PyPI - qontract-reconcile - Versions diffs - 0.9.1rc298__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl - Mend

qontract-reconcile 0.9.1rc298py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (843) hide show

qontract_reconcile-0.10.1.dev1203.dist-info/METADATA +500 -0
qontract_reconcile-0.10.1.dev1203.dist-info/RECORD +771 -0
{qontract_reconcile-0.9.1rc298.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/WHEEL +1 -2
{qontract_reconcile-0.9.1rc298.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/entry_points.txt +4 -2
reconcile/acs_notifiers.py +126 -0
reconcile/acs_policies.py +243 -0
reconcile/acs_rbac.py +596 -0
reconcile/aus/advanced_upgrade_service.py +621 -8
reconcile/aus/aus_label_source.py +115 -0
reconcile/aus/base.py +1053 -353
reconcile/{utils → aus}/cluster_version_data.py +27 -12
reconcile/aus/healthchecks.py +77 -0
reconcile/aus/metrics.py +158 -0
reconcile/aus/models.py +245 -5
reconcile/aus/node_pool_spec.py +35 -0
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +225 -110
reconcile/aus/ocm_upgrade_scheduler.py +76 -71
reconcile/aus/ocm_upgrade_scheduler_org.py +81 -23
reconcile/aus/version_gate_approver.py +204 -0
reconcile/aus/version_gates/__init__.py +12 -0
reconcile/aus/version_gates/handler.py +33 -0
reconcile/aus/version_gates/ingress_gate_handler.py +32 -0
reconcile/aus/version_gates/ocp_gate_handler.py +26 -0
reconcile/aus/version_gates/sts_version_gate_handler.py +100 -0
reconcile/aws_account_manager/README.md +5 -0
reconcile/aws_account_manager/integration.py +373 -0
reconcile/aws_account_manager/merge_request_manager.py +114 -0
reconcile/aws_account_manager/metrics.py +39 -0
reconcile/aws_account_manager/reconciler.py +403 -0
reconcile/aws_account_manager/utils.py +41 -0
reconcile/aws_ami_cleanup/integration.py +273 -0
reconcile/aws_ami_share.py +18 -14
reconcile/aws_cloudwatch_log_retention/integration.py +253 -0
reconcile/aws_iam_keys.py +1 -1
reconcile/aws_iam_password_reset.py +56 -20
reconcile/aws_saml_idp/integration.py +204 -0
reconcile/aws_saml_roles/integration.py +322 -0
reconcile/aws_support_cases_sos.py +2 -2
reconcile/aws_version_sync/integration.py +430 -0
reconcile/aws_version_sync/merge_request_manager/merge_request.py +156 -0
reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py +160 -0
reconcile/aws_version_sync/utils.py +64 -0
reconcile/blackbox_exporter_endpoint_monitoring.py +2 -5
reconcile/change_owners/README.md +34 -0
reconcile/change_owners/approver.py +7 -9
reconcile/change_owners/bundle.py +134 -9
reconcile/change_owners/change_log_tracking.py +236 -0
reconcile/change_owners/change_owners.py +204 -194
reconcile/change_owners/change_types.py +183 -265
reconcile/change_owners/changes.py +488 -0
reconcile/change_owners/decision.py +120 -41
reconcile/change_owners/diff.py +63 -92
reconcile/change_owners/implicit_ownership.py +19 -16
reconcile/change_owners/self_service_roles.py +158 -35
reconcile/change_owners/tester.py +20 -18
reconcile/checkpoint.py +4 -6
reconcile/cli.py +1523 -242
reconcile/closedbox_endpoint_monitoring_base.py +10 -17
reconcile/cluster_auth_rhidp/integration.py +257 -0
reconcile/cluster_deployment_mapper.py +2 -5
reconcile/cna/assets/asset.py +4 -7
reconcile/cna/assets/null.py +2 -5
reconcile/cna/integration.py +2 -3
reconcile/cna/state.py +6 -9
reconcile/dashdotdb_base.py +31 -10
reconcile/dashdotdb_cso.py +3 -6
reconcile/dashdotdb_dora.py +530 -0
reconcile/dashdotdb_dvo.py +10 -13
reconcile/dashdotdb_slo.py +75 -19
reconcile/database_access_manager.py +753 -0
reconcile/deadmanssnitch.py +207 -0
reconcile/dynatrace_token_provider/dependencies.py +69 -0
reconcile/dynatrace_token_provider/integration.py +656 -0
reconcile/dynatrace_token_provider/metrics.py +62 -0
reconcile/dynatrace_token_provider/model.py +14 -0
reconcile/dynatrace_token_provider/ocm.py +140 -0
reconcile/dynatrace_token_provider/validate.py +48 -0
reconcile/endpoints_discovery/integration.py +348 -0
reconcile/endpoints_discovery/merge_request.py +96 -0
reconcile/endpoints_discovery/merge_request_manager.py +178 -0
reconcile/external_resources/aws.py +204 -0
reconcile/external_resources/factories.py +163 -0
reconcile/external_resources/integration.py +194 -0
reconcile/external_resources/integration_secrets_sync.py +47 -0
reconcile/external_resources/manager.py +405 -0
reconcile/external_resources/meta.py +17 -0
reconcile/external_resources/metrics.py +95 -0
reconcile/external_resources/model.py +350 -0
reconcile/external_resources/reconciler.py +265 -0
reconcile/external_resources/secrets_sync.py +465 -0
reconcile/external_resources/state.py +258 -0
reconcile/gabi_authorized_users.py +19 -11
reconcile/gcr_mirror.py +43 -34
reconcile/github_org.py +4 -6
reconcile/github_owners.py +1 -1
reconcile/github_repo_invites.py +2 -5
reconcile/gitlab_fork_compliance.py +14 -13
reconcile/gitlab_housekeeping.py +185 -91
reconcile/gitlab_labeler.py +15 -14
reconcile/gitlab_members.py +126 -120
reconcile/gitlab_owners.py +53 -66
reconcile/gitlab_permissions.py +167 -6
reconcile/glitchtip/README.md +150 -0
reconcile/glitchtip/integration.py +99 -51
reconcile/glitchtip/reconciler.py +99 -70
reconcile/glitchtip_project_alerts/__init__.py +0 -0
reconcile/glitchtip_project_alerts/integration.py +333 -0
reconcile/glitchtip_project_dsn/integration.py +43 -43
reconcile/gql_definitions/acs/__init__.py +0 -0
reconcile/gql_definitions/acs/acs_instances.py +83 -0
reconcile/gql_definitions/acs/acs_policies.py +239 -0
reconcile/gql_definitions/acs/acs_rbac.py +111 -0
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +46 -8
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +38 -8
reconcile/gql_definitions/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +61 -0
reconcile/gql_definitions/aws_account_manager/__init__.py +0 -0
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +177 -0
reconcile/gql_definitions/aws_ami_cleanup/__init__.py +0 -0
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +161 -0
reconcile/gql_definitions/aws_saml_idp/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/roles.py +97 -0
reconcile/gql_definitions/aws_version_sync/__init__.py +0 -0
reconcile/gql_definitions/aws_version_sync/clusters.py +83 -0
reconcile/gql_definitions/aws_version_sync/namespaces.py +143 -0
reconcile/gql_definitions/change_owners/queries/change_types.py +16 -29
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +45 -11
reconcile/gql_definitions/cluster_auth_rhidp/__init__.py +0 -0
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +128 -0
reconcile/gql_definitions/cna/queries/cna_provisioners.py +6 -8
reconcile/gql_definitions/cna/queries/cna_resources.py +3 -5
reconcile/gql_definitions/common/alerting_services_settings.py +2 -2
reconcile/gql_definitions/common/app_code_component_repos.py +9 -5
reconcile/gql_definitions/{glitchtip/glitchtip_settings.py → common/app_interface_custom_messages.py} +14 -16
reconcile/gql_definitions/common/app_interface_dms_settings.py +86 -0
reconcile/gql_definitions/common/app_interface_repo_settings.py +2 -2
reconcile/gql_definitions/common/app_interface_state_settings.py +3 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +3 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +120 -0
reconcile/gql_definitions/common/apps.py +72 -0
reconcile/gql_definitions/common/aws_vpc_requests.py +109 -0
reconcile/gql_definitions/common/aws_vpcs.py +84 -0
reconcile/gql_definitions/common/clusters.py +120 -254
reconcile/gql_definitions/common/clusters_minimal.py +11 -35
reconcile/gql_definitions/common/clusters_with_dms.py +72 -0
reconcile/gql_definitions/common/clusters_with_peering.py +70 -98
reconcile/gql_definitions/common/github_orgs.py +2 -2
reconcile/gql_definitions/common/jira_settings.py +68 -0
reconcile/gql_definitions/common/jiralert_settings.py +68 -0
reconcile/gql_definitions/common/namespaces.py +74 -32
reconcile/gql_definitions/common/namespaces_minimal.py +4 -10
reconcile/gql_definitions/common/ocm_env_telemeter.py +95 -0
reconcile/gql_definitions/common/ocm_environments.py +4 -2
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -11
reconcile/gql_definitions/common/pipeline_providers.py +45 -90
reconcile/gql_definitions/common/quay_instances.py +64 -0
reconcile/gql_definitions/common/quay_orgs.py +68 -0
reconcile/gql_definitions/common/reserved_networks.py +94 -0
reconcile/gql_definitions/common/saas_files.py +133 -95
reconcile/gql_definitions/common/saas_target_namespaces.py +41 -26
reconcile/gql_definitions/common/saasherder_settings.py +2 -2
reconcile/gql_definitions/common/slack_workspaces.py +62 -0
reconcile/gql_definitions/common/smtp_client_settings.py +2 -2
