qontract-reconcile 0.9.1rc114__py3-none-any.whl → 0.9.1rc115__py3-none-any.whl

{qontract_reconcile-0.9.1rc114.dist-info → qontract_reconcile-0.9.1rc115.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.9.1rc114
+Version: 0.9.1rc115
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.9.1rc114.dist-info → qontract_reconcile-0.9.1rc115.dist-info}/RECORD

@@ -471,7 +471,7 @@ release/test_version.py,sha256=jOMn3Qx-mZC5pnJR0LU9ieIdNaYZSmr1kQ6aCkPngAU,2053
 release/version.py,sha256=Ud36t9FxGHLubMrE2o5aaaZRGB9_9hU_z0RN9go0TQM,3876
 tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/app_interface_reporter.py,sha256=k3KsYVzBWCxqK8GazjoiaPJGi4f1pMhBtZEoVyIm26s,21850
-tools/qontract_cli.py,sha256=bLnkVZ6DrWKxLb1iTlYHOSQ0Dv7k1MSKHnUX6lXHAsU,77774
+tools/qontract_cli.py,sha256=2pgcValVxDA8FnqSEJn2hUn32pdCKSfh0nLotg-Qbuw,77874
 tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/cli_commands/gpg_encrypt.py,sha256=CghHbzHgnyhBixaklGniltc-_lsoRTNFqqX-TTkbI84,4970
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
@@ -479,8 +479,8 @@ tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y
 tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_qontract_cli.py,sha256=taXJPi2yJrV5ql6G3IivU3Lj5mNXje-nUEjp6uXa1oc,1396
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.9.1rc114.dist-info/METADATA,sha256=EmpNuAy__Oq93vFdputw2MklxAO6NYKcOQGt3ITqdp8,2257
-qontract_reconcile-0.9.1rc114.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-qontract_reconcile-0.9.1rc114.dist-info/entry_points.txt,sha256=3BPvsRryM1C4S_mb5kXmP5AVv-wJBzVCrOJyv6qUmc0,195
-qontract_reconcile-0.9.1rc114.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
-qontract_reconcile-0.9.1rc114.dist-info/RECORD,,
+qontract_reconcile-0.9.1rc115.dist-info/METADATA,sha256=GQ9HHNZ1HNjirOw3QtH-dzsPRpXUuBQfL0FF7_du26s,2257
+qontract_reconcile-0.9.1rc115.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+qontract_reconcile-0.9.1rc115.dist-info/entry_points.txt,sha256=3BPvsRryM1C4S_mb5kXmP5AVv-wJBzVCrOJyv6qUmc0,195
+qontract_reconcile-0.9.1rc115.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
+qontract_reconcile-0.9.1rc115.dist-info/RECORD,,

tools/qontract_cli.py

@@ -7,14 +7,12 @@ import sys
 from collections import defaultdict
 from datetime import datetime
 from operator import itemgetter
-from typing import (
-    Optional,
-    cast,
-)
+from typing import Optional
 
 import click
 import requests
 import yaml
+from sretoolbox.utils import threaded
 
 import reconcile.gitlab_housekeeping as glhk
 import reconcile.ocm_upgrade_scheduler as ous
@@ -70,10 +68,6 @@ from reconcile.utils.secret_reader import SecretReader
 from reconcile.utils.semver_helper import parse_semver
 from reconcile.utils.state import State
 from reconcile.utils.terraform_client import TerraformClient as Terraform
-from reconcile.utils.vault import (
-    VaultClient,
-    _VaultClient,
-)
 from tools.cli_commands.gpg_encrypt import (
     GPGEncryptCommand,
     GPGEncryptCommandData,
@@ -883,9 +877,11 @@ def clusters_aws_account_ids(ctx):
 @get.command()
 @click.pass_context
 def terraform_users_credentials(ctx) -> None:
-    vc = cast(_VaultClient, VaultClient())
+    settings = queries.get_app_interface_settings()
+    accounts = queries.get_state_aws_accounts()
+    state = State("account-notifier", accounts, settings=settings)
 
-    skip_accounts, appsre_pgp_key, reencrypt_settings = tfu.get_reencrypt_settings()
+    skip_accounts, appsre_pgp_key, _ = tfu.get_reencrypt_settings()
 
     accounts, working_dirs, _, aws_api = tfu.setup(
         False,
@@ -919,13 +915,24 @@ def terraform_users_credentials(ctx) -> None:
                 }
                 credentials.append(item)
 
-    for secret in vc.list(reencrypt_settings.aws_account_output_vault_path):
-        secret_request = {
-            "path": f"{reencrypt_settings.aws_account_output_vault_path}/{secret}"
-        }
-        secret_data = vc.read_all(secret_request)
-        if secret_data["account"] not in skip_accounts:
-            credentials.append(secret_data)
+    secrets = state.ls()
+
+    def _get_secret(secret_key: str):
+        if secret_key.startswith("/output/"):
+            secret_data = state.get(secret_key[1:])
+            if secret_data["account"] not in skip_accounts:
+                return secret_data
+        return None
+
+    secret_result = threaded.run(
+        _get_secret,
+        secrets,
+        10,
+    )
+
+    for secret in secret_result:
+        if secret and secret["account"] not in skip_accounts:
+            credentials.append(secret)
 
     columns = ["account", "console_url", "user_name", "encrypted_password"]
     print_output(ctx.obj["options"], credentials, columns)
@@ -933,10 +940,11 @@ def terraform_users_credentials(ctx) -> None:
 
 @root.command()
 @click.argument("account_name")
-@click.argument("output_path")
 @click.pass_context
-def user_credentials_migrate_output(ctx, account_name, output_path) -> None:
-    vc = cast(_VaultClient, VaultClient())
+def user_credentials_migrate_output(ctx, account_name) -> None:
+    settings = queries.get_app_interface_settings()
+    accounts = queries.get_state_aws_accounts()
+    state = State("account-notifier", accounts, settings=settings)
 
     skip_accounts, appsre_pgp_key, _ = tfu.get_reencrypt_settings()
 
@@ -960,24 +968,19 @@ def user_credentials_migrate_output(ctx, account_name, output_path) -> None:
     )
     credentials = []
     for account, output in tf.outputs.items():
-        if account in skip_accounts:
-            user_passwords = tf.format_output(output, tf.OUTPUT_TYPE_PASSWORDS)
-            console_urls = tf.format_output(output, tf.OUTPUT_TYPE_CONSOLEURLS)
-            for user_name, enc_password in user_passwords.items():
-                item = {
-                    "account": account,
-                    "console_url": console_urls[account],
-                    "user_name": user_name,
-                    "encrypted_password": enc_password,
-                }
-                credentials.append(item)
+        user_passwords = tf.format_output(output, tf.OUTPUT_TYPE_PASSWORDS)
+        console_urls = tf.format_output(output, tf.OUTPUT_TYPE_CONSOLEURLS)
+        for user_name, enc_password in user_passwords.items():
+            item = {
+                "account": account,
+                "console_url": console_urls[account],
+                "user_name": user_name,
+                "encrypted_password": enc_password,
+            }
+            credentials.append(item)
 
     for cred in credentials:
-        new_secret = {
-            "path": f"{output_path}/{cred['user_name']}_{cred['account']}",
-            "data": cred,
-        }
-        vc.write(new_secret, decode_base64=False)
+        state.add(f"output/{cred['account']}/{cred['user_name']}", cred)
 
 
 @get.command()