qontract-reconcile 0.10.2.dev230__py3-none-any.whl → 0.10.2.dev232__py3-none-any.whl

{qontract_reconcile-0.10.2.dev230.dist-info → qontract_reconcile-0.10.2.dev232.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev230
+Version: 0.10.2.dev232
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile
@@ -160,7 +160,6 @@ OpenShift templates can be found [here](/openshift/qontract-reconcile.yaml). In
   github-repo-permissions-validator
                                   Validates permissions in github
                                   repositories.
-  github-users                    Validate compliance of GitHub user profiles.
   github-validator                Validates GitHub organization settings.
   gitlab-fork-compliance          Ensures that forks of App Interface are
                                   compliant.

{qontract_reconcile-0.10.2.dev230.dist-info → qontract_reconcile-0.10.2.dev232.dist-info}/RECORD

@@ -9,7 +9,7 @@ reconcile/aws_iam_password_reset.py,sha256=O0JX2N5kNRKs3u2xzu4NNrI6p0ag5JWy3MTsv
 reconcile/aws_support_cases_sos.py,sha256=PDhilxQ4TBxVnxUPIUdTbKEaNUI0wzPiEsB91oHT2fY,3384
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=O1wFp52EyF538c6txaWBs8eMtUIy19gyHZ6VzJ6QXS8,3512
 reconcile/checkpoint.py,sha256=_JhMxrye5BgkRMxWYuf7Upli6XayPINKSsuo3ynHTRc,5010
-reconcile/cli.py,sha256=vrUcahFtsq_yGAzaa1QDyZHbMqMsnsNHzrvW4BiV_xA,114159
+reconcile/cli.py,sha256=bDNLgSAIMkv1zE637ZJSO76nVdfjmhEsTA88jDuX50k,113598
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=al7m8EgnnYx90rY1REryW3byN_ItfJfAzEeLtjbCfi0,4921
 reconcile/cluster_deployment_mapper.py,sha256=5gumAaRCcFXsabUJ1dnuUy9WrP_FEEM5JnOnE8ch9sE,2326
 reconcile/dashdotdb_base.py,sha256=83ZWIf5JJk3P_D69y2TmXRcQr6ELJGlv10OM0h7fJVs,4767
@@ -26,7 +26,6 @@ reconcile/github_org.py,sha256=Wc5cZamatuWsW2ZJT2ib5ps8l3iY3RXHwNUxVJerqz0,14173
 reconcile/github_owners.py,sha256=viE1KJ-zaTxuZ5yItg2C263J0brn-Q-3hR_DkYDMbhY,3122
 reconcile/github_repo_invites.py,sha256=U9UCzNVwrZ7MqODtFah8ogH0NNY-XjBin7G9gqHtCUY,2690
 reconcile/github_repo_permissions_validator.py,sha256=PNqL4dqa2OaNBy-NmLVN-t1HZa6eS6HgSYmfOunYqtA,1798
-reconcile/github_users.py,sha256=ZeYNMyvZPVMx6mh5TiKEUQy4W1uw3VmUZOHiXus5I0Y,5073
 reconcile/github_validator.py,sha256=-j17tn3csFVjPMSPL3te48iWVkPZCncRXdeKeLdGjjQ,931
 reconcile/gitlab_fork_compliance.py,sha256=RbHckzLnE9zkOFHJANzoejEMMbMAivmqJVs3Suvp9lU,4591
 reconcile/gitlab_housekeeping.py,sha256=JEnerWbirICkJQy91ZVepcHge2XWrVUazfIeKnZ94ZQ,26345
@@ -612,7 +611,7 @@ reconcile/utils/external_resources.py,sha256=YzTb0xAcNdmKO326mGQy7BmST56CZcdru4l
 reconcile/utils/filtering.py,sha256=S4PbMHuFr3ED0P2Q_ea5CAaB7FimI62B-F5YTaKrphA,402
 reconcile/utils/git.py,sha256=o4p9m8jlzCJDcutl2HErvGLhL6sZ1NB4Aw3zGcQIzso,2427
 reconcile/utils/github_api.py,sha256=S1vO-hvYPzm5BIychVIHSYibMns0HBmLgS78MkPfunE,3402
-reconcile/utils/gitlab_api.py,sha256=-wf1praBpU9h4TratCnAPBHEYgYJZLib6dl6Nszzrrw,28761
+reconcile/utils/gitlab_api.py,sha256=4-DG5wV7k0jSl4Yp4ELQbp3qJY6uYuHukiZJ5tYkhCM,28648
 reconcile/utils/gpg.py,sha256=EKG7_fdMv8BMlV5yUdPiqoTx-KrzmVSEAl2sLkaKwWI,1123
