qontract-reconcile 0.10.2.dev149__py3-none-any.whl → 0.10.2.dev152__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: qontract-reconcile
3
- Version: 0.10.2.dev149
3
+ Version: 0.10.2.dev152
4
4
  Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
5
5
  Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
6
6
  Project-URL: repository, https://github.com/app-sre/qontract-reconcile
@@ -77,14 +77,14 @@ reconcile/openshift_rolebindings.py,sha256=9mlJ2FjWUoH-rsjtasreA_hV-K5Z_YR00qR_R
77
77
  reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
78
78
  reconcile/openshift_saas_deploy.py,sha256=T1dvb9zajisaJNjbnR6-AZHU-itscHtr4oCqLj8KCK0,13037
79
79
  reconcile/openshift_saas_deploy_change_tester.py,sha256=12uyBwaeMka1C3_pejmQPIBPAx2V1sJ4dJkScq-2e2M,8793
80
- reconcile/openshift_saas_deploy_trigger_base.py,sha256=Ss_FE31d8jR2f3lbSiU0ROBMVI1kg-Y_8nxLavFPFko,14036
80
+ reconcile/openshift_saas_deploy_trigger_base.py,sha256=3ypo4RNmJmrGfiyS-2OcoyITVi10LWch6JITikejlBM,14204
81
81
  reconcile/openshift_saas_deploy_trigger_cleaner.py,sha256=roLyVAVntaQptKaZbnN1LyLvCA8fyvqELfjU6M8xfeY,3511
82
82
  reconcile/openshift_saas_deploy_trigger_configs.py,sha256=eUejMGWuaQabZTLuvPLLvROfN5HOFyYZOpH4YEsiU_g,928
83
83
  reconcile/openshift_saas_deploy_trigger_images.py,sha256=iUsiBGJf-CyFw7tSLWo59rXmSvsVnN6TTaAObbsVpNg,936
84
84
  reconcile/openshift_saas_deploy_trigger_moving_commits.py,sha256=fpanSH-EGH15C9me--0VSpcpaw9BY4RTb8_mPtsSZGc,942
85
85
  reconcile/openshift_saas_deploy_trigger_upstream_jobs.py,sha256=0CjfeVQE0QrRrOVuTxkXvBUdKNtYLYuX4mZRB48PQ9g,940
86
86
  reconcile/openshift_serviceaccount_tokens.py,sha256=SaYT8g_T1W8P8r391ZWV1rYv5BfFxy8x_HIM9XqAm3g,8906
87
- reconcile/openshift_tekton_resources.py,sha256=wUq7ituxqwpVEXHPKYQ9Q-wYZZR0fLgJioQfJFEdEZY,16205
87
+ reconcile/openshift_tekton_resources.py,sha256=ZAhPhj5dXxOF2XdNTeksAX-oa2gVCIbL45Gep05nG90,16267
88
88
  reconcile/openshift_upgrade_watcher.py,sha256=9IB321hlRZZhzdaR9G3zoWAhVv0-KzNiEqx73p3-wmk,6539
89
89
  reconcile/openshift_users.py,sha256=JUWLb13USlQ4KvXZVsi3JES4csZnXlH0plhxskg_p6A,5300
90
90
  reconcile/openshift_vault_secrets.py,sha256=9rTqV6wzCQx2Oh712E_Xj8wMG7u8Oh-pY8DWjlv4mZw,1660
@@ -94,7 +94,7 @@ reconcile/quay_mirror.py,sha256=0KtQFwrvMNtlsPJ9F_-ICaVIjgIUjFxqipvAPcvyg3Q,1533
94
94
  reconcile/quay_mirror_org.py,sha256=tXKuF6JtmaNRwu8_g_65U_Vpd6sFBYeXmJA-flVhylE,10764
95
95
  reconcile/quay_permissions.py,sha256=9KOutS1w4RFQqkvMSy54VtsKNx56-phzP6yI_rEW-B8,4244
96
96
  reconcile/quay_repos.py,sha256=cuEYG0HUe0ut5yvLdEwOF5-CmccpXQHRb_wDazvDrvQ,6895
97
- reconcile/queries.py,sha256=XU5ksCW6f8AmVHsg8WEAxiL4cwzLBkpvsYn9EqZ228Q,50890
97
+ reconcile/queries.py,sha256=JbkF6F13xdToj1WgWzkK7aU1Gf_gFbjuJvdsyQrZ1iw,50905
98
98
  reconcile/query_validator.py,sha256=MSh5pKLBksws4AqfuvT8nrIGucIbqX-IOzYyPYTLO7k,1491
99
99
  reconcile/requests_sender.py,sha256=914iluuF4UVgG3VyxxtnHOu4yf6YKS2fIy6PViSsFTQ,3875
100
100
  reconcile/resource_scraper.py,sha256=znXCHrU7YwPfKuxGBiUrV7T1tYtn4vlz9qmZlfy6Flg,2307
@@ -227,7 +227,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=BgMx-NyV9mTuv7Sotb2OioC
