qontract-reconcile 0.10.2.dev183__py3-none-any.whl → 0.10.2.dev185__py3-none-any.whl

{qontract_reconcile-0.10.2.dev183.dist-info → qontract_reconcile-0.10.2.dev185.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev183
+Version: 0.10.2.dev185
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile

{qontract_reconcile-0.10.2.dev183.dist-info → qontract_reconcile-0.10.2.dev185.dist-info}/RECORD

@@ -15,7 +15,7 @@ reconcile/closedbox_endpoint_monitoring_base.py,sha256=al7m8EgnnYx90rY1REryW3byN
 reconcile/cluster_deployment_mapper.py,sha256=5gumAaRCcFXsabUJ1dnuUy9WrP_FEEM5JnOnE8ch9sE,2326
 reconcile/dashdotdb_base.py,sha256=83ZWIf5JJk3P_D69y2TmXRcQr6ELJGlv10OM0h7fJVs,4767
 reconcile/dashdotdb_cso.py,sha256=QRK0YfIqO4rehs8btD3l_GXIO2ZIycTQEKEthBdB0xA,3639
-reconcile/dashdotdb_dora.py,sha256=hMh0Eq6ze5llWGoDV3l4OGcWY5OeJdS6Xy4b1Y4C_MY,17855
+reconcile/dashdotdb_dora.py,sha256=juZvr7R45f3TLbIZy290Oa1OtsSnqX-Ez71ppYAUjXw,17780
 reconcile/dashdotdb_dvo.py,sha256=lCkZ0iby6HrNQb-3kYb6xrt8wCjVUZYxKzz9SiStfHU,8946
 reconcile/dashdotdb_slo.py,sha256=TvKdMOtUZcZP9QydcUJMKh0zURHgOMN_RTpQpCkD1Z8,3960
 reconcile/database_access_manager.py,sha256=Z3aAmw2LsmMIIor-bOGzziVZdVNC82Gmw8oHBUAFf-8,25577
@@ -26,7 +26,7 @@ reconcile/gcp_image_mirror.py,sha256=1ThuUff_04ZdF6uxcLoDuHhoNA3OIw0V-z0-CwdPE2w
 reconcile/github_org.py,sha256=Wc5cZamatuWsW2ZJT2ib5ps8l3iY3RXHwNUxVJerqz0,14173
 reconcile/github_owners.py,sha256=viE1KJ-zaTxuZ5yItg2C263J0brn-Q-3hR_DkYDMbhY,3122
 reconcile/github_repo_invites.py,sha256=U9UCzNVwrZ7MqODtFah8ogH0NNY-XjBin7G9gqHtCUY,2690
-reconcile/github_repo_permissions_validator.py,sha256=ske7cHJ-41jnaywgRlDnR2z9E1yLDSJ0tivq6bhhZdc,1827
+reconcile/github_repo_permissions_validator.py,sha256=PNqL4dqa2OaNBy-NmLVN-t1HZa6eS6HgSYmfOunYqtA,1798
 reconcile/github_users.py,sha256=QdX164LZrm8sqggMj-0beCzWofpS6OEBfzKNrWPrfj0,3934
 reconcile/github_validator.py,sha256=-j17tn3csFVjPMSPL3te48iWVkPZCncRXdeKeLdGjjQ,931
 reconcile/gitlab_fork_compliance.py,sha256=RbHckzLnE9zkOFHJANzoejEMMbMAivmqJVs3Suvp9lU,4591
@@ -102,10 +102,10 @@ reconcile/resource_template_tester.py,sha256=DsKvBuNLPxm4Fa-e1YHHySnhThm5i_j-nF3
 reconcile/run_integration.py,sha256=8kc-lMKF9n2bvyrItJ-3nOgQMqK7lh1UAubXQrxQDPY,9711
 reconcile/saas_file_validator.py,sha256=tyvFYU6lnkfDYIkAIr5pWqSvO5Yc6TagZ-quJYD2dtI,2547
 reconcile/sendgrid_teammates.py,sha256=oO8QbLb4s1o8A6CGiCagN9CmS05BSS_WLztuY0Ym9D8,4773
-reconcile/service_dependencies.py,sha256=S8DOputtxAX-MXvWuTLEOsgLlVkXJHALODPSnWOpvGk,4500
+reconcile/service_dependencies.py,sha256=G2qCuYFc8wQLpRxkdhmibxSAl3nUM3hcan4x50W_mCA,4335
 reconcile/signalfx_endpoint_monitoring.py,sha256=Nqgsg1cflSd2nNnm89y_e8c--7xLUqTrKOHkDs-qADE,2868
 reconcile/slack_base.py,sha256=I-msunWxfgu5bSwXYulGbtLjxUB_tRmTCAUCU-3nabI,3484
-reconcile/slack_usergroups.py,sha256=vMifpbnrQDLeckGtUmpIg7sVvlhpaJz8HZH_loA7fpY,30221
+reconcile/slack_usergroups.py,sha256=xFkVe67RXSUj8JvpfSFEiRdQzB0TnJJEHW_b5PEwLng,30213
 reconcile/sql_query.py,sha256=OEzEZaqgv-kzG3GR2x9w3uMIfSFXP6EdhlW4u5mc1Dg,25895
