qontract-reconcile 0.10.1rc746__py3-none-any.whl → 0.10.1rc748__py3-none-any.whl

{qontract_reconcile-0.10.1rc746.dist-info → qontract_reconcile-0.10.1rc748.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc746
+Version: 0.10.1rc748
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc746.dist-info → qontract_reconcile-0.10.1rc748.dist-info}/RECORD

@@ -10,7 +10,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=Fra8s6kxIuCoLF-moSto81gDFoJ6Q-WrsaRcVxR-KRI,98281
+reconcile/cli.py,sha256=Vw8P6w0nPOGkMRvxpn4lR75jUeRoXLJ4R-WspWNX6Cg,98702
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -47,7 +47,7 @@ reconcile/jenkins_roles.py,sha256=f8ELpZY36UjoaCpR_9LijQuIMuB6a7sVLFf_H1ct9Hc,44
 reconcile/jenkins_webhooks.py,sha256=j8vhJMWcRhOdc9XzRSm0CPj84jsF3e4Syjm7r1BIsDE,1978
 reconcile/jenkins_webhooks_cleaner.py,sha256=JsN_NVPfZJwv1JtSzZXDIHUqGiefL-DRffFnDGau9aY,1539
 reconcile/jenkins_worker_fleets.py,sha256=PMNGOX0krubFjInPiFT0za0KCiWBLEcVDuXdKRd1BrE,5378
-reconcile/jira_permissions_validator.py,sha256=8Nl7rSc8x_AXXVRYvRlq_arR7N5pz0YM4M7Pb60RoCg,11597
+reconcile/jira_permissions_validator.py,sha256=iDsFdGqB8Zv9cjIVgYFq_N3xtRCrcR5uAZmcc51D-2o,13240
 reconcile/jira_watcher.py,sha256=eyOQ92t8TFi6gogfNTO448h_h1CUyr24E0MPHc51R-o,3617
 reconcile/ldap_users.py,sha256=uEWQ0V41tN9KCZi4ZKPamjrJ6djSpdpvDBo7yJ0e7ZI,3008
 reconcile/mr_client_gateway.py,sha256=WhjMd-sIXDFCV8-rt8CEjurJ5OYB1pOD0K3o0tZRXQg,1885
@@ -618,7 +618,7 @@ reconcile/utils/helpers.py,sha256=k9svgFFZG7H5FvHYY0g5jJyvgvh2UDZxf0Ib221teag,11
 reconcile/utils/imap_client.py,sha256=byFAJATbITJPsGECSbvXBOcCnoeTUpDFiEjzOAxLm_U,1975
 reconcile/utils/instrumented_wrappers.py,sha256=eVwMoa6FCrYxLv3RML3WpZF9qKVfCTjMxphgVXG03OM,1073
 reconcile/utils/jenkins_api.py,sha256=MyJSB_S3uYf3sXnt9t03-gZNQ7tbdd7Wusv3MoF2fRc,7113
-reconcile/utils/jira_client.py,sha256=KjsakExjlii6lkxUlHRScBtPG4wuomJOTIoNiM-edQw,7322
+reconcile/utils/jira_client.py,sha256=sCswWH-SctzPSElI9_oHv9LKuNnPfjP_FIOizxqh6nE,7693
 reconcile/utils/jjb_client.py,sha256=Pdy0dLCFvD6GPCaC0tZydYgkVJPOxYXIiwWECZaFJBU,14551
 reconcile/utils/jsonpath.py,sha256=NRpAEijKN4cMDjo7qivNPqpm0__GQQ1TiE0PBEBO45s,5572
 reconcile/utils/jump_host.py,sha256=AdwmCZYNhRe53VwV2iAsUdVyUdVtSd4REmdThJDkM5w,4973
@@ -664,7 +664,7 @@ reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM
 reconcile/utils/unleash.py,sha256=1D56CsZfE3ShDtN3IErE1T2eeIwNmxhK-yYbCotJ99E,3601
 reconcile/utils/vault.py,sha256=S0eHqvZ9N3fya1E8YDaUffEvLk_fdtpzL4rvWn6f828,14991
 reconcile/utils/vaultsecretref.py,sha256=3Ed2uBy36TzSvL0B-l4FoWQqB2SbBKDKEuUPIO608Bo,931
-reconcile/utils/vcs.py,sha256=uHFyYSHGpsdtiY76XVquq_5IzJTkkghBwWESeCJIeAw,8416
+reconcile/utils/vcs.py,sha256=iiAWQXNftKIRoakXEOPT6ubB_ybSuInIQ6jcMxa_NKk,8558
 reconcile/utils/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/acs/base.py,sha256=kjcxLGIMe8oLNFOxZ_bDcClFqGCL7Auwug5is0yNGbw,2555
 reconcile/utils/acs/notifiers.py,sha256=2n5blP9N1FdGLZuy3do9bpjd8NKg88kmLNNqhAGn8w4,5013
@@ -778,8 +778,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=w2l4BHB09k1d-BGJ1jBUNCqDv7zkqYrMHojQXg-21kQ,4155
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc746.dist-info/METADATA,sha256=wZTYzj2gWnkTP279SxzH3p9fBGaVQk9mId5meD83nUQ,2382
-qontract_reconcile-0.10.1rc746.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc746.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
-qontract_reconcile-0.10.1rc746.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc746.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc748.dist-info/METADATA,sha256=ceTfijoo-x5F6mo0WQjXgfkmBWkj6OvaecXkCj0R2-I,2382
+qontract_reconcile-0.10.1rc748.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc748.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
+qontract_reconcile-0.10.1rc748.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc748.dist-info/RECORD,,

reconcile/cli.py

@@ -1144,12 +1144,26 @@ def jenkins_webhooks_cleaner(ctx):
     help="Throw and error in case of board permission errors. Useful for PR checks.",
     default=True,
 )
+@enable_extended_early_exit
+@extended_early_exit_cache_ttl_seconds
+@log_cached_log_output
 @click.pass_context
-def jira_permissions_validator(ctx, exit_on_permission_errors):
+def jira_permissions_validator(
+    ctx,
+    exit_on_permission_errors,
+    enable_extended_early_exit,
+    extended_early_exit_cache_ttl_seconds,
+    log_cached_log_output,
+):
     import reconcile.jira_permissions_validator
 
     run_integration(
-        reconcile.jira_permissions_validator, ctx.obj, exit_on_permission_errors
+        reconcile.jira_permissions_validator,
+        ctx.obj,
+        exit_on_permission_errors,
+        enable_extended_early_exit=enable_extended_early_exit,
+        extended_early_exit_cache_ttl_seconds=extended_early_exit_cache_ttl_seconds,
+        log_cached_log_output=log_cached_log_output,
     )
 
 

reconcile/jira_permissions_validator.py

@@ -2,14 +2,11 @@ import logging
 import sys
 from collections.abc import Callable, Iterable
 from enum import IntFlag, auto
-from typing import Any
+from typing import Any, TypedDict
 
 from jira import JIRAError
 from pydantic import BaseModel
 
-from reconcile.gql_definitions.jira_permissions_validator.jira_boards_for_permissions_validator import (
-    DEFINITION as JIRA_BOARDS_DEFINITION,
-)
 from reconcile.gql_definitions.jira_permissions_validator.jira_boards_for_permissions_validator import (
     JiraBoardV1,
 )
@@ -24,10 +21,17 @@ from reconcile.typed_queries.jira_settings import get_jira_settings
 from reconcile.typed_queries.jiralert_settings import get_jiralert_settings
 from reconcile.utils import gql, metrics
 from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.extended_early_exit import (
+    ExtendedEarlyExitRunnerResult,
+    extended_early_exit_run,
+)
 from reconcile.utils.jira_client import JiraClient, JiraWatcherSettings
 from reconcile.utils.secret_reader import SecretReaderBase, create_secret_reader
+from reconcile.utils.semver_helper import make_semver
+from reconcile.utils.unleash import get_feature_toggle_state
 
 QONTRACT_INTEGRATION = "jira-permissions-validator"
+QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
 
 NameToIdMap = dict[str, str]
 
@@ -59,6 +63,15 @@ class ValidationError(IntFlag):
     INVALID_COMPONENT = auto()
 
 
+class RunnerParams(TypedDict):
+    exit_on_permission_errors: bool
+    boards: list[JiraBoardV1]
+
+
+class CacheSource(TypedDict):
+    boards: list
+
+
 def board_is_valid(
     jira: JiraClient,
     board: JiraBoardV1,
@@ -90,7 +103,7 @@ def board_is_valid(
                 error |= ValidationError.INVALID_COMPONENT
 
         issue_type = board.issue_type if board.issue_type else default_issue_type
-        project_issue_types = jira.project_issue_types(board.name)
+        project_issue_types = jira.project_issue_types()
         project_issue_types_str = [i.name for i in project_issue_types]
         if issue_type not in project_issue_types_str:
             logging.error(
@@ -192,7 +205,6 @@ def validate_boards(
 ) -> bool:
     error = False
     jira_clients: dict[str, JiraClient] = {}
-    public_projects_cache: dict[str, list[str]] = {}
     for board in jira_boards:
         logging.debug(f"[{board.name}] checking ...")
         if board.server.server_url not in jira_clients:
@@ -204,10 +216,6 @@ def validate_boards(
             )
         jira = jira_clients[board.server.server_url]
         jira.project = board.name
-        if board.server.server_url not in public_projects_cache:
-            public_projects_cache[board.server.server_url] = jira.public_projects()
-        public_projects = public_projects_cache[board.server.server_url]
-
         try:
             error_flags = board_is_valid(
                 jira=jira,
@@ -215,7 +223,7 @@ def validate_boards(
                 default_issue_type=default_issue_type,
                 default_reopen_state=default_reopen_state,
                 jira_server_priorities={p.name: p.id for p in jira.priorities()},
-                public_projects=public_projects,
+                public_projects=jira.public_projects(),
             )
             match error_flags:
                 case 0:
@@ -256,13 +264,59 @@ def get_jira_boards(query_func: Callable) -> list[JiraBoardV1]:
     ]
 
 
-def run(dry_run: bool, exit_on_permission_errors: bool) -> None:
+def export_boards(boards: list[JiraBoardV1]) -> list[dict]:
+    return [board.dict() for board in boards]
+
+
+def run(
+    dry_run: bool,
+    exit_on_permission_errors: bool,
+    enable_extended_early_exit: bool = False,
+    extended_early_exit_cache_ttl_seconds: int = 3600,
+    log_cached_log_output: bool = False,
+) -> None:
+    gql_api = gql.get_api()
+    boards = get_jira_boards(query_func=gql_api.query)
+    runner_params: RunnerParams = dict(
+        exit_on_permission_errors=exit_on_permission_errors,
+        boards=boards,
+    )
+    if enable_extended_early_exit and get_feature_toggle_state(
+        "jira-permissions-validator-extended-early-exit",
+        default=True,
+    ):
+        vault_settings = get_app_interface_vault_settings()
+        secret_reader = create_secret_reader(use_vault=vault_settings.vault)
+
+        cache_source = CacheSource(
+            boards=export_boards(boards),
+        )
+        extended_early_exit_run(
+            integration=QONTRACT_INTEGRATION,
+            integration_version=QONTRACT_INTEGRATION_VERSION,
+            # don't use `dry_run` in the cache key because this is a read-only integration
+            dry_run=False,
+            cache_source=cache_source,
+            shard="",
+            ttl_seconds=extended_early_exit_cache_ttl_seconds,
+            logger=logging.getLogger(),
+            runner=runner,
+            runner_params=runner_params,
+            secret_reader=secret_reader,
+            log_cached_log_output=log_cached_log_output,
+        )
+    else:
+        runner(**runner_params)
+
+
+def runner(
+    exit_on_permission_errors: bool, boards: list[JiraBoardV1]
+) -> ExtendedEarlyExitRunnerResult:
     gql_api = gql.get_api()
     settings = get_jira_settings(gql_api=gql_api)
     jiralert_settings = get_jiralert_settings(query_func=gql_api.query)
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
-    boards = get_jira_boards(query_func=gql_api.query)
 
     with metrics.transactional_metrics("jira-boards") as metrics_container:
         error = validate_boards(
@@ -278,8 +332,8 @@ def run(dry_run: bool, exit_on_permission_errors: bool) -> None:
     if error:
         sys.exit(ExitCodes.ERROR)
 
+    return ExtendedEarlyExitRunnerResult(payload=export_boards(boards), applied_count=0)
+
 
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
-    return {
-        "boards": gql.get_api().query(JIRA_BOARDS_DEFINITION)["jira_boards"],
-    }
+    return {"boards": export_boards(get_jira_boards(query_func=gql.get_api().query))}

reconcile/utils/jira_client.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+import functools
 import logging
 from collections.abc import (
     Iterable,
@@ -82,6 +83,11 @@ class JiraClient:
         self.project = project
         self.jira = jira_api
 
+        # some caches
+        self.priorities = functools.lru_cache(maxsize=None)(self._priorities)
+        self.public_projects = functools.lru_cache(maxsize=None)(self._public_projects)
+        self.my_permissions = functools.lru_cache(maxsize=None)(self._my_permissions)
+
     def _deprecated_init(
         self, jira_board: Mapping[str, Any], settings: Optional[Mapping]
     ) -> None:
@@ -174,11 +180,12 @@ class JiraClient:
             )
         return issue
 
+    def _my_permissions(self, project: str) -> dict[str, Any]:
+        return self.jira.my_permissions(projectKey=project)["permissions"]
+
     def can_i(self, permission: str) -> bool:
         return bool(
-            self.jira.my_permissions(projectKey=self.project)["permissions"][
-                permission
-            ]["havePermission"]
+            self.my_permissions(project=self.project)[permission]["havePermission"]
         )
 
     def can_create_issues(self) -> bool:
@@ -187,10 +194,10 @@ class JiraClient:
     def can_transition_issues(self) -> bool:
         return self.can_i("TRANSITION_ISSUES")
 
-    def project_issue_types(self, project: str) -> list[IssueType]:
+    def project_issue_types(self) -> list[IssueType]:
         return [
             IssueType(id=t.id, name=t.name, statuses=[s.name for s in t.statuses])
-            for t in self.jira.issue_types_for_project(project)
+            for t in self.jira.issue_types_for_project(self.project)
         ]
 
     def security_levels(self) -> list[SecurityLevel]:
@@ -201,7 +208,7 @@ class JiraClient:
         scheme = self.jira.project_issue_security_level_scheme(self.project)
         return [SecurityLevel(id=level.id, name=level.name) for level in scheme.levels]
 
-    def priorities(self) -> list[Priority]:
+    def _priorities(self) -> list[Priority]:
         """Return a list of all available Jira priorities."""
         return [Priority(id=p.id, name=p.name) for p in self.jira.priorities()]
 
@@ -210,7 +217,7 @@ class JiraClient:
         scheme = self.jira.project_priority_scheme(self.project)
         return scheme.optionIds
 
-    def public_projects(self) -> list[str]:
+    def _public_projects(self) -> list[str]:
         """Return a list of all public available projects."""
         if not self.server:
             raise RuntimeError("JiraClient.server is not set.")

reconcile/utils/vcs.py

@@ -216,8 +216,13 @@ class VCS:
             self._app_interface_api.close(mr)
 
     def get_file_content_from_app_interface_master(self, file_path: str) -> str:
+        file_path = (
+            f"data/{file_path.lstrip('/')}"
+            if not file_path.startswith("data")
+            else file_path
+        )
         return self._app_interface_api.project.files.get(
-            file_path=f"data{file_path}", ref="master"
+            file_path=file_path, ref="master"
         ).decode()
 
     def get_open_app_interface_merge_requests(self) -> list[ProjectMergeRequest]: