PyPI - qontract-reconcile - Versions diffs - 0.10.1rc861__py3-none-any.whl → 0.10.1rc863__py3-none-any.whl - Mend

qontract-reconcile 0.10.1rc861py3-none-any.whl → 0.10.1rc863py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

{qontract_reconcile-0.10.1rc861.dist-info → qontract_reconcile-0.10.1rc863.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc861
+Version: 0.10.1rc863
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc861.dist-info → qontract_reconcile-0.10.1rc863.dist-info}/RECORD RENAMED Viewed

@@ -35,7 +35,7 @@ reconcile/gitlab_labeler.py,sha256=IxE1XM5o4rDOFuR4cM2yAHTy4Uzdg3Nyz2mp7b8Fx1g,4
 reconcile/gitlab_members.py,sha256=M6LwFOrwgvl1NNdOJa1mrQFUon-bEVv1AyhGeLed454,8443
 reconcile/gitlab_mr_sqs_consumer.py,sha256=O46mdziPgGOndbU-0_UJKJVUaiEoVzJPEgKm4_UvYoI,2571
 reconcile/gitlab_owners.py,sha256=sn9njaKOtqcvnhi2qtm-faAfAR4zNqflbSuusA9RUuI,13456
-reconcile/gitlab_permissions.py,sha256=K6Ta59c_Hib2DI5DnryiQbDNSOJTiY5B8cGy5a9xNkI,2199
+reconcile/gitlab_permissions.py,sha256=LcO5tVND3Rh-onU6WFh5ZWPCqZ-U4AVuFTZIs_bmPwA,3153
 reconcile/gitlab_projects.py,sha256=K3tFf_aD1W4Ijp5q-9Qek3kwFGEWPcZ1kd7tzFJ4GyQ,1781
 reconcile/integrations_manager.py,sha256=J_VV-HINI7YNav2NPIolePZkll-7VBuBXWAyMNhsM_Q,9535
 reconcile/jenkins_base.py,sha256=0Gocu3fU2YTltaxBlbDQOUvP-7CP2OSQV1ZRwtWeVXw,875
@@ -501,6 +501,7 @@ reconcile/test/test_github_repo_invites.py,sha256=UVaDlxSxi5iooyUbz8F11d7cvINHLK
 reconcile/test/test_gitlab_housekeeping.py,sha256=Sn5rERCp28sMiBx5vJaQ5yy80y37GouMClejmXocsT8,10068
 reconcile/test/test_gitlab_labeler.py,sha256=vFLUJXSIaCduj6wSqgw7Fg7FhlopaDnYI5SLzNHtLoY,4362
 reconcile/test/test_gitlab_members.py,sha256=kaCOA02eZSrSMkzHmaLwWW3LY6Af0ciLSEP4PlMLvOU,9949
+reconcile/test/test_gitlab_permissions.py,sha256=FAKT7UuNAjxmke90P2cA-924_CGZ7Kp3JLTb6rmTseM,1965
 reconcile/test/test_instrumented_wrappers.py,sha256=CZzhnQH0c4i7-Rxjg7-0dfFMvVPegLHL46z5NHOOCwo,608
 reconcile/test/test_integrations_manager.py,sha256=l6KwSFT0NS9VSR-b_9z_ZEGXDWH3EMitUEMC_1h8Xkk,38184
 reconcile/test/test_jenkins_worker_fleets.py,sha256=o1jlT7OBBSgu0M3iI4xMdz_x6SciF7yhNBpLk5gTJfg,2361
@@ -550,7 +551,7 @@ reconcile/test/test_terraform_tgw_attachments.py,sha256=rHZHUtDxewpKsRj3nfm2bZ2J
 reconcile/test/test_terraform_users.py,sha256=XOAfGvITCJPI1LTlISmHbA4ONMQMkxYUMTsny7pQCFw,4319
 reconcile/test/test_terraform_vpc_peerings.py,sha256=Btl0ym7NmO2QFST9Xviz4OO1RjJuhCp1Xhix5A3e_HQ,20822
 reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=7VAFVbjlnnUJoOkZ4ApDc1lHFj38Zj4yrbDKvWkqWXE,49545
-reconcile/test/test_three_way_diff_strategy.py,sha256=0QY2hzOrTVnQxDFbdOJBOIIHEKKOA5RmGftT0QXABeY,3697
+reconcile/test/test_three_way_diff_strategy.py,sha256=v3rNkQFNy5e1uyfeNSlNBA07fvrPGD0aXD91Lgv8oxc,4062
 reconcile/test/test_utils_jinja2.py,sha256=TpzQlpFnLGzNEZp5WOh0o7AuBiGEktqO4MuwiiJW2YY,3895
 reconcile/test/test_vault_replication.py,sha256=wlc4jm9f8P641UvvxIFFFc5_unJysNkOVrKJscjhQr0,16867
 reconcile/test/test_vault_utils.py,sha256=vbJnc89XAuE07qbTuWxHM5o9F6R9SO5aHXA38fwxT7A,1122
@@ -652,7 +653,7 @@ reconcile/utils/filtering.py,sha256=zZnHH0u0SaTDyzuFXZ_mREURGLvjEqQIQy4z-7QBVlc,
 reconcile/utils/git.py,sha256=BdxXFgQ1XOZpS-4qb3qMsKTCFDG8MlE26rv1jAhvCkM,1560
 reconcile/utils/git_secrets.py,sha256=0wGNL5mvDtVPRuu3vEQgld1Am64gIDJHtmu1_ZKxMAI,1973
 reconcile/utils/github_api.py,sha256=_bttNxYKeam_tLVe27L7O4gKqSn6CeyuFnJn8tSaUVY,2488
-reconcile/utils/gitlab_api.py,sha256=9C6oS98w1z-pDAAz5k9kgEvRO6r7hduHoOl7cufFr5s,27400
+reconcile/utils/gitlab_api.py,sha256=kGYNyx6pbF43rd6R3a3wcIGmATiqNUFJUUHP4sELgNI,29027
 reconcile/utils/gpg.py,sha256=EKG7_fdMv8BMlV5yUdPiqoTx-KrzmVSEAl2sLkaKwWI,1123
 reconcile/utils/gql.py,sha256=qMWj39ilJGV1YAeUvbqVYq6u9zxuPvZqxFLaLb6A-bA,14256
 reconcile/utils/grouping.py,sha256=kWKivD14eAkiDneH_VIl_XyUdcVVQgiaKA9sLsuD2dw,441
@@ -702,7 +703,7 @@ reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,35
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=mZEKpu6nbfiQd60wRkc8-5sljBTUTOgaAKnF89itMzU,32085
 reconcile/utils/terrascript_aws_client.py,sha256=msKley24-PiYt3lsPUNzKh2tpMj4MpGjF7lXFr0sBM0,276187
-reconcile/utils/three_way_diff_strategy.py,sha256=Jo0M42zvG_K6ygJOSAZZTAPxF2Fkr247O1YsmDbi0TA,4641
+reconcile/utils/three_way_diff_strategy.py,sha256=OniTnogBkdgy_7Xg51N1MgjS-Qtk8uM1ccjWaiXxiV8,4895
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/vault.py,sha256=AYGG5aDJ7CSVhTFdZowfEg3iSQWenoAt676aGjHQMX8,14978
 reconcile/utils/vaultsecretref.py,sha256=3Ed2uBy36TzSvL0B-l4FoWQqB2SbBKDKEuUPIO608Bo,931
@@ -835,8 +836,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jrss,4941
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc861.dist-info/METADATA,sha256=It9nMQuWCqX18i1qQ8klhL2EgIc89K-bhaa5wy9NeQ8,2273
-qontract_reconcile-0.10.1rc861.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc861.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc861.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc861.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc863.dist-info/METADATA,sha256=y5iyh4zPDNPYn2dGYtX6BC-ak-Fy21lC_RxGqXh0BjA,2273
+qontract_reconcile-0.10.1rc863.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc863.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc863.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc863.dist-info/RECORD,,

