qontract-reconcile 0.10.2.dev503__py3-none-any.whl → 0.10.2.dev504__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev504.dist-info}/METADATA +1 -1
  2. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev504.dist-info}/RECORD +10 -10
  3. reconcile/gql_definitions/common/saasherder_settings.py +10 -0
  4. reconcile/gql_definitions/introspection.json +0 -220
  5. reconcile/openshift_saas_deploy.py +8 -0
  6. reconcile/utils/saasherder/interfaces.py +1 -0
  7. reconcile/utils/saasherder/models.py +8 -0
  8. reconcile/utils/saasherder/saasherder.py +79 -1
  9. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev504.dist-info}/WHEEL +0 -0
  10. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev504.dist-info}/entry_points.txt +0 -0
{qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev504.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: qontract-reconcile
3
- Version: 0.10.2.dev503
3
+ Version: 0.10.2.dev504
4
4
  Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
5
5
  Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
6
6
  Project-URL: repository, https://github.com/app-sre/qontract-reconcile
{qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev504.dist-info}/RECORD RENAMED
@@ -67,7 +67,7 @@ reconcile/openshift_resources.py,sha256=YnhDxCvsp0muxEmULiqWhoar9EzxohTrnbY-U7oS
67
67
  reconcile/openshift_resources_base.py,sha256=wOdQMLqaiQleQTsC8MH9nwpBKFffLcOuZthpOcc1heE,43096
68
68
  reconcile/openshift_rhcs_certs.py,sha256=UjBFX344n4eFXZmoEUCVeGECBowWTpbjNyPGrEzAmkA,11544
69
69
  reconcile/openshift_routes.py,sha256=xnA34f32xDdkfV2MXIC1QURFJioQUsXT8AZBiY7iSP0,1298
70
- reconcile/openshift_saas_deploy.py,sha256=YQRIjnb-V6x1a0fUv2w3hqjMj5tyqRirzkG8DzknYdc,13159
70
+ reconcile/openshift_saas_deploy.py,sha256=dvCE8wlzA6YtPCZK1QL6Phipqmp5F3eFAiIHf-O_oWk,13539
71
71
  reconcile/openshift_saas_deploy_change_tester.py,sha256=6wU7rFCaTRU1Wj8Izi6ExLvQstwqDbr9n9YfyPcb6zQ,8854
72
72
  reconcile/openshift_saas_deploy_trigger_base.py,sha256=MDu_T7Cx27pmNPkGNFfETht9CaYeBzfe0lmnOAmZir0,14549
73
73
  reconcile/openshift_saas_deploy_trigger_cleaner.py,sha256=Oq98AUJVOzgCP0YWirvqQUj1jkRNIh2-dsfOybgl8hM,3628
@@ -214,7 +214,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=prje61EOuLEIZLLxlJS_YN0
214
214
  reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
215
215
  reconcile/glitchtip_project_dsn/integration.py,sha256=3GgcqUM6hWhLpo9Yx5Xr9vrdexF-WNevVCNL9bJ0Upc,8162
216
216
  reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
217
- reconcile/gql_definitions/introspection.json,sha256=sXS1YYgHWrRaY4aWcH4Jpb2jsW4Kn3_bmi5ig1PKZys,2439948
217
+ reconcile/gql_definitions/introspection.json,sha256=VKsol53KtMvbwD5zygxDOA35cydC9lbRY0el5mB1n6o,2430800
218
218
  reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
219
219
  reconcile/gql_definitions/acs/acs_instances.py,sha256=VySMcnWddg-jXj-bj_ddLIwLX3u1GSFUm02H8rJDBYU,2167
220
220
  reconcile/gql_definitions/acs/acs_policies.py,sha256=jEV1U8j4VYL9ih17JSK1tiz2s_1CegVECmXU-NVEQvA,4333
@@ -284,7 +284,7 @@ reconcile/gql_definitions/common/reserved_networks.py,sha256=jRamFrlDZyOe_y8MdKc
284
284
  reconcile/gql_definitions/common/rhcs_provider_settings.py,sha256=QEX3QCS22zCqQgSc47rKoN8gvt88-mSY1pyTgBqM4_8,2052
285
285
  reconcile/gql_definitions/common/saas_files.py,sha256=QOKcKVpSSOYqIa8r8ZRzGuFdSMdS4BX49Y27CJJuIS8,17626
286
286
  reconcile/gql_definitions/common/saas_target_namespaces.py,sha256=t2hriEycz2gK8JI4p_lMJXIkc2y7ykkriYBHMrVpgoM,2821
287
- reconcile/gql_definitions/common/saasherder_settings.py,sha256=P7z-eFGi1oNDv8OC2Apz_N6xSaDLukMFHMXySMLU1dk,1788
287
+ reconcile/gql_definitions/common/saasherder_settings.py,sha256=40J5owJV6uG0FprCG1XmPFAMXypIfBgM-vQk3Dh-QFc,2191
288
288
  reconcile/gql_definitions/common/slack_workspaces.py,sha256=-G_hUIYWeAOqPJ_QctY69P7k8c2z6Rb-NRBM5m_kr1c,1748
289
289
  reconcile/gql_definitions/common/smtp_client_settings.py,sha256=M7yAoK7dJDPv-nmv9JEualwhcRXxdhbHk32-y2V0gVQ,2224
290
290
  reconcile/gql_definitions/common/state_aws_account.py,sha256=nworxRE4w2L80eIwTStvmH9vj1ZprLTewnwwZVVXvx4,2191
@@ -769,9 +769,9 @@ reconcile/utils/runtime/meta.py,sha256=M_EOxrb0KhQA4TwpHekbog2jOZqaBPVTIijXyRuMj
769
769
  reconcile/utils/runtime/runner.py,sha256=p7xCT1IDlDz6wKYMDMPOTEdztM4hbcxo0fw9gQf4q-A,9028
770
770
  reconcile/utils/runtime/sharding.py,sha256=r0ieUtNed7NvknSw6qQrCkKpVXE1shuHGnfFcnpA_k4,16142
771
771
  reconcile/utils/saasherder/__init__.py,sha256=3U8plqMAPRE1kjwZ5YnIsYsggTf4_gS7flRUEuXVBAs,343
772
- reconcile/utils/saasherder/interfaces.py,sha256=T-V6EQhzpKj0OAgnGAuAOWtKPa35UtMDuXcgnQs8Vd8,9413
773
- reconcile/utils/saasherder/models.py,sha256=P7ZUvrJux72BDo72WrAg7niY9leah3im6GiXxUwQqTU,12824
774
- reconcile/utils/saasherder/saasherder.py,sha256=L-wUiRbFaW0clndmFNhTBYHNqJAMxNU32ywyNNr6RV4,93750
772
+ reconcile/utils/saasherder/interfaces.py,sha256=9zEb02A1hnjyc7L5A7uzgYXifEaDWJ6AEPqeTo0qhNg,9447
773
+ reconcile/utils/saasherder/models.py,sha256=QHxc-F1CekKG7x8KkDYpzyCyvd_nQHc5QfmRhVEwYE8,13036
774
+ reconcile/utils/saasherder/saasherder.py,sha256=-zbE4Zt5K-ig6cQDDJe7P_PkSroon_Q6IOGDyYm8b9o,96542
775
775
  reconcile/utils/terraform/__init__.py,sha256=zNbiyTWo35AT1sFTElL2j_AA0jJ_yWE_bfFn-nD2xik,250
776
776
  reconcile/utils/terraform/config.py,sha256=5UVrd563TMcvi4ooa5JvWVDW1I3bIWg484u79evfV_8,164
777
777
  reconcile/utils/terraform/config_client.py,sha256=gRL1rQ0AqvShei_rcGqC3HDYGskOFKE1nPrJyJE9yno,4676
@@ -817,7 +817,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
817
817
  tools/saas_promotion_state/saas_promotion_state.py,sha256=uQv2QJAmUXP1g2GPIH30WTlvL9soY6m9lefpZEVDM5w,3965
818
818
  tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
819
819
  tools/sre_checkpoints/util.py,sha256=KcYVfa3UmJHVP_ocgrKe8NkrO5IDB9aWEDydSokPcRk,975
820
- qontract_reconcile-0.10.2.dev503.dist-info/METADATA,sha256=GSwtdDnURcFNLWxU66ilIf4YLbklZcwI31GeMk-B_Jk,24958
821
- qontract_reconcile-0.10.2.dev503.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
822
- qontract_reconcile-0.10.2.dev503.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
823
- qontract_reconcile-0.10.2.dev503.dist-info/RECORD,,
820
+ qontract_reconcile-0.10.2.dev504.dist-info/METADATA,sha256=u1D6L0x1bQlbczcO7NirnJCDRnask9Rj_SjQuHsUgdo,24958
821
+ qontract_reconcile-0.10.2.dev504.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
822
+ qontract_reconcile-0.10.2.dev504.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
823
+ qontract_reconcile-0.10.2.dev504.dist-info/RECORD,,
reconcile/gql_definitions/common/saasherder_settings.py CHANGED
@@ -23,6 +23,10 @@ query SaasherderSettings {
23
23
  settings: app_interface_settings_v1 {
24
24
  repoUrl
25
25
  hashLength
26
+ imagePatternsBlockRules {
27
+ environmentLabelSelector
28
+ imagePatterns
29
+ }
26
30
  }
27
31
  }
28
32
  """
@@ -34,9 +38,15 @@ class ConfiguredBaseModel(BaseModel):
34
38
  )
35
39
 
36
40
 
41
+ class ImagePatternsBlockV1(ConfiguredBaseModel):
42
+ environment_label_selector: Json = Field(..., alias="environmentLabelSelector")
43
+ image_patterns: list[str] = Field(..., alias="imagePatterns")
44
+
45
+
37
46
  class AppInterfaceSettingsV1(ConfiguredBaseModel):
38
47
  repo_url: str = Field(..., alias="repoUrl")
39
48
  hash_length: int = Field(..., alias="hashLength")
49
+ image_patterns_block_rules: Optional[list[ImagePatternsBlockV1]] = Field(..., alias="imagePatternsBlockRules")
40
50
 
41
51
 
42
52
  class SaasherderSettingsQueryData(ConfiguredBaseModel):
reconcile/gql_definitions/introspection.json CHANGED
@@ -4567,21 +4567,11 @@
4567
4567
  "name": "QuayInstance_v1",
4568
4568
  "ofType": null
4569
4569
  },
4570
- {
4571
- "kind": "OBJECT",
4572
- "name": "PermissionQuayOrgTeam_v1",
4573
- "ofType": null
4574
- },
4575
4570
  {
4576
4571
  "kind": "OBJECT",
4577
4572
  "name": "AppEscalationPolicy_v1",
4578
4573
  "ofType": null
4579
4574
  },
4580
- {
4581
- "kind": "OBJECT",
4582
- "name": "PermissionSlackUsergroup_v1",
4583
- "ofType": null
4584
- },
4585
4575
  {
4586
4576
  "kind": "OBJECT",
4587
4577
  "name": "SlackWorkspace_v1",
@@ -4697,11 +4687,6 @@
4697
4687
  "name": "AutomatedActionsInstance_v1",
4698
4688
  "ofType": null
4699
4689
  },
4700
- {
4701
- "kind": "OBJECT",
4702
- "name": "PermissionAutomatedActions_v1",
4703
- "ofType": null
4704
- },
4705
4690
  {
4706
4691
  "kind": "OBJECT",
4707
4692
  "name": "AWSVPC_v1",
@@ -4732,11 +4717,6 @@
4732
4717
  "name": "VaultAuth_v1",
4733
4718
  "ofType": null
4734
4719
  },
4735
- {
4736
- "kind": "OBJECT",
4737
- "name": "PermissionGithubOrgTeam_v1",
4738
- "ofType": null
4739
- },
4740
4720
  {
4741
4721
  "kind": "OBJECT",
4742
4722
  "name": "VaultPolicy_v1",
@@ -4792,11 +4772,6 @@
4792
4772
  "name": "UnleashProject_v1",
4793
4773
  "ofType": null
4794
4774
  },
4795
- {
4796
- "kind": "OBJECT",
4797
- "name": "FeatureToggleUnleash_v1",
4798
- "ofType": null
4799
- },
4800
4775
  {
4801
4776
  "kind": "OBJECT",
4802
4777
  "name": "ResourceTemplateTest_v1",
@@ -4882,95 +4857,10 @@
4882
4857
  "name": "SaasResourceTemplateTargetReference_v2",
