PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev334__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev334py3-none-any.whl → 0.10.2.dev439py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of qontract-reconcile might be problematic. Click here for more details.

Files changed (370) hide show

{qontract_reconcile-0.10.2.dev334.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/METADATA +13 -12
{qontract_reconcile-0.10.2.dev334.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/RECORD +366 -361
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/base.py +134 -32
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gates/sts_version_gate_handler.py +54 -1
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +3 -3
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +32 -25
reconcile/aws_version_sync/integration.py +6 -12
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +2 -4
reconcile/checkpoint.py +11 -3
reconcile/cli.py +111 -18
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +123 -117
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +9 -11
reconcile/external_resources/factories.py +5 -12
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -5
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +20 -20
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +8 -11
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +8 -5
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_mr_sqs_consumer.py +2 -2
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +10 -10
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +6 -6
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +32 -32
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +26 -26
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +6 -7
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +51 -12
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +11 -11
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +28 -68
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +10 -10
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +9 -9
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +18 -18
reconcile/gql_definitions/common/alerting_services_settings.py +9 -9
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +120 -0
reconcile/gql_definitions/common/app_interface_state_settings.py +10 -10
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +22 -9
reconcile/gql_definitions/common/aws_vpcs.py +11 -11
reconcile/gql_definitions/common/clusters.py +37 -35
reconcile/gql_definitions/common/clusters_minimal.py +14 -14
reconcile/gql_definitions/common/clusters_with_dms.py +6 -6
reconcile/gql_definitions/common/clusters_with_peering.py +29 -30
reconcile/gql_definitions/common/github_orgs.py +10 -10
reconcile/gql_definitions/common/jira_settings.py +10 -10
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +42 -44
reconcile/gql_definitions/common/namespaces_minimal.py +15 -13
reconcile/gql_definitions/common/ocm_env_telemeter.py +12 -12
reconcile/gql_definitions/common/ocm_environments.py +19 -19
reconcile/gql_definitions/common/pagerduty_instances.py +9 -9
reconcile/gql_definitions/common/pgp_reencryption_settings.py +6 -6
reconcile/gql_definitions/common/pipeline_providers.py +29 -29
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +44 -44
reconcile/gql_definitions/common/saas_target_namespaces.py +10 -10
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +19 -19
reconcile/gql_definitions/common/state_aws_account.py +7 -8
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +9 -9
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +43 -43
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +10 -10
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +8 -8
reconcile/gql_definitions/email_sender/users.py +6 -6
reconcile/gql_definitions/endpoints_discovery/apps.py +10 -10
reconcile/gql_definitions/external_resources/aws_accounts.py +9 -9
reconcile/gql_definitions/external_resources/external_resources_modules.py +23 -23
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +494 -410
reconcile/gql_definitions/external_resources/external_resources_settings.py +28 -26
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +40 -40
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/{aws_vpc_request_subnet.py → aws_organization.py} +12 -8
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +12 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +9 -9
reconcile/gql_definitions/gcp/gcp_projects.py +9 -9
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +9 -9
reconcile/gql_definitions/gitlab_members/permissions.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_project.py +11 -11
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +9 -9
reconcile/gql_definitions/integrations/integrations.py +48 -51
reconcile/gql_definitions/introspection.json +3207 -1683
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +11 -11
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +10 -10
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +14 -10