reconcile/gql_definitions/common/state_aws_account.py +77 -0
reconcile/gql_definitions/common/users.py +3 -2
reconcile/gql_definitions/cost_report/__init__.py +0 -0
reconcile/gql_definitions/cost_report/app_names.py +68 -0
reconcile/gql_definitions/cost_report/cost_namespaces.py +86 -0
reconcile/gql_definitions/cost_report/settings.py +77 -0
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +42 -12
reconcile/gql_definitions/dynatrace_token_provider/__init__.py +0 -0
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +79 -0
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +84 -0
reconcile/gql_definitions/endpoints_discovery/__init__.py +0 -0
reconcile/gql_definitions/endpoints_discovery/namespaces.py +127 -0
reconcile/gql_definitions/external_resources/__init__.py +0 -0
reconcile/gql_definitions/external_resources/aws_accounts.py +73 -0
reconcile/gql_definitions/external_resources/external_resources_modules.py +78 -0
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +1111 -0
reconcile/gql_definitions/external_resources/external_resources_settings.py +98 -0
reconcile/gql_definitions/fragments/aus_organization.py +34 -39
reconcile/gql_definitions/fragments/aws_account_common.py +62 -0
reconcile/gql_definitions/fragments/aws_account_managed.py +57 -0
reconcile/gql_definitions/fragments/aws_account_sso.py +35 -0
reconcile/gql_definitions/fragments/aws_infra_management_account.py +2 -2
reconcile/gql_definitions/fragments/aws_vpc.py +47 -0
reconcile/gql_definitions/fragments/aws_vpc_request.py +65 -0
reconcile/gql_definitions/fragments/aws_vpc_request_subnet.py +29 -0
reconcile/gql_definitions/fragments/deplopy_resources.py +7 -7
reconcile/gql_definitions/fragments/disable.py +28 -0
reconcile/gql_definitions/fragments/jumphost_common_fields.py +2 -2
reconcile/gql_definitions/fragments/membership_source.py +47 -0
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +29 -0
reconcile/gql_definitions/fragments/oc_connection_cluster.py +4 -9
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +30 -0
reconcile/gql_definitions/fragments/prometheus_instance.py +48 -0
reconcile/gql_definitions/fragments/resource_limits_requirements.py +29 -0
reconcile/gql_definitions/fragments/{resource_requirements.py → resource_requests_requirements.py} +3 -3
reconcile/gql_definitions/fragments/resource_values.py +2 -2
reconcile/gql_definitions/fragments/saas_target_namespace.py +55 -12
reconcile/gql_definitions/fragments/serviceaccount_token.py +38 -0
reconcile/gql_definitions/fragments/terraform_state.py +36 -0
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -3
reconcile/gql_definitions/fragments/user.py +3 -2
reconcile/gql_definitions/fragments/vault_secret.py +2 -2
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +6 -2
reconcile/gql_definitions/gitlab_members/permissions.py +3 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +16 -2
reconcile/gql_definitions/glitchtip/glitchtip_project.py +22 -23
reconcile/gql_definitions/glitchtip_project_alerts/__init__.py +0 -0
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +173 -0
reconcile/gql_definitions/integrations/integrations.py +62 -45
reconcile/gql_definitions/introspection.json +51176 -0
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +13 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +79 -0
reconcile/gql_definitions/jira/__init__.py +0 -0
reconcile/gql_definitions/jira/jira_servers.py +80 -0
reconcile/gql_definitions/jira_permissions_validator/__init__.py +0 -0
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +131 -0
reconcile/gql_definitions/jumphosts/jumphosts.py +3 -5
reconcile/gql_definitions/ldap_groups/__init__.py +0 -0
reconcile/gql_definitions/ldap_groups/roles.py +111 -0
reconcile/gql_definitions/ldap_groups/settings.py +79 -0
reconcile/gql_definitions/maintenance/__init__.py +0 -0
reconcile/gql_definitions/maintenance/maintenances.py +101 -0
reconcile/gql_definitions/membershipsources/__init__.py +0 -0
reconcile/gql_definitions/membershipsources/roles.py +112 -0
reconcile/gql_definitions/ocm_labels/__init__.py +0 -0
reconcile/gql_definitions/ocm_labels/clusters.py +112 -0
reconcile/gql_definitions/ocm_labels/organizations.py +78 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +126 -0
reconcile/gql_definitions/openshift_groups/managed_groups.py +2 -2
reconcile/gql_definitions/openshift_groups/managed_roles.py +3 -2
reconcile/gql_definitions/openshift_serviceaccount_tokens/__init__.py +0 -0
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +132 -0
reconcile/gql_definitions/quay_membership/quay_membership.py +3 -5
reconcile/gql_definitions/rhidp/__init__.py +0 -0
reconcile/gql_definitions/rhidp/organizations.py +96 -0
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +2 -2
reconcile/gql_definitions/service_dependencies/service_dependencies.py +9 -31
reconcile/gql_definitions/sharding/aws_accounts.py +2 -2
reconcile/gql_definitions/sharding/ocm_organization.py +63 -0
reconcile/gql_definitions/skupper_network/site_controller_template.py +2 -2
reconcile/gql_definitions/skupper_network/skupper_networks.py +12 -38
reconcile/gql_definitions/slack_usergroups/clusters.py +2 -2
reconcile/gql_definitions/slack_usergroups/permissions.py +8 -15
reconcile/gql_definitions/slack_usergroups/users.py +3 -2
reconcile/gql_definitions/slo_documents/__init__.py +0 -0
reconcile/gql_definitions/slo_documents/slo_documents.py +142 -0
reconcile/gql_definitions/status_board/__init__.py +0 -0
reconcile/gql_definitions/status_board/status_board.py +163 -0
reconcile/gql_definitions/statuspage/statuspages.py +56 -7
reconcile/gql_definitions/templating/__init__.py +0 -0
reconcile/gql_definitions/templating/template_collection.py +130 -0
reconcile/gql_definitions/templating/templates.py +108 -0
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +8 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +6 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +45 -56
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +4 -8
reconcile/gql_definitions/terraform_init/__init__.py +0 -0
reconcile/gql_definitions/terraform_init/aws_accounts.py +93 -0
reconcile/gql_definitions/terraform_repo/__init__.py +0 -0
reconcile/gql_definitions/terraform_repo/terraform_repo.py +141 -0
reconcile/gql_definitions/terraform_resources/database_access_manager.py +158 -0
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +153 -162
reconcile/gql_definitions/terraform_tgw_attachments/__init__.py +0 -0
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +119 -0
reconcile/gql_definitions/unleash_feature_toggles/__init__.py +0 -0
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +113 -0
reconcile/gql_definitions/vault_instances/vault_instances.py +17 -50
reconcile/gql_definitions/vault_policies/vault_policies.py +2 -2
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +49 -12
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +7 -2
reconcile/integrations_manager.py +25 -13
reconcile/jenkins/types.py +5 -1
reconcile/jenkins_base.py +36 -0
reconcile/jenkins_job_builder.py +10 -48
reconcile/jenkins_job_builds_cleaner.py +40 -25
reconcile/jenkins_job_cleaner.py +1 -3
reconcile/jenkins_roles.py +22 -26
reconcile/jenkins_webhooks.py +9 -6
reconcile/jenkins_worker_fleets.py +11 -6
reconcile/jira_permissions_validator.py +340 -0
reconcile/jira_watcher.py +3 -5
reconcile/ldap_groups/__init__.py +0 -0
reconcile/ldap_groups/integration.py +279 -0
reconcile/ldap_users.py +3 -0
reconcile/ocm/types.py +39 -59
reconcile/ocm_additional_routers.py +0 -1
reconcile/ocm_addons_upgrade_tests_trigger.py +10 -15
reconcile/ocm_aws_infrastructure_access.py +30 -32
reconcile/ocm_clusters.py +217 -130
reconcile/ocm_external_configuration_labels.py +15 -0
reconcile/ocm_github_idp.py +1 -1
reconcile/ocm_groups.py +25 -5
reconcile/ocm_internal_notifications/__init__.py +0 -0
reconcile/ocm_internal_notifications/integration.py +119 -0
reconcile/ocm_labels/__init__.py +0 -0
reconcile/ocm_labels/integration.py +409 -0
reconcile/ocm_machine_pools.py +517 -108
reconcile/ocm_upgrade_scheduler_org_updater.py +15 -11
reconcile/openshift_base.py +609 -207
reconcile/openshift_cluster_bots.py +344 -0
reconcile/openshift_clusterrolebindings.py +15 -15
reconcile/openshift_groups.py +42 -45
reconcile/openshift_limitranges.py +1 -0
reconcile/openshift_namespace_labels.py +22 -28
reconcile/openshift_namespaces.py +22 -22
reconcile/openshift_network_policies.py +4 -8
reconcile/openshift_prometheus_rules.py +43 -0
reconcile/openshift_resourcequotas.py +2 -16
reconcile/openshift_resources.py +12 -10
reconcile/openshift_resources_base.py +304 -328
reconcile/openshift_rolebindings.py +18 -20
reconcile/openshift_saas_deploy.py +105 -21
reconcile/openshift_saas_deploy_change_tester.py +30 -35
reconcile/openshift_saas_deploy_trigger_base.py +39 -36
reconcile/openshift_saas_deploy_trigger_cleaner.py +41 -27
reconcile/openshift_saas_deploy_trigger_configs.py +1 -2
reconcile/openshift_saas_deploy_trigger_images.py +1 -2
reconcile/openshift_saas_deploy_trigger_moving_commits.py +1 -2
reconcile/openshift_saas_deploy_trigger_upstream_jobs.py +1 -2
reconcile/openshift_serviceaccount_tokens.py +138 -74
reconcile/openshift_tekton_resources.py +89 -24
reconcile/openshift_upgrade_watcher.py +110 -62
reconcile/openshift_users.py +16 -15
reconcile/openshift_vault_secrets.py +11 -6
reconcile/oum/__init__.py +0 -0
reconcile/oum/base.py +387 -0
reconcile/oum/labelset.py +55 -0
reconcile/oum/metrics.py +71 -0
reconcile/oum/models.py +69 -0
reconcile/oum/providers.py +59 -0
reconcile/oum/standalone.py +196 -0
reconcile/prometheus_rules_tester/integration.py +31 -23
reconcile/quay_base.py +4 -1
reconcile/quay_membership.py +1 -2
reconcile/quay_mirror.py +111 -61
reconcile/quay_mirror_org.py +34 -21
reconcile/quay_permissions.py +7 -3
reconcile/quay_repos.py +24 -32
reconcile/queries.py +263 -198
reconcile/query_validator.py +3 -5
reconcile/resource_scraper.py +3 -4
reconcile/{template_tester.py → resource_template_tester.py} +3 -3
reconcile/rhidp/__init__.py +0 -0
reconcile/rhidp/common.py +214 -0
reconcile/rhidp/metrics.py +20 -0
reconcile/rhidp/ocm_oidc_idp/__init__.py +0 -0
reconcile/rhidp/ocm_oidc_idp/base.py +221 -0
reconcile/rhidp/ocm_oidc_idp/integration.py +56 -0
reconcile/rhidp/ocm_oidc_idp/metrics.py +22 -0
reconcile/rhidp/sso_client/__init__.py +0 -0
reconcile/rhidp/sso_client/base.py +266 -0
reconcile/rhidp/sso_client/integration.py +60 -0
reconcile/rhidp/sso_client/metrics.py +39 -0
reconcile/run_integration.py +293 -0
reconcile/saas_auto_promotions_manager/integration.py +69 -24
reconcile/saas_auto_promotions_manager/merge_request_manager/batcher.py +208 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/desired_state.py +28 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request.py +3 -4
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager_v2.py +172 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/metrics.py +42 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/mr_parser.py +226 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/open_merge_requests.py +23 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +108 -32
reconcile/saas_auto_promotions_manager/meta.py +4 -0
reconcile/saas_auto_promotions_manager/publisher.py +32 -4
reconcile/saas_auto_promotions_manager/s3_exporter.py +77 -0
reconcile/saas_auto_promotions_manager/subscriber.py +110 -23
reconcile/saas_auto_promotions_manager/utils/saas_files_inventory.py +48 -41
reconcile/saas_file_validator.py +16 -6
reconcile/sendgrid_teammates.py +27 -12
reconcile/service_dependencies.py +0 -3
reconcile/signalfx_endpoint_monitoring.py +2 -5
reconcile/skupper_network/integration.py +10 -11
reconcile/skupper_network/models.py +3 -5
reconcile/skupper_network/reconciler.py +28 -35
reconcile/skupper_network/site_controller.py +8 -8
reconcile/slack_base.py +4 -7
reconcile/slack_usergroups.py +249 -171
reconcile/sql_query.py +324 -171
reconcile/status.py +0 -1
reconcile/status_board.py +275 -0
reconcile/statuspage/__init__.py +0 -5
reconcile/statuspage/atlassian.py +219 -80
reconcile/statuspage/integration.py +9 -97
reconcile/statuspage/integrations/__init__.py +0 -0
reconcile/statuspage/integrations/components.py +77 -0
reconcile/statuspage/integrations/maintenances.py +111 -0
reconcile/statuspage/page.py +107 -72
reconcile/statuspage/state.py +6 -11
reconcile/statuspage/status.py +8 -12
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +60 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +61 -0
reconcile/templating/__init__.py +0 -0
reconcile/templating/lib/__init__.py +0 -0
reconcile/templating/lib/merge_request_manager.py +180 -0
reconcile/templating/lib/model.py +20 -0
reconcile/templating/lib/rendering.py +191 -0
reconcile/templating/renderer.py +410 -0
reconcile/templating/validator.py +153 -0
reconcile/terraform_aws_route53.py +13 -10
reconcile/terraform_cloudflare_dns.py +92 -122
reconcile/terraform_cloudflare_resources.py +15 -13
reconcile/terraform_cloudflare_users.py +27 -27
reconcile/terraform_init/__init__.py +0 -0
reconcile/terraform_init/integration.py +165 -0
reconcile/terraform_init/merge_request.py +57 -0
reconcile/terraform_init/merge_request_manager.py +102 -0
reconcile/terraform_repo.py +403 -0
reconcile/terraform_resources.py +266 -168
reconcile/terraform_tgw_attachments.py +417 -167
reconcile/terraform_users.py +40 -17
reconcile/terraform_vpc_peerings.py +310 -142
reconcile/terraform_vpc_resources/__init__.py +0 -0
reconcile/terraform_vpc_resources/integration.py +220 -0
reconcile/terraform_vpc_resources/merge_request.py +57 -0
reconcile/terraform_vpc_resources/merge_request_manager.py +107 -0
reconcile/typed_queries/alerting_services_settings.py +1 -2
reconcile/typed_queries/app_interface_custom_messages.py +24 -0
reconcile/typed_queries/app_interface_deadmanssnitch_settings.py +17 -0
reconcile/typed_queries/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py +13 -0
reconcile/typed_queries/app_interface_repo_url.py +1 -2
reconcile/typed_queries/app_interface_state_settings.py +1 -3
reconcile/typed_queries/app_interface_vault_settings.py +1 -2
reconcile/typed_queries/app_quay_repos_escalation_policies.py +14 -0
reconcile/typed_queries/apps.py +11 -0
reconcile/typed_queries/aws_vpc_requests.py +9 -0
reconcile/typed_queries/aws_vpcs.py +12 -0
reconcile/typed_queries/cloudflare.py +10 -0
reconcile/typed_queries/clusters.py +7 -5
reconcile/typed_queries/clusters_minimal.py +6 -5
reconcile/typed_queries/clusters_with_dms.py +16 -0
reconcile/typed_queries/cost_report/__init__.py +0 -0
reconcile/typed_queries/cost_report/app_names.py +22 -0
reconcile/typed_queries/cost_report/cost_namespaces.py +43 -0
reconcile/typed_queries/cost_report/settings.py +15 -0
reconcile/typed_queries/dynatrace.py +10 -0
reconcile/typed_queries/dynatrace_environments.py +14 -0
reconcile/typed_queries/dynatrace_token_provider_token_specs.py +14 -0
reconcile/typed_queries/external_resources.py +46 -0
reconcile/typed_queries/get_state_aws_account.py +20 -0
reconcile/typed_queries/glitchtip.py +10 -0
reconcile/typed_queries/jenkins.py +25 -0
reconcile/typed_queries/jira.py +7 -0
reconcile/typed_queries/jira_settings.py +16 -0
reconcile/typed_queries/jiralert_settings.py +22 -0
reconcile/typed_queries/ocm.py +8 -0
reconcile/typed_queries/pagerduty_instances.py +2 -7
reconcile/typed_queries/quay.py +23 -0
reconcile/typed_queries/repos.py +20 -8
reconcile/typed_queries/reserved_networks.py +12 -0
reconcile/typed_queries/saas_files.py +221 -167
reconcile/typed_queries/slack.py +7 -0
reconcile/typed_queries/slo_documents.py +12 -0
reconcile/typed_queries/status_board.py +58 -0
reconcile/typed_queries/tekton_pipeline_providers.py +1 -2
reconcile/typed_queries/terraform_namespaces.py +1 -2
reconcile/typed_queries/terraform_tgw_attachments/__init__.py +0 -0
reconcile/typed_queries/terraform_tgw_attachments/aws_accounts.py +16 -0
reconcile/typed_queries/unleash.py +10 -0
reconcile/typed_queries/users.py +11 -0
reconcile/typed_queries/vault.py +10 -0
reconcile/unleash_feature_toggles/__init__.py +0 -0
reconcile/unleash_feature_toggles/integration.py +287 -0
reconcile/utils/acs/__init__.py +0 -0
reconcile/utils/acs/base.py +81 -0
reconcile/utils/acs/notifiers.py +143 -0
reconcile/utils/acs/policies.py +163 -0
reconcile/utils/acs/rbac.py +277 -0
reconcile/utils/aggregated_list.py +11 -9
reconcile/utils/amtool.py +6 -4
reconcile/utils/aws_api.py +279 -66
reconcile/utils/aws_api_typed/__init__.py +0 -0
reconcile/utils/aws_api_typed/account.py +23 -0
reconcile/utils/aws_api_typed/api.py +273 -0
reconcile/utils/aws_api_typed/dynamodb.py +16 -0
reconcile/utils/aws_api_typed/iam.py +67 -0
reconcile/utils/aws_api_typed/organization.py +152 -0
reconcile/utils/aws_api_typed/s3.py +26 -0
reconcile/utils/aws_api_typed/service_quotas.py +79 -0
reconcile/utils/aws_api_typed/sts.py +36 -0
reconcile/utils/aws_api_typed/support.py +79 -0
reconcile/utils/aws_helper.py +42 -3
reconcile/utils/batches.py +11 -0
reconcile/utils/binary.py +7 -9
reconcile/utils/cloud_resource_best_practice/__init__.py +0 -0
reconcile/utils/cloud_resource_best_practice/aws_rds.py +66 -0
reconcile/utils/clusterhealth/__init__.py +0 -0
reconcile/utils/clusterhealth/providerbase.py +39 -0
reconcile/utils/clusterhealth/telemeter.py +39 -0
reconcile/utils/config.py +3 -4
reconcile/utils/deadmanssnitch_api.py +86 -0
reconcile/utils/differ.py +205 -0
reconcile/utils/disabled_integrations.py +4 -6
reconcile/utils/dynatrace/__init__.py +0 -0
reconcile/utils/dynatrace/client.py +93 -0
reconcile/utils/early_exit_cache.py +289 -0
reconcile/utils/elasticsearch_exceptions.py +5 -0
reconcile/utils/environ.py +2 -2
reconcile/utils/exceptions.py +4 -0
reconcile/utils/expiration.py +4 -8
reconcile/utils/extended_early_exit.py +210 -0
reconcile/utils/external_resource_spec.py +34 -12
reconcile/utils/external_resources.py +48 -20
reconcile/utils/filtering.py +16 -0
reconcile/utils/git.py +49 -16
reconcile/utils/github_api.py +10 -9
reconcile/utils/gitlab_api.py +333 -190
reconcile/utils/glitchtip/client.py +97 -100
reconcile/utils/glitchtip/models.py +89 -11
reconcile/utils/gql.py +157 -58
reconcile/utils/grouping.py +17 -0
reconcile/utils/helm.py +89 -18
reconcile/utils/helpers.py +51 -0
reconcile/utils/imap_client.py +5 -6
reconcile/utils/internal_groups/__init__.py +0 -0
reconcile/utils/internal_groups/client.py +160 -0
reconcile/utils/internal_groups/models.py +71 -0
reconcile/utils/jenkins_api.py +10 -34
reconcile/utils/jinja2/__init__.py +0 -0
reconcile/utils/{jinja2_ext.py → jinja2/extensions.py} +6 -4
reconcile/utils/jinja2/filters.py +142 -0
reconcile/utils/jinja2/utils.py +278 -0
reconcile/utils/jira_client.py +165 -8
reconcile/utils/jjb_client.py +47 -35
reconcile/utils/jobcontroller/__init__.py +0 -0
reconcile/utils/jobcontroller/controller.py +413 -0
reconcile/utils/jobcontroller/models.py +195 -0
reconcile/utils/jsonpath.py +4 -5
reconcile/utils/jump_host.py +13 -12
reconcile/utils/keycloak.py +106 -0
reconcile/utils/ldap_client.py +35 -6
reconcile/utils/lean_terraform_client.py +115 -6
reconcile/utils/membershipsources/__init__.py +0 -0
reconcile/utils/membershipsources/app_interface_resolver.py +60 -0
reconcile/utils/membershipsources/models.py +91 -0
reconcile/utils/membershipsources/resolver.py +110 -0
reconcile/utils/merge_request_manager/__init__.py +0 -0
reconcile/utils/merge_request_manager/merge_request_manager.py +99 -0
reconcile/utils/merge_request_manager/parser.py +67 -0
reconcile/utils/metrics.py +511 -1
reconcile/utils/models.py +123 -0
reconcile/utils/mr/README.md +198 -0
reconcile/utils/mr/__init__.py +14 -10
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/aws_access.py +4 -4
reconcile/utils/mr/base.py +51 -31
reconcile/utils/mr/clusters_updates.py +10 -7
reconcile/utils/mr/glitchtip_access_reporter.py +2 -4
reconcile/utils/mr/labels.py +14 -1
reconcile/utils/mr/notificator.py +1 -3
reconcile/utils/mr/ocm_update_recommended_version.py +1 -2
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +7 -3
reconcile/utils/mr/promote_qontract.py +203 -0
reconcile/utils/mr/user_maintenance.py +24 -4
reconcile/utils/oauth2_backend_application_session.py +132 -0
reconcile/utils/oc.py +194 -170
reconcile/utils/oc_connection_parameters.py +40 -51
reconcile/utils/oc_filters.py +11 -13
reconcile/utils/oc_map.py +14 -35
reconcile/utils/ocm/__init__.py +30 -1
reconcile/utils/ocm/addons.py +228 -0
reconcile/utils/ocm/base.py +618 -5
reconcile/utils/ocm/cluster_groups.py +5 -56
reconcile/utils/ocm/clusters.py +111 -99
reconcile/utils/ocm/identity_providers.py +66 -0
reconcile/utils/ocm/label_sources.py +75 -0
reconcile/utils/ocm/labels.py +139 -54
reconcile/utils/ocm/manifests.py +39 -0
reconcile/utils/ocm/ocm.py +182 -928
reconcile/utils/ocm/products.py +758 -0
reconcile/utils/ocm/search_filters.py +20 -28
reconcile/utils/ocm/service_log.py +32 -79
reconcile/utils/ocm/sre_capability_labels.py +51 -0
reconcile/utils/ocm/status_board.py +66 -0
reconcile/utils/ocm/subscriptions.py +49 -59
reconcile/utils/ocm/syncsets.py +39 -0
reconcile/utils/ocm/upgrades.py +181 -0
reconcile/utils/ocm_base_client.py +71 -36
reconcile/utils/openshift_resource.py +113 -67
reconcile/utils/output.py +18 -11
reconcile/utils/pagerduty_api.py +16 -10
reconcile/utils/parse_dhms_duration.py +13 -1
reconcile/utils/prometheus.py +123 -0
reconcile/utils/promotion_state.py +56 -19
reconcile/utils/promtool.py +5 -8
reconcile/utils/quay_api.py +13 -25
reconcile/utils/raw_github_api.py +3 -5
reconcile/utils/repo_owners.py +2 -8
reconcile/utils/rest_api_base.py +126 -0
reconcile/utils/rosa/__init__.py +0 -0
reconcile/utils/rosa/rosa_cli.py +310 -0
reconcile/utils/rosa/session.py +201 -0
reconcile/utils/ruamel.py +16 -0
reconcile/utils/runtime/__init__.py +0 -1
reconcile/utils/runtime/desired_state_diff.py +9 -20
reconcile/utils/runtime/environment.py +33 -8
reconcile/utils/runtime/integration.py +28 -12
reconcile/utils/runtime/meta.py +1 -3
reconcile/utils/runtime/runner.py +8 -11
reconcile/utils/runtime/sharding.py +93 -36
reconcile/utils/saasherder/__init__.py +1 -1
reconcile/utils/saasherder/interfaces.py +143 -138
reconcile/utils/saasherder/models.py +201 -43
reconcile/utils/saasherder/saasherder.py +508 -378
reconcile/utils/secret_reader.py +22 -27
reconcile/utils/semver_helper.py +15 -1
reconcile/utils/slack_api.py +124 -36
reconcile/utils/smtp_client.py +1 -2
reconcile/utils/sqs_gateway.py +10 -6
reconcile/utils/state.py +276 -127
reconcile/utils/terraform/config_client.py +6 -7
reconcile/utils/terraform_client.py +284 -125
reconcile/utils/terrascript/cloudflare_client.py +38 -17
reconcile/utils/terrascript/cloudflare_resources.py +67 -18
reconcile/utils/terrascript/models.py +2 -3
reconcile/utils/terrascript/resources.py +1 -2
reconcile/utils/terrascript_aws_client.py +1292 -540
reconcile/utils/three_way_diff_strategy.py +157 -0
reconcile/utils/unleash/__init__.py +11 -0
reconcile/utils/{unleash.py → unleash/client.py} +35 -29
reconcile/utils/unleash/server.py +145 -0
reconcile/utils/vault.py +42 -32
reconcile/utils/vaultsecretref.py +2 -4
reconcile/utils/vcs.py +250 -0
reconcile/vault_replication.py +38 -31
reconcile/vpc_peerings_validator.py +82 -13
tools/app_interface_metrics_exporter.py +70 -0
tools/app_interface_reporter.py +44 -157
tools/cli_commands/container_images_report.py +154 -0
tools/cli_commands/cost_report/__init__.py +0 -0
tools/cli_commands/cost_report/aws.py +137 -0
tools/cli_commands/cost_report/cost_management_api.py +155 -0
tools/cli_commands/cost_report/model.py +49 -0
tools/cli_commands/cost_report/openshift.py +166 -0
tools/cli_commands/cost_report/openshift_cost_optimization.py +187 -0
tools/cli_commands/cost_report/response.py +124 -0
tools/cli_commands/cost_report/util.py +72 -0
tools/cli_commands/cost_report/view.py +524 -0
tools/cli_commands/erv2.py +620 -0
tools/cli_commands/gpg_encrypt.py +5 -8
tools/cli_commands/systems_and_tools.py +489 -0
tools/glitchtip_access_revalidation.py +1 -1
tools/qontract_cli.py +2301 -673
tools/saas_metrics_exporter/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/channel.py +63 -0
tools/saas_metrics_exporter/commit_distance/commit_distance.py +103 -0
tools/saas_metrics_exporter/commit_distance/metrics.py +19 -0
tools/saas_metrics_exporter/main.py +99 -0
tools/saas_promotion_state/__init__.py +0 -0
tools/saas_promotion_state/saas_promotion_state.py +105 -0
tools/sd_app_sre_alert_report.py +145 -0
tools/template_validation.py +107 -0
e2e_tests/cli.py +0 -83
e2e_tests/create_namespace.py +0 -43
e2e_tests/dedicated_admin_rolebindings.py +0 -44
e2e_tests/dedicated_admin_test_base.py +0 -39
e2e_tests/default_network_policies.py +0 -47
e2e_tests/default_project_labels.py +0 -52
e2e_tests/network_policy_test_base.py +0 -17
e2e_tests/test_base.py +0 -56
qontract_reconcile-0.9.1rc298.dist-info/METADATA +0 -63
qontract_reconcile-0.9.1rc298.dist-info/RECORD +0 -585
qontract_reconcile-0.9.1rc298.dist-info/top_level.txt +0 -4
reconcile/ecr_mirror.py +0 -152
reconcile/github_scanner.py +0 -74
reconcile/gitlab_integrations.py +0 -63
reconcile/gql_definitions/ocm_oidc_idp/clusters.py +0 -195
reconcile/gql_definitions/ocp_release_mirror/ocp_release_mirror.py +0 -287
reconcile/integrations_validator.py +0 -18
reconcile/jenkins_plugins.py +0 -129
reconcile/kafka_clusters.py +0 -208
reconcile/ocm_cluster_admin.py +0 -42
reconcile/ocm_oidc_idp.py +0 -198
reconcile/ocp_release_mirror.py +0 -373
reconcile/prometheus_rules_tester_old.py +0 -436
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager.py +0 -279
reconcile/saas_auto_promotions_manager/utils/vcs.py +0 -141
reconcile/sentry_config.py +0 -613
reconcile/sentry_helper.py +0 -69
reconcile/test/conftest.py +0 -187
reconcile/test/fixtures.py +0 -24
reconcile/test/saas_auto_promotions_manager/conftest.py +0 -69
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/conftest.py +0 -110
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/data_keys.py +0 -10
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_housekeeping.py +0 -200
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_merge_request_manager.py +0 -151
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/conftest.py +0 -63
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/data_keys.py +0 -4
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_multiple_namespaces.py +0 -46
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_namespace.py +0 -94
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_target.py +0 -44
reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py +0 -74
reconcile/test/saas_auto_promotions_manager/subscriber/data_keys.py +0 -11
reconcile/test/saas_auto_promotions_manager/subscriber/test_content_hash.py +0 -155
reconcile/test/saas_auto_promotions_manager/subscriber/test_diff.py +0 -173
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_config_hash.py +0 -226
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_moving_ref.py +0 -224
reconcile/test/saas_auto_promotions_manager/subscriber/test_single_channel_with_single_publisher.py +0 -350
reconcile/test/saas_auto_promotions_manager/test_integration_test.py +0 -129
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_multiple_publishers_for_single_channel.py +0 -70
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_use_target_config_hash.py +0 -63
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_with_auto_promote.py +0 -74
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_without_auto_promote.py +0 -65
reconcile/test/test_aggregated_list.py +0 -237
reconcile/test/test_amtool.py +0 -37
reconcile/test/test_auto_promoter.py +0 -295
reconcile/test/test_aws_ami_share.py +0 -68
reconcile/test/test_aws_iam_keys.py +0 -70
reconcile/test/test_aws_iam_password_reset.py +0 -35
reconcile/test/test_aws_support_cases_sos.py +0 -23
reconcile/test/test_checkpoint.py +0 -178
reconcile/test/test_cli.py +0 -41
reconcile/test/test_closedbox_endpoint_monitoring.py +0 -207
reconcile/test/test_gabi_authorized_users.py +0 -72
reconcile/test/test_github_org.py +0 -154
reconcile/test/test_github_repo_invites.py +0 -123
reconcile/test/test_gitlab_housekeeping.py +0 -88
reconcile/test/test_gitlab_labeler.py +0 -129
reconcile/test/test_gitlab_members.py +0 -283
reconcile/test/test_instrumented_wrappers.py +0 -18
reconcile/test/test_integrations_manager.py +0 -995
reconcile/test/test_jenkins_worker_fleets.py +0 -55
reconcile/test/test_jump_host.py +0 -117
reconcile/test/test_ldap_users.py +0 -123
reconcile/test/test_make.py +0 -28
reconcile/test/test_ocm_additional_routers.py +0 -134
reconcile/test/test_ocm_addons_upgrade_scheduler_org.py +0 -149
reconcile/test/test_ocm_clusters.py +0 -598
reconcile/test/test_ocm_clusters_manifest_updates.py +0 -89
reconcile/test/test_ocm_oidc_idp.py +0 -315
reconcile/test/test_ocm_update_recommended_version.py +0 -145
reconcile/test/test_ocm_upgrade_scheduler.py +0 -614
reconcile/test/test_ocm_upgrade_scheduler_org_updater.py +0 -129
reconcile/test/test_openshift_base.py +0 -730
reconcile/test/test_openshift_namespace_labels.py +0 -345
reconcile/test/test_openshift_namespaces.py +0 -256
reconcile/test/test_openshift_resource.py +0 -415
reconcile/test/test_openshift_resources_base.py +0 -440
reconcile/test/test_openshift_saas_deploy_change_tester.py +0 -310
reconcile/test/test_openshift_tekton_resources.py +0 -253
reconcile/test/test_openshift_upgrade_watcher.py +0 -146
reconcile/test/test_prometheus_rules_tester.py +0 -151
reconcile/test/test_prometheus_rules_tester_old.py +0 -77
reconcile/test/test_quay_membership.py +0 -86
reconcile/test/test_quay_mirror.py +0 -109
reconcile/test/test_quay_mirror_org.py +0 -70
reconcile/test/test_quay_repos.py +0 -59
reconcile/test/test_queries.py +0 -53
reconcile/test/test_repo_owners.py +0 -47
reconcile/test/test_requests_sender.py +0 -139
reconcile/test/test_saasherder.py +0 -1074
reconcile/test/test_saasherder_allowed_secret_paths.py +0 -127
reconcile/test/test_secret_reader.py +0 -153
reconcile/test/test_slack_base.py +0 -185
reconcile/test/test_slack_usergroups.py +0 -744
reconcile/test/test_sql_query.py +0 -19
reconcile/test/test_terraform_cloudflare_dns.py +0 -117
reconcile/test/test_terraform_cloudflare_resources.py +0 -106
reconcile/test/test_terraform_cloudflare_users.py +0 -749
reconcile/test/test_terraform_resources.py +0 -257
reconcile/test/test_terraform_tgw_attachments.py +0 -631
reconcile/test/test_terraform_users.py +0 -57
reconcile/test/test_terraform_vpc_peerings.py +0 -499
reconcile/test/test_terraform_vpc_peerings_build_desired_state.py +0 -1061
reconcile/test/test_unleash.py +0 -138
reconcile/test/test_utils_aws_api.py +0 -240
reconcile/test/test_utils_aws_helper.py +0 -80
reconcile/test/test_utils_cluster_version_data.py +0 -177
reconcile/test/test_utils_data_structures.py +0 -13
reconcile/test/test_utils_disabled_integrations.py +0 -86
reconcile/test/test_utils_expiration.py +0 -109
reconcile/test/test_utils_external_resource_spec.py +0 -383
reconcile/test/test_utils_external_resources.py +0 -247
reconcile/test/test_utils_github_api.py +0 -73
reconcile/test/test_utils_gitlab_api.py +0 -20
reconcile/test/test_utils_gpg.py +0 -69
reconcile/test/test_utils_gql.py +0 -81
reconcile/test/test_utils_helm.py +0 -306
reconcile/test/test_utils_helpers.py +0 -55
reconcile/test/test_utils_imap_client.py +0 -65
reconcile/test/test_utils_jjb_client.py +0 -52
reconcile/test/test_utils_jsonpath.py +0 -286
reconcile/test/test_utils_ldap_client.py +0 -51
reconcile/test/test_utils_mr.py +0 -226
reconcile/test/test_utils_mr_clusters_updates.py +0 -77
reconcile/test/test_utils_oc.py +0 -984
reconcile/test/test_utils_ocm.py +0 -110
reconcile/test/test_utils_pagerduty_api.py +0 -251
reconcile/test/test_utils_parse_dhms_duration.py +0 -34
reconcile/test/test_utils_password_validator.py +0 -155
reconcile/test/test_utils_quay_api.py +0 -86
reconcile/test/test_utils_semver_helper.py +0 -19
reconcile/test/test_utils_sharding.py +0 -56
reconcile/test/test_utils_slack_api.py +0 -439
reconcile/test/test_utils_smtp_client.py +0 -73
reconcile/test/test_utils_state.py +0 -256
reconcile/test/test_utils_terraform.py +0 -13
reconcile/test/test_utils_terraform_client.py +0 -585
reconcile/test/test_utils_terraform_config_client.py +0 -219
reconcile/test/test_utils_terrascript_aws_client.py +0 -277
reconcile/test/test_utils_terrascript_cloudflare_client.py +0 -597
reconcile/test/test_utils_terrascript_cloudflare_resources.py +0 -26
reconcile/test/test_vault_replication.py +0 -515
reconcile/test/test_vault_utils.py +0 -47
reconcile/test/test_version_bump.py +0 -18
reconcile/test/test_vpc_peerings_validator.py +0 -103
reconcile/test/test_wrong_region.py +0 -78
reconcile/typed_queries/glitchtip_settings.py +0 -18
reconcile/typed_queries/ocp_release_mirror.py +0 -11
reconcile/unleash_watcher.py +0 -120
reconcile/utils/git_secrets.py +0 -63
reconcile/utils/mr/auto_promoter.py +0 -218
reconcile/utils/sentry_client.py +0 -383
release/test_version.py +0 -50
release/version.py +0 -100
tools/test/test_qontract_cli.py +0 -60
tools/test/test_sre_checkpoints.py +0 -79
/e2e_tests/__init__.py → /reconcile/aus/upgrades.py +0 -0
/reconcile/{gql_definitions/ocp_release_mirror → aws_account_manager}/__init__.py +0 -0
/reconcile/{test → aws_ami_cleanup}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager → aws_cloudwatch_log_retention}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager → aws_saml_idp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager → aws_saml_roles}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/renderer → aws_version_sync}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/subscriber → aws_version_sync/merge_request_manager}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils → cluster_auth_rhidp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils/saas_files_inventory → dynatrace_token_provider}/__init__.py +0 -0
{release → reconcile/endpoints_discovery}/__init__.py +0 -0
{tools/test → reconcile/external_resources}/__init__.py +0 -0

reconcile/terraform_tgw_attachments.py CHANGED Viewed

@@ -1,4 +1,3 @@
-import json
 import logging
 from collections.abc import (
     Callable,
@@ -8,19 +7,52 @@ from collections.abc import (
 )
 from typing import (
     Any,
-    Optional,
+    TypedDict,
+    cast,
 )
-from reconcile import queries
+from pydantic import BaseModel
+from reconcile.gql_definitions.common.app_interface_vault_settings import (
+    AppInterfaceSettingsV1,
+)
+from reconcile.gql_definitions.common.clusters_with_peering import (
+    ClusterPeeringConnectionAccountTGWV1,
+    ClusterPeeringConnectionAccountV1,
+    ClusterPeeringConnectionAccountVPCMeshV1,
+    ClusterPeeringConnectionClusterRequesterV1,
+    ClusterPeeringConnectionV1,
+    ClusterSpecROSAV1,
+    ClusterV1,
+)
+from reconcile.gql_definitions.terraform_tgw_attachments.aws_accounts import (
+    AWSAccountV1,
+)
+from reconcile.typed_queries.app_interface_vault_settings import (
+    get_app_interface_vault_settings,
+)
+from reconcile.typed_queries.clusters_with_peering import get_clusters_with_peering
+from reconcile.typed_queries.terraform_tgw_attachments.aws_accounts import (
+    get_aws_accounts,
+)
+from reconcile.utils import gql
 from reconcile.utils.aws_api import AWSApi
 from reconcile.utils.defer import defer
+from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.extended_early_exit import (
+    ExtendedEarlyExitRunnerResult,
+    extended_early_exit_run,
+)
 from reconcile.utils.ocm import (
     OCM,
     OCMMap,
 )
+from reconcile.utils.runtime.integration import DesiredStateShardConfig
+from reconcile.utils.secret_reader import SecretReaderBase, create_secret_reader
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.terraform_client import TerraformClient as Terraform
 from reconcile.utils.terrascript_aws_client import TerrascriptClient as Terrascript
+from reconcile.utils.unleash import get_feature_toggle_state
 QONTRACT_INTEGRATION = "terraform_tgw_attachments"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
@@ -32,11 +64,70 @@ class ValidationError(Exception):
     pass
-def build_desired_state_tgw_attachments(
-    clusters: Iterable[Mapping],
-    ocm_map: Optional[OCMMap],
+class TGWAccountProviderInfo(BaseModel):
+    name: str
+    uid: str
+    assume_role: str | None
+    assume_region: str
+class ClusterAccountProviderInfo(TGWAccountProviderInfo):
+    assume_cidr: str
+class Requester(BaseModel):
+    tgw_id: str
+    tgw_arn: str
+    region: str
+    routes: list[dict] | None
+    rules: list[dict] | None
+    hostedzones: list[str] | None
+    cidr_block: str | None
+    cidr_blocks: list[str]
+    account: TGWAccountProviderInfo
+class Accepter(BaseModel):
+    cidr_block: str
+    region: str
+    vpc_id: str | None
+    route_table_ids: list[str] | None
+    subnets_id_az: list[dict] | None
+    account: ClusterAccountProviderInfo
+    api_security_group_id: str | None
+class DesiredStateItem(BaseModel):
+    connection_provider: str
+    connection_name: str
+    infra_acount_name: str
+    requester: Requester
+    accepter: Accepter
+    deleted: bool
+class DesiredStateDataSource(BaseModel):
+    clusters: list[ClusterV1]
+    accounts: list[AWSAccountV1]
+class CacheSource(TypedDict):
+    terraform_configurations: dict[str, str]
+class RunnerParams(TypedDict):
+    terraform_client: Terraform
+    terrascript_client: Terrascript
+    dry_run: bool
+    enable_deletion: bool
+def _build_desired_state_tgw_attachments(
+    clusters: Iterable[ClusterV1],
+    ocm_map: OCMMap | None,
     awsapi: AWSApi,
-) -> tuple[list[dict], bool]:
+    account_name: str | None = None,
+) -> tuple[list[DesiredStateItem], bool]:
     """
     Fetch state for TGW attachments between a cluster and all TGWs
     in an account in the same region as the cluster
@@ -44,7 +135,7 @@ def build_desired_state_tgw_attachments(
     desired_state = []
     error = False
-    for item in _build_desired_state_tgw_attachments(clusters, ocm_map, awsapi):
+    for item in _build_desired_state_items(clusters, ocm_map, awsapi, account_name):
         if item is None:
             error = True
         else:
@@ -52,148 +143,185 @@ def build_desired_state_tgw_attachments(
     return desired_state, error
-def _build_desired_state_tgw_attachments(
-    clusters: Iterable[Mapping],
-    ocm_map: Optional[OCMMap],
+def _build_desired_state_items(
+    clusters: Iterable[ClusterV1],
+    ocm_map: OCMMap | None,
     awsapi: AWSApi,
-) -> Generator[Optional[dict], Any, None]:
+    account_name: str | None = None,
+) -> Generator[DesiredStateItem | None, Any, None]:
     for cluster_info in clusters:
-        ocm = (
-            ocm_map.get(cluster_info["name"])
-            if ocm_map and cluster_info.get("ocm")
-            else None
-        )
-        for peer_connection in cluster_info["peering"]["connections"]:
-            if peer_connection["provider"] == TGW_CONNECTION_PROVIDER:
+        ocm = ocm_map.get(cluster_info.name) if ocm_map and cluster_info.ocm else None
+        for peer_connection in cluster_info.peering.connections:  # type: ignore[union-attr]
+            if _is_tgw_peer_connection(peer_connection, account_name):
                 yield from _build_desired_state_tgw_connection(
-                    peer_connection, cluster_info, ocm, awsapi
+                    cast(ClusterPeeringConnectionAccountTGWV1, peer_connection),
+                    cluster_info,
+                    ocm,
+                    awsapi,
                 )
 def _build_desired_state_tgw_connection(
-    peer_connection: Mapping,
-    cluster_info: Mapping,
-    ocm: Optional[OCM],
+    peer_connection: ClusterPeeringConnectionAccountTGWV1,
+    cluster_info: ClusterV1,
+    ocm: OCM | None,
     awsapi: AWSApi,
-) -> Generator[Optional[dict], Any, None]:
-    cluster_name = cluster_info["name"]
-    cluster_region = cluster_info["spec"]["region"]
-    cluster_cidr_block = cluster_info["network"]["vpc"]
+) -> Generator[DesiredStateItem | None, Any, None]:
+    cluster_name = cluster_info.name
+    cluster_region = cluster_info.spec.region if cluster_info.spec is not None else ""
+    cluster_cidr_block = (
+        cluster_info.network.vpc if cluster_info.network is not None else ""
+    )
-    account = _account_with_assume_role_data(
-        peer_connection, cluster_name, cluster_region, cluster_cidr_block, ocm
+    acc_account = _build_account_with_assume_role(
+        peer_connection, cluster_info, cluster_region, cluster_cidr_block, ocm
     )
     # accepter is the cluster's AWS account
     accepter = _build_accepter(
         peer_connection,
-        account,
+        acc_account,
         cluster_region,
         cluster_cidr_block,
         awsapi,
+        private_hcp=_is_private_hosted_control_plane(cluster_info),
     )
-    if accepter["vpc_id"] is None:
+    if accepter.vpc_id is None:
         logging.error(f"[{cluster_name}] could not find VPC ID for cluster")
         yield None
     account_tgws = awsapi.get_tgws_details(
-        account,
+        peer_connection.account.dict(by_alias=True),
         cluster_region,
         cluster_cidr_block,
-        tags=json.loads(peer_connection.get("tags") or "{}"),
-        route_tables=peer_connection.get("manageRoutes"),
-        security_groups=peer_connection.get("manageSecurityGroups"),
-        route53_associations=peer_connection.get("manageRoute53Associations"),
+        tags=peer_connection.tags or {},
+        route_tables=peer_connection.manage_routes,
+        security_groups=peer_connection.manage_security_groups,
+        route53_associations=peer_connection.manage_route53_associations,
     )
     for tgw in account_tgws:
-        connection_name = f"{peer_connection['name']}_{account['name']}-{tgw['tgw_id']}"
-        requester = _build_requester(peer_connection, account, tgw)
-        item = {
-            "connection_provider": TGW_CONNECTION_PROVIDER,
-            "connection_name": connection_name,
-            "requester": requester,
-            "accepter": accepter,
-            "deleted": peer_connection.get("delete", False),
-        }
+        connection_name = (
+            f"{peer_connection.name}_{peer_connection.account.name}-{tgw['tgw_id']}"
+        )
+        requester = _build_requester(peer_connection, tgw)
+        item = DesiredStateItem(
+            connection_provider=TGW_CONNECTION_PROVIDER,
+            connection_name=connection_name,
+            infra_acount_name=peer_connection.account.name,
+            requester=requester,
+            accepter=accepter,
+            deleted=peer_connection.delete or False,
+        )
         yield item
-def _account_with_assume_role_data(
-    peer_connection: Mapping,
-    cluster_name: str,
+def _is_private_hosted_control_plane(cluster_info: ClusterV1) -> bool:
+    return (
+        cluster_info.spec is not None
+        and bool(cluster_info.spec.hypershift)
+        and bool(cluster_info.spec.private)
+    )
+def _build_account_with_assume_role(
+    peer_connection: ClusterPeeringConnectionAccountTGWV1,
+    cluster: ClusterV1,
     region: str,
     cidr_block: str,
-    ocm: Optional[OCM],
-) -> dict[str, Any]:
-    account = peer_connection["account"]
+    ocm: OCM | None,
+) -> ClusterAccountProviderInfo:
+    account = peer_connection.account
     # assume_role is the role to assume to provision the
     # peering connection request, through the accepter AWS account.
-    provided_assume_role = peer_connection.get("assumeRole")
+    assume_role = peer_connection.assume_role
     # if an assume_role is provided, it means we don't need
     # to get the information from OCM. it likely means that
     # there is no OCM at all.
-    if provided_assume_role:
-        account["assume_role"] = provided_assume_role
-    else:
+    if not assume_role:
+        if isinstance(cluster.spec, ClusterSpecROSAV1) and cluster.spec.account:
+            return ClusterAccountProviderInfo(
+                name=cluster.spec.account.name,
+                uid=cluster.spec.account.uid,
+                assume_role=assume_role,
+                assume_region=region,
+                assume_cidr=cidr_block,
+            )
         if not ocm:
             raise ValueError("OCM is required to get assume_role data")
-        account[
-            "assume_role"
-        ] = ocm.get_aws_infrastructure_access_terraform_assume_role(
-            cluster_name, account["uid"], account["terraformUsername"]
+        assume_role = ocm.get_aws_infrastructure_access_terraform_assume_role(
+            cluster.name, account.uid, account.terraform_username
         )
-    account["assume_region"] = region
-    account["assume_cidr"] = cidr_block
-    return account
+    return ClusterAccountProviderInfo(
+        name=account.name,
+        uid=account.uid,
+        assume_role=assume_role,
+        assume_region=region,
+        assume_cidr=cidr_block,
+    )
 def _build_accepter(
-    peer_connection: Mapping,
-    account: Mapping,
+    peer_connection: ClusterPeeringConnectionAccountTGWV1,
+    account: ClusterAccountProviderInfo,
     region: str,
     cidr_block: str,
     awsapi: AWSApi,
-) -> dict[str, Any]:
-    (vpc_id, route_table_ids, subnets_id_az) = awsapi.get_cluster_vpc_details(
-        account,
-        route_tables=peer_connection.get("manageRoutes"),
-        subnets=True,
+    private_hcp: bool = False,
+) -> Accepter:
+    allow_hcp_private_api_access = (
+        private_hcp and peer_connection.allow_private_hcp_api_access
+    )
+    (vpc_id, route_table_ids, subnets_id_az, api_security_group_id) = (
+        awsapi.get_cluster_vpc_details(
+            account.dict(by_alias=True),
+            route_tables=peer_connection.manage_routes,
+            subnets=True,
+            hcp_vpc_endpoint_sg=allow_hcp_private_api_access,
+        )
+    )
+    return Accepter(
+        cidr_block=cidr_block,
+        region=region,
+        vpc_id=vpc_id,
+        route_table_ids=route_table_ids,
+        subnets_id_az=subnets_id_az,
+        account=account,
+        api_security_group_id=api_security_group_id,
     )
-    return {
-        "cidr_block": cidr_block,
-        "region": region,
-        "vpc_id": vpc_id,
-        "route_table_ids": route_table_ids,
-        "subnets_id_az": subnets_id_az,
-        "account": account,
-    }
 def _build_requester(
-    peer_connection: Mapping,
-    account: Mapping,
+    peer_connection: ClusterPeeringConnectionAccountTGWV1,
     tgw: Mapping,
-) -> dict[str, Any]:
-    return {
-        "tgw_id": tgw["tgw_id"],
-        "tgw_arn": tgw["tgw_arn"],
-        "region": tgw["region"],
-        "routes": tgw.get("routes"),
-        "rules": tgw.get("rules"),
-        "hostedzones": tgw.get("hostedzones"),
-        "cidr_block": peer_connection.get("cidrBlock"),
-        "account": account,
-    }
+) -> Requester:
+    tgw_account = TGWAccountProviderInfo(
+        name=peer_connection.account.name,
+        uid=peer_connection.account.uid,
+        assume_region=tgw["region"],
+    )
+    return Requester(
+        tgw_id=tgw["tgw_id"],
+        tgw_arn=tgw["tgw_arn"],
+        region=tgw["region"],
+        routes=tgw.get("routes"),
+        rules=tgw.get("rules"),
+        hostedzones=tgw.get("hostedzones"),
+        cidr_block=peer_connection.cidr_block,
+        cidr_blocks=peer_connection.cidr_blocks or [],
+        account=tgw_account,
+    )
 def _build_ocm_map(
-    clusters: Iterable[Mapping],
-    settings: Optional[Mapping[str, Any]],
-) -> Optional[OCMMap]:
-    ocm_clusters = [c for c in clusters if c.get("ocm")]
+    clusters: Iterable[ClusterV1],
+    vault_settings: AppInterfaceSettingsV1,
+) -> OCMMap | None:
+    ocm_clusters = [c.dict(by_alias=True) for c in clusters if c.ocm]
     return (
         OCMMap(
-            clusters=ocm_clusters, integration=QONTRACT_INTEGRATION, settings=settings
+            clusters=ocm_clusters,
+            integration=QONTRACT_INTEGRATION,
+            settings=vault_settings.dict(by_alias=True),
         )
         if ocm_clusters
         # this is a case for an OCP cluster which is not provisioned
@@ -203,95 +331,137 @@ def _build_ocm_map(
     )
-def _validate_tgw_connection_names(desired_state: Iterable[Mapping]) -> None:
-    connection_names = [c["connection_name"] for c in desired_state]
+def _validate_tgw_connection_names(desired_state: Iterable[DesiredStateItem]) -> None:
+    connection_names = [c.connection_name for c in desired_state]
     if len(set(connection_names)) != len(connection_names):
         raise ValidationError("duplicate tgw connection names found")
 def _populate_tgw_attachments_working_dirs(
-    desired_state: Iterable,
-    accounts: Iterable,
-    settings: Optional[Mapping[str, Any]],
-    participating_accounts: Iterable,
-    print_to_file: Optional[str],
-    thread_pool_size: int,
+    ts: Terrascript,
+    desired_state: Iterable[DesiredStateItem],
+    print_to_file: str | None,
 ) -> dict[str, str]:
-    ts = Terrascript(
-        QONTRACT_INTEGRATION, "", thread_pool_size, accounts, settings=settings
-    )
-    ts.populate_additional_providers(participating_accounts)
+    accounts_by_infra_account_name: dict[str, list[dict[str, Any]]] = {}
+    for item in desired_state:
+        accounts_by_infra_account_name.setdefault(item.infra_acount_name, []).append(
+            item.accepter.account.dict(by_alias=True)
+        )
+    for infra_account_name, accounts in accounts_by_infra_account_name.items():
+        ts.populate_additional_providers(infra_account_name, accounts)
     ts.populate_tgw_attachments(desired_state)
     working_dirs = ts.dump(print_to_file=print_to_file)
     return working_dirs
-def _is_tgw_cluster(cluster: Mapping) -> bool:
+def _is_tgw_peer_connection(
+    peer_connection: ClusterPeeringConnectionAccountTGWV1
+    | ClusterPeeringConnectionAccountV1
+    | ClusterPeeringConnectionAccountVPCMeshV1
+    | ClusterPeeringConnectionClusterRequesterV1
+    | ClusterPeeringConnectionV1,
+    account_name: str | None,
+) -> bool:
+    if peer_connection.provider != TGW_CONNECTION_PROVIDER:
+        return False
+    if account_name is None:
+        return True
+    tgw_peer_connection = cast(ClusterPeeringConnectionAccountTGWV1, peer_connection)
+    return tgw_peer_connection.account.name == account_name
+def _is_tgw_cluster(
+    cluster: ClusterV1,
+    account_name: str | None = None,
+) -> bool:
     return any(
-        pc["provider"] == TGW_CONNECTION_PROVIDER
-        for pc in cluster["peering"]["connections"]
+        _is_tgw_peer_connection(pc, account_name)
+        for pc in cluster.peering.connections  # type: ignore[union-attr]
     )
-def _filter_tgw_clusters(clusters: Iterable[Mapping]) -> list:
-    return list(filter(_is_tgw_cluster, clusters))
+def _filter_tgw_clusters(
+    clusters: Iterable[ClusterV1],
+    account_name: str | None = None,
+) -> list[ClusterV1]:
+    return [c for c in clusters if _is_tgw_cluster(c, account_name)]
 def _filter_tgw_accounts(
-    accounts: Iterable[Mapping],
-    tgw_clusters: Iterable[Mapping],
-) -> list:
+    accounts: Iterable[AWSAccountV1],
+    tgw_clusters: Iterable[ClusterV1],
+) -> list[AWSAccountV1]:
     tgw_account_names = set()
     for cluster in tgw_clusters:
-        for pc in cluster["peering"]["connections"]:
-            if pc["provider"] == TGW_CONNECTION_PROVIDER:
-                tgw_account_names.add(pc["account"]["name"])
-    return [a for a in accounts if a["name"] in tgw_account_names]
