qontract-reconcile 0.10.2.dev148__py3-none-any.whl → 0.10.2.dev150__py3-none-any.whl

{qontract_reconcile-0.10.2.dev148.dist-info → qontract_reconcile-0.10.2.dev150.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev148
+Version: 0.10.2.dev150
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile

{qontract_reconcile-0.10.2.dev148.dist-info → qontract_reconcile-0.10.2.dev150.dist-info}/RECORD

@@ -201,7 +201,7 @@ reconcile/external_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NM
 reconcile/external_resources/aws.py,sha256=0Vjobt0zHcGkPV9C_lXHGV2uSbvU8XX00tLCmEmlKvs,11984
 reconcile/external_resources/factories.py,sha256=C0QHT0soEv6z99-ELAAE19S5MaMHhV0t1fSiQn0Coc4,5970
 reconcile/external_resources/integration.py,sha256=WF6O4rT0oUHbNaWEemjLLzCqdNSQIUaymUuj08VsIl8,7034
-reconcile/external_resources/integration_secrets_sync.py,sha256=CImwt_tyS3MMGpkjI_0gZqYt4XgqIw4BtdJiDH2xrCk,1700
+reconcile/external_resources/integration_secrets_sync.py,sha256=M2uOFi2JXWhiw3hQyE_4NVPQmPIYGHlghRti5eLWhkw,1738
 reconcile/external_resources/manager.py,sha256=bnGLeQmg7wzTcApgNTDKBTsojuEgOrCYX1QIIS12-ns,18247
 reconcile/external_resources/meta.py,sha256=noaytFzmShpzLA_ebGh7wuP45mOfHIOnnoUxivjDa1I,672
 reconcile/external_resources/metrics.py,sha256=KiBjMUaN_z0cSkF_7Ar_a8RiuiwVqjyMcVdISlxhzXE,3898
@@ -227,7 +227,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=BgMx-NyV9mTuv7Sotb2OioC
 reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/glitchtip_project_dsn/integration.py,sha256=2iugub-kHYkHNK33n0v9_TeWonuxCPah_VkoTPvaajE,8077
 reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/gql_definitions/introspection.json,sha256=mzkjTtBMjRDoC00njCLGylyb85atOvRRPzQo4GhKti8,2283808
+reconcile/gql_definitions/introspection.json,sha256=8tA2_ZuvhmWLNRV1-JvZeVTdyUDYAVvdSe0mvxm_Uag,2286927
 reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
 reconcile/gql_definitions/acs/acs_policies.py,sha256=bN5i4mks10Z23KJSj7jqp966Osq2dps4d-sPH9gjxEA,7008
@@ -432,7 +432,7 @@ reconcile/gql_definitions/terraform_repo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5
 reconcile/gql_definitions/terraform_repo/terraform_repo.py,sha256=9cDKdP9ziBh9J_mw2Gi6GUOP4mFxMABY_D62qSeMtJI,3881
 reconcile/gql_definitions/terraform_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/terraform_resources/database_access_manager.py,sha256=yv0_YC-LmhaKD_gyGG3le1w5BtypBjlsO894-Zgdg4U,4813
-reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=8J0WW7F4Q6IHfLu85aeYNHSjJWSuypJsOBukJSleCiY,43944
+reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=6Er4NT3hHT66tFCBlyBeyGXDzxO_OYiL36lCe8JM9vQ,44562
 reconcile/gql_definitions/terraform_tgw_attachments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py,sha256=FPyPEikpkZ_kvHfXqnkzSUDNmxMMTiUwhI-eLQtuIHM,2616
 reconcile/gql_definitions/unleash_feature_toggles/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -657,7 +657,7 @@ reconcile/utils/state.py,sha256=az4tBmZ0EdbFcAGiBVUxs3cr2-BVWsuDQiNTvjjQq8s,1637
 reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=IDlrNvGEc2i6ElZIL_fzaJEad1nRC3DkP9_VXhJXmU0,37329
-reconcile/utils/terrascript_aws_client.py,sha256=Xhx8QbLXN_Savhrep_sTJcNgwKOHlaocNNXqgX4i4g4,287952
+reconcile/utils/terrascript_aws_client.py,sha256=WMT9cZ4Cu4vjiIgRiTMyZ3Iio2_HNODg2OlrWGW9nQA,288803
 reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/vault.py,sha256=aSA8l9cJlPUHpChFGl27nSY-Mpq9FMjBo7Dcgb1BVfM,15036
@@ -797,7 +797,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev148.dist-info/METADATA,sha256=kBuHS7iU_WbaGxjsnZVvv7rpMhB0hutZQ94Hs7AYogI,24627
-qontract_reconcile-0.10.2.dev148.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev148.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev148.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev150.dist-info/METADATA,sha256=hnP4JA3UNqYGiaLiKJXkzr8GLPFc1ylIOBeaKyP_aGY,24627
+qontract_reconcile-0.10.2.dev150.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev150.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev150.dist-info/RECORD,,

