PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev430__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev361py3-none-any.whl → 0.10.2.dev430py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (351) hide show

{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/METADATA +13 -12
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/RECORD +351 -345
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/base.py +134 -32
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gates/sts_version_gate_handler.py +54 -1
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +30 -23
reconcile/aws_version_sync/integration.py +6 -12
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +0 -2
reconcile/checkpoint.py +11 -3
reconcile/cli.py +93 -10
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +123 -117
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +8 -8
reconcile/external_resources/factories.py +4 -6
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -6
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +19 -15
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +4 -7
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +5 -2
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +5 -5
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +5 -5
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +46 -7
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +5 -5
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +27 -66
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +5 -5
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +5 -5
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +5 -5
reconcile/gql_definitions/common/alerting_services_settings.py +5 -5
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +5 -5
reconcile/gql_definitions/common/app_interface_state_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +15 -5
reconcile/gql_definitions/common/aws_vpcs.py +5 -5
reconcile/gql_definitions/common/clusters.py +5 -5
reconcile/gql_definitions/common/clusters_minimal.py +5 -5
reconcile/gql_definitions/common/clusters_with_dms.py +5 -5
reconcile/gql_definitions/common/clusters_with_peering.py +5 -5
reconcile/gql_definitions/common/github_orgs.py +5 -5
reconcile/gql_definitions/common/jira_settings.py +5 -5
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +5 -5
reconcile/gql_definitions/common/namespaces_minimal.py +7 -5
reconcile/gql_definitions/common/ocm_env_telemeter.py +5 -5
reconcile/gql_definitions/common/ocm_environments.py +5 -5
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -5
reconcile/gql_definitions/common/pipeline_providers.py +5 -5
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +5 -5
reconcile/gql_definitions/common/saas_target_namespaces.py +5 -5
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +5 -5
reconcile/gql_definitions/common/state_aws_account.py +5 -5
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +5 -5
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +5 -5
reconcile/gql_definitions/email_sender/users.py +5 -5
reconcile/gql_definitions/endpoints_discovery/apps.py +5 -5
reconcile/gql_definitions/external_resources/aws_accounts.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_modules.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +33 -6
reconcile/gql_definitions/external_resources/external_resources_settings.py +5 -5
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +5 -5
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/aws_organization.py +33 -0
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +7 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +5 -5
reconcile/gql_definitions/gcp/gcp_projects.py +5 -5
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +5 -5
reconcile/gql_definitions/gitlab_members/permissions.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_project.py +5 -5
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +5 -5
reconcile/gql_definitions/integrations/integrations.py +5 -5
reconcile/gql_definitions/introspection.json +724 -129
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +5 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +5 -5
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +9 -5
reconcile/gql_definitions/jumphosts/jumphosts.py +5 -5
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +5 -5
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +5 -5
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +5 -5
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +5 -5
reconcile/gql_definitions/quay_membership/quay_membership.py +5 -5
reconcile/gql_definitions/rhcs/certs.py +25 -79
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +5 -5
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +5 -5
reconcile/gql_definitions/sharding/aws_accounts.py +5 -5
reconcile/gql_definitions/sharding/ocm_organization.py +5 -5
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +5 -5
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +5 -5
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +5 -5
reconcile/gql_definitions/statuspage/statuspages.py +5 -5
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +5 -5
reconcile/gql_definitions/terraform_init/aws_accounts.py +19 -5
reconcile/gql_definitions/terraform_repo/terraform_repo.py +5 -5
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +30 -6
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +15 -5
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +5 -5
reconcile/gql_definitions/vault_instances/vault_instances.py +5 -5
reconcile/gql_definitions/vault_policies/vault_policies.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_worker_fleets.py +10 -8
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -57
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +113 -4
reconcile/openshift_cluster_bots.py +1 -1
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +6 -2
reconcile/openshift_rhcs_certs.py +74 -37
reconcile/openshift_rolebindings.py +7 -11
reconcile/openshift_saas_deploy.py +4 -5
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +2 -2
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/prometheus_rules_tester/integration.py +3 -3
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -0
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +16 -5
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +2 -2
reconcile/terraform_aws_route53.py +7 -1
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +5 -5
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +6 -6
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +7 -0
reconcile/terraform_vpc_peerings.py +14 -3
reconcile/terraform_vpc_resources/integration.py +10 -1
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +11 -11
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gql.py +4 -7
reconcile/utils/helpers.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jinja2/utils.py +6 -101
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +7 -10
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +43 -1
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +3 -2
reconcile/utils/oc.py +246 -201
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +17 -20
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/products.py +8 -8
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/openshift_resource.py +8 -3
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +1 -1
reconcile/utils/rhcsv2_certs.py +86 -23
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +23 -20
reconcile/utils/saasherder/saasherder.py +50 -27
reconcile/utils/slack_api.py +2 -2
reconcile/utils/sloth.py +171 -2
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +5 -4
reconcile/utils/terrascript_aws_client.py +134 -74
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +5 -12
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +107 -42
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/qontract_cli.py +28 -17
tools/template_validation.py +3 -1
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/entry_points.txt +0 -0

