qontract-reconcile 0.10.1rc976__py3-none-any.whl → 0.10.1rc978__py3-none-any.whl

reconcile/aws_account_manager/integration.py

@@ -252,29 +252,31 @@ class AwsAccountMgmtIntegration(
                 )
 
             secret = self.secret_reader.read_all_secret(payer_account.automation_token)
-            with AWSApi(
-                AWSStaticCredentials(
-                    access_key_id=secret["aws_access_key_id"],
-                    secret_access_key=secret["aws_secret_access_key"],
-                    region=payer_account.resources_default_region,
-                )
-            ) as payer_account_aws_api:
-                with payer_account_aws_api.assume_role(
+            with (
+                AWSApi(
+                    AWSStaticCredentials(
+                        access_key_id=secret["aws_access_key_id"],
+                        secret_access_key=secret["aws_secret_access_key"],
+                        region=payer_account.resources_default_region,
+                    )
+                ) as payer_account_aws_api,
+                payer_account_aws_api.assume_role(
                     account_id=payer_account.uid,
                     role=aws_account_manager_role,
-                ) as acct_manager_role_aws_api:
-                    self.create_accounts(
-                        acct_manager_role_aws_api,
-                        reconciler,
-                        merge_request_manager,
-                        account_template,
-                        payer_account.account_requests or [],
-                    )
-                    self.reconcile_organization_accounts(
-                        acct_manager_role_aws_api,
-                        reconciler,
-                        payer_account.organization_accounts or [],
-                    )
+                ) as acct_manager_role_aws_api,
+            ):
+                self.create_accounts(
+                    acct_manager_role_aws_api,
+                    reconciler,
+                    merge_request_manager,
+                    account_template,
+                    payer_account.account_requests or [],
+                )
+                self.reconcile_organization_accounts(
+                    acct_manager_role_aws_api,
+                    reconciler,
+                    payer_account.organization_accounts or [],
+                )
 
     def reconcile_non_organization_accounts(
         self,

reconcile/aws_account_manager/reconciler.py

@@ -204,7 +204,7 @@ class AWSReconciler:
                 except AWSResourceAlreadyExistsException:
                     raise AbortStateTransaction(
                         f"A quota increase for this {new_quota.service_code}/{new_quota.quota_code} already exists. Try it again later."
-                    )
+                    ) from None
                 ids.append(req.id)
 
             _state.value = {"last_applied_quotas": quotas_dict, "ids": ids}

reconcile/aws_saml_idp/integration.py

@@ -163,11 +163,11 @@ class AwsSamlIdpIntegration(QontractReconcileIntegration[AwsSamlIdpIntegrationPa
         if defer:
             defer(tf.cleanup)
 
-        runner_params: RunnerParams = dict(
-            tf=tf,
-            dry_run=dry_run,
-            enable_deletion=self.params.enable_deletion,
-        )
+        runner_params: RunnerParams = {
+            "tf": tf,
+            "dry_run": dry_run,
+            "enable_deletion": self.params.enable_deletion,
+        }
 
         if self.params.enable_extended_early_exit and get_feature_toggle_state(
             f"{QONTRACT_INTEGRATION}-extended-early-exit", default=True

reconcile/aws_saml_roles/integration.py

@@ -281,11 +281,11 @@ class AwsSamlRolesIntegration(
         if defer:
             defer(tf.cleanup)
 
-        runner_params: RunnerParams = dict(
-            tf=tf,
-            dry_run=dry_run,
-            enable_deletion=self.params.enable_deletion,
-        )
+        runner_params: RunnerParams = {
+            "tf": tf,
+            "dry_run": dry_run,
+            "enable_deletion": self.params.enable_deletion,
+        }
 
         if self.params.enable_extended_early_exit and get_feature_toggle_state(
             f"{QONTRACT_INTEGRATION}-extended-early-exit", default=True

reconcile/aws_version_sync/utils.py

@@ -48,13 +48,13 @@ def get_values(gql_get_resource_func: Callable, path: str) -> dict[str, Any]:
     try:
         raw_values = gql_get_resource_func(path)
     except GqlGetResourceError as e:
-        raise FetchResourceError(str(e))
+        raise FetchResourceError(str(e)) from e
     try:
         values = anymarkup.parse(raw_values["content"], force_types=None)
         values.pop("$schema", None)
-    except anymarkup.AnyMarkupError:
+    except anymarkup.AnyMarkupError as e:
         e_msg = "Could not parse data. Skipping resource: {}"
-        raise FetchResourceError(e_msg.format(path))
+        raise FetchResourceError(e_msg.format(path)) from e
     return values
 
 

reconcile/cli.py

@@ -2710,11 +2710,20 @@ def ocm_upgrade_scheduler_org_updater(ctx, gitlab_project_id):
 @integration.command(
     short_help="Manage Addons Upgrade Policy schedules in OCM organizations."
 )
+@click.option(
+    "--ocm-env",
+    help="The OCM environment the integration should operator on. If none is specified, all environments will be operated on.",
+    required=False,
+    envvar="OCM_ENV",
+)
 @org_id_multiple
 @exclude_org_id
 @click.pass_context
 def ocm_addons_upgrade_scheduler_org(
-    ctx, org_id: Iterable[str], exclude_org_id: Iterable[str]
+    ctx,
+    ocm_env: str,
+    org_id: Iterable[str],
+    exclude_org_id: Iterable[str],
 ) -> None:
     from reconcile.aus.base import AdvancedUpgradeSchedulerBaseIntegrationParams
     from reconcile.aus.ocm_addons_upgrade_scheduler_org import (
@@ -2724,7 +2733,7 @@ def ocm_addons_upgrade_scheduler_org(
     run_class_integration(
         integration=OCMAddonsUpgradeSchedulerOrgIntegration(
             AdvancedUpgradeSchedulerBaseIntegrationParams(
-                ocm_environment="ocm-integration",
+                ocm_environment=ocm_env,
                 ocm_organization_ids=set(org_id),
                 excluded_ocm_organization_ids=set(exclude_org_id),
             )

reconcile/cna/state.py

@@ -36,10 +36,10 @@ class State:
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, State):
             return False
-        if not set(list(self._assets.keys())) == set(list(other._assets.keys())):
+        if not set(self._assets.keys()) == set(other._assets.keys()):
             return False
         for kind in list(self._assets.keys()):
-            if not set(list(self._assets[kind])) == set(list(other._assets[kind])):
+            if not set(self._assets[kind]) == set(other._assets[kind]):
                 return False
             for name, asset in self._assets[kind].items():
                 if asset != other._assets[kind][name]:

reconcile/database_access_manager.py

@@ -406,13 +406,10 @@ class JobStatus(BaseModel):
     conditions: list[JobStatusCondition]
 
     def is_complete(self) -> bool:
-        return True if self.conditions else False
+        return bool(self.conditions)
 
     def has_errors(self) -> bool:
-        for condition in self.conditions:
-            if condition.type == "Failed":
-                return True
-        return False
+        return any(condition.type == "Failed" for condition in self.conditions)
 
 
 def _populate_resources(

reconcile/external_resources/manager.py

@@ -210,10 +210,10 @@ class ExternalResourcesManager:
         """
         need_secret_sync = False
 
-        if state.resource_status not in set([
+        if state.resource_status not in {
             ResourceStatus.DELETE_IN_PROGRESS,
             ResourceStatus.IN_PROGRESS,
-        ]):
+        }:
             return False
 
         logging.info(
@@ -374,5 +374,5 @@ class ExternalResourcesManager:
         for r in triggered:
             self.reconciler.get_resource_reconcile_logs(reconciliation=r)
 
-        if ReconcileStatus.ERROR in [rs for rs in results.values()]:
+        if ReconcileStatus.ERROR in list(results.values()):
             raise Exception("Some Resources have reconciliation errors.")

reconcile/external_resources/model.py

@@ -118,7 +118,7 @@ class ExternalResourcesInventory(MutableMapping):
             return self._inventory[key]
         except KeyError:
             msg = f"Resource spec not found: Provider {provider}, Id: {identifier}"
-            raise FetchResourceError(msg)
+            raise FetchResourceError(msg) from None
 
 
 class Action(StrEnum):

reconcile/external_resources/secrets_sync.py

@@ -52,7 +52,7 @@ class VaultSecret(BaseModel):
 class SecretHelper:
     @staticmethod
     def get_comparable_secret(resource: OpenshiftResource) -> OpenshiftResource:
-        metadata = {k: v for k, v in resource.body["metadata"].items()}
+        metadata = dict(resource.body["metadata"].items())
         metadata["annotations"] = {
             k: v
             for k, v in metadata.get("annotations", {}).items()
@@ -177,7 +177,7 @@ class SecretsReconciler:
         """
         self._populate_secret_data(specs)
 
-        to_sync_specs = [spec for spec in self._specs_with_secret(specs)]
+        to_sync_specs = list(self._specs_with_secret(specs))
         ocmap = self._init_ocmap(to_sync_specs)
 
         for spec in to_sync_specs:

reconcile/external_resources/state.py

@@ -235,7 +235,7 @@ class ExternalResourcesStateDynamoDB:
         return partials
 
     def get_all_resource_keys(self) -> set[ExternalResourceKey]:
-        return {k for k in self.partial_resources.keys()}
+        return set(self.partial_resources)
 
     def get_keys_by_status(
         self, resource_status: ResourceStatus

reconcile/gcr_mirror.py

@@ -124,12 +124,8 @@ class QuayMirror:
     @staticmethod
     def sync_tag(tags, tags_exclude, candidate):
         if tags is not None:
-            for tag in tags:
-                if re.match(tag, candidate):
-                    return True
-            # When tags is defined, we don't look at
-            # tags_exclude
-            return False
+            # When tags is defined, we don't look at tags_exclude
+            return any(re.match(tag, candidate) for tag in tags)
 
         if tags_exclude is not None:
             for tag_exclude in tags_exclude:

reconcile/jira_permissions_validator.py

@@ -277,10 +277,10 @@ def run(
 ) -> None:
     gql_api = gql.get_api()
     boards = get_jira_boards(query_func=gql_api.query)
-    runner_params: RunnerParams = dict(
-        exit_on_permission_errors=exit_on_permission_errors,
-        boards=boards,
-    )
+    runner_params: RunnerParams = {
+        "exit_on_permission_errors": exit_on_permission_errors,
+        "boards": boards,
+    }
     if enable_extended_early_exit and get_feature_toggle_state(
         "jira-permissions-validator-extended-early-exit",
         default=True,

reconcile/ldap_groups/integration.py

@@ -1,3 +1,4 @@
+import contextlib
 import logging
 from collections.abc import (
     Callable,
@@ -142,7 +143,7 @@ class LdapGroupsIntegration(QontractReconcileIntegration[LdapGroupsIntegrationPa
     def get_roles(self, query_func: Callable) -> list[RoleV1]:
         """Return the roles with ldap_group set."""
         data = roles_query(query_func, variables={})
-        roles = [role for role in data.roles or []]
+        roles = list(data.roles or [])
         if duplicates := find_duplicates(
             role.ldap_group.name for role in roles if role.ldap_group
         ):
@@ -224,10 +225,8 @@ class LdapGroupsIntegration(QontractReconcileIntegration[LdapGroupsIntegrationPa
         """Reach out to the internal groups API and fetch all managed groups."""
         groups = []
         for group_name in group_names:
-            try:
+            with contextlib.suppress(NotFound):
                 groups.append(internal_groups_client.group(group_name))
-            except NotFound:
-                pass
         return groups
 
     def reconcile(
@@ -263,10 +262,8 @@ class LdapGroupsIntegration(QontractReconcileIntegration[LdapGroupsIntegrationPa
         for group_to_remove in diff_result.delete.values():
             logging.info(["delete_ldap_group", group_to_remove.name])
             if not dry_run:
-                try:
+                with contextlib.suppress(NotFound):
                     internal_groups_client.delete_group(group_to_remove.name)
-                except NotFound:
-                    pass
                 self._managed_groups.remove(group_to_remove.name)
 
         for diff_pair in diff_result.change.values():

reconcile/ocm_internal_notifications/integration.py

@@ -36,6 +36,7 @@ class OcmInternalNotifications(QontractReconcileIntegration[NoParams]):
         self.slack = slackapi_from_queries(
             integration_name=self.name, init_usergroups=False
         )
+        self.slack_get_user_id_by_name = lru_cache()(self._slack_get_user_id_by_name)
 
     @property
     def name(self) -> str:
@@ -44,8 +45,7 @@ class OcmInternalNotifications(QontractReconcileIntegration[NoParams]):
     def get_environments(self, query_func: Callable) -> list[OCMEnvironment]:
         return ocm_environment_query(query_func).environments
 
-    @lru_cache
-    def slack_get_user_id_by_name(
+    def _slack_get_user_id_by_name(
         self, user_name: str, mail_address: str
     ) -> str | None:
         try:

reconcile/openshift_base.py

@@ -850,7 +850,7 @@ def apply_action(
             resource=resource,
             wait_for_namespace=options.wait_for_namespace,
             recycle_pods=options.recycle_pods,
-            privileged=True if options.privileged else False,
+            privileged=bool(options.privileged),
         )
 
     except StatusCodeError as e:
@@ -884,8 +884,8 @@ def delete_action(
             namespace=namespace,
             resource_type=resource_type,
             name=resource_name,
-            enable_deletion=True if options.enable_deletion else False,
-            privileged=True if options.privileged else False,
+            enable_deletion=bool(options.enable_deletion),
+            privileged=bool(options.privileged),
         )
     except StatusCodeError as e:
         ri.register_error()
@@ -938,9 +938,10 @@ def _realize_resource_data_3way_diff(
         logging.error(msg)
         return actions
 
-    options.enable_deletion = False if ri.has_error_registered() else True
+    # don't delete resources if there are errors
+    options.enable_deletion = not ri.has_error_registered()
     # only allow to override enable_deletion if no errors were found
-    if options.enable_deletion is True and options.override_enable_deletion is False:
+    if options.enable_deletion and options.override_enable_deletion is False:
         options.enable_deletion = False
 
     diff_result = differ.diff_mappings(
@@ -1359,8 +1360,9 @@ def aggregate_shared_resources_typed(
         case HasOpenshiftServiceAccountTokensAndSharedResources():
             shared_type_resources_items = []
             for ost_shared_resources_item in namespace.shared_resources:
-                if shared_type_resources := getattr(
-                    ost_shared_resources_item, "openshift_service_account_tokens"
+                if (
+                    shared_type_resources
+                    := ost_shared_resources_item.openshift_service_account_tokens
                 ):
                     shared_type_resources_items.extend(shared_type_resources)
             if namespace.openshift_service_account_tokens:
@@ -1372,8 +1374,9 @@ def aggregate_shared_resources_typed(
         case HasOpenShiftResourcesAndSharedResources():
             shared_type_resources_items = []
             for or_shared_resources_item in namespace.shared_resources:
-                if shared_type_resources := getattr(
-                    or_shared_resources_item, "openshift_resources"
+                if (
+                    shared_type_resources
+                    := or_shared_resources_item.openshift_resources
                 ):
                     shared_type_resources_items.extend(shared_type_resources)
             if namespace.openshift_resources:
@@ -1405,10 +1408,7 @@ def determine_user_keys_for_access(
         return ["github_username"]
 
     for auth in auth_list:
-        if isinstance(auth, HasService):
-            service = auth.service
-        else:
-            service = auth["service"]
+        service = auth.service if isinstance(auth, HasService) else auth["service"]
         try:
             if AUTH_METHOD_USER_KEY[service] in user_keys:
                 continue
@@ -1416,7 +1416,7 @@ def determine_user_keys_for_access(
         except KeyError:
             raise NotImplementedError(
                 f"[{cluster_name}] auth service not implemented: {service}"
-            )
+            ) from None
     return user_keys
 
 

reconcile/openshift_cluster_bots.py

@@ -208,7 +208,7 @@ def create_cluster_bots(
             mode="w+", encoding="locale", delete=True
         ) as kc:
             kc.write(kubeconfig_content)
-            kc.flush
+            kc.flush()
             logging.info(
                 f"[{cluster.name}] create {config.dedicated_admin_sa} service account"
             )

reconcile/openshift_clusterrolebindings.py

@@ -1,3 +1,4 @@
+import contextlib
 import sys
 
 import reconcile.openshift_base as ob
@@ -118,7 +119,9 @@ def fetch_desired_state(ri, oc_map):
                     oc_resource, resource_name = construct_user_oc_resource(
                         permission["cluster_role"], username
                     )
-                    try:
+                    with contextlib.suppress(ResourceKeyExistsError):
+                        # a user may have a Role assigned to them
+                        # from multiple app-interface roles
                         ri.add_desired(
                             cluster,
                             namespace_cluster_scope,
@@ -126,10 +129,7 @@ def fetch_desired_state(ri, oc_map):
                             resource_name,
                             oc_resource,
                         )
-                    except ResourceKeyExistsError:
-                        # a user may have a Role assigned to them
-                        # from multiple app-interface roles
-                        pass
+
             for sa in service_accounts:
                 if ri is None:
                     continue
@@ -137,7 +137,10 @@ def fetch_desired_state(ri, oc_map):
                 oc_resource, resource_name = construct_sa_oc_resource(
                     permission["cluster_role"], namespace, sa_name
                 )
-                try:
+
+                with contextlib.suppress(ResourceKeyExistsError):
+                    # a ServiceAccount may have a Role assigned to it
+                    # from multiple app-interface roles
                     ri.add_desired(
                         cluster,
                         namespace_cluster_scope,
@@ -145,10 +148,6 @@ def fetch_desired_state(ri, oc_map):
                         resource_name,
                         oc_resource,
                     )
-                except ResourceKeyExistsError:
-                    # a ServiceAccount may have a Role assigned to it
-                    # from multiple app-interface roles
-                    pass
 
     return users_desired_state
 

reconcile/openshift_namespace_labels.py

@@ -164,7 +164,7 @@ class LabelInventory:
             desired = types[DESIRED]
             managed = self.get(cluster, ns, MANAGED, [])
             current = self.get(cluster, ns, CURRENT, {})
-            changed = self.setdefault(cluster, ns, CHANGED, {})
+            changed = self.setdefault(cluster, ns, CHANGED, {})  # noqa: B909
 
             # cleanup managed items
             for k in managed:
@@ -192,7 +192,7 @@ class LabelInventory:
                     changed[k] = v
 
             # remove old labels
-            for k, v in current.items():
+            for k, _ in current.items():
                 if k in managed and k not in desired:
                     changed[k] = None
 

reconcile/openshift_namespaces.py

@@ -127,7 +127,7 @@ def check_results(
     desired_state: Iterable[Mapping[str, str]], results: Iterable[Any]
 ) -> bool:
     err = False
-    for s, e in zip(desired_state, results):
+    for s, e in zip(desired_state, results, strict=False):
         if isinstance(e, Exception):
             err = True
             msg = (

reconcile/openshift_resources_base.py

@@ -287,7 +287,7 @@ def check_alertmanager_config(
             f"error validating alertmanager config in {path}: "
             f"missing key {alertmanager_config_key}"
         )
-        raise FetchResourceError(e_msg)
+        raise FetchResourceError(e_msg) from None
 
     if decode_base64:
         config = base64.b64decode(config).decode("utf-8")
@@ -329,10 +329,10 @@ def fetch_provider_resource(
     except TypeError:
         body_type = type(body).__name__
         e_msg = f"invalid resource type {body_type} found in path: {path}"
-        raise FetchResourceError(e_msg)
+        raise FetchResourceError(e_msg) from None
     except anymarkup.AnyMarkupError:
         e_msg = f"Could not parse data. Skipping resource: {path}"
-        raise FetchResourceError(e_msg)
+        raise FetchResourceError(e_msg) from None
 
     if validate_json:
         files = body["data"]
@@ -341,7 +341,7 @@ def fetch_provider_resource(
                 json.loads(file_content)
             except ValueError:
                 e_msg = f"invalid json in {path} under {file_name}"
-                raise FetchResourceError(e_msg)
+                raise FetchResourceError(e_msg) from None
 
     if validate_alertmanager_config:
         if body["kind"] == "Secret":
@@ -383,7 +383,7 @@ def fetch_provider_resource(
             body, QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION, error_details=path
         )
     except ConstructResourceError as e:
-        raise FetchResourceError(str(e))
+        raise FetchResourceError(str(e)) from None
 
 
 def fetch_provider_vault_secret(
@@ -430,7 +430,7 @@ def fetch_provider_vault_secret(
     try:
         return OR(body, integration, integration_version, error_details=path)
     except ConstructResourceError as e:
-        raise FetchResourceError(str(e))
+        raise FetchResourceError(str(e)) from None
 
