qontract-reconcile 0.10.2.dev247__py3-none-any.whl → 0.10.2.dev249__py3-none-any.whl

{qontract_reconcile-0.10.2.dev247.dist-info → qontract_reconcile-0.10.2.dev249.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev247
+Version: 0.10.2.dev249
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile
@@ -205,7 +205,6 @@ OpenShift templates can be found [here](/openshift/qontract-reconcile.yaml). In
   ocm-clusters                    Manages clusters via OCM.
   ocm-external-configuration-labels
                                   Manage External Configuration labels in OCM.
-  ocm-github-idp                  Manage GitHub Identity Providers in OCM.
   ocm-groups                      Manage membership in OpenShift groups via
                                   OCM.
   ocm-internal-notifications      Notifications to internal Red Hat users

{qontract_reconcile-0.10.2.dev247.dist-info → qontract_reconcile-0.10.2.dev249.dist-info}/RECORD

@@ -8,7 +8,7 @@ reconcile/aws_iam_password_reset.py,sha256=O0JX2N5kNRKs3u2xzu4NNrI6p0ag5JWy3MTsv
 reconcile/aws_support_cases_sos.py,sha256=PDhilxQ4TBxVnxUPIUdTbKEaNUI0wzPiEsB91oHT2fY,3384
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=O1wFp52EyF538c6txaWBs8eMtUIy19gyHZ6VzJ6QXS8,3512
 reconcile/checkpoint.py,sha256=gjtS8g6KIyKFYlHMSZjAqDUOlVh83nh4go-9yNrhWZU,5016
-reconcile/cli.py,sha256=mewdtUiv_j2OYNnjIMsc4BTbgDk6WTIotsyD-E4LwT4,112803
+reconcile/cli.py,sha256=BETiU1ewxtown2t7x-h9xlEwSOWL60nFnoV-1Zg_rm4,112510
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=al7m8EgnnYx90rY1REryW3byN_ItfJfAzEeLtjbCfi0,4921
 reconcile/cluster_deployment_mapper.py,sha256=5gumAaRCcFXsabUJ1dnuUy9WrP_FEEM5JnOnE8ch9sE,2326
 reconcile/dashdotdb_base.py,sha256=83ZWIf5JJk3P_D69y2TmXRcQr6ELJGlv10OM0h7fJVs,4767
@@ -51,7 +51,6 @@ reconcile/ocm_addons_upgrade_tests_trigger.py,sha256=A9zXeYG-_52DsS1dz47yDSnHz62
 reconcile/ocm_aws_infrastructure_access.py,sha256=rrlcQxvRTmKyYOUR1C-Nlxj_o_iCDSxc7PNoELUDiew,6892
 reconcile/ocm_clusters.py,sha256=he-BkbEb-ozHuZNqRr2nIWUjBHhLF-2Jvcctx4K3eK4,17021
 reconcile/ocm_external_configuration_labels.py,sha256=imEpDv1RBpCSj8tHDv0R76hmNCFtcUzVNgS1yOVl8vs,3870
-reconcile/ocm_github_idp.py,sha256=glwXMsIBcl38-OmDDQCpe0YoLLXfoRgVQmqwXMEXjds,3946
 reconcile/ocm_groups.py,sha256=nz6n4a0ZVDClpm1HbPfcwJ8fw3AYg7o4DCH-SBItVbs,3389
 reconcile/ocm_machine_pools.py,sha256=iiqReJMdzmvl9Ae0X1nT48WyROAoLS4pcI4Wk9NdWE0,16637
