PyPI - qontract-reconcile - Versions diffs - 0.10.1rc860__py3-none-any.whl → 0.10.1rc862__py3-none-any.whl - Mend

qontract-reconcile 0.10.1rc860py3-none-any.whl → 0.10.1rc862py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

{qontract_reconcile-0.10.1rc860.dist-info → qontract_reconcile-0.10.1rc862.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc860
+Version: 0.10.1rc862
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc860.dist-info → qontract_reconcile-0.10.1rc862.dist-info}/RECORD RENAMED Viewed

@@ -10,7 +10,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=F5s-i-OlL6RhqiYkEhXMaNLegiPazbS0ahEtRrO2LeE,104075
+reconcile/cli.py,sha256=1x1ZIR1wKgnGh799yPcV8IQD1RHyHwWlDg9Llh1diOw,104736
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=R2JuwiXAEYAFiCtnztM_IIr1rtVzPpaWAmgxuDa2FgY,4813
@@ -35,7 +35,7 @@ reconcile/gitlab_labeler.py,sha256=IxE1XM5o4rDOFuR4cM2yAHTy4Uzdg3Nyz2mp7b8Fx1g,4
 reconcile/gitlab_members.py,sha256=M6LwFOrwgvl1NNdOJa1mrQFUon-bEVv1AyhGeLed454,8443
 reconcile/gitlab_mr_sqs_consumer.py,sha256=O46mdziPgGOndbU-0_UJKJVUaiEoVzJPEgKm4_UvYoI,2571
 reconcile/gitlab_owners.py,sha256=sn9njaKOtqcvnhi2qtm-faAfAR4zNqflbSuusA9RUuI,13456
-reconcile/gitlab_permissions.py,sha256=K6Ta59c_Hib2DI5DnryiQbDNSOJTiY5B8cGy5a9xNkI,2199
+reconcile/gitlab_permissions.py,sha256=LcO5tVND3Rh-onU6WFh5ZWPCqZ-U4AVuFTZIs_bmPwA,3153
 reconcile/gitlab_projects.py,sha256=K3tFf_aD1W4Ijp5q-9Qek3kwFGEWPcZ1kd7tzFJ4GyQ,1781
 reconcile/integrations_manager.py,sha256=J_VV-HINI7YNav2NPIolePZkll-7VBuBXWAyMNhsM_Q,9535
 reconcile/jenkins_base.py,sha256=0Gocu3fU2YTltaxBlbDQOUvP-7CP2OSQV1ZRwtWeVXw,875
@@ -69,9 +69,10 @@ reconcile/openshift_limitranges.py,sha256=UvCGo_OQ4XoDK55TJmn55qEhhlkhLzhU12tX8n
 reconcile/openshift_namespace_labels.py,sha256=dLkQgtgsD51WtDHiQOc-lF2yaaFzkiUAZ7ueKUkg-ZM,15669
 reconcile/openshift_namespaces.py,sha256=nHW1e3dyUWw3JPAzeQeZQ6s2-RuQYaNR7_DUfTP8KOg,5830
 reconcile/openshift_network_policies.py,sha256=_qqv7yj17OM1J8KJPsFmzFZ85gzESJeBocC672z4_WU,4231
+reconcile/openshift_prometheus_rules.py,sha256=onowXab248zmHH8SbYDTc1W1bl7JiqRFU1xdTkZyLFg,1332
 reconcile/openshift_resourcequotas.py,sha256=yUi56PiOn3inMMfq_x_FEHmaW-reGipzoorjdar372g,2415
-reconcile/openshift_resources.py,sha256=WPnSTftrCCHaCDfwSD0CLvs-7GQqay5B7AtM6Swxy7c,1537
-reconcile/openshift_resources_base.py,sha256=1ItnO5hq31PnfvrLBxf30ln_keBZcRiLCKcHfmUhYrQ,40826
+reconcile/openshift_resources.py,sha256=I2nO_C37mG3rfyGrd4cGwN3mVseVGuTAHAyhFzLyqF4,1518
+reconcile/openshift_resources_base.py,sha256=_6jm84W3i9JjHs0Wue1p4cJkBYbHwBTvd5UIWPSLCsQ,40924
