComponent="",
+            jiraLabels=[],
+        ),
+    )
+@pytest.fixture
+def acs_policies(
+    escalation_policy: AppEscalationPolicyV1,
+) -> list[AcsPolicyV1]:
+    return [
+        AcsPolicyV1(
+            name="acs-policy-1",
+            description="CVEs within app-sre clusters with CVSS score gte to 7 and fixable",
+            severity="high",
+            notifiers=[],
+            integrations=AcsPolicyIntegrationsV1(
+                notifiers=AcsPolicyIntegrationNotifiersV1(
+                    jira=AcsPolicyIntegrationNotifierJiraV1(
+                        escalationPolicy=escalation_policy,
+                    ),
+                ),
+            ),
+            categories=["vulnerability-management"],
+            scope=AcsPolicyScopeClusterV1(
+                level="cluster",
+                clusters=[],
+            ),
+            conditions=[],
+        ),
+        AcsPolicyV1(
+            name="acs-policy-2",
+            description="image security policy violations of critical severity within app-sre namespaces",
+            severity="critical",
+            notifiers=[],
+            integrations=AcsPolicyIntegrationsV1(
+                notifiers=AcsPolicyIntegrationNotifiersV1(
+                    jira=AcsPolicyIntegrationNotifierJiraV1(
+                        escalationPolicy=escalation_policy,
+                    ),
+                ),
+            ),
+            categories=["vulnerability-management", "devops-best-practices"],
+            scope=AcsPolicyScopeNamespaceV1(
+                level="namespace",
+                namespaces=[],
+            ),
+            conditions=[],
+        ),
+    ]
+def test_integration_get_escalation_policies(
+    acs_notifier_integration: AcsNotifiersIntegration,
+    acs_policies: list[AcsPolicyV1],
+    escalation_policy: AppEscalationPolicyV1,
+) -> None:
+    result = acs_notifier_integration._get_escalation_policies(acs_policies)
+    assert len(acs_policies) > 1
+    assert len(result) == 1
+    assert result[0] == escalation_policy
+def test_build_jira_notifier(
+    acs_notifier_integration: AcsNotifiersIntegration,
+    escalation_policy: AppEscalationPolicyV1,
+    jira_notifier: JiraNotifier,
+) -> None:
+    assert (
+        acs_notifier_integration._build_jira_notifier(escalation_policy)
+        == jira_notifier
+    )
+def test_get_desired_state(
+    acs_notifier_integration: AcsNotifiersIntegration,
+    acs_policies: list[AcsPolicyV1],
+    jira_notifier: JiraNotifier,
+) -> None:
+    assert acs_notifier_integration.get_desired_state(acs_policies) == [jira_notifier]
+def test_reconcile(
+    mocker: MockerFixture,
+    acs_notifier_integration: AcsNotifiersIntegration,
+    acs_notifier_api: AcsNotifiersApi,
+    jira_credentials: JiraCredentials,
+    jira_notifier: JiraNotifier,
+) -> None:
+    notifier_to_add = copy.deepcopy(jira_notifier)
+    notifier_to_add.name = "jira-notifier-to-add"
+    notifier_to_update_current = copy.deepcopy(jira_notifier)
+    notifier_to_update_current.name = "jira-notifier-to-update"
+    notifier_to_update_current.issue_type = "Task"
+    notifier_to_update_desired = copy.deepcopy(jira_notifier)
+    notifier_to_update_desired.name = "jira-notifier-to-update"
+    notifier_to_update_current.issue_type = "Bug"
+    notifier_to_delete = copy.deepcopy(jira_notifier)
+    notifier_to_delete.name = "jira-notifier-to-delete"
+    current_state = [notifier_to_delete, notifier_to_update_current]
+    desired_state = [notifier_to_add, notifier_to_update_desired]
+    create_jira_notifier_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.create_jira_notifier"
+    )
+    update_jira_notifier_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.update_jira_notifier"
+    )
+    delete_jira_notifier_mock = mocker.patch(
+        "reconcile.utils.acs.notifiers.AcsNotifiersApi.delete_jira_notifier"
+    )
+    acs_notifier_integration.reconcile(
+        current_state,
+        desired_state,
+        acs_notifier_api,
+        {jira_credentials.url: jira_credentials},
+        dry_run=False,
+    )
+    create_jira_notifier_mock.assert_called_once_with(
+        notifier_to_add, jira_credentials=jira_credentials
+    )
+    update_jira_notifier_mock.assert_called_once_with(
+        notifier_to_update_desired, jira_credentials=jira_credentials
+    )
+    delete_jira_notifier_mock.assert_called_once_with(notifier_to_delete)