 reconcile/ocm_update_recommended_version.py,sha256=Vi3Y2sX-OQxx1mv_xiPQXnmrpsZzGIE38No0yBcTaD4,4204
@@ -104,7 +103,7 @@ reconcile/slack_base.py,sha256=I-msunWxfgu5bSwXYulGbtLjxUB_tRmTCAUCU-3nabI,3484
 reconcile/slack_usergroups.py,sha256=xFkVe67RXSUj8JvpfSFEiRdQzB0TnJJEHW_b5PEwLng,30213
 reconcile/sql_query.py,sha256=auZCWe6dytsDp83Imfo4zqkpMCLRXU007IUlPeUE3j4,26376
 reconcile/status.py,sha256=cY4IJFXemhxptRJqR4qaaOWqei9e4jgLXuVSGajMsjg,544
-reconcile/status_board.py,sha256=Hxx6sFFyPTNi6zY-qlAco9OqPvdx6Kbgce0DunDUsNQ,15838
+reconcile/status_board.py,sha256=wDto8vVFXHLIGwh4MfvsXTogVQ08JhqyDmhOyjjTJyk,15288
 reconcile/terraform_aws_route53.py,sha256=dQzzT46YhwRA902_H6pi-f7WlX4EaH187wXSdmJAUkQ,9958
 reconcile/terraform_cloudflare_dns.py,sha256=-aLEe2QnH5cJPu7HWqs-R9NmQ1NlFbcVUm0v7alVL3I,13431
 reconcile/terraform_cloudflare_resources.py,sha256=pq8Ieo5NmB-dYQ9X2F0s6iEoINMzhiqGw2yQK4ovok4,14980
@@ -730,7 +729,7 @@ reconcile/utils/ocm/identity_providers.py,sha256=dKed09N8iWmn39tI_MpwgVe47x23eLs
 reconcile/utils/ocm/label_sources.py,sha256=ES_5VP4X6gsRxMFZ95WgbwE_HqqIUo_JRjHjdGYw6Ss,1846
 reconcile/utils/ocm/labels.py,sha256=CmAgaOEPiaUb4gLtKab9vNkSDJceuREPd4ApgGcIA1U,6240
 reconcile/utils/ocm/manifests.py,sha256=Q6kgOeiAwLbJY_vO_BEW2oePvbLDZcMZk20YpJJGpOA,1195
-reconcile/utils/ocm/ocm.py,sha256=qDD7x4uhnr7WJenc5mN9XSttu4NhI8FDEUIc33nWKpM,33211
+reconcile/utils/ocm/ocm.py,sha256=4wXsptVwBRlJX19WLgZxZHjx6OJjuWSUyNOxac1EBGM,31454
 reconcile/utils/ocm/products.py,sha256=Ki9o0VV4z_FsXQaJtSFzlUnxLvpk1H-RamvJpUwwbuQ,26006
 reconcile/utils/ocm/search_filters.py,sha256=uUCJ-XOEp4D5uxPW7lDqNe6s-mQWLOCqMu9_xvO6PXU,14798
 reconcile/utils/ocm/service_log.py,sha256=RG1f0MMn6joKaRCAm2xveSJCavdOPP1BVo9FXecDxaI,2018
@@ -798,7 +797,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev247.dist-info/METADATA,sha256=cWYfGDu3xHx3tih9Mz3sdUUtbrXc1Qks-MmS9n0J7Ps,24049
-qontract_reconcile-0.10.2.dev247.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev247.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev247.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev249.dist-info/METADATA,sha256=gwjkeR4GBIHNQvWj-GxTlvIelNg9lny81cU3jDwHC8c,23974
+qontract_reconcile-0.10.2.dev249.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev249.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev249.dist-info/RECORD,,

