qontract-reconcile 0.10.2.dev309__py3-none-any.whl → 0.10.2.dev311__py3-none-any.whl

{qontract_reconcile-0.10.2.dev309.dist-info → qontract_reconcile-0.10.2.dev311.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev309
+Version: 0.10.2.dev311
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile

{qontract_reconcile-0.10.2.dev309.dist-info → qontract_reconcile-0.10.2.dev311.dist-info}/RECORD

@@ -213,7 +213,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=d3PMy-mQSbSZdIGAVaZCA2U
 reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/glitchtip_project_dsn/integration.py,sha256=3GgcqUM6hWhLpo9Yx5Xr9vrdexF-WNevVCNL9bJ0Upc,8162
 reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/gql_definitions/introspection.json,sha256=jJN4kUVnrBkb39pHZ0lwt_0ZuIyrhjyzsL17pQuGwXo,2358826
+reconcile/gql_definitions/introspection.json,sha256=iXV6SKgNQpvwFvnRTqJsXVPN70Pv4pFTrbNQ-nADp6Y,2359857
 reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
 reconcile/gql_definitions/acs/acs_policies.py,sha256=Ygpfl2-VkYLSlJvHgp_dJBfb66K_Rwfdfpsa18w1v1s,4338
@@ -258,7 +258,7 @@ reconcile/gql_definitions/common/app_interface_state_settings.py,sha256=VXIK0Hmy
 reconcile/gql_definitions/common/app_interface_vault_settings.py,sha256=w8quvdG0cSq71ZyJokPPp7MyMpoDb6-HLQ3o9JHVGRQ,1771
 reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py,sha256=ckdoGse7O5uAWdZdNinkWicA2EflUb5pe8jWEBtflE8,3236
 reconcile/gql_definitions/common/apps.py,sha256=lC7uZjyHAvJXhCDPJJ-dQJInBJkUCNZoe129XMa67wo,1868
-reconcile/gql_definitions/common/aws_vpc_requests.py,sha256=2lpyy-QSfHPSTvV_zbnqzqUoFzVNl-CJDmoqd_zVSX4,2366
+reconcile/gql_definitions/common/aws_vpc_requests.py,sha256=_KhmxOfUhSWdUMGxFzrwlIq5mZHzNqvDBZv5Hgku8mU,2423
 reconcile/gql_definitions/common/aws_vpcs.py,sha256=Dss9dQ3xagnz3Ltg1e9mtG2PAmQGBbUzKCmmzvuN28s,1892
 reconcile/gql_definitions/common/clusters.py,sha256=j646LA-vlHbA131OrCF13g8rPPrBPWL3PLrvqWLZs58,21979
 reconcile/gql_definitions/common/clusters_minimal.py,sha256=JYrJV_aStmryiiGKyiXhj47qpF_8KilCqy-d9CofBCo,4635
@@ -318,7 +318,7 @@ reconcile/gql_definitions/fragments/aws_account_managed.py,sha256=V_9pH0wVza2sPy
 reconcile/gql_definitions/fragments/aws_account_sso.py,sha256=ITR3PLz4Iq1SiWAoYGWPDuHJnAmTyZ0QQqs2Zsi8pxA,979
 reconcile/gql_definitions/fragments/aws_infra_management_account.py,sha256=uAmALVRF2gBM3p_Dmez_ew6KVAtetamwOPkRIPZAlGc,1254
 reconcile/gql_definitions/fragments/aws_vpc.py,sha256=T2egTwi2Rb0IRBBmsyag8xKpu_m6GbIAy80fhZNZwk8,1434
-reconcile/gql_definitions/fragments/aws_vpc_request.py,sha256=o0qUsPrFXs8GAbtgMXQmIJxc1mw5skSIzCcidE857g8,2460
+reconcile/gql_definitions/fragments/aws_vpc_request.py,sha256=RJRNicxHzwrIqPUSjDvtIt9JGu9lov4n3xOVRx8AlVY,2682
 reconcile/gql_definitions/fragments/aws_vpc_request_subnet.py,sha256=qaTFT8cGzEslw51nUeb45Nfnv6kFxUm4CWrRR3xfBvA,760
 reconcile/gql_definitions/fragments/container_image_mirror.py,sha256=qyfQlnKUCzFEPgUJ9VGmDYFmiGHR7VZ_YJNd4KeoolM,968
 reconcile/gql_definitions/fragments/deploy_resources.py,sha256=0u3xYqL5NpMf149BJLfPhHqAOWu06aLULdNk_2Mulxg,1089
@@ -518,7 +518,7 @@ reconcile/terraform_init/integration.py,sha256=pPi4YAjbEE8vDaaRizGf-d-PewqqSJmjc
 reconcile/terraform_init/merge_request.py,sha256=3CYtgSd7Q9zjKg4wsDz437EPCRfGeZZ8fZ0Y-ChKXJY,1475
 reconcile/terraform_init/merge_request_manager.py,sha256=TQmtHq4DH-xgyYvuRyGu7VEgjPU2Yjj-uexIy-L7i88,3098
 reconcile/terraform_vpc_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/terraform_vpc_resources/integration.py,sha256=8pmcr0YTrW2QynenMCfaaXT4SV8SbH_eXx1OCyh0anA,8181
+reconcile/terraform_vpc_resources/integration.py,sha256=Gn98Gt1YqghnkxX2Bs6Q4GAT2H8KhRJsLFf-NnALs8o,8995
 reconcile/terraform_vpc_resources/merge_request.py,sha256=loRymUigCIvaaT0s_NzktZchh-DGRQnCICdBSCAcFPY,1503
 reconcile/terraform_vpc_resources/merge_request_manager.py,sha256=6jfwgbqXEFQlgLM6zmModpOkQX8wqddpoE0pZJL1Acc,3256
 reconcile/typed_queries/__init__.py,sha256=rRk4CyslLsBr4vAh1pIPgt6s3P4R1M9NSEPLnyQgBpk,61
@@ -658,7 +658,7 @@ reconcile/utils/sqs_gateway.py,sha256=XNIf3PY4UCPNufP2Ul0UJj3fKlt5larBba-VTT-41F
 reconcile/utils/state.py,sha256=vCHYIfrWLfPyIWEHSaADWlc4OqhwcOiqM3Egqvw-lfo,16372
 reconcile/utils/structs.py,sha256=P57POzpEntu8ZoZDnsOdni9qUuBDWknmw0iinznxXoY,386
 reconcile/utils/terraform_client.py,sha256=VP5Bd9Eto-To45TV08SmhhXTB3j-i2Ld3Nnvh2tkcjw,37393
-reconcile/utils/terrascript_aws_client.py,sha256=X47Wm8NIfbZQFHNKqEPpJtrAYnmC2K4wF3PVkB2NAdA,301567
+reconcile/utils/terrascript_aws_client.py,sha256=KxraVMhv_RcolHthAxucQeb3x0zFD2CCk3gVMjQ_ero,302090
 reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
 reconcile/utils/throughput.py,sha256=KNDCVsCLSp89V4pO3sEUd7bJUuh6gNfsxsc_18rEv_Y,357
 reconcile/utils/vault.py,sha256=6V15LByFghp-U3k0N4lum6V7qt2EAlRfcAxjy5e-FAU,15146
@@ -796,7 +796,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=uQv2QJAmUXP1g2GPIH30WTlvL9soY6m9lefpZEVDM5w,3965
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=KcYVfa3UmJHVP_ocgrKe8NkrO5IDB9aWEDydSokPcRk,975
-qontract_reconcile-0.10.2.dev309.dist-info/METADATA,sha256=oljRyu6KOJLH95sGlo3Hej6hD_TWUcIgOP1KIbf3n-w,24916
-qontract_reconcile-0.10.2.dev309.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev309.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev309.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev311.dist-info/METADATA,sha256=bbWjHaGf7oxXQzuibAvxZGmAYZWXdFjO11qBSsPhHlE,24916
+qontract_reconcile-0.10.2.dev311.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev311.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev311.dist-info/RECORD,,

reconcile/gql_definitions/common/aws_vpc_requests.py

@@ -58,10 +58,13 @@ fragment VPCRequest on VPCRequest_v1 {
   cidr_block {
     networkAddress
   }
+  vpc_tags
   subnets {
-    private 
+    private
     public
     availability_zones
+    private_subnet_tags
+    public_subnet_tags
   }
 }
 

reconcile/gql_definitions/fragments/aws_vpc_request.py

@@ -54,6 +54,8 @@ class VPCRequestSubnetsListsV1(ConfiguredBaseModel):
     private: Optional[list[str]] = Field(..., alias="private")
     public: Optional[list[str]] = Field(..., alias="public")
     availability_zones: Optional[list[str]] = Field(..., alias="availability_zones")
+    private_subnet_tags: Optional[Json] = Field(..., alias="private_subnet_tags")
+    public_subnet_tags: Optional[Json] = Field(..., alias="public_subnet_tags")
 
 
 class VPCRequest(ConfiguredBaseModel):
@@ -62,4 +64,5 @@ class VPCRequest(ConfiguredBaseModel):
     account: AWSAccountV1 = Field(..., alias="account")
     region: str = Field(..., alias="region")
     cidr_block: NetworkV1 = Field(..., alias="cidr_block")
+    vpc_tags: Optional[Json] = Field(..., alias="vpc_tags")
     subnets: Optional[VPCRequestSubnetsListsV1] = Field(..., alias="subnets")

reconcile/gql_definitions/introspection.json

@@ -10948,18 +10948,6 @@
                             "isDeprecated": false,
                             "deprecationReason": null
                         },
-                        {
-                            "name": "slack_username",
-                            "description": null,
-                            "args": [],
-                            "type": {
-                                "kind": "SCALAR",
-                                "name": "String",
-                                "ofType": null
-                            },
-                            "isDeprecated": false,
-                            "deprecationReason": null
-                        },
                         {
                             "name": "pagerduty_username",
                             "description": null,
@@ -27860,6 +27848,18 @@
                             },
                             "isDeprecated": false,
                             "deprecationReason": null
+                        },
+                        {
+                            "name": "vpc_tags",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "SCALAR",
+                                "name": "JSON",
+                                "ofType": null
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
                         }
                     ],
                     "inputFields": null,
@@ -28089,6 +28089,30 @@
                             },
                             "isDeprecated": false,
                             "deprecationReason": null
+                        },
+                        {
+                            "name": "private_subnet_tags",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "SCALAR",
+                                "name": "JSON",
+                                "ofType": null
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
+                        },
+                        {
+                            "name": "public_subnet_tags",
+                            "description": null,
+                            "args": [],
+                            "type": {
+                                "kind": "SCALAR",
+                                "name": "JSON",
+                                "ofType": null
+                            },
+                            "isDeprecated": false,
+                            "deprecationReason": null
                         }
                     ],
                     "inputFields": null,

reconcile/terraform_vpc_resources/integration.py

@@ -31,7 +31,11 @@ from reconcile.utils.runtime.integration import (
 from reconcile.utils.secret_reader import create_secret_reader
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.terraform_client import TerraformClient
-from reconcile.utils.terrascript_aws_client import TerrascriptClient
+from reconcile.utils.terrascript_aws_client import (
+    VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS,
+    VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS,
+    TerrascriptClient,
+)
 from reconcile.utils.vcs import VCS
 
 QONTRACT_INTEGRATION = "terraform_vpc_resources"
@@ -90,14 +94,28 @@ class TerraformVpcResources(QontractReconcileIntegration[TerraformVpcResourcesPa
                 f"{request.identifier}-public_subnets", {}
             ).get("value", [])
 
+            if request.subnets:
+                private_subnet_tags = VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS | (
+                    request.subnets.private_subnet_tags or {}
+                )
+                public_subnet_tags = VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS | (
+                    request.subnets.public_subnet_tags or {}
+                )
+            else:
+                private_subnet_tags = VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS
+                public_subnet_tags = VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS
+
             values = {
                 "static": {
                     "vpc_id": outputs_per_account.get(
                         f"{request.identifier}-vpc_id", {}
                     ).get("value"),
+                    "vpc_tags": request.vpc_tags or {},
                     "subnets": {
                         "private": private_subnets,
                         "public": public_subnets,
+                        "private_subnet_tags": private_subnet_tags,
+                        "public_subnet_tags": public_subnet_tags,
                     },
                     "account_name": request.account.name,
                     "region": request.region,

reconcile/utils/terrascript_aws_client.py

@@ -321,6 +321,9 @@ AWS_US_GOV_ELB_ACCOUNT_IDS = {
     "us-gov-east-1": "190560391635",
 }
 
+VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS = {"kubernetes.io/role/internal-elb": "1"}
+VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS = {"kubernetes.io/role/elb": "1"}
+
 
 class OutputResourceNameNotUniqueError(Exception):
     def __init__(self, namespace: str | None, duplicates: Iterable[str]) -> None:
@@ -1327,25 +1330,32 @@ class TerrascriptClient:
                 "version": vpc_module_version,
                 "name": request.identifier,
                 "cidr": request.cidr_block.network_address,
-                "private_subnet_tags": {"kubernetes.io/role/internal-elb": "1"},
-                "public_subnet_tags": {"kubernetes.io/role/elb": "1"},
                 "create_database_subnet_group": False,
                 "enable_dns_hostnames": True,
+                "vpc_tags": request.vpc_tags or {},
                 "tags": {
                     "managed_by_integration": self.integration,
                 },
             }
 
-            if request.subnets and request.subnets.public:
-                vpc_module_values["public_subnets"] = request.subnets.public
-            if request.subnets and request.subnets.private:
-                vpc_module_values["private_subnets"] = request.subnets.private
-            if request.subnets and request.subnets.availability_zones:
-                vpc_module_values["azs"] = request.subnets.availability_zones
-
-            # We only want to enable nat_gateway if we have public and private subnets
-            if request.subnets and request.subnets.public and request.subnets.private:
-                vpc_module_values["enable_nat_gateway"] = True
+            if request.subnets:
+                if request.subnets.public:
+                    vpc_module_values["public_subnets"] = request.subnets.public
+                    vpc_module_values["public_subnet_tags"] = (
+                        VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS
+                        | (request.subnets.public_subnet_tags or {})
+                    )
+                if request.subnets.private:
+                    vpc_module_values["private_subnets"] = request.subnets.private
+                    vpc_module_values["private_subnet_tags"] = (
+                        VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS
+                        | (request.subnets.private_subnet_tags or {})
+                    )
+                if request.subnets.availability_zones:
+                    vpc_module_values["azs"] = request.subnets.availability_zones
+                # We only want to enable nat_gateway if we have public and private subnets
+                if request.subnets.public and request.subnets.private:
+                    vpc_module_values["enable_nat_gateway"] = True
 
             aws_account = request.account.name
             vpc_module = Module(request.identifier, **vpc_module_values)
@@ -1386,19 +1396,20 @@ class TerrascriptClient:
             )
             self.add_resource(aws_account, vpc_cidr_block_output)
 
-            if request.subnets and request.subnets.private:
-                private_subnets_output = Output(
-                    f"{request.identifier}-private_subnets",
-                    value=f"${{module.{request.identifier}.private_subnets}}",
-                )
-                self.add_resource(aws_account, private_subnets_output)
+            if request.subnets:
+                if request.subnets.private:
+                    private_subnets_output = Output(
+                        f"{request.identifier}-private_subnets",
+                        value=f"${{module.{request.identifier}.private_subnets}}",
+                    )
+                    self.add_resource(aws_account, private_subnets_output)
 
-            if request.subnets and request.subnets.public:
-                public_subnets_output = Output(
-                    f"{request.identifier}-public_subnets",
-                    value=f"${{module.{request.identifier}.public_subnets}}",
-                )
-                self.add_resource(aws_account, public_subnets_output)
+                if request.subnets.public:
+                    public_subnets_output = Output(
+                        f"{request.identifier}-public_subnets",
+                        value=f"${{module.{request.identifier}.public_subnets}}",
+                    )
+                    self.add_resource(aws_account, public_subnets_output)
 
     def populate_tgw_attachments(
         self, desired_state: Iterable[DesiredStateItem]