PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev310__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev310py3-none-any.whl → 0.10.2.dev439py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of qontract-reconcile might be problematic. Click here for more details.

Files changed (400) hide show

{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/METADATA +13 -12
{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/RECORD +396 -391
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/base.py +134 -32
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gates/sts_version_gate_handler.py +54 -1
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +5 -5
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +32 -25
reconcile/aws_version_sync/integration.py +125 -84
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +2 -4
reconcile/checkpoint.py +12 -4
reconcile/cli.py +111 -18
reconcile/cluster_deployment_mapper.py +2 -3
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +125 -121
reconcile/deadmanssnitch.py +1 -5
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +9 -11
reconcile/external_resources/factories.py +5 -12
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -5
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +20 -20
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +10 -14
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +8 -5
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_mr_sqs_consumer.py +2 -2
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +10 -10
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +6 -6
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +32 -32
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +26 -26
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +6 -7
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +51 -12
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +11 -11
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +28 -68
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +10 -10
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +9 -9
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +18 -18
reconcile/gql_definitions/common/alerting_services_settings.py +9 -9
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +120 -0
reconcile/gql_definitions/common/app_interface_state_settings.py +10 -10
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +22 -9
reconcile/gql_definitions/common/aws_vpcs.py +11 -11
reconcile/gql_definitions/common/clusters.py +37 -35
reconcile/gql_definitions/common/clusters_minimal.py +14 -14
reconcile/gql_definitions/common/clusters_with_dms.py +6 -6
reconcile/gql_definitions/common/clusters_with_peering.py +29 -30
reconcile/gql_definitions/common/github_orgs.py +10 -10
reconcile/gql_definitions/common/jira_settings.py +10 -10
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +42 -44
reconcile/gql_definitions/common/namespaces_minimal.py +15 -13
reconcile/gql_definitions/common/ocm_env_telemeter.py +12 -12
reconcile/gql_definitions/common/ocm_environments.py +19 -19
reconcile/gql_definitions/common/pagerduty_instances.py +9 -9
reconcile/gql_definitions/common/pgp_reencryption_settings.py +6 -6
reconcile/gql_definitions/common/pipeline_providers.py +29 -29
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +44 -44
reconcile/gql_definitions/common/saas_target_namespaces.py +10 -10
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +19 -19
reconcile/gql_definitions/common/state_aws_account.py +7 -8
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +9 -9
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +43 -43
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +10 -10
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +8 -8
reconcile/gql_definitions/email_sender/users.py +6 -6
reconcile/gql_definitions/endpoints_discovery/apps.py +10 -10
reconcile/gql_definitions/external_resources/aws_accounts.py +9 -9
reconcile/gql_definitions/external_resources/external_resources_modules.py +23 -23
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +494 -410
reconcile/gql_definitions/external_resources/external_resources_settings.py +28 -26
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +40 -40
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/{aws_vpc_request_subnet.py → aws_organization.py} +12 -8
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +12 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +9 -9
reconcile/gql_definitions/gcp/gcp_projects.py +9 -9
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +9 -9
reconcile/gql_definitions/gitlab_members/permissions.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_project.py +11 -11
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +9 -9
reconcile/gql_definitions/integrations/integrations.py +48 -51
reconcile/gql_definitions/introspection.json +3510 -1865
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +11 -11
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +10 -10
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +14 -10
reconcile/gql_definitions/jumphosts/jumphosts.py +13 -13
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +9 -9
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +18 -19
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +22 -22
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +6 -6
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +10 -10
reconcile/gql_definitions/quay_membership/quay_membership.py +6 -6
reconcile/gql_definitions/rhcs/certs.py +33 -87
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +18 -18
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +8 -8