 reconcile/status.py,sha256=cY4IJFXemhxptRJqR4qaaOWqei9e4jgLXuVSGajMsjg,544
 reconcile/status_board.py,sha256=kJ0bus_wdyX3zsFJuUPrH4n9BNG_jhDbiQ3waOLVRBE,8538
@@ -141,7 +141,7 @@ reconcile/aus/version_gates/ocp_gate_handler.py,sha256=RW1ppDaCZXVegV9AzzqYXxDUu
 reconcile/aus/version_gates/sts_version_gate_handler.py,sha256=swwwz0YyvrEBf_InqrRRBCt2QzHYNvvq8jz9aYwElh4,3663
 reconcile/automated_actions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/automated_actions/config/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/automated_actions/config/integration.py,sha256=iOzR8PyWwKmUoB6Zx4bmbWFEiDPsP9tXuWia_bSW4vA,10921
+reconcile/automated_actions/config/integration.py,sha256=gDNUKxs8m_4GWH0GnW9QXubtsBF6idc0kHxo05hdj0U,11633
 reconcile/aws_account_manager/README.md,sha256=_XFM3GZNHUzv--e_navqJuaUWpjC6QrHfulreHynFf0,262
 reconcile/aws_account_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/aws_account_manager/integration.py,sha256=XTamC824imAezzVoQhhwdMOawNcPCOghR_y7i_8bpJI,15343
@@ -227,7 +227,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=BgMx-NyV9mTuv7Sotb2OioC
 reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/glitchtip_project_dsn/integration.py,sha256=2iugub-kHYkHNK33n0v9_TeWonuxCPah_VkoTPvaajE,8077
 reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/gql_definitions/introspection.json,sha256=lgoJW52hU7zL4UKNpKywvyL--o36MggUI1eFWWlvYLk,2300074
+reconcile/gql_definitions/introspection.json,sha256=MT1HCR90ZahZxjrgaBEp34JNhjaEiDRblQK-qfSrfF0,2316277
 reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/acs_instances.py,sha256=L91WW9LbhJbBSrECqShQpFtjoBOsmNIYLRpMbx1io5o,2181
 reconcile/gql_definitions/acs/acs_policies.py,sha256=9IFpGAcrZ8nTFC05q3-12nwkNOEkquHB2-XbVq5_jy4,7219
@@ -241,7 +241,7 @@ reconcile/gql_definitions/app_sre_tekton_access_revalidation/__init__.py,sha256=
 reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py,sha256=8Y4NsS5T7tumDWxY5MuoV50MK2i-DsLYSpCRjb7KaLE,2353
 reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py,sha256=XdVxBxiyTR6Cy939EHNw__0k7iWrZWlhrgS5DakST0I,2504
 reconcile/gql_definitions/automated_actions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/gql_definitions/automated_actions/instance.py,sha256=D50v0exLeK5hvjQKvxQ5V-6DnYZo_L6cX_Gaf3PGREs,5491
+reconcile/gql_definitions/automated_actions/instance.py,sha256=73vRFDvrD9t2cY1Y8jmjfVPNJ_osPrI8fHTAQz0CGv4,6105
 reconcile/gql_definitions/aws_account_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/aws_account_manager/aws_accounts.py,sha256=vF51KrY2gwX0J9vESiaRMPQqdAMEtz9f_tBq52bInp0,5148
 reconcile/gql_definitions/aws_ami_cleanup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -616,7 +616,7 @@ reconcile/utils/external_resources.py,sha256=YzTb0xAcNdmKO326mGQy7BmST56CZcdru4l
 reconcile/utils/filtering.py,sha256=S4PbMHuFr3ED0P2Q_ea5CAaB7FimI62B-F5YTaKrphA,402
 reconcile/utils/git.py,sha256=o4p9m8jlzCJDcutl2HErvGLhL6sZ1NB4Aw3zGcQIzso,2427
 reconcile/utils/github_api.py,sha256=o4J0ZU1ZSr9808uoorKHv19iae-eLo85yrCZX67p2kw,2822
-reconcile/utils/gitlab_api.py,sha256=qQMN9JwaUvbirbLBy1BImkeJ4iFR-OCfWExphrfkmXs,28610
