qontract-reconcile 0.10.1rc879__py3-none-any.whl → 0.10.1rc894__py3-none-any.whl

reconcile/acs_rbac.py

@@ -2,7 +2,6 @@ import logging
 from collections import defaultdict
 from collections.abc import Callable
 from typing import (
-    Optional,
     Self,
 )
 
@@ -64,7 +63,7 @@ class AcsRole(BaseModel):
     assignments: list[AssignmentPair]
     permission_set_name: str
     access_scope: AcsAccessScope
-    system_default: Optional[bool]
+    system_default: bool | None
 
     @classmethod
     def build(cls, permission: Permission, usernames: list[str]) -> Self:

reconcile/aus/advanced_upgrade_service.py

@@ -197,7 +197,7 @@ class AdvancedUpgradeServiceIntegration(OCMClusterUpgradeSchedulerOrgIntegration
 
 def discover_clusters(
     ocm_api: OCMBaseClient,
-    org_ids: Optional[set[str]] = None,
+    org_ids: set[str] | None = None,
     ignore_sts_clusters: bool = False,
 ) -> dict[str, list[ClusterDetails]]:
     """
@@ -222,7 +222,7 @@ def discover_clusters(
 
 
 def _get_org_labels(
-    ocm_api: OCMBaseClient, org_ids: Optional[set[str]]
+    ocm_api: OCMBaseClient, org_ids: set[str] | None
 ) -> dict[str, LabelContainer]:
     """
     Fetch all AUS OCM org labels from organizations. They hold config
@@ -263,7 +263,7 @@ def _build_org_upgrade_specs_for_ocm_env(
     }
 
 
-def aus_label_key(config_atom: Optional[str] = None) -> str:
+def aus_label_key(config_atom: str | None = None) -> str:
     """
     Generates label keys for aus, compliant with the naming schema defined in
     https://service.pages.redhat.com/dev-guidelines/docs/sre-capabilities/framework/ocm-labels/
@@ -276,7 +276,7 @@ class OrganizationLabelSet(BaseModel):
     Parses, represents and validates a set of organization labels for AUS.
     """
 
-    blocked_versions: Optional[CSV] = Field(alias=aus_label_key("blocked-versions"))
+    blocked_versions: CSV | None = Field(alias=aus_label_key("blocked-versions"))
 
     sector_deps: dict[str, CSV] = labelset_groupfield(
         group_prefix=aus_label_key("sector-deps.")
@@ -395,10 +395,10 @@ class ClusterUpgradePolicyLabelSet(BaseModel):
     soak_days: int = Field(alias=aus_label_key("soak-days"), ge=0)
     workloads: CSV = Field(alias=aus_label_key("workloads"), csv_min_items=1)
     schedule: str = Field(alias=aus_label_key("schedule"))
-    mutexes: Optional[CSV] = Field(alias=aus_label_key("mutexes"))
-    sector: Optional[str] = Field(alias=aus_label_key("sector"))
-    blocked_versions: Optional[CSV] = Field(alias=aus_label_key("blocked-versions"))
-    version_gate_approvals: Optional[CSV] = Field(
+    mutexes: CSV | None = Field(alias=aus_label_key("mutexes"))
+    sector: str | None = Field(alias=aus_label_key("sector"))
+    blocked_versions: CSV | None = Field(alias=aus_label_key("blocked-versions"))
+    version_gate_approvals: CSV | None = Field(
         alias=aus_label_key("version-gate-approvals")
     )
     _schedule_validator = validator("schedule", allow_reuse=True)(cron_validator)
@@ -422,10 +422,10 @@ def build_cluster_upgrade_policy_label_set(
     workloads: list[str],
     schedule: str,
     soak_days: int,
-    mutexes: Optional[list[str]] = None,
-    sector: Optional[str] = None,
-    blocked_versions: Optional[list[str]] = None,
-    version_gate_approvals: Optional[list[str]] = None,
+    mutexes: list[str] | None = None,
+    sector: str | None = None,
+    blocked_versions: list[str] | None = None,
+    version_gate_approvals: list[str] | None = None,
 ) -> ClusterUpgradePolicyLabelSet:
     return ClusterUpgradePolicyLabelSet(**{
         aus_label_key("workloads"): ",".join(workloads),
@@ -463,7 +463,7 @@ def _build_policy_from_labels(labels: LabelContainer) -> ClusterUpgradePolicyV1:
 
 
 class VersionDataInheritanceLabelSet(BaseModel):
-    inherit_version_data: Optional[CSV] = Field(
+    inherit_version_data: CSV | None = Field(
         alias=aus_label_key("version-data.inherit")
     )
     """
@@ -472,7 +472,7 @@ class VersionDataInheritanceLabelSet(BaseModel):
     Version data publishing/inheritance can also be defined between OCM environments.
     """
 
-    publish_version_data: Optional[CSV] = Field(
+    publish_version_data: CSV | None = Field(
         alias=aus_label_key("version-data.publish")
     )
     """

reconcile/aus/aus_label_source.py

@@ -1,5 +1,4 @@
-from collections.abc import Iterable
-from typing import Callable
+from collections.abc import Callable, Iterable
 
 from reconcile.aus.advanced_upgrade_service import (
     aus_label_key,

reconcile/aus/base.py

@@ -5,16 +5,13 @@ from abc import (
     ABC,
     abstractmethod,
 )
+from collections.abc import Callable, Sequence
 from datetime import (
     datetime,
     timedelta,
-    timezone,
 )
 from typing import (
-    Callable,
-    Optional,
     Protocol,
-    Sequence,
     cast,
 )
 
@@ -112,9 +109,9 @@ MIN_DELTA_MINUTES = 6
 
 
 class AdvancedUpgradeSchedulerBaseIntegrationParams(PydanticRunParams):
-    ocm_environment: Optional[str] = None
-    ocm_organization_ids: Optional[set[str]] = None
-    excluded_ocm_organization_ids: Optional[set[str]] = None
+    ocm_environment: str | None = None
+    ocm_organization_ids: set[str] | None = None
+    excluded_ocm_organization_ids: set[str] | None = None
     ignore_sts_clusters: bool = False
 
 
@@ -342,7 +339,7 @@ class AdvancedUpgradeSchedulerBaseIntegration(
     def _build_telemeter_health_check_provider_for_env(
         self,
         ocm_env_name: str,
-    ) -> Optional[TelemeterClusterHealthProvider]:
+    ) -> TelemeterClusterHealthProvider | None:
         ocm_env = next(
             iter(
                 ocm_env_telemeter_query(
@@ -403,12 +400,12 @@ class AbstractUpgradePolicy(ABC, BaseModel):
 
     cluster: OCMCluster
 
-    id: Optional[str]
-    next_run: Optional[str]
-    schedule: Optional[str]
+    id: str | None
+    next_run: str | None
+    schedule: str | None
     schedule_type: str
     version: str
-    state: Optional[str]
+    state: str | None
 
     @abstractmethod
     def create(self, ocm_api: OCMBaseClient) -> None:
@@ -424,7 +421,7 @@ class AbstractUpgradePolicy(ABC, BaseModel):
 
 
 def addon_upgrade_policy_soonest_next_run() -> str:
-    now = datetime.now(tz=timezone.utc)
+    now = datetime.now(tz=dt.UTC)
     next_run = now + timedelta(minutes=MIN_DELTA_MINUTES)
     return next_run.strftime("%Y-%m-%dT%H:%M:%SZ")
 
@@ -683,7 +680,7 @@ def update_history(
     version_data.check_in = now
 
 
-def version_data_state_key(ocm_env: str, org_id: str, addon_id: Optional[str]) -> str:
+def version_data_state_key(ocm_env: str, org_id: str, addon_id: str | None) -> str:
     return f"{ocm_env}/{org_id}/{addon_id}" if addon_id else f"{ocm_env}/{org_id}"
 
 
@@ -694,7 +691,7 @@ def get_version_data_map(
     integration: str,
     addon_id: str = "",
     inherit_version_data: bool = True,
-    defer: Optional[Callable] = None,
+    defer: Callable | None = None,
 ) -> VersionDataMap:
     """Get a summary of versions history per OCM instance
 
@@ -788,7 +785,7 @@ def version_conditions_met(
     version: str,
     version_data: VersionData,
     upgrade_policy: ClusterUpgradePolicyV1,
-    sector: Optional[Sector],
+    sector: Sector | None,
 ) -> bool:
     """Check that upgrade conditions are met for a version
 
@@ -887,8 +884,8 @@ def gates_to_agree(
 def upgradeable_version(
     spec: ClusterUpgradeSpec,
     version_data: VersionData,
-    sector: Optional[Sector],
-) -> Optional[str]:
+    sector: Sector | None,
+) -> str | None:
     """Get the highest next version we can upgrade to, fulfilling all conditions"""
     for version in reversed(sort_versions(spec.get_available_upgrades())):
         if spec.version_blocked(version):
@@ -908,7 +905,7 @@ def verify_current_should_skip(
     desired: ClusterUpgradeSpec,
     now: datetime,
     addon_id: str = "",
-) -> tuple[bool, Optional[UpgradePolicyHandler]]:
+) -> tuple[bool, UpgradePolicyHandler | None]:
     current_policies = [c for c in current_state if c.cluster.id == desired.cluster.id]
     if not current_policies:
         return False, None
@@ -944,7 +941,7 @@ def verify_schedule_should_skip(
     desired: ClusterUpgradeSpec,
     now: datetime,
     addon_id: str = "",
-) -> Optional[str]:
+) -> str | None:
     schedule = desired.upgrade_policy.schedule
     iter = croniter(schedule)
     # ClusterService refuses scheduling upgrades less than 5m in advance
@@ -1006,7 +1003,7 @@ def _create_upgrade_policy(
 
 def _calculate_node_pool_diffs(
     ocm_api: OCMBaseClient, spec: ClusterUpgradeSpec, now: datetime
-) -> Optional[UpgradePolicyHandler]:
+) -> UpgradePolicyHandler | None:
     node_pools = get_node_pools(ocm_api, spec.cluster.id)
     if node_pools:
         for pool in node_pools:
@@ -1051,7 +1048,7 @@ def calculate_diff(
     """
 
     def set_mutex(
-        locked: dict[str, str], cluster_id: str, mutexes: Optional[set[str]] = None
+        locked: dict[str, str], cluster_id: str, mutexes: set[str] | None = None
     ) -> None:
         for mutex in mutexes or set():
             locked[mutex] = cluster_id
@@ -1174,7 +1171,7 @@ def act(
     dry_run: bool,
     diffs: list[UpgradePolicyHandler],
     ocm_api: OCMBaseClient,
-    addon_id: Optional[str] = None,
+    addon_id: str | None = None,
 ) -> None:
     diffs.sort(key=sort_diffs)
     for diff in diffs:
@@ -1207,8 +1204,8 @@ def get_orgs_for_environment(
     integration: str,
     ocm_env_name: str,
     query_func: Callable,
-    ocm_organization_ids: Optional[set[str]] = None,
-    excluded_ocm_organization_ids: Optional[set[str]] = None,
+    ocm_organization_ids: set[str] | None = None,
+    excluded_ocm_organization_ids: set[str] | None = None,
     only_addon_managed_upgrades: bool = False,
 ) -> list[AUSOCMOrganization]:
     """
@@ -1243,7 +1240,7 @@ def get_orgs_for_environment(
 def remaining_soak_day_metric_values_for_cluster(
     spec: ClusterUpgradeSpec,
     soaked_versions: dict[str, float],
-    current_upgrade: Optional[AbstractUpgradePolicy],
+    current_upgrade: AbstractUpgradePolicy | None,
 ) -> dict[str, float]:
     """
     Calculate what versions and metric values to report for `AUS*VersionRemainingSoakDaysGauge` metrics.

reconcile/aus/cluster_version_data.py

@@ -1,8 +1,8 @@
 import json
+from collections.abc import Iterable
 from datetime import datetime
 from typing import (
     Any,
-    Iterable,
     Optional,
 )
 
@@ -93,9 +93,9 @@ class VersionData(BaseModel):
     upgrade policies.
     """
 
-    check_in: Optional[datetime]
+    check_in: datetime | None
     versions: dict[str, VersionHistory] = Field(default_factory=dict)
-    stats: Optional[Stats]
+    stats: Stats | None
 
     def jsondict(self) -> dict[str, Any]:
         return json.loads(self.json(exclude_none=True))
@@ -104,7 +104,7 @@ class VersionData(BaseModel):
         state.add(ocm_name, self.jsondict(), force=True)
 
     def workload_history(
-        self, version: str, workload: str, default: Optional[WorkloadHistory] = None
+        self, version: str, workload: str, default: WorkloadHistory | None = None
     ) -> WorkloadHistory:
         if not default:
             vh = self.versions.get(version, VersionHistory())

reconcile/aus/models.py

@@ -7,7 +7,6 @@ from collections.abc import (
     Mapping,
     Sequence,
 )
-from typing import Optional
 
 from pydantic import (
     BaseModel,
@@ -108,7 +107,7 @@ class OrganizationUpgradeSpec(BaseModel):
     def __init__(
         self,
         org: AUSOCMOrganization,
-        specs: Optional[Iterable[ClusterUpgradeSpec]] = None,
+        specs: Iterable[ClusterUpgradeSpec] | None = None,
     ) -> None:
         super().__init__(org=org)
 
@@ -200,7 +199,7 @@ class SectorConfigError(Exception):
 
 class Sector(BaseModel):
     name: str
-    dependencies: list["Sector"] = Field(default_factory=list)
+    dependencies: list[Sector] = Field(default_factory=list)
     _specs: dict[str, ClusterUpgradeSpec] = PrivateAttr(default_factory=dict)
 
     def __key(self) -> str:

reconcile/aus/version_gate_approver.py

@@ -1,9 +1,5 @@
 import logging
-from typing import (
-    Callable,
-    Iterable,
-    Optional,
-)
+from collections.abc import Callable, Iterable
 
 from reconcile.aus.advanced_upgrade_service import aus_label_key
 from reconcile.aus.base import gates_to_agree, get_orgs_for_environment
@@ -54,7 +50,7 @@ class VersionGateApproverParams(PydanticRunParams):
     job_controller_namespace: str
     rosa_job_service_account: str
     rosa_role: str
-    rosa_job_image: Optional[str] = None
+    rosa_job_image: str | None = None
 
 
 class VersionGateApprover(QontractReconcileIntegration[VersionGateApproverParams]):

reconcile/aus/version_gates/__init__.py

@@ -1,5 +1,3 @@
-from typing import Type
-
 from reconcile.aus.version_gates import (
     ingress_gate_handler,
     ocp_gate_handler,
@@ -7,7 +5,7 @@ from reconcile.aus.version_gates import (
 )
 from reconcile.aus.version_gates.handler import GateHandler
 
-HANDLERS: dict[str, Type[GateHandler]] = {
+HANDLERS: dict[str, type[GateHandler]] = {
     ocp_gate_handler.GATE_LABEL: ocp_gate_handler.OCPGateHandler,
     sts_version_gate_handler.GATE_LABEL: sts_version_gate_handler.STSGateHandler,
     ingress_gate_handler.GATE_LABEL: ingress_gate_handler.IngressGateHandler,

reconcile/aus/version_gates/sts_version_gate_handler.py

@@ -1,5 +1,4 @@
 import logging
-from typing import Optional
 
 from reconcile.aus.version_gates.handler import GateHandler
 from reconcile.utils.jobcontroller.controller import K8sJobController
@@ -16,8 +15,8 @@ class STSGateHandler(GateHandler):
         self,
         job_controller: K8sJobController,
         aws_iam_role: str,
-        rosa_job_service_account: Optional[str] = None,
-        rosa_job_image: Optional[str] = None,
+        rosa_job_service_account: str | None = None,
+        rosa_job_image: str | None = None,
     ) -> None:
         self.job_controller = job_controller
         self.aws_iam_role = aws_iam_role

reconcile/aws_account_manager/integration.py

@@ -1,5 +1,5 @@
 from collections.abc import Callable, Iterable
-from datetime import datetime, timezone
+from datetime import UTC, datetime
 from typing import Any
 
 import jinja2
@@ -99,7 +99,7 @@ class AwsAccountMgmtIntegration(
             "accountRequest": account_request.dict(by_alias=True),
             "uid": uid,
             "settings": settings,
-            "timestamp": int(datetime.now(tz=timezone.utc).timestamp()),
+            "timestamp": int(datetime.now(tz=UTC).timestamp()),
         })
         return tmpl
 
@@ -114,10 +114,8 @@ class AwsAccountMgmtIntegration(
             for account in data.accounts or []
             if integration_is_enabled(self.name, account)
             and (not account_name or account.name == account_name)
+            and validate(account)
         ]
-        for account in all_aws_accounts:
-            validate(account)
-
         payer_accounts = [
             account
             for account in all_aws_accounts
@@ -219,18 +217,16 @@ class AwsAccountMgmtIntegration(
                 self.reconcile_account(account_role_api, reconciler, account)
 
     def reconcile_account(
-        self,
-        aws_api: AWSApi,
-        reconciler: AWSReconciler,
-        account: AWSAccountManaged,
-        create_initial_user: bool = True,
+        self, aws_api: AWSApi, reconciler: AWSReconciler, account: AWSAccountManaged
     ) -> None:
         """Reconcile an AWS account."""
+        assert account.security_contact  # mypy
         reconciler.reconcile_account(
             aws_api=aws_api,
             name=account.name,
             alias=account.alias,
             quotas=[q for ql in account.quota_limits or [] for q in ql.quotas],
+            security_contact=account.security_contact,
         )
 
     def reconcile_payer_accounts(
@@ -245,8 +241,7 @@ class AwsAccountMgmtIntegration(
         # reconcile accounts within payer accounts, aka organization accounts
         for payer_account in payer_accounts:
             # having a state per flavor and payer account makes it easier in a shared environment
-            reconciler.state.state_path = default_state_path
-            reconciler.state.state_path += f"/{payer_account.name}"
+            reconciler.state.state_path = f"{default_state_path}/{payer_account.name}"
             aws_account_manager_role = (
                 payer_account.automation_role.aws_account_manager
                 if payer_account.automation_role
@@ -290,8 +285,8 @@ class AwsAccountMgmtIntegration(
     ) -> None:
         """Reconcile accounts not part of an organization via a payer account (e.g. payer accounts themselves)"""
         for account in non_organization_accounts:
-            reconciler.state.state_path = default_state_path
-            reconciler.state.state_path += f"/{account.name}"
+            # the state must be account specific
+            reconciler.state.state_path = f"{default_state_path}/{account.name}"
             secret = self.secret_reader.read_all_secret(account.automation_token)
             with AWSApi(
                 AWSStaticCredentials(

reconcile/aws_account_manager/reconciler.py

@@ -25,6 +25,7 @@ TASK_REQUEST_SERVICE_QUOTA = "request-service-quota"
 TASK_CHECK_SERVICE_QUOTA_STATUS = "check-service-quota-status"
 TASK_ENABLE_ENTERPRISE_SUPPORT = "enable-enterprise-support"
 TASK_CHECK_ENTERPRISE_SUPPORT_STATUS = "check-enterprise-support-status"
+TASK_SET_SECURITY_CONTACT = "set-security-contact"
 
 
 class Quota(Protocol):
@@ -35,6 +36,15 @@ class Quota(Protocol):
     def dict(self) -> dict[str, Any]: ...
 
 
+class Contact(Protocol):
+    name: str
+    title: str | None
+    email: str
+    phone_number: str
+
+    def dict(self) -> dict[str, Any]: ...
+
+
 class AWSReconciler:
     def __init__(self, state: State, dry_run: bool) -> None:
         self.state = state
@@ -288,6 +298,33 @@ class AWSReconciler:
             )
             raise AbortStateTransaction("Enterprise support case still open")
 
+    def _set_security_contact(
+        self,
+        aws_api: AWSApi,
+        account: str,
+        name: str,
+        title: str | None,
+        email: str,
+        phone_number: str,
+    ) -> None:
+        """Set the security contact for the account."""
+        title = title or name
+        security_contact = f"{name} {title} {email} {phone_number}"
+        with self.state.transaction(
+            state_key(account, TASK_SET_SECURITY_CONTACT)
+        ) as _state:
+            if _state.exists and _state.value == security_contact:
+                return
+
+            logging.info(f"Setting security contact for {account}")
+            if self.dry_run:
+                raise AbortStateTransaction("Dry run")
+
+            aws_api.account.set_security_contact(
+                name=name, title=title, email=email, phone_number=phone_number
+            )
+            _state.value = security_contact
+
     #
     # Public methods
     #
@@ -345,9 +382,22 @@ class AWSReconciler:
             self._check_enterprise_support_status(aws_api, case_id)
 
     def reconcile_account(
-        self, aws_api: AWSApi, name: str, alias: str | None, quotas: Iterable[Quota]
+        self,
+        aws_api: AWSApi,
+        name: str,
+        alias: str | None,
+        quotas: Iterable[Quota],
+        security_contact: Contact,
     ) -> None:
         """Reconcile/update the AWS account. Return the initial user access key if a new user was created."""
         self._set_account_alias(aws_api, name, alias)
         if request_ids := self._request_quotas(aws_api, name, quotas):
             self._check_quota_change_requests(aws_api, name, request_ids)
+        self._set_security_contact(
+            aws_api,
+            account=name,
+            name=security_contact.name,
+            title=security_contact.title,
+            email=security_contact.email,
+            phone_number=security_contact.phone_number,
+        )

reconcile/aws_account_manager/utils.py

@@ -30,6 +30,9 @@ def validate(account: AWSAccountV1) -> bool:
                 f"Premium support is required for payer account {account.name}"
             )
 
+    # security contact is mandatory for all accounts since June 2024
+    if not account.security_contact:
+        raise ValueError(f"Security contact is required for account {account.name}")
     return True
 
 

reconcile/aws_ami_cleanup/integration.py

@@ -12,7 +12,6 @@ from datetime import (
 from typing import (
     TYPE_CHECKING,
     Any,
-    Optional,
 )
 
 from botocore.exceptions import ClientError
@@ -153,7 +152,7 @@ def get_region(
 
 
 def get_app_interface_amis(
-    namespaces: Optional[list[NamespaceV1]], ts: Terrascript
+    namespaces: list[NamespaceV1] | None, ts: Terrascript
 ) -> list[AIAmi]:
     """Returns all the ami referenced in ASGs in app-interface."""
     app_interface_amis = []
@@ -185,7 +184,7 @@ def get_app_interface_amis(
 
 def check_aws_ami_in_use(
     aws_ami: AWSAmi, app_interface_amis: list[AIAmi]
-) -> Optional[str]:
+) -> str | None:
     """Verifies if the given AWS ami is in use in a defined app-interface ASG."""
     for ai_ami in app_interface_amis:
         # This can happen if the ASG init template has changed over the time. We don't have a way
@@ -203,7 +202,7 @@ def check_aws_ami_in_use(
 
 
 @defer
-def run(dry_run: bool, thread_pool_size: int, defer: Optional[Callable] = None) -> None:
+def run(dry_run: bool, thread_pool_size: int, defer: Callable | None = None) -> None:
     exit_code = ExitCodes.SUCCESS
 
     # We still use here a non-typed query; accounts is passed to AWSApi and Terrascript classes

reconcile/aws_iam_password_reset.py

@@ -4,10 +4,7 @@ from collections.abc import (
     Iterable,
     Mapping,
 )
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from pydantic import BaseModel
 
@@ -21,7 +18,7 @@ QONTRACT_INTEGRATION = "aws-iam-password-reset"
 
 def get_roles(
     roles: Iterable[Mapping[str, Any]], org_username: str
-) -> Optional[Mapping[str, Any]]:
+) -> Mapping[str, Any] | None:
     for d in roles:
         if d["org_username"] == org_username:
             return d

reconcile/aws_version_sync/integration.py

@@ -3,7 +3,7 @@ from collections.abc import (
     Callable,
     Iterable,
 )
-from enum import Enum
+from enum import StrEnum
 from typing import Any
 
 import semver
@@ -69,7 +69,7 @@ class ExternalResourceProvisioner(BaseModel):
     path: str | None = None
 
 
-class VersionFormat(str, Enum):
+class VersionFormat(StrEnum):
     MAJOR = "major"
     MAJOR_MINOR = "major_minor"
     MAJOR_MINOR_PATCH = "major_minor_patch"

reconcile/blackbox_exporter_endpoint_monitoring.py

@@ -1,9 +1,6 @@
 import logging
 import sys
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from reconcile import queries
 from reconcile.closedbox_endpoint_monitoring_base import (
@@ -69,7 +66,7 @@ def get_blackbox_providers() -> list[EndpointMonitoringProvider]:
 
 def build_probe(
     provider: EndpointMonitoringProvider, endpoints: list[Endpoint]
-) -> Optional[OpenshiftResource]:
+) -> OpenshiftResource | None:
     blackbox_exporter = provider.blackboxExporter
     if blackbox_exporter:
         prober_url = parse_prober_url(blackbox_exporter.exporterUrl)

reconcile/change_owners/approver.py

@@ -1,6 +1,5 @@
 from dataclasses import dataclass
 from typing import (
-    Optional,
     Protocol,
 )
 
@@ -17,25 +16,25 @@ class Approver:
     """
 
     org_username: str
-    tag_on_merge_requests: Optional[bool] = False
+    tag_on_merge_requests: bool | None = False
 
 
 class ApproverResolver(Protocol):
-    def lookup_approver_by_path(self, path: str) -> Optional[Approver]: ...
+    def lookup_approver_by_path(self, path: str) -> Approver | None: ...
 
 
 class GqlApproverResolver:
     def __init__(self, gqlapis: list[GqlApi]):
         self.gqlapis = gqlapis
 
-    def lookup_approver_by_path(self, path: str) -> Optional[Approver]:
+    def lookup_approver_by_path(self, path: str) -> Approver | None:
         for gqlapi in self.gqlapis:
             approver = self._lookup_approver_by_path(gqlapi, path)
             if approver:
                 return approver
         return None
 
-    def _lookup_approver_by_path(self, gqlapi: GqlApi, path: str) -> Optional[Approver]:
+    def _lookup_approver_by_path(self, gqlapi: GqlApi, path: str) -> Approver | None:
         approvers = gqlapi.query(
             """
             query Approvers($path: String) {