PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev349py3-none-any.whl → 0.10.2.dev414py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (356) hide show

{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/METADATA +12 -11
{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/RECORD +356 -350
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +15 -12
reconcile/aus/base.py +26 -27
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +1 -1
reconcile/automated_actions/config/integration.py +15 -3
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +2 -2
reconcile/aws_iam_keys.py +7 -41
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +32 -25
reconcile/aws_version_sync/integration.py +6 -12
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +2 -4
reconcile/checkpoint.py +11 -3
reconcile/cli.py +33 -8
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +123 -117
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +9 -11
reconcile/external_resources/factories.py +5 -12
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +24 -10
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +13 -13
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +6 -8
reconcile/external_resources/state.py +60 -17
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +8 -5
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_mr_sqs_consumer.py +2 -2
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +5 -5
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +5 -5
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +46 -7
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +5 -5
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +27 -66
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +5 -5
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +5 -5
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +5 -5
reconcile/gql_definitions/common/alerting_services_settings.py +5 -5
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +5 -5
reconcile/gql_definitions/common/app_interface_state_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +15 -5
reconcile/gql_definitions/common/aws_vpcs.py +5 -5
reconcile/gql_definitions/common/clusters.py +7 -5
reconcile/gql_definitions/common/clusters_minimal.py +5 -5
reconcile/gql_definitions/common/clusters_with_dms.py +5 -5
reconcile/gql_definitions/common/clusters_with_peering.py +5 -5
reconcile/gql_definitions/common/github_orgs.py +5 -5
reconcile/gql_definitions/common/jira_settings.py +5 -5
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +5 -5
reconcile/gql_definitions/common/namespaces_minimal.py +7 -5
reconcile/gql_definitions/common/ocm_env_telemeter.py +5 -5
reconcile/gql_definitions/common/ocm_environments.py +5 -5
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -5
reconcile/gql_definitions/common/pipeline_providers.py +5 -5
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +5 -5
reconcile/gql_definitions/common/saas_target_namespaces.py +5 -5
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +5 -5
reconcile/gql_definitions/common/state_aws_account.py +5 -5
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +5 -5
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +5 -5
reconcile/gql_definitions/email_sender/users.py +5 -5
reconcile/gql_definitions/endpoints_discovery/apps.py +5 -5
reconcile/gql_definitions/external_resources/aws_accounts.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_modules.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +89 -6
reconcile/gql_definitions/external_resources/external_resources_settings.py +7 -5
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +5 -5
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/aws_organization.py +33 -0
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +7 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +5 -5
reconcile/gql_definitions/gcp/gcp_projects.py +5 -5
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +5 -5
reconcile/gql_definitions/gitlab_members/permissions.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_project.py +5 -5
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +5 -5
reconcile/gql_definitions/integrations/integrations.py +5 -5
reconcile/gql_definitions/introspection.json +2137 -1053
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +5 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +5 -5
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +9 -5
reconcile/gql_definitions/jumphosts/jumphosts.py +5 -5
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +5 -5
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +5 -5
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +5 -5
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +5 -5
reconcile/gql_definitions/quay_membership/quay_membership.py +5 -5
reconcile/gql_definitions/rhcs/certs.py +5 -5
reconcile/gql_definitions/rhidp/organizations.py +5 -5
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +5 -5
reconcile/gql_definitions/sharding/aws_accounts.py +5 -5
reconcile/gql_definitions/sharding/ocm_organization.py +5 -5
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +5 -5
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +5 -5
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +5 -5
reconcile/gql_definitions/statuspage/statuspages.py +5 -5
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +5 -5
reconcile/gql_definitions/terraform_init/aws_accounts.py +19 -5
reconcile/gql_definitions/terraform_repo/terraform_repo.py +5 -5
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +38 -6
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +15 -5
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +5 -5
reconcile/gql_definitions/vault_instances/vault_instances.py +5 -5
reconcile/gql_definitions/vault_policies/vault_policies.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_worker_fleets.py +10 -8
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -56
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +23 -23
reconcile/openshift_base.py +53 -2
reconcile/openshift_cluster_bots.py +3 -2
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +6 -2
reconcile/openshift_rhcs_certs.py +5 -5
reconcile/openshift_rolebindings.py +7 -11
reconcile/openshift_saas_deploy.py +6 -7
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +2 -2
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/prometheus_rules_tester/integration.py +3 -3
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -1
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +1 -1
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +4 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +3 -0
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +4 -3
reconcile/terraform_aws_route53.py +7 -1
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +5 -5
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +17 -7
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +7 -0
reconcile/terraform_vpc_peerings.py +14 -3
reconcile/terraform_vpc_resources/integration.py +10 -1
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +13 -13
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aggregated_list.py +4 -3
reconcile/utils/aws_api.py +51 -54
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +24 -1
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gql.py +4 -7
reconcile/utils/helm.py +2 -1
reconcile/utils/helpers.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jinja2/utils.py +6 -101
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +9 -12
reconcile/utils/jobcontroller/controller.py +1 -1
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +70 -0
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/base.py +2 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +3 -2
reconcile/utils/oc.py +118 -97
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +17 -20
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/products.py +9 -3
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/openshift_resource.py +10 -5
reconcile/utils/output.py +3 -2
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +1 -1
reconcile/utils/rhcsv2_certs.py +1 -4
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +25 -21
reconcile/utils/saasherder/saasherder.py +35 -24
reconcile/utils/slack_api.py +26 -4
reconcile/utils/sloth.py +171 -2
reconcile/utils/sqs_gateway.py +2 -1
reconcile/utils/state.py +2 -1
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +5 -4
reconcile/utils/terrascript_aws_client.py +171 -114
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +5 -12
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +107 -42
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +3 -1
tools/cli_commands/systems_and_tools.py +5 -1
tools/qontract_cli.py +31 -18
tools/template_validation.py +3 -1
{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/entry_points.txt +0 -0

reconcile/aws_cloudwatch_log_retention/integration.py CHANGED Viewed

@@ -2,31 +2,41 @@ from __future__ import annotations
 import logging
 import re
-import typing
 from collections import defaultdict
 from datetime import UTC, datetime, timedelta
-from enum import Enum
 from typing import TYPE_CHECKING
-from botocore.exceptions import ClientError
 from pydantic import BaseModel
-from reconcile import queries
 from reconcile.gql_definitions.aws_cloudwatch_log_retention.aws_accounts import (
     AWSAccountCleanupOptionCloudWatchV1,
     AWSAccountV1,
 )
+from reconcile.typed_queries.app_interface_vault_settings import (
+    get_app_interface_vault_settings,
+)
+from reconcile.typed_queries.aws_account_tags import get_aws_account_tags
 from reconcile.typed_queries.aws_cloudwatch_log_retention.aws_accounts import (
     get_aws_accounts,
 )
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils import gql
-from reconcile.utils.aws_api import AWSApi
+from reconcile.utils.aws_api_typed.api import AWSApi, AWSStaticCredentials
+from reconcile.utils.datetime_util import utc_now
+from reconcile.utils.differ import diff_mappings
+from reconcile.utils.secret_reader import create_secret_reader
+from reconcile.utils.state import init_state
+TAGS_KEY = "tags.json"
 if TYPE_CHECKING:
     from collections.abc import Iterable
     from mypy_boto3_logs.type_defs import LogGroupTypeDef
+    from reconcile.utils.aws_api_typed.logs import AWSApiLogs
+    from reconcile.utils.gql import GqlApi
 QONTRACT_INTEGRATION = "aws_cloudwatch_log_retention"
 MANAGED_BY_INTEGRATION_KEY = "managed_by_integration"
@@ -35,7 +45,7 @@ DEFAULT_RETENTION_IN_DAYS = 90
 class AWSCloudwatchCleanupOption(BaseModel):
-    regex: typing.Pattern
+    regex: re.Pattern
     retention_in_days: int
     delete_empty_log_group: bool
@@ -67,16 +77,6 @@ def get_desired_cleanup_options_by_region(
     return result
-def create_awsapi_client(accounts: list[AWSAccountV1], thread_pool_size: int) -> AWSApi:
-    settings = queries.get_secret_reader_settings()
-    return AWSApi(
-        thread_pool_size,
-        [account.dict(by_alias=True) for account in accounts],
-        settings=settings,
-        init_users=False,
-    )
 def is_empty(log_group: LogGroupTypeDef) -> bool:
     return log_group["storedBytes"] == 0
@@ -85,47 +85,32 @@ def is_longer_than_retention(
     log_group: LogGroupTypeDef,
     desired_retention_days: int,
 ) -> bool:
-    return datetime.fromtimestamp(log_group["creationTime"] / 1000, tz=UTC) + timedelta(
-        days=desired_retention_days
-    ) < datetime.now(tz=UTC)
-class TagStatus(Enum):
-    NOT_SET = "NOT_SET"
-    MANAGED_BY_CURRENT_INTEGRATION = "MANAGED_BY_CURRENT_INTEGRATION"
-    MANAGED_BY_OTHER_INTEGRATION = "MANAGED_BY_OTHER_INTEGRATION"
+    return (
+        datetime.fromtimestamp(log_group["creationTime"] / 1000, tz=UTC)
+        + timedelta(days=desired_retention_days)
+        < utc_now()
+    )
-def get_tag_status(
-    log_group: LogGroupTypeDef,
-    account_name: str,
-    region: str,
-    aws_api: AWSApi,
-) -> TagStatus:
-    tags = aws_api.get_cloudwatch_log_group_tags(
-        account_name,
-        log_group["arn"],
-        region,
-    )
+def _is_managed_by_other_integration(tags: dict[str, str]) -> bool:
     managed_by_integration = tags.get(MANAGED_BY_INTEGRATION_KEY)
-    if managed_by_integration is None:
-        return TagStatus.NOT_SET
-    if managed_by_integration == QONTRACT_INTEGRATION:
-        return TagStatus.MANAGED_BY_CURRENT_INTEGRATION
-    return TagStatus.MANAGED_BY_OTHER_INTEGRATION
+    return (
+        managed_by_integration is not None
+        and managed_by_integration != QONTRACT_INTEGRATION
+    )
 def _reconcile_log_group(
     dry_run: bool,
-    aws_log_group: LogGroupTypeDef,
+    log_group: LogGroupTypeDef,
     desired_cleanup_options: Iterable[AWSCloudwatchCleanupOption],
-    account_name: str,
-    region: str,
-    awsapi: AWSApi,
+    desired_tags: dict[str, str],
+    last_tags: dict[str, str],
+    aws_api_logs: AWSApiLogs,
 ) -> None:
-    current_retention_in_days = aws_log_group.get("retentionInDays")
-    log_group_name = aws_log_group["logGroupName"]
-    log_group_arn = aws_log_group["arn"]
+    current_retention_in_days = log_group.get("retentionInDays")
+    log_group_name = log_group["logGroupName"]
+    log_group_arn = log_group["arn"]
     desired_cleanup_option = _find_desired_cleanup_option(
         log_group_name, desired_cleanup_options
@@ -133,54 +118,66 @@ def _reconcile_log_group(
     if (
         desired_cleanup_option.delete_empty_log_group
-        and is_empty(aws_log_group)
+        and is_empty(log_group)
         and is_longer_than_retention(
-            aws_log_group, desired_cleanup_option.retention_in_days
+            log_group, desired_cleanup_option.retention_in_days
         )
     ):
-        if (
-            get_tag_status(aws_log_group, account_name, region, awsapi)
-            != TagStatus.MANAGED_BY_OTHER_INTEGRATION
-        ):
+        tags = aws_api_logs.get_tags(log_group_arn)
+        if not _is_managed_by_other_integration(tags):
             logging.info(
                 "Deleting empty log group %s",
                 log_group_arn,
             )
             if not dry_run:
-                awsapi.delete_cloudwatch_log_group(account_name, log_group_name, region)
+                aws_api_logs.delete_log_group(log_group_name)
         return
-    if current_retention_in_days == desired_cleanup_option.retention_in_days:
+    if (
+        current_retention_in_days == desired_cleanup_option.retention_in_days
+        and last_tags == desired_tags
+    ):
         return
-    match get_tag_status(aws_log_group, account_name, region, awsapi):
-        case TagStatus.MANAGED_BY_OTHER_INTEGRATION:
-            return
-        case TagStatus.MANAGED_BY_CURRENT_INTEGRATION:
-            pass
-        case TagStatus.NOT_SET:
-            logging.info(
-                "Setting tag %s for log group %s",
-                MANAGED_TAG,
+    current_tags = aws_api_logs.get_tags(log_group_arn)
+    if _is_managed_by_other_integration(current_tags):
+        return
+    diff_result = diff_mappings(
+        current=current_tags,
+        desired=desired_tags,
+    )
+    if to_delete := diff_result.delete.keys() & last_tags.keys():
+        logging.info(
+            "Deleting tags %s for log group %s",
+            to_delete,
+            log_group_arn,
+        )
+        if not dry_run:
+            aws_api_logs.delete_tags(
                 log_group_arn,
+                to_delete,
             )
-            if not dry_run:
-                awsapi.create_cloudwatch_tag(
-                    account_name, log_group_arn, MANAGED_TAG, region
-                )
+    if diff_result.add or diff_result.change:
+        logging.info(
+            "Setting tags %s for log group %s",
+            desired_tags,
+            log_group_arn,
+        )
+        if not dry_run:
+            aws_api_logs.set_tags(log_group_arn, desired_tags)
-    logging.info(
-        "Setting %s retention days to %d",
-        log_group_arn,
-        desired_cleanup_option.retention_in_days,
-    )
-    if not dry_run:
-        awsapi.set_cloudwatch_log_retention(
-            account_name,
-            log_group_name,
+    if current_retention_in_days != desired_cleanup_option.retention_in_days:
+        logging.info(
+            "Setting %s retention days to %d",
+            log_group_arn,
             desired_cleanup_option.retention_in_days,
-            region,
         )
+        if not dry_run:
+            aws_api_logs.put_retention_policy(
+                log_group_name,
+                desired_cleanup_option.retention_in_days,
+            )
 def _find_desired_cleanup_option(
@@ -191,60 +188,63 @@ def _find_desired_cleanup_option(
     Find the first cleanup option that regex matches the log group name.
     If no match is found, return the default cleanup option.
-    :param log_group_name: The name of the log group
-    :param desired_cleanup_options: The desired cleanup options
-    :return: The desired cleanup option
+    Args:
+        log_group_name: The name of the log group.
+        desired_cleanup_options: A list of desired cleanup options.
+    Returns:
+        The matching cleanup option or the default one.
     """
-    return next(
-        (o for o in desired_cleanup_options if o.regex.match(log_group_name)),
-        DEFAULT_AWS_CLOUDWATCH_CLEANUP_OPTION,
-    )
+    for option in desired_cleanup_options:
+        if option.regex.match(log_group_name):
+            return option
+    return DEFAULT_AWS_CLOUDWATCH_CLEANUP_OPTION
 def _reconcile_log_groups(
     dry_run: bool,
     aws_account: AWSAccountV1,
-    awsapi: AWSApi,
-) -> None:
-    account_name = aws_account.name
-    desired_cleanup_options_by_region = get_desired_cleanup_options_by_region(
-        aws_account
+    last_tags: dict[str, str],
+    default_tags: dict[str, str],
+    automation_token: dict[str, str],
+) -> dict[str, str]:
+    desired_tags = (
+        default_tags | get_aws_account_tags(aws_account.organization) | MANAGED_TAG
     )
-    try:
-        for (
-            region,
-            desired_cleanup_options,
-        ) in desired_cleanup_options_by_region.items():
-            for aws_log_group in awsapi.get_cloudwatch_log_groups(
-                account_name,
-                region,
-            ):
-                _reconcile_log_group(
-                    dry_run=dry_run,
-                    aws_log_group=aws_log_group,
-                    desired_cleanup_options=desired_cleanup_options,
-                    account_name=account_name,
-                    region=region,
-                    awsapi=awsapi,
+    for (
+        region,
+        desired_cleanup_options,
+    ) in get_desired_cleanup_options_by_region(aws_account).items():
+        aws_credentials = AWSStaticCredentials(
+            access_key_id=automation_token["aws_access_key_id"],
+            secret_access_key=automation_token["aws_secret_access_key"],
+            region=region,
+        )
+        with AWSApi(aws_credentials) as aws_api:
+            aws_api_logs = aws_api.logs
+            try:
+                for log_group in aws_api_logs.get_log_groups():
+                    _reconcile_log_group(
+                        dry_run=dry_run,
+                        log_group=log_group,
+                        desired_cleanup_options=desired_cleanup_options,
+                        desired_tags=desired_tags,
+                        last_tags=last_tags,
+                        aws_api_logs=aws_api_logs,
+                    )
+            except aws_api_logs.client.exceptions.ClientError as e:
+                logging.error(
+                    "Error reconciling log groups for %s: %s",
+                    aws_account.name,
+                    e,
                 )
-    except ClientError as e:
-        if e.response["Error"]["Code"] == "AccessDeniedException":
-            logging.info(
-                "Access denied for aws account %s. Skipping...",
-                account_name,
-            )
-        else:
-            logging.error(
-                "Error reconciling log groups for %s: %s",
-                account_name,
-                e,
-            )
+                return last_tags
+    return desired_tags
-def get_active_aws_accounts() -> list[AWSAccountV1]:
+def get_active_aws_accounts(gql_api: GqlApi) -> list[AWSAccountV1]:
     return [
         account
-        for account in get_aws_accounts(gql.get_api())
+        for account in get_aws_accounts(gql_api)
         if not (
             account.disable
             and account.disable.integrations
@@ -253,8 +253,37 @@ def get_active_aws_accounts() -> list[AWSAccountV1]:
     ]
-def run(dry_run: bool, thread_pool_size: int) -> None:
-    aws_accounts = get_active_aws_accounts()
-    with create_awsapi_client(aws_accounts, thread_pool_size) as awsapi:
-        for aws_account in aws_accounts:
-            _reconcile_log_groups(dry_run, aws_account, awsapi)
+def get_default_tags(gql_api: GqlApi) -> dict[str, str]:
+    try:
+        return get_settings(gql_api.query).default_tags
+    except ValueError:
+        # no settings found
+        return {}
+def run(dry_run: bool) -> None:
+    gql_api = gql.get_api()
+    aws_accounts = get_active_aws_accounts(gql_api)
+    vault_settings = get_app_interface_vault_settings(query_func=gql_api.query)
+    secret_reader = create_secret_reader(use_vault=vault_settings.vault)
+    default_tags = get_default_tags(gql_api)
+    with init_state(
+        integration=QONTRACT_INTEGRATION,
+        secret_reader=secret_reader,
+    ) as state:
+        last_tags = state.get(TAGS_KEY, {})
+        desired_tags = {
+            aws_account.name: _reconcile_log_groups(
+                dry_run=dry_run,
+                aws_account=aws_account,
+                last_tags=last_tags.get(aws_account.name, {}),
+                default_tags=default_tags,
+                automation_token=secret_reader.read_all_secret(
+                    aws_account.automation_token
+                ),
+            )
+            for aws_account in aws_accounts
+        }
+        if not dry_run and desired_tags != last_tags:
+            state.add(TAGS_KEY, desired_tags, force=True)

reconcile/aws_ecr_image_pull_secrets.py CHANGED Viewed

@@ -1,11 +1,11 @@
 import base64
-import json
 import logging
 from collections.abc import Mapping
 from typing import Any
 from reconcile import queries
 from reconcile.utils.aws_api import AWSApi
+from reconcile.utils.json import json_dumps
 from reconcile.utils.vault import VaultClient
 QONTRACT_INTEGRATION = "aws-ecr-image-pull-secrets"
@@ -35,7 +35,7 @@ def construct_dockercfg_secret_data(data: Mapping[str, Any]) -> dict[str, str]:
         }
     }
-    return {".dockerconfigjson": enc_dec(json.dumps(data))}
+    return {".dockerconfigjson": enc_dec(json_dumps(data))}
 def construct_basic_auth_secret_data(data: Mapping[str, Any]) -> dict[str, str]:

reconcile/aws_iam_keys.py CHANGED Viewed

@@ -17,7 +17,7 @@ QONTRACT_INTEGRATION = "aws-iam-keys"
 def filter_accounts(
     accounts: Iterable[dict[str, Any]], account_name: str | None
 ) -> list[dict[str, Any]]:
-    accounts = [a for a in accounts if a.get("deleteKeys") or a.get("disableKeys")]
+    accounts = [a for a in accounts if a.get("deleteKeys")]
     if account_name:
         accounts = [a for a in accounts if a["name"] == account_name]
     return accounts
@@ -31,43 +31,17 @@ def get_keys_to_delete(accounts: Iterable[dict[str, Any]]) -> dict[str, list[str
     }
-def get_keys_to_disable(accounts: Iterable[dict[str, Any]]) -> dict[str, list[str]]:
-    return {
-        account["name"]: account["disableKeys"]
-        for account in accounts
-        if account.get("disableKeys")
-    }
-def should_run(
-    state: State,
-    keys_to_delete: dict[str, list[str]],
-    keys_to_disable: dict[str, list[str]] | None = None,
-) -> bool:
+def should_run(state: State, keys_to_delete: dict[str, list[str]]) -> bool:
     for account_name, keys in keys_to_delete.items():
         if state.get(account_name, []) != keys:
             return True
-    if keys_to_disable:
-        for account_name, keys in keys_to_disable.items():
-            disable_state_key = f"{account_name}_disable"
-            if state.get(disable_state_key, []) != keys:
-                return True
     return False
-def update_state(
-    state: State,
-    keys_to_update: dict[str, list[str]],
-    keys_to_disable: dict[str, list[str]] | None = None,
-) -> None:
+def update_state(state: State, keys_to_update: dict[str, list[str]]) -> None:
     for account_name, keys in keys_to_update.items():
         if state.get(account_name, []) != keys:
             state.add(account_name, keys, force=True)
-    if keys_to_disable:
-        for account_name, keys in keys_to_disable.items():
-            disable_state_key = f"{account_name}_disable"
-            if state.get(disable_state_key, []) != keys:
-                state.add(disable_state_key, keys, force=True)
 def init_tf_working_dirs(
@@ -91,6 +65,7 @@ def init_tf_working_dirs(
         thread_pool_size,
         accounts,
         settings=settings,
+        default_tags=None,
     )
     return ts.dump()
@@ -122,8 +97,7 @@ def run(
     if defer:
         defer(state.cleanup)
     keys_to_delete = get_keys_to_delete(accounts)
-    keys_to_disable = get_keys_to_disable(accounts)
-    if not should_run(state, keys_to_delete, keys_to_disable):
+    if not should_run(state, keys_to_delete):
         logging.debug("nothing to do here")
         # using return because terraform-resources
         # may be the calling entity, and has more to do
@@ -137,10 +111,6 @@ def run(
         error, service_account_recycle_complete = aws.delete_keys(
             dry_run, keys_to_delete, working_dirs, disable_service_account_keys
         )
-        if keys_to_disable:
-            disable_error = aws.disable_keys(dry_run, keys_to_disable)
-            # combine errors from both operations
-            error = error or disable_error
     if error:
         sys.exit(1)
@@ -149,12 +119,8 @@ def run(
         and not disable_service_account_keys
         and service_account_recycle_complete
     ):
-        update_state(state, keys_to_delete, keys_to_disable)
+        update_state(state, keys_to_delete)
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
-    accounts = queries.get_aws_accounts(terraform_state=True)
-    return {
-        "keys": get_keys_to_delete(accounts),
-        "disable_keys": get_keys_to_disable(accounts),
-    }
+    return {"keys": get_keys_to_delete(queries.get_aws_accounts(terraform_state=True))}

reconcile/aws_saml_idp/integration.py CHANGED Viewed

@@ -19,6 +19,7 @@ from reconcile.gql_definitions.aws_saml_idp.aws_accounts import (
     query as aws_accounts_query,
 )
 from reconcile.status import ExitCodes
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils import gql
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
@@ -81,7 +82,7 @@ class AwsSamlIdpIntegration(QontractReconcileIntegration[AwsSamlIdpIntegrationPa
         if not query_func:
             query_func = gql.get_api().query
         return {
-            "accounts": [c.dict() for c in self.get_aws_accounts(query_func)],
+            "accounts": [c.model_dump() for c in self.get_aws_accounts(query_func)],
         }
     def get_aws_accounts(
@@ -124,20 +125,27 @@ class AwsSamlIdpIntegration(QontractReconcileIntegration[AwsSamlIdpIntegrationPa
         aws_accounts = self.get_aws_accounts(
             gql_api.query, account_name=self.params.account_name
         )
-        aws_accounts_dict = [account.dict(by_alias=True) for account in aws_accounts]
+        aws_accounts_dict = [
+            account.model_dump(by_alias=True) for account in aws_accounts
+        ]
+        try:
+            default_tags = get_settings().default_tags
+        except ValueError:
+            # no external resources settings found
+            default_tags = None
         ts = TerrascriptClient(
             self.name.replace("-", "_"),
             "",
             self.params.thread_pool_size,
             aws_accounts_dict,
             secret_reader=self.secret_reader,
+            default_tags=default_tags,
         )
         for saml_idp_config in self.build_saml_idp_config(
             aws_accounts,
             saml_idp_name=self.params.saml_idp_name,
-            saml_metadata=self.get_saml_metadata(self.params.saml_metadata_url),
+            saml_metadata=self.get_saml_metadata(str(self.params.saml_metadata_url)),
         ):
             ts.populate_saml_idp(
                 account_name=saml_idp_config.account_name,

qontract-reconcile 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

qontract-reconcile 0.10.2.dev349py3-none-any.whl → 0.10.2.dev414py3-none-any.whl