 
 # check to ensure that all of the keys are valid by looking to see if there are
@@ -554,7 +554,7 @@ def fetch_openshift_resource(
             )
         except Exception as e:
             msg = f"could not render template at path {path}\n{e}"
-            raise ResourceTemplateRenderError(msg)
+            raise ResourceTemplateRenderError(msg) from None
     elif provider == "vault-secret":
         path = resource["path"]
         version = resource["version"]
@@ -588,7 +588,7 @@ def fetch_openshift_resource(
                 settings=settings,
             )
         except (SecretVersionNotFound, SecretVersionIsNone) as e:
-            raise FetchSecretError(e)
+            raise FetchSecretError(e) from None
     elif provider == "route":
         path = resource["resource"]["path"]
         _locked_debug_log(f"Processing {provider}: {path}")
@@ -628,7 +628,7 @@ def fetch_openshift_resource(
             )
         except Exception as e:
             msg = f"could not render template at path {path}\n{e}"
-            raise ResourceTemplateRenderError(msg)
+            raise ResourceTemplateRenderError(msg) from None
 
     else:
         raise UnknownProviderError(provider)

reconcile/openshift_rolebindings.py

@@ -1,3 +1,4 @@
+import contextlib
 import sys
 
 import reconcile.openshift_base as ob
@@ -136,7 +137,9 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                     oc_resource, resource_name = construct_user_oc_resource(
                         permission["role"], username
                     )
-                    try:
+                    with contextlib.suppress(ResourceKeyExistsError):
+                        # a user may have a Role assigned to them
+                        # from multiple app-interface roles
                         ri.add_desired(
                             cluster,
                             perm_namespace_name,
@@ -145,10 +148,7 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                             oc_resource,
                             privileged=privileged,
                         )
-                    except ResourceKeyExistsError:
-                        # a user may have a Role assigned to them
-                        # from multiple app-interface roles
-                        pass
+
             for sa in service_accounts:
                 if ri is None:
                     continue
@@ -156,7 +156,9 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                 oc_resource, resource_name = construct_sa_oc_resource(
                     permission["role"], sa_namespace_name, sa_name
                 )
-                try:
+                with contextlib.suppress(ResourceKeyExistsError):
+                    # a ServiceAccount may have a Role assigned to it
+                    # from multiple app-interface roles
                     ri.add_desired(
                         cluster,
                         perm_namespace_name,
@@ -165,11 +167,6 @@ def fetch_desired_state(ri, oc_map, enforced_user_keys=None):
                         oc_resource,
                         privileged=privileged,
                     )
-                except ResourceKeyExistsError:
-                    # a ServiceAccount may have a Role assigned to it
-                    # from multiple app-interface roles
-                    pass
-
     return users_desired_state
 
 

reconcile/openshift_saas_deploy_trigger_base.py

@@ -313,11 +313,14 @@ def _pipeline_exists(
     if isinstance(oc, OCLogMsg):
         logging.error(oc.message)
         raise RuntimeError(f"No OC client for {tkn_cluster_name}: {oc.message}")
-    if oc.get(
-        namespace=tkn_namespace_name, kind="Pipeline", name=name, allow_not_found=True
-    ):
-        return True
-    return False
+    return bool(
+        oc.get(
+            namespace=tkn_namespace_name,
+            kind="Pipeline",
+            name=name,
+            allow_not_found=True,
+        )
+    )
 
 
 def _construct_tekton_trigger_resource(

reconcile/oum/base.py

@@ -265,7 +265,7 @@ def reconcile_cluster_roles(
         }
         # only process roles present in the desired state and ignore the ones that are not
         # this way a role can still be managed manually while another one is managed by this integration
-        for group in desired_groups.keys():
+        for group in desired_groups:
             desired_members = desired_groups.get(group, set())
             current_members = current_groups.get(group, set())