4883
4858
  "ofType": null
4884
4859
  },
4885
- {
4886
- "kind": "OBJECT",
4887
- "name": "PipelinesProviderTekton_v1",
4888
- "ofType": null
4889
- },
4890
4860
  {
4891
4861
  "kind": "OBJECT",
4892
4862
  "name": "PipelinesProviderTektonProviderDefaults_v1",
4893
4863
  "ofType": null
4894
- },
4895
- {
4896
- "kind": "OBJECT",
4897
- "name": "OidcPermissionVault_v1",
4898
- "ofType": null
4899
- },
4900
- {
4901
- "kind": "OBJECT",
4902
- "name": "OidcPermissionAcs_v1",
4903
- "ofType": null
4904
- },
4905
- {
4906
- "kind": "OBJECT",
4907
- "name": "PermissionGithubOrg_v1",
4908
- "ofType": null
4909
- },
4910
- {
4911
- "kind": "OBJECT",
4912
- "name": "PermissionJenkinsRole_v1",
4913
- "ofType": null
4914
- },
4915
- {
4916
- "kind": "OBJECT",
4917
- "name": "PermissionGitlabGroupMembership_v1",
4918
- "ofType": null
4919
- },
4920
- {
4921
- "kind": "OBJECT",
4922
- "name": "EndpointMonitoringProviderBlackboxExporter_v1",
4923
- "ofType": null
4924
- },
4925
- {
4926
- "kind": "OBJECT",
4927
- "name": "EndpointMonitoringProviderSignalFx_v1",
4928
- "ofType": null
4929
- },
4930
- {
4931
- "kind": "OBJECT",
4932
- "name": "AutomatedActionActionList_v1",
4933
- "ofType": null
4934
- },
4935
- {
4936
- "kind": "OBJECT",
4937
- "name": "AutomatedActionCreateToken_v1",
4938
- "ofType": null
4939
- },
4940
- {
4941
- "kind": "OBJECT",
4942
- "name": "AutomatedActionExternalResourceFlushElastiCache_v1",
4943
- "ofType": null
4944
- },
4945
- {
4946
- "kind": "OBJECT",
4947
- "name": "AutomatedActionExternalResourceRdsReboot_v1",
4948
- "ofType": null
4949
- },
4950
- {
4951
- "kind": "OBJECT",
4952
- "name": "AutomatedActionExternalResourceRdsSnapshot_v1",
4953
- "ofType": null
4954
- },
4955
- {
4956
- "kind": "OBJECT",
4957
- "name": "AutomatedActionNoOp_v1",
4958
- "ofType": null
4959
- },
4960
- {
4961
- "kind": "OBJECT",
4962
- "name": "AutomatedActionOpenshiftTriggerCronjob_v1",
4963
- "ofType": null
4964
- },
4965
- {
4966
- "kind": "OBJECT",
4967
- "name": "AutomatedActionOpenshiftWorkloadDelete_v1",
4968
- "ofType": null
4969
- },
4970
- {
4971
- "kind": "OBJECT",
4972
- "name": "AutomatedActionOpenshiftWorkloadRestart_v1",
4973
- "ofType": null
4974
4864
  }
4975
4865
  ]
4976
4866
  },
@@ -18583,11 +18473,6 @@
18583
18473
  "kind": "INTERFACE",
18584
18474
  "name": "Permission_v1",
18585
18475
  "ofType": null
18586
- },
18587
- {
18588
- "kind": "INTERFACE",
18589
- "name": "DatafileObject_v1",
18590
- "ofType": null
18591
18476
  }
18592
18477
  ],
18593
18478
  "enumValues": null,
@@ -19184,11 +19069,6 @@
19184
19069
  "kind": "INTERFACE",
19185
19070
  "name": "Permission_v1",
19186
19071
  "ofType": null
19187
- },
19188
- {
19189
- "kind": "INTERFACE",
19190
- "name": "DatafileObject_v1",
19191
- "ofType": null
19192
19072
  }
19193
19073
  ],
19194
19074
  "enumValues": null,
@@ -27985,11 +27865,6 @@
27985
27865
  "kind": "INTERFACE",
27986
27866
  "name": "Permission_v1",
27987
27867
  "ofType": null
27988
- },
27989
- {
27990
- "kind": "INTERFACE",
27991
- "name": "DatafileObject_v1",
27992
- "ofType": null
27993
27868
  }
27994
27869
  ],
27995
27870
  "enumValues": null,
@@ -29551,11 +29426,6 @@
29551
29426
  "kind": "INTERFACE",
29552
29427
  "name": "Permission_v1",
29553
29428
  "ofType": null
29554
- },
29555
- {
29556
- "kind": "INTERFACE",
29557
- "name": "DatafileObject_v1",
29558
- "ofType": null
29559
29429
  }
29560
29430
  ],
29561
29431
  "enumValues": null,
@@ -32224,11 +32094,6 @@
32224
32094
  "kind": "INTERFACE",
32225
32095
  "name": "FeatureToggle_v1",
32226
32096
  "ofType": null
32227
- },
32228
- {
32229
- "kind": "INTERFACE",
32230
- "name": "DatafileObject_v1",
32231
- "ofType": null
32232
32097
  }
32233
32098
  ],
32234
32099
  "enumValues": null,
@@ -51163,11 +51028,6 @@
51163
51028
  "kind": "INTERFACE",
51164
51029
  "name": "PipelinesProvider_v1",
51165
51030
  "ofType": null
51166
- },
51167
- {
51168
- "kind": "INTERFACE",
51169
- "name": "DatafileObject_v1",
51170
- "ofType": null
51171
51031
  }
51172
51032
  ],
51173
51033
  "enumValues": null,
@@ -51903,11 +51763,6 @@
51903
51763
  "kind": "INTERFACE",
51904
51764
  "name": "OidcPermission_v1",
51905
51765
  "ofType": null
51906
- },
51907
- {
51908
- "kind": "INTERFACE",
51909
- "name": "DatafileObject_v1",
51910
- "ofType": null
51911
51766
  }
51912
51767
  ],
51913
51768
  "enumValues": null,
@@ -52073,11 +51928,6 @@
52073
51928
  "kind": "INTERFACE",
52074
51929
  "name": "OidcPermission_v1",
52075
51930
  "ofType": null
52076
- },
52077
- {
52078
- "kind": "INTERFACE",
52079
- "name": "DatafileObject_v1",
52080
- "ofType": null
52081
51931
  }
52082
51932
  ],
52083
51933
  "enumValues": null,
@@ -52215,11 +52065,6 @@
52215
52065
  "kind": "INTERFACE",
52216
52066
  "name": "Permission_v1",
52217
52067
  "ofType": null
52218
- },
52219
- {
52220
- "kind": "INTERFACE",
52221
- "name": "DatafileObject_v1",
52222
- "ofType": null
52223
52068
  }
52224
52069
  ],
52225
52070
  "enumValues": null,
@@ -52377,11 +52222,6 @@
52377
52222
  "kind": "INTERFACE",
52378
52223
  "name": "Permission_v1",
52379
52224
  "ofType": null
52380
- },
52381
- {
52382
- "kind": "INTERFACE",
52383
- "name": "DatafileObject_v1",
52384
- "ofType": null
52385
52225
  }
52386
52226
  ],
52387
52227
  "enumValues": null,
@@ -52563,11 +52403,6 @@
52563
52403
  "kind": "INTERFACE",
52564
52404
  "name": "Permission_v1",
52565
52405
  "ofType": null
52566
- },
52567
- {
52568
- "kind": "INTERFACE",
52569
- "name": "DatafileObject_v1",
52570
- "ofType": null
52571
52406
  }
52572
52407
  ],
52573
52408
  "enumValues": null,
@@ -53651,11 +53486,6 @@
53651
53486
  "kind": "INTERFACE",
53652
53487
  "name": "EndpointMonitoringProvider_v1",
53653
53488
  "ofType": null
53654
- },
53655
- {
53656
- "kind": "INTERFACE",
53657
- "name": "DatafileObject_v1",
53658
- "ofType": null
53659
53489
  }
53660
53490
  ],
53661
53491
  "enumValues": null,
@@ -53876,11 +53706,6 @@
53876
53706
  "kind": "INTERFACE",
53877
53707
  "name": "EndpointMonitoringProvider_v1",
53878
53708
  "ofType": null
53879
- },
53880
- {
53881
- "kind": "INTERFACE",
53882
- "name": "DatafileObject_v1",
53883
- "ofType": null
53884
53709
  }
53885
53710
  ],
53886
53711
  "enumValues": null,
@@ -54769,11 +54594,6 @@
54769
54594
  "kind": "INTERFACE",
54770
54595
  "name": "AutomatedAction_v1",
54771
54596
  "ofType": null
54772
- },
54773
- {
54774
- "kind": "INTERFACE",
54775
- "name": "DatafileObject_v1",
54776
- "ofType": null
54777
54597
  }
54778
54598
  ],
54779
54599
  "enumValues": null,
@@ -54946,11 +54766,6 @@
54946
54766
  "kind": "INTERFACE",
54947
54767
  "name": "AutomatedAction_v1",
54948
54768
  "ofType": null
54949
- },
54950
- {
54951
- "kind": "INTERFACE",
54952
- "name": "DatafileObject_v1",
54953
- "ofType": null
54954
54769
  }
54955
54770
  ],
54956
54771
  "enumValues": null,
@@ -55112,11 +54927,6 @@
55112
54927
  "kind": "INTERFACE",
55113
54928
  "name": "AutomatedAction_v1",
55114
54929
  "ofType": null
55115
- },
55116
- {
55117
- "kind": "INTERFACE",
55118
- "name": "DatafileObject_v1",
55119
- "ofType": null
55120
54930
  }
55121
54931
  ],
55122
54932
  "enumValues": null,
@@ -55321,11 +55131,6 @@
55321
55131
  "kind": "INTERFACE",
55322
55132
  "name": "AutomatedAction_v1",
55323
55133
  "ofType": null
55324
- },
55325
- {
55326
- "kind": "INTERFACE",
55327
- "name": "DatafileObject_v1",
55328
- "ofType": null
55329
55134
  }
55330
55135
  ],
55331
55136
  "enumValues": null,
@@ -55487,11 +55292,6 @@
55487
55292
  "kind": "INTERFACE",
55488
55293
  "name": "AutomatedAction_v1",
55489
55294
  "ofType": null
55490
- },
55491
- {
55492
- "kind": "INTERFACE",
55493
- "name": "DatafileObject_v1",
55494
- "ofType": null
55495
55295
  }
55496
55296
  ],
55497
55297
  "enumValues": null,
@@ -55629,11 +55429,6 @@
55629
55429
  "kind": "INTERFACE",
55630
55430
  "name": "AutomatedAction_v1",
55631
55431
  "ofType": null
55632
- },
55633
- {
55634
- "kind": "INTERFACE",
55635
- "name": "DatafileObject_v1",
55636
- "ofType": null
55637
55432
  }
55638
55433
  ],
55639
55434
  "enumValues": null,
@@ -55795,11 +55590,6 @@
55795
55590
  "kind": "INTERFACE",
55796
55591
  "name": "AutomatedAction_v1",
55797
55592
  "ofType": null
55798
- },
55799
- {
55800
- "kind": "INTERFACE",
55801
- "name": "DatafileObject_v1",
55802
- "ofType": null
55803
55593
  }
55804
55594
  ],
55805
55595
  "enumValues": null,
@@ -56004,11 +55794,6 @@
56004
55794
  "kind": "INTERFACE",
56005
55795
  "name": "AutomatedAction_v1",
56006
55796
  "ofType": null
56007
- },
56008
- {
56009
- "kind": "INTERFACE",
56010
- "name": "DatafileObject_v1",
56011
- "ofType": null
56012
55797
  }
56013
55798
  ],
56014
55799
  "enumValues": null,
@@ -56241,11 +56026,6 @@
56241
56026
  "kind": "INTERFACE",
56242
56027
  "name": "AutomatedAction_v1",
56243
56028
  "ofType": null
56244
- },
56245
- {
56246
- "kind": "INTERFACE",
56247
- "name": "DatafileObject_v1",
56248
- "ofType": null
56249
56029
  }
56250
56030
  ],
56251
56031
  "enumValues": null,
reconcile/openshift_saas_deploy.py CHANGED
@@ -30,6 +30,7 @@ from reconcile.utils.gitlab_api import GitLabApi
30
30
  from reconcile.utils.json import json_dumps
31
31
  from reconcile.utils.openshift_resource import ResourceInventory
32
32
  from reconcile.utils.saasherder import SaasHerder
33
+ from reconcile.utils.saasherder.models import ImagePatternsBlockRule
33
34
  from reconcile.utils.secret_reader import create_secret_reader
34
35
  from reconcile.utils.semver_helper import make_semver
35
36
  from reconcile.utils.slack_api import SlackApi
@@ -211,6 +212,13 @@ def run(
211
212
  jenkins_map=jenkins_map,
212
213
  state=init_state(integration=QONTRACT_INTEGRATION, secret_reader=secret_reader),
213
214
  all_saas_files=saas_file_list.saas_files,
215
+ image_patterns_block_rules=[
216
+ ImagePatternsBlockRule(
217
+ environment_label_selector=rule.environment_label_selector or {},
218
+ image_patterns=rule.image_patterns,
219
+ )
220
+ for rule in (saasherder_settings.image_patterns_block_rules or [])
221
+ ],
214
222
  )
215
223
  if defer:
216
224
  defer(saasherder.cleanup)
reconcile/utils/saasherder/interfaces.py CHANGED
@@ -194,6 +194,7 @@ class SaasEnvironment_SaasSecretParameters(Protocol):
194
194
  @runtime_checkable
195
195
  class SaasEnvironment(HasParameters, HasSecretParameters, Protocol):
196
196
  name: str
197
+ labels: dict[str, str] | None
197
198
 
198
199
 
199
200
  class SaasResourceTemplateTargetNamespace(Protocol):
reconcile/utils/saasherder/models.py CHANGED
@@ -290,6 +290,14 @@ class ImageAuth:
290
290
  }
291
291
 
292
292
 
293
+ @dataclass(frozen=True)
294
+ class ImagePatternsBlockRule:
295
+ """Block rule for image patterns based on environment label selectors."""
296
+
297
+ environment_label_selector: dict[str, str]
298
+ image_patterns: list[str]
299
+
300
+
293
301
  @dataclass
294
302
  class TargetSpec:
295
303
  saas_file: SaasFile
reconcile/utils/saasherder/saasherder.py CHANGED
@@ -70,6 +70,7 @@ from reconcile.utils.saasherder.interfaces import (
70
70
  from reconcile.utils.saasherder.models import (
71
71
  Channel,
72
72
  ImageAuth,
73
+ ImagePatternsBlockRule,
73
74
  Namespace,
74
75
  Promotion,
75
76
  SLOKey,
@@ -130,7 +131,8 @@ class SaasHerder:
130
131
  validate: bool = False,
131
132
  include_trigger_trace: bool = False,
132
133
  all_saas_files: Iterable[SaasFile] | None = None,
133
- ):
134
+ image_patterns_block_rules: list[ImagePatternsBlockRule] | None = None,
135
+ ) -> None:
134
136
  self.error_registered = False
135
137
  self.saas_files = saas_files
136
138
  self.repo_urls = self._collect_repo_urls()
@@ -156,6 +158,9 @@ class SaasHerder:
156
158
  self.images: set[str] = set()
157
159
  self.blocked_versions = self._collect_blocked_versions()
158
160
  self.hotfix_versions = self._collect_hotfix_versions()
161
+ self.image_patterns_block_rules: list[ImagePatternsBlockRule] = (
162
+ image_patterns_block_rules or []
163
+ )
159
164
 
160
165
  # each namespace is in fact a target,
161
166
  # so we can use it to calculate.
@@ -1187,6 +1192,73 @@ class SaasHerder:
1187
1192
  )
1188
1193
  return None
1189
1194
 
1195
+ def _is_block_rule_violated(
1196
+ self,
1197
+ block_rule: ImagePatternsBlockRule,
1198
+ env_labels: dict[str, str] | None,
1199
+ images: set[str],
1200
+ spec: TargetSpec,
1201
+ ) -> bool:
1202
+ """Check if a block rule is violated for the given environment and images.
1203
+
1204
+ Args:
1205
+ block_rule: Block rule with environmentLabelSelector and imagePatterns
1206
+ env_labels: Environment labels dictionary
1207
+ images: Set of image URLs to check
1208
+ spec: TargetSpec for error reporting
1209
+
1210
+ Returns:
1211
+ True if rule is violated, False otherwise
1212
+ """
1213
+ if not env_labels:
1214
+ return False
1215
+
1216
+ # Check if environment labels match the selector
1217
+ env_selector = block_rule.environment_label_selector or {}
1218
+ if not all(env_labels.get(key) == value for key, value in env_selector.items()):
1219
+ return False
1220
+
1221
+ # Check if any images match blocked patterns
1222
+ blocked_images = [
1223
+ image
1224
+ for image in images
1225
+ if any(image.startswith(pattern) for pattern in block_rule.image_patterns)
1226
+ ]
1227
+
1228
+ if blocked_images:
1229
+ logging.error(
1230
+ f"{spec.error_prefix} Target contains blocked image patterns "
1231
+ f"({', '.join(block_rule.image_patterns)}) for environment matching "
1232
+ f"selector {env_selector}: {', '.join(blocked_images)}. "
1233
+ f"These images are not allowed in this environment."
1234
+ )
1235
+ return True
1236
+
1237
+ return False
1238
+
1239
+ def _check_blocked_image_patterns(
1240
+ self,
1241
+ spec: TargetSpec,
1242
+ images_set: set[str],
1243
+ ) -> bool:
1244
+ """Check if images violate any block rules for the given spec.
1245
+
1246
+ Args:
1247
+ spec: TargetSpec with target and environment information
1248
+ images_set: Set of image URLs to check
1249
+
1250
+ Returns:
1251
+ True if any violations are found, False otherwise
1252
+ """
1253
+ if not self.image_patterns_block_rules or not images_set:
1254
+ return False # no rules configured or no images, no violations
1255
+
1256
+ env_labels = spec.target.namespace.environment.labels
1257
+ return any(
1258
+ self._is_block_rule_violated(block_rule, env_labels, images_set, spec)
1259
+ for block_rule in self.image_patterns_block_rules
1260
+ )
1261
+
1190
1262
  def _check_images(
1191
1263
  self,
1192
1264
  spec: TargetSpec,
@@ -1199,6 +1271,12 @@ class SaasHerder:
1199
1271
  self.images.update(images_set)
1200
1272
  if not images_set:
1201
1273
  return False # no errors
1274
+
1275
+ # Check blocked image patterns
1276
+ if self._check_blocked_image_patterns(spec, images_set):
1277
+ return True # violations found
1278
+
1279
+ # imagePatterns validation
1202
1280
  images = threaded.run(
1203
1281
  self._get_image,
1204
1282
  images_set,