qontract-reconcile 0.10.2.dev503__py3-none-any.whl → 0.10.2.dev505__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev505.dist-info}/METADATA +1 -4
  2. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev505.dist-info}/RECORD +16 -34
  3. reconcile/cli.py +0 -108
  4. reconcile/gql_definitions/common/saasherder_settings.py +10 -0
  5. reconcile/gql_definitions/integrations/integrations.py +1 -31
  6. reconcile/gql_definitions/introspection.json +0 -220
  7. reconcile/integrations_manager.py +0 -2
  8. reconcile/openshift_saas_deploy.py +8 -0
  9. reconcile/utils/external_resource_spec.py +1 -2
  10. reconcile/utils/runtime/sharding.py +0 -80
  11. reconcile/utils/saasherder/interfaces.py +1 -0
  12. reconcile/utils/saasherder/models.py +8 -0
  13. reconcile/utils/saasherder/saasherder.py +79 -1
  14. tools/cli_commands/systems_and_tools.py +0 -23
  15. reconcile/gql_definitions/terraform_cloudflare_dns/__init__.py +0 -0
  16. reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +0 -62
  17. reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +0 -193
  18. reconcile/gql_definitions/terraform_cloudflare_resources/__init__.py +0 -0
  19. reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +0 -127
  20. reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +0 -359
  21. reconcile/gql_definitions/terraform_cloudflare_users/__init__.py +0 -0
  22. reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +0 -62
  23. reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +0 -139
  24. reconcile/terraform_cloudflare_dns.py +0 -379
  25. reconcile/terraform_cloudflare_resources.py +0 -445
  26. reconcile/terraform_cloudflare_users.py +0 -374
  27. reconcile/typed_queries/cloudflare.py +0 -10
  28. reconcile/utils/terrascript/__init__.py +0 -0
  29. reconcile/utils/terrascript/cloudflare_client.py +0 -310
  30. reconcile/utils/terrascript/cloudflare_resources.py +0 -432
  31. reconcile/utils/terrascript/models.py +0 -26
  32. reconcile/utils/terrascript/resources.py +0 -43
  33. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev505.dist-info}/WHEEL +0 -0
  34. {qontract_reconcile-0.10.2.dev503.dist-info → qontract_reconcile-0.10.2.dev505.dist-info}/entry_points.txt +0 -0
reconcile/gql_definitions/introspection.json CHANGED
@@ -4567,21 +4567,11 @@
4567
4567
  "name": "QuayInstance_v1",
4568
4568
  "ofType": null
4569
4569
  },
4570
- {
4571
- "kind": "OBJECT",
4572
- "name": "PermissionQuayOrgTeam_v1",
4573
- "ofType": null
4574
- },
4575
4570
  {
4576
4571
  "kind": "OBJECT",
4577
4572
  "name": "AppEscalationPolicy_v1",
4578
4573
  "ofType": null
4579
4574
  },
4580
- {
4581
- "kind": "OBJECT",
4582
- "name": "PermissionSlackUsergroup_v1",
4583
- "ofType": null
4584
- },
4585
4575
  {
4586
4576
  "kind": "OBJECT",
4587
4577
  "name": "SlackWorkspace_v1",
@@ -4697,11 +4687,6 @@
4697
4687
  "name": "AutomatedActionsInstance_v1",
4698
4688
  "ofType": null
4699
4689
  },
4700
- {
4701
- "kind": "OBJECT",
4702
- "name": "PermissionAutomatedActions_v1",
4703
- "ofType": null
4704
- },
4705
4690
  {
4706
4691
  "kind": "OBJECT",
4707
4692
  "name": "AWSVPC_v1",
@@ -4732,11 +4717,6 @@
4732
4717
  "name": "VaultAuth_v1",
4733
4718
  "ofType": null
4734
4719
  },
4735
- {
4736
- "kind": "OBJECT",
4737
- "name": "PermissionGithubOrgTeam_v1",
4738
- "ofType": null
4739
- },
4740
4720
  {
4741
4721
  "kind": "OBJECT",
4742
4722
  "name": "VaultPolicy_v1",
@@ -4792,11 +4772,6 @@
