qontract-reconcile 0.10.2.dev303__py3-none-any.whl → 0.10.2.dev314__py3-none-any.whl

reconcile/terraform_vpc_resources/integration.py

@@ -31,7 +31,11 @@ from reconcile.utils.runtime.integration import (
 from reconcile.utils.secret_reader import create_secret_reader
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.terraform_client import TerraformClient
-from reconcile.utils.terrascript_aws_client import TerrascriptClient
+from reconcile.utils.terrascript_aws_client import (
+    VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS,
+    VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS,
+    TerrascriptClient,
+)
 from reconcile.utils.vcs import VCS
 
 QONTRACT_INTEGRATION = "terraform_vpc_resources"
@@ -90,14 +94,28 @@ class TerraformVpcResources(QontractReconcileIntegration[TerraformVpcResourcesPa
                 f"{request.identifier}-public_subnets", {}
             ).get("value", [])
 
+            if request.subnets:
+                private_subnet_tags = VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS | (
+                    request.subnets.private_subnet_tags or {}
+                )
+                public_subnet_tags = VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS | (
+                    request.subnets.public_subnet_tags or {}
+                )
+            else:
+                private_subnet_tags = VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS
+                public_subnet_tags = VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS
+
             values = {
                 "static": {
                     "vpc_id": outputs_per_account.get(
                         f"{request.identifier}-vpc_id", {}
                     ).get("value"),
+                    "vpc_tags": request.vpc_tags or {},
                     "subnets": {
                         "private": private_subnets,
                         "public": public_subnets,
+                        "private_subnet_tags": private_subnet_tags,
+                        "public_subnet_tags": public_subnet_tags,
                     },
                     "account_name": request.account.name,
                     "region": request.region,

reconcile/typed_queries/status_board.py

@@ -9,10 +9,6 @@ from reconcile.gql_definitions.status_board.status_board import (
     query,
 )
 from reconcile.utils import gql
-from reconcile.utils.ocm.status_board import (
-    METADATA_MANAGED_BY_KEY,
-    METADATA_MANAGED_BY_VALUE,
-)
 
 
 def get_status_board(
@@ -23,11 +19,11 @@ def get_status_board(
     return query(query_func).status_board_v1 or []
 
 
-def get_selected_app_data(
+def get_selected_app_names(
     global_selectors: Iterable[str],
     product: StatusBoardProductV1,
-) -> dict[str, dict[str, dict[str, set[str]]]]:
-    selected_app_data: dict[str, dict[str, dict[str, Any]]] = {}
+) -> set[str]:
+    selected_app_names: set[str] = set()
 
     apps: dict[str, Any] = {"apps": []}
     for namespace in product.product_environment.namespaces or []:
@@ -35,45 +31,15 @@ def get_selected_app_data(
         if namespace.app.parent_app:
             prefix = f"{namespace.app.parent_app.name}-"
         name = f"{prefix}{namespace.app.name}"
-
-        deployment_saas_files = set()
-        if namespace.app.saas_files:
-            deployment_saas_files = {
-                saas_file.name
-                for saas_file in namespace.app.saas_files
-                if "Deployment" in saas_file.managed_resource_types
-                or "ClowdApp" in saas_file.managed_resource_types
-            }
-
-        selected_app_data[name] = {
-            "metadata": {
-                METADATA_MANAGED_BY_KEY: METADATA_MANAGED_BY_VALUE,
-                "deploymentSaasFiles": set(deployment_saas_files),
-            },
-        }
-
+        selected_app_names.add(name)
         app = namespace.app.dict(by_alias=True)
         app["name"] = name
         apps["apps"].append(app)
 
         for child in namespace.app.children_apps or []:
             name = f"{namespace.app.name}-{child.name}"
-            if name not in selected_app_data:
-                deployment_saas_files = set()
-                if child.saas_files:
-                    deployment_saas_files = {
-                        saas_file.name
-                        for saas_file in child.saas_files
-                        if "Deployment" in saas_file.managed_resource_types
-                    }
-
-                selected_app_data[name] = {
-                    "metadata": {
-                        METADATA_MANAGED_BY_KEY: METADATA_MANAGED_BY_VALUE,
-                        "deploymentSaasFiles": set(deployment_saas_files),
-                    },
-                }
-
+            if name not in selected_app_names:
+                selected_app_names.add(f"{namespace.app.name}-{child.name}")
                 child_dict = child.dict(by_alias=True)
                 child_dict["name"] = name
                 apps["apps"].append(child_dict)
@@ -86,7 +52,6 @@ def get_selected_app_data(
         apps_to_remove: set[str] = set()
         results = parser.parse(selector).find(apps)
         apps_to_remove.update(match.value["name"] for match in results)
-        for app_name in apps_to_remove:
-            selected_app_data.pop(app_name, None)
+        selected_app_names -= apps_to_remove
 
-    return selected_app_data
+    return selected_app_names

reconcile/utils/ocm/base.py

@@ -215,6 +215,10 @@ class OCMExternalConfiguration(BaseModel):
     syncsets: dict
 
 
+class OCMExternalAuthConfig(BaseModel):
+    enabled: bool
+
+
 PRODUCT_ID_OSD = "osd"
 PRODUCT_ID_ROSA = "rosa"
 
@@ -274,6 +278,8 @@ class OCMCluster(BaseModel):
 
     external_configuration: OCMExternalConfiguration | None
 
+    external_auth_config: OCMExternalAuthConfig | None
+
     def minor_version(self) -> str:
         version_info = parse_semver(self.version.raw_id)
         return f"{version_info.major}.{version_info.minor}"
@@ -315,6 +321,10 @@ class OCMCluster(BaseModel):
     def base_domain(self) -> str | None:
         return self.dns.base_domain if self.dns else None
 
+    @property
+    def external_auth_enabled(self) -> bool:
+        return self.external_auth_config.enabled if self.external_auth_config else False
+
 
 class OCMLabel(BaseModel):
     """

reconcile/utils/ocm/status_board.py

@@ -21,7 +21,6 @@ class IDSpec(TypedDict):
 
 
 class ApplicationOCMSpec(BaseOCMSpec):
-    metadata: dict[str, Any]
     product: IDSpec
 
 
@@ -118,18 +117,6 @@ def create_service(ocm_api: OCMBaseClient, spec: ServiceOCMSpec) -> str:
     return resp["id"]
 
 
-def update_application(
-    ocm_api: OCMBaseClient,
-    application_id: str,
-    spec: ApplicationOCMSpec,
-) -> None:
-    data = spec | {
-        "metadata": spec.get("metadata", {})
-        | {METADATA_MANAGED_BY_KEY: METADATA_MANAGED_BY_VALUE}
-    }
-    ocm_api.patch(f"/api/status-board/v1/applications/{application_id}", data=data)
-
-
 def update_service(
     ocm_api: OCMBaseClient,
     service_id: str,

reconcile/utils/openssl.py

@@ -1,12 +1,12 @@
 from OpenSSL import crypto
 
 
-def certificate_matches_host(certificate, host):
+def certificate_matches_host(certificate: bytes, host: str) -> bool:
     common_name = get_certificate_common_name(certificate)
     return host.endswith(common_name.replace("*.", ""))
 
 
-def get_certificate_common_name(certificate):
+def get_certificate_common_name(certificate: bytes) -> str:
     cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
     subject = cert.get_subject()
     return subject.CN

reconcile/utils/repo_owners.py

@@ -1,9 +1,13 @@
 import logging
 import os
 import pathlib
+from collections.abc import Iterable, Mapping
 
 from ruamel import yaml
 
+from reconcile.utils.github_api import GithubRepositoryApi
+from reconcile.utils.gitlab_api import GitLabApi
+
 _LOG = logging.getLogger(__name__)
 
 
@@ -12,38 +16,24 @@ class RepoOwners:
     Abstracts the owners of a repository with per-path granularity.
     """
 
-    def __init__(self, git_cli, ref="master", recursive=True):
+    def __init__(
+        self,
+        git_cli: GitLabApi | GithubRepositoryApi,
+        ref: str = "master",
+        recursive: bool = True,
+    ) -> None:
         self._git_cli = git_cli
         self._ref = ref
-        self._owners_map = None
+        self._owners_map: dict[str, dict[str, set[str]]] | None = None
         self._recursive = recursive
 
     @property
-    def owners_map(self):
+    def owners_map(self) -> dict[str, dict[str, set[str]]]:
         if self._owners_map is None:
             self._owners_map = self._get_owners_map()
         return self._owners_map
 
-    def get_owners(self):
-        """
-        Gets all the owners of the repository.
-
-        :return: the repository owners
-        :rtype: dict
-        """
-        repo_owners = {"approvers": set(), "reviewers": set()}
-
-        if "." in self.owners_map:
-            repo_owners["approvers"].update(self.owners_map["."]["approvers"])
-            repo_owners["reviewers"].update(self.owners_map["."]["reviewers"])
-
-        for owners in self.owners_map.values():
-            repo_owners["approvers"].update(owners["approvers"])
-            repo_owners["reviewers"].update(owners["reviewers"])
-
-        return repo_owners
-
-    def get_root_owners(self):
+    def get_root_owners(self) -> dict[str, list[str]]:
         """
         Gets all the owners defined in the repository root.
 
@@ -56,7 +46,7 @@ class RepoOwners:
 
         return {"approvers": [], "reviewers": []}
 
-    def get_path_owners(self, path):
+    def get_path_owners(self, path: str) -> dict[str, list[str]]:
         """
         Gets all the owners of a given path, no matter in which
         level of the filesystem tree the owner was specified.
@@ -67,7 +57,7 @@ class RepoOwners:
         :return: the path owners
         :rtype: dict
         """
-        path_owners = {"approvers": set(), "reviewers": set()}
+        path_owners: dict[str, set[str]] = {"approvers": set(), "reviewers": set()}
 
         if "." in self.owners_map:
             path_owners["approvers"].update(self.owners_map["."]["approvers"])
@@ -80,7 +70,7 @@ class RepoOwners:
 
         return self._set_to_sorted_list(path_owners)
 
-    def get_path_closest_owners(self, path):
+    def get_path_closest_owners(self, path: str) -> dict[str, list[str]]:
         """
         Gets all closest owners of a given path, no matter in which
         level of the filesystem tree the owner was specified.
@@ -108,7 +98,7 @@ class RepoOwners:
 
         return {"approvers": [], "reviewers": []}
 
-    def _get_owners_map(self):
+    def _get_owners_map(self) -> dict[str, dict[str, set[str]]]:
         """
         Maps all the OWNERS files content to their respective
         owned directory.
@@ -173,7 +163,7 @@ class RepoOwners:
             }
         return owners_map
 
-    def _get_aliases(self):
+    def _get_aliases(self) -> dict[str, list[str]] | None:
         """
         Retrieves the approvers aliases from the OWNERS_ALIASES file.
 
@@ -191,7 +181,9 @@ class RepoOwners:
         return aliases["aliases"]
 
     @staticmethod
-    def _set_to_sorted_list(owners):
+    def _set_to_sorted_list(
+        owners: Mapping[str, Iterable[str]],
+    ) -> dict[str, list[str]]:
         approvers = owners["approvers"]
         sorted_approvers = sorted(approvers) if approvers else []
 

reconcile/utils/runtime/meta.py

@@ -1,5 +1,6 @@
 import dataclasses
 from dataclasses import dataclass
+from typing import Any
 
 
 @dataclass
@@ -8,5 +9,5 @@ class IntegrationMeta:
     args: list[str]
     short_help: str | None
 
-    def to_dict(self):
+    def to_dict(self) -> dict[str, Any]:
         return dataclasses.asdict(self)

reconcile/utils/sharding.py

@@ -8,7 +8,7 @@ SHARDS = int(os.environ.get("SHARDS", "1"))
 SHARD_ID = int(os.environ.get("SHARD_ID", "0"))
 
 
-def is_in_shard(value):
+def is_in_shard(value: str) -> bool:
     if SHARDS == 1:
         return True
 

reconcile/utils/sqs_gateway.py

@@ -1,5 +1,7 @@
 import json
 import os
+from collections.abc import Iterable, Mapping
+from typing import Any, Self
 
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.secret_reader import SecretReader
@@ -12,7 +14,9 @@ class SQSGatewayInitError(Exception):
 class SQSGateway:
     """Wrapper around SQS AWS SDK"""
 
-    def __init__(self, accounts, secret_reader: SecretReader):
+    def __init__(
+        self, accounts: Iterable[Mapping[str, Any]], secret_reader: SecretReader
+    ) -> None:
         queue_url = os.environ.get("gitlab_pr_submitter_queue_url")  # noqa: SIM112
         if not queue_url:
             raise SQSGatewayInitError(
@@ -30,17 +34,17 @@ class SQSGateway:
         self.sqs = self._aws_api.get_session_client(session, "sqs")
         self.queue_url = queue_url
 
-    def __enter__(self):
+    def __enter__(self) -> Self:
         return self
 
-    def __exit__(self, *ext):
+    def __exit__(self, *ext: Any) -> None:
         self.cleanup()
 
-    def cleanup(self):
+    def cleanup(self) -> None:
         self._aws_api.cleanup()
 
     @staticmethod
-    def get_queue_account(accounts, queue_url):
+    def get_queue_account(accounts: Iterable[Mapping[str, Any]], queue_url: str) -> str:
         queue_account_uid = queue_url.split("/")[3]
         queue_account_name = [
             a["name"] for a in accounts if a["uid"] == queue_account_uid
@@ -49,14 +53,14 @@ class SQSGateway:
             raise SQSGatewayInitError(f"account uid not found: {queue_account_uid}")
         return queue_account_name[0]
 
-    def send_message(self, body):
+    def send_message(self, body: Mapping[str, Any]) -> None:
         self.sqs.send_message(QueueUrl=self.queue_url, MessageBody=json.dumps(body))
 
     def receive_messages(
         self,
-        visibility_timeout=30,
-        wait_time_seconds=20,
-    ):
+        visibility_timeout: int = 30,
+        wait_time_seconds: int = 20,
+    ) -> list[tuple[str, dict[str, Any]]]:
         messages = self.sqs.receive_message(
             QueueUrl=self.queue_url,
             VisibilityTimeout=visibility_timeout,
@@ -64,5 +68,5 @@ class SQSGateway:
         ).get("Messages", [])
         return [(m["ReceiptHandle"], json.loads(m["Body"])) for m in messages]
 
-    def delete_message(self, receipt_handle):
+    def delete_message(self, receipt_handle: str) -> None:
         self.sqs.delete_message(QueueUrl=self.queue_url, ReceiptHandle=receipt_handle)

reconcile/utils/structs.py

@@ -5,12 +5,12 @@ from pydantic.dataclasses import dataclass
 class CommandExecutionResult:
     """This class represents a command execution result"""
 
-    def __init__(self, is_ok, message):
+    def __init__(self, is_ok: bool, message: str) -> None:
         self.is_ok = is_ok
         self.message = message
 
-    def __str__(self):
+    def __str__(self) -> str:
         return str(self.message)
 
-    def __bool__(self):
+    def __bool__(self) -> bool:
         return self.is_ok

reconcile/utils/terraform_client.py

@@ -5,8 +5,8 @@ import shutil
 import tempfile
 from collections import defaultdict
 from collections.abc import (
-    Generator,
     Iterable,
+    Iterator,
     Mapping,
 )
 from contextlib import contextmanager
@@ -86,8 +86,8 @@ class TerraformClient:
         working_dirs: Mapping[str, str],
         thread_pool_size: int,
         aws_api: AWSApi | None = None,
-        init_users=False,
-    ):
+        init_users: bool = False,
+    ) -> None:
         self.integration = integration
         self.integration_version = integration_version
         self.integration_prefix = integration_prefix
@@ -101,7 +101,7 @@ class TerraformClient:
 
         self.specs: list[TerraformSpec] = []
         self.init_specs()
-        self.outputs: dict = {}
+        self.outputs: dict[str, Any] = {}
         self.init_outputs()
 
         self.OUTPUT_TYPE_SECRETS = "Secrets"
@@ -112,19 +112,19 @@ class TerraformClient:
         if init_users:
             self.init_existing_users()
 
-    def init_existing_users(self):
+    def init_existing_users(self) -> None:
         self.users = {
             account: list(self.format_output(output, self.OUTPUT_TYPE_PASSWORDS).keys())
             for account, output in self.outputs.items()
         }
 
-    def increment_apply_count(self):
+    def increment_apply_count(self) -> None:
         self.apply_count += 1
 
     def should_apply(self) -> bool:
         return self.apply_count > 0
 
-    def get_new_users(self):
+    def get_new_users(self) -> list[tuple[str, Any, str, Any]]:
         new_users = []
         self.init_outputs()  # get updated output
         for account, output in self.outputs.items():
@@ -141,7 +141,7 @@ class TerraformClient:
                 ))
         return new_users
 
-    def init_specs(self):
+    def init_specs(self) -> None:
         self.specs = [
             TerraformSpec(name=name, working_dir=wd)
             for name, wd in self.working_dirs.items()
@@ -152,7 +152,7 @@ class TerraformClient:
     @contextmanager
     def _terraform_log_file(
         self, working_dir: str
-    ) -> Generator[tuple[IO, dict[str, str]], None, None]:
+    ) -> Iterator[tuple[IO[bytes], dict[str, str]]]:
         with tempfile.NamedTemporaryFile(dir=working_dir) as f:
             env = {
                 "TF_LOG": TERRAFORM_LOG_LEVEL,
@@ -161,7 +161,7 @@ class TerraformClient:
             yield f, env
 
     @retry(exceptions=TerraformCommandError)
-    def terraform_init(self, spec: TerraformSpec):
+    def terraform_init(self, spec: TerraformSpec) -> None:
         with self._terraform_log_file(spec.working_dir) as (f, env):
             return_code, stdout, stderr = lean_tf.init(spec.working_dir, env=env)
             log = f.read().decode("utf-8")
@@ -171,12 +171,12 @@ class TerraformClient:
                 return_code, "init", output=stdout, stderr=stderr
             )
 
-    def init_outputs(self):
+    def init_outputs(self) -> None:
         results = threaded.run(self.terraform_output, self.specs, self.thread_pool_size)
         self.outputs = dict(results)
 
     @retry(exceptions=TerraformCommandError)
-    def terraform_output(self, spec: TerraformSpec):
+    def terraform_output(self, spec: TerraformSpec) -> tuple[str, Any]:
         with self._terraform_log_file(spec.working_dir) as (f, env):
             return_code, stdout, stderr = lean_tf.output(spec.working_dir, env=env)
             log = f.read().decode("utf-8")
@@ -194,17 +194,17 @@ class TerraformClient:
         return spec.name, json.loads(stdout)
 
     # terraform plan
-    def plan(self, enable_deletion):
+    def plan(self, enable_deletion: bool) -> tuple[bool, bool]:
         errors = False
         disabled_deletions_detected = False
-        results = threaded.run(
+        results: list[tuple[bool, list[AccountUser], bool]] = threaded.run(
             self.terraform_plan,
             self.specs,
             self.thread_pool_size,
             enable_deletion=enable_deletion,
         )
 
-        self.created_users = []
+        self.created_users: list[AccountUser] = []
         for disabled_deletion_detected, created_users, error in results:
             if error:
                 errors = True
@@ -278,7 +278,7 @@ class TerraformClient:
         self,
         spec: TerraformSpec,
         enable_deletion: bool,
-    ) -> tuple[bool, list]:
+    ) -> tuple[bool, list[AccountUser]]:
         disabled_deletion_detected = False
         name = spec.name
         account_enable_deletion = self.accounts[name].get("enableDeletion") or False
@@ -412,7 +412,9 @@ class TerraformClient:
                             )
         return disabled_deletion_detected, created_users
 
-    def deletion_approved(self, account_name, resource_type, resource_name):
+    def deletion_approved(
+        self, account_name: str, resource_type: str, resource_name: str
+    ) -> bool:
         account = self.accounts[account_name]
         deletion_approvals = account.get("deletionApprovals")
         if not deletion_approvals:
@@ -439,11 +441,11 @@ class TerraformClient:
         return False
 
     # terraform apply
-    def apply(self):
+    def apply(self) -> bool:
         errors = threaded.run(self.terraform_apply, self.specs, self.thread_pool_size)
         return any(errors)
 
-    def terraform_apply(self, spec: TerraformSpec):
+    def terraform_apply(self, spec: TerraformSpec) -> bool:
         with self._terraform_log_file(spec.working_dir) as (f, env):
             return_code, stdout, stderr = lean_tf.apply(
                 spec.working_dir,
@@ -486,9 +488,9 @@ class TerraformClient:
 
         return replicas_info
 
-    def format_output(self, output, type):
+    def format_output(self, output: Any, type: str) -> dict[str, dict[str, Any]]:
         # data is a dictionary of dictionaries
-        data = {}
+        data: dict[str, dict[str, Any]] = {}
         if output is None:
             return data
 
@@ -643,7 +645,7 @@ class TerraformClient:
         return error_occured
 
     @staticmethod
-    def split_to_lines(*outputs):
+    def split_to_lines(*outputs: str) -> Any:
         split_outputs = []
         try:
             for output in outputs:
@@ -656,7 +658,7 @@ class TerraformClient:
             return split_outputs[0]
         return split_outputs
 
-    def cleanup(self):
+    def cleanup(self) -> None:
         if self._aws_api is not None:
             self._aws_api.cleanup()
         for wd in self.working_dirs.values():
@@ -757,7 +759,7 @@ class TerraformClient:
 
     def validate_db_upgrade(
         self, account_name: str, resource_name: str, resource_change: Mapping[str, Any]
-    ):
+    ) -> None:
         """
         Determine whether the RDS engine version upgrade is valid.
 
@@ -862,7 +864,7 @@ class TerraformClient:
             ],
         }
 
-        def is_supported(engine, version):
+        def is_supported(engine: str, version: str) -> bool:
             parsed_version = pkg_version.parse(version)
             if engine == "mysql":
                 return any(