qontract-reconcile 0.10.2.dev247__py3-none-any.whl → 0.10.2.dev248__py3-none-any.whl

{qontract_reconcile-0.10.2.dev247.dist-info → qontract_reconcile-0.10.2.dev248.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev247
+Version: 0.10.2.dev248
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile
@@ -205,7 +205,6 @@ OpenShift templates can be found [here](/openshift/qontract-reconcile.yaml). In
   ocm-clusters                    Manages clusters via OCM.
   ocm-external-configuration-labels
                                   Manage External Configuration labels in OCM.
-  ocm-github-idp                  Manage GitHub Identity Providers in OCM.
   ocm-groups                      Manage membership in OpenShift groups via
                                   OCM.
   ocm-internal-notifications      Notifications to internal Red Hat users

{qontract_reconcile-0.10.2.dev247.dist-info → qontract_reconcile-0.10.2.dev248.dist-info}/RECORD

@@ -8,7 +8,7 @@ reconcile/aws_iam_password_reset.py,sha256=O0JX2N5kNRKs3u2xzu4NNrI6p0ag5JWy3MTsv
 reconcile/aws_support_cases_sos.py,sha256=PDhilxQ4TBxVnxUPIUdTbKEaNUI0wzPiEsB91oHT2fY,3384
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=O1wFp52EyF538c6txaWBs8eMtUIy19gyHZ6VzJ6QXS8,3512
 reconcile/checkpoint.py,sha256=gjtS8g6KIyKFYlHMSZjAqDUOlVh83nh4go-9yNrhWZU,5016
-reconcile/cli.py,sha256=mewdtUiv_j2OYNnjIMsc4BTbgDk6WTIotsyD-E4LwT4,112803
+reconcile/cli.py,sha256=BETiU1ewxtown2t7x-h9xlEwSOWL60nFnoV-1Zg_rm4,112510
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=al7m8EgnnYx90rY1REryW3byN_ItfJfAzEeLtjbCfi0,4921
 reconcile/cluster_deployment_mapper.py,sha256=5gumAaRCcFXsabUJ1dnuUy9WrP_FEEM5JnOnE8ch9sE,2326
 reconcile/dashdotdb_base.py,sha256=83ZWIf5JJk3P_D69y2TmXRcQr6ELJGlv10OM0h7fJVs,4767
@@ -51,7 +51,6 @@ reconcile/ocm_addons_upgrade_tests_trigger.py,sha256=A9zXeYG-_52DsS1dz47yDSnHz62
 reconcile/ocm_aws_infrastructure_access.py,sha256=rrlcQxvRTmKyYOUR1C-Nlxj_o_iCDSxc7PNoELUDiew,6892
 reconcile/ocm_clusters.py,sha256=he-BkbEb-ozHuZNqRr2nIWUjBHhLF-2Jvcctx4K3eK4,17021
 reconcile/ocm_external_configuration_labels.py,sha256=imEpDv1RBpCSj8tHDv0R76hmNCFtcUzVNgS1yOVl8vs,3870
-reconcile/ocm_github_idp.py,sha256=glwXMsIBcl38-OmDDQCpe0YoLLXfoRgVQmqwXMEXjds,3946
 reconcile/ocm_groups.py,sha256=nz6n4a0ZVDClpm1HbPfcwJ8fw3AYg7o4DCH-SBItVbs,3389
 reconcile/ocm_machine_pools.py,sha256=iiqReJMdzmvl9Ae0X1nT48WyROAoLS4pcI4Wk9NdWE0,16637
 reconcile/ocm_update_recommended_version.py,sha256=Vi3Y2sX-OQxx1mv_xiPQXnmrpsZzGIE38No0yBcTaD4,4204
@@ -730,7 +729,7 @@ reconcile/utils/ocm/identity_providers.py,sha256=dKed09N8iWmn39tI_MpwgVe47x23eLs
 reconcile/utils/ocm/label_sources.py,sha256=ES_5VP4X6gsRxMFZ95WgbwE_HqqIUo_JRjHjdGYw6Ss,1846
 reconcile/utils/ocm/labels.py,sha256=CmAgaOEPiaUb4gLtKab9vNkSDJceuREPd4ApgGcIA1U,6240
 reconcile/utils/ocm/manifests.py,sha256=Q6kgOeiAwLbJY_vO_BEW2oePvbLDZcMZk20YpJJGpOA,1195
-reconcile/utils/ocm/ocm.py,sha256=qDD7x4uhnr7WJenc5mN9XSttu4NhI8FDEUIc33nWKpM,33211
+reconcile/utils/ocm/ocm.py,sha256=4wXsptVwBRlJX19WLgZxZHjx6OJjuWSUyNOxac1EBGM,31454
 reconcile/utils/ocm/products.py,sha256=Ki9o0VV4z_FsXQaJtSFzlUnxLvpk1H-RamvJpUwwbuQ,26006
 reconcile/utils/ocm/search_filters.py,sha256=uUCJ-XOEp4D5uxPW7lDqNe6s-mQWLOCqMu9_xvO6PXU,14798
 reconcile/utils/ocm/service_log.py,sha256=RG1f0MMn6joKaRCAm2xveSJCavdOPP1BVo9FXecDxaI,2018
@@ -798,7 +797,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev247.dist-info/METADATA,sha256=cWYfGDu3xHx3tih9Mz3sdUUtbrXc1Qks-MmS9n0J7Ps,24049
-qontract_reconcile-0.10.2.dev247.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev247.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev247.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev248.dist-info/METADATA,sha256=c3r-1NuxuH1uZzBEPnvPQsiGN3B6vQ6D0-BKyCLCcmo,23974
+qontract_reconcile-0.10.2.dev248.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev248.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev248.dist-info/RECORD,,

reconcile/cli.py

@@ -2958,15 +2958,6 @@ def ocm_aws_infrastructure_access(ctx: click.Context) -> None:
     run_integration(reconcile.ocm_aws_infrastructure_access, ctx)
 
 
-@integration.command(short_help="Manage GitHub Identity Providers in OCM.")
-@vault_input_path
-@click.pass_context
-def ocm_github_idp(ctx: click.Context, vault_input_path: str) -> None:
-    import reconcile.ocm_github_idp
-
-    run_integration(reconcile.ocm_github_idp, ctx, vault_input_path)
-
-
 @integration.command(
     short_help="Manage OIDC cluster configuration in OCM organizations based on OCM labels. Part of RHIDP."
 )

reconcile/utils/ocm/ocm.py

@@ -337,62 +337,6 @@ class OCM:  # pylint: disable=too-many-public-methods
             aws_infrastructure_access_role_grant_id = rg["id"]
             self._delete(f"{api}/{aws_infrastructure_access_role_grant_id}")
 
-    def get_github_idp_teams(self, cluster):
-        """Returns a list of details of GitHub IDP providers
-
-        :param cluster: cluster name
-
-        :type cluster: string
-        """
-        result_idps = []
-        cluster_id = self.cluster_ids.get(cluster)
-        if not cluster_id:
-            return result_idps
-        api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/identity_providers"
-        idps = self._get_json(api).get("items")
-        if not idps:
-            return result_idps
-
-        for idp in idps:
-            if idp["type"] != "GithubIdentityProvider":
-                continue
-            idp_name = idp["name"]
-            idp_github = idp["github"]
-
-            item = {
-                "id": idp["id"],
-                "cluster": cluster,
-                "name": idp_name,
-                "client_id": idp_github["client_id"],
-                "teams": idp_github.get("teams"),
-            }
-            result_idps.append(item)
-        return result_idps
-
-    def create_github_idp_teams(self, spec):
-        """Creates a new GitHub IDP
-
-        :param cluster: cluster name
-        :param spec: required information for idp creation
-
-        :type cluster: string
-        :type spec: dictionary
-        """
-        cluster = spec["cluster"]
-        cluster_id = self.cluster_ids[cluster]
-        api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/identity_providers"
-        payload = {
-            "type": "GithubIdentityProvider",
-            "mapping_method": "add",
-            "name": spec["name"],
-            "github": {
-                "client_id": spec["client_id"],
-                "client_secret": spec["client_secret"],
-                "teams": spec["teams"],
-            },
-        }
-        self._post(api, payload)
-
     def get_kubeconfig(self, cluster: str) -> str | None:
         """Returns the cluster credentials (kubeconfig)
 

reconcile/ocm_github_idp.py

@@ -1,117 +0,0 @@
-import logging
-import sys
-from collections.abc import Mapping
-from typing import Any
-
-from reconcile import queries
-from reconcile.status import ExitCodes
-from reconcile.utils.disabled_integrations import integration_is_enabled
-from reconcile.utils.ocm import OCMMap
-from reconcile.utils.secret_reader import SecretReader
-
-QONTRACT_INTEGRATION = "ocm-github-idp"
-
-
-def fetch_current_state(clusters, settings):
-    current_state = []
-    ocm_map = OCMMap(
-        clusters=clusters, integration=QONTRACT_INTEGRATION, settings=settings
-    )
-
-    for cluster_info in clusters:
-        cluster = cluster_info["name"]
-        ocm = ocm_map.get(cluster)
-        idps = ocm.get_github_idp_teams(cluster)
-        current_state.extend(idps)
-
-    return ocm_map, current_state
-
-
-def fetch_desired_state(clusters, vault_input_path, settings):
-    desired_state = []
-    error = False
-    secret_reader = SecretReader(settings=settings)
-    for cluster_info in clusters:
-        cluster = cluster_info["name"]
-        for auth in cluster_info["auth"]:
-            if auth["service"] != "github-org-team":
-                continue
-
-            org = auth["org"]
-            team = auth["team"]
-            secret = {
-                "path": f"{vault_input_path}/{QONTRACT_INTEGRATION}/{auth['service']}/{org}/{team}"
-            }
-            try:
-                oauth_data = secret_reader.read_all(secret)
-                client_id = oauth_data["client-id"]
-                client_secret = oauth_data["client-secret"]
-            except Exception:
-                logging.error(f"unable to read secret in path {secret['path']}")
-                error = True
-                continue
-            item = {
-                "cluster": cluster,
-                "name": f"github-{org}",
-                "client_id": client_id,
-                "client_secret": client_secret,
-                "teams": [f"{org}/{team}"],
-            }
-            desired_state.append(item)
-
-    return desired_state, error
-
-
-def sanitize(state):
-    return {k: v for k, v in state.items() if k not in {"client_secret", "id"}}
-
-
-def act(dry_run, ocm_map, current_state, desired_state):
-    sanitized_current_state = [sanitize(d) for d in current_state]
-    sanitized_desired_state = [sanitize(d) for d in desired_state]
-    to_add = [d for d in desired_state if sanitize(d) not in sanitized_current_state]
-    for item in to_add:
-        cluster = item["cluster"]
-        idp_name = item["name"]
-        team = item["teams"][0]
-        logging.info(["create_github_idp", cluster, idp_name, team])
-
-        if not dry_run:
-            ocm = ocm_map.get(cluster)
-            ocm.create_github_idp_teams(item)
-
-    to_remove = [d for d in current_state if sanitize(d) not in sanitized_desired_state]
-    for item in to_remove:
-        cluster = item["cluster"]
-        idp_name = item["name"]
-        team = item["teams"][0]
-        logging.info(["remove_github_idp", cluster, idp_name, team])
-
-        if not dry_run:
-            ocm = ocm_map.get(cluster)
-            ocm.delete_idp(cluster, item["id"])
-
-
-def _cluster_is_compatible(cluster: Mapping[str, Any]) -> bool:
-    return cluster.get("ocm") is not None and cluster.get("auth") is not None
-
-
-def run(dry_run, vault_input_path=""):
-    if not vault_input_path:
-        logging.error("must supply vault input path")
-        sys.exit(1)
-    settings = queries.get_app_interface_settings()
-    clusters = [
-        c
-        for c in queries.get_clusters()
-        if integration_is_enabled(QONTRACT_INTEGRATION, c) and _cluster_is_compatible(c)
-    ]
-    if not clusters:
-        logging.debug("No github-idp definitions found in app-interface")
-        sys.exit(ExitCodes.SUCCESS)
-
-    ocm_map, current_state = fetch_current_state(clusters, settings)
-    desired_state, error = fetch_desired_state(clusters, vault_input_path, settings)
-    if error:
-        sys.exit(1)
-    act(dry_run, ocm_map, current_state, desired_state)