reconcile/gitlab_permissions.py CHANGED Viewed

@@ -8,8 +8,10 @@ from reconcile import queries
 from reconcile.utils import batches
 from reconcile.utils.defer import defer
 from reconcile.utils.gitlab_api import GitLabApi
+from reconcile.utils.unleash import get_feature_toggle_state
 QONTRACT_INTEGRATION = "gitlab-permissions"
+APP_SRE_GROUP_NAME = "app-sre"
 PAGE_SIZE = 100
@@ -50,6 +52,19 @@ def run(dry_run, thread_pool_size=10, defer=None):
     if defer:
         defer(gl.cleanup)
     repos = queries.get_repos(server=gl.server, exclude_manage_permissions=True)
+    share_with_group_enabled = get_feature_toggle_state(
+        "gitlab-permissions-share-with-group",
+        default=False,
+    )
+    if share_with_group_enabled:
+        share_project_with_group(gl, repos, dry_run)
+    else:
+        share_project_with_group_members(gl, repos, thread_pool_size, dry_run)
+def share_project_with_group_members(
+    gl: GitLabApi, repos: list[str], thread_pool_size: int, dry_run: bool
+) -> None:
     app_sre = gl.get_app_sre_group_users()
     results = threaded.run(
         get_members_to_add, repos, thread_pool_size, gl=gl, app_sre=app_sre
@@ -61,6 +76,14 @@ def run(dry_run, thread_pool_size=10, defer=None):
             gl.add_project_member(m["repo"], m["user"])
+def share_project_with_group(gl: GitLabApi, repos: list[str], dry_run: bool) -> None:
+    group_id, shared_projects = gl.get_group_id_and_shared_projects(APP_SRE_GROUP_NAME)
+    shared_project_repos = {project["web_url"] for project in shared_projects}
+    repos_to_share = set(repos) - shared_project_repos
+    for repo in repos_to_share:
+        gl.share_project_with_group(repo_url=repo, group_id=group_id, dry_run=dry_run)
 def early_exit_desired_state(*args, **kwargs) -> dict[str, Any]:
     instance = queries.get_gitlab_instance()
     return {

reconcile/test/test_gitlab_permissions.py ADDED Viewed

@@ -0,0 +1,57 @@
+from unittest.mock import MagicMock, create_autospec
+import pytest
+from gitlab.v4.objects import CurrentUser, GroupMember
+from pytest_mock import MockerFixture
+from reconcile import gitlab_permissions
+from reconcile.utils.gitlab_api import GitLabApi
+@pytest.fixture()
+def mocked_queries(mocker: MockerFixture) -> MagicMock:
+    queries = mocker.patch("reconcile.gitlab_permissions.queries")
+    queries.get_gitlab_instance.return_value = {}
+    queries.get_app_interface_settings.return_value = {}
+    queries.get_repos.return_value = ["https://test-gitlab.com"]
+    return queries
+@pytest.fixture()
+def mocked_gl() -> MagicMock:
+    gl = create_autospec(GitLabApi)
+    gl.server = "test_server"
+    gl.user = create_autospec(CurrentUser)
+    gl.user.username = "test_name"
+    return gl
+def test_run_share_with_members(
+    mocked_queries: MagicMock, mocker: MockerFixture, mocked_gl: MagicMock
+) -> None:
+    mocker.patch("reconcile.gitlab_permissions.GitLabApi").return_value = mocked_gl
+    mocked_gl.get_app_sre_group_users.return_value = [
+        create_autospec(GroupMember, id=123, username="test_name2")
+    ]
+    mocker.patch(
+        "reconcile.gitlab_permissions.get_feature_toggle_state"
+    ).return_value = False
+    mocked_gl.get_project_maintainers.return_value = ["test_name"]
+    gitlab_permissions.run(False, thread_pool_size=1)
+    mocked_gl.add_project_member.assert_called_once()
+def test_run_share_with_group(
+    mocked_queries: MagicMock, mocker: MockerFixture, mocked_gl: MagicMock
+) -> None:
+    mocker.patch("reconcile.gitlab_permissions.GitLabApi").return_value = mocked_gl
+    mocker.patch(
+        "reconcile.gitlab_permissions.get_feature_toggle_state"
+    ).return_value = True
+    mocked_gl.get_group_id_and_shared_projects.return_value = (
+        1234,
+        [{"web_url": "https://test.com"}],
+    )
+    gitlab_permissions.run(False, thread_pool_size=1)
+    mocked_gl.share_project_with_group.assert_called_once()

reconcile/test/test_three_way_diff_strategy.py CHANGED Viewed

@@ -119,3 +119,13 @@ def test_3wpd_diff_detects_missing_annotation(deployment):
     del c_item.body["metadata"]["annotations"]["new-annotation"]
     assert three_way_diff_using_hash(c_item, d_item) is False
+def test_3wpd_diff_detects_switch_integration(deployment):
+    d_item = OR(deployment, "same-integration", "")
+    deployment["metadata"]["annotations"]["qontract.integration"] = (
+        "different-integration"
+    )
+    c_item = OR(deployment, "same-integration", "").annotate(canonicalize=False)
+    assert three_way_diff_using_hash(c_item, d_item) is False