 reconcile/utils/gql.py,sha256=C0thIm_k9MBldfqwHzyqtYZk9sIvMdm9IbbnXLGwjD8,14158
 reconcile/utils/grouping.py,sha256=vr9SFHZ7bqmHYrvYcEZt-Er3-yQYfAAdq5sHLZVmXPY,456
@@ -662,7 +661,6 @@ reconcile/utils/smtp_client.py,sha256=0xefB4I9E5eBB-FlxFJYjvz3Kvuqi_K3Ma_Wk0NAQK
 reconcile/utils/sqs_gateway.py,sha256=XNIf3PY4UCPNufP2Ul0UJj3fKlt5larBba-VTT-41Fg,2265
 reconcile/utils/state.py,sha256=az4tBmZ0EdbFcAGiBVUxs3cr2-BVWsuDQiNTvjjQq8s,16378
 reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
-reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=IDlrNvGEc2i6ElZIL_fzaJEad1nRC3DkP9_VXhJXmU0,37329
 reconcile/utils/terrascript_aws_client.py,sha256=RkiYjRietHFNXtfA1-WEZ1lZbJFBA_XCtTOsZUij5VM,292360
 reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
@@ -700,7 +698,7 @@ reconcile/utils/internal_groups/models.py,sha256=y_IqBVqfGqNXiu0VudvBWFrm_-uafVm
 reconcile/utils/jinja2/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/jinja2/extensions.py,sha256=7K-uo6G2eCWa98MHT8fRPYIKCLQB_5D2keqQ_LyAfHM,1293
 reconcile/utils/jinja2/filters.py,sha256=JfO_14APySBPidsMvHXG-8dULNPddZCE15Umjk_aSBk,4830
-reconcile/utils/jinja2/utils.py,sha256=UTA0oOdhUgUBY57lWxgJS9WIAzP1ONm7mgGhY_DrczM,8821
+reconcile/utils/jinja2/utils.py,sha256=1ucq5RHn9BV6bLvu9L6ji1X7Aus61Y6kU9HU-UicXfk,9053
 reconcile/utils/jobcontroller/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/jobcontroller/controller.py,sha256=Vh08lZuCSIIceWGSDhBB00iFwTI9eeKZW1sfHlkAvSo,15373
 reconcile/utils/jobcontroller/models.py,sha256=x9YIvWfYOOvXNKToFVx1H7qDrZb0Sa1KI_4Y0gl7rMM,6336
@@ -803,7 +801,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev230.dist-info/METADATA,sha256=dkDDpJd-ycaLjY3mepy5DzTOq2liq8Z86xkeu8NjVhM,24431
-qontract_reconcile-0.10.2.dev230.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev230.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev230.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev232.dist-info/METADATA,sha256=tnLkovENBUt8KdPD7fs4Sr3JJweV3mXEbw0IrFobGy4,24352
+qontract_reconcile-0.10.2.dev232.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev232.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev232.dist-info/RECORD,,

reconcile/cli.py

@@ -759,31 +759,6 @@ def github_owners(ctx: click.Context) -> None:
     run_integration(reconcile.github_owners, ctx)
 
 
-@integration.command(short_help="Validate compliance of GitHub user profiles.")
-@gitlab_project_id
-@threaded()
-@enable_deletion(default=False)
-@send_mails(default=False)
-@click.pass_context
-def github_users(
-    ctx: click.Context,
-    gitlab_project_id: str | None,
-    thread_pool_size: int,
-    enable_deletion: bool,
-    send_mails: bool,
-) -> None:
-    import reconcile.github_users
-
-    run_integration(
-        reconcile.github_users,
-        ctx,
-        gitlab_project_id,
-        thread_pool_size,
-        enable_deletion,
-        send_mails,
-    )
-
-
 @integration.command(short_help="Validates GitHub organization settings.")
 @click.pass_context
 def github_validator(ctx: click.Context) -> None:

reconcile/utils/gitlab_api.py

@@ -298,16 +298,15 @@ class GitLabApi:
 
