qontract-reconcile 0.10.2.dev345__py3-none-any.whl → 0.10.2.dev408__py3-none-any.whl

reconcile/utils/saasherder/saasherder.py

@@ -16,7 +16,7 @@ from collections.abc import (
     Sequence,
 )
 from contextlib import suppress
-from datetime import UTC, datetime, timedelta
+from datetime import datetime, timedelta
 from types import TracebackType
 from typing import Any
 
@@ -37,10 +37,12 @@ from sretoolbox.utils import (
 from reconcile.github_org import get_default_config
 from reconcile.status import RunningState
 from reconcile.utils import helm
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.github_api import GithubRepositoryApi
 from reconcile.utils.gitlab_api import GitLabApi
 from reconcile.utils.jenkins_api import JenkinsApi, JobBuildState
 from reconcile.utils.jjb_client import JJB
+from reconcile.utils.json import json_dumps
 from reconcile.utils.oc import (
     OCLocal,
     StatusCodeError,
@@ -1865,7 +1867,7 @@ class SaasHerder:
     @staticmethod
     def get_target_config_hash(target_config: Any) -> str:
         m = hashlib.sha256()
-        m.update(json.dumps(target_config, sort_keys=True).encode("utf-8"))
+        m.update(json_dumps(target_config).encode("utf-8"))
         digest = m.hexdigest()[:16]
         return digest
 
@@ -1921,14 +1923,14 @@ class SaasHerder:
             # before the GQL classes are introduced, the parameters attribute
             # was a json string. Keep it that way to be backwards compatible.
             saas_file_parameters=(
-                json.dumps(saas_file.parameters, separators=(",", ":"))
+                json_dumps(saas_file.parameters, compact=True)
                 if saas_file.parameters is not None
                 else None
             ),
             # before the GQL classes are introduced, the parameters attribute
             # was a json string. Keep it that way to be backwards compatible.
             parameters=(
-                json.dumps(target.parameters, separators=(",", ":"))
+                json_dumps(target.parameters, compact=True)
                 if target.parameters is not None
                 else None
             ),
@@ -1939,7 +1941,7 @@ class SaasHerder:
             # before the GQL classes are introduced, the parameters attribute
             # was a json string. Keep it that way to be backwards compatible.
             rt_parameters=(
-                json.dumps(resource_template.parameters, separators=(",", ":"))
+                json_dumps(resource_template.parameters, compact=True)
                 if resource_template.parameters is not None
                 else None
             ),
@@ -2024,7 +2026,7 @@ class SaasHerder:
         if promotion.commit_sha in self.hotfix_versions.get(promotion.url, set()):
             return True
 
-        now = datetime.now(UTC)
+        now = utc_now()
         passed_soak_days = timedelta(days=0)
 
         for channel in promotion.subscribe:
@@ -2126,7 +2128,7 @@ class SaasHerder:
         if not (self.state and self._promotion_state):
             raise Exception("state is not initialized")
 
-        now = datetime.now(UTC)
+        now = utc_now()
         for promotion in self.promotions:
             if promotion is None:
                 continue

reconcile/utils/slack_api.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 import json
 import logging
+import os
 from typing import (
     TYPE_CHECKING,
     Any,
@@ -26,6 +27,23 @@ if TYPE_CHECKING:
 MAX_RETRIES = 5
 TIMEOUT = 30
 
+# Slack API base URLs for different workspace types
+SLACK_API_BASE_URL = "https://slack.com/api/"
+SLACK_GOV_API_BASE_URL = "https://slack-gov.com/api/"
+
+
+def is_gov_slack_workspace() -> bool:
+    """
+    Determine if a workspace is a government Slack workspace.
+
+    :return: True if it's a gov-slack workspace, False otherwise
+    """
+    # Check GOV_SLACK environment variable from OpenShift YAML configuration
+    # If not set, defaults to False (regular Slack)
+    gov_slack_env = os.getenv("GOV_SLACK", "false")
+
+    return gov_slack_env.lower() == "true"
+
 
 class UserNotFoundError(Exception):
     pass
@@ -165,7 +183,6 @@ class SlackApi:
         api_config: SlackApiConfig | None = None,
         init_usergroups: bool = True,
         channel: str | None = None,
-        slack_url: str | None = None,
         **chat_kwargs: Any,
     ) -> None:
         """
@@ -187,10 +204,15 @@ class SlackApi:
         else:
             self.config = SlackApiConfig()
 