reconcile/cli.py

@@ -2958,15 +2958,6 @@ def ocm_aws_infrastructure_access(ctx: click.Context) -> None:
     run_integration(reconcile.ocm_aws_infrastructure_access, ctx)
 
 
-@integration.command(short_help="Manage GitHub Identity Providers in OCM.")
-@vault_input_path
-@click.pass_context
-def ocm_github_idp(ctx: click.Context, vault_input_path: str) -> None:
-    import reconcile.ocm_github_idp
-
-    run_integration(reconcile.ocm_github_idp, ctx, vault_input_path)
-
-
 @integration.command(
     short_help="Manage OIDC cluster configuration in OCM organizations based on OCM labels. Part of RHIDP."
 )

reconcile/status_board.py

@@ -5,9 +5,7 @@ from abc import (
 )
 from collections.abc import Iterable, Mapping
 from enum import Enum
-from typing import (
-    Optional,
-)
+from itertools import chain
 
 from pydantic import BaseModel
 
@@ -122,11 +120,11 @@ class Product(AbstractStatusBoard):
 
 
 class Application(AbstractStatusBoard):
-    product: Optional["Product"]
+    product: Product
     services: list["Service"] | None
 
     def create(self, ocm: OCMBaseClient) -> None:
-        if self.product and self.product.id:
+        if self.product.id:
             spec = self.to_ocm_spec()
             self.id = create_application(ocm, spec)
         else:
@@ -147,7 +145,7 @@ class Application(AbstractStatusBoard):
         return f'Application: "{self.name}" "{self.fullname}"'
 
     def to_ocm_spec(self) -> ApplicationOCMSpec:
-        product_id = self.product.id if self.product and self.product.id else ""
+        product_id = self.product.id or ""
         return {
             "name": self.name,
             "fullname": self.fullname,
@@ -160,18 +158,12 @@ class Application(AbstractStatusBoard):
 
 
 class Service(AbstractStatusBoard):
-    # `application` here is used to create a flat map to easily compare state.
-    # This field is optional so we can create the Service object without the
-    # need to create an Application object first.
-    # This filed is needed when we are creating a Service on teh OCM API.
-    # This field is not used when we are mapping the services that belongs to an
-    # application in that case we use the `services` field in Application class.
-    application: Optional["Application"]
+    application: Application
     metadata: ServiceMetadataSpec
 
     def create(self, ocm: OCMBaseClient) -> None:
         spec = self.to_ocm_spec()
-        if self.application and self.application.id:
+        if self.application.id:
             self.id = create_service(ocm, spec)
         else:
             logging.warning("Missing application id for service")
@@ -187,7 +179,7 @@ class Service(AbstractStatusBoard):
             logging.error(f'Trying to update Service "{self.name}" without id')
             return
         spec = self.to_ocm_spec()
-        if self.application and self.application.id:
+        if self.application.id:
             update_service(ocm, self.id, spec)
         else:
             logging.warning("Missing application id for service")
@@ -196,9 +188,7 @@ class Service(AbstractStatusBoard):
         return f'Service: "{self.name}" "{self.fullname}"'
 
     def to_ocm_spec(self) -> ServiceOCMSpec:
-        application_id = (
-            self.application.id if self.application and self.application.id else ""
-        )
+        application_id = self.application.id or ""
 
         return {
             "name": self.name,
@@ -281,21 +271,24 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
                 logging.error(f'Product "{p.name}" has no id')
                 continue
             p.applications = [
-                Application(**a) for a in get_product_applications(ocm_api, p.id)
+                Application(**a, product=p)
+                for a in get_product_applications(ocm_api, p.id)
             ]
             for a in p.applications:
                 if not a.id:
                     logging.error(f'Application "{a.name}" has no id')
                     continue
                 a.services = [
-                    Service(**s) for s in get_application_services(ocm_api, a.id)
+                    Service(**s, application=a)
+                    for s in get_application_services(ocm_api, a.id)
                 ]
 
         return products
 
     @staticmethod
     def desired_abstract_status_board_map(
-        desired_product_apps: Mapping[str, set[str]], slodocs: list[SLODocumentV1]
+        desired_product_apps: Mapping[str, set[str]],
+        slodocs: list[SLODocumentV1],
     ) -> dict[str, AbstractStatusBoard]:
         """
         Returns a Mapping of all the AbstractStatusBoard data objects as dictionaries.
@@ -304,25 +297,26 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
         on Status Board OCM API.
         """
         desired_abstract_status_board_map: dict[str, AbstractStatusBoard] = {}
-        for product, apps in desired_product_apps.items():
-            desired_abstract_status_board_map[product] = Product(
-                name=product, fullname=product, applications=[], metadata={}
+        for product_name, apps in desired_product_apps.items():
+            product = Product(
+                id=None, name=product_name, fullname=product_name, applications=[]
             )
+            desired_abstract_status_board_map[product_name] = product
             for a in apps:
-                key = f"{product}/{a}"
+                key = f"{product_name}/{a}"
                 desired_abstract_status_board_map[key] = Application(
+                    id=None,
                     name=a,
                     fullname=key,
                     services=[],
-                    product=desired_abstract_status_board_map[product],
-                    metadata={},
+                    product=product,
                 )
         for slodoc in slodocs:
             products = [
                 ns.namespace.environment.product.name for ns in slodoc.namespaces
             ]
             for slo in slodoc.slos or []:
-                for product in products:
+                for product_name in products:
                     if slodoc.app.parent_app:
                         app = f"{slodoc.app.parent_app.name}-{slodoc.app.name}"
                     else:
@@ -330,8 +324,8 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
 