reconcile/gql_definitions/jumphosts/jumphosts.py +13 -13
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +9 -9
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +18 -19
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +22 -22
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +6 -6
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +10 -10
reconcile/gql_definitions/quay_membership/quay_membership.py +6 -6
reconcile/gql_definitions/rhcs/certs.py +33 -87
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +18 -18
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +8 -8
reconcile/gql_definitions/sharding/aws_accounts.py +10 -10
reconcile/gql_definitions/sharding/ocm_organization.py +8 -8
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +10 -10
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +9 -9
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +6 -7
reconcile/gql_definitions/statuspage/statuspages.py +9 -9
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +20 -25
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +12 -12
reconcile/gql_definitions/terraform_init/aws_accounts.py +23 -9
reconcile/gql_definitions/terraform_repo/terraform_repo.py +9 -9
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +440 -407
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +23 -17
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +9 -9
reconcile/gql_definitions/vault_instances/vault_instances.py +61 -61
reconcile/gql_definitions/vault_policies/vault_policies.py +11 -11
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +8 -8
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_worker_fleets.py +10 -8
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -56
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +113 -5
reconcile/openshift_cluster_bots.py +3 -2
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +6 -2
reconcile/openshift_rhcs_certs.py +74 -37
reconcile/openshift_rolebindings.py +230 -130
reconcile/openshift_saas_deploy.py +6 -7
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +2 -2
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/openshift_users.py +5 -3
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/prometheus_rules_tester/integration.py +3 -3
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -0
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +16 -5
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +5 -1
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +4 -1
reconcile/templating/lib/merge_request_manager.py +2 -2
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +12 -13
reconcile/terraform_aws_route53.py +7 -1
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +5 -5
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +17 -7
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +7 -0
reconcile/terraform_vpc_peerings.py +14 -3
reconcile/terraform_vpc_resources/integration.py +20 -8
reconcile/typed_queries/app_interface_roles.py +10 -0
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +13 -13
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aggregated_list.py +4 -3
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +24 -1
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gql.py +4 -7
reconcile/utils/helm.py +2 -1
reconcile/utils/helpers.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jinja2/utils.py +6 -8
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +28 -15
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +74 -0
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/base.py +2 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +3 -2
reconcile/utils/oc.py +249 -203
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +18 -21
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/products.py +9 -3
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/openshift_resource.py +10 -5
reconcile/utils/output.py +3 -2
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +1 -1
reconcile/utils/rhcsv2_certs.py +138 -35
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +25 -21
reconcile/utils/saasherder/saasherder.py +55 -31
reconcile/utils/slack_api.py +26 -4
reconcile/utils/sloth.py +224 -0
reconcile/utils/sqs_gateway.py +2 -1
reconcile/utils/state.py +2 -1
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +5 -4
reconcile/utils/terrascript_aws_client.py +192 -114
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +5 -12
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +107 -42
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/cli_commands/systems_and_tools.py +5 -1
tools/qontract_cli.py +31 -18
tools/template_validation.py +3 -1
reconcile/gql_definitions/cna/__init__.py +0 -0
reconcile/gql_definitions/cna/queries/__init__.py +0 -0
reconcile/gql_definitions/ocm_oidc_idp/__init__.py +0 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
{qontract_reconcile-0.10.2.dev334.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev334.dist-info → qontract_reconcile-0.10.2.dev439.dist-info}/entry_points.txt +0 -0