+        # Determine the appropriate Slack API base URL based on GOV_SLACK environment variable
+        base_url = (
+            SLACK_GOV_API_BASE_URL if is_gov_slack_workspace() else SLACK_API_BASE_URL
+        )
+
         self._sc = WebClient(
             token=token,
             timeout=self.config.timeout,
-            base_url=slack_url or WebClient.BASE_URL,
+            base_url=base_url,
         )
         self._configure_client_retry()
 

reconcile/utils/sloth.py

@@ -1,5 +1,9 @@
+import subprocess
+import tempfile
 from io import StringIO
-from typing import NotRequired, TypedDict
+from typing import Any, NotRequired, TypedDict
+
+import yaml
 
 from reconcile.utils.ruamel import create_ruamel_instance
 
@@ -21,6 +25,44 @@ class PrometheusRuleSpec(TypedDict):
     groups: list[PrometheusRuleGroup]
 
 
+class SLOParametersDict(TypedDict):
+    window: str
+
+
+class SLO(TypedDict):
+    name: str
+    SLIType: str
+    SLISpecification: str
+    SLOTarget: float
+    SLOTargetUnit: str
+    SLOParameters: SLOParametersDict
+    SLODetails: str
+    dashboard: str
+    expr: str
+    SLIErrorQuery: NotRequired[str]
+    SLITotalQuery: NotRequired[str]
+
+
+class App(TypedDict):
+    name: str
+
+
+class SLODocument(TypedDict):
+    name: str
+    app: App
+    slos: NotRequired[list[SLO]]
+
+
+class SlothGenerateError(Exception):
+    def __init__(self, msg: Any):
+        super().__init__("sloth generate failed: " + str(msg))
+
+
+class SlothInputError(Exception):
+    def __init__(self, msg: Any):
+        super().__init__("sloth input validation failed: " + str(msg))
+
+
 def process_sloth_output(output_file_path: str) -> str:
     ruamel_instance = create_ruamel_instance()
     with open(output_file_path, encoding="utf-8") as f:
@@ -49,7 +91,134 @@ def process_sloth_output(output_file_path: str) -> str:
                 rule["annotations"] = annotations
             else:
                 rule.pop("annotations", None)
-
     with StringIO() as s:
         ruamel_instance.dump(data, s)
         return s.getvalue()
+
+
+def run_sloth(spec: dict[str, Any]) -> str:
+    with (
+        tempfile.NamedTemporaryFile(
+            encoding="utf-8", mode="w", suffix=".yml"
+        ) as input_file,
+        tempfile.NamedTemporaryFile(
+            encoding="utf-8", mode="w", suffix=".yml"
+        ) as output_file,
+    ):
+        yaml.dump(spec, input_file, allow_unicode=True)
+        cmd = ["sloth", "generate", "-i", input_file.name, "-o", output_file.name]
+        try:
+            subprocess.run(cmd, capture_output=True, check=True, text=True)
+        except subprocess.CalledProcessError as e:
+            error_msg = f"{e}"
+            if e.stdout:
+                error_msg += f"\nstdout: {e.stdout}"
+            if e.stderr:
+                error_msg += f"\nstderr: {e.stderr}"
+            raise SlothGenerateError(error_msg) from e
+        return process_sloth_output(output_file.name)
+
+
+def get_slo_target(slo: SLO) -> float:
+    """
+    Ensure SLO target unit aligns with format expected by sloth for 'Objective' attribute
+    https://pkg.go.dev/github.com/slok/sloth/pkg/prometheus/api/v1#section-readme
+    """
+    val = float(slo["SLOTarget"])
+    return val * (100.0 if slo.get("SLOTargetUnit") == "percent_0_1" else 1.0)
+
+
+def generate_sloth_rules(
+    slo_document: SLODocument,
+    version: str = "prometheus/v1",
+) -> str:
+    """Generate Prometheus rules for an slo_document_v1 using sloth
+
+    Args:
+        slo_document query:
+            {
+                slo_docs: slo_document_v1(filter: {name: "foo"}) {
+                    name
+                    app {
+                        name
+                    }
+                    slos {
+                        name
+                        SLIType
+                        SLOTargetUnit
+                        SLOParameters {
+                            window
+                        }
+                        expr
+                        SLOTarget
+                        SLIErrorQuery
+                        SLITotalQuery
+                        SLODetails
+                        dashboard
+                    }
+                }
+            }
+        version: Spec version (default: "prometheus/v1")
+
+    Returns:
+        Generated Prometheus rules as YAML string
+    """
+    if not slo_document.get("slos"):
+        raise SlothInputError("SLO document has no SLOs defined")
+
+    service = slo_document["app"]["name"]
+    # only process SLOs that have both error and total queries defined
+    slo_input = [
+        {
+            "name": slo["name"],
+            "objective": get_slo_target(slo),
+            "description": f"{slo['name']} SLO for {service}",
+            "sli": {
+                "events": {
+                    "error_query": slo["SLIErrorQuery"].replace(
+                        "{{window}}", "{{.window}}"
+                    ),
+                    "total_query": slo["SLITotalQuery"].replace(
+                        "{{window}}", "{{.window}}"
+                    ),
+                }
+            },
+            "alerting": {
+                "name": f"{service.title()}{slo['name'].title()}",
+                "annotations": {
+                    "summary": f"High error rate on {service} {slo['name']}",
+                    "message": f"High error rate on {service} {slo['name']}",
+                    "runbook": slo["SLODetails"],
+                    "dashboard": slo["dashboard"],
+                },
+                "page_alert": {
+                    "labels": {
+                        "severity": "critical",
+                        "service": service,
+                        "slo": slo["name"],
+                    }
+                },
+                "ticket_alert": {
+                    "labels": {
+                        "severity": "high",
+                        "service": service,
+                        "slo": slo["name"],
+                    }
+                },
+            },
+        }
+        for slo in slo_document["slos"]
+        if slo.get("SLIErrorQuery") and slo.get("SLITotalQuery")
+    ]
+
+    if not slo_input:
+        raise SlothInputError(
+            "No SLOs found with both SLIErrorQuery and SLITotalQuery defined"
+        )
+
+    spec = {
+        "version": version,
+        "service": service,
+        "slos": slo_input,
+    }
+    return run_sloth(spec)