227
227
  reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
228
228
  reconcile/glitchtip_project_dsn/integration.py,sha256=2iugub-kHYkHNK33n0v9_TeWonuxCPah_VkoTPvaajE,8077
229
229
  reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
230
- reconcile/gql_definitions/introspection.json,sha256=mzkjTtBMjRDoC00njCLGylyb85atOvRRPzQo4GhKti8,2283808
230
+ reconcile/gql_definitions/introspection.json,sha256=8tA2_ZuvhmWLNRV1-JvZeVTdyUDYAVvdSe0mvxm_Uag,2286927
231
231
  reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
232
232
  reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
233
233
  reconcile/gql_definitions/acs/acs_policies.py,sha256=bN5i4mks10Z23KJSj7jqp966Osq2dps4d-sPH9gjxEA,7008
@@ -432,7 +432,7 @@ reconcile/gql_definitions/terraform_repo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5
432
432
  reconcile/gql_definitions/terraform_repo/terraform_repo.py,sha256=9cDKdP9ziBh9J_mw2Gi6GUOP4mFxMABY_D62qSeMtJI,3881
433
433
  reconcile/gql_definitions/terraform_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
434
434
  reconcile/gql_definitions/terraform_resources/database_access_manager.py,sha256=yv0_YC-LmhaKD_gyGG3le1w5BtypBjlsO894-Zgdg4U,4813
435
- reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=8J0WW7F4Q6IHfLu85aeYNHSjJWSuypJsOBukJSleCiY,43944
435
+ reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=6Er4NT3hHT66tFCBlyBeyGXDzxO_OYiL36lCe8JM9vQ,44562
436
436
  reconcile/gql_definitions/terraform_tgw_attachments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
437
437
  reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py,sha256=FPyPEikpkZ_kvHfXqnkzSUDNmxMMTiUwhI-eLQtuIHM,2616
438
438
  reconcile/gql_definitions/unleash_feature_toggles/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -657,7 +657,7 @@ reconcile/utils/state.py,sha256=az4tBmZ0EdbFcAGiBVUxs3cr2-BVWsuDQiNTvjjQq8s,1637
657
657
  reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
658
658
  reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
659
659
  reconcile/utils/terraform_client.py,sha256=IDlrNvGEc2i6ElZIL_fzaJEad1nRC3DkP9_VXhJXmU0,37329
660
- reconcile/utils/terrascript_aws_client.py,sha256=Xhx8QbLXN_Savhrep_sTJcNgwKOHlaocNNXqgX4i4g4,287952
660
+ reconcile/utils/terrascript_aws_client.py,sha256=WMT9cZ4Cu4vjiIgRiTMyZ3Iio2_HNODg2OlrWGW9nQA,288803
661
661
  reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
662
662
  reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
663
663
  reconcile/utils/vault.py,sha256=aSA8l9cJlPUHpChFGl27nSY-Mpq9FMjBo7Dcgb1BVfM,15036
@@ -797,7 +797,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
797
797
  tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
798
798
  tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
799
799
  tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
800
- qontract_reconcile-0.10.2.dev149.dist-info/METADATA,sha256=rFMsnJ1ccrvi49CBWdlHZhhsIZPcTPuXPJU3spHw6hE,24627
801
- qontract_reconcile-0.10.2.dev149.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
802
- qontract_reconcile-0.10.2.dev149.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