reconcile/gql_definitions/sharding/aws_accounts.py +10 -10
reconcile/gql_definitions/sharding/ocm_organization.py +8 -8
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +10 -10
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +9 -9
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +6 -7
reconcile/gql_definitions/statuspage/statuspages.py +9 -9
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +20 -25
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +12 -12
reconcile/gql_definitions/terraform_init/aws_accounts.py +23 -9
reconcile/gql_definitions/terraform_repo/terraform_repo.py +9 -9
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +450 -402
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +23 -17
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +9 -9
reconcile/gql_definitions/vault_instances/vault_instances.py +61 -61
reconcile/gql_definitions/vault_policies/vault_policies.py +11 -11
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +8 -8
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_job_builder.py +1 -1
reconcile/jenkins_worker_fleets.py +80 -11
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -56
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +122 -10
reconcile/openshift_cluster_bots.py +5 -5
reconcile/openshift_groups.py +5 -0
reconcile/openshift_limitranges.py +1 -1
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +10 -5
reconcile/openshift_rhcs_certs.py +77 -40
reconcile/openshift_rolebindings.py +230 -130
reconcile/openshift_saas_deploy.py +6 -7
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +8 -7
reconcile/openshift_tekton_resources.py +1 -1
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/openshift_users.py +5 -3
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/oum/providers.py +1 -1
reconcile/prometheus_rules_tester/integration.py +4 -4
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -0
reconcile/requests_sender.py +8 -3
reconcile/resource_scraper.py +1 -5
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +19 -10
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/sendgrid_teammates.py +20 -9
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status.py +2 -2
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +5 -1
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +4 -1
reconcile/templating/lib/merge_request_manager.py +2 -2
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +12 -13
reconcile/terraform_aws_route53.py +18 -8
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +12 -13
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +18 -10
reconcile/terraform_tgw_attachments.py +28 -20
reconcile/terraform_users.py +27 -22
reconcile/terraform_vpc_peerings.py +15 -3
reconcile/terraform_vpc_resources/integration.py +23 -8
reconcile/typed_queries/app_interface_roles.py +10 -0
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +13 -13
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aggregated_list.py +4 -3
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +24 -1
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gpg.py +5 -3
reconcile/utils/gql.py +4 -7
reconcile/utils/helm.py +2 -1
reconcile/utils/helpers.py +1 -1
reconcile/utils/imap_client.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jenkins_api.py +24 -1
reconcile/utils/jinja2/utils.py +6 -8
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +78 -46
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +74 -0
reconcile/utils/ldap_client.py +4 -3
reconcile/utils/lean_terraform_client.py +3 -1
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/__init__.py +3 -1
reconcile/utils/mr/app_interface_reporter.py +6 -3
reconcile/utils/mr/aws_access.py +1 -1
reconcile/utils/mr/base.py +7 -13
reconcile/utils/mr/clusters_updates.py +4 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +4 -1
reconcile/utils/mr/promote_qontract.py +28 -12
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +7 -6
reconcile/utils/oc.py +445 -336
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +18 -21
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/ocm.py +81 -71
reconcile/utils/ocm/products.py +9 -3
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/ocm_base_client.py +4 -4
reconcile/utils/openshift_resource.py +83 -52
reconcile/utils/openssl.py +2 -2
reconcile/utils/output.py +3 -2
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +11 -8
reconcile/utils/repo_owners.py +21 -29
reconcile/utils/rhcsv2_certs.py +138 -35
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/meta.py +2 -1
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +25 -21
reconcile/utils/saasherder/saasherder.py +60 -32
reconcile/utils/secret_reader.py +6 -6
reconcile/utils/sharding.py +1 -1
reconcile/utils/slack_api.py +26 -4
reconcile/utils/sloth.py +224 -0
reconcile/utils/sqs_gateway.py +16 -11
reconcile/utils/state.py +2 -1
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +29 -26
reconcile/utils/terrascript_aws_client.py +200 -116
reconcile/utils/three_way_diff_strategy.py +1 -1
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +44 -41
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +119 -58
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/cli_commands/gpg_encrypt.py +4 -1
tools/cli_commands/systems_and_tools.py +5 -1
tools/qontract_cli.py +36 -21
tools/template_validation.py +3 -1
reconcile/gql_definitions/ocm_oidc_idp/__init__.py +0 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/jenkins/__init__.py +0 -0
reconcile/jenkins/types.py +0 -77
{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/entry_points.txt +0 -0