reconcile/external_resources/integration_secrets_sync.py

@@ -38,6 +38,7 @@ def run(dry_run: bool, thread_pool_size: int) -> None:
         spec
         for key, spec in er_inventory.items()
         if m_inventory.get_from_external_resource_key(key).outputs_secret_sync
+        and not spec.marked_to_delete
     ]
 
     reconciler = VaultSecretsReconciler(

reconcile/gql_definitions/introspection.json

@@ -46845,6 +46845,65 @@
                     "enumValues": null,
                     "possibleTypes": null
                 },
+                {
+                    "kind": "OBJECT",
+                    "name": "NamespaceTerraformResourceALBMutualAuthentication_v1",
+                    "description": null,
+                    "fields": [
+                        {
+                            "name": "mode",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "NON_NULL",
+                                "name": null,
+                                "ofType": {
+                                    "kind": "SCALAR",
+                                    "name": "String",
+                                    "ofType": null
+                                }
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
+                        },
+                        {
+                            "name": "ca_cert_bundle_s3_bucket_name",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "NON_NULL",
+                                "name": null,
+                                "ofType": {
+                                    "kind": "SCALAR",
+                                    "name": "String",
+                                    "ofType": null
+                                }
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
+                        },
+                        {
+                            "name": "ca_cert_bundle_s3_bucket_key",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "NON_NULL",
+                                "name": null,
+                                "ofType": {
+                                    "kind": "SCALAR",
+                                    "name": "String",
+                                    "ofType": null
+                                }
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
+                        }
+                    ],
+                    "inputFields": null,
+                    "interfaces": [],
+                    "enumValues": null,
+                    "possibleTypes": null
+                },
                 {
                     "kind": "OBJECT",
                     "name": "NamespaceTerraformResourceALB_v1",
@@ -47010,6 +47069,18 @@
                             "isDeprecated": false,
                             "deprecationReason": null
                         },
+                        {
+                            "name": "mutual_authentication",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "OBJECT",
+                                "name": "NamespaceTerraformResourceALBMutualAuthentication_v1",
+                                "ofType": null
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
+                        },
                         {
                             "name": "targets",
                             "description": null,

reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py

@@ -312,6 +312,11 @@ query TerraformResourcesNamespaces {
                 ip_address_type
                 access_logs
                 ssl_policy
+                mutual_authentication {
+                    mode
+                    ca_cert_bundle_s3_bucket_name
+                    ca_cert_bundle_s3_bucket_key
+                }
                 targets {
                     name
                     default
@@ -808,6 +813,12 @@ class NamespaceTerraformResourceS3CloudFrontPublicKeyV1(NamespaceTerraformResour
     annotations: Optional[str] = Field(..., alias="annotations")
 
 
+class NamespaceTerraformResourceALBMutualAuthenticationV1(ConfiguredBaseModel):
+    mode: str = Field(..., alias="mode")
+    ca_cert_bundle_s3_bucket_name: str = Field(..., alias="ca_cert_bundle_s3_bucket_name")
+    ca_cert_bundle_s3_bucket_key: str = Field(..., alias="ca_cert_bundle_s3_bucket_key")
+
+
 class NamespaceTerraformResourceALBTargetHealthcheckV1(ConfiguredBaseModel):
     unhealthy_threshold: Optional[int] = Field(..., alias="unhealthy_threshold")
     timeout: Optional[int] = Field(..., alias="timeout")
@@ -904,6 +915,7 @@ class NamespaceTerraformResourceALBV1(NamespaceTerraformResourceAWSV1):
     ip_address_type: Optional[str] = Field(..., alias="ip_address_type")
     access_logs: Optional[bool] = Field(..., alias="access_logs")
     ssl_policy: Optional[str] = Field(..., alias="ssl_policy")
+    mutual_authentication: Optional[NamespaceTerraformResourceALBMutualAuthenticationV1] = Field(..., alias="mutual_authentication")
     targets: list[NamespaceTerraformResourceALBTargetsV1] = Field(..., alias="targets")
     rules: list[NamespaceTerraformResourceALBRulesV1] = Field(..., alias="rules")
     output_resource_name: Optional[str] = Field(..., alias="output_resource_name")
@@ -1043,7 +1055,7 @@ class NamespaceTerraformResourceMskV1(NamespaceTerraformResourceAWSV1):
 