                     # Check if the product or app is excluded from the desired list
                     product_or_app_excluded = (
-                        product not in desired_product_apps
-                        or app not in desired_product_apps.get(product, set())
+                        product_name not in desired_product_apps
+                        or app not in desired_product_apps.get(product_name, set())
                     )
 
                     # Check if statusBoard label exists and is explicitly disabled
@@ -344,8 +338,8 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
                     if product_or_app_excluded or not status_board_enabled:
                         continue
 
-                    key = f"{product}/{app}/{slo.name}"
-                    metadata = {
+                    key = f"{product_name}/{app}/{slo.name}"
+                    metadata: ServiceMetadataSpec = {
                         "sli_type": slo.sli_type,
                         "sli_specification": slo.sli_specification,
                         "slo_details": slo.slo_details,
@@ -354,11 +348,12 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
                         "window": slo.slo_parameters.window,
                     }
                     desired_abstract_status_board_map[key] = Service(
+                        id=None,
                         name=slo.name,
                         fullname=key,
                         metadata=metadata,
                         application=desired_abstract_status_board_map[
-                            f"{product}/{app}"
+                            f"{product_name}/{app}"
                         ],
                     )
 
@@ -382,7 +377,6 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
     def get_diff(
         desired_abstract_status_board_map: Mapping[str, AbstractStatusBoard],
         current_abstract_status_board_map: Mapping[str, AbstractStatusBoard],
-        current_products: Mapping[str, Product],
     ) -> list[StatusBoardHandler]:
         return_list: list[StatusBoardHandler] = []
 
@@ -391,6 +385,9 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
             desired_abstract_status_board_map,
         )
 
+        for pair in chain(diff_result.identical.values(), diff_result.change.values()):
+            pair.desired.id = pair.current.id
+
         return_list.extend(
             StatusBoardHandler(action=Action.create, status_board_object=o)
             for o in diff_result.add.values()
@@ -460,14 +457,9 @@ class StatusBoardExporterIntegration(QontractReconcileIntegration):
             current_abstract_status_board_map = self.current_abstract_status_board_map(
                 current_products_applications_services
             )
-
-            current_products = {
-                p.name: p for p in current_products_applications_services
-            }
             diff = self.get_diff(
                 desired_abstract_status_board_map,
                 current_abstract_status_board_map,
-                current_products,
             )
 
             self.apply_diff(dry_run, ocm_api, diff)

reconcile/utils/ocm/ocm.py

@@ -337,62 +337,6 @@ class OCM:  # pylint: disable=too-many-public-methods
             aws_infrastructure_access_role_grant_id = rg["id"]
             self._delete(f"{api}/{aws_infrastructure_access_role_grant_id}")
 
-    def get_github_idp_teams(self, cluster):
-        """Returns a list of details of GitHub IDP providers
-
-        :param cluster: cluster name
-
-        :type cluster: string
-        """
-        result_idps = []
-        cluster_id = self.cluster_ids.get(cluster)
-        if not cluster_id:
-            return result_idps
-        api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/identity_providers"
-        idps = self._get_json(api).get("items")
-        if not idps:
-            return result_idps
-
-        for idp in idps:
-            if idp["type"] != "GithubIdentityProvider":
-                continue
-            idp_name = idp["name"]
-            idp_github = idp["github"]
-
-            item = {
-                "id": idp["id"],
-                "cluster": cluster,
-                "name": idp_name,
-                "client_id": idp_github["client_id"],
-                "teams": idp_github.get("teams"),
-            }
-            result_idps.append(item)
-        return result_idps
-
-    def create_github_idp_teams(self, spec):
-        """Creates a new GitHub IDP
-
-        :param cluster: cluster name
-        :param spec: required information for idp creation
-
-        :type cluster: string
-        :type spec: dictionary
-        """
-        cluster = spec["cluster"]
-        cluster_id = self.cluster_ids[cluster]
-        api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/identity_providers"
-        payload = {
-            "type": "GithubIdentityProvider",
-            "mapping_method": "add",
-            "name": spec["name"],
-            "github": {
-                "client_id": spec["client_id"],
-                "client_secret": spec["client_secret"],
-                "teams": spec["teams"],
-            },
-        }
-        self._post(api, payload)
-
     def get_kubeconfig(self, cluster: str) -> str | None:
         """Returns the cluster credentials (kubeconfig)
 