reconcile/oum/labelset.py CHANGED Viewed

@@ -1,4 +1,5 @@
 from collections import defaultdict
+from typing import Annotated
 from pydantic import BaseModel
@@ -22,9 +23,10 @@ class _GroupMappingLabelset(BaseModel):
     the sre-capabilities.user-mgmt.$provider prefix.
     """
-    authz_roles: dict[str, CSV] | None = sre_capability_labels.labelset_groupfield(
-        group_prefix="authz."
-    )
+    authz_roles: Annotated[
+        dict[str, CSV] | None,
+        sre_capability_labels.labelset_groupfield(group_prefix="authz."),
+    ]
 def build_cluster_config_from_labels(

reconcile/oum/models.py CHANGED Viewed

@@ -56,7 +56,7 @@ class ClusterUserManagementSpec(BaseModel):
     errors: list[ClusterError] = Field(default_factory=list)
-class ClusterRoleReconcileResult(BaseModel):
+class ClusterRoleReconcileResult(BaseModel, arbitrary_types_allowed=True):
     """
     Holds the result of a cluster role reconciliation.
     """
@@ -64,6 +64,3 @@ class ClusterRoleReconcileResult(BaseModel):
     users_added: int = 0
     users_removed: int = 0
     error: Exception | None = None
-    class Config:
-        arbitrary_types_allowed = True

reconcile/oum/providers.py CHANGED Viewed

@@ -33,7 +33,7 @@ class LdapGroupMemberProvider(GroupMemberProvider):
         if len(group_ids) == 0:
             return {}
         with self.ldap_client as lc:
-            groups_members_by_dn = lc.get_group_members(group_dn_mapping.keys())
+            groups_members_by_dn = lc.get_group_members(set(group_dn_mapping.keys()))
         return {
             group_dn_mapping[dn]: members
             for dn, members in groups_members_by_dn.items()

reconcile/prometheus_rules_tester/integration.py CHANGED Viewed

@@ -42,7 +42,7 @@ QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
 PROVIDERS = ["prometheus-rule"]
 NAMESPACE_NAME = "openshift-customer-monitoring"
-DEFAULT_PROMTOOL_VERSION = "2.55.1"
+DEFAULT_PROMTOOL_VERSION = "3.2.1"
 class TestContent(BaseModel):
@@ -56,7 +56,7 @@ class Test(BaseModel):
     rule_path: str
     rule: dict
     rule_length: int
-    tests: list[TestContent] | None
+    tests: list[TestContent] | None = None
     result: CommandExecutionResult | None = None
     promtool_version: str
@@ -76,7 +76,7 @@ def fetch_rule_and_tests(
     openshift_resource = orb.fetch_openshift_resource(
         resource=rule.resource,
         parent=rule.namespace,
-        settings=vault_settings.dict(by_alias=True),
+        settings=vault_settings.model_dump(by_alias=True),
     )
     rule_body = openshift_resource.body
@@ -96,7 +96,7 @@ def fetch_rule_and_tests(
             test_raw_yaml = process_extracurlyjinja2_template(
                 body=test_raw_yaml,
                 vars=variables,
-                settings=vault_settings.dict(by_alias=True),
+                settings=vault_settings.model_dump(by_alias=True),
             )
         test_yaml_spec = yaml.safe_load(test_raw_yaml)

reconcile/quay_mirror.py CHANGED Viewed

@@ -66,7 +66,7 @@ class QuayMirror:
     }
     """
-    response_cache: dict[tuple[str, str], Response] = {}
+    response_cache: dict[tuple[str, str | None], Response] = {}
     def __init__(
         self,