reconcile/jira_permissions_validator.py CHANGED Viewed

@@ -24,7 +24,7 @@ from reconcile.typed_queries.jiralert_settings import get_jiralert_settings
 from reconcile.utils import gql, metrics
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
-from reconcile.utils.jira_client import JiraClient, JiraWatcherSettings
+from reconcile.utils.jira_client import IssueType, JiraClient, JiraWatcherSettings
 from reconcile.utils.runtime.integration import DesiredStateShardConfig
 from reconcile.utils.secret_reader import SecretReaderBase, create_secret_reader
 from reconcile.utils.semver_helper import make_semver
@@ -33,8 +33,6 @@ from reconcile.utils.state import State, init_state
 QONTRACT_INTEGRATION = "jira-permissions-validator"
 QONTRACT_INTEGRATION_VERSION = make_semver(1, 2, 0)
-NameToIdMap = dict[str, str]
 class BaseMetric(BaseModel):
     """Base class for metrics"""
@@ -64,9 +62,6 @@ class ValidationError(IntFlag):
     PROJECT_ARCHIVED = auto()
-CustomIssueFields = dict[str, dict[str, str]]
 class RunnerParams(TypedDict):
     boards: list[JiraBoardV1]
     board_check_interval_sec: int
@@ -77,6 +72,179 @@ class CacheSource(TypedDict):
     boards: list
+NameToIdMap = dict[str, str]
+CustomIssueFields = dict[str, dict[str, str]]
+NO_ERRORS = ValidationError(0)
+def _validate_project_archived(jira: JiraClient, board: JiraBoardV1) -> ValidationError:
+    """Validate that the project is not archived."""
+    if jira.is_archived:
+        logging.error(f"[{board.name}] project is archived")
+        return ValidationError.PROJECT_ARCHIVED
+    return NO_ERRORS
+def _validate_permissions(jira: JiraClient, board: JiraBoardV1) -> ValidationError:
+    """Validate that the bot has necessary permissions to create and transition issues."""
+    error = NO_ERRORS
+    if not jira.can_create_issues():
+        logging.error(f"[{board.name}] can not create issues in project")
+        error |= ValidationError.CANT_CREATE_ISSUE
+    if not jira.can_transition_issues():
+        logging.error(
+            f"[{board.name}] AppSRE Jira Bot user does not have the permission to change the issue status."
+        )
+        error |= ValidationError.CANT_TRANSITION_ISSUES
+    return error
+def _validate_components(jira: JiraClient, board: JiraBoardV1) -> ValidationError:
+    """Validate that all escalation policy components exist in the project."""
+    error = NO_ERRORS
+    components = jira.components()
+    for escalation_policy in board.escalation_policies or []:
+        for jira_component in escalation_policy.channels.jira_components or []:
+            if jira_component not in components:
+                logging.error(
+                    f"[{board.name}] escalation policy '{escalation_policy.name}' references a non existing Jira component "
+                    f"'{jira_component}'. Valid components: {components}"
+                )
+                error |= ValidationError.INVALID_COMPONENT
+    return error
+def _validate_issue_type(
+    jira: JiraClient, board: JiraBoardV1, default_issue_type: str
+) -> tuple[ValidationError, IssueType | None]:
+    """Validate that the issue type exists and has statuses."""
+    error = NO_ERRORS
+    issue_type = board.issue_type or default_issue_type
+    project_issue_type = jira.get_issue_type(issue_type)
+    if not project_issue_type:
+        project_issue_types_str = ", ".join(t.name for t in jira.project_issue_types())
+        logging.error(
+            f"[{board.name}] '{issue_type}' is not a valid issue type in project. Valid issue types: {project_issue_types_str}"
+        )
+        error |= ValidationError.INVALID_ISSUE_TYPE
+        return error, None
+    if not project_issue_type.statuses:
+        logging.error(
+            f"[{board.name}] '{issue_type}' doesn't have any status. Choose a different issue type."
+        )
+        error |= ValidationError.INVALID_ISSUE_TYPE
+    return error, project_issue_type
+def _validate_issue_states(
+    board: JiraBoardV1, project_issue_type: IssueType, default_reopen_state: str
+) -> ValidationError:
+    """Validate that reopen and resolve states are valid for the issue type."""
+    error = NO_ERRORS
+    reopen_state = board.issue_reopen_state or default_reopen_state
+    if reopen_state.lower() not in [t.lower() for t in project_issue_type.statuses]:
+        logging.error(
+            f"[{board.name}] '{reopen_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
+        )
+        error |= ValidationError.INVALID_ISSUE_STATE
+    if board.issue_resolve_state and board.issue_resolve_state.lower() not in [