reconcile/utils/sqs_gateway.py

@@ -4,6 +4,7 @@ from collections.abc import Iterable, Mapping
 from typing import Any, Self
 
 from reconcile.utils.aws_api import AWSApi
+from reconcile.utils.json import json_dumps
 from reconcile.utils.secret_reader import SecretReader
 
 
@@ -54,7 +55,7 @@ class SQSGateway:
         return queue_account_name[0]
 
     def send_message(self, body: Mapping[str, Any]) -> None:
-        self.sqs.send_message(QueueUrl=self.queue_url, MessageBody=json.dumps(body))
+        self.sqs.send_message(QueueUrl=self.queue_url, MessageBody=json_dumps(body))
 
     def receive_messages(
         self,

reconcile/utils/state.py

@@ -28,6 +28,7 @@ from reconcile.typed_queries.app_interface_vault_settings import (
 )
 from reconcile.typed_queries.get_state_aws_account import get_state_aws_account
 from reconcile.utils.aws_api import aws_config_file_path
+from reconcile.utils.json import json_dumps
 from reconcile.utils.secret_reader import (
     SecretReaderBase,
     create_secret_reader,
@@ -355,7 +356,7 @@ class State:
         self.client.put_object(
             Bucket=self.bucket,
             Key=f"{self.state_path}/{key}",
-            Body=json.dumps(value),
+            Body=json_dumps(value),
             Metadata=metadata or {},
         )
 

reconcile/utils/terraform_client.py

@@ -36,6 +36,7 @@ from reconcile.typed_queries.app_interface_custom_messages import (
 )
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.aws_helper import get_region_from_availability_zone
+from reconcile.utils.datetime_util import ensure_utc, utc_now
 from reconcile.utils.external_resource_spec import (
     ExternalResourceSpec,
     ExternalResourceSpecInventory,
@@ -419,11 +420,11 @@ class TerraformClient:
         deletion_approvals = account.get("deletionApprovals")
         if not deletion_approvals:
             return False
-        now = datetime.utcnow()
+        now = utc_now()
         for da in deletion_approvals:
             try:
-                expiration = datetime.strptime(
-                    da["expiration"], DATE_FORMAT
+                expiration = ensure_utc(
+                    datetime.strptime(da["expiration"], DATE_FORMAT)  # noqa: DTZ007
                 ) + timedelta(days=1)
             except ValueError:
                 raise DeletionApprovalExpirationValueError(