qontract-reconcile 0.10.2.dev258__py3-none-any.whl → 0.10.2.dev260__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: qontract-reconcile
3
- Version: 0.10.2.dev258
3
+ Version: 0.10.2.dev260
4
4
  Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
5
5
  Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
6
6
  Project-URL: repository, https://github.com/app-sre/qontract-reconcile
@@ -15,7 +15,7 @@ reconcile/dashdotdb_base.py,sha256=83ZWIf5JJk3P_D69y2TmXRcQr6ELJGlv10OM0h7fJVs,4
15
15
  reconcile/dashdotdb_dora.py,sha256=UI83R8VsrX3vd2ocBakQDKPNE5Ym2a8pnAGUhfkDeR0,17771
16
16
  reconcile/dashdotdb_dvo.py,sha256=lCkZ0iby6HrNQb-3kYb6xrt8wCjVUZYxKzz9SiStfHU,8946
17
17
  reconcile/dashdotdb_slo.py,sha256=TvKdMOtUZcZP9QydcUJMKh0zURHgOMN_RTpQpCkD1Z8,3960
18
- reconcile/database_access_manager.py,sha256=HZQdrZ1b-cj0fTKgRZYDJ7HU9rrd35pPkPZufkdRaG0,25581
18
+ reconcile/database_access_manager.py,sha256=TOqJl46J98stl99iP_t-oXtsuWuBcvh7k0zVqPxfxv4,25700
19
19
  reconcile/deadmanssnitch.py,sha256=n-5W-djUgwzpmdDM4eQIZpkkDmHY0vndt-42LJXI4Y8,7491
20
20
  reconcile/email_sender.py,sha256=38Wvl6WHqCwlqLx4oxVJOIeDmoJsyitD3g1F4jTkAj8,4246
21
21
  reconcile/gabi_authorized_users.py,sha256=w0MSAqZnROzuf0_SZYRI9NU6RMxQnWquedGVl6oPC68,4842
@@ -88,7 +88,7 @@ reconcile/quay_mirror.py,sha256=PBooiA0ShZpWYfO6oeKFqYYT6Syi7Q8JJD9kj0wRRLg,1403
88
88
  reconcile/quay_mirror_org.py,sha256=I-tEqRHLL6uFqbSi7qCfPuDNoae7EAI2U68NbDOhmv8,10809
89
89
  reconcile/quay_permissions.py,sha256=9KOutS1w4RFQqkvMSy54VtsKNx56-phzP6yI_rEW-B8,4244
90
90
  reconcile/quay_repos.py,sha256=cuEYG0HUe0ut5yvLdEwOF5-CmccpXQHRb_wDazvDrvQ,6895
91
- reconcile/queries.py,sha256=PRlDXp-ViYjky3k4-Cvf6FptraOpzVpsZUluUEJW7II,49886
91
+ reconcile/queries.py,sha256=aaffpfMIlmHy73CUxos--NnUsTR5ms3VPeaUY3dnvIs,49879
92
92
  reconcile/query_validator.py,sha256=MSh5pKLBksws4AqfuvT8nrIGucIbqX-IOzYyPYTLO7k,1491
93
93
  reconcile/requests_sender.py,sha256=914iluuF4UVgG3VyxxtnHOu4yf6YKS2fIy6PViSsFTQ,3875
94
94
  reconcile/resource_scraper.py,sha256=znXCHrU7YwPfKuxGBiUrV7T1tYtn4vlz9qmZlfy6Flg,2307
@@ -100,7 +100,7 @@ reconcile/service_dependencies.py,sha256=G2qCuYFc8wQLpRxkdhmibxSAl3nUM3hcan4x50W
100
100
  reconcile/signalfx_endpoint_monitoring.py,sha256=Nqgsg1cflSd2nNnm89y_e8c--7xLUqTrKOHkDs-qADE,2868
101
101
  reconcile/slack_base.py,sha256=I-msunWxfgu5bSwXYulGbtLjxUB_tRmTCAUCU-3nabI,3484
102
102