803
- qontract_reconcile-0.10.2.dev149.dist-info/RECORD,,
800
+ qontract_reconcile-0.10.2.dev152.dist-info/METADATA,sha256=vJsdGK7g6V30epBk2e5-Z3IjYTweJywk5bBbC636psU,24627
801
+ qontract_reconcile-0.10.2.dev152.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
802
+ qontract_reconcile-0.10.2.dev152.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
803
+ qontract_reconcile-0.10.2.dev152.dist-info/RECORD,,
@@ -46845,6 +46845,65 @@
46845
46845
  "enumValues": null,
46846
46846
  "possibleTypes": null
46847
46847
  },
46848
+ {
46849
+ "kind": "OBJECT",
46850
+ "name": "NamespaceTerraformResourceALBMutualAuthentication_v1",
46851
+ "description": null,
46852
+ "fields": [
46853
+ {
46854
+ "name": "mode",
46855
+ "description": null,
46856
+ "args": [],
46857
+ "type": {
46858
+ "kind": "NON_NULL",
46859
+ "name": null,
46860
+ "ofType": {
46861
+ "kind": "SCALAR",
46862
+ "name": "String",
46863
+ "ofType": null
46864
+ }
46865
+ },
46866
+ "isDeprecated": false,
46867
+ "deprecationReason": null
46868
+ },
46869
+ {
46870
+ "name": "ca_cert_bundle_s3_bucket_name",
46871
+ "description": null,
46872
+ "args": [],
46873
+ "type": {
46874
+ "kind": "NON_NULL",
46875
+ "name": null,
46876
+ "ofType": {
46877
+ "kind": "SCALAR",
46878
+ "name": "String",
46879
+ "ofType": null
46880
+ }
46881
+ },
46882
+ "isDeprecated": false,
46883
+ "deprecationReason": null
46884
+ },
46885
+ {
46886
+ "name": "ca_cert_bundle_s3_bucket_key",
46887
+ "description": null,
46888
+ "args": [],
46889
+ "type": {
46890
+ "kind": "NON_NULL",
46891
+ "name": null,
46892
+ "ofType": {
46893
+ "kind": "SCALAR",
46894
+ "name": "String",
46895
+ "ofType": null
46896
+ }
46897
+ },
46898
+ "isDeprecated": false,
46899
+ "deprecationReason": null
46900
+ }
46901
+ ],
46902
+ "inputFields": null,
46903
+ "interfaces": [],
46904
+ "enumValues": null,
46905
+ "possibleTypes": null
46906
+ },
46848
46907
  {
46849
46908
  "kind": "OBJECT",
46850
46909
  "name": "NamespaceTerraformResourceALB_v1",
@@ -47010,6 +47069,18 @@
47010
47069
  "isDeprecated": false,
47011
47070
  "deprecationReason": null
47012
47071
  },
47072
+ {
47073
+ "name": "mutual_authentication",
47074
+ "description": null,
47075
+ "args": [],
47076
+ "type": {
47077
+ "kind": "OBJECT",
47078
+ "name": "NamespaceTerraformResourceALBMutualAuthentication_v1",
47079
+ "ofType": null
47080
+ },
47081
+ "isDeprecated": false,
47082
+ "deprecationReason": null
47083
+ },
47013
47084
  {
47014
47085
  "name": "targets",
47015
47086
  "description": null,
@@ -312,6 +312,11 @@ query TerraformResourcesNamespaces {
312
312
  ip_address_type
313
313
  access_logs
314
314
  ssl_policy
315
+ mutual_authentication {
316
+ mode
317
+ ca_cert_bundle_s3_bucket_name
318
+ ca_cert_bundle_s3_bucket_key
319
+ }
315
320
  targets {
316
321
  name
317
322
  default
@@ -808,6 +813,12 @@ class NamespaceTerraformResourceS3CloudFrontPublicKeyV1(NamespaceTerraformResour
808
813
  annotations: Optional[str] = Field(..., alias="annotations")
809
814
 
810
815
 
816
