qontract-reconcile 0.10.1rc996__py3-none-any.whl → 0.10.1rc997__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/METADATA +1 -1
- {qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/RECORD +6 -6
- reconcile/external_resources/secrets_sync.py +41 -12
- {qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/WHEEL +0 -0
- {qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/entry_points.txt +0 -0
- {qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/top_level.txt +0 -0
{qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: qontract-reconcile
|
|
3
|
-
Version: 0.10.
|
|
3
|
+
Version: 0.10.1rc997
|
|
4
4
|
Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
|
|
5
5
|
Home-page: https://github.com/app-sre/qontract-reconcile
|
|
6
6
|
Author: Red Hat App-SRE Team
|
{qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/RECORD
RENAMED
|
@@ -194,7 +194,7 @@ reconcile/external_resources/meta.py,sha256=cMT9OsKcUY26qwEjlQ02EkorvOBNqWj0JVMw
|
|
|
194
194
|
reconcile/external_resources/metrics.py,sha256=m2TIOao2N7pD6k45driFbBGVCC_N7ai44m-lLPfa5qk,454
|
|
195
195
|
reconcile/external_resources/model.py,sha256=oXxJkjhV53lwwAuxUCBrjJ8aCJmQdgcKWv68ugJPK4k,7229
|
|
196
196
|
reconcile/external_resources/reconciler.py,sha256=E50X_lnOD0OWYXMzyZld1P6dCFJFYjHGyICWff9bxlc,9323
|
|
197
|
-
reconcile/external_resources/secrets_sync.py,sha256=
|
|
197
|
+
reconcile/external_resources/secrets_sync.py,sha256=6n0oDPLjd9Ql0lf6zsr1AZw8A6EEe3yCzl20XodtgkE,16229
|
|
198
198
|
reconcile/external_resources/state.py,sha256=bWq51xPK4-BHVXWsRu6Y-vn69yg9Dse4x1RNNF7qw84,9614
|
|
199
199
|
reconcile/glitchtip/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
200
200
|
reconcile/glitchtip/integration.py,sha256=XtewM9nfTPLnPSpYebP50GrveYOnhTvKNq3seSvL6u8,8343
|
|
@@ -854,8 +854,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
|
|
|
854
854
|
tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
|
|
855
855
|
tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
|
|
856
856
|
tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
|
|
857
|
-
qontract_reconcile-0.10.
|
|
858
|
-
qontract_reconcile-0.10.
|
|
859
|
-
qontract_reconcile-0.10.
|
|
860
|
-
qontract_reconcile-0.10.
|
|
861
|
-
qontract_reconcile-0.10.
|
|
857
|
+
qontract_reconcile-0.10.1rc997.dist-info/METADATA,sha256=zxGaYZt6G_4RJZBpfsYs23oXou1bP0MNIEkxLY83WxA,2262
|
|
858
|
+
qontract_reconcile-0.10.1rc997.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
|
|
859
|
+
qontract_reconcile-0.10.1rc997.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
|
|
860
|
+
qontract_reconcile-0.10.1rc997.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
|
|
861
|
+
qontract_reconcile-0.10.1rc997.dist-info/RECORD,,
|
|
@@ -95,6 +95,43 @@ class SecretHelper:
|
|
|
95
95
|
return three_way_diff_using_hash(cmp_current, cmp_desired)
|
|
96
96
|
|
|
97
97
|
|
|
98
|
+
class OutputSecretsFormatter:
|
|
99
|
+
"""Class to format Module output keys/values into suitable values for K8s Secrets. It currently implements the same
|
|
100
|
+
behavior as Terraform-Resources."""
|
|
101
|
+
|
|
102
|
+
def __init__(self, secret_reader: SecretReaderBase) -> None:
|
|
103
|
+
self.secret_reader = secret_reader
|
|
104
|
+
|
|
105
|
+
def _key_must_be_populated(self, key: str) -> bool:
|
|
106
|
+
"Only keys containing '__' must be populated to Secrets"
|
|
107
|
+
return "__" in key
|
|
108
|
+
|
|
109
|
+
def _format_key(self, key: str) -> str:
|
|
110
|
+
if "__" not in key:
|
|
111
|
+
return key
|
|
112
|
+
k_split = key.split("__")
|
|
113
|
+
output_key = k_split[1]
|
|
114
|
+
if output_key.startswith("db"):
|
|
115
|
+
output_key = output_key.replace("db_", "db.")