  reconcile/slack_usergroups.py,sha256=3uQVZK0WeZfvE1g7xQwciKCcC3LifDa3NuE1ygQ0cRk,30174
103
- reconcile/sql_query.py,sha256=auZCWe6dytsDp83Imfo4zqkpMCLRXU007IUlPeUE3j4,26376
103
+ reconcile/sql_query.py,sha256=FVwANLPWjkUHqN2OXJ-vnX5hqqcO6rTdyLEO4HkmAgM,26397
104
104
  reconcile/status.py,sha256=cY4IJFXemhxptRJqR4qaaOWqei9e4jgLXuVSGajMsjg,544
105
105
  reconcile/status_board.py,sha256=0vTQzxrFPTmJtzNOC-iaJG_BmXbDe2vgBUe0LMUyfDE,15313
106
106
  reconcile/terraform_aws_route53.py,sha256=dQzzT46YhwRA902_H6pi-f7WlX4EaH187wXSdmJAUkQ,9958
@@ -213,7 +213,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=d3PMy-mQSbSZdIGAVaZCA2U
213
213
  reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
214
214
  reconcile/glitchtip_project_dsn/integration.py,sha256=2iugub-kHYkHNK33n0v9_TeWonuxCPah_VkoTPvaajE,8077
215
215
  reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
216
- reconcile/gql_definitions/introspection.json,sha256=_PKgzpmgWQJ8HF4irKjyxjOTXdw4YRgytoZQWJfigao,2346322
216
+ reconcile/gql_definitions/introspection.json,sha256=3-WcCYBV8GP1OH1_NLgu9yyXNSNZDJ5_1dZIiTCWhwM,2346833
217
217
  reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
218
218
  reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
219
219
  reconcile/gql_definitions/acs/acs_policies.py,sha256=Ygpfl2-VkYLSlJvHgp_dJBfb66K_Rwfdfpsa18w1v1s,4338
@@ -797,7 +797,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
797
797
  tools/saas_promotion_state/saas_promotion_state.py,sha256=oF7C4hpIgyMTwTRm3Aun3cDCHIjVar65JoLp6NcJHlU,3909
798
798
  tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
799
799
  tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
800
- qontract_reconcile-0.10.2.dev258.dist-info/METADATA,sha256=UC6zLDyB42JRp2BvSXJZxOKr6zcWg_3x9yW7Tfmfzxk,23827
801
- qontract_reconcile-0.10.2.dev258.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
802
- qontract_reconcile-0.10.2.dev258.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
803
- qontract_reconcile-0.10.2.dev258.dist-info/RECORD,,
800
+ qontract_reconcile-0.10.2.dev260.dist-info/METADATA,sha256=6cfFbvQPSnVWrRXsxLdQLiQc_ZvulzFgB9qX9GILh_E,23827
801
+ qontract_reconcile-0.10.2.dev260.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
802
+ qontract_reconcile-0.10.2.dev260.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
803
+ qontract_reconcile-0.10.2.dev260.dist-info/RECORD,,
@@ -13,6 +13,7 @@ from typing import (
13
13
  )
14
14
 