 reconcile/openshift_rolebindings.py,sha256=LlImloBisEqzc36jaatic-TeM3hzqMEfxogF-dM4Yhw,6599
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
 reconcile/openshift_saas_deploy.py,sha256=fmhopPEbyZsGQHRPzyzpKEvoBXEGN3aPxFi7Utq0emU,12788
@@ -500,6 +501,7 @@ reconcile/test/test_github_repo_invites.py,sha256=UVaDlxSxi5iooyUbz8F11d7cvINHLK
 reconcile/test/test_gitlab_housekeeping.py,sha256=Sn5rERCp28sMiBx5vJaQ5yy80y37GouMClejmXocsT8,10068
 reconcile/test/test_gitlab_labeler.py,sha256=vFLUJXSIaCduj6wSqgw7Fg7FhlopaDnYI5SLzNHtLoY,4362
 reconcile/test/test_gitlab_members.py,sha256=kaCOA02eZSrSMkzHmaLwWW3LY6Af0ciLSEP4PlMLvOU,9949
+reconcile/test/test_gitlab_permissions.py,sha256=FAKT7UuNAjxmke90P2cA-924_CGZ7Kp3JLTb6rmTseM,1965
 reconcile/test/test_instrumented_wrappers.py,sha256=CZzhnQH0c4i7-Rxjg7-0dfFMvVPegLHL46z5NHOOCwo,608
 reconcile/test/test_integrations_manager.py,sha256=l6KwSFT0NS9VSR-b_9z_ZEGXDWH3EMitUEMC_1h8Xkk,38184
 reconcile/test/test_jenkins_worker_fleets.py,sha256=o1jlT7OBBSgu0M3iI4xMdz_x6SciF7yhNBpLk5gTJfg,2361
@@ -651,7 +653,7 @@ reconcile/utils/filtering.py,sha256=zZnHH0u0SaTDyzuFXZ_mREURGLvjEqQIQy4z-7QBVlc,
 reconcile/utils/git.py,sha256=BdxXFgQ1XOZpS-4qb3qMsKTCFDG8MlE26rv1jAhvCkM,1560
 reconcile/utils/git_secrets.py,sha256=0wGNL5mvDtVPRuu3vEQgld1Am64gIDJHtmu1_ZKxMAI,1973
 reconcile/utils/github_api.py,sha256=_bttNxYKeam_tLVe27L7O4gKqSn6CeyuFnJn8tSaUVY,2488
-reconcile/utils/gitlab_api.py,sha256=9C6oS98w1z-pDAAz5k9kgEvRO6r7hduHoOl7cufFr5s,27400
+reconcile/utils/gitlab_api.py,sha256=kGYNyx6pbF43rd6R3a3wcIGmATiqNUFJUUHP4sELgNI,29027
 reconcile/utils/gpg.py,sha256=EKG7_fdMv8BMlV5yUdPiqoTx-KrzmVSEAl2sLkaKwWI,1123
 reconcile/utils/gql.py,sha256=qMWj39ilJGV1YAeUvbqVYq6u9zxuPvZqxFLaLb6A-bA,14256
 reconcile/utils/grouping.py,sha256=kWKivD14eAkiDneH_VIl_XyUdcVVQgiaKA9sLsuD2dw,441
@@ -834,8 +836,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jrss,4941
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc860.dist-info/METADATA,sha256=4f-gD89LH7FTMjujTGPqMsutWxeDQjvCtGKYLLDvlKY,2273
-qontract_reconcile-0.10.1rc860.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc860.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc860.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc860.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc862.dist-info/METADATA,sha256=NyCtuFntbeQx8o2HfebLbLpZ_q3fqxZgXGUUgOY7h2Y,2273
+qontract_reconcile-0.10.1rc862.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc862.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc862.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc862.dist-info/RECORD,,

reconcile/cli.py CHANGED Viewed

@@ -1776,6 +1776,31 @@ def openshift_routes(
     )
+@integration.command(short_help="Manages OpenShift Prometheus Rules.")
+@threaded()
+@binary(["oc", "ssh"])
+@binary_version("oc", ["version", "--client"], OC_VERSION_REGEX, OC_VERSIONS)
+@internal()
+@use_jump_host()
+@cluster_name
+@namespace_name
+@click.pass_context
+def openshift_prometheus_rules(
+    ctx, thread_pool_size, internal, use_jump_host, cluster_name, namespace_name
+):
+    import reconcile.openshift_prometheus_rules
+    run_integration(
+        reconcile.openshift_prometheus_rules,
+        ctx.obj,
+        thread_pool_size,
+        internal,
+        use_jump_host,
+        cluster_name=cluster_name,
+        namespace_name=namespace_name,
+    )
 @integration.command(short_help="Configures the teams and members in Quay.")
 @click.pass_context
 def quay_membership(ctx):

reconcile/gitlab_permissions.py CHANGED Viewed

@@ -8,8 +8,10 @@ from reconcile import queries
 from reconcile.utils import batches
 from reconcile.utils.defer import defer
 from reconcile.utils.gitlab_api import GitLabApi
+from reconcile.utils.unleash import get_feature_toggle_state
 QONTRACT_INTEGRATION = "gitlab-permissions"
+APP_SRE_GROUP_NAME = "app-sre"
 PAGE_SIZE = 100
@@ -50,6 +52,19 @@ def run(dry_run, thread_pool_size=10, defer=None):
     if defer:
         defer(gl.cleanup)
     repos = queries.get_repos(server=gl.server, exclude_manage_permissions=True)
+    share_with_group_enabled = get_feature_toggle_state(
+        "gitlab-permissions-share-with-group",
+        default=False,
+    )
+    if share_with_group_enabled:
+        share_project_with_group(gl, repos, dry_run)
+    else:
+        share_project_with_group_members(gl, repos, thread_pool_size, dry_run)
+def share_project_with_group_members(
+    gl: GitLabApi, repos: list[str], thread_pool_size: int, dry_run: bool
+) -> None:
     app_sre = gl.get_app_sre_group_users()
     results = threaded.run(
         get_members_to_add, repos, thread_pool_size, gl=gl, app_sre=app_sre
@@ -61,6 +76,14 @@ def run(dry_run, thread_pool_size=10, defer=None):
             gl.add_project_member(m["repo"], m["user"])
+def share_project_with_group(gl: GitLabApi, repos: list[str], dry_run: bool) -> None:
+    group_id, shared_projects = gl.get_group_id_and_shared_projects(APP_SRE_GROUP_NAME)
+    shared_project_repos = {project["web_url"] for project in shared_projects}
+    repos_to_share = set(repos) - shared_project_repos
+    for repo in repos_to_share:
+        gl.share_project_with_group(repo_url=repo, group_id=group_id, dry_run=dry_run)
 def early_exit_desired_state(*args, **kwargs) -> dict[str, Any]:
     instance = queries.get_gitlab_instance()
     return {

reconcile/openshift_prometheus_rules.py ADDED Viewed

@@ -0,0 +1,43 @@
+from collections.abc import Iterable
+from typing import Any
+import reconcile.openshift_resources_base as orb
+from reconcile.utils.runtime.integration import DesiredStateShardConfig
+from reconcile.utils.semver_helper import make_semver
+QONTRACT_INTEGRATION = "openshift-prometheus-rules"
+QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
+PROVIDERS = ["prometheus-rule"]
+def run(
+    dry_run: bool,
+    thread_pool_size: int = 10,
+    internal: bool | None = None,
+    use_jump_host: bool = True,
+    cluster_name: Iterable[str] | None = None,
+    exclude_cluster: Iterable[str] | None = None,
+    namespace_name: str | None = None,
+) -> None:
+    orb.QONTRACT_INTEGRATION = QONTRACT_INTEGRATION
+    orb.QONTRACT_INTEGRATION_VERSION = QONTRACT_INTEGRATION_VERSION
+    orb.run(
+        dry_run=dry_run,
+        thread_pool_size=thread_pool_size,
+        internal=internal,
+        use_jump_host=use_jump_host,
+        providers=PROVIDERS,
+        cluster_name=cluster_name,
+        exclude_cluster=exclude_cluster,
+        namespace_name=namespace_name,
+        init_api_resources=True,
+    )
+def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
+    return orb.early_exit_desired_state(PROVIDERS)
+def desired_state_shard_config() -> DesiredStateShardConfig:
+    return orb.desired_state_shard_config()

reconcile/openshift_resources.py CHANGED Viewed

@@ -8,7 +8,7 @@ from reconcile.utils.semver_helper import make_semver
 QONTRACT_INTEGRATION = "openshift_resources"
 QONTRACT_INTEGRATION_VERSION = make_semver(1, 9, 3)
-PROVIDERS = ["resource", "resource-template", "prometheus-rule"]
+PROVIDERS = ["resource", "resource-template"]
 def run(

reconcile/openshift_resources_base.py CHANGED Viewed

@@ -835,6 +835,8 @@ def canonicalize_namespaces(
                 override = ["Secret"]
             elif providers[0] == "route":
                 override = ["Route"]
+            elif providers[0] == "prometheus-rule":
+                override = ["PrometheusRule"]
             namespace_info["openshiftResources"] = ors
             canonicalized_namespaces.append(namespace_info)

reconcile/test/test_gitlab_permissions.py ADDED Viewed

@@ -0,0 +1,57 @@
+from unittest.mock import MagicMock, create_autospec
+import pytest
+from gitlab.v4.objects import CurrentUser, GroupMember
+from pytest_mock import MockerFixture
+from reconcile import gitlab_permissions
+from reconcile.utils.gitlab_api import GitLabApi
+@pytest.fixture()
+def mocked_queries(mocker: MockerFixture) -> MagicMock:
+    queries = mocker.patch("reconcile.gitlab_permissions.queries")
+    queries.get_gitlab_instance.return_value = {}
+    queries.get_app_interface_settings.return_value = {}
+    queries.get_repos.return_value = ["https://test-gitlab.com"]
+    return queries
+@pytest.fixture()
+def mocked_gl() -> MagicMock:
+    gl = create_autospec(GitLabApi)
+    gl.server = "test_server"
+    gl.user = create_autospec(CurrentUser)
+    gl.user.username = "test_name"
+    return gl
+def test_run_share_with_members(
+    mocked_queries: MagicMock, mocker: MockerFixture, mocked_gl: MagicMock
+) -> None:
+    mocker.patch("reconcile.gitlab_permissions.GitLabApi").return_value = mocked_gl
+    mocked_gl.get_app_sre_group_users.return_value = [
+        create_autospec(GroupMember, id=123, username="test_name2")
+    ]
+    mocker.patch(
+        "reconcile.gitlab_permissions.get_feature_toggle_state"
+    ).return_value = False
+    mocked_gl.get_project_maintainers.return_value = ["test_name"]
+    gitlab_permissions.run(False, thread_pool_size=1)
+    mocked_gl.add_project_member.assert_called_once()
+def test_run_share_with_group(
+    mocked_queries: MagicMock, mocker: MockerFixture, mocked_gl: MagicMock
+) -> None:
+    mocker.patch("reconcile.gitlab_permissions.GitLabApi").return_value = mocked_gl
+    mocker.patch(
+        "reconcile.gitlab_permissions.get_feature_toggle_state"
+    ).return_value = True
+    mocked_gl.get_group_id_and_shared_projects.return_value = (
+        1234,
+        [{"web_url": "https://test.com"}],
+    )
+    gitlab_permissions.run(False, thread_pool_size=1)
+    mocked_gl.share_project_with_group.assert_called_once()

reconcile/utils/gitlab_api.py CHANGED Viewed

@@ -19,6 +19,13 @@ from urllib.parse import urlparse
 import gitlab
 import urllib3
+from gitlab.const import (
+    DEVELOPER_ACCESS,
+    GUEST_ACCESS,
+    MAINTAINER_ACCESS,
+    OWNER_ACCESS,
+    REPORTER_ACCESS,
+)
 from gitlab.v4.objects import (
     CurrentUser,
     Group,
@@ -250,6 +257,46 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         except gitlab.exceptions.GitlabGetError:
             return None
+    def share_project_with_group(
+        self, repo_url: str, group_id: int, dry_run: bool, access: str = "maintainer"
+    ) -> None:
+        project = self.get_project(repo_url)
+        if project is None:
+            return None
+        access_level = self.get_access_level(access)
+        # check if we have 'access_level' access so we can  add the group with same role.
+        members = self.get_items(
+            project.members.all, query_parameters={"user_ids": self.user.id}
+        )
+        if not any(
+            self.user.id == member.id and member.access_level >= access_level
+            for member in members
+        ):
+            logging.error(
+                "%s is not shared with %s as %s",
+                repo_url,
+                self.user.username,
+                access,
+            )
+            return None
+        logging.info(["add_group_as_maintainer", repo_url, group_id])
+        if not dry_run:
+            gitlab_request.labels(integration=INTEGRATION_NAME).inc()
+            project.share(group_id, access_level)
+    def get_group_id_and_shared_projects(
+        self, group_name: str
+    ) -> tuple[int, list[dict]]:
+        gitlab_request.labels(integration=INTEGRATION_NAME).inc()
+        group = self.gl.groups.get(group_name)
+        return group.id, [
+            project
+            for project in group.shared_projects
+            for shared_group in project["shared_with_groups"]
+            if shared_group["group_id"] == group.id
+            and shared_group["group_access_level"] >= MAINTAINER_ACCESS
+        ]
     @staticmethod
     def _is_bot_username(username: str) -> bool:
         """crudely checking for the username
@@ -331,30 +378,30 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
     @staticmethod
     def get_access_level_string(access_level):
-        if access_level == gitlab.OWNER_ACCESS:
+        if access_level == OWNER_ACCESS:
             return "owner"
-        if access_level == gitlab.MAINTAINER_ACCESS:
+        if access_level == MAINTAINER_ACCESS:
             return "maintainer"
-        if access_level == gitlab.DEVELOPER_ACCESS:
+        if access_level == DEVELOPER_ACCESS:
             return "developer"
-        if access_level == gitlab.REPORTER_ACCESS:
+        if access_level == REPORTER_ACCESS:
             return "reporter"
-        if access_level == gitlab.GUEST_ACCESS:
+        if access_level == GUEST_ACCESS:
             return "guest"
     @staticmethod
     def get_access_level(access):
         access = access.lower()
         if access == "owner":
-            return gitlab.OWNER_ACCESS
+            return OWNER_ACCESS
         if access == "maintainer":
-            return gitlab.MAINTAINER_ACCESS
+            return MAINTAINER_ACCESS
         if access == "developer":
-            return gitlab.DEVELOPER_ACCESS
+            return DEVELOPER_ACCESS
         if access == "reporter":
-            return gitlab.REPORTER_ACCESS
+            return REPORTER_ACCESS
         if access == "guest":
-            return gitlab.GUEST_ACCESS
+            return GUEST_ACCESS
     def get_group_id_and_projects(self, group_name: str) -> tuple[str, list[str]]:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()

{qontract_reconcile-0.10.1rc860.dist-info → qontract_reconcile-0.10.1rc862.dist-info}/WHEEL RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc860.dist-info → qontract_reconcile-0.10.1rc862.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc860.dist-info → qontract_reconcile-0.10.1rc862.dist-info}/top_level.txt RENAMED Viewed

File without changes

qontract-reconcile 0.10.1rc860__py3-none-any.whl → 0.10.1rc862__py3-none-any.whl

qontract-reconcile 0.10.1rc860py3-none-any.whl → 0.10.1rc862py3-none-any.whl