+reconcile/utils/gitlab_api.py,sha256=U7l26fM1lQ4g-O06D0ZawvOXF_yzzH5NdR5iDx2ZJFA,28616
 reconcile/utils/gpg.py,sha256=EKG7_fdMv8BMlV5yUdPiqoTx-KrzmVSEAl2sLkaKwWI,1123
 reconcile/utils/gql.py,sha256=C0thIm_k9MBldfqwHzyqtYZk9sIvMdm9IbbnXLGwjD8,14158
 reconcile/utils/grouping.py,sha256=vr9SFHZ7bqmHYrvYcEZt-Er3-yQYfAAdq5sHLZVmXPY,456
@@ -667,12 +667,12 @@ reconcile/utils/state.py,sha256=az4tBmZ0EdbFcAGiBVUxs3cr2-BVWsuDQiNTvjjQq8s,1637
 reconcile/utils/structs.py,sha256=LcbLEg8WxfRqM6nW7NhcWN0YeqF7SQzxOgntmLs1SgY,352
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=IDlrNvGEc2i6ElZIL_fzaJEad1nRC3DkP9_VXhJXmU0,37329
-reconcile/utils/terrascript_aws_client.py,sha256=-FNQXltzl4OYGO7eMyvH7-wYUMHNFEVhiNwCvhN6WrI,292307
+reconcile/utils/terrascript_aws_client.py,sha256=RkiYjRietHFNXtfA1-WEZ1lZbJFBA_XCtTOsZUij5VM,292360
 reconcile/utils/three_way_diff_strategy.py,sha256=oQcHXd9LVhirJfoaOBoHUYuZVGfyL2voKr6KVI34zZE,4833
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/vault.py,sha256=aSA8l9cJlPUHpChFGl27nSY-Mpq9FMjBo7Dcgb1BVfM,15036
 reconcile/utils/vaultsecretref.py,sha256=0KUSzuvTRxPyKY919TO3-B_eYg4_76fzKvMF8j5s1G0,911
-reconcile/utils/vcs.py,sha256=_S_QZ5UYXOnhNDOBQ-jNVOB6VpYh7Y96YLsM5T3ivug,8836
+reconcile/utils/vcs.py,sha256=AK35vIjx9bXYclKmvNekpaG_OETt-ZybibwV-m123xc,10186
 reconcile/utils/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/utils/acs/base.py,sha256=4UsDrCpAOuddL3PKNuIQYoJP1BtZQNNB8_KEX0lXneg,2532
 reconcile/utils/acs/notifiers.py,sha256=DlzTDM9arWQlBSiDy70y5Mf38OKVs9V0FzFe2LfOKXA,5046
@@ -761,7 +761,7 @@ reconcile/utils/runtime/sharding.py,sha256=r0ieUtNed7NvknSw6qQrCkKpVXE1shuHGnfFc
 reconcile/utils/saasherder/__init__.py,sha256=3U8plqMAPRE1kjwZ5YnIsYsggTf4_gS7flRUEuXVBAs,343
 reconcile/utils/saasherder/interfaces.py,sha256=NEYQspYfyWQhBeJyNCqSFbixi1A4wRVGB7FeNM5BDCk,9141
 reconcile/utils/saasherder/models.py,sha256=JaOz_DEtudJZhiDe90kaBlJkppFufn81V92oK9PHYx0,10208
-reconcile/utils/saasherder/saasherder.py,sha256=PjwJ36Eki5X0Wqu7-sE1slApMh6th3NojAWfZpOz_OQ,87111
+reconcile/utils/saasherder/saasherder.py,sha256=V8DOaMvY1POYd_EquIlU2sI62l64C-PjtaTCuzwVbn4,87306
 reconcile/utils/terraform/__init__.py,sha256=zNbiyTWo35AT1sFTElL2j_AA0jJ_yWE_bfFn-nD2xik,250
 reconcile/utils/terraform/config.py,sha256=5UVrd563TMcvi4ooa5JvWVDW1I3bIWg484u79evfV_8,164
 reconcile/utils/terraform/config_client.py,sha256=gRL1rQ0AqvShei_rcGqC3HDYGskOFKE1nPrJyJE9yno,4676
@@ -807,7 +807,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev183.dist-info/METADATA,sha256=2wN6rP5VfQjaP3NLAKUMYzPS5K4iHPrhgKKruSonpk4,24627
-qontract_reconcile-0.10.2.dev183.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev183.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev183.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev185.dist-info/METADATA,sha256=-GBtujthD8qi9Bdj1oIRUOc5iAeTf-Xa5Lp5jpTyTPE,24627
+qontract_reconcile-0.10.2.dev185.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev185.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev185.dist-info/RECORD,,