15
15
  from pydantic import BaseModel
16
+ from sretoolbox.container.image import Image
16
17
 
17
18
  from reconcile import openshift_base, queries
18
19
  from reconcile import openshift_resources_base as orb
@@ -52,7 +53,6 @@ QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
52
53
  SUPPORTED_ENGINES = ["postgres"]
53
54
 
54
55
  JOB_DEADLINE_IN_SECONDS = 60
55
- JOB_PSQL_ENGINE_VERSION = "15.4-alpine"
56
56
 
57
57
 
58
58
  def get_database_access_namespaces(
@@ -227,9 +227,8 @@ def get_db_engine(resource: NamespaceTerraformResourceRDSV1) -> str:
227
227
 
228
228
  class JobData(BaseModel):
229
229
  engine: str
230
- engine_version: str
231
230
  name_suffix: str
232
- image_repository: str
231
+ image: str
233
232
  service_account_name: str
234
233
  rds_admin_secret_name: str
235
234
  script_secret_name: str
@@ -239,8 +238,11 @@ class JobData(BaseModel):
239
238
  def get_job_spec(job_data: JobData) -> OpenshiftResource:
240
239
  job_name = f"dbam-{job_data.name_suffix}"
241
240
 
241
+ image_tag = Image(job_data.image).tag
242
+ image_pull_policy = "Always" if image_tag == "latest" else "IfNotPresent"
243
+
242
244
  if job_data.engine == "postgres":
243
- command = "/usr/local/bin/psql"
245
+ command = "/usr/bin/psql"
244
246
 
245
247
  job = {
246
248
  "apiVersion": "batch/v1",
@@ -269,7 +271,8 @@ def get_job_spec(job_data: JobData) -> OpenshiftResource:
269
271
  "containers": [
270
272
  {
271
273
  "name": job_name,
272
- "image": f"{job_data.image_repository}/{job_data.engine}:{job_data.engine_version}",
274
+ "image": f"{job_data.image}",
275
+ "imagePullPolicy": image_pull_policy,
273
276
  "command": [
274
277
  command,
275
278
  ],
@@ -415,7 +418,7 @@ class JobStatus(BaseModel):
415
418
  def _populate_resources(
416
419
  db_access: DatabaseAccessV1,
417
420
  engine: str,
418
- image_repository: str,
421
+ job_image: str,
419
422
  pull_secret: dict[Any, Any],
420
423
  admin_secret_name: str,
421
424
  resource_prefix: str,
@@ -479,9 +482,8 @@ def _populate_resources(
479
482
  resource=get_job_spec(
480
483
  JobData(
481
484
  engine=engine,
482
- engine_version=JOB_PSQL_ENGINE_VERSION,
483
485
  name_suffix=db_access.name,
484
- image_repository=image_repository,
486
+ image=job_image,
485
487
  service_account_name=resource_prefix,
486
488
  rds_admin_secret_name=admin_secret_name,
487
489
  script_secret_name=script_secret_name,
@@ -620,10 +622,15 @@ def _process_db_access(
620
622
  if not sql_query_settings:
621
623
  raise KeyError("sqlQuery settings are required")
622
624
 
625
+ job_image = (
626
+ sql_query_settings.get("jobImage")
627
+ or "quay.io/app-sre/debug-container:latest"
628
+ )
629
+
623
630
  managed_resources = _populate_resources(
624
631
  db_access,
625
632
  engine,
626
- sql_query_settings["imageRepository"],
633
+ job_image,
627
634
  sql_query_settings["pullSecret"],
628
635
  admin_secret_name,
629
636
  resource_prefix,
@@ -25826,6 +25826,18 @@
25826
25826
  "isDeprecated": false,
25827
25827
  "deprecationReason": null
25828
25828
  },
25829
+ {
25830
+ "name": "jobImage",
25831
+ "description": null,
25832
+ "args": [],
25833
+ "type": {
25834
+ "kind": "SCALAR",
25835
+ "name": "String",
25836
+ "ofType": null
25837
+ },
25838
+ "isDeprecated": false,
25839
+ "deprecationReason": null
25840
+ },
25829
25841
  {
25830
25842
  "name": "pullSecret",
25831
25843
  "description": null,
reconcile/queries.py CHANGED
@@ -87,7 +87,7 @@ APP_INTERFACE_SETTINGS_QUERY = """
87
87
  }
88
88
  }
89
89
  sqlQuery {
90
- imageRepository
90
+ jobImage
91
91
  pullSecret {
92
92
  path
93
93
  version
reconcile/sql_query.py CHANGED
@@ -11,6 +11,7 @@ from textwrap import indent
11
11
  from typing import Any
12
12
 