reconcile/test/test_acs_policies.py CHANGED Viewed

@@ -10,11 +10,20 @@ from reconcile.gql_definitions.acs.acs_policies import (
     AcsPolicyConditionsCveV1,
     AcsPolicyConditionsCvssV1,
     AcsPolicyConditionsSeverityV1,
+    AcsPolicyIntegrationNotifierJiraV1,
+    AcsPolicyIntegrationNotifiersV1,
+    AcsPolicyIntegrationsV1,
     AcsPolicyQueryData,
     AcsPolicyScopeClusterV1,
     AcsPolicyScopeNamespaceV1,
     AcsPolicyV1,
+    AppEscalationPolicyChannelsV1,
+    AppEscalationPolicyV1,
     ClusterV1,
+    DisableJiraBoardAutomationsV1,
+    JiraBoardV1,
+    JiraServerV1,
+    JiraSeverityPriorityMappingsV1,
     NamespaceV1,
     NamespaceV1_ClusterV1,
 )
@@ -41,6 +50,36 @@ def query_data_desired_state() -> AcsPolicyQueryData:
                 description="CVEs within app-sre clusters with CVSS score gte to 7 and fixable",
                 severity="high",
                 notifiers=[JIRA_NOTIFIER_NAME],
+                integrations=AcsPolicyIntegrationsV1(
+                    notifiers=AcsPolicyIntegrationNotifiersV1(
+                        jira=AcsPolicyIntegrationNotifierJiraV1(
+                            escalationPolicy=AppEscalationPolicyV1(
+                                name="test-ep",
+                                channels=AppEscalationPolicyChannelsV1(
+                                    jiraBoard=[
+                                        JiraBoardV1(
+                                            name="board",
+                                            server=JiraServerV1(
+                                                serverUrl="server",
+                                            ),
+                                            severityPriorityMappings=JiraSeverityPriorityMappingsV1(
+                                                name="sp",
+                                                mappings=[],
+                                            ),
+                                            issueType="Task",
+                                            issueSecurityId="0",
+                                            disable=DisableJiraBoardAutomationsV1(
+                                                integrations=[]
+                                            ),
+                                        )
+                                    ],
+                                    jiraComponent="",
+                                    jiraLabels=[],
+                                ),
+                            ),
+                        ),
+                    ),
+                ),
                 categories=["vulnerability-management"],
                 scope=AcsPolicyScopeClusterV1(
                     level="cluster",
@@ -61,6 +100,36 @@ def query_data_desired_state() -> AcsPolicyQueryData:
                 description="image security policy violations of critical severity within app-sre namespaces",
                 severity="critical",
                 notifiers=[],
+                integrations=AcsPolicyIntegrationsV1(
+                    notifiers=AcsPolicyIntegrationNotifiersV1(
+                        jira=AcsPolicyIntegrationNotifierJiraV1(
+                            escalationPolicy=AppEscalationPolicyV1(
+                                name="test-ep",
+                                channels=AppEscalationPolicyChannelsV1(
+                                    jiraBoard=[
+                                        JiraBoardV1(
+                                            name="board",
+                                            server=JiraServerV1(
+                                                serverUrl="server",
+                                            ),
+                                            severityPriorityMappings=JiraSeverityPriorityMappingsV1(
+                                                name="sp",
+                                                mappings=[],
+                                            ),
+                                            issueType="Task",
+                                            issueSecurityId="0",
+                                            disable=DisableJiraBoardAutomationsV1(
+                                                integrations=[]
+                                            ),
+                                        )
+                                    ],
+                                    jiraComponent="",
+                                    jiraLabels=[],
+                                ),
+                            ),
+                        ),
+                    ),
+                ),
                 categories=["vulnerability-management", "devops-best-practices"],
                 scope=AcsPolicyScopeNamespaceV1(
                     level="namespace",

reconcile/utils/acs/base.py CHANGED Viewed

@@ -75,3 +75,8 @@ class AcsBaseApi(BaseModel):
             raise
         return response
+    def generic_request_json(
+        self, path: str, verb: str, json: Optional[Any] = None
+    ) -> Any:
+        return self.generic_request(path, verb, json=json).json()

