qontract-reconcile 0.9.1rc273__py3-none-any.whl → 0.9.1rc275__py3-none-any.whl

{qontract_reconcile-0.9.1rc273.dist-info → qontract_reconcile-0.9.1rc275.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.9.1rc273
+Version: 0.9.1rc275
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.9.1rc273.dist-info → qontract_reconcile-0.9.1rc275.dist-info}/RECORD

@@ -123,7 +123,7 @@ reconcile/terraform_cloudflare_dns.py,sha256=cCwDaFZ9KGNsCjVnz89LMWi5V8mhkbAvQE4
 reconcile/terraform_cloudflare_resources.py,sha256=BQg12mHm1iaxf086FFPZutPbWKUMaddqu-nREPR8ptA,14887
 reconcile/terraform_cloudflare_users.py,sha256=lTbrxi8OtW9Pfcr7Yp-70ihldMQKx9dJ7ZgbGHey1XE,13627
 reconcile/terraform_resources.py,sha256=gQ-LT0TGwf9OR4RF5EWDmNHUnKWnbhrIMtyIdUgP4D4,16782
-reconcile/terraform_tgw_attachments.py,sha256=WDrLveeCe1hjAMecvLipWGMHRVJ1GLEBWUP6QIs631M,7477
+reconcile/terraform_tgw_attachments.py,sha256=C7Z_QoWXbqQ3XeDRYi6a5c2X3ceptwTiTk-aNOR5ku4,9544
 reconcile/terraform_users.py,sha256=AzDvEQCdLpsXoS3nLbIQRraQvJHa8JmL40lZFv8YXMk,9321
 reconcile/terraform_vpc_peerings.py,sha256=l83dp3LO6WeBa_he0s-m4o182BaQX_0IRNd4MTvsAg8,21025
 reconcile/unleash_watcher.py,sha256=xNLUFpIr66XESEyXUkmHTTmHghVWHiMtnS_k0OC7gd8,4145
@@ -258,9 +258,9 @@ reconcile/jenkins/types.py,sha256=-WMs4TsCEcbJNF_n-615Fealk08boBYZcTzVUk3Wlns,26
 reconcile/ocm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/ocm/types.py,sha256=gCuVra66cIk2Wvoj8PQ-hvsZiozFDFXxUOilPdC0w-c,3138
 reconcile/saas_auto_promotions_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/saas_auto_promotions_manager/integration.py,sha256=EAQipdFjlwbKUENTlnd_UKoUYy3LHjRD9K-LXFOvFe0,6208
+reconcile/saas_auto_promotions_manager/integration.py,sha256=hmRWva3_ZEO845wMkttEt4X6Izl5p8ZKs09NXWp8mkY,5609
 reconcile/saas_auto_promotions_manager/publisher.py,sha256=gdzR7jNDKy130pO6J-UNwXI__EXgiREzdaXvNkE3Bhg,1845
-reconcile/saas_auto_promotions_manager/subscriber.py,sha256=JsS_wrCGZC3-86kHSUTq8veLpdGH6XFL_zqlXKx-eNk,5891
+reconcile/saas_auto_promotions_manager/subscriber.py,sha256=PAncXY973uGMAHZRkV7QqSYSHhyZO_SuLGhwCn0pukI,6177
 reconcile/saas_auto_promotions_manager/merge_request_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request.py,sha256=diDb4BkErloZF6MfzQbMkqC1gx8tglYkw10Vuf_4_Ho,1147
 reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager.py,sha256=QVaaL0hQn0fy-NPmoKyJMp3NxNfE8umYjReaTztxCps,9763
@@ -342,7 +342,7 @@ reconcile/test/test_terraform_cloudflare_dns.py,sha256=aQTXX8Vr4h9aWvJZTnpZEhMGY
 reconcile/test/test_terraform_cloudflare_resources.py,sha256=cWNE2UIhz19rLSWdpJG8xRwuEEYoIZWEkDZY7e2QN_g,3426
 reconcile/test/test_terraform_cloudflare_users.py,sha256=luuSAWflLaLiTipy1CFsuxb6WDkD8PUFqsiBVXergp4,27448
 reconcile/test/test_terraform_resources.py,sha256=dEpJwaTzE_FzkRjCozDtGzE4egBrb-VrwSoWr2Benv4,7955
-reconcile/test/test_terraform_tgw_attachments.py,sha256=VMV6IdEXHj5qFxlr0BCCVVNzxe_j9Nk3ybeOMLMPqJU,9165
+reconcile/test/test_terraform_tgw_attachments.py,sha256=MiohVv2YT6e05y-yGwt9pcGytxB_zN0dKIdJbs4UcGs,15019
 reconcile/test/test_terraform_users.py,sha256=Yt4iN5FMtn7cfVlVqBJ1MMH94Z0DGchyByhpfNUJFxM,1570
 reconcile/test/test_terraform_vpc_peerings.py,sha256=-NXgufo1GCYhbWyVWbtK4KfPNIY6_02GQR53ynwMJZ4,18135
 reconcile/test/test_terraform_vpc_peerings_build_desired_state.py,sha256=43EIGnrm5xAdtuSL6tKDh-nepk4WOKkONMNUOU1BN_Y,37236
@@ -406,12 +406,13 @@ reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_
 reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_namespace.py,sha256=lpMMllzRYzq-WI5JAyX6B9-VOK8N5IBFJn7KUMuvKxk,2008
 reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_target.py,sha256=cwAPrQ_v3DR_CHU7Nt2xBGutC-1XslyJ5mXM8FXW-3o,1111
 reconcile/test/saas_auto_promotions_manager/subscriber/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py,sha256=IShISmgW0FECL82wIy6wFUpCxIKlVIg2WngtpY5Dxxg,2843
+reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py,sha256=R4xSKYtRDeCs2c2d5WTfRnqW9br8p54H8jtP0K-WMmg,2428
 reconcile/test/saas_auto_promotions_manager/subscriber/data_keys.py,sha256=0MPM188d-7kUcqFvOEsjMEhJpSlPZua8rQvlto_50PE,360
 reconcile/test/saas_auto_promotions_manager/subscriber/test_content_hash.py,sha256=6Nkyix3Uyf7Zd9t2C6RnYlQG_y3NsZ6v6zu3G-qF4to,5186
-reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_config_hash.py,sha256=5D9EHJ83304sFZqIQqCFsXI8icAD1bVhhlHfLZfgBag,5805
-reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_moving_ref.py,sha256=gB2u4DshlrbiD9r8zw5CNQhOP_bJw10VHu-sEoJudts,5567
-reconcile/test/saas_auto_promotions_manager/subscriber/test_single_channel_with_single_publisher.py,sha256=QPhzVw5dCMj0ZzjbkN8G-MF_39DefBaY9Zo_tLsnt6o,8040
+reconcile/test/saas_auto_promotions_manager/subscriber/test_diff.py,sha256=GoCl8m63ikzd0fqlqS0z5VwgSVAZSkKk8d0lDbOoS08,2521
+reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_config_hash.py,sha256=1xdM2gJ4Q6ew1xeHijMrrZx_R7UYbIchlg-bSDLO_x4,6955
+reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_moving_ref.py,sha256=Q0YLTz-tTyYcyS0OeDuy5EKwdbIwr2tcoaDK6YnXwWo,6717
+reconcile/test/saas_auto_promotions_manager/subscriber/test_single_channel_with_single_publisher.py,sha256=UaKEgI_yMaILEiD-f9sl7FmlEiTICptSC4roapwE8tY,8642
 reconcile/test/saas_auto_promotions_manager/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_multiple_publishers_for_single_channel.py,sha256=A2bw4U2jcwpQpTd8nab2Pe7QeF-__2CEJp8kWocVHVc,2414
@@ -501,7 +502,7 @@ reconcile/utils/state.py,sha256=_SmE7fOEReET3iy9jRQ1pyuaJebg5962Zs9Iy1dzTJk,9530
 reconcile/utils/structs.py,sha256=B05uQsZLxl4a-wLqiUTJ8ccr1dkjG_UbleMY2jrqoe0,296
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=AYnA1pW7JgNuroHzhrLW8gZ8yN-pLKwH_aAnRj9JcEA,27679
-reconcile/utils/terrascript_aws_client.py,sha256=rivA5maobRrUJ6km4FMA7JDEgd2j8PlF4reZJUBXEjg,252139
+reconcile/utils/terrascript_aws_client.py,sha256=aT4KeWG1PPJbYuKRV505iDxBJFz2gYig6q4JXVrHVzQ,252143
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/unleash.py,sha256=QGANGA8BHG7oC_bt39c2M7uRa2ycjzmahN8_m7Zovos,3094
 reconcile/utils/vault.py,sha256=CnhNu0pZfqS14kD1dQmBldITvTcSJHaHfk-KPNNDC7k,14471
@@ -563,8 +564,8 @@ tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y
 tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.9.1rc273.dist-info/METADATA,sha256=YM9eACxTszm5yZNp-01JcMueOh-CqE8qXR5-tVdSb-E,2287
-qontract_reconcile-0.9.1rc273.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-qontract_reconcile-0.9.1rc273.dist-info/entry_points.txt,sha256=aIVvB7OTCxYu0QkONzBPfFEyg68Pr8KUVKEEm4ChDVc,333
-qontract_reconcile-0.9.1rc273.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
-qontract_reconcile-0.9.1rc273.dist-info/RECORD,,
+qontract_reconcile-0.9.1rc275.dist-info/METADATA,sha256=_flJtRC5kagWx1H5IKnB2RlUXZWqepaSiNJnfWvtUbY,2287
+qontract_reconcile-0.9.1rc275.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+qontract_reconcile-0.9.1rc275.dist-info/entry_points.txt,sha256=aIVvB7OTCxYu0QkONzBPfFEyg68Pr8KUVKEEm4ChDVc,333
+qontract_reconcile-0.9.1rc275.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
+qontract_reconcile-0.9.1rc275.dist-info/RECORD,,