+        t.lower() for t in project_issue_type.statuses
+    ]:
+        logging.error(
+            f"[{board.name}] '{board.issue_resolve_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
+        )
+        error |= ValidationError.INVALID_ISSUE_STATE
+    return error
+def _validate_issue_fields(
+    jira: JiraClient, board: JiraBoardV1, project_issue_type: IssueType
+) -> tuple[ValidationError, CustomIssueFields]:
+    """Validate that custom fields exist and have valid values."""
+    error = NO_ERRORS
+    custom_fields: CustomIssueFields = {}
+    for field in board.issue_fields or []:
+        project_issue_field = jira.project_issue_field(
+            issue_type_id=project_issue_type.id, field=field.name
+        )
+        if not project_issue_field:
+            logging.error(
+                f"[{board.name}] '{field.name}' is not a valid field for '{project_issue_type.name}' in this project."
+            )
+            error |= ValidationError.INVALID_ISSUE_FIELD
+            continue
+        for option in project_issue_field.options:
+            if option == field.value:
+                custom_fields[project_issue_field.id] = option.model_dump()
+                break
+        else:
+            logging.error(
+                f"[{board.name}] '{field.name}' has an invalid value '{field.value}'. Valid values: {project_issue_field.options}"
+            )
+            error |= ValidationError.INVALID_ISSUE_FIELD
+    return error, custom_fields
+def _validate_security_level(
+    board: JiraBoardV1, public_projects: Iterable[str]
+) -> ValidationError:
+    """Validate that public projects have a security level defined."""
+    if board.name in public_projects and "Security Level" not in [
+        f.name for f in board.issue_fields or []
+    ]:
+        logging.error(
+            f"[{board.name}] is a public project, but the security level is not defined. Please add 'Security Level' field to the issueFields!"
+        )
+        return ValidationError.PUBLIC_PROJECT_NO_SECURITY_LEVEL
+    return NO_ERRORS
+def _validate_priorities(
+    jira: JiraClient, board: JiraBoardV1, jira_server_priorities: NameToIdMap
+) -> ValidationError:
+    """Validate that all priority mappings are valid for the project."""
+    error = NO_ERRORS
+    project_priorities = jira.project_priority_scheme()
+    project_priorities_names = [
+        p_name
+        for project_p_id in project_priorities
+        for p_name, p_id in jira_server_priorities.items()
+        if p_id == project_p_id
+    ]
+    for priority in board.severity_priority_mappings.mappings:
+        if priority.priority not in jira_server_priorities:
+            logging.error(
+                f"[{board.name}] {priority.priority} is not a valid Jira priority. Valid priorities: {project_priorities_names}"
+            )
+            error |= ValidationError.INVALID_PRIORITY
+            continue
+        if (
+            project_priorities
+            and jira_server_priorities[priority.priority] not in project_priorities
+        ):
+            logging.error(
+                f"[{board.name}] {priority.priority} is not a valid priority in project. Valid priorities: {project_priorities_names}"
+            )
+            error |= ValidationError.INVALID_PRIORITY
+    return error
 def board_is_valid(
     jira: JiraClient,
     board: JiraBoardV1,
@@ -85,123 +253,52 @@ def board_is_valid(
     jira_server_priorities: NameToIdMap,
     public_projects: Iterable[str],
 ) -> tuple[ValidationError, CustomIssueFields]:
-    error = ValidationError(0)
+    """Validate all Jira board settings.
+    This method orchestrates multiple validation checks for a Jira board configuration.
+    Each validation is performed by a dedicated helper function that focuses on a specific
+    aspect of the board configuration.
+    Returns:
+        A tuple of (ValidationError flags, custom_fields dict)
+    """
+    error = NO_ERRORS
     custom_fields: CustomIssueFields = {}
     try:
-        if jira.is_archived:
-            logging.error(f"[{board.name}] project is archived")
-            return ValidationError.PROJECT_ARCHIVED, custom_fields
+        # Check if project is archived (early exit)
+        archived_error = _validate_project_archived(jira, board)
+        if archived_error:
+            return archived_error, custom_fields
-        if not jira.can_create_issues():
-            logging.error(f"[{board.name}] can not create issues in project")
-            error |= ValidationError.CANT_CREATE_ISSUE
+        # Validate permissions
