PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev474__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev361py3-none-any.whl → 0.10.2.dev474py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/METADATA +14 -13
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/RECORD +371 -364
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/WHEEL +1 -1
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/aus_sts_gate_handler.py +59 -0
reconcile/aus/base.py +137 -34
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gate_approver.py +1 -16
reconcile/aus/version_gates/sts_version_gate_handler.py +5 -72
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +21 -9
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_account_manager/utils.py +1 -1
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +1 -1
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +30 -23
reconcile/aws_version_sync/integration.py +6 -12
reconcile/change_owners/README.md +1 -1
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +108 -42
reconcile/change_owners/decision.py +1 -1
reconcile/change_owners/diff.py +0 -2
reconcile/checkpoint.py +11 -3
reconcile/cli.py +94 -11
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +123 -117
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +8 -8
reconcile/external_resources/factories.py +4 -6
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -6
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +19 -15
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +6 -10
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +5 -2
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +5 -5
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +5 -5
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +46 -7
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +14 -5
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +27 -66
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +5 -5
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +5 -5
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +5 -5
reconcile/gql_definitions/common/alerting_services_settings.py +5 -5
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +5 -5
reconcile/gql_definitions/common/app_interface_state_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +18 -5
reconcile/gql_definitions/common/aws_vpcs.py +5 -5
reconcile/gql_definitions/common/clusters.py +7 -5
reconcile/gql_definitions/common/clusters_minimal.py +5 -5
reconcile/gql_definitions/common/clusters_with_dms.py +5 -5
reconcile/gql_definitions/common/clusters_with_peering.py +5 -5
reconcile/gql_definitions/common/github_orgs.py +5 -5
reconcile/gql_definitions/common/jira_settings.py +5 -5
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +5 -5
reconcile/gql_definitions/common/namespaces_minimal.py +7 -5
reconcile/gql_definitions/common/ocm_env_telemeter.py +5 -5
reconcile/gql_definitions/common/ocm_environments.py +5 -5
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -5
reconcile/gql_definitions/common/pipeline_providers.py +5 -5
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +5 -5
reconcile/gql_definitions/common/saas_target_namespaces.py +5 -5
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +5 -5
reconcile/gql_definitions/common/state_aws_account.py +5 -5
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +5 -5
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +5 -5
reconcile/gql_definitions/email_sender/users.py +5 -5
reconcile/gql_definitions/endpoints_discovery/apps.py +5 -5
reconcile/gql_definitions/external_resources/aws_accounts.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_modules.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +38 -7
reconcile/gql_definitions/external_resources/external_resources_settings.py +5 -5
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +5 -5
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/aws_organization.py +33 -0
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +12 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +5 -5
reconcile/gql_definitions/gcp/gcp_projects.py +5 -5
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +5 -5
reconcile/gql_definitions/gitlab_members/permissions.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_project.py +5 -5
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +5 -5
reconcile/gql_definitions/integrations/integrations.py +5 -5
reconcile/gql_definitions/introspection.json +775 -136
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +5 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +5 -5
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +9 -5
reconcile/gql_definitions/jumphosts/jumphosts.py +5 -5
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +5 -5
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +5 -5
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +5 -5
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +5 -5
reconcile/gql_definitions/quay_membership/quay_membership.py +5 -5
reconcile/gql_definitions/rhcs/certs.py +25 -79
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +5 -5
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +5 -5
reconcile/gql_definitions/sharding/aws_accounts.py +5 -5
reconcile/gql_definitions/sharding/ocm_organization.py +5 -5
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +5 -5
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +5 -5
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +5 -5
reconcile/gql_definitions/statuspage/statuspages.py +5 -5
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +5 -5
reconcile/gql_definitions/terraform_init/aws_accounts.py +19 -5
reconcile/gql_definitions/terraform_repo/terraform_repo.py +5 -5
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +37 -7
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +15 -5
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +5 -5
reconcile/gql_definitions/vault_instances/vault_instances.py +5 -5
reconcile/gql_definitions/vault_policies/vault_policies.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +8 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +6 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_worker_fleets.py +10 -8
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -57
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +113 -4
reconcile/openshift_cluster_bots.py +1 -1
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +96 -101
reconcile/openshift_resources_base.py +6 -2
reconcile/openshift_rhcs_certs.py +74 -37
reconcile/openshift_rolebindings.py +7 -11
reconcile/openshift_saas_deploy.py +4 -5
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +2 -2
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/prometheus_rules_tester/integration.py +3 -3
reconcile/quay_base.py +25 -6
reconcile/quay_membership.py +55 -29
reconcile/quay_mirror.py +1 -1
reconcile/quay_mirror_org.py +6 -4
reconcile/quay_permissions.py +81 -75
reconcile/quay_repos.py +35 -37
reconcile/queries.py +132 -1
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +16 -5
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +1 -1
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +1 -1
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +2 -2
reconcile/templating/validator.py +4 -4
reconcile/terraform_aws_route53.py +7 -1
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +5 -5
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +6 -6
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +7 -0
reconcile/terraform_vpc_peerings.py +14 -3
reconcile/terraform_vpc_resources/integration.py +20 -8
reconcile/terraform_vpc_resources/merge_request.py +12 -2
reconcile/terraform_vpc_resources/merge_request_manager.py +43 -19
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +20 -15
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/environ.py +5 -0
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +2 -0
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +19 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gql.py +4 -7
reconcile/utils/helpers.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jinja2/utils.py +6 -101
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +26 -13
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +43 -1
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +3 -2
reconcile/utils/oc.py +252 -201
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +17 -20
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/products.py +8 -8
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/openshift_resource.py +8 -3
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/quay_api.py +74 -87
reconcile/utils/raw_github_api.py +1 -1
reconcile/utils/rhcsv2_certs.py +86 -23
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +23 -20
reconcile/utils/saasherder/saasherder.py +50 -27
reconcile/utils/slack_api.py +2 -2
reconcile/utils/sloth.py +171 -2
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +5 -4
reconcile/utils/terrascript_aws_client.py +274 -124
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +5 -12
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +107 -42
reconcile/vpc_peerings_validator.py +13 -0
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/qontract_cli.py +28 -17
tools/template_validation.py +3 -1
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/entry_points.txt +0 -0