reconcile/queries.py CHANGED Viewed

@@ -477,6 +477,12 @@ AWS_ACCOUNTS_QUERY = """
       integrations
     }
     deleteKeys
+    organization {
+      payerAccount {
+        organizationAccountTags
+      }
+      tags
+    }
     {% if reset_passwords %}
     resetPasswords {
       user {
@@ -499,6 +505,12 @@ AWS_ACCOUNTS_QUERY = """
         name
         uid
         supportedDeploymentRegions
+        organization {
+          payerAccount {
+            organizationAccountTags
+          }
+          tags
+        }
       }
       ... on AWSAccountSharingOptionAMI_v1 {
         regex
@@ -606,6 +618,12 @@ awsInfrastructureManagementAccounts {
       version
       format
     }
+    organization {
+      payerAccount {
+        organizationAccountTags
+      }
+      tags
+    }
   }
   accessLevel
   default
@@ -636,6 +654,12 @@ awsInfrastructureAccess {
         version
         format
       }
+      organization {
+        payerAccount {
+          organizationAccountTags
+        }
+        tags
+      }
     }
     roles {
       users {
@@ -745,6 +769,12 @@ CLUSTERS_QUERY = """
             version
             format
           }
+          organization {
+            payerAccount {
+                organizationAccountTags
+            }
+            tags
+          }
           rosa {
             ocm_environments {
               ocm {
@@ -773,6 +803,7 @@ CLUSTERS_QUERY = """
       private
       provision_shard_id
       disable_user_workload_monitoring
+      fips
     }
     externalConfiguration {
       labels
@@ -829,6 +860,12 @@ CLUSTERS_QUERY = """
                 version
                 format
               }
+              organization {
+                payerAccount {
+                  organizationAccountTags
+                }
+                tags
+              }
             }
             vpc_id
             cidr_block
@@ -847,6 +884,12 @@ CLUSTERS_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
         }
@@ -861,6 +904,12 @@ CLUSTERS_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
           cidrBlock
@@ -889,6 +938,12 @@ CLUSTERS_QUERY = """
                     version
                     format
                   }
+                  organization {
+                    payerAccount {
+                      organizationAccountTags
+                    }
+                    tags
+                  }
                 }
               }
               accessLevel
@@ -914,6 +969,12 @@ CLUSTERS_QUERY = """
                       version
                       format
                     }
+                    organization {
+                      payerAccount {
+                        organizationAccountTags
+                      }
+                      tags
+                    }
                   }
                 }
               }
@@ -1067,6 +1128,12 @@ CLUSTER_PEERING_QUERY = """
           version
           format
         }
+        organization {
+          payerAccount {
+            organizationAccountTags
+          }
+          tags
+        }
       }
       accessLevel
       default
@@ -1088,6 +1155,12 @@ CLUSTER_PEERING_QUERY = """
             version
             format
           }
+          organization {
+            payerAccount {
+              organizationAccountTags
+            }
+            tags
+          }
         }
       }
     }
@@ -1112,6 +1185,12 @@ CLUSTER_PEERING_QUERY = """
                 version
                 format
               }
+              organization {
+                payerAccount {
+                  organizationAccountTags
+                }
+                tags
+              }
             }
             vpc_id
             cidr_block
@@ -1131,6 +1210,12 @@ CLUSTER_PEERING_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
           assumeRole
@@ -1146,6 +1231,12 @@ CLUSTER_PEERING_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
           cidrBlock
@@ -1175,6 +1266,12 @@ CLUSTER_PEERING_QUERY = """
                     version
                     format
                   }
+                  organization {
+                    payerAccount {
+                      organizationAccountTags
+                    }
+                    tags
+                  }
                 }
               }
             }
@@ -1190,6 +1287,12 @@ CLUSTER_PEERING_QUERY = """
                   version
                   format
                 }
+                organization {
+                  payerAccount {
+                    organizationAccountTags
+                  }
+                  tags
+                }
               }
               accessLevel
               default
@@ -1216,6 +1319,12 @@ CLUSTER_PEERING_QUERY = """
                             version
                             format
                           }
+                          organization {
+                            payerAccount {
+                              organizationAccountTags
+                            }
+                            tags
+                          }
                         }
                       }
                     }
@@ -1231,6 +1340,12 @@ CLUSTER_PEERING_QUERY = """
                       version
                       format
                     }
+                    organization {
+                      payerAccount {
+                        organizationAccountTags
+                      }
+                      tags
+                    }
                   }
                 }
               }
@@ -2230,6 +2345,12 @@ JIRA_BOARDS_QUICK_QUERY = """
         version
         format
       }
+      email {
+        path
+        field
+        version
+        format
+      }
     }
   }
 }
@@ -2336,6 +2457,12 @@ DNS_ZONES_QUERY = """
         version
         format
       }
+      organization {
+        payerAccount {
+          organizationAccountTags
+        }
+        tags
+      }
     }
     vpc {
       vpc_id
@@ -2697,6 +2824,10 @@ APP_METADATA = """
               path
               field
             }
+            email {
+              path
+              field
+            }
           }
         }
         slackUserGroup {

reconcile/requests_sender.py CHANGED Viewed

@@ -1,6 +1,8 @@
 import logging
 import sys
+from collections.abc import Callable, Mapping
 from subprocess import CalledProcessError
+from typing import Any
 from reconcile import (
     queries,
@@ -44,7 +46,9 @@ Encrypted credentials:
 """
-def get_encrypted_credentials(credentials_name, user, settings):
+def get_encrypted_credentials(
+    credentials_name: str, user: Mapping[str, Any], settings: Mapping[str, Any]
+) -> str | None:
     credentials_map = settings["credentials"]
     credentials_map_item = [c for c in credentials_map if c["name"] == credentials_name]
     if len(credentials_map_item) != 1:
@@ -59,7 +63,7 @@ def get_encrypted_credentials(credentials_name, user, settings):
 @defer
-def run(dry_run, defer=None):
+def run(dry_run: bool, defer: Callable | None = None) -> None:
     settings = queries.get_app_interface_settings()
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
@@ -76,7 +80,8 @@ def run(dry_run, defer=None):
         integration=QONTRACT_INTEGRATION,
         secret_reader=secret_reader,
     )
-    defer(state.cleanup)
+    if defer:
+        defer(state.cleanup)
     credentials_requests = queries.get_credentials_requests()
     # validate no 2 requests have the same name

reconcile/resource_scraper.py CHANGED Viewed

@@ -1,8 +1,5 @@
 import logging
 import sys
-from typing import (
-    cast,
-)
 from reconcile.status import ExitCodes
 from reconcile.typed_queries.app_interface_vault_settings import (
@@ -14,7 +11,6 @@ from reconcile.utils.oc_map import init_oc_map_from_clusters
 from reconcile.utils.secret_reader import create_secret_reader
 from reconcile.utils.vault import (
     VaultClient,
-    _VaultClient,
 )
 QONTRACT_INTEGRATION = "resource-scraper"
@@ -63,7 +59,7 @@ def run(
             results.append(item)
     if not dry_run:
-        vault_client = cast("_VaultClient", VaultClient())
+        vault_client = VaultClient.get_instance()
         for item in results:
             secret = {
                 "path": f"{vault_output_path}/{QONTRACT_INTEGRATION}/{item['cluster']}/{namespace_name}/{item['name']}",

reconcile/rhidp/common.py CHANGED Viewed

@@ -7,10 +7,7 @@ from enum import StrEnum
 from typing import Any
 from urllib.parse import urlparse
-from pydantic import (
-    BaseModel,
-    root_validator,
-)
+from pydantic import BaseModel, model_validator
 from reconcile.gql_definitions.common.ocm_environments import (
     query as ocm_environment_query,
@@ -63,7 +60,8 @@ class ClusterAuth(BaseModel):
     issuer: str
     status: str
-    @root_validator
+    @model_validator(mode="before")
+    @classmethod
     def name_no_spaces(
         cls, values: MutableMapping[str, Any]
     ) -> MutableMapping[str, Any]:

reconcile/rhidp/sso_client/base.py CHANGED Viewed

@@ -1,3 +1,4 @@
+import http
 import logging
 from collections.abc import (
     Iterable,
@@ -10,6 +11,7 @@ from urllib.parse import (
 )
 import jwt
+from requests import HTTPError
 from reconcile.rhidp.common import (
     Cluster,
@@ -138,7 +140,7 @@ def fetch_current_state(
     secret_reader: VaultSecretReader, vault_input_path: str
 ) -> list[str]:
     """Fetch all existing SSO client IDs from vault."""
-    return secret_reader.vault_client.list(vault_input_path)  # type: ignore[attr-defined] # mypy doesn't recognize the VaultClient.__new__ method
+    return secret_reader.vault_client.list(vault_input_path)
 def fetch_desired_state(
@@ -234,10 +236,10 @@ def create_sso_client(
         vault_secret_id=sso_client_id,
     )
-    secret_reader.vault_client.write(  # type: ignore[attr-defined] # mypy doesn't recognize the VaultClient.__new__ method
+    secret_reader.vault_client.write(
         secret={
             "path": secret.path,
-            "data": sso_client.dict(),
+            "data": sso_client.model_dump(),
         },
         decode_base64=False,
     )
@@ -256,11 +258,18 @@ def delete_sso_client(
     )
     sso_client = SSOClient(**secret_reader.read_all_secret(secret=secret))
     keycloak_api = keycloak_map.get(sso_client.issuer)
-    keycloak_api.delete_client(
-        registration_client_uri=sso_client.registration_client_uri,
-        registration_access_token=sso_client.registration_access_token,
-    )
+    try:
+        keycloak_api.delete_client(
+            registration_client_uri=sso_client.registration_client_uri,
+            registration_access_token=sso_client.registration_access_token,
+        )
+    except HTTPError as e:
+        if e.response.status_code != http.HTTPStatus.UNAUTHORIZED:
+            logging.error(f"Failed to delete SSO client {sso_client_id}: {e}")
+            raise
+        # something went wrong with the registration token, maybe it expired
+        logging.error(
+            f"Failed to delete SSO client {sso_client_id} due to unauthorized error: {e}. Continuing to delete the vault secret."
+        )
-    secret_reader.vault_client.delete(  # type: ignore[attr-defined] # mypy doesn't recognize the VaultClient.__new__ method
-        path=secret.path
-    )
+    secret_reader.vault_client.delete(path=secret.path)

reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py CHANGED Viewed

@@ -177,7 +177,7 @@ def is_namespace_addressed_by_selector(
     # json representation of namespace to filter on
     # remove all the None values to simplify the jsonpath expressions
     namespace_as_dict = {
-        "namespace": [namespace.dict(by_alias=True, exclude_none=True)]
+        "namespace": [namespace.model_dump(by_alias=True, exclude_none=True)]
     }
     do_include = any(

reconcile/saas_auto_promotions_manager/subscriber.py CHANGED Viewed

@@ -2,7 +2,7 @@ import hashlib
 import logging
 from collections.abc import Iterable
 from dataclasses import dataclass
-from datetime import UTC, datetime, timedelta
+from datetime import timedelta
 from croniter import croniter
@@ -13,6 +13,7 @@ from reconcile.saas_auto_promotions_manager.publisher import (
     DeploymentInfo,
     Publisher,
 )
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.slo_document_manager import SLODocumentManager
 CONTENT_HASH_LENGTH = 32
@@ -113,7 +114,7 @@ class Subscriber:
         We accumulate the time a ref is running on all publishers for this subscriber.
         We compare that accumulated time with the soak_days setting of the subscriber.
         """
-        now = datetime.now(UTC)
+        now = utc_now()
         delta = timedelta(days=0)
         for channel in self.channels:
             for publisher in channel.publishers:
@@ -136,7 +137,7 @@ class Subscriber:
                 self.schedule,
             )
             return False
-        return croniter.match(self.schedule, datetime.now(UTC), day_or=False)
+        return croniter.match(self.schedule, utc_now(), day_or=False)
     def _compute_desired_ref(self) -> None:
         """

