PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev310__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev310py3-none-any.whl → 0.10.2.dev439py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of qontract-reconcile might be problematic. Click here for more details.

Files changed (400) hide show

{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/METADATA +13 -12
{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/RECORD +396 -391
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/base.py +134 -32
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gates/sts_version_gate_handler.py +54 -1
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +5 -5
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +32 -25
reconcile/aws_version_sync/integration.py +125 -84
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +2 -4
reconcile/checkpoint.py +12 -4
reconcile/cli.py +111 -18
reconcile/cluster_deployment_mapper.py +2 -3
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +125 -121
reconcile/deadmanssnitch.py +1 -5
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +9 -11
reconcile/external_resources/factories.py +5 -12
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -5
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +20 -20
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +10 -14
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +8 -5
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_mr_sqs_consumer.py +2 -2
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +10 -10
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +6 -6
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +32 -32
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +26 -26
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +6 -7
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +51 -12
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +11 -11
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +28 -68
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +10 -10
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +9 -9
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +18 -18
reconcile/gql_definitions/common/alerting_services_settings.py +9 -9
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +120 -0
reconcile/gql_definitions/common/app_interface_state_settings.py +10 -10
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +22 -9
reconcile/gql_definitions/common/aws_vpcs.py +11 -11
reconcile/gql_definitions/common/clusters.py +37 -35
reconcile/gql_definitions/common/clusters_minimal.py +14 -14
reconcile/gql_definitions/common/clusters_with_dms.py +6 -6
reconcile/gql_definitions/common/clusters_with_peering.py +29 -30
reconcile/gql_definitions/common/github_orgs.py +10 -10
reconcile/gql_definitions/common/jira_settings.py +10 -10
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +42 -44
reconcile/gql_definitions/common/namespaces_minimal.py +15 -13
reconcile/gql_definitions/common/ocm_env_telemeter.py +12 -12
reconcile/gql_definitions/common/ocm_environments.py +19 -19
reconcile/gql_definitions/common/pagerduty_instances.py +9 -9
reconcile/gql_definitions/common/pgp_reencryption_settings.py +6 -6
reconcile/gql_definitions/common/pipeline_providers.py +29 -29
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +44 -44
reconcile/gql_definitions/common/saas_target_namespaces.py +10 -10
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +19 -19
reconcile/gql_definitions/common/state_aws_account.py +7 -8
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +9 -9
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +43 -43
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +10 -10
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +8 -8
reconcile/gql_definitions/email_sender/users.py +6 -6
reconcile/gql_definitions/endpoints_discovery/apps.py +10 -10
reconcile/gql_definitions/external_resources/aws_accounts.py +9 -9
reconcile/gql_definitions/external_resources/external_resources_modules.py +23 -23
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +494 -410
reconcile/gql_definitions/external_resources/external_resources_settings.py +28 -26
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +40 -40
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/{aws_vpc_request_subnet.py → aws_organization.py} +12 -8
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +12 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +9 -9
reconcile/gql_definitions/gcp/gcp_projects.py +9 -9
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +9 -9
reconcile/gql_definitions/gitlab_members/permissions.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_project.py +11 -11
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +9 -9
reconcile/gql_definitions/integrations/integrations.py +48 -51
reconcile/gql_definitions/introspection.json +3510 -1865
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +11 -11
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +10 -10
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +14 -10
reconcile/gql_definitions/jumphosts/jumphosts.py +13 -13
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +9 -9
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +18 -19
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +22 -22
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +6 -6
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +10 -10
reconcile/gql_definitions/quay_membership/quay_membership.py +6 -6
reconcile/gql_definitions/rhcs/certs.py +33 -87
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +18 -18
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +8 -8