reconcile/ocm_github_idp.py

@@ -1,117 +0,0 @@
-import logging
-import sys
-from collections.abc import Mapping
-from typing import Any
-
-from reconcile import queries
-from reconcile.status import ExitCodes
-from reconcile.utils.disabled_integrations import integration_is_enabled
-from reconcile.utils.ocm import OCMMap
-from reconcile.utils.secret_reader import SecretReader
-
-QONTRACT_INTEGRATION = "ocm-github-idp"
-
-
-def fetch_current_state(clusters, settings):
-    current_state = []
-    ocm_map = OCMMap(
-        clusters=clusters, integration=QONTRACT_INTEGRATION, settings=settings
-    )
-
-    for cluster_info in clusters:
-        cluster = cluster_info["name"]
-        ocm = ocm_map.get(cluster)
-        idps = ocm.get_github_idp_teams(cluster)
-        current_state.extend(idps)
-
-    return ocm_map, current_state
-
-
-def fetch_desired_state(clusters, vault_input_path, settings):
-    desired_state = []
-    error = False
-    secret_reader = SecretReader(settings=settings)
-    for cluster_info in clusters:
-        cluster = cluster_info["name"]
-        for auth in cluster_info["auth"]:
-            if auth["service"] != "github-org-team":
-                continue
-
-            org = auth["org"]
-            team = auth["team"]
-            secret = {
-                "path": f"{vault_input_path}/{QONTRACT_INTEGRATION}/{auth['service']}/{org}/{team}"
-            }
-            try:
-                oauth_data = secret_reader.read_all(secret)
-                client_id = oauth_data["client-id"]
-                client_secret = oauth_data["client-secret"]
-            except Exception:
-                logging.error(f"unable to read secret in path {secret['path']}")
-                error = True
-                continue
-            item = {
-                "cluster": cluster,
-                "name": f"github-{org}",
-                "client_id": client_id,
-                "client_secret": client_secret,
-                "teams": [f"{org}/{team}"],
-            }
-            desired_state.append(item)
-
-    return desired_state, error
-
-
-def sanitize(state):
-    return {k: v for k, v in state.items() if k not in {"client_secret", "id"}}
-
-
-def act(dry_run, ocm_map, current_state, desired_state):
-    sanitized_current_state = [sanitize(d) for d in current_state]
-    sanitized_desired_state = [sanitize(d) for d in desired_state]
-    to_add = [d for d in desired_state if sanitize(d) not in sanitized_current_state]
-    for item in to_add:
-        cluster = item["cluster"]
-        idp_name = item["name"]
-        team = item["teams"][0]
-        logging.info(["create_github_idp", cluster, idp_name, team])
-
-        if not dry_run:
-            ocm = ocm_map.get(cluster)
-            ocm.create_github_idp_teams(item)
-
-    to_remove = [d for d in current_state if sanitize(d) not in sanitized_desired_state]
-    for item in to_remove:
-        cluster = item["cluster"]
-        idp_name = item["name"]
-        team = item["teams"][0]
-        logging.info(["remove_github_idp", cluster, idp_name, team])
-
-        if not dry_run:
-            ocm = ocm_map.get(cluster)
-            ocm.delete_idp(cluster, item["id"])
-
-
-def _cluster_is_compatible(cluster: Mapping[str, Any]) -> bool:
-    return cluster.get("ocm") is not None and cluster.get("auth") is not None
-
-
-def run(dry_run, vault_input_path=""):
-    if not vault_input_path:
-        logging.error("must supply vault input path")
-        sys.exit(1)
-    settings = queries.get_app_interface_settings()
-    clusters = [
-        c
-        for c in queries.get_clusters()
-        if integration_is_enabled(QONTRACT_INTEGRATION, c) and _cluster_is_compatible(c)
-    ]
-    if not clusters:
-        logging.debug("No github-idp definitions found in app-interface")
-        sys.exit(ExitCodes.SUCCESS)
-
-    ocm_map, current_state = fetch_current_state(clusters, settings)
-    desired_state, error = fetch_desired_state(clusters, vault_input_path, settings)
-    if error:
-        sys.exit(1)
-    act(dry_run, ocm_map, current_state, desired_state)