reconcile/automated_actions/config/integration.py

@@ -16,10 +16,11 @@ from pydantic import BaseModel
 
 import reconcile.openshift_base as ob
 from reconcile.gql_definitions.automated_actions.instance import (
-    AutomatedActionArgumentOpenshiftV1,
-    AutomatedActionArgumentV1,
+    AutomatedActionActionListV1,
+    AutomatedActionOpenshiftWorkloadRestartArgumentV1,
+    AutomatedActionOpenshiftWorkloadRestartV1,
     AutomatedActionsInstanceV1,
-    PermissionAutomatedActionsV1,
+    AutomatedActionV1,
 )
 from reconcile.gql_definitions.automated_actions.instance import query as instance_query
 from reconcile.utils import expiration, gql
@@ -35,7 +36,7 @@ from reconcile.utils.runtime.integration import (
 from reconcile.utils.semver_helper import make_semver
 
 QONTRACT_INTEGRATION = "automated-actions-config"
-QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
+QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 1)
 
 
 class AutomatedActionsConfigIntegrationParams(PydanticRunParams):
@@ -51,7 +52,6 @@ class AutomatedActionsUser(BaseModel):
 
 
 class AutomatedActionsPolicy(BaseModel):
-    sub: str
     obj: str
     max_ops: int
     params: dict[str, str] = {}
@@ -89,89 +89,109 @@ class AutomatedActionsConfigIntegration(
         for instance in data.automated_actions_instances_v1 or []:
             if instance.deployment.delete:
                 continue
-            instance.permissions = list(
-                self.filter_permissions(instance.permissions or [])
-            )
+            instance.actions = list(self.filter_actions(instance.actions or []))
             yield instance
 
-    def is_enabled(self, argument: AutomatedActionArgumentV1) -> bool:
+    def is_enabled(
+        self, argument: AutomatedActionOpenshiftWorkloadRestartArgumentV1
+    ) -> bool:
         """Check if the integration is enabled for the given argument namespace."""
-        if isinstance(argument, AutomatedActionArgumentOpenshiftV1):
-            return (
-                integration_is_enabled("automated-actions", argument.namespace.cluster)
-                and not argument.namespace.delete
-            )
-        return True
+        return (
+            integration_is_enabled("automated-actions", argument.namespace.cluster)
+            and not argument.namespace.delete
+        )
 
-    def filter_permissions(
-        self, permissions: Iterable[PermissionAutomatedActionsV1]
-    ) -> Generator[PermissionAutomatedActionsV1, None, None]:
+    def filter_actions(
+        self, actions: Iterable[AutomatedActionV1]
+    ) -> Generator[AutomatedActionV1, None, None]:
         """Filter out expired roles and arguments (cluster.namespace) with disabled integrations."""
-        for permission in permissions:
-            # automated actions disabled for the cluster?
-            permission.arguments = [
-                arg for arg in permission.arguments or [] if self.is_enabled(arg)
+        for action in actions:
+            match action:
+                case AutomatedActionOpenshiftWorkloadRestartV1():
+                    # automated actions disabled for the cluster?
+                    action.openshift_workload_restart_arguments = [
+                        arg
+                        for arg in action.openshift_workload_restart_arguments or []
+                        if self.is_enabled(arg)
+                    ]
+
+            # Remove expired roles
+            for permission in action.permissions or []:
+                permission.roles = expiration.filter(permission.roles)
+
+            # Remove permissions without roles
+            action.permissions = [
+                permission
+                for permission in action.permissions or []
+                if permission.roles
             ]
-            # remove expired roles
-            permission.roles = expiration.filter(permission.roles)
-            if not permission.roles:
+
+            if not action.permissions:
                 continue
-            yield permission
+
+            yield action
 
     def compile_users(
-        self, permissions: Iterable[PermissionAutomatedActionsV1]
+        self, actions: Iterable[AutomatedActionV1]
     ) -> list[AutomatedActionsUser]:
-        """Compile all automated actions roles."""
+        """Compile a list of all automated actions users with their role relations."""
         users: dict[str, AutomatedActionsUser] = {}
-        for permission in permissions:
-            for role in permission.roles or []:
-                for user in (role.users or []) + (role.bots or []):
-                    if not user.org_username:
-                        continue
-                    aa_user = users.setdefault(
-                        user.org_username,
-                        AutomatedActionsUser(username=user.org_username, roles=[]),
-                    )
-                    aa_user.roles.add(role.name)
+        for action in actions:
+            for permission in action.permissions or []:
+                for role in permission.roles or []:
+                    for user in (role.users or []) + (role.bots or []):
+                        if not user.org_username:
+                            continue
+                        aa_user = users.setdefault(
+                            user.org_username,
+                            AutomatedActionsUser(username=user.org_username, roles=[]),
+                        )
+                        aa_user.roles.add(role.name)
 
         return list(users.values())
 
     def compile_roles(
-        self, permissions: Iterable[PermissionAutomatedActionsV1]
+        self, actions: Iterable[AutomatedActionV1]
     ) -> AutomatedActionRoles:
         """Compile all automated actions policies."""
         roles: AutomatedActionRoles = {}
 
-        for permission in permissions or []:
-            action = permission.action
-
-            parameters: list[dict[str, str]] = [] if permission.arguments else [{}]
-            for arg in permission.arguments or []:
-                match arg:
-                    case AutomatedActionArgumentOpenshiftV1():
-                        parameters.append({
+        for action in actions:
+            parameters: list[dict[str, str]] = []
+            match action:
+                case AutomatedActionActionListV1():
+                    # no special handling needed, just dump the values
+                    parameters.extend(
+                        arg.dict(exclude_none=True, exclude_defaults=True)
+                        for arg in action.action_list_arguments or []
+                    )
+                case AutomatedActionOpenshiftWorkloadRestartV1():
+                    parameters.extend(
+                        {
                             # all parameter values are regexes in the OPA policy
                             # therefore, cluster and namespace must be fixed to the current strings
                             "cluster": f"^{arg.namespace.cluster.name}$",
                             "namespace": f"^{arg.namespace.name}$",
-                            "kind": arg.kind_pattern,
-                            "name": arg.name_pattern,
-                        })
-                    case _:
-                        raise NotImplementedError(
-                            f"Unsupported argument type: {arg.q_type}"
+                            "kind": arg.kind,
+                            "name": arg.name,
+                        }
+                        for arg in action.openshift_workload_restart_arguments
+                    )
+
+            if not parameters:
+                parameters = [{}]
+
+            for permission in action.permissions or []:
+                for role in permission.roles or []:
+                    aa_role = roles.setdefault(role.name, [])
+                    aa_role.extend(
+                        AutomatedActionsPolicy(
+                            obj=action.q_type,
+                            max_ops=action.max_ops,
+                            params=params,
                         )
-            for role in permission.roles or []:
-                aa_role = roles.setdefault(role.name, [])
-                aa_role.extend(
-                    AutomatedActionsPolicy(
-                        sub=role.name,
-                        obj=action.operation_id,
-                        max_ops=action.max_ops,
-                        params=params,
+                        for params in parameters
                     )
-                    for params in parameters
-                )
         return roles
 
     def build_policy_file(
@@ -273,8 +293,8 @@ class AutomatedActionsConfigIntegration(
         ri = ResourceInventory()
 
         for instance in instances:
-            users = self.compile_users(instance.permissions or [])
-            policies = self.compile_roles(instance.permissions or [])
+            users = self.compile_users(instance.actions or [])
+            policies = self.compile_roles(instance.actions or [])
             if not users and not policies:
                 logging.info(
                     f"{instance.deployment.cluster.name}/{instance.deployment.name}: No enabled automated actions found. Skipping this instance!"

reconcile/dashdotdb_dora.py

@@ -34,7 +34,7 @@ from reconcile.typed_queries.saas_files import get_saas_files
 from reconcile.utils.github_api import GithubRepositoryApi
 from reconcile.utils.gitlab_api import GitLabApi
 from reconcile.utils.secret_reader import create_secret_reader
-from reconcile.utils.vcs import GITHUB_BASE_URL
+from reconcile.utils.vcs import VCS
 
 QONTRACT_INTEGRATION = "dashdotdb-dora"
 
@@ -422,19 +422,21 @@ class DashdotdbDORA(DashdotdbBase):
             return rc, []
 
         LOG.info("Fetching commits %s", rc)
-        if rc.repo_url.startswith(GITHUB_BASE_URL):
-            try:
-                commits = self._github_compare_commits(rc)
-            except GithubException as e:
-                if e.status == 404:
-                    LOG.info(
-                        f"Ignoring RepoChanges for {rc} because could not calculate them: {e.data['message']}"
-                    )
-                    return rc, []
-        elif rc.repo_url.startswith(self.gl.server):
-            commits = self._gitlab_compare_commits(rc)
-        else:
-            raise Exception(f"Unknown git hosting {rc.repo_url}")
+        repo_info = VCS.parse_repo_url(rc.repo_url)
+        match repo_info.platform:
+            case "github":
+                try:
+                    commits = self._github_compare_commits(rc, repo_info.name)
+                except GithubException as e:
+                    if e.status == 404:
+                        LOG.info(
+                            f"Ignoring RepoChanges for {rc} because could not calculate them: {e.data['message']}"
+                        )
+                        return rc, []
+            case "gitlab":
+                commits = self._gitlab_compare_commits(rc, repo_info.name)
+            case _:
+                raise Exception(f"Unknown git hosting {rc.repo_url}")
 
         return rc, commits
 
@@ -455,13 +457,10 @@ class DashdotdbDORA(DashdotdbBase):
 
         return app_env, datetime.fromisoformat(response.json()["finish_timestamp"])
 
-    def _gitlab_compare_commits(self, rc: RepoChanges) -> list[Commit]:
+    def _gitlab_compare_commits(self, rc: RepoChanges, repo: str) -> list[Commit]:
         if not rc.repo_url or not rc.ref_from or not rc.ref_to:
             return []
 
-        prefix = "https://gitlab.cee.redhat.com/"
-        repo = rc.repo_url[rc.repo_url.startswith(prefix) and len(prefix) :]
-
         commits = self.gl.repository_compare(repo, rc.ref_from, rc.ref_to)
 
         return [
@@ -473,12 +472,10 @@ class DashdotdbDORA(DashdotdbBase):
             for commit in commits
         ]
 
-    def _github_compare_commits(self, rc: RepoChanges) -> list[Commit]:
+    def _github_compare_commits(self, rc: RepoChanges, repo: str) -> list[Commit]:
         if not rc.repo_url:
             return []
 
-        repo = rc.repo_url.removeprefix(GITHUB_BASE_URL).rstrip("/")
-
         return [
             Commit(rc.repo_url, commit.sha, commit.commit.committer.date)
             for commit in self.gh_api(repo).compare(rc.ref_from, rc.ref_to)

reconcile/github_repo_permissions_validator.py

@@ -11,7 +11,7 @@ from reconcile.jenkins_job_builder import init_jjb
 from reconcile.utils.jjb_client import JJB
 from reconcile.utils.secret_reader import SecretReader
 from reconcile.utils.semver_helper import make_semver
-from reconcile.utils.vcs import GITHUB_BASE_URL
+from reconcile.utils.vcs import VCS
 
 QONTRACT_INTEGRATION = "github-repo-permissions-validator"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 1, 0)
@@ -46,8 +46,8 @@ def run(dry_run: bool, instance_name: str) -> None:
     error = False
     for job in pr_check_jobs:
         repo_url = jjb.get_repo_url(job)
-        repo_name = repo_url.removeprefix(GITHUB_BASE_URL).rstrip("/")
-        repo = gh.get_repo(repo_name)
+        repo_info = VCS.parse_repo_url(repo_url)
+        repo = gh.get_repo(repo_info.name)
         permissions = repo.permissions
         if not permissions.push and repo_url not in invitations:
             logging.error(f"missing write permissions for bot in repo {repo_url}")

reconcile/gql_definitions/automated_actions/instance.py

@@ -69,27 +69,23 @@ query AutomatedActionsInstances {
         ...OcConnectionCluster
       }
     }
-    permissions {
-      roles {
-        name
-        users {
-          org_username
-        }
-        bots {
-          org_username
+    actions {
+      type
+      permissions {
+        roles {
+          name
+          users {
+            org_username
+          }
+          bots {
+            org_username
+          }
+          expirationDate
         }
-        expirationDate
       }
-
-      action {
-        operationId
-        retries
-        maxOps
-      }
-
-      arguments {
-        type
-        ... on AutomatedActionArgumentOpenshift_v1 {
+      maxOps
+      ... on AutomatedActionOpenshiftWorkloadRestart_v1 {
+        openshift_workload_restart_arguments: arguments {
           namespace {
             name
             delete
@@ -100,8 +96,14 @@ query AutomatedActionsInstances {
               }
             }
           }
-          kind_pattern
-          name_pattern
+          kind
+          name
+        }
+      }
+      ... on AutomatedActionActionList_v1 {
+        action_list_arguments: arguments {
+          action_user
+          max_age_minutes
         }
       }
     }
@@ -138,47 +140,54 @@ class RoleV1(ConfiguredBaseModel):
     expiration_date: Optional[str] = Field(..., alias="expirationDate")
 