reconcile/statuspage/status.py CHANGED Viewed

@@ -2,18 +2,15 @@ from abc import (
     ABC,
     abstractmethod,
 )
-from datetime import (
-    UTC,
-    datetime,
-)
+from datetime import datetime
-from dateutil.parser import isoparse
 from pydantic import BaseModel
 from reconcile.gql_definitions.statuspage.statuspages import (
     ManualStatusProviderV1,
     StatusProviderV1,
 )
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 # This module defines the interface for status providers for components on status
 # pages. A status provider is responsible for determining the status of a component.
@@ -70,7 +67,7 @@ class ManualStatusProvider(StatusProvider, BaseModel):
             raise ValueError(
                 "manual component status time window is invalid: end before start"
             )
-        now = datetime.now(UTC)
+        now = utc_now()
         if self.start and now < self.start:
             return False
         return not (self.end and self.end < now)
@@ -84,8 +81,8 @@ def build_status_provider_config(
     provider specific implementation that provides the status resolution logic.
     """
     if isinstance(cfg, ManualStatusProviderV1):
-        start = isoparse(cfg.manual.q_from) if cfg.manual.q_from else None
-        end = isoparse(cfg.manual.until) if cfg.manual.until else None
+        start = from_utc_iso_format(cfg.manual.q_from) if cfg.manual.q_from else None
+        end = from_utc_iso_format(cfg.manual.until) if cfg.manual.until else None
         return ManualStatusProvider(
             component_status=cfg.manual.component_status,
             start=start,

reconcile/templating/lib/rendering.py CHANGED Viewed

@@ -18,7 +18,7 @@ from reconcile.utils.secret_reader import SecretReaderBase
 class TemplateData(BaseModel):
     variables: dict[str, Any]
-    current: dict[str, Any] | None
+    current: dict[str, Any] | None = None
     current_with_explicit_start: bool | None = False
@@ -26,7 +26,7 @@ class TemplatePatch(Protocol):
     path: str
     identifier: str | None
-    def dict(self) -> dict[str, str]: ...
+    def model_dump(self) -> dict[str, str]: ...
 class Template(Protocol):
@@ -36,7 +36,7 @@ class Template(Protocol):
     template: str
     overwrite: bool | None
-    def dict(self) -> dict[str, str]: ...
+    def model_dump(self) -> dict[str, str]: ...
     @property
     def patch(self) -> TemplatePatch | None:

reconcile/templating/renderer.py CHANGED Viewed

@@ -239,8 +239,8 @@ def unpack_dynamic_variables(
 class TemplateRendererIntegrationParams(PydanticRunParams):
     clone_repo: bool = False
-    app_interface_root_path: str | None
-    template_collection_name: str | None
+    app_interface_root_path: str | None = None
+    template_collection_name: str | None = None
 def join_path(base: str, sub: str) -> str:

reconcile/terraform_aws_route53.py CHANGED Viewed

@@ -9,6 +9,7 @@ from typing import Any
 from reconcile import queries
 from reconcile.status import ExitCodes
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils import dnsutils
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
@@ -227,13 +228,18 @@ def run(
             f"No participating AWS accounts found, consider disabling this integration, account name: {account_name}"
         )
         return
+    try:
+        default_tags = get_settings().default_tags
+    except ValueError:
+        # no external resources settings found
+        default_tags = None
     ts = Terrascript(
         QONTRACT_INTEGRATION,
         "",
         thread_pool_size,
         participating_accounts,
         settings=settings,
+        default_tags=default_tags,
     )
     desired_state = build_desired_state(zones, all_accounts, settings)

reconcile/terraform_cloudflare_dns.py CHANGED Viewed

@@ -155,7 +155,7 @@ class TerraformCloudflareDNSIntegration(
         accts_per_zone = []
         for zone in query_zones.zones or []:
-            acct = zone.account.dict(by_alias=True)
+            acct = zone.account.model_dump(by_alias=True)
             acct["name"] = f"{zone.account.name}-{zone.identifier}"
             accts_per_zone.append(acct)
@@ -369,11 +369,11 @@ def cloudflare_dns_zone_to_external_resource(
             provision_provider=DEFAULT_PROVISIONER_PROVIDER,
             provisioner={"name": f"{zone.account.name}-{zone.identifier}"},
             namespace=DEFAULT_NAMESPACE,
-            resource=zone.dict(by_alias=True, exclude=DEFAULT_EXCLUDE_KEY),
+            resource=zone.model_dump(by_alias=True, exclude=DEFAULT_EXCLUDE_KEY),
         )
         external_resource_spec.resource["provider"] = DEFAULT_PROVIDER
         external_resource_spec.resource["records"] = [
-            record.dict(by_alias=True) for record in zone.records or []
+            record.model_dump(by_alias=True) for record in zone.records or []
         ]
         external_resource_specs.append(external_resource_spec)
     return external_resource_specs

reconcile/terraform_cloudflare_resources.py CHANGED Viewed

@@ -168,7 +168,7 @@ def _build_oc_resources(
         internal=internal,
     )
-    namespace_mapping = [ns.dict() for ns in cloudflare_namespaces]
+    namespace_mapping = [ns.model_dump() for ns in cloudflare_namespaces]
     state_specs = init_specs_to_fetch(
         ri, oc_map, namespaces=namespace_mapping, override_managed_types=["Secret"]
@@ -338,7 +338,7 @@ def run(
     )
     if not cloudflare_namespaces:
-        logging.info("No cloudflare namespaces were detected, nothing to do.")
+        logging.debug("No cloudflare namespaces were detected, nothing to do.")
         sys.exit(ExitCodes.SUCCESS)
     # Build Cloudflare clients
@@ -351,7 +351,7 @@ def run(
         spec
         for namespace in query_resources.namespaces
         for spec in get_external_resource_specs(
-            namespace.dict(by_alias=True), PROVIDER_CLOUDFLARE
+            namespace.model_dump(by_alias=True), PROVIDER_CLOUDFLARE
         )
         if not selected_account or spec.provisioner_name == selected_account
     ]
@@ -383,7 +383,7 @@ def run(
         QONTRACT_INTEGRATION_VERSION,
         QONTRACT_TF_PREFIX,
         [
-            acct.dict(by_alias=True)  # convert CloudflareAccountV1 to dict
+            acct.model_dump(by_alias=True)  # convert CloudflareAccountV1 to dict
             for acct in query_accounts.accounts or []
             if acct.name in cf_clients.dump()  # use only if it is a registered client
         ],
@@ -442,4 +442,4 @@ def _get_cloudflare_desired_state() -> tuple[
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     desired_state = _get_cloudflare_desired_state()
-    return {state.__repr_name__(): state.dict() for state in desired_state}
+    return {str(state): state.model_dump() for state in desired_state}

reconcile/terraform_cloudflare_users.py CHANGED Viewed

@@ -88,7 +88,7 @@ class TerraformCloudflareUsers(
         if not settings.settings:
             raise RuntimeError("App interface setting not defined")
-        early_exit_desired_state = cloudflare_roles.dict()
+        early_exit_desired_state = cloudflare_roles.model_dump()
         early_exit_desired_state.update({
             CLOUDFLARE_EMAIL_DOMAIN_ALLOW_LIST_KEY: settings.settings
         })
@@ -149,7 +149,8 @@ class TerraformCloudflareUsers(
         }
         accounts = [
-            acct.dict(by_alias=True) for _, acct in account_names_to_account.items()
+            acct.model_dump(by_alias=True)
+            for _, acct in account_names_to_account.items()
         ]
         self._run_terraform(