     @staticmethod
     def _is_bot_username(username: str) -> bool:
-        """crudely checking for the username
-
-        as gitlab-python require a major upgrade to use the billable members apis
-        https://python-gitlab.readthedocs.io/en/stable/gl_objects/groups.html#id11 lists the api
-        billable_membersis the attribute that provides billable members of groups
+        """
+        Checks if a given username matches the pattern for an internal GitLab bot user.
 
-        the second api is https://python-gitlab.readthedocs.io/en/stable/gl_objects/group_access_tokens.html
-        which provides a list of access tokens as well as their assigned users
+        This method uses a regular expression (GROUP_BOT_NAME_REGEX) to determine
+        if the username conforms to the naming convention for internal GitLab bots,
+        as described in the GitLab documentation.
 
-        those apis are not avaliable in python-gitlab v1.x
+        Reference:
+            - GitLab Internal Users Documentation: https://docs.gitlab.com/administration/internal_users/
         """
         return GROUP_BOT_NAME_REGEX.match(username) is not None
 

reconcile/utils/jinja2/utils.py

@@ -1,15 +1,17 @@
 import datetime
+import os
 from functools import cache
 from typing import Any, Self
 
 import jinja2
+from github import Github
 from jinja2.sandbox import SandboxedEnvironment
 from pydantic import BaseModel
 from sretoolbox.utils import retry
 
 from reconcile import queries
 from reconcile.checkpoint import url_makes_sense
-from reconcile.github_users import init_github
+from reconcile.github_org import get_default_config
 from reconcile.utils import gql
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.github_api import GithubRepositoryApi
@@ -97,6 +99,14 @@ def compile_jinja2_template(
     return jinja_env.from_string(body)
 
 
+GH_BASE_URL = os.environ.get("GITHUB_API", "https://api.github.com")
+
+
+def init_github() -> Github:
+    token = get_default_config()["token"]
+    return Github(token, base_url=GH_BASE_URL)
+
+
 def lookup_github_file_content(
     repo: str,
     path: str,