reconcile/utils/saasherder/models.py CHANGED Viewed

@@ -7,10 +7,7 @@ from enum import Enum
 from typing import Any, NotRequired, TypedDict
 from github import Github
-from pydantic import (
-    BaseModel,
-    Field,
-)
+from pydantic import BaseModel, Field, model_validator
 from reconcile.gql_definitions.fragments.saas_slo_document import (
     SLODocument,
@@ -207,7 +204,12 @@ TriggerSpecUnion = (
 )
-class Namespace(BaseModel):
+class Namespace(
+    BaseModel,
+    validate_by_name=True,
+    validate_by_alias=True,
+    arbitrary_types_allowed=True,
+):
     name: str
     environment: SaasEnvironment
     app: SaasApp
@@ -217,29 +219,19 @@ class Namespace(BaseModel):
         ..., alias="managedResourceNames"
     )
-    class Config:
-        arbitrary_types_allowed = True
-        allow_population_by_field_name = True
-class PromotionChannelData(BaseModel):
+class PromotionChannelData(BaseModel, validate_by_name=True, validate_by_alias=True):
     q_type: str = Field(..., alias="type")
-    class Config:
-        allow_population_by_field_name = True
-class ParentSaasPromotion(BaseModel):
+class ParentSaasPromotion(BaseModel, validate_by_name=True, validate_by_alias=True):
     q_type: str = Field(..., alias="type")
-    parent_saas: str | None
-    target_config_hash: str | None
-    class Config:
-        allow_population_by_field_name = True
+    parent_saas: str | None = None
+    target_config_hash: str | None = None
 class PromotionData(BaseModel):
-    channel: str | None
+    channel: str | None = None
     data: list[ParentSaasPromotion | PromotionChannelData] | None = None
@@ -264,6 +256,17 @@ class Promotion(BaseModel):
     saas_file_paths: list[str] | None = None
     target_paths: list[str] | None = None
+    @model_validator(mode="before")
+    @classmethod
+    def handle_gql_classes(cls, data: Any) -> Any:
+        if data.get("promotion_data"):
+            data["promotion_data"] = [
+                # convert a GQL class to a dict
+                item.model_dump() if hasattr(item, "model_dump") else item
+                for item in data["promotion_data"]
+            ]
+        return data
 @dataclass
 class ImageAuth:

reconcile/utils/saasherder/saasherder.py CHANGED Viewed

@@ -16,7 +16,7 @@ from collections.abc import (
     Sequence,
 )
 from contextlib import suppress
-from datetime import UTC, datetime, timedelta
+from datetime import datetime, timedelta
 from types import TracebackType
 from typing import Any
@@ -37,6 +37,7 @@ from sretoolbox.utils import (
 from reconcile.github_org import get_default_config
 from reconcile.status import RunningState
 from reconcile.utils import helm
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.github_api import GithubRepositoryApi
 from reconcile.utils.gitlab_api import GitLabApi
 from reconcile.utils.jenkins_api import JenkinsApi, JobBuildState
@@ -91,8 +92,7 @@ from reconcile.utils.state import State
 from reconcile.utils.vcs import VCS
 TARGET_CONFIG_HASH = "target_config_hash"
+TEMPLATE_API_VERSION = "template.openshift.io/v1"
 UNIQUE_SAAS_FILE_ENV_COMBO_LEN = 56
 REQUEST_TIMEOUT = 60
@@ -764,7 +764,8 @@ class SaasHerder:
             case "gitlab":
                 if not self.gitlab:
                     raise Exception("gitlab is not initialized")
-                project = self.gitlab.get_project(url)
+                if not (project := self.gitlab.get_project(url)):
+                    raise Exception(f"Could not find gitlab project for {url}")
                 content = self.gitlab.get_raw_file(
                     project=project,
                     path=path,
@@ -800,7 +801,8 @@ class SaasHerder:
             case "gitlab":
                 if not self.gitlab:
                     raise Exception("gitlab is not initialized")
-                project = self.gitlab.get_project(url)
+                if not (project := self.gitlab.get_project(url)):
+                    raise Exception(f"Could not find gitlab project for {url}")
                 dir_contents = self.gitlab.get_directory_contents(
                     project,
                     ref=commit_sha,
@@ -825,7 +827,8 @@ class SaasHerder:
             case "gitlab":
                 if not self.gitlab:
                     raise Exception("gitlab is not initialized")
-                project = self.gitlab.get_project(url)
+                if not (project := self.gitlab.get_project(url)):
+                    raise Exception(f"Could not find gitlab project for {url}")
                 commits = project.commits.list(ref_name=ref, per_page=1, page=1)
                 return commits[0].id
             case _:
@@ -870,10 +873,23 @@ class SaasHerder:
         """
         if parameter_name in consolidated_parameters:
             return False
-        for template_parameter in template.get("parameters", {}):
-            if template_parameter["name"] == parameter_name:
-                return True
-        return False
+        return any(
+            template_parameter["name"] == parameter_name
+            for template_parameter in template.get("parameters") or []
+        )
+    @staticmethod
+    def _pre_process_template(template: dict[str, Any]) -> dict[str, Any]:
+        """
+        The only supported apiVersion for OpenShift Template is "template.openshift.io/v1".
+        There are examples of templates using "v1", it can't pass validation on 4.19+ oc versions.
+        Args:
+            template (dict): The OpenShift template dictionary.
+        Returns:
+            dict: The OpenShift template dictionary with the correct apiVersion.
+        """
+        return template | {"apiVersion": TEMPLATE_API_VERSION}
     def _process_template(
         self, spec: TargetSpec
@@ -963,7 +979,8 @@ class SaasHerder:
             oc = OCLocal("cluster", None, None, local=True)
             try:
                 resources: Iterable[Mapping[str, Any]] = oc.process(
-                    template, consolidated_parameters
+                    template=self._pre_process_template(template),
+                    parameters=consolidated_parameters,
                 )
             except StatusCodeError as e:
                 logging.error(f"{error_prefix} error processing template: {e!s}")
@@ -1178,13 +1195,13 @@ class SaasHerder:
         images_list = threaded.run(
             self._collect_images, resources, self.available_thread_pool_size
         )
-        images = set(itertools.chain.from_iterable(images_list))
-        self.images.update(images)
-        if not images:
+        images_set = set(itertools.chain.from_iterable(images_list))
+        self.images.update(images_set)
+        if not images_set:
             return False  # no errors
         images = threaded.run(
             self._get_image,
-            images,
+            images_set,
             self.available_thread_pool_size,
             image_patterns=spec.image_patterns,
             image_auth=spec.image_auth,
@@ -1249,7 +1266,9 @@ class SaasHerder:
             self.saas_files,
             self.thread_pool_size,
         )
-        desired_state_specs = list(itertools.chain.from_iterable(results))
+        desired_state_specs: list[TargetSpec] = list(
+            itertools.chain.from_iterable(results)
+        )
         promotions = threaded.run(
             self.populate_desired_state_saas_file,
             desired_state_specs,
@@ -1897,21 +1916,23 @@ class SaasHerder:
             name=target.name,
             ref=target.ref,
             promotion=(
-                target.promotion.dict(by_alias=True) if target.promotion else None
+                target.promotion.model_dump(by_alias=True) if target.promotion else None
             ),
             secretParameters=(
-                [p.dict(by_alias=True) for p in target.secret_parameters]
+                [p.model_dump(by_alias=True) for p in target.secret_parameters]
                 if target.secret_parameters
                 else None
             ),
             slos=(
-                [slo.dict(by_alias=True) for slo in target.slos]
+                [slo.model_dump(by_alias=True) for slo in target.slos]
                 if target.slos
                 else None
             ),
-            upstream=(target.upstream.dict(by_alias=True) if target.upstream else None),
+            upstream=(
+                target.upstream.model_dump(by_alias=True) if target.upstream else None
+            ),
             images=(
-                [i.dict(by_alias=True) for i in target.images]
+                [i.model_dump(by_alias=True) for i in target.images]
                 if target.images
                 else None
             ),
@@ -1947,16 +1968,16 @@ class SaasHerder:
         )
         if saas_file.managed_resource_names:
             state_content["saas_file_managed_resource_names"] = [
-                m.dict() for m in saas_file.managed_resource_names
+                m.model_dump() for m in saas_file.managed_resource_names
             ]
         # include secret parameters from resource template and saas file
         if resource_template.secret_parameters:
             state_content["rt_secretparameters"] = [
-                p.dict() for p in resource_template.secret_parameters
+                p.model_dump() for p in resource_template.secret_parameters
             ]
         if saas_file.secret_parameters:
             state_content["saas_file_secretparameters"] = [
-                p.dict() for p in saas_file.secret_parameters
+                p.model_dump() for p in saas_file.secret_parameters
             ]
         return state_content
@@ -2025,7 +2046,7 @@ class SaasHerder:
         if promotion.commit_sha in self.hotfix_versions.get(promotion.url, set()):
             return True
-        now = datetime.now(UTC)
+        now = utc_now()
         passed_soak_days = timedelta(days=0)
         for channel in promotion.subscribe:
@@ -2127,7 +2148,7 @@ class SaasHerder:
         if not (self.state and self._promotion_state):
             raise Exception("state is not initialized")
-        now = datetime.now(UTC)
+        now = utc_now()
         for promotion in self.promotions:
             if promotion is None:
                 continue
@@ -2239,7 +2260,9 @@ class SaasHerder:
             for rt in saas_file.resource_templates:
                 for target in rt.targets:
                     template_vars = {
-                        "resource": {"namespace": target.namespace.dict(by_alias=True)}
+                        "resource": {
+                            "namespace": target.namespace.model_dump(by_alias=True)
+                        }
                     }
                     if target.parameters:
                         for param in target.parameters:

reconcile/utils/slack_api.py CHANGED Viewed

@@ -71,14 +71,14 @@ class HasClientGlobalConfig(Protocol):
     max_retries: int | None
     timeout: int | None
-    def dict(self) -> dict[str, int | None]: ...
+    def model_dump(self) -> dict[str, int | None]: ...
 class HasClientMethodConfig(Protocol):
     name: str
     args: Any
-    def dict(self) -> dict[str, str]: ...
+    def model_dump(self) -> dict[str, str]: ...
 class HasClientConfig(Protocol):

reconcile/utils/sloth.py CHANGED Viewed

@@ -1,5 +1,9 @@
+import subprocess
+import tempfile
 from io import StringIO
-from typing import NotRequired, TypedDict
+from typing import Any, NotRequired, TypedDict
+import yaml
 from reconcile.utils.ruamel import create_ruamel_instance
@@ -21,6 +25,44 @@ class PrometheusRuleSpec(TypedDict):
     groups: list[PrometheusRuleGroup]
+class SLOParametersDict(TypedDict):
+    window: str
+class SLO(TypedDict):
+    name: str
+    SLIType: str
+    SLISpecification: str
+    SLOTarget: float
+    SLOTargetUnit: str
+    SLOParameters: SLOParametersDict
+    SLODetails: str
+    dashboard: str
+    expr: str
+    SLIErrorQuery: NotRequired[str]
+    SLITotalQuery: NotRequired[str]
+class App(TypedDict):
+    name: str
+class SLODocument(TypedDict):
+    name: str
+    app: App
+    slos: NotRequired[list[SLO]]
+class SlothGenerateError(Exception):
+    def __init__(self, msg: Any):
+        super().__init__("sloth generate failed: " + str(msg))
+class SlothInputError(Exception):
+    def __init__(self, msg: Any):
+        super().__init__("sloth input validation failed: " + str(msg))
 def process_sloth_output(output_file_path: str) -> str:
     ruamel_instance = create_ruamel_instance()
     with open(output_file_path, encoding="utf-8") as f:
@@ -49,7 +91,134 @@ def process_sloth_output(output_file_path: str) -> str:
                 rule["annotations"] = annotations
             else:
                 rule.pop("annotations", None)
     with StringIO() as s:
         ruamel_instance.dump(data, s)
         return s.getvalue()
+def run_sloth(spec: dict[str, Any]) -> str:
+    with (
+        tempfile.NamedTemporaryFile(
+            encoding="utf-8", mode="w", suffix=".yml"
+        ) as input_file,
+        tempfile.NamedTemporaryFile(
+            encoding="utf-8", mode="w", suffix=".yml"
+        ) as output_file,
+    ):
+        yaml.dump(spec, input_file, allow_unicode=True)
+        cmd = ["sloth", "generate", "-i", input_file.name, "-o", output_file.name]
+        try:
+            subprocess.run(cmd, capture_output=True, check=True, text=True)
+        except subprocess.CalledProcessError as e:
+            error_msg = f"{e}"
+            if e.stdout:
+                error_msg += f"\nstdout: {e.stdout}"
+            if e.stderr:
+                error_msg += f"\nstderr: {e.stderr}"
+            raise SlothGenerateError(error_msg) from e
+        return process_sloth_output(output_file.name)
+def get_slo_target(slo: SLO) -> float:
+    """
+    Ensure SLO target unit aligns with format expected by sloth for 'Objective' attribute
+    https://pkg.go.dev/github.com/slok/sloth/pkg/prometheus/api/v1#section-readme
+    """
+    val = float(slo["SLOTarget"])
+    return val * (100.0 if slo.get("SLOTargetUnit") == "percent_0_1" else 1.0)
+def generate_sloth_rules(
+    slo_document: SLODocument,
+    version: str = "prometheus/v1",
+) -> str:
+    """Generate Prometheus rules for an slo_document_v1 using sloth
+    Args:
+        slo_document query:
+            {
+                slo_docs: slo_document_v1(filter: {name: "foo"}) {
+                    name
+                    app {
+                        name
+                    }
+                    slos {
+                        name
+                        SLIType
+                        SLOTargetUnit
+                        SLOParameters {
+                            window
+                        }
+                        expr
+                        SLOTarget
+                        SLIErrorQuery
+                        SLITotalQuery
+                        SLODetails
+                        dashboard
+                    }
+                }
+            }
+        version: Spec version (default: "prometheus/v1")
+    Returns:
+        Generated Prometheus rules as YAML string
+    """
+    if not slo_document.get("slos"):
+        raise SlothInputError("SLO document has no SLOs defined")
+    service = slo_document["app"]["name"]
+    # only process SLOs that have both error and total queries defined
+    slo_input = [
+        {
+            "name": slo["name"],
+            "objective": get_slo_target(slo),
+            "description": f"{slo['name']} SLO for {service}",
+            "sli": {
+                "events": {
+                    "error_query": slo["SLIErrorQuery"].replace(
+                        "{{window}}", "{{.window}}"
+                    ),
+                    "total_query": slo["SLITotalQuery"].replace(
+                        "{{window}}", "{{.window}}"
+                    ),
+                }
+            },
+            "alerting": {
+                "name": f"{service.title()}{slo['name'].title()}",
+                "annotations": {
+                    "summary": f"High error rate on {service} {slo['name']}",
+                    "message": f"High error rate on {service} {slo['name']}",
+                    "runbook": slo["SLODetails"],
+                    "dashboard": slo["dashboard"],
+                },
+                "page_alert": {
+                    "labels": {
+                        "severity": "critical",
+                        "service": service,
+                        "slo": slo["name"],
+                    }
+                },
+                "ticket_alert": {
+                    "labels": {
+                        "severity": "high",
+                        "service": service,
+                        "slo": slo["name"],
+                    }
+                },
+            },
+        }
+        for slo in slo_document["slos"]
+        if slo.get("SLIErrorQuery") and slo.get("SLITotalQuery")
+    ]
+    if not slo_input:
+        raise SlothInputError(
+            "No SLOs found with both SLIErrorQuery and SLITotalQuery defined"
+        )
+    spec = {
+        "version": version,
+        "service": service,
+        "slos": slo_input,
+    }
+    return run_sloth(spec)

reconcile/utils/structs.py CHANGED Viewed

@@ -1,4 +1,4 @@
-from pydantic.dataclasses import dataclass
+from dataclasses import dataclass
 @dataclass

reconcile/utils/terraform_client.py CHANGED Viewed

@@ -36,6 +36,7 @@ from reconcile.typed_queries.app_interface_custom_messages import (
 )
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.aws_helper import get_region_from_availability_zone
+from reconcile.utils.datetime_util import ensure_utc, utc_now
 from reconcile.utils.external_resource_spec import (
     ExternalResourceSpec,
     ExternalResourceSpecInventory,
@@ -222,7 +223,7 @@ class TerraformClient:
         if disable_deletions_detected:
             raise RuntimeError("Terraform plan has disabled deletions detected")
-    @retry(no_retry_exceptions=RdsUpgradeValidationError)
+    @retry(no_retry_exceptions=(RdsUpgradeValidationError,))
     def terraform_plan(
         self, spec: TerraformSpec, enable_deletion: bool
     ) -> tuple[bool, list[AccountUser], bool]:
@@ -419,11 +420,11 @@ class TerraformClient:
         deletion_approvals = account.get("deletionApprovals")
         if not deletion_approvals:
             return False
-        now = datetime.utcnow()
+        now = utc_now()
         for da in deletion_approvals:
             try:
-                expiration = datetime.strptime(
-                    da["expiration"], DATE_FORMAT
+                expiration = ensure_utc(
+                    datetime.strptime(da["expiration"], DATE_FORMAT)  # noqa: DTZ007
                 ) + timedelta(days=1)
             except ValueError:
                 raise DeletionApprovalExpirationValueError(

qontract-reconcile 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev474__py3-none-any.whl

qontract-reconcile 0.10.2.dev361py3-none-any.whl → 0.10.2.dev474py3-none-any.whl