reconcile/sendgrid_teammates.py CHANGED Viewed

@@ -1,5 +1,7 @@
 import logging
 import sys
+from collections.abc import Iterable, Mapping
+from typing import Any
 import sendgrid
 from sretoolbox.utils import retry
@@ -17,18 +19,22 @@ class SendGridAPIError(Exception):
 class Teammate:
-    def __init__(self, email, pending_token=None, username=None):
+    def __init__(
+        self, email: str, pending_token: str | None = None, username: str | None = None
+    ) -> None:
         self.email = email
-        self.username = username or email.split("@")[0]
+        self.username = username or email.split("@", maxsplit=1)[0]
         self.pending_token = pending_token
     @property
-    def pending(self):
+    def pending(self) -> bool:
         return bool(self.pending_token)
-def fetch_desired_state(users):
-    desired_state = {}
+def fetch_desired_state(
+    users: Iterable[Mapping[str, Any]],
+) -> dict[str, list[Teammate]]:
+    desired_state: dict[str, list[Teammate]] = {}
     for user in users:
         roles = user.get("roles") or []
         for role in roles:
@@ -42,7 +48,7 @@ def fetch_desired_state(users):
 @retry()
-def fetch_current_state(sg_client):
+def fetch_current_state(sg_client: sendgrid.SendGridAPIClient) -> list[Teammate]:
     state = []
     limit = 100
@@ -79,7 +85,7 @@ def fetch_current_state(sg_client):
     return state
-def raise_if_error(response):
+def raise_if_error(response: Any) -> None:
     """
     Raises an SendGridAPIError if the request has returned an error
     """
@@ -87,7 +93,12 @@ def raise_if_error(response):
         raise SendGridAPIError(response.body.decode("utf-8"))
-def act(dry_run, sg_client, desired_state, current_state):
+def act(
+    dry_run: bool,
+    sg_client: sendgrid.SendGridAPIClient,
+    desired_state: Iterable[Teammate],
+    current_state: Iterable[Teammate],
+) -> bool:
     """
     Reconciles current state with desired state.
@@ -145,7 +156,7 @@ def act(dry_run, sg_client, desired_state, current_state):
     return error
-def run(dry_run):
+def run(dry_run: bool) -> None:
     settings = queries.get_app_interface_settings()
     secret_reader = SecretReader(settings=settings)

reconcile/skupper_network/integration.py CHANGED Viewed

@@ -85,7 +85,7 @@ def compile_skupper_sites(
                 or skupper_network.site_controller_templates
             ):
                 tmpl_vars = tmpl.variables or {}
-                tmpl_vars["resource"] = {"namespace": ns.dict(by_alias=True)}
+                tmpl_vars["resource"] = {"namespace": ns.model_dump(by_alias=True)}
                 site_controller_objects.append(
                     load_site_controller_template(tmpl.path, tmpl_vars)
@@ -304,6 +304,6 @@ def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     skupper_networks = get_skupper_networks(gqlapi.query)
     return {
         "skupper_sites": [
-            site.dict() for site in compile_skupper_sites(skupper_networks)
+            site.model_dump() for site in compile_skupper_sites(skupper_networks)
         ],
     }

qontract-reconcile 0.10.2.dev310__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl

Potentially problematic release.

qontract-reconcile 0.10.2.dev310py3-none-any.whl → 0.10.2.dev439py3-none-any.whl