reconcile/utils/acs/notifiers.py ADDED Viewed

@@ -0,0 +1,111 @@
+import json
+from typing import Any, Optional
+from pydantic import BaseModel
+from reconcile.utils.acs.base import AcsBaseApi
+class JiraCredentials(BaseModel):
+    url: str
+    username: str
+    token: str
+class SeverityPriorityMapping(BaseModel):
+    severity: str
+    priority: str
+    @staticmethod
+    def from_api(mapping: dict[str, str]) -> "SeverityPriorityMapping":
+        return SeverityPriorityMapping(
+            severity=mapping["severity"].replace("_SEVERITY", "").lower(),
+            priority=mapping["priorityName"],
+        )
+    def to_api(self) -> Any:
+        return {
+            "severity": f"{self.severity.upper()}_SEVERITY",
+            "priorityName": self.priority,
+        }
+class JiraNotifier(BaseModel):
+    name: str
+    board: str
+    url: str
+    issue_type: Optional[str]
+    severity_priority_mappings: list[SeverityPriorityMapping]
+    custom_fields: Optional[dict[str, Any]]
+    @staticmethod
+    def from_api(notifier: dict[str, Any]) -> "JiraNotifier":
+        notifier_jira = notifier["jira"]
+        return JiraNotifier(
+            name=notifier["name"],
+            board=notifier["labelDefault"],
+            url=notifier_jira["url"],
+            issue_type=notifier_jira["issueType"],
+            severity_priority_mappings=sorted(
+                [
+                    SeverityPriorityMapping.from_api(mapping)
+                    for mapping in notifier_jira["priorityMappings"]
+                ],
+                key=lambda m: m.severity,
+            ),
+            custom_fields=json.loads(notifier_jira.get("defaultFieldsJson") or "{}"),
+        )
+    def to_api(self, ui_endpoint: str, jira_credentials: JiraCredentials) -> Any:
+        return {
+            "name": self.name,
+            "type": "jira",
+            "uiEndpoint": ui_endpoint,
+            "labelDefault": self.board,
+            "jira": {
+                "url": jira_credentials.url,
+                "username": jira_credentials.username,
+                "password": jira_credentials.token,
+                "issueType": self.issue_type or "Task",
+                "priorityMappings": [
+                    mapping.to_api() for mapping in self.severity_priority_mappings
+                ],
+                "defaultFieldsJson": json.dumps(self.custom_fields or {}),
+            },
+        }
+class AcsNotifiersApi(AcsBaseApi):
+    """
+    Implements methods to support reconcile operations against the ACS NotifiersService api
+    """
+    def get_notifiers(self) -> list[Any]:
+        return self.generic_request_json("/v1/notifiers", "GET")["notifiers"]
+    def get_jira_notifiers(self) -> list[JiraNotifier]:
+        return [
+            JiraNotifier.from_api(notifier)
+            for notifier in self.get_notifiers()
+            if notifier["type"] == "jira"
+        ]
+    def get_notifier_id_by_name(self, name: str) -> str:
+        return [n["id"] for n in self.get_notifiers() if n["name"] == name][0]
+    def update_jira_notifier(
+        self, jira_notifier: JiraNotifier, jira_credentials: JiraCredentials
+    ) -> None:
+        notifier_id = self.get_notifier_id_by_name(jira_notifier.name)
+        body = jira_notifier.to_api(self.url, jira_credentials)
+        self.generic_request(f"/v1/notifiers/{notifier_id}", "PUT", body)
+    def create_jira_notifier(
+        self, jira_notifier: JiraNotifier, jira_credentials: JiraCredentials
+    ) -> None:
+        body = jira_notifier.to_api(self.url, jira_credentials)
+        self.generic_request("/v1/notifiers", "POST", body)
+    def delete_jira_notifier(self, jira_notifier: JiraNotifier) -> None:
+        notifier_id = self.get_notifier_id_by_name(jira_notifier.name)
+        self.generic_request(f"/v1/notifiers/{notifier_id}", "DELETE")

{qontract_reconcile-0.10.1rc734.dist-info → qontract_reconcile-0.10.1rc736.dist-info}/WHEEL RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc734.dist-info → qontract_reconcile-0.10.1rc736.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc734.dist-info → qontract_reconcile-0.10.1rc736.dist-info}/top_level.txt RENAMED Viewed

File without changes

qontract-reconcile 0.10.1rc734__py3-none-any.whl → 0.10.1rc736__py3-none-any.whl

qontract-reconcile 0.10.1rc734py3-none-any.whl → 0.10.1rc736py3-none-any.whl