qontract-reconcile 0.10.1rc996__py3-none-any.whl → 0.10.1rc998__py3-none-any.whl

{qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc998.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc996
+Version: 0.10.1rc998
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc996.dist-info → qontract_reconcile-0.10.1rc998.dist-info}/RECORD

@@ -75,7 +75,7 @@ reconcile/openshift_resources.py,sha256=I2nO_C37mG3rfyGrd4cGwN3mVseVGuTAHAyhFzLy
 reconcile/openshift_resources_base.py,sha256=Seh4T8oA_JO-g0Z5TODDtL5cyRj-o7bmk6-eOmDAL4Q,40751
 reconcile/openshift_rolebindings.py,sha256=9mlJ2FjWUoH-rsjtasreA_hV-K5Z_YR00qR_RR60OZM,6555
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
-reconcile/openshift_saas_deploy.py,sha256=b6Og_SlQ-ptYvTBNycK4Z5yP9bbvMXiY39R90TfUfZU,12728
+reconcile/openshift_saas_deploy.py,sha256=UZlm29JujJVS3MzSm6uehlC3y-jZxl6WVwMeKRdN11U,12773
 reconcile/openshift_saas_deploy_change_tester.py,sha256=FfXrx_JloAlWeJVsJLIQPqFQ7OoBkaB2TgJJXlNZNCM,8796
 reconcile/openshift_saas_deploy_trigger_base.py,sha256=m7aqYEZUM-vr3EBw-hIbz1rHpXZNxs_BAJv3ndfvnAQ,14039
 reconcile/openshift_saas_deploy_trigger_cleaner.py,sha256=roLyVAVntaQptKaZbnN1LyLvCA8fyvqELfjU6M8xfeY,3511
@@ -194,7 +194,7 @@ reconcile/external_resources/meta.py,sha256=cMT9OsKcUY26qwEjlQ02EkorvOBNqWj0JVMw
 reconcile/external_resources/metrics.py,sha256=m2TIOao2N7pD6k45driFbBGVCC_N7ai44m-lLPfa5qk,454
 reconcile/external_resources/model.py,sha256=oXxJkjhV53lwwAuxUCBrjJ8aCJmQdgcKWv68ugJPK4k,7229
 reconcile/external_resources/reconciler.py,sha256=E50X_lnOD0OWYXMzyZld1P6dCFJFYjHGyICWff9bxlc,9323
-reconcile/external_resources/secrets_sync.py,sha256=WeoUANltYOjzr_Pn_pZ1ormGof9yRy2DiSB7LoPAQqM,15076
+reconcile/external_resources/secrets_sync.py,sha256=6n0oDPLjd9Ql0lf6zsr1AZw8A6EEe3yCzl20XodtgkE,16229
 reconcile/external_resources/state.py,sha256=bWq51xPK4-BHVXWsRu6Y-vn69yg9Dse4x1RNNF7qw84,9614
 reconcile/glitchtip/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/glitchtip/integration.py,sha256=XtewM9nfTPLnPSpYebP50GrveYOnhTvKNq3seSvL6u8,8343
@@ -261,7 +261,7 @@ reconcile/gql_definitions/common/pgp_reencryption_settings.py,sha256=NPLmO6J-zSu
 reconcile/gql_definitions/common/pipeline_providers.py,sha256=JJgmmghqLIwjKOdcWYHPnf4PDgAq4GF7046i0ozrqgI,9127
 reconcile/gql_definitions/common/quay_instances.py,sha256=toBkdYYVTmEafezAHZKgaW-mQ29xEW6jeronzsAlNyI,1786
 reconcile/gql_definitions/common/reserved_networks.py,sha256=yP9qSQCaSQcva-ZgTnZp09qH27ur5_qK080ToIs04MY,2560
-reconcile/gql_definitions/common/saas_files.py,sha256=O57zDNuEfW3MKWdqEjhHNIsvHmZdrQ9fn1TAeAcLivk,16594
+reconcile/gql_definitions/common/saas_files.py,sha256=JZdFKBygaZVxGwBUYMki9EbnsGdmfmxuAreMZ3dchwo,16702
 reconcile/gql_definitions/common/saas_target_namespaces.py,sha256=4VYP2VbwY8WVwtSFk2-jsUNhSmRD3X4FWKxetOKvmd0,2835
 reconcile/gql_definitions/common/saasherder_settings.py,sha256=nqQLcMwYxLseqq0BEcVvmrpIj2eQq0h8XDSpLN6GGCw,1793