reconcile/terraform_init/integration.py CHANGED Viewed

@@ -1,6 +1,5 @@
 import logging
 from collections.abc import Callable
-from datetime import UTC, datetime
 from typing import Any
 import jinja2
@@ -12,12 +11,16 @@ from reconcile.gql_definitions.terraform_init.aws_accounts import (
 from reconcile.terraform_init.merge_request import Renderer, create_parser
 from reconcile.terraform_init.merge_request_manager import MergeRequestManager, MrData
 from reconcile.typed_queries.app_interface_repo_url import get_app_interface_repo_url
+from reconcile.typed_queries.aws_account_tags import get_aws_account_tags
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.typed_queries.github_orgs import get_github_orgs
 from reconcile.typed_queries.gitlab_instances import get_gitlab_instances
 from reconcile.utils import gql
 from reconcile.utils.aws_api_typed.api import AWSApi, AWSStaticCredentials
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.gql import GqlApi
 from reconcile.utils.runtime.integration import (
     PydanticRunParams,
     QontractReconcileIntegration,
@@ -31,10 +34,16 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
 class TerraformInitIntegrationParams(PydanticRunParams):
-    account_name: str | None
+    account_name: str | None = None
     # To avoid the accidental deletion of the resource file, explicitly set the
     # qontract.cli option in the integration extraArgs!
     state_tmpl_resource: str = "/terraform-init/terraform-state.yml"
+    cloudformation_template_resource: str = (
+        "/terraform-init/terraform-state-s3-bucket.yaml"
+    )
+    cloudformation_import_template_resource: str = (
+        "/terraform-init/terraform-state-s3-bucket-import.yaml"
+    )
     template_collection_root_path: str = "data/templating/collections/terraform-init"
@@ -55,25 +64,35 @@ class TerraformInitIntegration(
             query_func = gql.get_api().query
         return {
             "accounts": [
-                account.dict() for account in self.get_aws_accounts(query_func)
+                account.model_dump() for account in self.get_aws_accounts(query_func)
             ],
         }
     def get_aws_accounts(
         self, query_func: Callable, account_name: str | None = None
     ) -> list[AWSAccountV1]:
-        """Return all AWS accounts with terraform username but no terraform state set."""
+        """Return all AWS accounts with terraform username."""
         return [
             account
             for account in aws_accounts_query(query_func).accounts or []
             if integration_is_enabled(self.name, account)
             and (not account_name or account.name == account_name)
             and account.terraform_username
-            and not account.terraform_state
         ]
+    @staticmethod
+    def get_default_tags(gql_api: GqlApi) -> dict[str, str]:
+        try:
+            return get_settings(gql_api.query).default_tags
+        except ValueError:
+            # no settings found
+            return {}
+    @staticmethod
     def render_state_collection(
-        self, template: str, bucket_name: str, account: AWSAccountV1
+        template: str,
+        bucket_name: str,
+        account: AWSAccountV1,
     ) -> str:
         return jinja2.Template(
             template,
@@ -85,24 +104,114 @@ class TerraformInitIntegration(
             "account_name": account.name,
             "bucket_name": bucket_name,
             "region": account.resources_default_region,
-            "timestamp": int(datetime.now(tz=UTC).timestamp()),
+            "timestamp": int(utc_now().timestamp()),
         })
     def reconcile_account(
         self,
-        account_aws_api: AWSApi,
+        aws_api: AWSApi,
+        merge_request_manager: MergeRequestManager,
+        dry_run: bool,
+        account: AWSAccountV1,
+        state_template: str,
+        cloudformation_template: str,
+        cloudformation_import_template: str,
+        default_tags: dict[str, str],
+    ) -> None:
+        """