 
 class NamespaceTerraformProviderResourceAWSV1(NamespaceExternalResourceV1):
-    resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceRosaAuthenticatorV1, NamespaceTerraformResourceALBV1, NamespaceTerraformResourceRoleV1, NamespaceTerraformResourceS3V1, NamespaceTerraformResourceASGV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceSNSTopicV1, NamespaceTerraformResourceServiceAccountV1, NamespaceTerraformResourceS3SQSV1, NamespaceTerraformResourceCloudWatchV1, NamespaceTerraformResourceKMSV1, NamespaceTerraformResourceRosaAuthenticatorVPCEV1, NamespaceTerraformResourceMskV1, NamespaceTerraformResourceS3CloudFrontV1, NamespaceTerraformResourceElasticSearchV1, NamespaceTerraformResourceACMV1, NamespaceTerraformResourceKinesisV1, NamespaceTerraformResourceRoute53ZoneV1, NamespaceTerraformResourceSQSV1, NamespaceTerraformResourceDynamoDBV1, NamespaceTerraformResourceECRV1, NamespaceTerraformResourceS3CloudFrontPublicKeyV1, NamespaceTerraformResourceSecretsManagerV1, NamespaceTerraformResourceSecretsManagerServiceAccountV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
+    resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceALBV1, NamespaceTerraformResourceRosaAuthenticatorV1, NamespaceTerraformResourceRoleV1, NamespaceTerraformResourceS3V1, NamespaceTerraformResourceASGV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceSNSTopicV1, NamespaceTerraformResourceServiceAccountV1, NamespaceTerraformResourceS3SQSV1, NamespaceTerraformResourceCloudWatchV1, NamespaceTerraformResourceKMSV1, NamespaceTerraformResourceRosaAuthenticatorVPCEV1, NamespaceTerraformResourceMskV1, NamespaceTerraformResourceS3CloudFrontV1, NamespaceTerraformResourceElasticSearchV1, NamespaceTerraformResourceACMV1, NamespaceTerraformResourceKinesisV1, NamespaceTerraformResourceRoute53ZoneV1, NamespaceTerraformResourceSQSV1, NamespaceTerraformResourceDynamoDBV1, NamespaceTerraformResourceECRV1, NamespaceTerraformResourceS3CloudFrontPublicKeyV1, NamespaceTerraformResourceSecretsManagerV1, NamespaceTerraformResourceSecretsManagerServiceAccountV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
 
 
 class EnvironmentV1(ConfiguredBaseModel):

reconcile/utils/terrascript_aws_client.py

@@ -358,6 +358,10 @@ class cloudinit_config(Data):
     pass
 
 
+class aws_lb_trust_store(Resource):
+    pass
+
+
 # temporary until we upgrade to a terrascript release
 # that supports this provider
 # https://github.com/mjuenema/python-terrascript/pull/166
@@ -5493,6 +5497,26 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
             },
             "depends_on": self.get_dependencies([lb_tf_resource, default_target]),
         }
+
+        # mutual authentication section
+        if mutual_authentication := resource.get("mutual_authentication"):
+            trust_store_values = {
+                "ca_certificates_bundle_s3_bucket": mutual_authentication[
+                    "ca_cert_bundle_s3_bucket_name"
+                ],
+                "ca_certificates_bundle_s3_key": mutual_authentication[
+                    "ca_cert_bundle_s3_bucket_key"
+                ],
+            }
+            trust_store = aws_lb_trust_store(
+                f"{identifier}-trust-store", **trust_store_values
+            )
+            tf_resources.append(trust_store)
+            values["mutual_authentication"] = {
+                "mode": mutual_authentication["mode"],
+                "trust_store_arn": f"${{{trust_store.arn}}}",
+            }
+
         forward_identifier = f"{identifier}-forward"
         forward_lbl_tf_resource = aws_lb_listener(forward_identifier, **values)
         tf_resources.append(forward_lbl_tf_resource)