qontract-reconcile 0.10.1rc877__py3-none-any.whl → 0.10.1rc879__py3-none-any.whl

{qontract_reconcile-0.10.1rc877.dist-info → qontract_reconcile-0.10.1rc879.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc877
+Version: 0.10.1rc879
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc877.dist-info → qontract_reconcile-0.10.1rc879.dist-info}/RECORD

@@ -258,8 +258,8 @@ reconcile/gql_definitions/common/pgp_reencryption_settings.py,sha256=NPLmO6J-zSu
 reconcile/gql_definitions/common/pipeline_providers.py,sha256=JJgmmghqLIwjKOdcWYHPnf4PDgAq4GF7046i0ozrqgI,9127
 reconcile/gql_definitions/common/quay_instances.py,sha256=toBkdYYVTmEafezAHZKgaW-mQ29xEW6jeronzsAlNyI,1786
 reconcile/gql_definitions/common/reserved_networks.py,sha256=yP9qSQCaSQcva-ZgTnZp09qH27ur5_qK080ToIs04MY,2560
-reconcile/gql_definitions/common/saas_files.py,sha256=0F1dXJo7B37S2i5RQSvISOQOBlu2U2ue1rRsK5SZ4VU,16005
-reconcile/gql_definitions/common/saas_target_namespaces.py,sha256=gcTU9jrsNq9-HX-oOkj-nEZKYFTRytDHLs4SpEs93aw,2755
+reconcile/gql_definitions/common/saas_files.py,sha256=8JoysSi-lAjsdGKTK3YBTBPYy95B47guXzfp71JHh1I,16516
+reconcile/gql_definitions/common/saas_target_namespaces.py,sha256=4VYP2VbwY8WVwtSFk2-jsUNhSmRD3X4FWKxetOKvmd0,2835
 reconcile/gql_definitions/common/saasherder_settings.py,sha256=nqQLcMwYxLseqq0BEcVvmrpIj2eQq0h8XDSpLN6GGCw,1793
 reconcile/gql_definitions/common/slack_workspaces.py,sha256=2o0kgi4QiaRuNmZJnc_By4F6NsKIdRaXkrufRQw7Nok,1753
 reconcile/gql_definitions/common/smtp_client_settings.py,sha256=JU6t6D-Qj-z1gLlgUiHKe0W7AxWQdty9jlv-ig_43tM,2248
@@ -299,7 +299,7 @@ reconcile/gql_definitions/fragments/prometheus_instance.py,sha256=12ltnV9kdEw6Ln
 reconcile/gql_definitions/fragments/resource_limits_requirements.py,sha256=ucskQ_a8RxvFl5-IWxz5kk3g4-5Pvh_W4N3nLmuKxi0,744
 reconcile/gql_definitions/fragments/resource_requests_requirements.py,sha256=TFKO4YALFPanSvZvIJFz0dCioBU7i73Q6hkDtGMvs9I,736
 reconcile/gql_definitions/fragments/resource_values.py,sha256=-N2lNRhWp8PgocmIeX3U9f3l90Q97N2lXoq1pXdb_LE,742
-reconcile/gql_definitions/fragments/saas_target_namespace.py,sha256=y4hA73Vchi3I1UW94r7CmecZe6KoHkCMEVuoiAF2xnc,3660
+reconcile/gql_definitions/fragments/saas_target_namespace.py,sha256=8kMXeD7u2bmdjn10zHmMJ80ScOhUp6KqSfWfjWZW-40,4001
 reconcile/gql_definitions/fragments/terraform_state.py,sha256=S5QuTR9YlvUObiU7hevS9ybxZEssWoRGqCR9YtGwePs,1024
 reconcile/gql_definitions/fragments/upgrade_policy.py,sha256=cVza8zfra1E3yBsHiS-hKbys17fvv572GFnKshJjluE,1246
 reconcile/gql_definitions/fragments/user.py,sha256=84RGYYSYnZmyrwHlCX89-EgAu7UaLFOTMQXobmHCfz8,939
@@ -535,7 +535,7 @@ reconcile/test/test_quay_repos.py,sha256=TdkcRF_a8PLp01Kti9eZZN-vGup2yPBT4Iba3k0
 reconcile/test/test_queries.py,sha256=SpH3RmNpBjEr_ne3VjAMCgKK8RE1z1zo7bypkT5uoO4,1946