reconcile/utils/gitlab_api.py CHANGED Viewed

@@ -19,6 +19,13 @@ from urllib.parse import urlparse
 import gitlab
 import urllib3
+from gitlab.const import (
+    DEVELOPER_ACCESS,
+    GUEST_ACCESS,
+    MAINTAINER_ACCESS,
+    OWNER_ACCESS,
+    REPORTER_ACCESS,
+)
 from gitlab.v4.objects import (
     CurrentUser,
     Group,
@@ -250,6 +257,46 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         except gitlab.exceptions.GitlabGetError:
             return None
+    def share_project_with_group(
+        self, repo_url: str, group_id: int, dry_run: bool, access: str = "maintainer"
+    ) -> None:
+        project = self.get_project(repo_url)
+        if project is None:
+            return None
+        access_level = self.get_access_level(access)
+        # check if we have 'access_level' access so we can  add the group with same role.
+        members = self.get_items(
+            project.members.all, query_parameters={"user_ids": self.user.id}
+        )
+        if not any(
+            self.user.id == member.id and member.access_level >= access_level
+            for member in members
+        ):
+            logging.error(
+                "%s is not shared with %s as %s",
+                repo_url,
+                self.user.username,
+                access,
+            )
+            return None
+        logging.info(["add_group_as_maintainer", repo_url, group_id])
+        if not dry_run:
+            gitlab_request.labels(integration=INTEGRATION_NAME).inc()
+            project.share(group_id, access_level)
+    def get_group_id_and_shared_projects(
+        self, group_name: str
+    ) -> tuple[int, list[dict]]:
+        gitlab_request.labels(integration=INTEGRATION_NAME).inc()
+        group = self.gl.groups.get(group_name)
+        return group.id, [
+            project
+            for project in group.shared_projects
+            for shared_group in project["shared_with_groups"]
+            if shared_group["group_id"] == group.id
+            and shared_group["group_access_level"] >= MAINTAINER_ACCESS
+        ]
     @staticmethod
     def _is_bot_username(username: str) -> bool:
         """crudely checking for the username
@@ -331,30 +378,30 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
     @staticmethod
     def get_access_level_string(access_level):
-        if access_level == gitlab.OWNER_ACCESS:
+        if access_level == OWNER_ACCESS:
             return "owner"
-        if access_level == gitlab.MAINTAINER_ACCESS:
+        if access_level == MAINTAINER_ACCESS:
             return "maintainer"
-        if access_level == gitlab.DEVELOPER_ACCESS:
+        if access_level == DEVELOPER_ACCESS:
             return "developer"
-        if access_level == gitlab.REPORTER_ACCESS:
+        if access_level == REPORTER_ACCESS:
             return "reporter"
-        if access_level == gitlab.GUEST_ACCESS:
+        if access_level == GUEST_ACCESS:
             return "guest"
     @staticmethod
     def get_access_level(access):
         access = access.lower()
         if access == "owner":
-            return gitlab.OWNER_ACCESS
+            return OWNER_ACCESS
         if access == "maintainer":
-            return gitlab.MAINTAINER_ACCESS
+            return MAINTAINER_ACCESS
         if access == "developer":
-            return gitlab.DEVELOPER_ACCESS
+            return DEVELOPER_ACCESS
         if access == "reporter":
-            return gitlab.REPORTER_ACCESS
+            return REPORTER_ACCESS
         if access == "guest":
-            return gitlab.GUEST_ACCESS
+            return GUEST_ACCESS
     def get_group_id_and_projects(self, group_name: str) -> tuple[str, list[str]]:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()

reconcile/utils/three_way_diff_strategy.py CHANGED Viewed

@@ -131,6 +131,14 @@ def three_way_diff_using_hash(c_item: OR, d_item: OR) -> bool:
         logging.debug("Current object QR hash is missing -> Apply")
         return False
+    if (
+        c_item_integration := annotations["qontract.integration"]
+    ) != d_item.integration:
+        logging.info(
+            f"resource switching integration from {c_item_integration} to {d_item.integration}"
+        )
+        return False
     # Original object does not match Desired -> Apply
     # Current object hash is not recalculated!
     if c_item_sha256 != d_item.sha256sum():

{qontract_reconcile-0.10.1rc861.dist-info → qontract_reconcile-0.10.1rc863.dist-info}/WHEEL RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc861.dist-info → qontract_reconcile-0.10.1rc863.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{qontract_reconcile-0.10.1rc861.dist-info → qontract_reconcile-0.10.1rc863.dist-info}/top_level.txt RENAMED Viewed

File without changes

qontract-reconcile 0.10.1rc861__py3-none-any.whl → 0.10.1rc863__py3-none-any.whl

qontract-reconcile 0.10.1rc861py3-none-any.whl → 0.10.1rc863py3-none-any.whl