qontract-reconcile 0.10.1rc879__py3-none-any.whl → 0.10.1rc894__py3-none-any.whl

reconcile/openshift_users.py

@@ -5,10 +5,7 @@ from collections.abc import (
     Iterable,
     Mapping,
 )
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from sretoolbox.utils import threaded
 
@@ -46,13 +43,13 @@ def get_cluster_users(
     users: list[str] = []
 
     # get cluster info for current cluster name from clusters list
-    cluster_info = next((cl for cl in clusters if cl.name == cluster))
+    cluster_info = next(cl for cl in clusters if cl.name == cluster)
 
     # backwarts compatibiltiy for clusters w/o auth
     identity_prefixes = ["github"]
 
     for auth in cluster_info.auth:
-        if isinstance(auth, (ClusterAuthOIDCV1, ClusterAuthRHIDPV1)):
+        if isinstance(auth, ClusterAuthOIDCV1 | ClusterAuthRHIDPV1):
             identity_prefixes.append(auth.name)
 
     for u in oc.get_users():
@@ -72,7 +69,7 @@ def get_cluster_users(
 
 def fetch_current_state(
     thread_pool_size: int,
-    internal: Optional[bool],
+    internal: bool | None,
     use_jump_host: bool,
 ) -> tuple[OCMap, list[Any]]:
     vault_settings = get_app_interface_vault_settings()
@@ -99,7 +96,7 @@ def fetch_current_state(
 
 
 def fetch_desired_state(
-    oc_map: Optional[OCMap], enforced_user_keys: Any = None
+    oc_map: OCMap | None, enforced_user_keys: Any = None
 ) -> list[Any]:
     desired_state = []
 
@@ -163,16 +160,16 @@ def act(diff: Mapping[str, Any], oc_map: OCMap) -> None:
             raise Exception("No proper Openshift Client for del_user operation")
         oc.delete_user(user)
     else:
-        raise Exception("invalid action: {}".format(action))
+        raise Exception(f"invalid action: {action}")
 
 
 @defer
 def run(
     dry_run: bool,
     thread_pool_size: int = 10,
-    internal: Optional[bool] = None,
+    internal: bool | None = None,
     use_jump_host: bool = True,
-    defer: Optional[Callable] = None,
+    defer: Callable | None = None,
 ) -> None:
     oc_map, current_state = fetch_current_state(
         thread_pool_size, internal, use_jump_host

reconcile/oum/base.py

@@ -4,7 +4,6 @@ from abc import (
     abstractmethod,
 )
 from collections import defaultdict
-from typing import Optional
 
 from reconcile.gql_definitions.common.ocm_environments import (
     query as ocm_environment_query,
@@ -56,8 +55,8 @@ from reconcile.utils.runtime.integration import (
 
 
 class OCMUserManagementIntegrationParams(PydanticRunParams):
-    ocm_environment: Optional[str] = None
-    ocm_organization_ids: Optional[set[str]] = None
+    ocm_environment: str | None = None
+    ocm_organization_ids: set[str] | None = None
     group_provider_specs: list[str]
 
 
@@ -88,7 +87,7 @@ class OCMUserManagementIntegration(
 
     @abstractmethod
     def get_user_mgmt_config_for_ocm_env(
-        self, ocm_env: OCMEnvironment, org_ids: Optional[set[str]]
+        self, ocm_env: OCMEnvironment, org_ids: set[str] | None
     ) -> dict[str, OrganizationUserManagementConfiguration]:
         """
         Discover cluster user mgmt configurations in the given OCM environment.

reconcile/oum/labelset.py

@@ -1,5 +1,4 @@
 from collections import defaultdict
-from typing import Optional
 
 from pydantic import BaseModel
 
@@ -23,7 +22,7 @@ class _GroupMappingLabelset(BaseModel):
     the sre-capabilities.user-mgmt.$provider prefix.
     """
 