 reconcile/test/test_repo_owners.py,sha256=uRYMLbMmh-9usF0TerabZTZV-Z1CS4I6ybT-LQqCLe8,1423
 reconcile/test/test_requests_sender.py,sha256=7fd9C2kEFS0-CYtlsif66N1kO9c44pzuBPAJKR9igqU,5385
-reconcile/test/test_saasherder.py,sha256=QFX6JrPCpB9jS-K_VleIjTf6NaF8NDa4UwddXXo1yPk,52127
+reconcile/test/test_saasherder.py,sha256=C2vwkdjk2cccS14GML2ByG8WKcRP8wgTJfzwaEUKdtw,54603
 reconcile/test/test_saasherder_allowed_secret_paths.py,sha256=5NHQwNJO66at6HiyMZ5sVRTQDwxdvlOQo0KmkBWCw5Q,4853
 reconcile/test/test_secret_reader.py,sha256=kz7nzcPjvA08cytnvcA_PMA98AEyqJWsESkYeRn5xCk,4994
 reconcile/test/test_slack_base.py,sha256=gpbWOLNxMMX6fyAbs1JakhLTnwfedb3f7WpUae4tQZE,5060
@@ -787,9 +787,9 @@ reconcile/utils/runtime/meta.py,sha256=X44HzyXIBprf3zcsGr2XLCgoeFkz6r3U2nlFXM1H7
 reconcile/utils/runtime/runner.py,sha256=72cc-I6yXyPov8UCLHpyERRy1eiMLpGite2roO0yUlo,7979
 reconcile/utils/runtime/sharding.py,sha256=roCdbnBklhTK_g34zbgQYqzpKPaNQ8J6Xd9XLO9-t6Q,16258
 reconcile/utils/saasherder/__init__.py,sha256=J3MBZBFa5YmhqYm08QsjBXz8mFcVOCiOCkyIcw41t7E,343
-reconcile/utils/saasherder/interfaces.py,sha256=Tte-BAJ71FZF1J_ADay1UVIxLCJZcbefq4SRua4mn5w,9141
-reconcile/utils/saasherder/models.py,sha256=XiAb9pSmTxaNFa3XqNNfe1JxlGgTqsmd1nLi17iIV_g,5566
-reconcile/utils/saasherder/saasherder.py,sha256=kPYklRU9hPcdg573QQ0OoaXYG26t_v5COAz62QVPS3c,86883
+reconcile/utils/saasherder/interfaces.py,sha256=UG3O5zuamNrP1bgbfhQAtNfN_8W9_iSv7UBESnR-mXE,9363
+reconcile/utils/saasherder/models.py,sha256=iLQZGXMx4FYnK62MJKkVp1T32BpsZ88NOcU7RW0WyAk,5579
+reconcile/utils/saasherder/saasherder.py,sha256=boCEscTR7Vu6Zjjd7pJIQDO5B_gYiOljwgBa_KDUVLM,88141
 reconcile/utils/terraform/__init__.py,sha256=zNbiyTWo35AT1sFTElL2j_AA0jJ_yWE_bfFn-nD2xik,250
 reconcile/utils/terraform/config.py,sha256=5UVrd563TMcvi4ooa5JvWVDW1I3bIWg484u79evfV_8,164
 reconcile/utils/terraform/config_client.py,sha256=py-Ree-QUYD6Hvng6bM40VgSuttteehIKNgwOSoJO1o,4706
@@ -837,8 +837,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jrss,4941
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc877.dist-info/METADATA,sha256=eGK-obD-y6Kqjiz2fI4n5OefUFpshM_OXDvIMLxVkxw,2273
-qontract_reconcile-0.10.1rc877.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc877.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc877.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc877.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc879.dist-info/METADATA,sha256=4h4jN56Q5GugfmWXxRkczGqc0xzefD2xu-AnO3BlsBc,2273
+qontract_reconcile-0.10.1rc879.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc879.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc879.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc879.dist-info/RECORD,,