reconcile/saas_auto_promotions_manager/integration.py

@@ -13,10 +13,7 @@ from reconcile.saas_auto_promotions_manager.merge_request_manager.renderer impor
     Renderer,
 )
 from reconcile.saas_auto_promotions_manager.publisher import Publisher
-from reconcile.saas_auto_promotions_manager.subscriber import (
-    ConfigHash,
-    Subscriber,
-)
+from reconcile.saas_auto_promotions_manager.subscriber import Subscriber
 from reconcile.saas_auto_promotions_manager.utils.saas_files_inventory import (
     SaasFilesInventory,
 )
@@ -77,20 +74,7 @@ class SaasAutoPromotionsManager:
             subscriber.compute_desired_state()
 
     def _get_subscribers_with_diff(self) -> list[Subscriber]:
-        subscribers_with_diff: list[Subscriber] = []
-        for subscriber in self._saas_file_inventory.subscribers:
-            current_hashes: list[ConfigHash] = []
-            for s in subscriber.config_hashes_by_channel_name.values():
-                for el in s:
-                    current_hashes.append(el)
-            if (
-                set(subscriber.desired_hashes) == set(current_hashes)
-                and subscriber.desired_ref == subscriber.ref
-            ):
-                # There is no change that requires a promotion
-                continue
-            subscribers_with_diff.append(subscriber)
-        return subscribers_with_diff
+        return [s for s in self._saas_file_inventory.subscribers if s.has_diff()]
 
     def reconcile(self) -> None:
         self._deployment_state.cache_commit_shas_from_s3()

reconcile/saas_auto_promotions_manager/subscriber.py

@@ -45,6 +45,15 @@ class Subscriber:
         self.namespace_file_path = namespace_file_path
         self._content_hash = ""
 
+    def has_diff(self) -> bool:
+        current_hashes = {
+            el for s in self.config_hashes_by_channel_name.values() for el in s
+        }
+        return not (
+            set(self.desired_hashes) == set(current_hashes)
+            and self.desired_ref == self.ref
+        )
+
     def compute_desired_state(self) -> None:
         self._compute_desired_ref()
         self._compute_desired_config_hashes()

reconcile/terraform_tgw_attachments.py

@@ -1,12 +1,23 @@
 import json
 import logging
-import sys
-from typing import Any
+from collections.abc import (
+    Callable,
+    Generator,
+    Iterable,
+    Mapping,
+)
+from typing import (
+    Any,
+    Optional,
+)
 
 from reconcile import queries
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.defer import defer
-from reconcile.utils.ocm import OCMMap
+from reconcile.utils.ocm import (
+    OCM,
+    OCMMap,
+)
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.terraform_client import TerraformClient as Terraform
 from reconcile.utils.terrascript_aws_client import TerrascriptClient as Terrascript
@@ -14,8 +25,18 @@ from reconcile.utils.terrascript_aws_client import TerrascriptClient as Terrascr
 QONTRACT_INTEGRATION = "terraform_tgw_attachments"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
 
+TGW_CONNECTION_PROVIDER = "account-tgw"
 
-def build_desired_state_tgw_attachments(clusters, ocm_map: OCMMap, awsapi: AWSApi):
+
+class ValidationError(Exception):
+    pass
+
+
+def build_desired_state_tgw_attachments(
+    clusters: Iterable[Mapping],
+    ocm_map: Optional[OCMMap],
+    awsapi: AWSApi,
+) -> tuple[list[dict], bool]:
     """
     Fetch state for TGW attachments between a cluster and all TGWs
     in an account in the same region as the cluster
@@ -23,110 +44,207 @@ def build_desired_state_tgw_attachments(clusters, ocm_map: OCMMap, awsapi: AWSAp
     desired_state = []
     error = False
 
+    for item in _build_desired_state_tgw_attachments(clusters, ocm_map, awsapi):
+        if item is None:
+            error = True
+        else:
+            desired_state.append(item)
+    return desired_state, error
+
+
+def _build_desired_state_tgw_attachments(
+    clusters: Iterable[Mapping],
+    ocm_map: Optional[OCMMap],
+    awsapi: AWSApi,
+) -> Generator[Optional[dict], Any, None]:
     for cluster_info in clusters:
-        cluster = cluster_info["name"]
-        ocm = ocm_map.get(cluster)
-        peering_info = cluster_info["peering"]
-        peer_connections = peering_info["connections"]
-        for peer_connection in peer_connections:
-            # We only care about account-tgw peering providers
-            peer_connection_provider = peer_connection["provider"]
-            if not peer_connection_provider == "account-tgw":
-                continue
-            # accepter is the cluster's AWS account
-            cluster_region = cluster_info["spec"]["region"]
-            cluster_cidr_block = cluster_info["network"]["vpc"]
-            accepter = {"cidr_block": cluster_cidr_block, "region": cluster_region}
-
-            account = peer_connection["account"]
-            # assume_role is the role to assume to provision the
-            # peering connection request, through the accepter AWS account.
-            provided_assume_role = peer_connection.get("assumeRole")
-            # if an assume_role is provided, it means we don't need
-            # to get the information from OCM. it likely means that
-            # there is no OCM at all.
-            if provided_assume_role:
-                account["assume_role"] = provided_assume_role
-            else:
-                account[
-                    "assume_role"
-                ] = ocm.get_aws_infrastructure_access_terraform_assume_role(
-                    cluster, account["uid"], account["terraformUsername"]
-                )
-            account["assume_region"] = accepter["region"]
-            account["assume_cidr"] = accepter["cidr_block"]
-            (
-                accepter_vpc_id,
-                accepter_route_table_ids,
-                accepter_subnets_id_az,
-            ) = awsapi.get_cluster_vpc_details(
-                account,
-                route_tables=peer_connection.get("manageRoutes"),
-                subnets=True,
-            )
-
-            if accepter_vpc_id is None:
-                logging.error(f"[{cluster} could not find VPC ID for cluster")
-                error = True
-                continue
-            accepter["vpc_id"] = accepter_vpc_id
-            accepter["route_table_ids"] = accepter_route_table_ids
-            accepter["subnets_id_az"] = accepter_subnets_id_az
-            accepter["account"] = account
-
-            account_tgws = awsapi.get_tgws_details(
-                account,
-                cluster_region,
-                cluster_cidr_block,
-                tags=json.loads(peer_connection.get("tags") or "{}"),
-                route_tables=peer_connection.get("manageRoutes"),
-                security_groups=peer_connection.get("manageSecurityGroups"),
-                route53_associations=peer_connection.get("manageRoute53Associations"),
-            )
-            for tgw in account_tgws:
-                tgw_id = tgw["tgw_id"]
-                connection_name = (
-                    f"{peer_connection['name']}_" + f"{account['name']}-{tgw_id}"
+        ocm = (
+            ocm_map.get(cluster_info["name"])
+            if ocm_map and cluster_info.get("ocm")
+            else None
+        )
+        for peer_connection in cluster_info["peering"]["connections"]:
+            if peer_connection["provider"] == TGW_CONNECTION_PROVIDER:
+                yield from _build_desired_state_tgw_connection(
+                    peer_connection, cluster_info, ocm, awsapi
                 )
-                requester = {
-                    "tgw_id": tgw_id,
-                    "tgw_arn": tgw["tgw_arn"],
-                    "region": tgw["region"],
-                    "routes": tgw.get("routes"),
-                    "rules": tgw.get("rules"),
-                    "hostedzones": tgw.get("hostedzones"),
-                    "cidr_block": peer_connection.get("cidrBlock"),
-                    "account": account,
-                }
-                item = {
-                    "connection_provider": peer_connection_provider,
-                    "connection_name": connection_name,
-                    "requester": requester,
-                    "accepter": accepter,
-                    "deleted": peer_connection.get("delete", False),
-                }
-                desired_state.append(item)
 
-    return desired_state, error
 
+def _build_desired_state_tgw_connection(
+    peer_connection: Mapping,
+    cluster_info: Mapping,
+    ocm: Optional[OCM],
+    awsapi: AWSApi,
+) -> Generator[Optional[dict], Any, None]:
+    cluster_name = cluster_info["name"]
+    cluster_region = cluster_info["spec"]["region"]
+    cluster_cidr_block = cluster_info["network"]["vpc"]
 
-@defer
-def run(
-    dry_run, print_to_file=None, enable_deletion=False, thread_pool_size=10, defer=None
-):
-    settings = queries.get_secret_reader_settings()
-    clusters = queries.get_clusters_with_peering_settings()
-    with_ocm = any(c.get("ocm") for c in clusters)
-    if with_ocm:
-        ocm_map = OCMMap(
-            clusters=clusters, integration=QONTRACT_INTEGRATION, settings=settings
-        )
+    account = _account_with_assume_role_data(
+        peer_connection, cluster_name, cluster_region, cluster_cidr_block, ocm
+    )
+
+    # accepter is the cluster's AWS account
+    accepter = _build_accepter(
+        peer_connection,
+        account,
+        cluster_region,
+        cluster_cidr_block,
+        awsapi,
+    )
+    if accepter["vpc_id"] is None:
+        logging.error(f"[{cluster_name}] could not find VPC ID for cluster")
+        yield None
+
+    account_tgws = awsapi.get_tgws_details(
+        account,
+        cluster_region,
+        cluster_cidr_block,
+        tags=json.loads(peer_connection.get("tags") or "{}"),
+        route_tables=peer_connection.get("manageRoutes"),
+        security_groups=peer_connection.get("manageSecurityGroups"),
+        route53_associations=peer_connection.get("manageRoute53Associations"),
+    )
+    for tgw in account_tgws:
+        connection_name = f"{peer_connection['name']}_{account['name']}-{tgw['tgw_id']}"
+        requester = _build_requester(peer_connection, account, tgw)
+        item = {
+            "connection_provider": TGW_CONNECTION_PROVIDER,
+            "connection_name": connection_name,
+            "requester": requester,
+            "accepter": accepter,
+            "deleted": peer_connection.get("delete", False),
+        }
+        yield item
+
+
+def _account_with_assume_role_data(
+    peer_connection: Mapping,
+    cluster_name: str,
+    region: str,
+    cidr_block: str,
+    ocm: Optional[OCM],
+) -> dict[str, Any]:
+    account = peer_connection["account"]
+    # assume_role is the role to assume to provision the
+    # peering connection request, through the accepter AWS account.
+    provided_assume_role = peer_connection.get("assumeRole")
+    # if an assume_role is provided, it means we don't need
+    # to get the information from OCM. it likely means that
+    # there is no OCM at all.
+    if provided_assume_role:
+        account["assume_role"] = provided_assume_role
     else:
+        if not ocm:
+            raise ValueError("OCM is required to get assume_role data")
+        account[
+            "assume_role"
+        ] = ocm.get_aws_infrastructure_access_terraform_assume_role(
+            cluster_name, account["uid"], account["terraformUsername"]
+        )
+    account["assume_region"] = region
+    account["assume_cidr"] = cidr_block
+    return account
+
+
+def _build_accepter(
+    peer_connection: Mapping,
+    account: Mapping,
+    region: str,
+    cidr_block: str,
+    awsapi: AWSApi,
+) -> dict[str, Any]:
+    (vpc_id, route_table_ids, subnets_id_az) = awsapi.get_cluster_vpc_details(
+        account,
+        route_tables=peer_connection.get("manageRoutes"),
+        subnets=True,
+    )
+    return {
+        "cidr_block": cidr_block,
+        "region": region,
+        "vpc_id": vpc_id,
+        "route_table_ids": route_table_ids,
+        "subnets_id_az": subnets_id_az,
+        "account": account,
+    }
+
+
+def _build_requester(
+    peer_connection: Mapping,
+    account: Mapping,
+    tgw: Mapping,
+) -> dict[str, Any]:
+    return {
+        "tgw_id": tgw["tgw_id"],
+        "tgw_arn": tgw["tgw_arn"],
+        "region": tgw["region"],
+        "routes": tgw.get("routes"),
+        "rules": tgw.get("rules"),
+        "hostedzones": tgw.get("hostedzones"),
+        "cidr_block": peer_connection.get("cidrBlock"),
+        "account": account,
+    }
+
+
+def _build_ocm_map(
+    clusters: Iterable[Mapping],
+    settings: Optional[Mapping[str, Any]],
+) -> Optional[OCMMap]:
+    ocm_clusters = [c for c in clusters if c.get("ocm")]
+    return (
+        OCMMap(
+            clusters=ocm_clusters, integration=QONTRACT_INTEGRATION, settings=settings
+        )
+        if ocm_clusters
         # this is a case for an OCP cluster which is not provisioned
         # through OCM. it is expected that an 'assume_role' is provided
-        # on the tgw defition in the cluster file.
-        ocm_map = {}
+        # on the tgw definition in the cluster file.
+        else None
+    )
+
+
+def _validate_tgw_connection_names(desired_state: Iterable[Mapping]) -> None:
+    connection_names = [c["connection_name"] for c in desired_state]
+    if len(set(connection_names)) != len(connection_names):
+        raise ValidationError("duplicate tgw connection names found")
+
 
+def _filter_accounts(
+    accounts: Iterable[Mapping],
+    participating_accounts: Iterable[Mapping],
+) -> list:
+    participating_account_names = {a["name"] for a in participating_accounts}
+    return [a for a in accounts if a["name"] in participating_account_names]
+
+
+def _populate_tgw_attachments_working_dirs(
+    desired_state: Iterable,
+    accounts: Iterable,
+    settings: Optional[Mapping[str, Any]],
+    participating_accounts: Iterable,
+    print_to_file: Optional[str],
+    thread_pool_size: int,
+) -> dict[str, str]:
+    ts = Terrascript(
+        QONTRACT_INTEGRATION, "", thread_pool_size, accounts, settings=settings
+    )
+    ts.populate_additional_providers(participating_accounts)
+    ts.populate_tgw_attachments(desired_state)
+    working_dirs = ts.dump(print_to_file=print_to_file)
+    return working_dirs
+
+
+@defer
+def run(
+    dry_run: bool,
+    print_to_file: Optional[str] = None,
+    enable_deletion: bool = False,
+    thread_pool_size: int = 10,
+    defer: Optional[Callable] = None,
+) -> None:
+    settings = queries.get_secret_reader_settings()
+    clusters = queries.get_clusters_with_peering_settings()
+    ocm_map = _build_ocm_map(clusters, settings)
     accounts = queries.get_aws_accounts(terraform_state=True, ecrs=False)
 
     # Fetch desired state for cluster-to-vpc(account) VPCs
@@ -135,66 +253,59 @@ def run(
             clusters, ocm_map, awsapi
         )
     if err:
-        sys.exit(1)
+        raise RuntimeError("Could not find VPC ID for cluster")
 
-    # check there are no repeated vpc connection names
-    connection_names = [c["connection_name"] for c in desired_state]
-    if len(set(connection_names)) != len(connection_names):
-        logging.error("duplicate vpc connection names found")
-        sys.exit(1)
+    # check there are no repeated tgw connection names
+    _validate_tgw_connection_names(desired_state)
 
     participating_accounts = [item["requester"]["account"] for item in desired_state]
-    participating_accounts += [item["accepter"]["account"] for item in desired_state]
-    participating_account_names = [a["name"] for a in participating_accounts]
-    accounts = [
-        a
-        for a in queries.get_aws_accounts(terraform_state=True, ecrs=False)
-        if a["name"] in participating_account_names
-    ]
+    filtered_accounts = _filter_accounts(accounts, participating_accounts)
 
-    ts = Terrascript(
-        QONTRACT_INTEGRATION, "", thread_pool_size, accounts, settings=settings
+    working_dirs = _populate_tgw_attachments_working_dirs(
+        desired_state,
+        filtered_accounts,
+        settings,
+        participating_accounts,
+        print_to_file,
+        thread_pool_size,
     )
-    ts.populate_additional_providers(participating_accounts)
-    ts.populate_tgw_attachments(desired_state)
-    working_dirs = ts.dump(print_to_file=print_to_file)
 
     if print_to_file:
-        sys.exit()
+        return
 
-    aws_api = AWSApi(1, accounts, settings=settings, init_users=False)
+    aws_api = AWSApi(1, filtered_accounts, settings=settings, init_users=False)
 
     tf = Terraform(
         QONTRACT_INTEGRATION,
         QONTRACT_INTEGRATION_VERSION,
         "",
-        accounts,
+        filtered_accounts,
         working_dirs,
         thread_pool_size,
         aws_api,
     )
 
-    if tf is None:
-        sys.exit(1)
-
-    defer(tf.cleanup)
+    if defer:
+        defer(tf.cleanup)
 
     disabled_deletions_detected, err = tf.plan(enable_deletion)
     if err:
-        sys.exit(1)
+        raise RuntimeError("Error running terraform plan")
     if disabled_deletions_detected:
-        sys.exit(1)
+        raise RuntimeError("Disabled deletions detected running terraform plan")
 
     if dry_run:
         return
 
     err = tf.apply()
     if err:
-        sys.exit(1)
+        raise RuntimeError("Error running terraform apply")
 
 
 def early_exit_desired_state(
-    print_to_file=None, enable_deletion=False, thread_pool_size=10
+    print_to_file: Optional[str] = None,
+    enable_deletion: bool = False,
+    thread_pool_size: int = 10,
 ) -> dict[str, Any]:
     return {
         "clusters": queries.get_clusters_with_peering_settings(),

reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py

@@ -1,7 +1,6 @@
 from collections import defaultdict
 from collections.abc import (
     Callable,
-    Iterable,
     Mapping,
 )
 from typing import Any
@@ -23,6 +22,8 @@ from .data_keys import (
     CONFIG_HASH,
     CUR_CONFIG_HASHES,
     CUR_SUBSCRIBER_REF,
+    DESIRED_REF,
+    DESIRED_TARGET_HASHES,
     NAMESPACE_REF,
     REAL_WORLD_SHA,
     SUCCESSFUL_DEPLOYMENT,
@@ -30,23 +31,6 @@ from .data_keys import (
 )
 
 
-@pytest.fixture
-def config_hashes_builder() -> Callable[
-    [Iterable[tuple[str, str, str]]], list[ConfigHash]
-]:
-    def builder(data: Iterable[tuple[str, str, str]]) -> list[ConfigHash]:
-        return [
-            ConfigHash(
-                channel=d[0],
-                parent_saas=d[1],
-                target_config_hash=d[2],
-            )
-            for d in data
-        ]
-
-    return builder
-
-
 @pytest.fixture
 def subscriber_builder() -> Callable[[Mapping[str, Any]], Subscriber]:
     def builder(data: Mapping[str, Any]) -> Subscriber:
@@ -69,12 +53,8 @@ def subscriber_builder() -> Callable[[Mapping[str, Any]], Subscriber]:
             channels.append(channel)
         cur_config_hashes_by_channel: dict[str, list[ConfigHash]] = defaultdict(list)
         for cur_config_hash in data.get(CUR_CONFIG_HASHES, []):
-            cur_config_hashes_by_channel[cur_config_hash[0]].append(
-                ConfigHash(
-                    channel=cur_config_hash[0],
-                    parent_saas=cur_config_hash[1],
-                    target_config_hash=cur_config_hash[2],
-                )
+            cur_config_hashes_by_channel[cur_config_hash.channel].append(
+                cur_config_hash
             )
         subscriber = Subscriber(
             namespace_file_path=data.get(NAMESPACE_REF, ""),
@@ -85,6 +65,8 @@ def subscriber_builder() -> Callable[[Mapping[str, Any]], Subscriber]:
         )
         subscriber.channels = channels
         subscriber.config_hashes_by_channel_name = cur_config_hashes_by_channel
+        subscriber.desired_ref = data.get(DESIRED_REF, "")
+        subscriber.desired_hashes = data.get(DESIRED_TARGET_HASHES, [])
         return subscriber
 
     return builder