+        error |= _validate_permissions(jira, board)
-        if not jira.can_transition_issues():
-            logging.error(
-                f"[{board.name}] AppSRE Jira Bot user does not have the permission to change the issue status."
-            )
-            error |= ValidationError.CANT_TRANSITION_ISSUES
-        components = jira.components()
-        for escalation_policy in board.escalation_policies or []:
-            for jira_component in escalation_policy.channels.jira_components or []:
-                if jira_component not in components:
-                    logging.error(
-                        f"[{board.name}] escalation policy '{escalation_policy.name}' references a non existing Jira component "
-                        f"'{jira_component}'. Valid components: {components}"
-                    )
-                    error |= ValidationError.INVALID_COMPONENT
+        # Validate components
+        error |= _validate_components(jira, board)
-        issue_type = board.issue_type or default_issue_type
-        project_issue_type = jira.get_issue_type(issue_type)
-        if not project_issue_type:
-            project_issue_types_str = ", ".join(
-                t.name for t in jira.project_issue_types()
-            )
-            logging.error(
-                f"[{board.name}] '{issue_type}' is not a valid issue type in project. Valid issue types: {project_issue_types_str}"
-            )
-            error |= ValidationError.INVALID_ISSUE_TYPE
+        # Validate issue type
+        issue_type_error, project_issue_type = _validate_issue_type(
+            jira, board, default_issue_type
+        )
+        error |= issue_type_error
+        # If issue type is valid, perform additional validations
         if project_issue_type:
-            # Check issue attributes
-            if not project_issue_type.statuses:
-                logging.error(
-                    f"[{board.name}] '{issue_type}' doesn't have any status. Choose a different issue type."
-                )
-                error |= ValidationError.INVALID_ISSUE_TYPE
-            reopen_state = board.issue_reopen_state or default_reopen_state
-            if reopen_state.lower() not in [
-                t.lower() for t in project_issue_type.statuses
-            ]:
-                logging.error(
-                    f"[{board.name}] '{reopen_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
-                )
-                error |= ValidationError.INVALID_ISSUE_STATE
-            if board.issue_resolve_state and board.issue_resolve_state.lower() not in [
-                t.lower() for t in project_issue_type.statuses
-            ]:
-                logging.error(
-                    f"[{board.name}] '{board.issue_resolve_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
-                )
-                error |= ValidationError.INVALID_ISSUE_STATE
+            error |= _validate_issue_states(
+                board, project_issue_type, default_reopen_state
+            )
+            fields_error, custom_fields = _validate_issue_fields(
+                jira, board, project_issue_type
+            )
+            error |= fields_error
-            for field in board.issue_fields or []:
-                project_issue_field = jira.project_issue_field(
-                    issue_type_id=project_issue_type.id, field=field.name
-                )
-                if not project_issue_field:
-                    logging.error(
-                        f"[{board.name}] '{field.name}' is not a valid field for '{project_issue_type.name}' in this project."
-                    )
+        # Validate security level for public projects
+        error |= _validate_security_level(board, public_projects)
-                    error |= ValidationError.INVALID_ISSUE_FIELD
-                    continue
+        # Validate priorities
+        error |= _validate_priorities(jira, board, jira_server_priorities)
-                for option in project_issue_field.options:
-                    if option == field.value:
-                        # cache the field id and option value/name for later use, e.g. in jiralert templates
-                        custom_fields[project_issue_field.id] = option.dict()
-                        break
-                else:
-                    # field.value is not in the allowed options
-                    logging.error(
-                        f"[{board.name}] '{field.name}' has an invalid value '{field.value}'. Valid values: {project_issue_field.options}"
-                    )