+        Reconcile the terraform state for a given account.
+        Create S3 bucket via CloudFormation and Merge Request to update template file on init.
+        Import existing bucket if it exists but not managed by CloudFormation.
+        Update CloudFormation stack if tags or template body differ.
+        CloudFormation stack name and bucket name is `terraform-<account_name>`.
+        `cloudformation_import_template` should be minimal template with identifier fields only.
+        `cloudformation_template` should be the full template.
+        Use import template to import then update stack to match full template.
+        This will ensure imported resources match CloudFormation template.
+        And all desired changes in full template are applied.
+        Both templates must have BucketName in Parameters.
+        Args:
+            aws_api: AWSApi: AWS API client for the target account.
+            merge_request_manager: MergeRequestManager: Manager to handle merge requests.
+            dry_run: bool: If True, do not make any changes.
+            account: AWSAccountV1: The AWS account to reconcile.
+            state_template: str: Jinja2 template for the Terraform state configuration.
+            cloudformation_template: str: CloudFormation template to create the S3 bucket.
+            cloudformation_import_template: str: CloudFormation template to import existing S3 bucket.
+            default_tags: dict[str, str]: Default tags to apply to the CloudFormation stack.
+        Returns:
+            None
+        """
+        bucket_name = (
+            account.terraform_state.bucket
+            if account.terraform_state
+            else f"terraform-{account.name}"
+        )
+        tags = default_tags | get_aws_account_tags(account.organization)
+        if account.terraform_state is None:
+            return self._provision_terraform_state(
+                aws_api=aws_api,
+                merge_request_manager=merge_request_manager,
+                dry_run=dry_run,
+                account=account,
+                bucket_name=bucket_name,
+                cloudformation_template=cloudformation_template,
+                state_template=state_template,
+                tags=tags,
+            )
+        stack = aws_api.cloudformation.get_stack(stack_name=bucket_name)
+        if stack is None:
+            return self._import_cloudformation_stack(
+                aws_api=aws_api,
+                dry_run=dry_run,
+                bucket_name=bucket_name,
+                cloudformation_import_template=cloudformation_import_template,
+                cloudformation_template=cloudformation_template,
+                tags=tags,
+            )
+        return self._reconcile_cloudformation_stack(
+            aws_api=aws_api,
+            dry_run=dry_run,
+            bucket_name=bucket_name,
+            cloudformation_template=cloudformation_template,
+            tags=tags,
+            current_tags={tag["Key"]: tag["Value"] for tag in stack.get("Tags", [])},
+        )
+    def _provision_terraform_state(
+        self,
+        aws_api: AWSApi,
         merge_request_manager: MergeRequestManager,
         dry_run: bool,
-        state_collection: str,
-        bucket_name: str,
         account: AWSAccountV1,
+        bucket_name: str,
+        cloudformation_template: str,
+        state_template: str,
+        tags: dict[str, str],
     ) -> None:
         logging.info("Creating bucket '%s' for account '%s'", bucket_name, account.name)
         if not dry_run:
-            # the creation of the bucket is idempotent
-            account_aws_api.s3.create_bucket(
-                name=bucket_name, region=account.resources_default_region
+            aws_api.cloudformation.create_stack(
+                stack_name=bucket_name,
+                change_set_name=f"create-{bucket_name}",
+                template_body=cloudformation_template,
+                parameters={"BucketName": bucket_name},
+                tags=tags,
             )