 
-class AutomatedActionV1(ConfiguredBaseModel):
-    operation_id: str = Field(..., alias="operationId")
-    retries: int = Field(..., alias="retries")
-    max_ops: int = Field(..., alias="maxOps")
+class PermissionAutomatedActionsV1(ConfiguredBaseModel):
+    roles: Optional[list[RoleV1]] = Field(..., alias="roles")
 
 
-class AutomatedActionArgumentV1(ConfiguredBaseModel):
+class AutomatedActionV1(ConfiguredBaseModel):
     q_type: str = Field(..., alias="type")
+    permissions: Optional[list[PermissionAutomatedActionsV1]] = Field(..., alias="permissions")
+    max_ops: int = Field(..., alias="maxOps")
 
 
 class DisableClusterAutomationsV1(ConfiguredBaseModel):
     integrations: Optional[list[str]] = Field(..., alias="integrations")
 
 
-class AutomatedActionArgumentOpenshiftV1_NamespaceV1_ClusterV1(ConfiguredBaseModel):
+class AutomatedActionOpenshiftWorkloadRestartArgumentV1_NamespaceV1_ClusterV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     disable: Optional[DisableClusterAutomationsV1] = Field(..., alias="disable")
 
 
-class AutomatedActionArgumentOpenshiftV1_NamespaceV1(ConfiguredBaseModel):
+class AutomatedActionOpenshiftWorkloadRestartArgumentV1_NamespaceV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     delete: Optional[bool] = Field(..., alias="delete")
-    cluster: AutomatedActionArgumentOpenshiftV1_NamespaceV1_ClusterV1 = Field(..., alias="cluster")
+    cluster: AutomatedActionOpenshiftWorkloadRestartArgumentV1_NamespaceV1_ClusterV1 = Field(..., alias="cluster")
 
 
-class AutomatedActionArgumentOpenshiftV1(AutomatedActionArgumentV1):
-    namespace: AutomatedActionArgumentOpenshiftV1_NamespaceV1 = Field(..., alias="namespace")
-    kind_pattern: str = Field(..., alias="kind_pattern")
-    name_pattern: str = Field(..., alias="name_pattern")
+class AutomatedActionOpenshiftWorkloadRestartArgumentV1(ConfiguredBaseModel):
+    namespace: AutomatedActionOpenshiftWorkloadRestartArgumentV1_NamespaceV1 = Field(..., alias="namespace")
+    kind: str = Field(..., alias="kind")
+    name: str = Field(..., alias="name")
 
 
-class PermissionAutomatedActionsV1(ConfiguredBaseModel):
-    roles: Optional[list[RoleV1]] = Field(..., alias="roles")
-    action: AutomatedActionV1 = Field(..., alias="action")
-    arguments: Optional[list[Union[AutomatedActionArgumentOpenshiftV1, AutomatedActionArgumentV1]]] = Field(..., alias="arguments")
+class AutomatedActionOpenshiftWorkloadRestartV1(AutomatedActionV1):
+    openshift_workload_restart_arguments: list[AutomatedActionOpenshiftWorkloadRestartArgumentV1] = Field(..., alias="openshift_workload_restart_arguments")
+
+
+class AutomatedActionActionListArgumentV1(ConfiguredBaseModel):
+    action_user: Optional[str] = Field(..., alias="action_user")
+    max_age_minutes: Optional[int] = Field(..., alias="max_age_minutes")
+
+
+class AutomatedActionActionListV1(AutomatedActionV1):
+    action_list_arguments: Optional[list[AutomatedActionActionListArgumentV1]] = Field(..., alias="action_list_arguments")
 
 
 class AutomatedActionsInstanceV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     deployment: NamespaceV1 = Field(..., alias="deployment")
-    permissions: Optional[list[PermissionAutomatedActionsV1]] = Field(..., alias="permissions")
+    actions: Optional[list[Union[AutomatedActionOpenshiftWorkloadRestartV1, AutomatedActionActionListV1, AutomatedActionV1]]] = Field(..., alias="actions")
 
 
 class AutomatedActionsInstancesQueryData(ConfiguredBaseModel):