|
|
116
|
+
return output_key
|
|
117
|
+
|
|
118
|
+
def _format_value(self, value: str) -> str:
|
|
119
|
+
decoded_value = base64.b64decode(value).decode("utf-8")
|
|
120
|
+
if decoded_value.startswith("__vault__:"):
|
|
121
|
+
_secret_ref = json.loads(decoded_value.replace("__vault__:", ""))
|
|
122
|
+
secret_ref = VaultSecret(**_secret_ref)
|
|
123
|
+
return self.secret_reader.read_secret(secret_ref)
|
|
124
|
+
else:
|
|
125
|
+
return decoded_value
|
|
126
|
+
|
|
127
|
+
def format(self, data: Mapping[str, str]) -> dict[str, str]:
|
|
128
|
+
return {
|
|
129
|
+
self._format_key(key): self._format_value(value)
|
|
130
|
+
for key, value in data.items()
|
|
131
|
+
if self._key_must_be_populated(key)
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
|
|
98
135
|
class SecretsReconciler:
|
|
99
136
|
def __init__(
|
|
100
137
|
self,
|
|
@@ -281,6 +318,7 @@ class InClusterSecretsReconciler(SecretsReconciler):
|
|
|
281
318
|
cluster: str,
|
|
282
319
|
namespace: str,
|
|
283
320
|
oc: OCCli,
|
|
321
|
+
output_secrets_formatter: OutputSecretsFormatter,
|
|
284
322
|
thread_pool_size: int,
|
|
285
323
|
dry_run: bool,
|
|
286
324
|
):
|
|
@@ -292,6 +330,7 @@ class InClusterSecretsReconciler(SecretsReconciler):
|
|
|
292
330
|
self.source_secrets: list[str] = []
|
|
293
331
|
self.vault_client = vault_client
|
|
294
332
|
self.vault_path = vault_path
|
|
333
|
+
self.output_secrets_formatter = output_secrets_formatter
|
|
295
334
|
|
|
296
335
|
def _get_spec_hash(self, spec: ExternalResourceSpec) -> str:
|
|
297
336
|
secret_key = f"{spec.provision_provider}-{spec.provisioner_name}-{spec.provider}-{spec.identifier}"
|
|
@@ -313,21 +352,10 @@ class InClusterSecretsReconciler(SecretsReconciler):
|
|
|
313
352
|
for secret in secrets:
|
|
314
353
|
secret_name = secret["metadata"]["name"]
|
|
315
354
|
spec = secrets_map[secret_name]
|
|
316
|
-
|
|
317
|
-
for k, v in secret["data"].items():
|
|
318
|
-
decoded = base64.b64decode(v).decode("utf-8")
|
|
319
|
-
|
|
320
|
-
if decoded.startswith("__vault__:"):
|
|
321
|
-
_secret_ref = json.loads(decoded.replace("__vault__:", ""))
|
|
322
|
-
secret_ref = VaultSecret(**_secret_ref)
|
|
323
|
-
data[k] = self.secrets_reader.read_secret(secret_ref)
|
|
324
|
-
else:
|
|
325
|
-
data[k] = decoded
|
|
326
|
-
|
|
355
|
+
spec.secret = self.output_secrets_formatter.format(secret["data"])
|
|
327
356
|
spec.metadata[SECRET_UPDATED_AT] = datetime.now(UTC).strftime(
|
|
328
357
|
SECRET_UPDATED_AT_TIMEFORMAT
|
|
329
358
|
)
|
|
330
|
-
spec.secret = data
|
|
331
359
|
|
|
332
360
|
def _delete_source_secret(self, spec: ExternalResourceSpec) -> None:
|
|
333
361
|
secret_name = self._get_spec_outputs_secret_name(spec)
|
|
@@ -396,6 +424,7 @@ def build_incluster_secrets_reconciler(
|
|
|
396
424
|
vault_path=vault_path,
|
|
397
425
|
vault_client=VaultClient(),
|
|
398
426
|
secrets_reader=secrets_reader,
|
|
427
|
+
output_secrets_formatter=OutputSecretsFormatter(secrets_reader),
|
|
399
428
|
thread_pool_size=thread_pool_size,
|
|
400
429
|
dry_run=dry_run,
|
|
401
430
|
)
|
|
File without changes
|
|
File without changes
|
{qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc997.dist-info}/top_level.txt
RENAMED
|
File without changes
|