reconcile/gql_definitions/common/saas_files.py

@@ -82,6 +82,11 @@ fragment SaasTargetNamespace on Namespace_v1 {
       name
       email
     }
+    codeComponents {
+      url
+      blockedVersions
+      hotfixVersions
+    }
   }
   cluster {
     name
@@ -137,6 +142,11 @@ query SaasFiles {
         name
         email
       }
+      codeComponents {
+        url
+        blockedVersions
+        hotfixVersions
+      }
     }
     pipelinesProvider {
       name
@@ -320,11 +330,18 @@ class OwnerV1(ConfiguredBaseModel):
     email: str = Field(..., alias="email")
 
 
+class AppCodeComponentsV1(ConfiguredBaseModel):
+    url: str = Field(..., alias="url")
+    blocked_versions: Optional[list[str]] = Field(..., alias="blockedVersions")
+    hotfix_versions: Optional[list[str]] = Field(..., alias="hotfixVersions")
+
+
 class AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     parent_app: Optional[AppV1_AppV1] = Field(..., alias="parentApp")
     self_service_roles: Optional[list[RoleV1]] = Field(..., alias="selfServiceRoles")
     service_owners: Optional[list[OwnerV1]] = Field(..., alias="serviceOwners")
+    code_components: Optional[list[AppCodeComponentsV1]] = Field(..., alias="codeComponents")
 
 
 class PipelinesProviderV1(ConfiguredBaseModel):

reconcile/gql_definitions/common/saas_target_namespaces.py

@@ -61,6 +61,11 @@ fragment SaasTargetNamespace on Namespace_v1 {
       name
       email
     }
+    codeComponents {
+      url
+      blockedVersions
+      hotfixVersions
+    }
   }
   cluster {
     name

reconcile/gql_definitions/fragments/saas_target_namespace.py

@@ -52,12 +52,19 @@ class OwnerV1(ConfiguredBaseModel):
     email: str = Field(..., alias="email")
 
 
+class AppCodeComponentsV1(ConfiguredBaseModel):
+    url: str = Field(..., alias="url")
+    blocked_versions: Optional[list[str]] = Field(..., alias="blockedVersions")
+    hotfix_versions: Optional[list[str]] = Field(..., alias="hotfixVersions")
+
+
 class AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     parent_app: Optional[AppV1_AppV1] = Field(..., alias="parentApp")
     labels: Optional[Json] = Field(..., alias="labels")
     self_service_roles: Optional[list[RoleV1]] = Field(..., alias="selfServiceRoles")
     service_owners: Optional[list[OwnerV1]] = Field(..., alias="serviceOwners")
+    code_components: Optional[list[AppCodeComponentsV1]] = Field(..., alias="codeComponents")
 
 
 class DisableClusterAutomationsV1(ConfiguredBaseModel):

reconcile/test/test_saasherder.py

@@ -33,9 +33,12 @@ from reconcile.typed_queries.saas_files import (
 )
 from reconcile.utils.jjb_client import JJB
 from reconcile.utils.openshift_resource import ResourceInventory
+from reconcile.utils.promotion_state import PromotionData
 from reconcile.utils.saasherder import SaasHerder
 from reconcile.utils.saasherder.interfaces import SaasFile as SaasFileInterface
 from reconcile.utils.saasherder.models import (
+    Channel,
+    Promotion,
     TriggerSpecContainerImage,
     TriggerSpecMovingCommit,
     TriggerSpecUpstreamJob,
@@ -1350,6 +1353,65 @@ class TestRemoveNoneAttributes(TestCase):
         self.assertEqual(res, expected)
 
 
+@pytest.mark.usefixtures("inject_gql_class_factory")
+class TestPromotionBlockedHoxfixVersions(TestCase):
+    def setUp(self) -> None:
+        self.saas_file = self.gql_class_factory(  # type: ignore[attr-defined] # it's set in the fixture
+            SaasFile,
+            Fixtures("saasherder").get_anymarkup("saas.gql.yml"),
+        )
+        self.state_patcher = patch("reconcile.utils.state.State", autospec=True)
+        self.state_mock = self.state_patcher.start().return_value
+        self.saasherder = SaasHerder(
+            [self.saas_file],
+            secret_reader=MockSecretReader(),
+            thread_pool_size=1,
+            state=self.state_mock,
+            integration="",
+            integration_version="",
+            hash_length=7,
+            repo_url="https://repo-url.com",
+        )
+        self.promotion_state_patcher = patch(
+            "reconcile.utils.promotion_state.PromotionState", autospec=True
+        )
+        self.promotion_state_mock = self.promotion_state_patcher.start().return_value
+        self.saasherder._promotion_state = self.promotion_state_mock
+
+    def tearDown(self) -> None:
+        self.state_patcher.stop()
+        self.promotion_state_patcher.stop()
+
+    def test_blocked_hotfix_version_promotion_validity(self) -> None:
+        code_component_url = "https://github.com/app-sre/test-saas-deployments"
+        hotfix_version = "1234567890123456789012345678901234567890"
+        # code_component = self.saas_file.app.code_components[0]
+        channel = Channel(
+            name="",
+            publisher_uids=[""],
+        )
+        promotion = Promotion(
+            url=code_component_url,
+            commit_sha=hotfix_version,
+            saas_file=self.saas_file.name,
+            target_config_hash="",
+            saas_target_uid="",
+            soak_days=0,
+            subscribe=[channel],
+        )
+        self.saasherder.promotions = [promotion]
+        self.promotion_state_mock.get_promotion_data.return_value = PromotionData(
+            success=False
+        )
+        self.assertFalse(self.saasherder.validate_promotions())
+
+        self.saasherder.hotfix_versions[code_component_url] = {hotfix_version}
+        self.assertTrue(self.saasherder.validate_promotions())
+
+        self.saasherder.blocked_versions[code_component_url] = {hotfix_version}
+        self.assertFalse(self.saasherder.validate_promotions())
+
+
 def test_render_templated_parameters(
     gql_class_factory: Callable[..., SaasFileInterface],
 ) -> None:

reconcile/utils/saasherder/interfaces.py

@@ -63,6 +63,9 @@ class SaasApp(Protocol):
     @property
     def service_owners(self) -> Optional[Sequence[SaasServiceOwner]]: ...
 
+    @property
+    def code_components(self) -> Optional[Sequence[AppCodeComponent]]: ...
+
 
 class SaasPipelinesProvider(Protocol):
     name: str
@@ -356,6 +359,12 @@ class SaasServiceOwner(Protocol):
     email: str
 
 
+class AppCodeComponent(Protocol):
+    url: str
+    blocked_versions: Optional[list[str]]
+    hotfix_versions: Optional[list[str]]
+
+
 SaasPipelinesProviders = Union[SaasPipelinesProviderTekton, SaasPipelinesProvider]
 
 

reconcile/utils/saasherder/models.py

@@ -175,6 +175,7 @@ class Channel(BaseModel):
 class Promotion(BaseModel):
     """Implementation of the SaasPromotion interface for saasherder and AutoPromoter."""
 
+    url: str
     commit_sha: str
     saas_file: str
     target_config_hash: str

reconcile/utils/saasherder/saasherder.py

@@ -150,6 +150,8 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
         self._promotion_state = PromotionState(state=state) if state else None
         self._channel_map = self._assemble_channels(saas_files=all_saas_files)
         self.images: set[str] = set()
+        self.blocked_versions = self._collect_blocked_versions()
+        self.hotfix_versions = self._collect_hotfix_versions()
 
         # each namespace is in fact a target,
         # so we can use it to calculate.
@@ -1057,6 +1059,7 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
                 self._channel_map[sub] for sub in target.promotion.subscribe or []
             ]
             target_promotion = Promotion(
+                url=url,
                 auto=target.promotion.auto,
                 publish=target.promotion.publish,
                 subscribe=channels,
@@ -1098,6 +1101,22 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
                         channel_map[publish].publisher_uids.append(publisher_uid)
         return channel_map
 
+    def _collect_blocked_versions(self) -> dict[str, set[str]]:
+        blocked_versions: dict[str, set[str]] = {}
+        for saas_file in self.saas_files:
+            for cc in saas_file.app.code_components or []:
+                for v in cc.blocked_versions or []:
+                    blocked_versions.setdefault(cc.url, set()).add(v)
+        return blocked_versions
+
+    def _collect_hotfix_versions(self) -> dict[str, set[str]]:
+        hotfix_versions: dict[str, set[str]] = {}
+        for saas_file in self.saas_files:
+            for cc in saas_file.app.code_components or []:
+                for v in cc.hotfix_versions or []:
+                    hotfix_versions.setdefault(cc.url, set()).add(v)
+        return hotfix_versions
+
     @staticmethod
     def _collect_images(resource: Resource) -> set[str]:
         images = set()
@@ -1889,6 +1908,14 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
         if not promotion.subscribe:
             return True
 
+        if promotion.commit_sha in self.blocked_versions.get(promotion.url, set()):
+            logging.error(f"Commit {promotion.commit_sha} is blocked!")
+            return False
+
+        # hotfix must run before further gates are evaluated to override them
+        if promotion.commit_sha in self.hotfix_versions.get(promotion.url, set()):
+            return True
+
         now = datetime.now(timezone.utc)
         passed_soak_days = timedelta(days=0)