4792
4772
  "name": "UnleashProject_v1",
4793
4773
  "ofType": null
4794
4774
  },
4795
- {
4796
- "kind": "OBJECT",
4797
- "name": "FeatureToggleUnleash_v1",
4798
- "ofType": null
4799
- },
4800
4775
  {
4801
4776
  "kind": "OBJECT",
4802
4777
  "name": "ResourceTemplateTest_v1",
@@ -4882,95 +4857,10 @@
4882
4857
  "name": "SaasResourceTemplateTargetReference_v2",
4883
4858
  "ofType": null
4884
4859
  },
4885
- {
4886
- "kind": "OBJECT",
4887
- "name": "PipelinesProviderTekton_v1",
4888
- "ofType": null
4889
- },
4890
4860
  {
4891
4861
  "kind": "OBJECT",
4892
4862
  "name": "PipelinesProviderTektonProviderDefaults_v1",
4893
4863
  "ofType": null
4894
- },
4895
- {
4896
- "kind": "OBJECT",
4897
- "name": "OidcPermissionVault_v1",
4898
- "ofType": null
4899
- },
4900
- {
4901
- "kind": "OBJECT",
4902
- "name": "OidcPermissionAcs_v1",
4903
- "ofType": null
4904
- },
4905
- {
4906
- "kind": "OBJECT",
4907
- "name": "PermissionGithubOrg_v1",
4908
- "ofType": null
4909
- },
4910
- {
4911
- "kind": "OBJECT",
4912
- "name": "PermissionJenkinsRole_v1",
4913
- "ofType": null
4914
- },
4915
- {
4916
- "kind": "OBJECT",
4917
- "name": "PermissionGitlabGroupMembership_v1",
4918
- "ofType": null
4919
- },
4920
- {
4921
- "kind": "OBJECT",
4922
- "name": "EndpointMonitoringProviderBlackboxExporter_v1",
4923
- "ofType": null
4924
- },
4925
- {
4926
- "kind": "OBJECT",
4927
- "name": "EndpointMonitoringProviderSignalFx_v1",
4928
- "ofType": null
4929
- },
4930
- {
4931
- "kind": "OBJECT",
4932
- "name": "AutomatedActionActionList_v1",
4933
- "ofType": null
4934
- },
4935
- {
4936
- "kind": "OBJECT",
4937
- "name": "AutomatedActionCreateToken_v1",
4938
- "ofType": null
4939
- },
4940
- {
4941
- "kind": "OBJECT",
4942
- "name": "AutomatedActionExternalResourceFlushElastiCache_v1",
4943
- "ofType": null
4944
- },
4945
- {
4946
- "kind": "OBJECT",
4947
- "name": "AutomatedActionExternalResourceRdsReboot_v1",
4948
- "ofType": null
4949
- },
4950
- {
4951
- "kind": "OBJECT",
4952
- "name": "AutomatedActionExternalResourceRdsSnapshot_v1",
4953
- "ofType": null
4954
- },
4955
- {
4956
- "kind": "OBJECT",
4957
- "name": "AutomatedActionNoOp_v1",
4958
- "ofType": null
4959
- },
4960
- {
4961
- "kind": "OBJECT",
4962
- "name": "AutomatedActionOpenshiftTriggerCronjob_v1",
4963
- "ofType": null
4964
- },
4965
- {
4966
- "kind": "OBJECT",
4967
- "name": "AutomatedActionOpenshiftWorkloadDelete_v1",
4968
- "ofType": null
4969
- },
4970
- {
4971
- "kind": "OBJECT",
4972
- "name": "AutomatedActionOpenshiftWorkloadRestart_v1",
4973
- "ofType": null
4974
4864
  }
4975
4865
  ]
4976
4866
  },
@@ -18583,11 +18473,6 @@
18583
18473
  "kind": "INTERFACE",
18584
18474
  "name": "Permission_v1",
18585
18475
  "ofType": null
18586
- },
18587
- {
18588
- "kind": "INTERFACE",
18589
- "name": "DatafileObject_v1",
18590
- "ofType": null
18591
18476
  }
18592
18477
  ],
18593
18478
  "enumValues": null,
@@ -19184,11 +19069,6 @@
19184
19069
  "kind": "INTERFACE",
19185
19070
  "name": "Permission_v1",
19186
19071
  "ofType": null
19187
- },
19188
- {
19189
- "kind": "INTERFACE",
19190
- "name": "DatafileObject_v1",
19191
- "ofType": null
19192
19072
  }
19193
19073
  ],
19194
19074
  "enumValues": null,
@@ -27985,11 +27865,6 @@
27985
27865
  "kind": "INTERFACE",
27986
27866
  "name": "Permission_v1",
27987
27867
  "ofType": null
27988
- },
27989
- {
27990
- "kind": "INTERFACE",
27991
- "name": "DatafileObject_v1",
27992
- "ofType": null
27993
27868
  }
27994
27869
  ],
27995
27870
  "enumValues": null,
@@ -29551,11 +29426,6 @@
29551
29426
  "kind": "INTERFACE",
29552
29427
  "name": "Permission_v1",
29553
29428
  "ofType": null
29554
- },
29555
- {
29556
- "kind": "INTERFACE",
29557
- "name": "DatafileObject_v1",
29558
- "ofType": null
29559
29429
  }
29560
29430
  ],
29561
29431
  "enumValues": null,
@@ -32224,11 +32094,6 @@
32224
32094
  "kind": "INTERFACE",
32225
32095
  "name": "FeatureToggle_v1",
32226
32096
  "ofType": null
32227
- },
32228
- {
32229
- "kind": "INTERFACE",
32230
- "name": "DatafileObject_v1",
32231
- "ofType": null
32232
32097
  }
32233
32098
  ],
32234
32099
  "enumValues": null,
@@ -51163,11 +51028,6 @@
51163
51028
  "kind": "INTERFACE",
51164
51029
  "name": "PipelinesProvider_v1",
51165
51030
  "ofType": null
51166
- },
51167
- {
51168
- "kind": "INTERFACE",
51169
- "name": "DatafileObject_v1",
51170
- "ofType": null
51171
51031
  }
51172
51032
  ],
51173
51033
  "enumValues": null,
@@ -51903,11 +51763,6 @@
51903
51763
  "kind": "INTERFACE",
51904
51764
  "name": "OidcPermission_v1",
51905
51765
  "ofType": null
51906
- },
51907
- {
51908
- "kind": "INTERFACE",
51909
- "name": "DatafileObject_v1",
51910
- "ofType": null
51911
51766
  }
51912
51767
  ],
51913
51768
  "enumValues": null,
@@ -52073,11 +51928,6 @@
52073
51928
  "kind": "INTERFACE",
52074
51929
  "name": "OidcPermission_v1",
52075
51930
  "ofType": null
52076
- },
52077
- {
52078
- "kind": "INTERFACE",
52079
- "name": "DatafileObject_v1",
52080
- "ofType": null
52081
51931
  }
52082
51932
  ],
52083
51933
  "enumValues": null,
@@ -52215,11 +52065,6 @@
52215
52065
  "kind": "INTERFACE",
52216
52066
  "name": "Permission_v1",
52217
52067
  "ofType": null
52218
- },
52219
- {
52220
- "kind": "INTERFACE",
52221
- "name": "DatafileObject_v1",
52222
- "ofType": null
52223
52068
  }
52224
52069
  ],
52225
52070
  "enumValues": null,
@@ -52377,11 +52222,6 @@
52377
52222
  "kind": "INTERFACE",
52378
52223
  "name": "Permission_v1",
52379
52224
  "ofType": null
52380
- },
52381
- {
52382
- "kind": "INTERFACE",
52383
- "name": "DatafileObject_v1",
52384
- "ofType": null
52385
52225
  }
52386
52226
  ],
52387
52227
  "enumValues": null,
@@ -52563,11 +52403,6 @@
52563
52403
  "kind": "INTERFACE",
52564
52404
  "name": "Permission_v1",
52565
52405
  "ofType": null
52566
- },
52567
- {
52568
- "kind": "INTERFACE",
52569
- "name": "DatafileObject_v1",
52570
- "ofType": null
52571
52406
  }
52572
52407
  ],
52573
52408
  "enumValues": null,
@@ -53651,11 +53486,6 @@
53651
53486
  "kind": "INTERFACE",
53652
53487
  "name": "EndpointMonitoringProvider_v1",
53653
53488
  "ofType": null
53654
- },
53655
- {
53656
- "kind": "INTERFACE",
53657
- "name": "DatafileObject_v1",
53658
- "ofType": null
53659
53489
  }
53660
53490
  ],
53661
53491
  "enumValues": null,
@@ -53876,11 +53706,6 @@
53876
53706
  "kind": "INTERFACE",
53877
53707
  "name": "EndpointMonitoringProvider_v1",
53878
53708
  "ofType": null
53879
- },
53880
- {
53881
- "kind": "INTERFACE",
53882
- "name": "DatafileObject_v1",
53883
- "ofType": null
53884
53709
  }
53885
53710
  ],
53886
53711
  "enumValues": null,
@@ -54769,11 +54594,6 @@
54769
54594
  "kind": "INTERFACE",
54770
54595
  "name": "AutomatedAction_v1",
54771
54596
  "ofType": null
54772
- },
54773
- {
54774
- "kind": "INTERFACE",
54775
- "name": "DatafileObject_v1",
54776
- "ofType": null
54777
54597
  }
54778
54598
  ],
54779
54599
  "enumValues": null,
@@ -54946,11 +54766,6 @@
54946
54766
  "kind": "INTERFACE",
54947
54767
  "name": "AutomatedAction_v1",
54948
54768
  "ofType": null
54949
- },
54950
- {
54951
- "kind": "INTERFACE",
54952
- "name": "DatafileObject_v1",
54953
- "ofType": null
54954
54769
  }
54955
54770
  ],
54956
54771
  "enumValues": null,
@@ -55112,11 +54927,6 @@
55112
54927
  "kind": "INTERFACE",
55113
54928
  "name": "AutomatedAction_v1",
55114
54929
  "ofType": null
55115
- },
55116
- {
55117
- "kind": "INTERFACE",
55118
- "name": "DatafileObject_v1",
55119
- "ofType": null
55120
54930
  }
55121
54931
  ],
55122
54932
  "enumValues": null,
@@ -55321,11 +55131,6 @@
55321
55131
  "kind": "INTERFACE",
55322
55132
  "name": "AutomatedAction_v1",
55323
55133
  "ofType": null
55324
- },
55325
- {
55326
- "kind": "INTERFACE",
55327
- "name": "DatafileObject_v1",
55328
- "ofType": null
55329
55134
  }
55330
55135
  ],
55331
55136
  "enumValues": null,
@@ -55487,11 +55292,6 @@
55487
55292
  "kind": "INTERFACE",
55488
55293
  "name": "AutomatedAction_v1",
55489
55294
  "ofType": null
55490
- },
55491
- {
55492
- "kind": "INTERFACE",
55493
- "name": "DatafileObject_v1",
55494
- "ofType": null
55495
55295
  }
55496
55296
  ],
55497
55297
  "enumValues": null,
@@ -55629,11 +55429,6 @@
55629
55429
  "kind": "INTERFACE",
55630
55430
  "name": "AutomatedAction_v1",
55631
55431
  "ofType": null
55632
- },
55633
- {
55634
- "kind": "INTERFACE",
55635
- "name": "DatafileObject_v1",
55636
- "ofType": null
55637
55432
  }
55638
55433
  ],
55639
55434
  "enumValues": null,
@@ -55795,11 +55590,6 @@
55795
55590
  "kind": "INTERFACE",
55796
55591
  "name": "AutomatedAction_v1",
55797
55592
  "ofType": null
55798
- },
55799
- {
55800
- "kind": "INTERFACE",
55801
- "name": "DatafileObject_v1",
55802
- "ofType": null
55803
55593
  }
55804
55594
  ],
55805
55595
  "enumValues": null,
@@ -56004,11 +55794,6 @@
56004
55794
  "kind": "INTERFACE",
56005
55795
  "name": "AutomatedAction_v1",
56006
55796
  "ofType": null
56007
- },
56008
- {
56009
- "kind": "INTERFACE",
56010
- "name": "DatafileObject_v1",
56011
- "ofType": null
56012
55797
  }
56013
55798
  ],
56014
55799
  "enumValues": null,
@@ -56241,11 +56026,6 @@
56241
56026
  "kind": "INTERFACE",
56242
56027
  "name": "AutomatedAction_v1",
56243
56028
  "ofType": null
56244
- },
56245
- {
56246
- "kind": "INTERFACE",
56247
- "name": "DatafileObject_v1",
56248
- "ofType": null
56249
56029
  }
56250
56030
  ],
56251
56031
  "enumValues": null,
reconcile/integrations_manager.py CHANGED
@@ -41,7 +41,6 @@ from reconcile.utils.openshift_resource import (
41
41
  from reconcile.utils.runtime.meta import IntegrationMeta
42
42
  from reconcile.utils.runtime.sharding import (
43
43
  AWSAccountShardingStrategy,
44
- CloudflareDnsZoneShardingStrategy,
45
44
  IntegrationShardManager,
46
45
  OCMOrganizationShardingStrategy,
47
46
  OpenshiftClusterShardingStrategy,
@@ -257,7 +256,6 @@ def run(
257
256
  StaticShardingStrategy.IDENTIFIER: StaticShardingStrategy(),
258
257
  AWSAccountShardingStrategy.IDENTIFIER: AWSAccountShardingStrategy(),
259
258
  OpenshiftClusterShardingStrategy.IDENTIFIER: OpenshiftClusterShardingStrategy(),
260
- CloudflareDnsZoneShardingStrategy.IDENTIFIER: CloudflareDnsZoneShardingStrategy(),
261
259
  OCMOrganizationShardingStrategy.IDENTIFIER: OCMOrganizationShardingStrategy(),
262
260
  },
263
261
  integration_runtime_meta=integration_runtime_meta,
reconcile/openshift_saas_deploy.py CHANGED
@@ -30,6 +30,7 @@ from reconcile.utils.gitlab_api import GitLabApi
30
30
  from reconcile.utils.json import json_dumps
31
31
  from reconcile.utils.openshift_resource import ResourceInventory
32
32
  from reconcile.utils.saasherder import SaasHerder
33
+ from reconcile.utils.saasherder.models import ImagePatternsBlockRule
33
34
  from reconcile.utils.secret_reader import create_secret_reader
34
35
  from reconcile.utils.semver_helper import make_semver
35
36
  from reconcile.utils.slack_api import SlackApi
@@ -211,6 +212,13 @@ def run(
211
212
  jenkins_map=jenkins_map,
212
213
  state=init_state(integration=QONTRACT_INTEGRATION, secret_reader=secret_reader),
213
214
  all_saas_files=saas_file_list.saas_files,
215
+ image_patterns_block_rules=[
216
+ ImagePatternsBlockRule(
217
+ environment_label_selector=rule.environment_label_selector or {},
218
+ image_patterns=rule.image_patterns,
219
+ )
220
+ for rule in (saasherder_settings.image_patterns_block_rules or [])
221
+ ],
214
222
  )
215
223
  if defer:
216
224
  defer(saasherder.cleanup)
reconcile/utils/external_resource_spec.py CHANGED
@@ -125,8 +125,7 @@ class ExternalResourceSpec:
125
125
  def output_prefix(self) -> str:
126
126
  # Adhere to DNS-1123 subdomain names spec. It's reasonable to have provider
127
127
  # names that have underscores, but without replacing them with hyphens we run
128
- # into issues. Alternatively, we could change Cloudflare worker_script to
129
- # worker-script and prevent the use of underscores going forward.
128
+ # into issues.
130
129
  #
131
130
  # More info can be found at:
132
131
  # https://kubernetes.io/docs/concepts/overview/working-with-objects/names/.
reconcile/utils/runtime/sharding.py CHANGED
@@ -14,8 +14,6 @@ from reconcile.gql_definitions.fragments.minimal_ocm_organization import (
14
14
  from reconcile.gql_definitions.integrations.integrations import (
15
15
  AWSAccountShardingV1,
16
16
  AWSAccountShardSpecOverrideV1,
17
- CloudflareDNSZoneShardingV1,
18
- CloudflareDNSZoneShardSpecOverrideV1,
19
17
  IntegrationManagedV1,
20
18
  IntegrationShardingV1,
21
19
  IntegrationSpecV1,
@@ -31,12 +29,6 @@ from reconcile.gql_definitions.sharding import aws_accounts as sharding_aws_acco
31
29
  from reconcile.gql_definitions.sharding import (
32
30
  ocm_organization as sharding_ocm_organization,
33
31
  )
34
- from reconcile.gql_definitions.terraform_cloudflare_dns import (
35
- terraform_cloudflare_zones,
36
- )
37
- from reconcile.gql_definitions.terraform_cloudflare_dns.terraform_cloudflare_zones import (
38
- CloudflareDnsZoneV1,
39
- )
40
32
  from reconcile.typed_queries.clusters_minimal import get_clusters_minimal
41
33
  from reconcile.utils import gql
42
34
  from reconcile.utils.runtime.meta import IntegrationMeta
@@ -49,7 +41,6 @@ class ShardSpec(BaseModel):
49
41
  shard_spec_overrides: (
50
42
  AWSAccountShardSpecOverrideV1
51
43
  | OpenshiftClusterShardSpecOverrideV1
52
- | CloudflareDNSZoneShardSpecOverrideV1
53
44
  | OCMOrganizationShardSpecOverrideV1
54
45
  | None
55
46
  ) = None
@@ -363,77 +354,6 @@ class OpenshiftClusterShardingStrategy:
363
354
  return shards
364
355
 
365
356
 
366
- class CloudflareDnsZoneShardingStrategy:
367
- """
368
- This provides a new sharding strategy that each shard is targeting a Cloudflare zone.
369
- It uses the combination of the Cloudflare account name and the zone's identifier as the unique sharding key.
370
- """
371
-
372
- IDENTIFIER = "per-cloudflare-dns-zone"
373
-
374
- def __init__(self, cloudflare_zones: Iterable[CloudflareDnsZoneV1] | None = None):
375
- if not cloudflare_zones:
376
- self.cloudflare_zones = (
377
- terraform_cloudflare_zones.query(query_func=gql.get_api().query).zones
378
- or []
379
- )
380
- else:
381
- self.cloudflare_zones = list(cloudflare_zones)
382
-
383
- def _get_shard_key(self, dns_zone: CloudflareDnsZoneV1) -> str:
384
- return f"{dns_zone.account.name}-{dns_zone.identifier}"
385
-
386
- def get_shard_spec_overrides(
387
- self, sharding: IntegrationShardingV1 | None
388
- ) -> dict[str, CloudflareDNSZoneShardSpecOverrideV1]:
389
- spos: dict[str, CloudflareDNSZoneShardSpecOverrideV1] = {}
390
-
391
- if (
392
- isinstance(sharding, CloudflareDNSZoneShardingV1)
393
- and sharding.shard_spec_overrides
394
- ):
395
- for override in sharding.shard_spec_overrides:
396
- key = f"{override.shard.zone}-{override.shard.identifier}"
397
- spos[key] = override
398
- return spos
399
-
400
- def check_integration_sharding_params(self, meta: IntegrationMeta) -> None:
401
- if "--zone-name" not in meta.args:
402
- raise ValueError(
403
- f"integration {meta.name} does not support the provided argument. "
404
- f"--zone-name is required by the '{self.IDENTIFIER}' sharding "
405
- "strategy."
406
- )
407
-
408
- def build_shard_spec(
409
- self,
410
- dns_zone: CloudflareDnsZoneV1,
411
- integration_spec: IntegrationSpecV1,
412
- spo: CloudflareDNSZoneShardSpecOverrideV1 | None,
413
- ) -> ShardSpec:
414
- return ShardSpec(
415
- shard_key=self._get_shard_key(dns_zone),
416
- shard_name_suffix=f"-{self._get_shard_key(dns_zone)}",
417
- extra_args=(integration_spec.extra_args or "")
418
- + f" --zone-name {dns_zone.identifier}",
419
- shard_spec_overrides=spo,
420
- )
421
-
422
- def build_integration_shards(
423
- self,
424
- integration_meta: IntegrationMeta,
425
- integration_managed: IntegrationManagedV1,
426
- ) -> list[ShardSpec]:
427
- self.check_integration_sharding_params(integration_meta)
428
- spos = self.get_shard_spec_overrides(integration_managed.sharding)
429
- shards = []
430
- for zone in self.cloudflare_zones or []:
431
- spo = spos.get(self._get_shard_key(zone))
432
- base_shard = self.build_shard_spec(zone, integration_managed.spec, spo)
433
- shards.append(base_shard)
434
- return shards
435
-
436
-
437
357
  @dataclass
438
358
  class IntegrationShardManager:
439
359
  strategies: dict[str, ShardingStrategy]
reconcile/utils/saasherder/interfaces.py CHANGED
@@ -194,6 +194,7 @@ class SaasEnvironment_SaasSecretParameters(Protocol):
194
194
  @runtime_checkable
195
195
  class SaasEnvironment(HasParameters, HasSecretParameters, Protocol):
196
196
  name: str
197
+ labels: dict[str, str] | None
197
198
 
198
199
 
199
200
  class SaasResourceTemplateTargetNamespace(Protocol):
reconcile/utils/saasherder/models.py CHANGED
@@ -290,6 +290,14 @@ class ImageAuth:
290
290
  }
291
291
 
292
292
 
293
+ @dataclass(frozen=True)
294
+ class ImagePatternsBlockRule:
295
+ """Block rule for image patterns based on environment label selectors."""
296
+
297
+ environment_label_selector: dict[str, str]
298
+ image_patterns: list[str]
299
+
300
+
293
301
  @dataclass
294
302
  class TargetSpec:
295
303
  saas_file: SaasFile