qontract-reconcile 0.10.1rc613__py3-none-any.whl → 0.10.1rc614__py3-none-any.whl

{qontract_reconcile-0.10.1rc613.dist-info → qontract_reconcile-0.10.1rc614.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.10.1rc613
+Version: 0.10.1rc614
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.10.1rc613.dist-info → qontract_reconcile-0.10.1rc614.dist-info}/RECORD

@@ -9,7 +9,7 @@ reconcile/aws_iam_password_reset.py,sha256=NwErtrqgBiXr7eGCAHdtGGOx0S7-4JnSc29Ie
 reconcile/aws_support_cases_sos.py,sha256=Jk6_XjDeJSYxgRGqcEAOcynt9qJF2r5HPIPcSKmoBv8,2974
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=W_VJagnsJR1v5oqjlI3RJJE0_nhtJ0m81RS8zWA5u5c,3538
 reconcile/checkpoint.py,sha256=R2WFXUXLTB4sWMi4GeA4eegsuf_1-Q4vH8M0Toh3Ij4,5036
-reconcile/cli.py,sha256=iYjF1R-M2FdokkMzjlCFennx-E9Go8xdJN5QGTFZMjU,91560
+reconcile/cli.py,sha256=Gu9RMIRj9mA9vP7AkTj1sxqMyMdKZk1VU4XNQGVhuX0,93058
 reconcile/closedbox_endpoint_monitoring_base.py,sha256=SMhkcQqprWvThrIJa3U_3uh5w1h-alleW1QnCJFY4Qw,4909
 reconcile/cluster_deployment_mapper.py,sha256=2Ah-nu-Mdig0pjuiZl_XLrmVAjYzFjORR3dMlCgkmw0,2352
 reconcile/dashdotdb_base.py,sha256=a5aPLVxyqPSbjdB0Ty-uliOtxwvEbbEljHJKxdK3-Zk,4813
@@ -53,7 +53,7 @@ reconcile/ocm_additional_routers.py,sha256=KfcFDVbNoc6n5dHWjYdAf1_DiVqVG6Tw23WLK
 reconcile/ocm_addons.py,sha256=qqAyqRBRbdZQvAcjb-QlSVyRAyQBZk6iVlgnI4jyi7s,3353
 reconcile/ocm_addons_upgrade_tests_trigger.py,sha256=L1ktYynIR7pmHiYtdCTdLGJRKX72B54KUAuPLOccXzo,3995
 reconcile/ocm_aws_infrastructure_access.py,sha256=iq6Rj5SgF7yIMvBhukTuy-KcrFsvLs1ATG6-dyiArqY,6960
-reconcile/ocm_clusters.py,sha256=r2Y_crmX8v-HMWUh0GoBy5pBQOkl3sFaxeAbQmfEdhU,13906
+reconcile/ocm_clusters.py,sha256=YWfBF25E55Odm0L3dXnqRbC_bDuYIsBPg4j6DEpWCGw,16703
 reconcile/ocm_external_configuration_labels.py,sha256=imEpDv1RBpCSj8tHDv0R76hmNCFtcUzVNgS1yOVl8vs,3870
 reconcile/ocm_github_idp.py,sha256=glwXMsIBcl38-OmDDQCpe0YoLLXfoRgVQmqwXMEXjds,3946
 reconcile/ocm_groups.py,sha256=AmQ61fjJYS5PxwNEWtOAvOoJM86VfRQ0-ic6wgw6PU0,2888
@@ -338,7 +338,7 @@ reconcile/jenkins/types.py,sha256=0UlyJxv3KY1WXHkfI_ghUI6FAwRJTL4EwvLg-62tNcg,30
 reconcile/ldap_groups/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/ldap_groups/integration.py,sha256=GscI7833EOEOiaySc2yKMg0u0hqzVJ3D3r27JfCMY4g,11425
 reconcile/ocm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/ocm/types.py,sha256=Q9vPQI3LpLajGtPqks7i36AV6CjRho96mmsTkdJrEWM,2477
+reconcile/ocm/types.py,sha256=ibJYvzfAZyyMFkcF1bP8u3rkXciYJRplt_7Z1pKHFh0,2484
 reconcile/ocm_internal_notifications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/ocm_internal_notifications/integration.py,sha256=6JFLu6TlcMC1OB5WgTAd-ITlhH_56W5uBytggukNk3A,4391
 reconcile/ocm_labels/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -392,6 +392,7 @@ reconcile/templates/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSu
 reconcile/templates/aws_access_key_email.j2,sha256=2MUr1ERmyISzKgHqsWYLd-1Wbl-peUa-FsGUS-JLUFc,238
 reconcile/templates/email.yml.j2,sha256=OZgczNRgXPj2gVYTgwQyHAQrMGu7xp-e4W1rX19GcrU,690
 reconcile/templates/jira-checkpoint-missinginfo.j2,sha256=c_Vvg-lEENsB3tgxm9B6Y9igCUQhCnFDYh6xw-zcIbU,570
+reconcile/templates/rosa-hcp-cluster-creation.sh.j2,sha256=6qjnvWgkJ6A0Mh08uRKMWewxDeOqc0ju4JSmlp5sW_I,2146
 reconcile/templating/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/templating/renderer.py,sha256=IOZN0ASSKqp4JGXZ1BDba4XosD3nCuqhStxHMGBcxDI,5119
 reconcile/templating/rendering.py,sha256=msMGqCNh7M0c6A1l_7KBmT3GRHH9gsB8htN_9bGtwe4,4949
@@ -429,11 +430,11 @@ reconcile/test/test_jump_host.py,sha256=yczTqvT-hNAf9zBMuFjqka9fQOA31SCNG7D-9K9M
 reconcile/test/test_ldap_users.py,sha256=8jjzVgoiRRylGad6-TvkugoFGXt3eko--zVVKjmZDn4,3812
 reconcile/test/test_make.py,sha256=zTdjgq-3idFlec_0qJenk9wWw0QMLvSpJfPsptXmync,677
 reconcile/test/test_ocm_additional_routers.py,sha256=dtbpUnD5un6Q3VoLbuFRb_njmt5SSCnBzvSSBcO_Xxs,4248
-reconcile/test/test_ocm_clusters.py,sha256=NOxhJnlgOlRZF0-sfXCiRP0aiNiBiMl35MTCCh_Ff5s,23130
+reconcile/test/test_ocm_clusters.py,sha256=yiymyepNwV_JiCGEsvqKVAxq3WNJHsvrpJRuNRlyvtM,25468
 reconcile/test/test_ocm_clusters_manifest_updates.py,sha256=jFRVfc5jby1kI2x_gT6wcqPPgkav1et9wZH6JqQbNSY,3278
 reconcile/test/test_ocm_machine_pools.py,sha256=3qo6t2Jfr1Wee0NUacyLTDmatp0o7CUNpkVOpHiOiGk,29737
 reconcile/test/test_ocm_update_recommended_version.py,sha256=iA4BVirTGVXlwcOyeR52IuNO81X_8NR6ZNd7ZFE7igs,4328
-reconcile/test/test_ocm_upgrade_scheduler_org_updater.py,sha256=hT6sbdGUx8LGnMVvNI7wOVHcoan1YurckytlvtJdzGk,4347
+reconcile/test/test_ocm_upgrade_scheduler_org_updater.py,sha256=V91g2XQMa2nvKwkLVWkiPwNL6pMQE16s4jO0oXJ6wdk,4330
 reconcile/test/test_openshift_base.py,sha256=uVsnMghAQhHaJTreeOw4x2INTKJ6qeiZiiteWeKflW8,33874
 reconcile/test/test_openshift_cluster_bots.py,sha256=L-yuKvMgB0LBCdfLu7wozh_lk6S_m3umXt3m_ECfLEI,8023
 reconcile/test/test_openshift_namespace_labels.py,sha256=P1hqi6P88NijNrurdXG_QR2usyo3EYZSy9zpwYHvDsM,12104
@@ -638,7 +639,7 @@ reconcile/utils/jinja2/extensions.py,sha256=zV_x8MhSHAynKhFnG3fULXrwsm5fUG_88Iyg
 reconcile/utils/jinja2/filters.py,sha256=_kJjdMsY3lGS5PUn4NnpXUQDNrL1IwiKsB-0MhTMGYM,4521
 reconcile/utils/jinja2/utils.py,sha256=1TV_BoKrCFxVPbRY4hhUmbasrPa_wm9AoabCEIOXRLg,5947
 reconcile/utils/jobcontroller/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/utils/jobcontroller/controller.py,sha256=BeGm2KNfVnxPuQkfIFy3Tp9H_NSpoAu-gy40elUgvxs,14181
+reconcile/utils/jobcontroller/controller.py,sha256=QE4x-ahIWLA5GlI0KZEET0Elxq_aq4Hw1GBCRFSfv3U,14185
 reconcile/utils/jobcontroller/models.py,sha256=z0gRJy8Ow1leYS-GrvTUv-t-mQDPHTJVDoHb1nVcZ_8,6349
 reconcile/utils/membershipsources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/membershipsources/app_interface_resolver.py,sha256=IlDiRtJZ0AfAGKEawybB6SvsKbm1POTXL6fpEt699E0,1979
@@ -655,14 +656,15 @@ reconcile/utils/mr/notificator.py,sha256=2Xyg5Xh3xFQITdTmZ8Nry5qe0uC_w_On4uMPdlN
 reconcile/utils/mr/ocm_update_recommended_version.py,sha256=p_aVP0TGrlKk9WBwgQnYWqUDsED_Hg6G5Bqj0UvtRwA,1536
 reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py,sha256=RzEKRT_BhvB2ud9pyNFZ1cNZFmDGBUah9vjpP0y9f9w,2810
 reconcile/utils/mr/user_maintenance.py,sha256=cHPBn8zrReWLHalyk-EFdkFJe9zjVjRoZhT4t2zZfGE,3956
-reconcile/utils/ocm/__init__.py,sha256=5Pcf5cyftDWT5XRi1EzvNklOVxGplJi-v12HN3TDarc,57
+reconcile/utils/ocm/__init__.py,sha256=xv7CJp7K9LCQfa4gL_W0MMCOD1P4qOy8t5aZj1xXNUE,808
 reconcile/utils/ocm/addons.py,sha256=8wVrt16i69KkXq1fQByVheSQRhrRELbuOHb7Tz9bKT0,1675
 reconcile/utils/ocm/base.py,sha256=GclZtCrPkPJmGP9HHvqIlV-8VXSKuaQTQJkA2pklN60,13817
 reconcile/utils/ocm/cluster_groups.py,sha256=F8oqVqN_4QUnGL0K61zZhoYIzJeP57EcmZpwmoV0mr4,1751
-reconcile/utils/ocm/clusters.py,sha256=Q6g5kGSNfxZUZ56LPFAYjOz8xJ2c6QG76V78GvyLxB0,7448
+reconcile/utils/ocm/clusters.py,sha256=Nw9m-jgN3GHHCh6w9UOBbMV4rtS24_-Ep09jAWQ-_fE,7653
 reconcile/utils/ocm/identity_providers.py,sha256=dKed09N8iWmn39tI_MpwgVe47x23eLsknGbjMUxtwr4,2175
 reconcile/utils/ocm/labels.py,sha256=pRzTE506hKAgVbBNO51IBlGOuCbJmTYDMsL0pWBEwp8,5945
-reconcile/utils/ocm/ocm.py,sha256=Vxz07SWvlLHGm6E7zeG3Oi4hHD5iNVZVc1SqXIbpPdY,58522
+reconcile/utils/ocm/ocm.py,sha256=axXuTUpJR-fqhDo6OiDzEygOsR9OCX8ZV1I_Q2vWJQc,36712
+reconcile/utils/ocm/products.py,sha256=tm8uRc1FxeIhqHv-f_ColD5IHKcsqGaEnoe1RFQtH-8,25296
 reconcile/utils/ocm/search_filters.py,sha256=zExZpYBh7_tucG-xKoPHUxz1b_6l9qwbEMpMihQg7nA,15043
 reconcile/utils/ocm/service_log.py,sha256=XmGOP6hwhKwMEMeD0GhErTGzdgk1IHaKs-QatL1mAdY,2052
 reconcile/utils/ocm/sre_capability_labels.py,sha256=-TUmTzvK5yu7qY8SUMGj6-684wa8ZVYbjrJ6X3M7z-o,1576
@@ -672,7 +674,7 @@ reconcile/utils/ocm/syncsets.py,sha256=zvji9qWvInIRTdoybMaM9-VUhq4L1VewWfWCQmp4u
 reconcile/utils/ocm/upgrades.py,sha256=ZWDfg3VrmRGx7Re-JjecRjwmn7Rh-dsuLA3OljbCByg,6616
 reconcile/utils/rosa/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/rosa/rosa_cli.py,sha256=b7V3EgO4b4hOnvZzrxdn-bxRbkINQysOg_ecuB8l5GA,11364
-reconcile/utils/rosa/session.py,sha256=nPEmSNos0_ATQEVg2KckAlVyIEBvxUVo7pa0WMACoOU,4150
+reconcile/utils/rosa/session.py,sha256=imjCFgHHjlh3TPUDg6dZFzkmQqFq2kCKAM948XDKiUI,6098
 reconcile/utils/runtime/__init__.py,sha256=sfk92MGfsBh9tKYHl_FH17NdEsrGBwgDFTb7KNKoIfY,107
 reconcile/utils/runtime/desired_state_diff.py,sha256=finZnWoVDCiYTgu4lGk8G4QOFAGgiIDhD3fcnVqYoxM,8108
 reconcile/utils/runtime/environment.py,sha256=JLptHJoYyeLdMBghJppttP3wZ5HxHLMLgUcfGjIiKLM,2087
@@ -712,8 +714,8 @@ tools/test/test_app_interface_metrics_exporter.py,sha256=SX7qL3D1SIRKFo95FoQztvf
 tools/test/test_qontract_cli.py,sha256=OvalpVRfY4pNmpMaWHHYqBjV68b1eGQjX8SCyTAXb1w,3501
 tools/test/test_sd_app_sre_alert_report.py,sha256=v363r9zM7__0kR5K6mvJoGFcM9BvE33fWAayrqkpojA,2116
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.10.1rc613.dist-info/METADATA,sha256=OmG5nHaRuu7nDCZ91tOV_K4XRN0ZAvgzKYz1IbS9j0E,2382
-qontract_reconcile-0.10.1rc613.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-qontract_reconcile-0.10.1rc613.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
-qontract_reconcile-0.10.1rc613.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
-qontract_reconcile-0.10.1rc613.dist-info/RECORD,,
+qontract_reconcile-0.10.1rc614.dist-info/METADATA,sha256=-4XRtExmYEBBglO9ovJfxuTQRZdgwNWRUWLEXfb1Yx4,2382
+qontract_reconcile-0.10.1rc614.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+qontract_reconcile-0.10.1rc614.dist-info/entry_points.txt,sha256=rIxI5zWtHNlfpDeq1a7pZXAPoqf7HG32KMTN3MeWK_8,429
+qontract_reconcile-0.10.1rc614.dist-info/top_level.txt,sha256=l5ISPoXzt0SdR4jVdkfa7RPSKNc8zAHYWAnR-Dw8Ey8,24
+qontract_reconcile-0.10.1rc614.dist-info/RECORD,,

reconcile/cli.py

@@ -2235,12 +2235,65 @@ def ocm_groups(ctx, thread_pool_size):
 @integration.command(short_help="Manages clusters via OCM.")
 @gitlab_project_id
 @threaded()
+@click.option(
+    "--job-controller-cluster",
+    help="The cluster holding the job-controller namepsace",
+    required=False,
+    envvar="JOB_CONTROLLER_CLUSTER",
+)
+@click.option(
+    "--job-controller-namespace",
+    help="The namespace used for ROSA jobs",
+    required=False,
+    envvar="JOB_CONTROLLER_NAMESPACE",
+)
+@click.option(
+    "--rosa-job-service-account",
+    help="The service-account used for ROSA jobs",
+    required=False,
+    envvar="ROSA_JOB_SERVICE_ACCOUNT",
+)
+@click.option(
+    "--rosa-job-image",
+    help="The container image to use to run ROSA cli command jobs",
+    required=False,
+    envvar="ROSA_JOB_IMAGE",
+)
+@click.option(
+    "--rosa-role",
+    help="The role to assume in the ROSA cluster account",
+    required=False,
+    envvar="ROSA_ROLE",
+)
 @click.pass_context
-def ocm_clusters(ctx, gitlab_project_id, thread_pool_size):
-    import reconcile.ocm_clusters
+def ocm_clusters(
+    ctx,
+    gitlab_project_id: Optional[str],
+    thread_pool_size: int,
+    job_controller_cluster: Optional[str],
+    job_controller_namespace: Optional[str],
+    rosa_job_service_account: Optional[str],
+    rosa_role: Optional[str],
+    rosa_job_image: Optional[str],
+):
+    from reconcile.ocm_clusters import (
+        OcmClusters,
+        OcmClustersParams,
+    )
 
-    run_integration(
-        reconcile.ocm_clusters, ctx.obj, gitlab_project_id, thread_pool_size
+    run_class_integration(
+        integration=OcmClusters(
+            OcmClustersParams(
+                gitlab_project_id=gitlab_project_id,
+                thread_pool_size=thread_pool_size,
+                job_controller_cluster=job_controller_cluster,
+                job_controller_namespace=job_controller_namespace,
+                rosa_job_service_account=rosa_job_service_account,
+                rosa_job_image=rosa_job_image,
+                rosa_role=rosa_role,
+            )
+        ),
+        ctx=ctx.obj,
     )
 
 

reconcile/ocm/types.py

@@ -74,7 +74,7 @@ class ROSAOcmAwsAttrs(BaseModel):
 
 class ROSAClusterAWSAccount(BaseModel):
     uid: str
-    rosa: ROSAOcmAwsAttrs
+    rosa: ROSAOcmAwsAttrs | None
 
     class Config:
         extra = Extra.forbid

reconcile/ocm_clusters.py

@@ -4,7 +4,9 @@ from collections.abc import (
     Iterable,
     Mapping,
 )
-from typing import Any
+from typing import Any, Optional
+
+import semver
 
 import reconcile.utils.mr.clusters_updates as cu
 import reconcile.utils.ocm as ocmmod
@@ -21,9 +23,22 @@ from reconcile.ocm.types import (
 )
 from reconcile.status import ExitCodes
 from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.jobcontroller.controller import build_job_controller
+from reconcile.utils.ocm.products import (
+    OCMProduct,
+    OCMProductPortfolio,
+    OCMValidationException,
+    build_product_portfolio,
+)
+from reconcile.utils.rosa.session import RosaSessionBuilder
+from reconcile.utils.runtime.integration import (
+    PydanticRunParams,
+    QontractReconcileIntegration,
+)
 from reconcile.utils.semver_helper import parse_semver
 
 QONTRACT_INTEGRATION = "ocm-clusters"
+QONTRACT_INTEGRATION_VERSION = semver.format_version(0, 1, 0)
 
 
 def _set_rosa_ocm_attrs(cluster: Mapping[str, Any]):
@@ -32,26 +47,24 @@ def _set_rosa_ocm_attrs(cluster: Mapping[str, Any]):
     but the cluster only needs the target OCM environment where it belongs.
     This method changes the cluster dictionary to include just those.
     """
-    ocm_env = [
-        env
-        for env in cluster["spec"]["account"]["rosa"]["ocm_environments"]
-        if env["ocm"]["name"] == cluster["ocm"]["name"]
-    ]
-
-    if len(ocm_env) != 1:
-        logging.error(
-            "The cluster's OCM reference does not exist or it is duplicated in the AWS account manifest. "
-            "Check the cluster's AWS account rosa configuration. "
-            f"OCM:{cluster['ocm']['name']}, AWSAcc:{cluster['spec']['account']['uid']}"
-        )
-        sys.exit(ExitCodes.ERROR)
-
     uid = cluster["spec"]["account"]["uid"]
-    env = ocm_env[0]
-    # doing this allows to exclude account fields which can be queried in graphql
-    cluster["spec"]["account"] = ROSAClusterAWSAccount(
-        uid=uid,
-        rosa=ROSAOcmAwsAttrs(
+    rosa_ocm_configs = cluster["spec"]["account"]["rosa"]
+    rosa: ROSAOcmAwsAttrs | None = None
+    if rosa_ocm_configs:
+        ocm_env = [
+            env
+            for env in rosa_ocm_configs["ocm_environments"]
+            if env["ocm"]["name"] == cluster["ocm"]["name"]
+        ]
+        if len(ocm_env) != 1:
+            logging.error(
+                "The cluster's OCM reference does not exist or it is duplicated in the AWS account manifest. "
+                "Check the cluster's AWS account rosa configuration. "
+                f"OCM:{cluster['ocm']['name']}, AWSAcc:{cluster['spec']['account']['uid']}"
+            )
+            sys.exit(ExitCodes.ERROR)
+        env = ocm_env[0]
+        rosa = ROSAOcmAwsAttrs(
             creator_role_arn=env["creator_role_arn"],
             sts=ROSAOcmAwsStsAttrs(
                 installer_role_arn=env["installer_role_arn"],
@@ -59,7 +72,14 @@ def _set_rosa_ocm_attrs(cluster: Mapping[str, Any]):
                 controlplane_role_arn=env.get("controlplane_role_arn"),
                 worker_role_arn=env["worker_role_arn"],
             ),
-        ),
+        )
+    else:
+        rosa = None
+
+    # doing this allows to exclude account fields which can be queried in graphql
+    cluster["spec"]["account"] = ROSAClusterAWSAccount(
+        uid=uid,
+        rosa=rosa,
     )
 
 
@@ -210,7 +230,7 @@ def get_app_interface_spec_updates(
 
 
 def get_cluster_ocm_update_spec(
-    ocm: ocmmod.OCM, cluster: str, current_spec: OCMSpec, desired_spec: OCMSpec
+    product: OCMProduct, cluster: str, current_spec: OCMSpec, desired_spec: OCMSpec
 ) -> tuple[dict[str, Any], bool]:
     """Get cluster updates to request to OCM api
 
@@ -221,8 +241,6 @@ def get_cluster_ocm_update_spec(
     :return: a tuple with the updates to request to OCM and a bool to notify errors
     """
 
-    impl = ocmmod.OCM_PRODUCTS_IMPL[current_spec.spec.product]
-
     error = False
     if not desired_spec.network.type:
         desired_spec.network.type = "OVNKubernetes"
@@ -237,13 +255,13 @@ def get_cluster_ocm_update_spec(
     current_ocm_spec = {
         k: v
         for k, v in cspec.items()
-        if v is not None and k not in impl.EXCLUDED_SPEC_FIELDS
+        if v is not None and k not in product.EXCLUDED_SPEC_FIELDS
     }
 
     desired_ocm_spec = {
         k: v
         for k, v in dspec.items()
-        if v is not None and k not in impl.EXCLUDED_SPEC_FIELDS
+        if v is not None and k not in product.EXCLUDED_SPEC_FIELDS
     }
 
     # Updated attributes in app-interface
@@ -258,7 +276,7 @@ def get_cluster_ocm_update_spec(
 
     diffs = deleted_attrs | updated_attrs
 
-    not_allowed_updates = set(diffs) - impl.ALLOWED_SPEC_UPDATE_FIELDS
+    not_allowed_updates = set(diffs) - product.ALLOWED_SPEC_UPDATE_FIELDS
     if not_allowed_updates:
         error = True
         logging.error(f"[{cluster}] invalid updates: {not_allowed_updates}")
@@ -267,7 +285,7 @@ def get_cluster_ocm_update_spec(
 
 
 def _app_interface_updates_mr(
-    clusters_updates: Mapping[str, Any], gitlab_project_id: str, dry_run: bool
+    clusters_updates: Mapping[str, Any], gitlab_project_id: Optional[str], dry_run: bool
 ):
     """Creates an MR to app-interface with the necessary cluster manifest updates
 
@@ -301,83 +319,133 @@ def _cluster_is_compatible(cluster: Mapping[str, Any]) -> bool:
     return cluster.get("ocm") is not None
 
 
-def run(dry_run: bool, gitlab_project_id=None, thread_pool_size=10):
-    settings = queries.get_app_interface_settings()
-    clusters = queries.get_clusters()
-    clusters = [
-        c
-        for c in clusters
-        if integration_is_enabled(QONTRACT_INTEGRATION, c) and _cluster_is_compatible(c)
-    ]
-    if not clusters:
-        logging.debug("No OCM cluster definitions found in app-interface")
-        sys.exit(ExitCodes.SUCCESS)
-
-    ocm_map = ocmmod.OCMMap(
-        clusters=clusters,
-        integration=QONTRACT_INTEGRATION,
-        settings=settings,
-        init_provision_shards=True,
-    )
+class OcmClustersParams(PydanticRunParams):
+    gitlab_project_id: Optional[str] = None
+    thread_pool_size: int = 10
 
-    # current_state is the state got from the ocm api
-    current_state, pending_state = ocm_map.cluster_specs()
-    desired_state = fetch_desired_state(clusters)
+    # rosa job controller params
+    job_controller_cluster: Optional[str] = None
+    job_controller_namespace: Optional[str] = None
+    rosa_job_service_account: Optional[str] = None
+    rosa_role: Optional[str] = None
+    rosa_job_image: Optional[str] = None
 
-    error = False
-    clusters_updates = {}
-
-    for cluster_name, desired_spec in desired_state.items():
-        current_spec = current_state.get(cluster_name)
-        if current_spec:
-            # App-Interface manifests updates.
-            # OCM populated attributes that are not set in app-interface.
-            # These updates are performed with a single MR out of this main loop
-            clusters_updates[cluster_name], err = get_app_interface_spec_updates(
-                cluster_name, current_spec, desired_spec
-            )
-            if err:
-                error = True
-
-            # OCM API Updates
-            # Changes made to app-interface manifests that need to be requested
-            # to the OCM Api
-            ocm = ocm_map.get(cluster_name)
-            update_spec, err = get_cluster_ocm_update_spec(
-                ocm, cluster_name, current_spec, desired_spec
-            )
-            if err:
-                error = True
-                continue
-
-            # update cluster
-            if update_spec:
-                logging.info(["update_cluster", cluster_name])
-                logging.debug(
-                    f"current_spec: {current_spec}, desired_spec: {desired_spec}"
+
+class OcmClusters(QontractReconcileIntegration[OcmClustersParams]):
+    @property
+    def name(self) -> str:
+        return QONTRACT_INTEGRATION
+
+    def rosa_session_builder(self) -> RosaSessionBuilder | None:
+        if (
+            self.params.job_controller_cluster is None
+            or self.params.job_controller_namespace is None
+            or self.params.rosa_job_service_account is None
+            or self.params.rosa_role is None
+            or self.params.rosa_job_image is None
+        ):
+            return None
+        return RosaSessionBuilder(
+            aws_iam_role=self.params.rosa_role,
+            image=self.params.rosa_job_image,
+            service_account=self.params.rosa_job_service_account,
+            job_controller=build_job_controller(
+                cluster=self.params.job_controller_cluster,
+                namespace=self.params.job_controller_namespace,
+                integration=self.name,
+                integration_version=QONTRACT_INTEGRATION_VERSION,
+                secret_reader=self.secret_reader,
+                dry_run=False,
+            ),
+        )
+
+    def assemble_product_portfolio(self) -> OCMProductPortfolio:
+        return build_product_portfolio(self.rosa_session_builder())
+
+    def run(self, dry_run: bool) -> None:
+        settings = queries.get_app_interface_settings()
+        clusters = queries.get_clusters()
+        clusters = [
+            c
+            for c in clusters
+            if integration_is_enabled(self.name, c) and _cluster_is_compatible(c)
+        ]
+        if not clusters:
+            logging.debug("No OCM cluster definitions found in app-interface")
+            sys.exit(ExitCodes.SUCCESS)
+
+        product_portfolio = self.assemble_product_portfolio()
+        ocm_map = ocmmod.OCMMap(
+            clusters=clusters,
+            integration=self.name,
+            settings=settings,
+            init_provision_shards=True,
+            product_portfolio=product_portfolio,
+        )
+
+        # current_state is the state got from the ocm api
+        current_state, pending_state = ocm_map.cluster_specs()
+        desired_state = fetch_desired_state(clusters)
+
+        error = False
+        clusters_updates = {}
+
+        for cluster_name, desired_spec in desired_state.items():
+            current_spec = current_state.get(cluster_name)
+            if current_spec:
+                # App-Interface manifests updates.
+                # OCM populated attributes that are not set in app-interface.
+                # These updates are performed with a single MR out of this main loop
+                clusters_updates[cluster_name], err = get_app_interface_spec_updates(
+                    cluster_name, current_spec, desired_spec
                 )
+                if err:
+                    error = True
+
+                # OCM API Updates
+                # Changes made to app-interface manifests that need to be requested
+                # to the OCM Api
                 ocm = ocm_map.get(cluster_name)
-                ocm.update_cluster(cluster_name, update_spec, dry_run)
-
-        else:
-            # create cluster
-            if cluster_name in pending_state:
-                continue
-            logging.info(["create_cluster", cluster_name])
-            ocm = ocm_map.get(cluster_name)
-            try:
-                ocm.create_cluster(cluster_name, desired_spec, dry_run)
-            except NotImplementedError:
-                logging.error(
-                    f"[{cluster_name}] Create clusters is not currently implemented "
-                    f"for [{desired_spec.spec.product}] product type. Make sure the "
-                    "cluster exists and it is returned by the OCM api before adding "
-                    "its manifest to app-interface"
+                product = product_portfolio.get_product_impl(
+                    current_spec.spec.product, current_spec.spec.hypershift
                 )
-                error = True
-            except ocmmod.OCMValidationException as e:
-                logging.error("[%s] Error creating cluster: %s", cluster_name, e)
-                error = True
-
-    _app_interface_updates_mr(clusters_updates, gitlab_project_id, dry_run)
-    sys.exit(int(error))
+                update_spec, err = get_cluster_ocm_update_spec(
+                    product, cluster_name, current_spec, desired_spec
+                )
+                if err:
+                    error = True
+                    continue
+
+                # update cluster
+                if update_spec:
+                    logging.info(["update_cluster", cluster_name])
+                    logging.debug(
+                        f"current_spec: {current_spec}, desired_spec: {desired_spec}"
+                    )
+                    ocm = ocm_map.get(cluster_name)
+                    ocm.update_cluster(cluster_name, update_spec, dry_run)
+
+            else:
+                # create cluster
+                if cluster_name in pending_state:
+                    continue
+                logging.info(["create_cluster", cluster_name])
+                ocm = ocm_map.get(cluster_name)
+                try:
+                    ocm.create_cluster(cluster_name, desired_spec, dry_run)
+                except NotImplementedError:
+                    logging.error(
+                        f"[{cluster_name}] Create clusters is not currently implemented "
+                        f"for [{desired_spec.spec.product}] product type. Make sure the "
+                        "cluster exists and it is returned by the OCM api before adding "
+                        "its manifest to app-interface"
+                    )
+                    error = True
+                except OCMValidationException as e:
+                    logging.error("[%s] Error creating cluster: %s", cluster_name, e)
+                    error = True
+
+        _app_interface_updates_mr(
+            clusters_updates, self.params.gitlab_project_id, dry_run
+        )
+        sys.exit(int(error))

reconcile/templates/rosa-hcp-cluster-creation.sh.j2

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+rosa init
+rosa create ocm-role --admin -y -m auto
+rosa create account-roles --hosted-cp -y -m auto
+rosa create user-role -y -m auto
+
+# OIDC config
+{% if cluster.spec.oidc_endpoint_url %}
+OIDC_CONFIG_ID="{{ (cluster.spec.oidc_endpoint_url | split("/")) | last }}"
+{% else %}
+OIDC_CONFIG_ID=$(rosa list oidc-provider -o json | jq '.[0].arn // "/" | split("/") | .[-1]' -r)
+if [[ -z "${OIDC_CONFIG_ID}" ]]; then
+    rosa create oidc-config -m auto -y
+    OIDC_CONFIG_ID=$(rosa list oidc-provider -o json | jq '.[0].arn // "/" | split("/") | .[-1]' -r)
+else
+    echo "reuse existing OIDC config ${OIDC_CONFIG_ID}"
+fi
+{% endif %}
+
+# operator roles
+INSTALLER_ROLE_ARN=$(rosa list account-roles --region us-east-1 -o json | jq '.[] | select(.RoleType == "Installer") | .RoleARN' -r)
+rosa create operator-roles --prefix {{ cluster_name }} --oidc-config-id ${OIDC_CONFIG_ID} --hosted-cp --installer-role-arn ${INSTALLER_ROLE_ARN} -m auto -y
+
+# cluster creation
+BILLING_ACCOUNT_ID=$(aws organizations describe-organization | jq .Organization.MasterAccountId -r)
+rosa create cluster --cluster-name={{ cluster_name }} \
+    --billing-account ${BILLING_ACCOUNT_ID} \
+    {% if dry_run -%}
+    --dry-run \
+    {% endif -%}
+    --sts \
+    --hosted-cp \
+    --oidc-config-id ${OIDC_CONFIG_ID} \
+    --operator-roles-prefix {{ cluster_name }} \
+    --subnet-ids {{ cluster.spec.subnet_ids | join(",") }} \
+    --region {{ cluster.spec.region }} \
+    --version {{ cluster.spec.version }} \
+    --machine-cidr {{ cluster.network.vpc }} \
+    --service-cidr {{ cluster.network.service }} \
+    --pod-cidr {{ cluster.network.pod }} \
+    --host-prefix 23 \
+    --replicas {{ cluster.machine_pools | length }} \
+    --compute-machine-type {{ cluster.machine_pools[0].instance_type }} \
+    {% if cluster.spec.private -%}
+    --private \
+    {% endif -%}
+    {% if cluster.spec.disable_user_workload_monitoring -%}
+    --disable-workload-monitoring \
+    {% endif -%}
+    {% if cluster.spec.provision_shard_id -%}
+    --properties provision_shard_id:{{ cluster.spec.provision_shard_id }} \
+    {% endif -%}
+    --channel-group {{ cluster.spec.channel }}