reconcile/github_users.py

@@ -1,158 +0,0 @@
-import logging
-import os
-import re
-from collections import defaultdict
-from collections.abc import Callable
-
-from github import Github
-from github.GithubException import GithubException
-from requests.exceptions import ReadTimeout
-from sretoolbox.utils import (
-    retry,
-    threaded,
-)
-
-from reconcile import (
-    mr_client_gateway,
-    queries,
-    typed_queries,
-)
-from reconcile.github_org import get_default_config
-from reconcile.utils.defer import defer
-from reconcile.utils.mr import CreateDeleteUserAppInterface
-from reconcile.utils.mr.user_maintenance import PathSpec, PathTypes
-from reconcile.utils.secret_reader import SecretReader
-from reconcile.utils.smtp_client import (
-    DEFAULT_SMTP_TIMEOUT,
-    SmtpClient,
-    get_smtp_server_connection,
-)
-
-GH_BASE_URL = os.environ.get("GITHUB_API", "https://api.github.com")
-
-QONTRACT_INTEGRATION = "github-users"
-
-UserAndCompany = tuple[str, str | None]
-
-
-def init_github() -> Github:
-    token = get_default_config()["token"]
-    return Github(token, base_url=GH_BASE_URL)
-
-
-def init_users_and_paths() -> list[dict[str, list]]:
-    app_int_users = queries.get_users(refs=True)
-
-    users = defaultdict(list)
-    for user in app_int_users:
-        u = user["org_username"]
-        item = PathSpec(type=PathTypes.USER, path=user["path"])
-        users[u].append(item)
-        for r in user.get("requests"):
-            item = PathSpec(type=PathTypes.REQUEST, path=r["path"])
-            users[u].append(item)
-        for q in user.get("queries"):
-            item = PathSpec(type=PathTypes.QUERY, path=q["path"])
-            users[u].append(item)
-        for g in user.get("gabi_instances"):
-            item = PathSpec(type=PathTypes.GABI, path=g["path"])
-            users[u].append(item)
-        for a in user.get("aws_accounts", []):
-            item = PathSpec(type=PathTypes.AWS_ACCOUNTS, path=a["path"])
-            users[u].append(item)
-        for s in user.get("schedules"):
-            item = PathSpec(type=PathTypes.SCHEDULE, path=s["path"])
-            users[u].append(item)
-
-    return [{"username": username, "paths": paths} for username, paths in users.items()]
-
-
-@retry(exceptions=(GithubException, ReadTimeout))
-def get_user_company(user: dict, github: Github) -> UserAndCompany:
-    gh_user = github.get_user(login=user["github_username"])
-    return user["org_username"], gh_user.company
-
-
-def get_users_to_delete(results: list[UserAndCompany]) -> list[dict]:
-    pattern = r"^.*[Rr]ed ?[Hh]at.*$"
-    org_usernames_to_delete = [
-        u for u, c in results if c is None or not re.search(pattern, c)
-    ]
-    users_and_paths = init_users_and_paths()
-    return [u for u in users_and_paths if u["username"] in org_usernames_to_delete]
-
-
-def send_email_notification(user: dict, smtp_client: SmtpClient) -> None:
-    msg_template = """
-Hello,
-
-This is an automated message coming from App-Interface.
-
-The App SRE team adheres to the OpenShift GitHub policy:
-https://mojo.redhat.com/docs/DOC-1200784
-
-Your GitHub profile does not comply with the following requirements:
-
-- Company field should contain "Red Hat".
-
-
-For any questions, please ping @app-sre-ic on #sd-app-sre in CoreOS Slack,
-or mail us at sd-app-sre@redhat.com.
-
-App-Interface repository: https://gitlab.cee.redhat.com/service/app-interface
-
-"""
-    to = user["username"]
-    subject = "App-Interface compliance - GitHub profile"
-    body = msg_template
-    smtp_client.send_mail([to], subject, body)
-
-
-@defer
-def run(
-    dry_run: bool,
-    gitlab_project_id: str | None = None,
-    thread_pool_size: int = 10,
-    enable_deletion: bool = False,
-    send_mails: bool = False,
-    defer: Callable | None = None,
-) -> None:
-    smtp_settings = typed_queries.smtp.settings()
-    smtp_client = SmtpClient(
-        server=get_smtp_server_connection(
-            secret_reader=SecretReader(settings=queries.get_secret_reader_settings()),
-            secret=smtp_settings.credentials,
-        ),
-        mail_address=smtp_settings.mail_address,
-        timeout=smtp_settings.timeout or DEFAULT_SMTP_TIMEOUT,
-    )
-    users = queries.get_users()
-    g = init_github()
-
-    results = threaded.run(get_user_company, users, thread_pool_size, github=g)
-
-    users_to_delete = get_users_to_delete(results)
-
-    if not dry_run and enable_deletion:
-        mr_cli = mr_client_gateway.init(gitlab_project_id=gitlab_project_id)
-        if defer:
-            defer(mr_cli.cleanup)
-
-    for user in users_to_delete:
-        username = user["username"]
-        paths = user["paths"]
-        logging.info(["delete_user", username])
-
-        if not dry_run:
-            if send_mails:
-                send_email_notification(user, smtp_client)
-            elif enable_deletion:
-                mr = CreateDeleteUserAppInterface(username, paths)
-                mr.submit(cli=mr_cli)
-            else:
-                msg = (
-                    "'delete' action is not enabled. "
-                    "Please run the integration manually "
-                    "with the '--enable-deletion' flag."
-                )
-                logging.warning(msg)

reconcile/utils/template.py

@@ -1,12 +0,0 @@
-import os
-
-import jinja2
-
-from reconcile import templates
-
-
-def get_package_environment():
-    """Loads templates from the current Python package"""
-    templates_dir = os.path.dirname(templates.__file__)
-    template_loader = jinja2.FileSystemLoader(searchpath=templates_dir)
-    return jinja2.Environment(loader=template_loader)