 reconcile/gql_definitions/common/slack_workspaces.py,sha256=2o0kgi4QiaRuNmZJnc_By4F6NsKIdRaXkrufRQw7Nok,1753
@@ -618,7 +618,7 @@ reconcile/typed_queries/pagerduty_instances.py,sha256=zxCNxMak4iikryePaRi71lTADV
 reconcile/typed_queries/quay.py,sha256=OvkSDDbS3o4a4W5MqVxTAVmo47p5XegeoEVNiuqsevg,242
 reconcile/typed_queries/repos.py,sha256=8A93dKDt6igT4ClqMjt7YUTsoP4qh1Wnm0W3xsMgj48,824
 reconcile/typed_queries/reserved_networks.py,sha256=-f_CIrTn8u-dotj5VKFlAcD7TX1CSSuR7Ko2zC8OKEM,358
-reconcile/typed_queries/saas_files.py,sha256=IgXwDR3gfArCdmpPEEBXYDO7x-M_pwcEuKK-VbL2BEM,13931
+reconcile/typed_queries/saas_files.py,sha256=lPJNh5F2ThJUjW2zvsCKPLm2DVNBnbHFbzWByqTg2uM,14012
 reconcile/typed_queries/slack.py,sha256=r30lspctHloyygPn8_DVybxPwUWwiBpvBRRXiTVcQYk,251
 reconcile/typed_queries/slo_documents.py,sha256=l7H6Uq85EcvvWUgmi5c1YHeJGk60KN-TBmi8d0w-XyU,375
 reconcile/typed_queries/smtp.py,sha256=aSLglYa5bHKmlGwKkxq2RZqyMWuAf0a4S_mOuhDa084,542
@@ -803,7 +803,7 @@ reconcile/utils/runtime/sharding.py,sha256=r0ieUtNed7NvknSw6qQrCkKpVXE1shuHGnfFc
 reconcile/utils/saasherder/__init__.py,sha256=J3MBZBFa5YmhqYm08QsjBXz8mFcVOCiOCkyIcw41t7E,343
 reconcile/utils/saasherder/interfaces.py,sha256=C2wrw34OXypshVocAsPrVZsSHptgw4g9u7Haa2wulZQ,9087
 reconcile/utils/saasherder/models.py,sha256=z8ln03zi2a8cu716NcNUDHp8Dv1VcVbhqdWVxCl7x9A,10148
-reconcile/utils/saasherder/saasherder.py,sha256=sC48LMtbKW2Mhyql2VwTMEYHugCXI9imdz8yeYlq0dk,84729
+reconcile/utils/saasherder/saasherder.py,sha256=8yKSNuwLVJaJnOxGOHjhFaRqEmEbJxKqBj1-phI618o,84863
 reconcile/utils/terraform/__init__.py,sha256=zNbiyTWo35AT1sFTElL2j_AA0jJ_yWE_bfFn-nD2xik,250
 reconcile/utils/terraform/config.py,sha256=5UVrd563TMcvi4ooa5JvWVDW1I3bIWg484u79evfV_8,164
 reconcile/utils/terraform/config_client.py,sha256=gRL1rQ0AqvShei_rcGqC3HDYGskOFKE1nPrJyJE9yno,4676
@@ -854,8 +854,8 @@ tools/test/test_qontract_cli.py,sha256=_D61RFGAN5x44CY1tYbouhlGXXABwYfxKSWSQx3Jr
 tools/test/test_saas_promotion_state.py,sha256=dy4kkSSAQ7bC0Xp2CociETGN-2aABEfL6FU5D9Jl00Y,6056
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc996.dist-info/METADATA,sha256=1yk8ORxJ5XgceH637jz-GGaURn1NIRcEEF228Yd0_UM,2262
-qontract_reconcile-0.10.1rc996.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-qontract_reconcile-0.10.1rc996.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
-qontract_reconcile-0.10.1rc996.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc996.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc998.dist-info/METADATA,sha256=C-FKJi66DUTRsEPvxIam7tbqEn2MiaX4Of5mxG-eYhA,2262
+qontract_reconcile-0.10.1rc998.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+qontract_reconcile-0.10.1rc998.dist-info/entry_points.txt,sha256=GKQqCl2j2X1BJQ69een6rHcR26PmnxnONLNOQB-nRjY,491
+qontract_reconcile-0.10.1rc998.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc998.dist-info/RECORD,,