+ class NamespaceTerraformResourceALBMutualAuthenticationV1(ConfiguredBaseModel):
817
+ mode: str = Field(..., alias="mode")
818
+ ca_cert_bundle_s3_bucket_name: str = Field(..., alias="ca_cert_bundle_s3_bucket_name")
819
+ ca_cert_bundle_s3_bucket_key: str = Field(..., alias="ca_cert_bundle_s3_bucket_key")
820
+
821
+
811
822
  class NamespaceTerraformResourceALBTargetHealthcheckV1(ConfiguredBaseModel):
812
823
  unhealthy_threshold: Optional[int] = Field(..., alias="unhealthy_threshold")
813
824
  timeout: Optional[int] = Field(..., alias="timeout")
@@ -904,6 +915,7 @@ class NamespaceTerraformResourceALBV1(NamespaceTerraformResourceAWSV1):
904
915
  ip_address_type: Optional[str] = Field(..., alias="ip_address_type")
905
916
  access_logs: Optional[bool] = Field(..., alias="access_logs")
906
917
  ssl_policy: Optional[str] = Field(..., alias="ssl_policy")
918
+ mutual_authentication: Optional[NamespaceTerraformResourceALBMutualAuthenticationV1] = Field(..., alias="mutual_authentication")
907
919
  targets: list[NamespaceTerraformResourceALBTargetsV1] = Field(..., alias="targets")
908
920
  rules: list[NamespaceTerraformResourceALBRulesV1] = Field(..., alias="rules")
909
921
  output_resource_name: Optional[str] = Field(..., alias="output_resource_name")
@@ -1043,7 +1055,7 @@ class NamespaceTerraformResourceMskV1(NamespaceTerraformResourceAWSV1):
1043
1055
 
1044
1056
 
1045
1057
  class NamespaceTerraformProviderResourceAWSV1(NamespaceExternalResourceV1):
1046
- resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceRosaAuthenticatorV1, NamespaceTerraformResourceALBV1, NamespaceTerraformResourceRoleV1, NamespaceTerraformResourceS3V1, NamespaceTerraformResourceASGV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceSNSTopicV1, NamespaceTerraformResourceServiceAccountV1, NamespaceTerraformResourceS3SQSV1, NamespaceTerraformResourceCloudWatchV1, NamespaceTerraformResourceKMSV1, NamespaceTerraformResourceRosaAuthenticatorVPCEV1, NamespaceTerraformResourceMskV1, NamespaceTerraformResourceS3CloudFrontV1, NamespaceTerraformResourceElasticSearchV1, NamespaceTerraformResourceACMV1, NamespaceTerraformResourceKinesisV1, NamespaceTerraformResourceRoute53ZoneV1, NamespaceTerraformResourceSQSV1, NamespaceTerraformResourceDynamoDBV1, NamespaceTerraformResourceECRV1, NamespaceTerraformResourceS3CloudFrontPublicKeyV1, NamespaceTerraformResourceSecretsManagerV1, NamespaceTerraformResourceSecretsManagerServiceAccountV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
1058
+ resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceALBV1, NamespaceTerraformResourceRosaAuthenticatorV1, NamespaceTerraformResourceRoleV1, NamespaceTerraformResourceS3V1, NamespaceTerraformResourceASGV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceSNSTopicV1, NamespaceTerraformResourceServiceAccountV1, NamespaceTerraformResourceS3SQSV1, NamespaceTerraformResourceCloudWatchV1, NamespaceTerraformResourceKMSV1, NamespaceTerraformResourceRosaAuthenticatorVPCEV1, NamespaceTerraformResourceMskV1, NamespaceTerraformResourceS3CloudFrontV1, NamespaceTerraformResourceElasticSearchV1, NamespaceTerraformResourceACMV1, NamespaceTerraformResourceKinesisV1, NamespaceTerraformResourceRoute53ZoneV1, NamespaceTerraformResourceSQSV1, NamespaceTerraformResourceDynamoDBV1, NamespaceTerraformResourceECRV1, NamespaceTerraformResourceS3CloudFrontPublicKeyV1, NamespaceTerraformResourceSecretsManagerV1, NamespaceTerraformResourceSecretsManagerServiceAccountV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