-                    error |= ValidationError.INVALID_ISSUE_FIELD
-                    continue
-        if board.name in public_projects and "Security Level" not in [
-            f.name for f in board.issue_fields or []
-        ]:
-            logging.error(
-                f"[{board.name}] is a public project, but the security level is not defined. Please add 'Security Level' field to the issueFields!"
-            )
-            error |= ValidationError.PUBLIC_PROJECT_NO_SECURITY_LEVEL
-        project_priorities = jira.project_priority_scheme()
-        # get the priority names from the project priorities ids
-        project_priorities_names = [
-            p_name
-            for project_p_id in project_priorities
-            for p_name, p_id in jira_server_priorities.items()
-            if p_id == project_p_id
-        ]
-        for priority in board.severity_priority_mappings.mappings:
-            if priority.priority not in jira_server_priorities:
-                logging.error(
-                    f"[{board.name}] {priority.priority} is not a valid Jira priority. Valid priorities: {project_priorities_names}"
-                )
-                error |= ValidationError.INVALID_PRIORITY
-                continue
-            if jira_server_priorities[priority.priority] not in project_priorities:
-                logging.error(
-                    f"[{board.name}] {priority.priority} is not a valid priority in project. Valid priorities: {project_priorities_names}"
-                )
-                error |= ValidationError.INVALID_PRIORITY
     except JIRAError as e:
         if e.status_code == 401:
             # sporadic 401 errors, retrying
@@ -228,25 +325,41 @@ def validate_boards(
     dry_run: bool,
     state: State,
     jira_client_class: type[JiraClient] = JiraClient,
+    use_cache: bool = False,
 ) -> bool:
+    """Validate all Jira boards.
+    The method iterates over all Jira boards and checks if the configuration is valid. If no errors
+    are found, it will skip the next check for the board until the next run time is reached.
+    The next run time is calculated based on the board's check interval and some randomness to avoid
+    all boards checking at the same time.
+    Additionally, for any Jira board with a permission error, a Prometheus metric will be set to trigger an alert.
+    Returns True if there were any errors. See ValidationError and log messages for details.
+    """
     error = False
     jira_clients: dict[str, JiraClient] = {}
     for board in jira_boards:
-        next_run_time = state.get(board.name, 0)
-        if time.time() <= next_run_time:
-            if not dry_run:
-                # always skip for non-dry-run mode
-                continue
-            # dry-run mode
-            elif len(jira_boards) > 1:
-                logging.info(f"[{board.name}] Use cache results. Skipping ...")
-                continue
+        if use_cache:
+            next_run_time = state.get(board.name, 0)
+            if time.time() <= next_run_time:
+                if not dry_run:
+                    # always skip for non-dry-run mode
+                    continue
+                # dry-run mode
+                elif len(jira_boards) > 1:
+                    logging.info(f"[{board.name}] Use cache results. Skipping ...")
+                    continue
         logging.debug(f"[{board.name}] checking ...")
         if board.server.server_url not in jira_clients:
             jira_clients[board.server.server_url] = jira_client_class.create(
                 project_name=board.name,
                 token=secret_reader.read_secret(board.server.token),
+                email=secret_reader.read_secret(board.server.email)
+                if board.server.email
+                else None,
                 server_url=board.server.server_url,
                 jira_watcher_settings=jira_client_settings,
             )
@@ -318,7 +431,7 @@ def get_jira_boards(
 def export_boards(boards: list[JiraBoardV1]) -> list[dict]:
-    return [board.dict() for board in boards]
+    return [board.model_dump() for board in boards]
 @defer
@@ -326,6 +439,7 @@ def run(
     dry_run: bool,
     jira_board_name: list[str] | None = None,
     board_check_interval_sec: int = 3600,
+    use_cache: bool = False,
     defer: Callable | None = None,
 ) -> None:
     gql_api = gql.get_api()
@@ -349,6 +463,7 @@ def run(
             board_check_interval_sec=board_check_interval_sec,
             dry_run=dry_run,
             state=state,
+            use_cache=use_cache,
         )
     if error:

reconcile/ldap_groups/integration.py CHANGED Viewed

@@ -58,7 +58,7 @@ class LdapGroupsIntegration(QontractReconcileIntegration[LdapGroupsIntegrationPa
         """Return the desired state for early exit."""
         if not query_func:
             query_func = gql.get_api().query
-        return {"roles": [c.dict() for c in self.get_roles(query_func)]}
+        return {"roles": [c.model_dump() for c in self.get_roles(query_func)]}
     @defer
     def run(self, dry_run: bool, defer: Callable | None = None) -> None:

reconcile/ocm/types.py CHANGED Viewed

@@ -1,10 +1,6 @@
 from __future__ import annotations
-from pydantic import (
-    BaseModel,
-    Extra,
-    Field,
-)
+from pydantic import BaseModel, Field, field_validator
 class OCMClusterAutoscale(BaseModel):
@@ -13,99 +9,82 @@ class OCMClusterAutoscale(BaseModel):
 class OCMClusterNetwork(BaseModel):
-    type: str | None
+    type: str | None = None
     vpc: str
     service: str
     pod: str
-class OCMClusterSpec(BaseModel):
-    autoscale: OCMClusterAutoscale | None
+class OCMClusterSpec(BaseModel, extra="forbid"):
+    autoscale: OCMClusterAutoscale | None = None
     channel: str
-    disable_user_workload_monitoring: bool | None
-    external_id: str | None
-    id: str | None
-    instance_type: str | None
-    multi_az: bool | None
-    nodes: int | None
+    disable_user_workload_monitoring: bool | None = None
+    external_id: str | None = None
+    id: str | None = None
+    instance_type: str | None = None
+    multi_az: bool | None = None
+    nodes: int | None = None
     private: bool
     product: str
     provider: str
-    provision_shard_id: str | None
+    provision_shard_id: str | None = None
     region: str
-    initial_version: str | None
+    initial_version: str | None = None
     version: str
-    hypershift: bool | None
+    hypershift: bool | None = None
+    fips: bool = False
-    class Config:
-        extra = Extra.forbid
+    @field_validator("fips", mode="before")
+    @classmethod
+    def set_fips_default(cls, v: bool | None) -> bool:
+        return v or False
-class OSDClusterSpec(OCMClusterSpec):
+class OSDClusterSpec(OCMClusterSpec, extra="forbid"):
     load_balancers: int
     storage: int
-    class Config:
-        extra = Extra.forbid
-class ROSAOcmAwsStsAttrs(BaseModel):
+class ROSAOcmAwsStsAttrs(BaseModel, extra="forbid"):
     installer_role_arn: str
     support_role_arn: str
-    controlplane_role_arn: str | None
+    controlplane_role_arn: str | None = None
     worker_role_arn: str
-    class Config:
-        extra = Extra.forbid
-class ROSAOcmAwsAttrs(BaseModel):
+class ROSAOcmAwsAttrs(BaseModel, extra="forbid"):
     creator_role_arn: str
-    sts: ROSAOcmAwsStsAttrs | None
-    class Config:
-        extra = Extra.forbid
+    sts: ROSAOcmAwsStsAttrs | None = None
-class ROSAClusterAWSAccount(BaseModel):
+class ROSAClusterAWSAccount(BaseModel, extra="forbid"):
     uid: str
-    rosa: ROSAOcmAwsAttrs | None
-    billing_account_id: str | None
+    rosa: ROSAOcmAwsAttrs | None = None
+    billing_account_id: str | None = None
-    class Config:
-        extra = Extra.forbid
-class ROSAClusterSpec(OCMClusterSpec):
+class ROSAClusterSpec(OCMClusterSpec, extra="forbid"):
     account: ROSAClusterAWSAccount
-    subnet_ids: list[str] | None
-    availability_zones: list[str] | None
-    oidc_endpoint_url: str | None
-    class Config:
-        extra = Extra.forbid
+    subnet_ids: list[str] | None = None
+    availability_zones: list[str] | None = None
+    oidc_endpoint_url: str | None = None
 class ClusterMachinePool(BaseModel):
     id: str
     instance_type: str
-    replicas: int | None
-    autoscale: OCMClusterAutoscale | None
+    replicas: int | None = None
+    autoscale: OCMClusterAutoscale | None = None
-class OCMSpec(BaseModel):
-    path: str | None
+class OCMSpec(BaseModel, validate_by_name=True, validate_by_alias=True):
+    path: str | None = None
     spec: OSDClusterSpec | ROSAClusterSpec | OCMClusterSpec
     machine_pools: list[ClusterMachinePool] = Field(
         default_factory=list, alias="machinePools"
     )
     network: OCMClusterNetwork
-    domain: str | None
+    domain: str | None = None
     server_url: str = Field("", alias="serverUrl")
     console_url: str = Field("", alias="consoleUrl")
     elb_fqdn: str = Field("", alias="elbFQDN")
-    class Config:
-        smart_union = True
-        # This is need to populate by either console_url or consoleUrl, for instance
-        allow_population_by_field_name = True