reconcile/gql_definitions/sharding/aws_accounts.py +10 -10
reconcile/gql_definitions/sharding/ocm_organization.py +8 -8
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +10 -10
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +9 -9
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +6 -7
reconcile/gql_definitions/statuspage/statuspages.py +9 -9
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +20 -25
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +12 -12
reconcile/gql_definitions/terraform_init/aws_accounts.py +23 -9
reconcile/gql_definitions/terraform_repo/terraform_repo.py +9 -9
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +450 -402
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +23 -17
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +9 -9
reconcile/gql_definitions/vault_instances/vault_instances.py +61 -61
reconcile/gql_definitions/vault_policies/vault_policies.py +11 -11
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +8 -8
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_job_builder.py +1 -1
reconcile/jenkins_worker_fleets.py +80 -11
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -56
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +122 -10
reconcile/openshift_cluster_bots.py +5 -5
reconcile/openshift_groups.py +5 -0
reconcile/openshift_limitranges.py +1 -1
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +10 -5
reconcile/openshift_rhcs_certs.py +77 -40
reconcile/openshift_rolebindings.py +230 -130
reconcile/openshift_saas_deploy.py +6 -7
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +8 -7
reconcile/openshift_tekton_resources.py +1 -1
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/openshift_users.py +5 -3
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/oum/providers.py +1 -1
reconcile/prometheus_rules_tester/integration.py +4 -4
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -0
reconcile/requests_sender.py +8 -3
reconcile/resource_scraper.py +1 -5
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +19 -10
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/sendgrid_teammates.py +20 -9
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status.py +2 -2
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +5 -1
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +4 -1
reconcile/templating/lib/merge_request_manager.py +2 -2
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +12 -13
reconcile/terraform_aws_route53.py +18 -8
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +12 -13
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +18 -10
reconcile/terraform_tgw_attachments.py +28 -20
reconcile/terraform_users.py +27 -22
reconcile/terraform_vpc_peerings.py +15 -3
reconcile/terraform_vpc_resources/integration.py +23 -8
reconcile/typed_queries/app_interface_roles.py +10 -0
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +13 -13
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aggregated_list.py +4 -3
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +24 -1
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gpg.py +5 -3
reconcile/utils/gql.py +4 -7
reconcile/utils/helm.py +2 -1
reconcile/utils/helpers.py +1 -1
reconcile/utils/imap_client.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jenkins_api.py +24 -1
reconcile/utils/jinja2/utils.py +6 -8
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +78 -46
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +74 -0
reconcile/utils/ldap_client.py +4 -3
reconcile/utils/lean_terraform_client.py +3 -1
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/__init__.py +3 -1
reconcile/utils/mr/app_interface_reporter.py +6 -3
reconcile/utils/mr/aws_access.py +1 -1
reconcile/utils/mr/base.py +7 -13
reconcile/utils/mr/clusters_updates.py +4 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +4 -1
reconcile/utils/mr/promote_qontract.py +28 -12
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +7 -6
reconcile/utils/oc.py +445 -336
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +18 -21
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/ocm.py +81 -71
reconcile/utils/ocm/products.py +9 -3
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/ocm_base_client.py +4 -4
reconcile/utils/openshift_resource.py +83 -52
reconcile/utils/openssl.py +2 -2
reconcile/utils/output.py +3 -2
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +11 -8
reconcile/utils/repo_owners.py +21 -29
reconcile/utils/rhcsv2_certs.py +138 -35
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/meta.py +2 -1
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +25 -21
reconcile/utils/saasherder/saasherder.py +60 -32
reconcile/utils/secret_reader.py +6 -6
reconcile/utils/sharding.py +1 -1
reconcile/utils/slack_api.py +26 -4
reconcile/utils/sloth.py +224 -0
reconcile/utils/sqs_gateway.py +16 -11
reconcile/utils/state.py +2 -1
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +29 -26
reconcile/utils/terrascript_aws_client.py +200 -116
reconcile/utils/three_way_diff_strategy.py +1 -1
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +44 -41
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +119 -58
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/cli_commands/gpg_encrypt.py +4 -1
tools/cli_commands/systems_and_tools.py +5 -1
tools/qontract_cli.py +36 -21
tools/template_validation.py +3 -1
reconcile/gql_definitions/ocm_oidc_idp/__init__.py +0 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/jenkins/__init__.py +0 -0
reconcile/jenkins/types.py +0 -77
{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev310.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/entry_points.txt +0 -0

reconcile/cli.py CHANGED Viewed

@@ -1,6 +1,5 @@
 # ruff: noqa: PLC0415 - `import` should be at the top-level of a file
 import faulthandler
-import json
 import logging
 import os
 import re
@@ -31,6 +30,7 @@ from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
 from reconcile.utils.exceptions import PrintToFileInGitRepositoryError
 from reconcile.utils.git import is_file_in_git_repo
 from reconcile.utils.gql import GqlApiSingleton
+from reconcile.utils.json import json_dumps
 from reconcile.utils.promtool import PROMTOOL_VERSION, PROMTOOL_VERSION_REGEX
 from reconcile.utils.runtime.environment import init_env
 from reconcile.utils.runtime.integration import (
@@ -50,8 +50,8 @@ from reconcile.utils.unleash import get_feature_toggle_state
 TERRAFORM_VERSION = ["1.6.6"]
 TERRAFORM_VERSION_REGEX = r"^Terraform\sv([\d]+\.[\d]+\.[\d]+)$"
-OC_VERSIONS = ["4.16.2", "4.12.46", "4.10.15"]
-OC_VERSION_REGEX = r"^Client\sVersion:\s([\d]+\.[\d]+\.[\d]+)$"
+OC_VERSIONS = ["4.19.0", "4.16.2"]
+OC_VERSION_REGEX = r"^Client\sVersion:\s([\d]+\.[\d]+\.[\d]+)"
 HELM_VERSIONS = ["3.11.1"]
 HELM_VERSION_REGEX = r"^version.BuildInfo{Version:\"v([\d]+\.[\d]+\.[\d]+)\".*$"
@@ -608,7 +608,7 @@ def run_class_integration(
         if dump_schemas_file:
             gqlapi = gql.get_api()
             with open(dump_schemas_file, "w", encoding="locale") as f:
-                f.write(json.dumps(gqlapi.get_queried_schemas()))
+                f.write(json_dumps(gqlapi.get_queried_schemas()))
 @click.group()
@@ -795,9 +795,18 @@ def openshift_clusterrolebindings(
 @binary_version("oc", ["version", "--client"], OC_VERSION_REGEX, OC_VERSIONS)
 @internal()
 @use_jump_host()
+@click.option(
+    "--support-role-ref",
+    default=False,
+    help="Support roleRef in Rolebindings.",
+)
 @click.pass_context
 def openshift_rolebindings(
-    ctx: click.Context, thread_pool_size: int, internal: bool, use_jump_host: bool
+    ctx: click.Context,
+    thread_pool_size: int,
+    internal: bool,
+    use_jump_host: bool,
+    support_role_ref: bool,
 ) -> None:
     import reconcile.openshift_rolebindings
@@ -807,6 +816,7 @@ def openshift_rolebindings(
         thread_pool_size,
         internal,
         use_jump_host,
+        support_role_ref,
     )
@@ -1018,7 +1028,7 @@ def aws_account_manager(
     "--state-tmpl-resource",
     help="Resource name of the state template-collection template in the app-interface.",
     required=True,
-    default="/terraform-init/terraform-state.yml",
+    default="/terraform-init/terraform-state.yml.j2",
 )
 @click.option(
     "--template-collection-root-path",
@@ -1026,12 +1036,26 @@ def aws_account_manager(
     required=True,
     default="data/templating/collections/terraform-init",
 )
+@click.option(
+    "--cloudformation-template-resource",
+    help="Resource name of the CloudFormation template to create the S3 bucket",
+    required=True,
+    default="/terraform-init/terraform-state-s3-bucket.yaml",
+)
+@click.option(
+    "--cloudformation-import-template-resource",
+    help="Resource name of the CloudFormation template to import existing S3 bucket",
+    required=True,
+    default="/terraform-init/terraform-state-s3-bucket-import.yaml",
+)
 @click.pass_context
 def terraform_init(
     ctx: click.Context,
     account_name: str | None,
     state_tmpl_resource: str,
     template_collection_root_path: str,
+    cloudformation_template_resource: str,
+    cloudformation_import_template_resource: str,
 ) -> None:
     from reconcile.terraform_init.integration import (
         TerraformInitIntegration,
@@ -1044,6 +1068,8 @@ def terraform_init(
                 account_name=account_name,
                 state_tmpl_resource=state_tmpl_resource,
                 template_collection_root_path=template_collection_root_path,
+                cloudformation_template_resource=cloudformation_template_resource,
+                cloudformation_import_template_resource=cloudformation_import_template_resource,
             )
         ),
         ctx=ctx,
@@ -1125,9 +1151,17 @@ def jenkins_webhooks_cleaner(ctx: click.Context) -> None:
     "--jira-board-name", help="The Jira board to act on.", default=None, multiple=True
 )
 @click.option("--board-check-interval", help="Check interval in minutes", default=120)
+@click.option(
+    "--use-cache/--no-use-cache",
+    default=True,
+    help="Use cached results for validation.",
+)
 @click.pass_context
 def jira_permissions_validator(
-    ctx: click.Context, jira_board_name: Iterable[str] | None, board_check_interval: int
+    ctx: click.Context,
+    jira_board_name: Iterable[str] | None,
+    board_check_interval: int,
+    use_cache: bool,
 ) -> None:
     import reconcile.jira_permissions_validator
@@ -1136,6 +1170,7 @@ def jira_permissions_validator(
         ctx,
         jira_board_name=jira_board_name,
         board_check_interval_sec=board_check_interval * 60,
+        use_cache=use_cache,
     )
@@ -1260,14 +1295,14 @@ def aws_ami_cleanup(ctx: click.Context, thread_pool_size: int) -> None:
     run_integration(reconcile.aws_ami_cleanup.integration, ctx, thread_pool_size)
-@integration.command(short_help="Set up retention period for Cloudwatch logs.")
-@threaded()
+@integration.command(short_help="Set up retention period and tags for Cloudwatch logs.")
 @click.pass_context
-def aws_cloudwatch_log_retention(ctx: click.Context, thread_pool_size: int) -> None:
+def aws_cloudwatch_log_retention(ctx: click.Context) -> None:
     import reconcile.aws_cloudwatch_log_retention.integration
     run_integration(
-        reconcile.aws_cloudwatch_log_retention.integration, ctx, thread_pool_size
+        reconcile.aws_cloudwatch_log_retention.integration,
+        ctx,
     )
@@ -2165,10 +2200,10 @@ def template_validator(ctx: click.Context) -> None:
 @integration.command(short_help="Render datafile templates in app-interface.")
 @click.option(
-    "--app-interface-data-path",
-    help="Path to data dir in app-interface repo. Use this for local rendering or in MR checks.",
+    "--app-interface-root-path",
+    help="Path to root of app-interface repo. Use this for local rendering or in MR checks.",
     required=False,
-    envvar="APP_INTERFACE_DATA_PATH",
+    envvar="APP_INTERFACE_ROOT_PATH",
 )
 @click.option(
     "--clone-repo",
@@ -2184,7 +2219,7 @@ def template_validator(ctx: click.Context) -> None:
 @click.pass_context
 def template_renderer(
     ctx: click.Context,
-    app_interface_data_path: str | None,
+    app_interface_root_path: str | None,
     clone_repo: bool,
     template_collection_name: str | None,
 ) -> None:
@@ -2196,7 +2231,7 @@ def template_renderer(
     run_class_integration(
         integration=TemplateRendererIntegration(
             TemplateRendererIntegrationParams(
-                app_interface_data_path=app_interface_data_path,
+                app_interface_root_path=app_interface_root_path,
                 clone_repo=clone_repo,
                 template_collection_name=template_collection_name,
             )
@@ -2820,6 +2855,36 @@ def ocm_addons_upgrade_scheduler_org(
     default=bool(os.environ.get("IGNORE_STS_CLUSTERS")),
     help="Ignore STS clusters",
 )
+@click.option(
+    "--job-controller-cluster",
+    help="The cluster holding the job-controller namepsace",
+    required=False,
+    envvar="JOB_CONTROLLER_CLUSTER",
+)
+@click.option(
+    "--job-controller-namespace",
+    help="The namespace used for ROSA jobs",
+    required=False,
+    envvar="JOB_CONTROLLER_NAMESPACE",
+)
+@click.option(
+    "--rosa-job-service-account",
+    help="The service-account used for ROSA jobs",
+    required=False,
+    envvar="ROSA_JOB_SERVICE_ACCOUNT",
+)
+@click.option(
+    "--rosa-job-image",
+    help="The container image to use to run ROSA cli command jobs",
+    required=False,
+    envvar="ROSA_JOB_IMAGE",
+)
+@click.option(
+    "--rosa-role",
+    help="The role to assume in the ROSA cluster account",
+    required=False,
+    envvar="ROSA_ROLE",
+)
 @click.pass_context
 def advanced_upgrade_scheduler(
     ctx: click.Context,
@@ -2827,9 +2892,21 @@ def advanced_upgrade_scheduler(
     org_id: Iterable[str],
     exclude_org_id: Iterable[str],
     ignore_sts_clusters: bool,
+    job_controller_cluster: str | None,
+    job_controller_namespace: str | None,
+    rosa_job_service_account: str | None,
+    rosa_role: str | None,
+    rosa_job_image: str | None,
 ) -> None:
-    from reconcile.aus.advanced_upgrade_service import AdvancedUpgradeServiceIntegration
-    from reconcile.aus.base import AdvancedUpgradeSchedulerBaseIntegrationParams
+    from reconcile.aus.advanced_upgrade_service import (
+        QONTRACT_INTEGRATION,
+        QONTRACT_INTEGRATION_VERSION,
+        AdvancedUpgradeServiceIntegration,
+    )
+    from reconcile.aus.base import (
+        AdvancedUpgradeSchedulerBaseIntegrationParams,
+        RosaRoleUpgradeHandlerParams,
+    )
     run_class_integration(
         integration=AdvancedUpgradeServiceIntegration(
@@ -2838,6 +2915,22 @@ def advanced_upgrade_scheduler(
                 ocm_organization_ids=set(org_id),
                 excluded_ocm_organization_ids=set(exclude_org_id),
                 ignore_sts_clusters=ignore_sts_clusters,
+                rosa_role_upgrade_handler_params=RosaRoleUpgradeHandlerParams(
+                    job_controller_cluster=job_controller_cluster,
+                    job_controller_namespace=job_controller_namespace,
+                    rosa_job_service_account=rosa_job_service_account,
+                    rosa_role=rosa_role,
+                    rosa_job_image=rosa_job_image,
+                    integration_name=QONTRACT_INTEGRATION,
+                    integration_version=QONTRACT_INTEGRATION_VERSION,
+                )
+                if all([
+                    job_controller_cluster,
+                    job_controller_namespace,
+                    rosa_job_service_account,
+                    rosa_role,
+                ])
+                else None,
             )
         ),
         ctx=ctx,

reconcile/cluster_deployment_mapper.py CHANGED Viewed

@@ -53,12 +53,11 @@ def run(dry_run: bool, vault_output_path: str | None) -> None:
     if not dry_run:
         logging.info("writing ClusterDeployments to vault")
-        vault_client = VaultClient()
+        vault_client = VaultClient.get_instance()
         secret = {
             "path": f"{vault_output_path}/{QONTRACT_INTEGRATION}",
             "data": {
                 "map": "\n".join(f"{item['id']}: {item['cluster']}" for item in results)
             },
         }
-        # mypy doesn't like our fancy way of creating a VaultClient
-        vault_client.write(secret, decode_base64=False)  # type: ignore[attr-defined]
+        vault_client.write(secret, decode_base64=False)

reconcile/dashdotdb_dora.py CHANGED Viewed

@@ -4,7 +4,6 @@ from collections import defaultdict
 from collections.abc import Iterable, Mapping
 from dataclasses import dataclass
 from datetime import (
-    UTC,
     datetime,
     timedelta,
 )
@@ -31,6 +30,7 @@ from reconcile.typed_queries.app_interface_vault_settings import (
     get_app_interface_vault_settings,
 )
 from reconcile.typed_queries.saas_files import get_saas_files
+from reconcile.utils.datetime_util import ensure_utc, utc_now
 from reconcile.utils.github_api import GithubRepositoryApi
 from reconcile.utils.gitlab_api import GitLabApi
 from reconcile.utils.secret_reader import create_secret_reader
@@ -159,15 +159,8 @@ class Commit:
     date: datetime
     def lttc(self, finish_timestamp: datetime) -> int:
-        commit_date_tzaware = self.date
-        finish_timestamp_tzaware = finish_timestamp
-        if commit_date_tzaware.tzinfo is None:
-            commit_date_tzaware = commit_date_tzaware.replace(tzinfo=UTC)
-        if finish_timestamp_tzaware.tzinfo is None:
-            finish_timestamp_tzaware = finish_timestamp_tzaware.replace(tzinfo=UTC)
+        commit_date_tzaware = ensure_utc(self.date)
+        finish_timestamp_tzaware = ensure_utc(finish_timestamp)
         return int((finish_timestamp_tzaware - commit_date_tzaware).total_seconds())
@@ -277,7 +270,7 @@ class DashdotdbDORA(DashdotdbBase):
         # from the DB for a unique (app_name, env_name) multiple times.
         app_envs = {s.app_env for s in saastargets}
-        since_default = datetime.now() - timedelta(days=90)
+        since_default = utc_now() - timedelta(days=90)
         app_env_since_list: list[tuple[AppEnv, datetime]] = threaded.run(
             func=functools.partial(self.get_latest_with_default, since_default),
             iterable=app_envs,
@@ -473,7 +466,7 @@ class DashdotdbDORA(DashdotdbBase):
         ]
     def _github_compare_commits(self, rc: RepoChanges, repo: str) -> list[Commit]:
-        if not rc.repo_url:
+        if not rc.repo_url or not rc.ref_from or not rc.ref_to:
             return []
         return [

reconcile/dashdotdb_slo.py CHANGED Viewed

@@ -119,4 +119,4 @@ def run(
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
-    return {doc.name: doc.dict() for doc in get_slo_documents()}
+    return {doc.name: doc.model_dump() for doc in get_slo_documents()}

qontract-reconcile 0.10.2.dev310__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl

Potentially problematic release.

qontract-reconcile 0.10.2.dev310py3-none-any.whl → 0.10.2.dev439py3-none-any.whl