reconcile/external_resources/secrets_sync.py

@@ -95,6 +95,43 @@ class SecretHelper:
         return three_way_diff_using_hash(cmp_current, cmp_desired)
 
 
+class OutputSecretsFormatter:
+    """Class to format Module output keys/values into suitable values for K8s Secrets. It currently implements the same
+    behavior as Terraform-Resources."""
+
+    def __init__(self, secret_reader: SecretReaderBase) -> None:
+        self.secret_reader = secret_reader
+
+    def _key_must_be_populated(self, key: str) -> bool:
+        "Only keys containing '__' must be populated to Secrets"
+        return "__" in key
+
+    def _format_key(self, key: str) -> str:
+        if "__" not in key:
+            return key
+        k_split = key.split("__")
+        output_key = k_split[1]
+        if output_key.startswith("db"):
+            output_key = output_key.replace("db_", "db.")
+        return output_key
+
+    def _format_value(self, value: str) -> str:
+        decoded_value = base64.b64decode(value).decode("utf-8")
+        if decoded_value.startswith("__vault__:"):
+            _secret_ref = json.loads(decoded_value.replace("__vault__:", ""))
+            secret_ref = VaultSecret(**_secret_ref)
+            return self.secret_reader.read_secret(secret_ref)
+        else:
+            return decoded_value
+
+    def format(self, data: Mapping[str, str]) -> dict[str, str]:
+        return {
+            self._format_key(key): self._format_value(value)
+            for key, value in data.items()
+            if self._key_must_be_populated(key)
+        }
+
+
 class SecretsReconciler:
     def __init__(
         self,
@@ -281,6 +318,7 @@ class InClusterSecretsReconciler(SecretsReconciler):
         cluster: str,
         namespace: str,
         oc: OCCli,
+        output_secrets_formatter: OutputSecretsFormatter,
         thread_pool_size: int,
         dry_run: bool,
     ):
@@ -292,6 +330,7 @@ class InClusterSecretsReconciler(SecretsReconciler):
         self.source_secrets: list[str] = []
         self.vault_client = vault_client
         self.vault_path = vault_path
+        self.output_secrets_formatter = output_secrets_formatter
 
     def _get_spec_hash(self, spec: ExternalResourceSpec) -> str:
         secret_key = f"{spec.provision_provider}-{spec.provisioner_name}-{spec.provider}-{spec.identifier}"
@@ -313,21 +352,10 @@ class InClusterSecretsReconciler(SecretsReconciler):
         for secret in secrets:
             secret_name = secret["metadata"]["name"]
             spec = secrets_map[secret_name]
-            data = dict[str, str]()
-            for k, v in secret["data"].items():
-                decoded = base64.b64decode(v).decode("utf-8")
-
-                if decoded.startswith("__vault__:"):
-                    _secret_ref = json.loads(decoded.replace("__vault__:", ""))
-                    secret_ref = VaultSecret(**_secret_ref)
-                    data[k] = self.secrets_reader.read_secret(secret_ref)
-                else:
-                    data[k] = decoded
-
+            spec.secret = self.output_secrets_formatter.format(secret["data"])
             spec.metadata[SECRET_UPDATED_AT] = datetime.now(UTC).strftime(
                 SECRET_UPDATED_AT_TIMEFORMAT
             )
-            spec.secret = data
 
     def _delete_source_secret(self, spec: ExternalResourceSpec) -> None:
         secret_name = self._get_spec_outputs_secret_name(spec)
@@ -396,6 +424,7 @@ def build_incluster_secrets_reconciler(
         vault_path=vault_path,
         vault_client=VaultClient(),
         secrets_reader=secrets_reader,
+        output_secrets_formatter=OutputSecretsFormatter(secrets_reader),
         thread_pool_size=thread_pool_size,
         dry_run=dry_run,
     )

reconcile/gql_definitions/common/saas_files.py

@@ -233,6 +233,7 @@ query SaasFiles {
       }
     }
     validateTargetsInApp
+    validatePlannedData
     resourceTemplates {
       name
       url
@@ -560,6 +561,7 @@ class SaasFileV2(ConfiguredBaseModel):
     parameters: Optional[Json] = Field(..., alias="parameters")
     secret_parameters: Optional[list[SaasSecretParametersV1]] = Field(..., alias="secretParameters")
     validate_targets_in_app: Optional[bool] = Field(..., alias="validateTargetsInApp")
+    validate_planned_data: Optional[bool] = Field(..., alias="validatePlannedData")
     resource_templates: list[SaasResourceTemplateV2] = Field(..., alias="resourceTemplates")
     self_service_roles: Optional[list[SaasFileV2_RoleV1]] = Field(..., alias="selfServiceRoles")
 

reconcile/openshift_saas_deploy.py

@@ -238,7 +238,8 @@ def run(
 
     # validate that the deployment will succeed
     # to the best of our ability to predict
-    ob.validate_planned_data(ri, oc_map)
+    if saasherder.validate_planned_data:
+        ob.validate_planned_data(ri, oc_map)
 
     # if saas_file_name is defined, the integration
     # is being called from multiple running instances

reconcile/typed_queries/saas_files.py

@@ -126,6 +126,7 @@ class SaasFile(ConfiguredBaseModel):
         ..., alias="secretParameters"
     )
     validate_targets_in_app: bool | None = Field(..., alias="validateTargetsInApp")
+    validate_planned_data: bool | None = Field(..., alias="validatePlannedData")
     managed_resource_names: list[ManagedResourceNamesV1] | None = Field(
         ..., alias="managedResourceNames"
     )

reconcile/utils/saasherder/saasherder.py

@@ -158,6 +158,9 @@ class SaasHerder:  # pylint: disable=too-many-public-methods
         self.compare = self._get_saas_file_feature_enabled("compare", default=True)
         self.publish_job_logs = self._get_saas_file_feature_enabled("publish_job_logs")
         self.cluster_admin = self._get_saas_file_feature_enabled("cluster_admin")
+        self.validate_planned_data = self._get_saas_file_feature_enabled(
+            "validate_planned_data", default=True
+        )
 
     def __enter__(self) -> "SaasHerder":
         return self