-    authz_roles: Optional[dict[str, CSV]] = sre_capability_labels.labelset_groupfield(
+    authz_roles: dict[str, CSV] | None = sre_capability_labels.labelset_groupfield(
         group_prefix="authz."
     )
 

reconcile/oum/metrics.py

@@ -1,4 +1,4 @@
-from enum import Enum
+from enum import StrEnum
 
 from pydantic import BaseModel
 
@@ -56,7 +56,7 @@ class OCMUserManagementOrganizationActionCounter(
 ):
     "Counter for the number of actions taken for an OCM organization"
 
-    class Action(str, Enum):
+    class Action(StrEnum):
         AddUser = "add-user"
         RemoveUser = "remove-user"
 

reconcile/oum/models.py

@@ -1,5 +1,4 @@
 from collections import defaultdict
-from typing import Optional
 
 from pydantic import (
     BaseModel,
@@ -64,7 +63,7 @@ class ClusterRoleReconcileResult(BaseModel):
 
     users_added: int = 0
     users_removed: int = 0
-    error: Optional[Exception] = None
+    error: Exception | None = None
 
     class Config:
         arbitrary_types_allowed = True

reconcile/oum/standalone.py

@@ -1,7 +1,6 @@
 import logging
 from collections import defaultdict
 from datetime import timedelta
-from typing import Optional
 
 from reconcile.gql_definitions.fragments.ocm_environment import OCMEnvironment
 from reconcile.oum.base import OCMUserManagementIntegration
@@ -36,7 +35,7 @@ class OCMStandaloneUserManagementIntegration(OCMUserManagementIntegration):
         return "ocm-standalone-user-management"
 
     def get_user_mgmt_config_for_ocm_env(
-        self, ocm_env: OCMEnvironment, org_ids: Optional[set[str]]
+        self, ocm_env: OCMEnvironment, org_ids: set[str] | None
     ) -> dict[str, OrganizationUserManagementConfiguration]:
         ocm_api = init_ocm_base_client(ocm_env, self.secret_reader)
         clusters_by_org = discover_clusters(
@@ -139,7 +138,7 @@ def user_mgmt_label_key(config_atom: str) -> str:
 
 def discover_clusters(
     ocm_api: OCMBaseClient,
-    org_ids: Optional[set[str]] = None,
+    org_ids: set[str] | None = None,
 ) -> dict[str, list[ClusterDetails]]:
     """
     Discover all clusters with user management enabled on their subscription

reconcile/prometheus_rules_tester/integration.py

@@ -6,10 +6,7 @@ from collections.abc import (
     Iterable,
     Mapping,
 )
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 import yaml
 from deepdiff import DeepHash
@@ -58,8 +55,8 @@ class Test(BaseModel):
     rule_path: str
     rule: dict
     rule_length: int
-    tests: Optional[list[TestContent]]
-    result: Optional[CommandExecutionResult] = None
+    tests: list[TestContent] | None
+    result: CommandExecutionResult | None = None
 
 
 class RuleToFetch(BaseModel):
@@ -122,7 +119,7 @@ def fetch_rule_and_tests(
 def get_rules_and_tests(
     vault_settings: AppInterfaceSettingsV1,
     thread_pool_size: int,
-    cluster_names: Optional[Iterable[str]] = None,
+    cluster_names: Iterable[str] | None = None,
 ) -> list[Test]:
     """Iterates through all namespaces and returns a list of tests to run"""
     namespace_with_prom_rules, _ = orb.get_namespaces(
@@ -225,7 +222,7 @@ def check_rules_and_tests(
     vault_settings: AppInterfaceSettingsV1,
     alerting_services: Iterable[str],
     thread_pool_size: int,
-    cluster_names: Optional[Iterable[str]] = None,
+    cluster_names: Iterable[str] | None = None,
 ) -> list[Test]:
     """Fetch rules and associated tests, run checks on rules and tests if they exist
     and return a list of failed checks/tests"""
@@ -247,7 +244,7 @@ def check_rules_and_tests(
 
 
 def run(
-    dry_run: bool, thread_pool_size: int, cluster_names: Optional[Iterable[str]] = None
+    dry_run: bool, thread_pool_size: int, cluster_names: Iterable[str] | None = None
 ) -> None:
     """Check prometheus rules syntax and run the tests associated to them"""
     orb.QONTRACT_INTEGRATION = QONTRACT_INTEGRATION

reconcile/quay_membership.py

@@ -1,7 +1,6 @@
 import logging
 import sys
 from collections.abc import Sequence
-from typing import Union
 
 from reconcile.gql_definitions.quay_membership import quay_membership
 from reconcile.gql_definitions.quay_membership.quay_membership import (
@@ -81,7 +80,7 @@ def fetch_current_state(quay_api_store):
     return state
 
 
-def get_usernames(users: Sequence[Union[UserV1, BotV1]]) -> list[str]:
+def get_usernames(users: Sequence[UserV1 | BotV1]) -> list[str]:
     return [u.quay_username for u in users if u.quay_username]
 
 

reconcile/quay_mirror.py

@@ -11,7 +11,6 @@ from collections import (
 from collections.abc import Iterable
 from typing import (
     Any,
-    Optional,
     Self,
 )
 
@@ -67,11 +66,11 @@ class QuayMirror:
     def __init__(
         self,
         dry_run: bool = False,
-        control_file_dir: Optional[str] = None,
-        compare_tags: Optional[bool] = None,
+        control_file_dir: str | None = None,
+        compare_tags: bool | None = None,
         compare_tags_interval: int = 86400,
-        repository_urls: Optional[Iterable[str]] = None,
-        exclude_repository_urls: Optional[Iterable[str]] = None,
+        repository_urls: Iterable[str] | None = None,
+        exclude_repository_urls: Iterable[str] | None = None,
     ) -> None:
         self.dry_run = dry_run
         self.gqlapi = gql.get_api()
@@ -113,7 +112,7 @@ class QuayMirror:
                 tempfile.gettempdir(), CONTROL_FILE_NAME
             )
 
-        self._has_enough_time_passed_since_last_compare_tags: Optional[bool] = None
+        self._has_enough_time_passed_since_last_compare_tags: bool | None = None
         self.session = requests.Session()
 
     def __enter__(self) -> Self:
@@ -142,8 +141,8 @@ class QuayMirror:
     @classmethod
     def process_repos_query(
         cls,
-        repository_urls: Optional[Iterable[str]] = None,
-        exclude_repository_urls: Optional[Iterable[str]] = None,
+        repository_urls: Iterable[str] | None = None,
+        exclude_repository_urls: Iterable[str] | None = None,
         session: requests.Session | None = None,
         timeout: int = REQUEST_TIMEOUT,
     ) -> defaultdict[OrgKey, list[dict[str, Any]]]:
@@ -370,7 +369,7 @@ class QuayMirror:
     @staticmethod
     def check_compare_tags_elapsed_time(path, interval) -> bool:
         try:
-            with open(path, "r", encoding="locale") as file_obj:
+            with open(path, encoding="locale") as file_obj:
                 last_compare_tags = float(file_obj.read())
         except FileNotFoundError:
             return True
@@ -406,11 +405,11 @@ class QuayMirror:
 
 def run(
     dry_run,
-    control_file_dir: Optional[str],
-    compare_tags: Optional[bool],
+    control_file_dir: str | None,
+    compare_tags: bool | None,
     compare_tags_interval: int,
-    repository_urls: Optional[Iterable[str]],
-    exclude_repository_urls: Optional[Iterable[str]],
+    repository_urls: Iterable[str] | None,
+    exclude_repository_urls: Iterable[str] | None,
 ):
     with QuayMirror(
         dry_run,

reconcile/quay_mirror_org.py

@@ -3,7 +3,7 @@ import os
 import tempfile
 from collections import defaultdict
 from collections.abc import Iterable
-from typing import Any, Optional, Self
+from typing import Any, Self
 
 import requests
 from sretoolbox.container import (
@@ -30,11 +30,11 @@ class QuayMirrorOrg:
     def __init__(
         self,
         dry_run: bool = False,
-        control_file_dir: Optional[str] = None,
-        compare_tags: Optional[bool] = None,
+        control_file_dir: str | None = None,
+        compare_tags: bool | None = None,
         compare_tags_interval: int = 28800,  # 8 hours
-        orgs: Optional[Iterable[str]] = None,
-        repositories: Optional[Iterable[str]] = None,
+        orgs: Iterable[str] | None = None,
+        repositories: Iterable[str] | None = None,
     ) -> None:
         self.dry_run = dry_run
         self.skopeo_cli = Skopeo(dry_run)
@@ -56,7 +56,7 @@ class QuayMirrorOrg:
                 tempfile.gettempdir(), CONTROL_FILE_NAME
             )
 
-        self._has_enough_time_passed_since_last_compare_tags: Optional[bool] = None
+        self._has_enough_time_passed_since_last_compare_tags: bool | None = None
         self.session = requests.Session()
 
     def __enter__(self) -> Self:
@@ -290,11 +290,11 @@ class QuayMirrorOrg:
 
 def run(
     dry_run,
-    control_file_dir: Optional[str],
-    compare_tags: Optional[bool],
+    control_file_dir: str | None,
+    compare_tags: bool | None,
     compare_tags_interval: int,
-    orgs: Optional[Iterable[str]],
-    repositories: Optional[Iterable[str]],
+    orgs: Iterable[str] | None,
+    repositories: Iterable[str] | None,
 ):
     with QuayMirrorOrg(
         dry_run,

reconcile/queries.py

@@ -5,10 +5,7 @@ import shlex
 from collections.abc import Mapping
 from dataclasses import dataclass
 from textwrap import indent
-from typing import (
-    Any,
-    Optional,
-)
+from typing import Any
 
 from jinja2 import Template
 
@@ -25,7 +22,7 @@ SECRET_READER_SETTINGS = """
 """
 
 
-def get_secret_reader_settings() -> Optional[Mapping[str, Any]]:
+def get_secret_reader_settings() -> Mapping[str, Any] | None:
     """Returns SecretReader settings"""
     gqlapi = gql.get_api()
     settings = gqlapi.query(SECRET_READER_SETTINGS)["settings"]
@@ -598,7 +595,7 @@ def get_queue_aws_accounts():
     return get_aws_accounts(uid=uid)
 
 
-def get_jumphosts(hostname: Optional[str] = None) -> JumphostsQueryData:
+def get_jumphosts(hostname: str | None = None) -> JumphostsQueryData:
     """Returns all jumphosts"""
     variables = {}
     # The dictionary must be empty if no hostname is set.
@@ -2289,7 +2286,7 @@ JIRA_BOARDS_QUERY = """
 """
 
 
-def get_jira_boards(with_slack: Optional[bool] = True):
+def get_jira_boards(with_slack: bool | None = True):
     """Returns Jira boards resources defined in app-interface"""
     gqlapi = gql.get_api()
     query = Template(JIRA_BOARDS_QUERY).render(with_slack=with_slack)

reconcile/resource_scraper.py

@@ -1,7 +1,6 @@
 import logging
 import sys
 from typing import (
-    Optional,
     cast,
 )
 
@@ -23,9 +22,9 @@ QONTRACT_INTEGRATION = "resource-scraper"
 
 def run(
     dry_run: bool,
-    namespace_name: Optional[str],
-    resource_kind: Optional[str],
-    vault_output_path: Optional[str],
+    namespace_name: str | None,
+    resource_kind: str | None,
+    vault_output_path: str | None,
 ) -> None:
     """Get resources from clusters and store in Vault."""
     if not namespace_name:

reconcile/rhidp/common.py

@@ -3,7 +3,7 @@ from collections.abc import (
     Iterable,
     MutableMapping,
 )
-from enum import Enum
+from enum import StrEnum
 from typing import Any
 from urllib.parse import urlparse
 
@@ -44,7 +44,7 @@ ISSUER_LABEL_KEY = sre_capability_label_key("rhidp", "issuer")
 AUTH_NAME_LABEL_KEY = sre_capability_label_key("rhidp", "name")
 
 
-class StatusValue(str, Enum):
+class StatusValue(StrEnum):
     # rhidp and oidc are enabled
     ENABLED = "enabled"
     # rhidp and oidc are disabled

reconcile/saas_auto_promotions_manager/integration.py

@@ -1,5 +1,4 @@
 from collections.abc import Callable
-from typing import Optional
 
 from sretoolbox.utils import threaded
 
@@ -95,8 +94,8 @@ class SaasAutoPromotionsManager:
 
 def init_external_dependencies(
     dry_run: bool,
-    env_name: Optional[str] = None,
-    app_name: Optional[str] = None,
+    env_name: str | None = None,
+    app_name: str | None = None,
 ) -> tuple[
     PromotionState,
     VCS,
@@ -169,9 +168,9 @@ def init_external_dependencies(
 def run(
     dry_run: bool,
     thread_pool_size: int,
-    env_name: Optional[str] = None,
-    app_name: Optional[str] = None,
-    defer: Optional[Callable] = None,
+    env_name: str | None = None,
+    app_name: str | None = None,
+    defer: Callable | None = None,
 ) -> None:
     (
         deployment_state,

reconcile/saas_auto_promotions_manager/merge_request_manager/batcher.py

@@ -1,7 +1,6 @@
 from collections.abc import Iterable
 from dataclasses import dataclass
 from enum import Enum
-from typing import Optional
 
 from reconcile.saas_auto_promotions_manager.merge_request_manager.open_merge_requests import (
     OpenBatcherMergeRequest,
@@ -145,7 +144,7 @@ class Batcher:
         if not unsubmitted_promotions:
             return
 
-        batch_with_capacity: Optional[OpenBatcherMergeRequest] = None
+        batch_with_capacity: OpenBatcherMergeRequest | None = None
         for mr in self._open_mrs:
             if mr.is_batchable and len(mr.content_hashes) < batch_limit:
                 batch_with_capacity = mr

reconcile/saas_auto_promotions_manager/publisher.py

@@ -1,6 +1,5 @@
 from dataclasses import dataclass
 from datetime import datetime
-from typing import Optional
 
 from reconcile.utils.promotion_state import PromotionState
 from reconcile.utils.secret_reader import HasSecret
@@ -18,7 +17,7 @@ class DeploymentInfo:
     success: bool
     saas_file: str
     target_config_hash: str
-    check_in: Optional[datetime]
+    check_in: datetime | None
 
 
 class Publisher:
@@ -37,10 +36,10 @@ class Publisher:
         app_name: str,
         namespace_name: str,
         resource_template_name: str,
-        target_name: Optional[str],
+        target_name: str | None,
         cluster_name: str,
-        auth_code: Optional[HasSecret],
-        publish_job_logs: Optional[bool],
+        auth_code: HasSecret | None,
+        publish_job_logs: bool | None,
         has_subscriber: bool = True,
     ):
         self._ref = ref
@@ -48,7 +47,7 @@ class Publisher:
         self._auth_code = auth_code
         self.channels: set[str] = set()
         self.commit_sha: str = ""
-        self.deployment_info_by_channel: dict[str, Optional[DeploymentInfo]] = {}
+        self.deployment_info_by_channel: dict[str, DeploymentInfo | None] = {}
         self.uid = uid
         self.saas_name = saas_name
         self.saas_file_path = saas_file_path

reconcile/saas_auto_promotions_manager/subscriber.py

@@ -2,8 +2,7 @@ import hashlib
 import logging
 from collections.abc import Iterable
 from dataclasses import dataclass
-from datetime import datetime, timedelta, timezone
-from typing import Optional
+from datetime import UTC, datetime, timedelta
 
 from reconcile.gql_definitions.fragments.saas_target_namespace import (
     SaasTargetNamespace,
@@ -45,6 +44,7 @@ class Subscriber:
         use_target_config_hash: bool,
         uid: str,
         soak_days: int,
+        blocked_versions: set[str],
     ):
         self.saas_name = saas_name
         self.template_name = template_name
@@ -59,6 +59,7 @@ class Subscriber:
         self.soak_days = soak_days
         self._content_hash = ""
         self._use_target_config_hash = use_target_config_hash
+        self._blocked_versions = blocked_versions
 
     def has_diff(self) -> bool:
         current_hashes = {
@@ -80,7 +81,7 @@ class Subscriber:
 
     def _validate_deployment(
         self, publisher: Publisher, channel: Channel
-    ) -> Optional[DeploymentInfo]:
+    ) -> DeploymentInfo | None:
         deployment_info = publisher.deployment_info_by_channel.get(channel.name)
         if not deployment_info:
             logging.info(
@@ -103,7 +104,7 @@ class Subscriber:
         We accumulate the time a ref is running on all publishers for this subscriber.
         We compare that accumulated time with the soak_days setting of the subscriber.
         """
-        now = datetime.now(timezone.utc)
+        now = datetime.now(UTC)
         delta = timedelta(days=0)
         for channel in self.channels:
             for publisher in channel.publishers:
@@ -142,22 +143,42 @@ class Subscriber:
                     break
                 publisher_refs.add(publisher.commit_sha)
 
-        if len(publisher_refs) > 1:
+        # By default we keep current state
+        self.desired_ref = self.ref
+
+        if any_bad_deployment:
+            logging.info(
+                "Subscriber at path %s promotion stopped because of bad publisher deployment",
+                self.target_file_path,
+            )
+            return
+
+        if len(publisher_refs) != 1:
             logging.info(
                 "Publishers for subscriber at path %s have mismatching refs: %s",
                 self.target_file_path,
                 publisher_refs,
             )
-        if (
-            len(publisher_refs) != 1
-            or any_bad_deployment
-            or not self._passed_accumulated_soak_days()
-        ):
-            # We keep current state
-            self.desired_ref = self.ref
-        else:
-            # We have a common single publisher ref w/o any deployment issues
-            self.desired_ref = next(iter(publisher_refs))
+            return
+
+        if not self._passed_accumulated_soak_days():
+            logging.debug(
+                "Subscriber at path %s promotion stopped because of soak days",
+                self.target_file_path,
+            )
+            return
+
+        desired_ref = next(iter(publisher_refs))
+        if desired_ref in self._blocked_versions:
+            logging.info(
+                "Subscriber at path %s promotion stopped because of blocked ref: %s",
+                self.target_file_path,
+                desired_ref,
+            )
+            return
+
+        # Passed all gates -> lets promote desired ref
+        self.desired_ref = desired_ref
 
     def _compute_desired_config_hashes(self) -> None:
         """

reconcile/saas_auto_promotions_manager/utils/saas_files_inventory.py

@@ -86,6 +86,10 @@ class SaasFilesInventory:
 
     def _assemble_subscribers_with_auto_promotions(self) -> None:
         for saas_file in self._saas_files:
+            blocked_versions: dict[str, set[str]] = {}
+            for code_component in saas_file.app.code_components or []:
+                for version in code_component.blocked_versions or []:
+                    blocked_versions.setdefault(code_component.url, set()).add(version)
             for resource_template in saas_file.resource_templates:
                 for target in resource_template.targets:
                     file_path = target.path if target.path else saas_file.path
@@ -98,6 +102,7 @@ class SaasFilesInventory:
                     soak_days = (
                         target.promotion.soak_days if target.promotion.soak_days else 0
                     )
+                    resource_template.url
                     subscriber = Subscriber(
                         uid=target.uid(
                             parent_saas_file_name=saas_file.name,
@@ -109,6 +114,9 @@ class SaasFilesInventory:
                         ref=target.ref,
                         target_namespace=target.namespace,
                         soak_days=soak_days,
+                        blocked_versions=blocked_versions.get(
+                            resource_template.url, set()
+                        ),
                         # Note: this will be refactored at a later point.
                         # https://issues.redhat.com/browse/APPSRE-7516
                         use_target_config_hash=bool(saas_file.publish_job_logs),

reconcile/saas_file_validator.py

@@ -1,9 +1,6 @@
 import logging
 import sys
-from typing import (
-    Callable,
-    Optional,
-)
+from collections.abc import Callable
 
 from reconcile.jenkins_job_builder import init_jjb
 from reconcile.status import ExitCodes
@@ -26,7 +23,7 @@ QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
 
 
 @defer
-def run(dry_run: bool, defer: Optional[Callable] = None) -> None:
+def run(dry_run: bool, defer: Callable | None = None) -> None:
     vault_settings = get_app_interface_vault_settings()
     saasherder_settings = get_saasherder_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)