13
13
  import jinja2
14
+ from sretoolbox.container.image import Image
14
15
 
15
16
  from reconcile import (
16
17
  openshift_base,
@@ -81,35 +82,36 @@ spec:
81
82
  metadata:
82
83
  name: {{ JOB_NAME }}
83
84
  spec:
84
- {% if PULL_SECRET is not none %}
85
+ {%- if PULL_SECRET is not none %}
85
86
  imagePullSecrets:
86
87
  - name: {{ PULL_SECRET }}
87
- {% endif %}
88
+ {%- endif %}
88
89
  restartPolicy: Never
89
90
  serviceAccountName: {{ SVC_NAME }}
90
91
  containers:
91
92
  - name: {{ JOB_NAME }}
92
- image: {{ IMAGE_REPOSITORY }}/{{ ENGINE }}:{{ENGINE_VERSION}}
93
+ image: {{ JOB_IMAGE }}
94
+ imagePullPolicy: {{ JOB_IMAGE_PULL_POLICY }}
93
95
  command:
94
96
  - /bin/bash
95
97
  args:
96
98
  - '-c'
97
99
  - '{{ COMMAND }}'
98
100
  env:
99
- {% for key, value in DB_CONN.items() %}
100
- {% if value is none %}
101
+ {%- for key, value in DB_CONN.items() %}
102
+ {%- if value is none %}
101
103
  # When value is not provided, we get it from the secret
102
104
  - name: {{ key }}
103
105
  valueFrom:
104
106
  secretKeyRef:
105
107
  name: {{ SECRET_NAME }}
106
108
  key: {{ key }}
107
- {% else %}
109
+ {%- else %}
108
110
  # When value is provided, we get just use it
109
111
  - name: {{ key }}
110
112
  value: {{ value }}
111
- {% endif %}
112
- {% endfor %}
113
+ {%- endif %}
114
+ {%- endfor %}
113
115
  resources:
114
116
  requests:
115
117
  memory: "{{ REQUESTS_MEM }}"
@@ -125,10 +127,10 @@ spec:
125
127
  - name: configs
126
128
  projected:
127
129
  sources:
128
- {% for cm in CONFIG_MAPS %}
130
+ {%- for cm in CONFIG_MAPS %}
129
131
  - configMap:
130
132
  name: {{ cm }}
131
- {% endfor %}
133
+ {%- endfor %}
132
134
  """
133
135
 
134
136
 
@@ -187,7 +189,6 @@ def get_tf_resource_info(
187
189
  "cluster": spec.cluster_name,
188
190
  "output_resource_name": spec.output_resource_name,
189
191
  "engine": values.get("engine", "postgres"),
190
- "engine_version": values.get("engine_version", "latest"),
191
192
  }
192
193
  return None
193
194
 
@@ -412,7 +413,7 @@ def encrypted_closing_message(recipient: str) -> list[str]:
412
413
 
413
414
  def process_template(
414
415
  query: dict[str, Any],
415
- image_repository: str,
416
+ job_image: str,
416
417
  use_pull_secret: bool,
417
418
  config_map_names: list[str],
418
419
  service_account_name: str,
@@ -422,7 +423,7 @@ def process_template(
422
423
 
423
424
  :param query: the query dictionary containing the parameters
424
425
  to be used in the Template
425
- :param image_repository: docker image repo url
426
+ :param job_image: docker image repo url
426
427
  :param use_pull_secret: add imagePullSecrets to Job
427
428
  :param config_map_names: ConfigMap names to mount in Job
428
429
 
@@ -451,16 +452,18 @@ def process_template(
451
452
  command += engine_cmd_map[engine](sqlqueries_file="/tmp/queries")
452
453
  command += make_output_cmd(output=output, recipient=query.get("recipient", ""))
453
454
 
455
+ job_image_tag = Image(job_image).tag
456
+ job_image_pull_policy = "Always" if job_image_tag == "latest" else "IfNotPresent"
457
+
454
458
  template_to_render = JOB_TEMPLATE
455
459
  render_kwargs = {
456
460
  "JOB_NAME": query["name"],
457
461
  "CONFIG_MAPS_MOUNT_PATH": CONFIG_MAPS_MOUNT_PATH,
458
462
  "QUERY_NAME": query["name"],
459
463
  "QONTRACT_INTEGRATION": QONTRACT_INTEGRATION,
460
- "IMAGE_REPOSITORY": image_repository,
464
+ "JOB_IMAGE": job_image,
465
+ "JOB_IMAGE_PULL_POLICY": job_image_pull_policy,
461
466
  "SECRET_NAME": query["output_resource_name"],
462
- "ENGINE": engine,
463
- "ENGINE_VERSION": query["engine_version"],
464
467
  "DB_CONN": query["db_conn"],
465
468
  "CONFIG_MAPS": config_map_names,
466
469
  "COMMAND": command,
@@ -588,7 +591,7 @@ def _build_common_resource_labels(query: dict[str, Any]) -> dict[str, str]:
588
591
 
589
592
  def _build_openshift_resources(
590
593
  query: dict[str, Any],
591
- image_repository: str,
594
+ job_image: str,
592
595
  pull_secret: dict[str, Any] | None,
593
596
  secret_reader: SecretReaderBase,
594
597
  ) -> list[OpenshiftResource]:
@@ -649,7 +652,7 @@ def _build_openshift_resources(
649
652
  # Job (sql executer)
650
653
  job_yaml = process_template(
651
654
  query,
652
- image_repository=image_repository,
655
+ job_image=job_image,
653
656
  use_pull_secret=bool(pull_secret),
654
657
  config_map_names=[cm["metadata"]["name"] for cm in config_map_resources],
655
658
  service_account_name=svc["metadata"]["name"],
@@ -702,14 +705,14 @@ def _initialize_resource_types(
702
705
 
703
706
  def _reconstruct_for_metrics(
704
707
  query: dict[str, Any],
705
- image_repository: str,
708
+ job_image: str,
706
709
  pull_secret: dict[str, Any] | None,
707
710
  ri: ResourceInventory,
708
711
  secret_reader: SecretReaderBase,
709
712
  ) -> None:
710
713
  openshift_resources = _build_openshift_resources(
711
714
  query,
712
- image_repository,
715
+ job_image,
713
716
  pull_secret,
714
717
  secret_reader,
715
718
  )
@@ -767,7 +770,7 @@ def _process_existing_query(
767
770
  enable_deletion: bool,
768
771
  settings: dict[str, Any],
769
772
  state: State,
770
- image_repository: str,
773
+ job_image: str,
771
774
  pull_secret: dict[str, Any],
772
775
  ri: ResourceInventory,
773
776
  secret_reader: SecretReaderBase,
@@ -776,7 +779,7 @@ def _process_existing_query(
776
779
  case QueryStatus.ACTIVE:
777
780
  _reconstruct_for_metrics(
778
781
  query,
779
- image_repository,
782
+ job_image,
780
783
  pull_secret,
781
784
  ri,
782
785
  secret_reader,
@@ -803,13 +806,13 @@ def _process_new_query(
803
806
  dry_run: bool,
804
807
  settings: dict[str, Any],
805
808
  state: State,
806
- image_repository: str,
809
+ job_image: str,
807
810
  pull_secret: dict[str, Any],
808
811
  ri: ResourceInventory,
809
812
  secret_reader: SecretReaderBase,
810
813
  ) -> None:
811
814
  openshift_resources = _build_openshift_resources(
812
- query, image_repository, pull_secret, secret_reader
815
+ query, job_image, pull_secret, secret_reader
813
816
  )
814
817
 
815
818
  cluster = query["cluster"]
@@ -855,12 +858,12 @@ def run(
855
858
  mail_address=smtp_settings.mail_address,
856
859
  timeout=smtp_settings.timeout or DEFAULT_SMTP_TIMEOUT,
857
860
  )
858
- image_repository = "quay.io/app-sre"
861
+ job_image = "quay.io/app-sre/debug-container:latest"
859
862
 
860
863
  sql_query_settings = settings.get("sqlQuery")
861
864
  pull_secret: dict[str, Any] = {}
862
865
  if sql_query_settings:
863
- image_repository = sql_query_settings["imageRepository"]
866
+ job_image = sql_query_settings.get("jobImage") or job_image
864
867
  pull_secret = sql_query_settings["pullSecret"]
865
868
 
866
869
  queries_list = collect_queries(secret_reader=secret_reader, smtp_client=smtp_client)
@@ -874,7 +877,7 @@ def run(
874
877
  enable_deletion,
875
878
  settings,
876
879
  state,
877
- image_repository,
880
+ job_image,
878
881
  pull_secret,
879
882
  ri,
880
883
  secret_reader,
@@ -885,7 +888,7 @@ def run(
885
888
  dry_run,
886
889
  settings,
887
890
  state,
888
- image_repository,
891
+ job_image,
889
892
  pull_secret,
890
893
  ri,
891
894
  secret_reader,