1047
1059
 
1048
1060
 
1049
1061
  class EnvironmentV1(ConfiguredBaseModel):
@@ -376,7 +376,13 @@ def _construct_tekton_trigger_resource(
376
376
  body: dict[str, Any] = {
377
377
  "apiVersion": "tekton.dev/v1",
378
378
  "kind": "PipelineRun",
379
- "metadata": {"generateName": f"{name}-"},
379
+ "metadata": {
380
+ "generateName": f"{name}-",
381
+ "labels": {
382
+ "qontract.saas_file_name": saas_file_name,
383
+ "qontract.env_name": env_name,
384
+ },
385
+ },
380
386
  "spec": {
381
387
  "pipelineRef": {"name": tkn_pipeline_name},
382
388
  "params": parameters,
@@ -139,6 +139,9 @@ def fetch_desired_resources(
139
139
  while we are migrating from the current system to this integration"""
140
140
  desired_resources = []
141
141
  for tknp in tkn_providers.values():
142
+ if tknp["namespace"]["delete"]:
143
+ continue
144
+
142
145
  namespace = tknp["namespace"]["name"]
143
146
  cluster = tknp["namespace"]["cluster"]["name"]
144
147
  deploy_resources = tknp.get("deployResources") or DEFAULT_DEPLOY_RESOURCES
reconcile/queries.py CHANGED
@@ -2068,6 +2068,7 @@ PIPELINES_PROVIDERS_QUERY = """
2068
2068
  }
2069
2069
  namespace {
2070
2070
  name
2071
+ delete
2071
2072
  cluster {
2072
2073
  name
2073
2074
  serverUrl
@@ -358,6 +358,10 @@ class cloudinit_config(Data):
358
358
  pass
359
359
 
360
360
 
361
+ class aws_lb_trust_store(Resource):
362
+ pass
363
+
364
+
361
365
  # temporary until we upgrade to a terrascript release
362
366
  # that supports this provider
363
367
  # https://github.com/mjuenema/python-terrascript/pull/166
@@ -5493,6 +5497,26 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
5493
5497
  },
5494
5498
  "depends_on": self.get_dependencies([lb_tf_resource, default_target]),
5495
5499
  }
5500
+
5501
+ # mutual authentication section
5502
+ if mutual_authentication := resource.get("mutual_authentication"):
5503
+ trust_store_values = {
5504
+ "ca_certificates_bundle_s3_bucket": mutual_authentication[
5505
+ "ca_cert_bundle_s3_bucket_name"
5506
+ ],
5507
+ "ca_certificates_bundle_s3_key": mutual_authentication[
5508
+ "ca_cert_bundle_s3_bucket_key"
5509
+ ],
5510
+ }
5511
+ trust_store = aws_lb_trust_store(
5512
+ f"{identifier}-trust-store", **trust_store_values
5513
+ )
5514
+ tf_resources.append(trust_store)
5515
+ values["mutual_authentication"] = {
5516
+ "mode": mutual_authentication["mode"],
5517
+ "trust_store_arn": f"${{{trust_store.arn}}}",
5518
+ }
5519
+
5496
5520
  forward_identifier = f"{identifier}-forward"
5497
5521
  forward_lbl_tf_resource = aws_lb_listener(forward_identifier, **values)
5498
5522
  tf_resources.append(forward_lbl_tf_resource)