reconcile/ocm_aws_infrastructure_access.py CHANGED Viewed

@@ -103,7 +103,7 @@ def fetch_desired_state(clusters: Iterable[Mapping[str, Any]]) -> list[dict[str,
     namespaces = get_namespaces()
     for namespace_info in namespaces:
         specs = get_external_resource_specs(
-            namespace_info.dict(by_alias=True), provision_provider=PROVIDER_AWS
+            namespace_info.model_dump(by_alias=True), provision_provider=PROVIDER_AWS
         )
         for spec in specs:
             if spec.provider != "aws-iam-service-account":

reconcile/ocm_clusters.py CHANGED Viewed

@@ -248,13 +248,13 @@ def get_cluster_ocm_update_spec(
     if not desired_spec.network.type:
         desired_spec.network.type = "OVNKubernetes"
-    cspec = current_spec.spec.dict()
-    cspec[ocmmod.SPEC_ATTR_NETWORK] = current_spec.network.dict(
+    cspec = current_spec.spec.model_dump()
+    cspec[ocmmod.SPEC_ATTR_NETWORK] = current_spec.network.model_dump(
         exclude={IGNORE_NETWORK_TYPE_ATTR}
     )
-    dspec = desired_spec.spec.dict()
-    dspec[ocmmod.SPEC_ATTR_NETWORK] = desired_spec.network.dict(
+    dspec = desired_spec.spec.model_dump()
+    dspec[ocmmod.SPEC_ATTR_NETWORK] = desired_spec.network.model_dump(
         exclude={IGNORE_NETWORK_TYPE_ATTR}
     )

reconcile/ocm_labels/integration.py CHANGED Viewed

@@ -4,7 +4,7 @@ import logging
 from typing import TYPE_CHECKING, Any
 from deepdiff import DeepHash
-from pydantic import validator
+from pydantic import field_validator
 from reconcile.aus.aus_label_source import (
     init_aus_cluster_label_source,
@@ -62,7 +62,8 @@ class OcmLabelsIntegrationParams(PydanticRunParams):
     managed_label_prefixes: list[str] = []
     ignored_label_prefixes: list[str] = []
-    @validator("managed_label_prefixes", "ignored_label_prefixes")
+    @field_validator("managed_label_prefixes", "ignored_label_prefixes")
+    @classmethod
     def must_end_with_dot(cls, v: list[str]) -> list[str]:
         return [prefix + "." if not prefix.endswith(".") else prefix for prefix in v]

qontract-reconcile 0.10.2.dev334__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl

Potentially problematic release.

qontract-reconcile 0.10.2.dev334py3-none-any.whl → 0.10.2.dev439py3-none-any.whl