qontract-reconcile 0.9.1rc166__py3-none-any.whl → 0.9.1rc168__py3-none-any.whl

{qontract_reconcile-0.9.1rc166.dist-info → qontract_reconcile-0.9.1rc168.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.9.1rc166
+Version: 0.9.1rc168
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.9.1rc166.dist-info → qontract_reconcile-0.9.1rc168.dist-info}/RECORD

@@ -56,7 +56,7 @@ reconcile/jenkins_webhooks_cleaner.py,sha256=GmOCaFmxF8CYEevMJwgm8KS69oiGG3tXZjL
 reconcile/jenkins_worker_fleets.py,sha256=nwlsLSly85RukBGCVsEpoc92BVxvCjJetFlpNC5OwPc,5282
 reconcile/jira_watcher.py,sha256=gus5j2m1mDTsl3CL8bDZ5Lz7KK3INztlrnyJjsjGwv4,3574
 reconcile/kafka_clusters.py,sha256=k0MkqHDJUH8tp6B46mIYmRgDLtxpp5Zcmf41XLjHFIk,7238
-reconcile/ldap_users.py,sha256=1IlMg-FCRzXWbr5eyBi0CLr1XED47XS6Xg6egmJvSnQ,2683
+reconcile/ldap_users.py,sha256=dD7n7JrVQlxqN6gfdqdKpVsyCjTGhRwL0nyA3gsfXxs,2869
 reconcile/mr_client_gateway.py,sha256=WhjMd-sIXDFCV8-rt8CEjurJ5OYB1pOD0K3o0tZRXQg,1885
 reconcile/ocm_additional_routers.py,sha256=mtJYVI0HX39fr6hgOyiDaNVuwjTEH5aBbEGYeWfm5-M,3307
 reconcile/ocm_addons.py,sha256=qqAyqRBRbdZQvAcjb-QlSVyRAyQBZk6iVlgnI4jyi7s,3353
@@ -108,7 +108,7 @@ reconcile/quay_mirror.py,sha256=9pwl1gLzRpsVXF5yPULM4ET_C5F8_xPmH8Mv8AS2AfI,1340
 reconcile/quay_mirror_org.py,sha256=E1OdRe-ppxTkNCwu20iVRhEdG1fPDBroLY02NgiMN7c,10381
 reconcile/quay_permissions.py,sha256=_3PCWjNWoU7VHlYgHzUevvL_jJmEMsWfXV_nzjeiyhU,4099
 reconcile/quay_repos.py,sha256=7609RBVQihis96FNOOe-i9tCTYwcTVy4WpKAL6HpnkU,7031
-reconcile/queries.py,sha256=4zHwi06pos4SAgryJCcb0F8zlwjOxhy1y6aG1GbZoUU,57705
+reconcile/queries.py,sha256=FZY4RXV5R4mboRwT8EtbxFnCkE6Mwz4JVL4BLijEPSA,57741
 reconcile/query_validator.py,sha256=oLEZIAsQCzxmmZ7b9dSw-OKuEjpI1dbVu4XfCfjpmi8,1503
 reconcile/requests_sender.py,sha256=m00QET0mh6rys5r0y5uurZS7RIylXf04HU1dTdhjt0A,3791
 reconcile/resource_scraper.py,sha256=vo1N9vLJCYWvXlTwFRIpEuWjx_39ZV9zxJlpoPq4g3U,2330
@@ -454,7 +454,7 @@ reconcile/utils/mr/labels.py,sha256=RKg8_dSQBZBoRbU-a8VH90UTYmwjFH1GodLQDsRrcDE,
 reconcile/utils/mr/notificator.py,sha256=MbXA7pgaB-CN1R1kY88MNQ27ZMXX56myqJY4jRSqDhQ,2419
 reconcile/utils/mr/ocm_update_recommended_version.py,sha256=Eb4449dIQbVDyWHbEHXekgyEV3Vq3F4hWkKSrraHKic,1531
 reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py,sha256=PDhvitkGtpJ1JYhdk7gOICQCKU3YeYNKjf4XfKxppOo,2737
-reconcile/utils/mr/user_maintenance.py,sha256=-JQHNiTzmHO9Jfqzfeiuw_qN9kUBspcHy3T6IWrQBcg,3030
+reconcile/utils/mr/user_maintenance.py,sha256=_4VwAMJsBxD7maM7AZsMl_GjYRgQtZb_rlFXR-0U0v0,3890
 reconcile/utils/runtime/__init__.py,sha256=l9o8APZxyED5Q6ylGoLIESksQF4f3O8cdke3IdMFOTQ,108
 reconcile/utils/runtime/desired_state_diff.py,sha256=AQhJmq3CP2YOWP-KpmVtYKnhZ46sxERfbk_R6PHO-zc,8272
 reconcile/utils/runtime/environment.py,sha256=cJgCMRBeschdeKJuk_N6BhDWaOCZbo-41i2a9L9DpBE,1328
@@ -474,7 +474,7 @@ release/test_version.py,sha256=jOMn3Qx-mZC5pnJR0LU9ieIdNaYZSmr1kQ6aCkPngAU,2053
 release/version.py,sha256=Ud36t9FxGHLubMrE2o5aaaZRGB9_9hU_z0RN9go0TQM,3876
 tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/app_interface_reporter.py,sha256=k3KsYVzBWCxqK8GazjoiaPJGi4f1pMhBtZEoVyIm26s,21850
-tools/qontract_cli.py,sha256=udyupqX725d9-9qJUjQN7cBozJ0CJUrJCnIpARNqbe0,82984
+tools/qontract_cli.py,sha256=Pq8lRctOj9J2I25vVjprRi62NAzwIsR-FjBD9gVY36s,83150
 tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/cli_commands/gpg_encrypt.py,sha256=JryinrDdvztN931enUY3FuDeLVnfs6y58mnK7itNK6Y,4940
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
@@ -482,8 +482,8 @@ tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y
 tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.9.1rc166.dist-info/METADATA,sha256=Yk4kfUrXS1qlLDkA69VKwdgtCgczRZ0rV8bcf63BVGU,2259
-qontract_reconcile-0.9.1rc166.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-qontract_reconcile-0.9.1rc166.dist-info/entry_points.txt,sha256=3BPvsRryM1C4S_mb5kXmP5AVv-wJBzVCrOJyv6qUmc0,195
-qontract_reconcile-0.9.1rc166.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
-qontract_reconcile-0.9.1rc166.dist-info/RECORD,,
+qontract_reconcile-0.9.1rc168.dist-info/METADATA,sha256=_ZKhFyndKSjoIxv1YYH6lXkgeiaxfHNeySbVQZD73pY,2259
+qontract_reconcile-0.9.1rc168.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+qontract_reconcile-0.9.1rc168.dist-info/entry_points.txt,sha256=3BPvsRryM1C4S_mb5kXmP5AVv-wJBzVCrOJyv6qUmc0,195
+qontract_reconcile-0.9.1rc168.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
+qontract_reconcile-0.9.1rc168.dist-info/RECORD,,

reconcile/ldap_users.py

@@ -16,7 +16,7 @@ from reconcile.utils.mr.user_maintenance import PathTypes
 QONTRACT_INTEGRATION = "ldap-users"
 
 
-def init_users():
+def init_users() -> list[dict[str, list]]:
     app_int_users = queries.get_users(refs=True)
 
     users = defaultdict(list)
@@ -33,6 +33,9 @@ def init_users():
         for g in user.get("gabi_instances"):
             item = {"type": PathTypes.GABI, "path": "data" + g["path"]}
             users[u].append(item)
+        for a in user.get("aws_accounts", []):
+            item = {"type": PathTypes.AWS_ACCOUNTS, "path": "data" + a["path"]}
+            users[u].append(item)
 
     return [{"username": username, "paths": paths} for username, paths in users.items()]
 

reconcile/queries.py

@@ -1805,6 +1805,9 @@ USERS_QUERY = """
     pagerduty_username
     public_gpg_key
     {% if refs %}
+    aws_accounts {
+      path
+    }
     requests {
       path
     }

reconcile/utils/mr/user_maintenance.py

@@ -9,6 +9,7 @@ class PathTypes:
     REQUEST = 1
     QUERY = 2
     GABI = 3
+    AWS_ACCOUNTS = 4
 
 
 class CreateDeleteUserAppInterface(MergeRequestBase):
@@ -53,6 +54,20 @@ class CreateDeleteUserAppInterface(MergeRequestBase):
                     commit_message=self.title,
                     content=new_content,
                 )
+            elif path_type == PathTypes.AWS_ACCOUNTS:
+                raw_file = gitlab_cli.project.files.get(file_path=path, ref=self.branch)
+                content = yaml.load(raw_file.decode(), Loader=yaml.RoundTripLoader)
+                for reset_record in content["resetPasswords"]:
+                    if self.username in reset_record["user"]["$ref"]:
+                        content["resetPasswords"].remove(reset_record)
+                        new_content = "---\n"
+                        new_content += yaml.dump(content, Dumper=yaml.RoundTripDumper)
+                        gitlab_cli.update_file(
+                            branch_name=self.branch,
+                            file_path=path,
+                            commit_message=self.title,
+                            content=new_content,
+                        )
 
 
 class CreateDeleteUserInfra(MergeRequestBase):

tools/qontract_cli.py

@@ -29,7 +29,10 @@ from reconcile.change_owners.change_owners import (
     fetch_self_service_roles,
 )
 from reconcile.checkpoint import report_invalid_metadata
-from reconcile.cli import config_file
+from reconcile.cli import (
+    config_file,
+    use_jump_host,
+)
 from reconcile.jenkins_job_builder import init_jjb
 from reconcile.prometheus_rules_tester import get_data_from_jinja_test_template
 from reconcile.slack_base import slackapi_from_queries
@@ -1805,8 +1808,9 @@ def app_interface_merge_history(ctx):
     short_help="obtain a list of all resources that are managed "
     "on a customer cluster via a Hive SelectorSyncSet."
 )
+@use_jump_host()
 @click.pass_context
-def selectorsyncset_managed_resources(ctx):
+def selectorsyncset_managed_resources(ctx, use_jump_host):
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
     clusters = get_clusters()
@@ -1816,6 +1820,7 @@ def selectorsyncset_managed_resources(ctx):
         integration="qontract-cli",
         thread_pool_size=1,
         init_api_resources=True,
+        use_jump_host=use_jump_host,
     )
     columns = [
         "cluster",
@@ -1861,8 +1866,9 @@ def selectorsyncset_managed_resources(ctx):
     short_help="obtain a list of all resources that are managed "
     "on a customer cluster via an ACM Policy via a Hive SelectorSyncSet."
 )
+@use_jump_host()
 @click.pass_context
-def selectorsyncset_managed_hypershift_resources(ctx):
+def selectorsyncset_managed_hypershift_resources(ctx, use_jump_host):
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
     clusters = get_clusters()
@@ -1872,6 +1878,7 @@ def selectorsyncset_managed_hypershift_resources(ctx):
         integration="qontract-cli",
         thread_pool_size=1,
         init_api_resources=True,
+        use_jump_host=use_jump_host,
     )
     columns = [
         "cluster",