qontract-reconcile 0.10.2.dev153__py3-none-any.whl → 0.10.2.dev155__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/METADATA +1 -1
- {qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/RECORD +6 -6
- reconcile/openshift_saas_deploy_trigger_base.py +4 -0
- reconcile/utils/terrascript_aws_client.py +81 -66
- {qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/WHEEL +0 -0
- {qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/entry_points.txt +0 -0
{qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: qontract-reconcile
|
|
3
|
-
Version: 0.10.2.
|
|
3
|
+
Version: 0.10.2.dev155
|
|
4
4
|
Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
|
|
5
5
|
Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
|
|
6
6
|
Project-URL: repository, https://github.com/app-sre/qontract-reconcile
|
{qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/RECORD
RENAMED
|
@@ -77,7 +77,7 @@ reconcile/openshift_rolebindings.py,sha256=9mlJ2FjWUoH-rsjtasreA_hV-K5Z_YR00qR_R
|
|
|
77
77
|
reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
|
|
78
78
|
reconcile/openshift_saas_deploy.py,sha256=T1dvb9zajisaJNjbnR6-AZHU-itscHtr4oCqLj8KCK0,13037
|
|
79
79
|
reconcile/openshift_saas_deploy_change_tester.py,sha256=12uyBwaeMka1C3_pejmQPIBPAx2V1sJ4dJkScq-2e2M,8793
|
|
80
|
-
reconcile/openshift_saas_deploy_trigger_base.py,sha256=
|
|
80
|
+
reconcile/openshift_saas_deploy_trigger_base.py,sha256=ftG8vqXCfaMUrkl1QqbPjnRpnQAmMIGCG0IT-YWAG6U,14366
|
|
81
81
|
reconcile/openshift_saas_deploy_trigger_cleaner.py,sha256=roLyVAVntaQptKaZbnN1LyLvCA8fyvqELfjU6M8xfeY,3511
|
|
82
82
|
reconcile/openshift_saas_deploy_trigger_configs.py,sha256=eUejMGWuaQabZTLuvPLLvROfN5HOFyYZOpH4YEsiU_g,928
|
|
83
83
|
reconcile/openshift_saas_deploy_trigger_images.py,sha256=iUsiBGJf-CyFw7tSLWo59rXmSvsVnN6TTaAObbsVpNg,936
|
|
@@ -657,7 +657,7 @@ reconcile/utils/state.py,sha256=az4tBmZ0EdbFcAGiBVUxs3cr2-BVWsuDQiNTvjjQq8s,1637
|
|
|
657
657
|
reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
|
|
658
658
|
reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
|
|
659
659
|
reconcile/utils/terraform_client.py,sha256=IDlrNvGEc2i6ElZIL_fzaJEad1nRC3DkP9_VXhJXmU0,37329
|
|
660
|
-
reconcile/utils/terrascript_aws_client.py,sha256
|
|
660
|
+
reconcile/utils/terrascript_aws_client.py,sha256=-knIxxuez_gmaI4OvkMq3YeYdZgzkDIVVorFdS_nw4E,289989
|
|
661
661
|
reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
|
|
662
662
|
reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
|
|
663
663
|
reconcile/utils/vault.py,sha256=aSA8l9cJlPUHpChFGl27nSY-Mpq9FMjBo7Dcgb1BVfM,15036
|
|
@@ -797,7 +797,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
|
|
|
797
797
|
tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
|
|
798
798
|
tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
|
|
799
799
|
tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
|
|
800
|
-
qontract_reconcile-0.10.2.
|
|
801
|
-
qontract_reconcile-0.10.2.
|
|
802
|
-
qontract_reconcile-0.10.2.
|
|
803
|
-
qontract_reconcile-0.10.2.
|
|
800
|
+
qontract_reconcile-0.10.2.dev155.dist-info/METADATA,sha256=SCv6zhblOoa_txf4pnB9rfLD7oODuJ5n_FDMgerKyYU,24627
|
|
801
|
+
qontract_reconcile-0.10.2.dev155.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
802
|
+
qontract_reconcile-0.10.2.dev155.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
|
|
803
|
+
qontract_reconcile-0.10.2.dev155.dist-info/RECORD,,
|
|
@@ -378,6 +378,10 @@ def _construct_tekton_trigger_resource(
|
|
|
378
378
|
"kind": "PipelineRun",
|
|
379
379
|
"metadata": {
|
|
380
380
|
"generateName": f"{name}-",
|
|
381
|
+
"annotations": {
|
|
382
|
+
"qontract.trigger_integration": integration,
|
|
383
|
+
"qontract.trigger_reason": reason or "",
|
|
384
|
+
},
|
|
381
385
|
"labels": {
|
|
382
386
|
"qontract.saas_file_name": saas_file_name,
|
|
383
387
|
"qontract.env_name": env_name,
|
|
@@ -4883,10 +4883,11 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
4883
4883
|
es_values["provider"] = provider
|
|
4884
4884
|
|
|
4885
4885
|
auth_options = values.get("auth", {})
|
|
4886
|
+
advanced_security_options = None
|
|
4886
4887
|
# TODO: @fishi0x01 make mandatory after migration APPSRE-3409
|
|
4887
4888
|
if auth_options:
|
|
4888
|
-
|
|
4889
|
-
|
|
4889
|
+
advanced_security_options = self._build_es_advanced_security_options(
|
|
4890
|
+
auth_options
|
|
4890
4891
|
)
|
|
4891
4892
|
|
|
4892
4893
|
# TODO: @fishi0x01 remove after migration APPSRE-3409
|
|
@@ -4900,6 +4901,84 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
4900
4901
|
)
|
|
4901
4902
|
)
|
|
4902
4903
|
# ++++++++ END: REMOVE ++++++++++
|
|
4904
|
+
if advanced_security_options:
|
|
4905
|
+
master_user_options_with_optional_keys_values = advanced_security_options[
|
|
4906
|
+
"master_user_options"
|
|
4907
|
+
]
|
|
4908
|
+
# this secret can include optional kv pairs which are then saved to secrets manager in AWS
|
|
4909
|
+
# however this step strips those extra values from `master_user_options` which only expects
|
|
4910
|
+
# 2 fields https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#master_user_options-1
|
|
4911
|
+
advanced_security_options["master_user_options"] = {
|
|
4912
|
+
k: v
|
|
4913
|
+
for k, v in master_user_options_with_optional_keys_values.items()
|
|
4914
|
+
if k in {"master_user_name", "master_user_password"}
|
|
4915
|
+
}
|
|
4916
|
+
es_values["advanced_security_options"] = advanced_security_options
|
|
4917
|
+
if advanced_security_options.get("internal_user_database_enabled", False):
|
|
4918
|
+
# add master user creds to output and secretsmanager if internal_user_database_enabled
|
|
4919
|
+
master_user = master_user_options_with_optional_keys_values
|
|
4920
|
+
secret_name = f"qrtf/es/{identifier}"
|
|
4921
|
+
secret_identifier = secret_name.replace("/", "-")
|
|
4922
|
+
secret_values = {"name": secret_name, "tags": tags}
|
|
4923
|
+
if provider:
|
|
4924
|
+
secret_values["provider"] = provider
|
|
4925
|
+
aws_secret_resource = aws_secretsmanager_secret(
|
|
4926
|
+
secret_identifier, **secret_values
|
|
4927
|
+
)
|
|
4928
|
+
tf_resources.append(aws_secret_resource)
|
|
4929
|
+
|
|
4930
|
+
version_values = {
|
|
4931
|
+
"secret_id": "${" + aws_secret_resource.id + "}",
|
|
4932
|
+
"secret_string": json.dumps(master_user, sort_keys=True),
|
|
4933
|
+
}
|
|
4934
|
+
if provider:
|
|
4935
|
+
version_values["provider"] = provider
|
|
4936
|
+
aws_version_resource = aws_secretsmanager_secret_version(
|
|
4937
|
+
secret_identifier, **version_values
|
|
4938
|
+
)
|
|
4939
|
+
tf_resources.append(aws_version_resource)
|
|
4940
|
+
|
|
4941
|
+
policy = {
|
|
4942
|
+
"Version": "2012-10-17",
|
|
4943
|
+
"Statement": [
|
|
4944
|
+
{
|
|
4945
|
+
"Effect": "Allow",
|
|
4946
|
+
"Action": [
|
|
4947
|
+
"secretsmanager:GetResourcePolicy",
|
|
4948
|
+
"secretsmanager:GetSecretValue",
|
|
4949
|
+
"secretsmanager:DescribeSecret",
|
|
4950
|
+
"secretsmanager:ListSecretVersionIds",
|
|
4951
|
+
],
|
|
4952
|
+
"Resource": "${" + aws_secret_resource.id + "}",
|
|
4953
|
+
}
|
|
4954
|
+
],
|
|
4955
|
+
}
|
|
4956
|
+
iam_policy_resource = aws_iam_policy(
|
|
4957
|
+
secret_identifier,
|
|
4958
|
+
name=f"{identifier}-secretsmanager-policy",
|
|
4959
|
+
policy=json.dumps(policy, sort_keys=True),
|
|
4960
|
+
tags=tags,
|
|
4961
|
+
)
|
|
4962
|
+
tf_resources.append(iam_policy_resource)
|
|
4963
|
+
|
|
4964
|
+
output_name = output_prefix + "__secret_name"
|
|
4965
|
+
output_value = secret_name
|
|
4966
|
+
tf_resources.append(Output(output_name, value=output_value))
|
|
4967
|
+
output_name = output_prefix + "__secret_policy_arn"
|
|
4968
|
+
output_value = "${" + iam_policy_resource.arn + "}"
|
|
4969
|
+
tf_resources.append(Output(output_name, value=output_value))
|
|
4970
|
+
# master_user_name
|
|
4971
|
+
output_name = output_prefix + "__master_user_name"
|
|
4972
|
+
output_value = master_user["master_user_name"]
|
|
4973
|
+
tf_resources.append(
|
|
4974
|
+
Output(output_name, value=output_value, sensitive=True)
|
|
4975
|
+
)
|
|
4976
|
+
# master_user_password
|
|
4977
|
+
output_name = output_prefix + "__master_user_password"
|
|
4978
|
+
output_value = master_user["master_user_password"]
|
|
4979
|
+
tf_resources.append(
|
|
4980
|
+
Output(output_name, value=output_value, sensitive=True)
|
|
4981
|
+
)
|
|
4903
4982
|
|
|
4904
4983
|
es_tf_resource = aws_elasticsearch_domain(identifier, **es_values)
|
|
4905
4984
|
tf_resources.append(es_tf_resource)
|
|
@@ -4931,70 +5010,6 @@ class TerrascriptClient: # pylint: disable=too-many-public-methods
|
|
|
4931
5010
|
"${aws_elasticsearch_domain." + identifier + ".vpc_options.0.vpc_id}"
|
|
4932
5011
|
)
|
|
4933
5012
|
tf_resources.append(Output(output_name, value=output_value))
|
|
4934
|
-
# add master user creds to output and secretsmanager if internal_user_database_enabled
|
|
4935
|
-
security_options = es_values.get("advanced_security_options")
|
|
4936
|
-
if security_options and security_options.get(
|
|
4937
|
-
"internal_user_database_enabled", False
|
|
4938
|
-
):
|
|
4939
|
-
master_user = security_options["master_user_options"]
|
|
4940
|
-
secret_name = f"qrtf/es/{identifier}"
|
|
4941
|
-
secret_identifier = secret_name.replace("/", "-")
|
|
4942
|
-
secret_values = {"name": secret_name, "tags": tags}
|
|
4943
|
-
if provider:
|
|
4944
|
-
secret_values["provider"] = provider
|
|
4945
|
-
aws_secret_resource = aws_secretsmanager_secret(
|
|
4946
|
-
secret_identifier, **secret_values
|
|
4947
|
-
)
|
|
4948
|
-
tf_resources.append(aws_secret_resource)
|
|
4949
|
-
|
|
4950
|
-
version_values = {
|
|
4951
|
-
"secret_id": "${" + aws_secret_resource.id + "}",
|
|
4952
|
-
"secret_string": json.dumps(master_user, sort_keys=True),
|
|
4953
|
-
}
|
|
4954
|
-
if provider:
|
|
4955
|
-
version_values["provider"] = provider
|
|
4956
|
-
aws_version_resource = aws_secretsmanager_secret_version(
|
|
4957
|
-
secret_identifier, **version_values
|
|
4958
|
-
)
|
|
4959
|
-
tf_resources.append(aws_version_resource)
|
|
4960
|
-
|
|
4961
|
-
policy = {
|
|
4962
|
-
"Version": "2012-10-17",
|
|
4963
|
-
"Statement": [
|
|
4964
|
-
{
|
|
4965
|
-
"Effect": "Allow",
|
|
4966
|
-
"Action": [
|
|
4967
|
-
"secretsmanager:GetResourcePolicy",
|
|
4968
|
-
"secretsmanager:GetSecretValue",
|
|
4969
|
-
"secretsmanager:DescribeSecret",
|
|
4970
|
-
"secretsmanager:ListSecretVersionIds",
|
|
4971
|
-
],
|
|
4972
|
-
"Resource": "${" + aws_secret_resource.id + "}",
|
|
4973
|
-
}
|
|
4974
|
-
],
|
|
4975
|
-
}
|
|
4976
|
-
iam_policy_resource = aws_iam_policy(
|
|
4977
|
-
secret_identifier,
|
|
4978
|
-
name=f"{identifier}-secretsmanager-policy",
|
|
4979
|
-
policy=json.dumps(policy, sort_keys=True),
|
|
4980
|
-
tags=tags,
|
|
4981
|
-
)
|
|
4982
|
-
tf_resources.append(iam_policy_resource)
|
|
4983
|
-
|
|
4984
|
-
output_name = output_prefix + "__secret_name"
|
|
4985
|
-
output_value = secret_name
|
|
4986
|
-
tf_resources.append(Output(output_name, value=output_value))
|
|
4987
|
-
output_name = output_prefix + "__secret_policy_arn"
|
|
4988
|
-
output_value = "${" + iam_policy_resource.arn + "}"
|
|
4989
|
-
tf_resources.append(Output(output_name, value=output_value))
|
|
4990
|
-
# master_user_name
|
|
4991
|
-
output_name = output_prefix + "__master_user_name"
|
|
4992
|
-
output_value = master_user["master_user_name"]
|
|
4993
|
-
tf_resources.append(Output(output_name, value=output_value, sensitive=True))
|
|
4994
|
-
# master_user_password
|
|
4995
|
-
output_name = output_prefix + "__master_user_password"
|
|
4996
|
-
output_value = master_user["master_user_password"]
|
|
4997
|
-
tf_resources.append(Output(output_name, value=output_value, sensitive=True))
|
|
4998
5013
|
|
|
4999
5014
|
self.add_resources(account, tf_resources)
|
|
5000
5015
|
|
{qontract_reconcile-0.10.2.dev153.dist-info → qontract_reconcile-0.10.2.dev155.dist-info}/WHEEL
RENAMED
|
File without changes
|
|
File without changes
|