+        for peer_connection in cluster.peering.connections:  # type: ignore[union-attr]
+            if peer_connection.provider == TGW_CONNECTION_PROVIDER:
+                tgw_peer_connection = cast(
+                    ClusterPeeringConnectionAccountTGWV1, peer_connection
+                )
+                tgw_account_names.add(tgw_peer_connection.account.name)
+    return [
+        a
+        for a in accounts
+        if a.name in tgw_account_names
+        and integration_is_enabled(QONTRACT_INTEGRATION.replace("_", "-"), a)
+    ]
+def _fetch_desired_state_data_source(
+    account_name: str | None = None,
+) -> DesiredStateDataSource:
+    clusters = get_clusters_with_peering(gql.get_api())
+    tgw_clusters = _filter_tgw_clusters(clusters, account_name)
+    all_accounts = get_aws_accounts(gql.get_api())
+    return DesiredStateDataSource(
+        clusters=tgw_clusters,
+        accounts=all_accounts,
+    )
-@defer
-def run(
-    dry_run: bool,
-    print_to_file: Optional[str] = None,
-    enable_deletion: bool = False,
+def setup(
+    account_name: str | None,
+    desired_state_data_source: DesiredStateDataSource,
+    tgw_accounts: list[dict[str, Any]],
     thread_pool_size: int = 10,
-    defer: Optional[Callable] = None,
-) -> None:
-    settings = queries.get_secret_reader_settings()
-    clusters = queries.get_clusters_with_peering_settings()
-    tgw_clusters = _filter_tgw_clusters(clusters)
-    ocm_map = _build_ocm_map(tgw_clusters, settings)
-    accounts = queries.get_aws_accounts(terraform_state=True, ecrs=False)
-    tgw_accounts = _filter_tgw_accounts(accounts, tgw_clusters)
-    aws_api = AWSApi(1, tgw_accounts, settings=settings, init_users=False)
-    if defer:
-        defer(aws_api.cleanup)
-    # Fetch desired state for cluster-to-vpc(account) VPCs
-    desired_state, err = build_desired_state_tgw_attachments(
-        tgw_clusters, ocm_map, aws_api
+    print_to_file: str | None = None,
+) -> tuple[SecretReaderBase, AWSApi, Terraform, Terrascript]:
+    tgw_clusters = desired_state_data_source.clusters
+    all_accounts = [a.dict(by_alias=True) for a in desired_state_data_source.accounts]
+    account_by_name = {a["name"]: a for a in all_accounts}
+    vault_settings = get_app_interface_vault_settings()
+    secret_reader = create_secret_reader(vault_settings.vault)
+    aws_api = AWSApi(1, all_accounts, secret_reader=secret_reader, init_users=False)
+    ocm_map = _build_ocm_map(desired_state_data_source.clusters, vault_settings)
+    desired_state, err = _build_desired_state_tgw_attachments(
+        desired_state_data_source.clusters,
+        ocm_map,
+        aws_api,
+        account_name,
     )
     if err:
         raise RuntimeError("Could not find VPC ID for cluster")
-    # check there are no repeated tgw connection names
     _validate_tgw_connection_names(desired_state)
-    participating_accounts = [item["requester"]["account"] for item in desired_state]
+    ts = Terrascript(
+        QONTRACT_INTEGRATION,
+        "",
+        thread_pool_size,
+        tgw_accounts,
+        settings=vault_settings.dict(by_alias=True),
+    )
+    tgw_rosa_cluster_accounts = [
+        account_by_name[c.spec.account.name]
+        for c in tgw_clusters
+        if isinstance(c.spec, ClusterSpecROSAV1) and c.spec.account
+    ]
+    ts.populate_configs(tgw_rosa_cluster_accounts)
     working_dirs = _populate_tgw_attachments_working_dirs(
+        ts,
         desired_state,
-        tgw_accounts,
-        settings,
-        participating_accounts,
         print_to_file,
-        thread_pool_size,
     )
-    if print_to_file:
-        return
     tf = Terraform(
         QONTRACT_INTEGRATION,
         QONTRACT_INTEGRATION_VERSION,
@@ -301,30 +471,110 @@ def run(
         thread_pool_size,
         aws_api,
     )
+    return secret_reader, aws_api, tf, ts
-    if defer:
-        defer(tf.cleanup)
-    disabled_deletions_detected, err = tf.plan(enable_deletion)
+def runner(
+    dry_run: bool,
+    terraform_client: Terraform,
+    terrascript_client: Terrascript,
+    enable_deletion: bool = False,
+) -> ExtendedEarlyExitRunnerResult:
+    disabled_deletions_detected, err = terraform_client.plan(enable_deletion)
     if err:
         raise RuntimeError("Error running terraform plan")
     if disabled_deletions_detected:
         raise RuntimeError("Disabled deletions detected running terraform plan")
-    if dry_run:
-        return
-    err = tf.apply()
-    if err:
-        raise RuntimeError("Error running terraform apply")
+    if not dry_run:
+        err = terraform_client.apply()
+        if err:
+            raise RuntimeError("Error running terraform apply")
+    return ExtendedEarlyExitRunnerResult(
+        payload=terrascript_client.terraform_configurations(),
+        applied_count=terraform_client.apply_count,
+    )
-def early_exit_desired_state(
-    print_to_file: Optional[str] = None,
+@defer
+def run(
+    dry_run: bool,
+    print_to_file: str | None = None,
     enable_deletion: bool = False,
     thread_pool_size: int = 10,
-) -> dict[str, Any]:
-    return {
-        "clusters": queries.get_clusters_with_peering_settings(),
-        "accounts": queries.get_aws_accounts(terraform_state=True, ecrs=False),
+    account_name: str | None = None,
+    defer: Callable | None = None,
+    enable_extended_early_exit: bool = False,
+    extended_early_exit_cache_ttl_seconds: int = 3600,
+    log_cached_log_output: bool = False,
+) -> None:
+    desired_state_data_source = _fetch_desired_state_data_source(account_name)
+    tgw_accounts = [
+        a.dict(by_alias=True)
+        for a in _filter_tgw_accounts(
+            desired_state_data_source.accounts, desired_state_data_source.clusters
+        )
+        if not account_name or account_name == a.name
+    ]
+    if not tgw_accounts:
+        logging.warning(
+            f"No participating AWS accounts found, consider disabling this integration, account name: {account_name}"
+        )
+        return
+    secret_reader, aws_api, tf, ts = setup(
+        desired_state_data_source=desired_state_data_source,
+        account_name=account_name,
+        tgw_accounts=tgw_accounts,
+        thread_pool_size=thread_pool_size,
+        print_to_file=print_to_file,
+    )
+    if defer:
+        defer(aws_api.cleanup)
+        defer(tf.cleanup)
+    if print_to_file:
+        return
+    runner_params: RunnerParams = {
+        "terraform_client": tf,
+        "terrascript_client": ts,
+        "enable_deletion": enable_deletion,
+        "dry_run": dry_run,
     }
+    if enable_extended_early_exit and get_feature_toggle_state(
+        "terraform-tgw-attachments-extended-early-exit",
+        default=False,
+    ):
+        cache_source = CacheSource(
+            terraform_configurations=ts.terraform_configurations(),
+        )
+        extended_early_exit_run(
+            integration=QONTRACT_INTEGRATION,
+            integration_version=QONTRACT_INTEGRATION_VERSION,
+            dry_run=dry_run,
+            cache_source=cache_source,
+            shard="_".join(account_name) if account_name else "",
+            ttl_seconds=extended_early_exit_cache_ttl_seconds,
+            logger=logging.getLogger(),
+            runner=runner,
+            runner_params=runner_params,
+            secret_reader=secret_reader,
+            log_cached_log_output=log_cached_log_output,
+        )
+    else:
+        runner(**runner_params)
+def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
+    desired_state = _fetch_desired_state_data_source()
+    for a in desired_state.accounts:
+        a.deletion_approvals = []
+    return desired_state.dict(by_alias=True)
+def desired_state_shard_config() -> DesiredStateShardConfig:
+    return DesiredStateShardConfig(
+        shard_arg_name="account_name",
+        shard_path_selectors={
+            "accounts[*].name",
+            "clusters[*].peering.connections[*].account.name",
+        },
+        sharded_run_review=lambda proposal: len(proposal.proposed_shards) <= 2,
+    )

qontract-reconcile 0.9.1rc298__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl

qontract-reconcile 0.9.1rc298py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl