qontract-reconcile 0.10.1rc879__py3-none-any.whl → 0.10.1rc894__py3-none-any.whl

reconcile/utils/terrascript_aws_client.py

@@ -7,6 +7,7 @@ import random
 import re
 import string
 import tempfile
+from collections import Counter
 from collections.abc import (
     Iterable,
     Mapping,
@@ -21,7 +22,6 @@ from json import JSONDecodeError
 from threading import Lock
 from typing import (
     Any,
-    Optional,
     cast,
 )
 
@@ -273,6 +273,18 @@ DEFAULT_TAGS = {
 }
 
 
+class OutputResourceNameNotUniqueException(Exception):
+    def __init__(self, namespace, duplicates):
+        self.namespace, self.duplicates = namespace, duplicates
+        super().__init__(
+            str.format(
+                "Found duplicate values {} for 'output_resource_name' in namespace {}. Please ensure 'output_resource_name' is unique in a given namespace.",
+                self.duplicates,
+                self.namespace,
+            )
+        )
+
+
 class StateInaccessibleException(Exception):
     pass
 
@@ -379,9 +391,9 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         integration_prefix: str,
         thread_pool_size: int,
         accounts: Iterable[dict[str, Any]],
-        settings: Optional[Mapping[str, Any]] = None,
-        prefetch_resources_by_schemas: Optional[list[str]] = None,
-        secret_reader: Optional[SecretReaderBase] = None,
+        settings: Mapping[str, Any] | None = None,
+        prefetch_resources_by_schemas: list[str] | None = None,
+        secret_reader: SecretReaderBase | None = None,
     ) -> None:
         self.integration = integration
         self.integration_prefix = integration_prefix
@@ -478,9 +490,9 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         self.rosa_authenticator_pre_signup_zip_lock = Lock()
         self.lambda_zip: dict[str, str] = {}
         self.lambda_lock = Lock()
-        self.github: Optional[Github] = None
+        self.github: Github | None = None
         self.github_lock = Lock()
-        self.gitlab: Optional[GitLabApi] = None
+        self.gitlab: GitLabApi | None = None
         self.gitlab_lock = Lock()
         self.jenkins_map: dict[str, JenkinsApi] = {}
         self.jenkins_lock = Lock()
@@ -509,7 +521,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
         # defaults from account
         bucket_backend_value = config.get("bucket")
-        key_backend_value = config.get("{}_key".format(integration))
+        key_backend_value = config.get(f"{integration}_key")
         region_backend_value = config.get("region")
         terraform_state = config["terraformState"]
         if terraform_state:
@@ -757,7 +769,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         self,
         roles,
         skip_reencrypt_accounts: list[str],
-        appsre_pgp_key: Optional[str],
+        appsre_pgp_key: str | None,
     ):
         error = False
         for role in roles:
@@ -785,9 +797,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
                 # we want to include the console url in the outputs
                 # to be used later to generate the email invitations
-                output_name = "{}_console-urls__{}".format(
-                    self.integration_prefix, account_name
-                )
+                output_name = f"{self.integration_prefix}_console-urls__{account_name}"
                 output_value = account_console_url
                 tf_output = Output(output_name, value=output_value)
                 self.add_resource(account_name, tf_output)
@@ -846,8 +856,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                     # we want the outputs to be formed into a mail invitation
                     # for each new user. we form an output of the form
                     # 'qrtf.enc-passwords[user_name] = <encrypted password>
-                    output_name = "{}_enc-passwords__{}".format(
-                        self.integration_prefix, user_name
+                    output_name = (
+                        f"{self.integration_prefix}_enc-passwords__{user_name}"
                     )
                     output_value = (
                         "${" + tf_iam_user_login_profile.encrypted_password + "}"
@@ -891,7 +901,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         self,
         roles,
         skip_reencrypt_accounts: list[str],
-        appsre_pgp_key: Optional[str] = None,
+        appsre_pgp_key: str | None = None,
     ):
         self.populate_iam_groups(roles)
         err = self.populate_iam_users(
@@ -912,7 +922,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
     @staticmethod
     def get_resource_lifecycle(
         common_values: dict[str, Any],
-    ) -> Optional[dict[str, Any]]:
+    ) -> dict[str, Any] | None:
         if lifecycle := common_values.get("lifecycle"):
             lifecycle = NamespaceTerraformResourceLifecycleV1(**lifecycle)
             if lifecycle.create_before_destroy is None:
@@ -1013,7 +1023,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                 record["health_check_id"] = f"${{{healthcheck_resource.id}}}"
 
             # Get value from Vault if _records_from_vault was set
-            records_from_vault: Optional[Iterable[dict[str, str]]] = record.pop(
+            records_from_vault: Iterable[dict[str, str]] | None = record.pop(
                 "records_from_vault", None
             )
             if records_from_vault:
@@ -1467,7 +1477,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
         return results
 
-    def populate_resources(self, ocm_map: Optional[OCMMap] = None) -> None:
+    def populate_resources(self, ocm_map: OCMMap | None = None) -> None:
         """
         Populates the terraform configuration from resource specs.
         :param ocm_map:
@@ -1479,7 +1489,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
     def init_populate_specs(
         self,
         namespaces: Iterable[Mapping[str, Any]],
-        account_names: Optional[Iterable[str]],
+        account_names: Iterable[str] | None,
     ) -> None:
         """
         Initiates resource specs from the definitions in app-interface
@@ -1494,12 +1504,19 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
             specs = get_external_resource_specs(
                 namespace_info, provision_provider=PROVIDER_AWS
             )
+            name_counter = Counter(spec.output_resource_name for spec in specs)
+            duplicates = [name for name, count in name_counter.items() if count > 1]
+            if duplicates:
+                raise OutputResourceNameNotUniqueException(
+                    namespace_info.get("name"), duplicates
+                )
             for spec in specs:
                 if account_names and spec.provisioner_name not in account_names:
                     continue
                 self.account_resource_specs.setdefault(
                     spec.provisioner_name, []
                 ).append(spec)
+
                 self.resource_spec_inventory[spec.id_object()] = spec
 
     def populate_tf_resources(self, spec, ocm_map=None):
@@ -1908,7 +1925,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
     def _find_resource_spec(
         self, account: str, source: str, provider: str
-    ) -> Optional[ExternalResourceSpec]:
+    ) -> ExternalResourceSpec | None:
         if account not in self.account_resource_specs:
             return None
 
@@ -2168,7 +2185,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         tf_resources.append(Output(output_name, value=output_value))
         output_name = output_prefix + "__aws_region"
         tf_resources.append(Output(output_name, value=region))
-        endpoint = "s3.{}.amazonaws.com".format(region)
+        endpoint = f"s3.{region}.amazonaws.com"
         output_name = output_prefix + "__endpoint"
         tf_resources.append(Output(output_name, value=endpoint))
 
@@ -2480,7 +2497,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                 for k, v in data.items():
                     to_replace = "${" + k + "}"
                     user_policy = user_policy.replace(to_replace, v)
-                    output_name = output_prefix + "__{}".format(k)
+                    output_name = output_prefix + f"__{k}"
                     tf_resources.append(Output(output_name, value=v))
 
             tf_aws_iam_policy = aws_iam_policy(
@@ -2769,10 +2786,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                 tf_resources.append(queue_tf_resource)
                 output_name = output_prefix + "__aws_region"
                 tf_resources.append(Output(output_name, value=region))
-                output_name = "{}__{}".format(output_prefix, queue_key)
-                output_value = "https://sqs.{}.amazonaws.com/{}/{}".format(
-                    region, uid, queue_name
-                )
+                output_name = f"{output_prefix}__{queue_key}"
+                output_value = f"https://sqs.{region}.amazonaws.com/{uid}/{queue_name}"
                 tf_resources.append(Output(output_name, value=output_value))
             all_queues_per_spec.append(all_queues)
 
@@ -2925,7 +2940,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                     values["provider"] = "aws." + region
                 table_tf_resource = aws_dynamodb_table(table, **values)
                 tf_resources.append(table_tf_resource)
-                output_name = "{}__{}".format(output_prefix, table_key)
+                output_name = f"{output_prefix}__{table_key}"
                 tf_resources.append(Output(output_name, value=table))
 
         output_name = output_prefix + "__aws_region"
@@ -2960,8 +2975,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
                     "Effect": "Allow",
                     "Action": ["dynamodb:*"],
                     "Resource": [
-                        "arn:aws:dynamodb:{}:{}:table/{}".format(region, uid, t)
-                        for t in all_tables
+                        f"arn:aws:dynamodb:{region}:{uid}:table/{t}" for t in all_tables
                     ],
                 }
             ],
@@ -3420,10 +3434,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         tf_resources.append(user_policy_attachment_tf_resource)
 
         # outputs
-        output_name = "{}__{}".format(output_prefix, sqs_identifier)
-        output_value = "https://sqs.{}.amazonaws.com/{}/{}".format(
-            region, uid, sqs_identifier
-        )
+        output_name = f"{output_prefix}__{sqs_identifier}"
+        output_value = f"https://sqs.{region}.amazonaws.com/{uid}/{sqs_identifier}"
         tf_resources.append(Output(output_name, value=output_value))
 
         self.add_resources(account, tf_resources)
@@ -4042,8 +4054,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
     def add_resource(self, account, tf_resource):
         if account not in self.locks:
             logging.debug(
-                "integration {} is disabled for account {}. "
-                "can not add resource".format(self.integration, account)
+                f"integration {self.integration} is disabled for account {account}. "
+                "can not add resource"
             )
             return
         with self.locks[account]:
@@ -4051,8 +4063,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
     def dump(
         self,
-        print_to_file: Optional[str] = None,
-        existing_dirs: Optional[dict[str, str]] = None,
+        print_to_file: str | None = None,
+        existing_dirs: dict[str, str] | None = None,
     ) -> dict[str, str]:
         """
         Dump the Terraform configurations (in JSON format) to the working directories.
@@ -4311,7 +4323,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
     def _get_elasticsearch_account_wide_resource_policy(
         self, account: str
-    ) -> Optional[aws_cloudwatch_log_resource_policy]:
+    ) -> aws_cloudwatch_log_resource_policy | None:
         """
         https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html
         CloudWatch Logs supports 10 resource policies per Region.
@@ -5386,7 +5398,7 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
 
     def get_asg_image_id(
         self, filters: Iterable[Mapping[str, Any]], account: str, region: str
-    ) -> Optional[str]:
+    ) -> str | None:
         """
         AMI ID comes form AWS Api filter result.
         AMI needs to be shared by integration aws-ami-share.

reconcile/utils/unleash/client.py

@@ -2,10 +2,7 @@ import logging
 import os
 import threading
 from collections.abc import Mapping
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from UnleashClient import (
     BaseCache,
@@ -13,7 +10,7 @@ from UnleashClient import (
 )
 from UnleashClient.strategies import Strategy
 
-client: Optional[UnleashClient] = None
+client: UnleashClient | None = None
 client_lock = threading.Lock()
 
 
@@ -43,7 +40,7 @@ class ClusterStrategy(Strategy):
 
 
 class DisableClusterStrategy(ClusterStrategy):
-    def apply(self, context: Optional[dict] = None) -> bool:
+    def apply(self, context: dict | None = None) -> bool:
         enable = True
 
         if context and "cluster_name" in context.keys():
@@ -54,7 +51,7 @@ class DisableClusterStrategy(ClusterStrategy):
 
 
 class EnableClusterStrategy(ClusterStrategy):
-    def apply(self, context: Optional[dict] = None) -> bool:
+    def apply(self, context: dict | None = None) -> bool:
         enable = False
 
         if context and "cluster_name" in context.keys():

reconcile/utils/unleash/server.py

@@ -1,4 +1,4 @@
-from enum import Enum
+from enum import StrEnum
 
 import requests
 from pydantic import BaseModel, Field
@@ -6,7 +6,7 @@ from pydantic import BaseModel, Field
 from reconcile.utils.rest_api_base import ApiBase, BearerTokenAuth
 
 
-class FeatureToggleType(str, Enum):
+class FeatureToggleType(StrEnum):
     experiment = "experiment"
     kill_switch = "kill-switch"
     release = "release"

reconcile/utils/vault.py

@@ -5,7 +5,6 @@ import threading
 import time
 from collections.abc import Mapping
 from functools import lru_cache
-from typing import Optional
 
 import hvac
 import requests
@@ -60,11 +59,11 @@ class _VaultClient:
 
     def __init__(
         self,
-        server: Optional[str] = None,
-        role_id: Optional[str] = None,
-        secret_id: Optional[str] = None,
-        kube_auth_role: Optional[str] = None,
-        kube_auth_mount: Optional[str] = None,
+        server: str | None = None,
+        role_id: str | None = None,
+        secret_id: str | None = None,
+        kube_auth_role: str | None = None,
+        kube_auth_mount: str | None = None,
         auto_refresh: bool = True,
     ):
         config = get_config()
@@ -164,7 +163,7 @@ class _VaultClient:
             self._client.auth_approle(self.role_id, self.secret_id)
 
     @retry()
-    def read_all_with_version(self, secret: Mapping) -> tuple[Mapping, Optional[str]]:
+    def read_all_with_version(self, secret: Mapping) -> tuple[Mapping, str | None]:
         """Returns a dictionary of keys and values in a Vault secret and the
         version of the secret, for V1 secrets, version will be None.
 
@@ -215,9 +214,7 @@ class _VaultClient:
 
         return version
 
-    def __read_all_v2(
-        self, path: str, version: Optional[str]
-    ) -> tuple[dict, Optional[str]]:
+    def __read_all_v2(self, path: str, version: str | None) -> tuple[dict, str | None]:
         path_split = path.split("/")
         mount_point = path_split[0]
         read_path = "/".join(path_split[1:])
@@ -306,7 +303,7 @@ class _VaultClient:
         try:
             secret_field = data[field]
         except KeyError:
-            raise SecretFieldNotFound("{}/{}".format(path, field))
+            raise SecretFieldNotFound(f"{path}/{field}")
         return secret_field
 
     @retry()

reconcile/utils/vaultsecretref.py

@@ -1,6 +1,5 @@
 from dataclasses import dataclass
 from typing import (
-    Optional,
     cast,
 )
 
@@ -16,8 +15,8 @@ class VaultSecretRef:
 
     path: str
     field: str
-    format: Optional[str] = None
-    version: Optional[int] = None
+    format: str | None = None
+    version: int | None = None
 
     def get(self, field=None, default=None):
         secret_content = self._resolve_secret()

reconcile/utils/vcs.py

@@ -6,7 +6,6 @@ from collections.abc import Iterable
 from dataclasses import dataclass
 from datetime import datetime
 from enum import Enum
-from typing import Optional
 
 from gitlab.v4.objects import ProjectMergeRequest
 
@@ -57,10 +56,10 @@ class VCS:
         dry_run: bool,
         allow_deleting_mrs: bool = False,
         allow_opening_mrs: bool = False,
-        gitlab_instance: Optional[GitLabApi] = None,
-        default_gh_token: Optional[str] = None,
-        app_interface_api: Optional[GitLabApi] = None,
-        github_api_per_repo_url: Optional[dict[str, GithubRepositoryApi]] = None,
+        gitlab_instance: GitLabApi | None = None,
+        default_gh_token: str | None = None,
+        app_interface_api: GitLabApi | None = None,
+        github_api_per_repo_url: dict[str, GithubRepositoryApi] | None = None,
     ):
         self._dry_run = dry_run
         self._allow_deleting_mrs = allow_deleting_mrs
@@ -106,7 +105,7 @@ class VCS:
         return defaults[0]
 
     def _init_github(
-        self, repo_url: str, auth_code: Optional[HasSecret]
+        self, repo_url: str, auth_code: HasSecret | None
     ) -> GithubRepositoryApi:
         if repo_url not in self._gh_per_repo_url:
             if auth_code:
@@ -159,7 +158,7 @@ class VCS:
                 return MRCheckStatus.NONE
 
     def get_commit_sha(
-        self, repo_url: str, ref: str, auth_code: Optional[HasSecret]
+        self, repo_url: str, ref: str, auth_code: HasSecret | None
     ) -> str:
         if bool(self._is_commit_sha_regex.search(ref)):
             return ref
@@ -174,7 +173,7 @@ class VCS:
         repo_url: str,
         commit_from: str,
         commit_to: str,
-        auth_code: Optional[HasSecret],
+        auth_code: HasSecret | None,
     ) -> list[Commit]:
         """
         Return a list of commits between two commits.

reconcile/vault_replication.py

@@ -2,8 +2,6 @@ import logging
 import re
 from collections.abc import Iterable
 from typing import (
-    Optional,
-    Union,
     cast,
 )
 
@@ -179,7 +177,7 @@ def copy_vault_secret(
 
 def check_invalid_paths(
     path_list: Iterable[str],
-    policy_paths: Optional[Iterable[str]],
+    policy_paths: Iterable[str] | None,
 ) -> None:
     """Checks if the paths to be replicated are present in the policy used to limit the secrets
     that are going to be replicated."""
@@ -283,12 +281,10 @@ def get_jenkins_secret_list(
 
 
 def get_vault_credentials(
-    vault_auth: Union[
-        VaultReplicationConfigV1_VaultInstanceAuthV1,
-        VaultInstanceV1_VaultReplicationConfigV1_VaultInstanceAuthV1,
-    ],
+    vault_auth: VaultReplicationConfigV1_VaultInstanceAuthV1
+    | VaultInstanceV1_VaultReplicationConfigV1_VaultInstanceAuthV1,
     vault_address: str,
-) -> dict[str, Optional[str]]:
+) -> dict[str, str | None]:
     """Returns a dictionary with the credentials used to authenticate with Vault,
     retrieved from the values present on AppInterface and comming from Vault itself."""
     vault_creds = {}

reconcile/vpc_peerings_validator.py

@@ -2,7 +2,6 @@ import ipaddress
 import logging
 import sys
 from typing import (
-    Union,
     cast,
 )
 
@@ -107,10 +106,8 @@ def validate_no_internal_to_public_peerings(
             }:
                 continue
             connection = cast(
-                Union[
-                    ClusterPeeringConnectionClusterAccepterV1,
-                    ClusterPeeringConnectionClusterRequesterV1,
-                ],
+                ClusterPeeringConnectionClusterAccepterV1
+                | ClusterPeeringConnectionClusterRequesterV1,
                 connection,
             )
             peer = connection.cluster
@@ -150,10 +147,8 @@ def validate_no_public_to_public_peerings(
             }:
                 continue
             connection = cast(
-                Union[
-                    ClusterPeeringConnectionClusterAccepterV1,
-                    ClusterPeeringConnectionClusterRequesterV1,
-                ],
+                ClusterPeeringConnectionClusterAccepterV1
+                | ClusterPeeringConnectionClusterRequesterV1,
                 connection,
             )
             peer = connection.cluster

release/version.py

@@ -5,7 +5,6 @@ import os
 import re
 import subprocess
 import sys
-from subprocess import PIPE
 from typing import Optional
 
 GIT_VERSION_FILE = "GIT_VERSION"
@@ -21,7 +20,7 @@ def git() -> str:
     """
     cmd = "git describe --tags --match=[0-9]*.[0-9]*.[0-9]*"
     try:
-        p = subprocess.run(cmd.split(" "), stdout=PIPE, stderr=PIPE, check=True)
+        p = subprocess.run(cmd.split(" "), capture_output=True, check=True)
         v = p.stdout.decode("utf-8").strip()
         # tox is running setup.py sdist from the git repo, and then runs again outside
         # of the git repo. At this second step, we cannot run git commands.
@@ -35,7 +34,7 @@ def git() -> str:
         # if we're not in a git repo, try reading out from the GIT_VERSION file
         if os.path.exists(GIT_VERSION_FILE):
             with open(
-                GIT_VERSION_FILE, "r", encoding=locale.getpreferredencoding(False)
+                GIT_VERSION_FILE, encoding=locale.getpreferredencoding(False)
             ) as f:
                 return f.read()
         print(e.stderr)
@@ -45,11 +44,11 @@ def git() -> str:
 def commit(length: int = 7) -> str:
     """get the current git commitid"""
     cmd = f"git rev-parse --short={length} HEAD"
-    p = subprocess.run(cmd.split(" "), stdout=PIPE, stderr=PIPE, check=True)
+    p = subprocess.run(cmd.split(" "), capture_output=True, check=True)
     return p.stdout.decode("utf-8").strip()
 
 
-def semver(git_version: Optional[str] = None) -> str:
+def semver(git_version: Optional[str] = None) -> str:  # noqa: UP007 - RHEL8 has python 3.8
     """get a semantic version out of the input git version (see git())
     - if a X.Y.Z tag is set on the current HEAD, we'll use this
     - else we'll use X.Y.<Z+1>-<count>+<commitid> to respect semver and version
@@ -72,7 +71,7 @@ def semver(git_version: Optional[str] = None) -> str:
     return str(v)
 
 
-def pip(git_version: Optional[str] = None) -> str:
+def pip(git_version: Optional[str] = None) -> str:  # noqa: UP007 - RHEL8 has python 3.8
     """get a pip version out of the input git version (see git()),
     according to https://peps.python.org/pep-0440/
     - if a X.Y.Z tag is set on the current HEAD, we'll use this
@@ -88,7 +87,7 @@ def pip(git_version: Optional[str] = None) -> str:
     # return str(v)
 
 
-def docker(git_version: Optional[str] = None) -> str:
+def docker(git_version: Optional[str] = None) -> str:  # noqa: UP007 - RHEL8 has python 3.8
     # docker tags don't like '+' characters, let's remove the buildinfo/commitid
     return pip(git_version)
 

tools/app_interface_reporter.py

@@ -2,8 +2,8 @@ import logging
 import os
 import textwrap
 from datetime import (
+    UTC,
     datetime,
-    timezone,
 )
 
 import click
@@ -221,7 +221,7 @@ def get_apps_data(date, month_delta=1, thread_pool_size=10):
     jjb: JJB = init_jjb(secret_reader)
     jenkins_map = jenkins_base.get_jenkins_map()
     time_limit = date - relativedelta(months=month_delta)
-    timestamp_limit = int(time_limit.replace(tzinfo=timezone.utc).timestamp())
+    timestamp_limit = int(time_limit.replace(tzinfo=UTC).timestamp())
 
     secret_content = secret_reader.read_all({"path": DASHDOTDB_SECRET})
     dashdotdb_url = secret_content["url"]

tools/cli_commands/gpg_encrypt.py

@@ -1,11 +1,8 @@
 from __future__ import annotations
 
 import json
+from collections.abc import Mapping
 from dataclasses import dataclass
-from typing import (
-    Mapping,
-    Optional,
-)
 
 from reconcile import queries
 from reconcile.utils import (
@@ -114,7 +111,7 @@ class GPGEncryptCommand:
             f"No argument given which defines how to fetch the secret {self._command_data}"
         )
 
-    def _get_gpg_key(self) -> Optional[str]:
+    def _get_gpg_key(self) -> str | None:
         target_user = self._command_data.target_user
         users = queries.get_users_by(
             refs=False,
@@ -156,7 +153,7 @@ class GPGEncryptCommand:
     def create(
         cls,
         command_data: GPGEncryptCommandData,
-        secret_reader: Optional[SecretReader] = None,
+        secret_reader: SecretReader | None = None,
     ) -> GPGEncryptCommand:
         cls_secret_reader = (
             secret_reader

tools/cli_commands/systems_and_tools.py

@@ -3,7 +3,6 @@
 
 from typing import (
     Any,
-    Optional,
     Self,
 )
 
@@ -145,7 +144,7 @@ class SystemTool(BaseModel):
 
     @classmethod
     def init_from_model(
-        cls, model: Any, enumeration: Any, parent: Optional[str] = None
+        cls, model: Any, enumeration: Any, parent: str | None = None
     ) -> Self:
         match model:
             case GitlabInstanceV1():
@@ -284,7 +283,7 @@ class SystemTool(BaseModel):
         cls,
         c: OpenShiftClusterManagerUpgradePolicyClusterV1,
         enumeration: Any,
-        parent: Optional[str] = None,
+        parent: str | None = None,
     ) -> Self:
         return cls(
             system_type="openshift",
@@ -394,15 +393,13 @@ class SystemToolInventory:
     def __init__(self) -> None:
         self.systems_and_tools: list[SystemTool] = []
 
-    def append(
-        self, model: Any, enumeration: Any, parent: Optional[str] = None
-    ) -> None:
+    def append(self, model: Any, enumeration: Any, parent: str | None = None) -> None:
         self.systems_and_tools.append(
             SystemTool.init_from_model(model, enumeration, parent=parent)
         )
 
     def update(
-        self, models: list[Any], enumeration: Any, parent: Optional[str] = None
+        self, models: list[Any], enumeration: Any, parent: str | None = None
     ) -> None:
         for m in models:
             self.append(m, enumeration, parent=parent)