+        state_collection = self.render_state_collection(
+            template=state_template,
+            bucket_name=bucket_name,
+            account=account,
+        )
         merge_request_manager.create_merge_request(
             data=MrData(
                 account=account.name,
@@ -111,6 +220,55 @@ class TerraformInitIntegration(
             )
         )
+    @staticmethod
+    def _import_cloudformation_stack(
+        aws_api: AWSApi,
+        dry_run: bool,
+        bucket_name: str,
+        cloudformation_import_template: str,
+        cloudformation_template: str,
+        tags: dict[str, str],
+    ) -> None:
+        logging.info("Importing existing bucket %s", bucket_name)
+        if not dry_run:
+            aws_api.cloudformation.create_stack(
+                stack_name=bucket_name,
+                change_set_name=f"import-{bucket_name}",
+                template_body=cloudformation_import_template,
+                parameters={"BucketName": bucket_name},
+                tags=tags,
+            )
+            logging.info("Syncing stack %s after import", bucket_name)
+            aws_api.cloudformation.update_stack(
+                stack_name=bucket_name,
+                template_body=cloudformation_template,
+                parameters={"BucketName": bucket_name},
+                tags=tags,
+            )
+    @staticmethod
+    def _reconcile_cloudformation_stack(
+        aws_api: AWSApi,
+        dry_run: bool,
+        bucket_name: str,
+        cloudformation_template: str,
+        tags: dict[str, str],
+        current_tags: dict[str, str],
+    ) -> None:
+        if (
+            current_tags != tags
+            or aws_api.cloudformation.get_template_body(stack_name=bucket_name)
+            != cloudformation_template
+        ):
+            logging.info("Updating stack %s", bucket_name)
+            if not dry_run:
+                aws_api.cloudformation.update_stack(
+                    stack_name=bucket_name,
+                    template_body=cloudformation_template,
+                    parameters={"BucketName": bucket_name},
+                    tags=tags,
+                )
     @defer
     def run(self, dry_run: bool, defer: Callable | None = None) -> None:
         """Run the integration."""
@@ -144,6 +302,14 @@ class TerraformInitIntegration(
         state_template = gql_api.get_resource(path=self.params.state_tmpl_resource)[
             "content"
         ]
+        cloudformation_template = gql_api.get_resource(
+            path=self.params.cloudformation_template_resource
+        )["content"]
+        cloudformation_import_template = gql_api.get_resource(
+            path=self.params.cloudformation_import_template_resource
+        )["content"]
+        default_tags = self.get_default_tags(gql_api)
         for account in accounts:
             secret = self.secret_reader.read_all_secret(account.automation_token)
             with AWSApi(
@@ -153,15 +319,13 @@ class TerraformInitIntegration(
                     region=account.resources_default_region,
                 )
             ) as account_aws_api:
-                bucket_name = f"terraform-{account.name}"
-                state_collection = self.render_state_collection(
-                    state_template, bucket_name, account
-                )
                 self.reconcile_account(
-                    account_aws_api,
-                    merge_request_manager,
-                    dry_run,
-                    state_collection,
-                    bucket_name,
-                    account,
+                    aws_api=account_aws_api,
+                    merge_request_manager=merge_request_manager,
+                    dry_run=dry_run,
+                    account=account,
+                    state_template=state_template,
+                    cloudformation_template=cloudformation_template,
+                    cloudformation_import_template=cloudformation_import_template,
+                    default_tags=default_tags,
                 )

reconcile/terraform_repo.py CHANGED Viewed

@@ -41,10 +41,10 @@ class RepoOutput(BaseModel):
     project_path: str
     delete: bool
     aws_creds: VaultSecret
-    variables: TerraformRepoVariablesV1 | None
-    bucket: str | None
-    region: str | None
-    bucket_path: str | None
+    variables: TerraformRepoVariablesV1 | None = None
+    bucket: str | None = None
+    region: str | None = None
+    bucket_path: str | None = None
     require_fips: bool
     tf_version: str
@@ -62,8 +62,8 @@ class OutputFile(BaseModel):
 class TerraformRepoIntegrationParams(PydanticRunParams):
     output_file: str | None
     validate_git: bool
-    gitlab_project_id: str | None
-    gitlab_merge_request_id: int | None
+    gitlab_project_id: str | None = None
+    gitlab_merge_request_id: int | None = None
 class TerraformRepoIntegration(
@@ -168,7 +168,7 @@ class TerraformRepoIntegration(
                     self.params.output_file, "w", encoding="locale"
                 ) as output_file:
                     yaml.safe_dump(
-                        data=output.dict(),
+                        data=output.model_dump(),
                         stream=output_file,
                         explicit_start=True,
                     )
@@ -177,7 +177,7 @@ class TerraformRepoIntegration(
                     f"Unable to write to '{self.params.output_file}'"
                 ) from None
         else:
-            print(yaml.safe_dump(data=output.dict(), explicit_start=True))
+            print(yaml.safe_dump(data=output.model_dump(), explicit_start=True))
         return output
@@ -206,7 +206,7 @@ class TerraformRepoIntegration(
         keys = state.ls()
         for key in keys:
             if value := state.get(key.lstrip("/"), None):
-                repo = TerraformRepoV1.parse_obj(value)
+                repo = TerraformRepoV1.model_validate(value)
                 repo_list.append(repo)
         return repo_list
@@ -283,7 +283,7 @@ class TerraformRepoIntegration(
             for add_key, add_val in diff_result.add.items():
                 # state.add already performs a json.dumps(key) so we export the
                 # pydantic model as a dict to avoid a double json dump with extra quotes
-                state.add(add_key, add_val.dict(by_alias=True), force=True)
+                state.add(add_key, add_val.model_dump(by_alias=True), force=True)
             for delete_key in diff_result.delete:
                 state.rm(delete_key)
             for change_key, change_val in diff_result.change.items():
@@ -291,7 +291,9 @@ class TerraformRepoIntegration(
                     state.rm(change_key)
                 else:
                     state.add(
-                        change_key, change_val.desired.dict(by_alias=True), force=True
+                        change_key,
+                        change_val.desired.model_dump(by_alias=True),
+                        force=True,
                     )
         except KeyError:
             pass
@@ -394,5 +396,7 @@ class TerraformRepoIntegration(
     def early_exit_desired_state(self, *args: Any, **kwargs: Any) -> dict[str, Any]:
         gqlapi = gql.get_api()
         return {
-            "repos": [repo.dict() for repo in self.get_repos(query_func=gqlapi.query)]
+            "repos": [
+                repo.model_dump() for repo in self.get_repos(query_func=gqlapi.query)
+            ]
         }

reconcile/terraform_resources.py CHANGED Viewed

@@ -137,7 +137,7 @@ def fetch_current_state(
         use_jump_host=use_jump_host,
         thread_pool_size=thread_pool_size,
     )
-    namespaces_dicts = [ns.dict(by_alias=True) for ns in namespaces]
+    namespaces_dicts = [ns.model_dump(by_alias=True) for ns in namespaces]
     state_specs = ob.init_specs_to_fetch(
         ri, oc_map, namespaces=namespaces_dicts, override_managed_types=["Secret"]
     )
@@ -273,7 +273,7 @@ def setup(
         )
     else:
         ocm_map = None
-    tf_namespaces_dicts = [ns.dict(by_alias=True) for ns in tf_namespaces]
+    tf_namespaces_dicts = [ns.model_dump(by_alias=True) for ns in tf_namespaces]
     provider_exclusions = settings.get("terraformResourcesProviderExclusions") or []
     ts.init_populate_specs(
@@ -295,16 +295,16 @@ def filter_tf_namespaces(
 ) -> list[NamespaceV1]:
     tf_namespaces = []
     for namespace_info in namespaces:
-        if ob.is_namespace_deleted(namespace_info.dict(by_alias=True)):
+        if ob.is_namespace_deleted(namespace_info.model_dump(by_alias=True)):
             continue
-        if not managed_external_resources(namespace_info.dict(by_alias=True)):
+        if not managed_external_resources(namespace_info.model_dump(by_alias=True)):
             continue
         if not account_names:
             tf_namespaces.append(namespace_info)
             continue
-        specs = get_external_resource_specs(namespace_info.dict(by_alias=True))
+        specs = get_external_resource_specs(namespace_info.model_dump(by_alias=True))
         if not specs:
             tf_namespaces.append(namespace_info)
             continue
@@ -567,7 +567,7 @@ def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     }
     for ns_info in get_tf_namespaces():
         for spec in get_external_resource_specs(
-            ns_info.dict(by_alias=True), provision_provider=PROVIDER_AWS
+            ns_info.model_dump(by_alias=True), provision_provider=PROVIDER_AWS
         ):
             resource_paths = [
                 spec.resource.get("defaults"),

qontract-reconcile 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev430__py3-none-any.whl

qontract-reconcile 0.10.2.dev361py3-none-any.whl → 0.10.2.dev430py3-none-any.whl