qontract-reconcile 0.10.2.dev186__py3-none-any.whl → 0.10.2.dev187__py3-none-any.whl

{qontract_reconcile-0.10.2.dev186.dist-info → qontract_reconcile-0.10.2.dev187.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev186
+Version: 0.10.2.dev187
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile

{qontract_reconcile-0.10.2.dev186.dist-info → qontract_reconcile-0.10.2.dev187.dist-info}/RECORD

@@ -26,7 +26,7 @@ reconcile/github_org.py,sha256=Wc5cZamatuWsW2ZJT2ib5ps8l3iY3RXHwNUxVJerqz0,14173
 reconcile/github_owners.py,sha256=viE1KJ-zaTxuZ5yItg2C263J0brn-Q-3hR_DkYDMbhY,3122
 reconcile/github_repo_invites.py,sha256=U9UCzNVwrZ7MqODtFah8ogH0NNY-XjBin7G9gqHtCUY,2690
 reconcile/github_repo_permissions_validator.py,sha256=PNqL4dqa2OaNBy-NmLVN-t1HZa6eS6HgSYmfOunYqtA,1798
-reconcile/github_users.py,sha256=QdX164LZrm8sqggMj-0beCzWofpS6OEBfzKNrWPrfj0,3934
+reconcile/github_users.py,sha256=ZeYNMyvZPVMx6mh5TiKEUQy4W1uw3VmUZOHiXus5I0Y,5073
 reconcile/github_validator.py,sha256=-j17tn3csFVjPMSPL3te48iWVkPZCncRXdeKeLdGjjQ,931
 reconcile/gitlab_fork_compliance.py,sha256=RbHckzLnE9zkOFHJANzoejEMMbMAivmqJVs3Suvp9lU,4591
 reconcile/gitlab_housekeeping.py,sha256=c31Jtw5t8bnOzUO9jMWF_0DHitPzol93AA7YWBxM5L0,25416
@@ -47,7 +47,7 @@ reconcile/jenkins_webhooks_cleaner.py,sha256=JsN_NVPfZJwv1JtSzZXDIHUqGiefL-DRffF
 reconcile/jenkins_worker_fleets.py,sha256=L2wEXpd4xuEHrXGss4iH788nG8UlLSYduZe1EY2IVw4,5377
 reconcile/jira_permissions_validator.py,sha256=5rc4Q2mXGL3HCZmYpZaJkjzBrpCRnlLeCY0Yl2fDOs4,14672
 reconcile/jira_watcher.py,sha256=L_UL2MKm2SoIGNsCLThm28pnqCkoFc154JWsD6bURug,3593
-reconcile/ldap_users.py,sha256=7hdO5CAPl-VNBvDRmKHg13LoblHXXPt7YEKNGomAoGg,3158
+reconcile/ldap_users.py,sha256=oP1CAxmgSi3zDJ3vKTPySjap6WmEX1U469FmFrov5l4,4599
 reconcile/mr_client_gateway.py,sha256=WhjMd-sIXDFCV8-rt8CEjurJ5OYB1pOD0K3o0tZRXQg,1885
 reconcile/ocm_additional_routers.py,sha256=KfcFDVbNoc6n5dHWjYdAf1_DiVqVG6Tw23WLKoV8cdg,3306
 reconcile/ocm_addons.py,sha256=qqAyqRBRbdZQvAcjb-QlSVyRAyQBZk6iVlgnI4jyi7s,3353
@@ -284,6 +284,7 @@ reconcile/gql_definitions/common/clusters_with_peering.py,sha256=B1Hi3u6rZZsl4bD
 reconcile/gql_definitions/common/github_orgs.py,sha256=rZ0pDAA2_9hF9N-ykRZIxPtEmczTSjuA_k3nkp0k1W0,2039
 reconcile/gql_definitions/common/jira_settings.py,sha256=Fmjxhlhr69kc4jkG_0k17fuYlQVucbNex0jXYu83wbY,1990
 reconcile/gql_definitions/common/jiralert_settings.py,sha256=H96nMg_r2YcOvioj3aIkwqtFrALGSLt7uhbx9jGSUTo,1984
+reconcile/gql_definitions/common/ldap_settings.py,sha256=qkKm3BusR4FreHcI9VSwPg-hrhBKtiQIjGsTAGvHDG4,1885
 reconcile/gql_definitions/common/namespaces.py,sha256=FUgyoDAKWSetfDumfqHRVT6lOGp9hoj1-8rC0khVJI4,11071
 reconcile/gql_definitions/common/namespaces_minimal.py,sha256=XVt8LFe-bGYbjN3ysX3b9sFGmLX4snQ_A9ZouQGaaAI,3429
 reconcile/gql_definitions/common/ocm_env_telemeter.py,sha256=jW0Q9WazDQVOxh4u0LMFG69rupBioJ8HGGjvR9bVK9Y,2424
@@ -301,6 +302,7 @@ reconcile/gql_definitions/common/slack_workspaces.py,sha256=2o0kgi4QiaRuNmZJnc_B
 reconcile/gql_definitions/common/smtp_client_settings.py,sha256=JU6t6D-Qj-z1gLlgUiHKe0W7AxWQdty9jlv-ig_43tM,2248
 reconcile/gql_definitions/common/state_aws_account.py,sha256=LAdpCG2-ykVpWBPO0Zu1WvG-hwKXyDC0fJQxJRpbqCk,2198
 reconcile/gql_definitions/common/users.py,sha256=ahY3d185LbTekCGYBLJwZJljn54RJI_P5CVefdqyoZA,1705
+reconcile/gql_definitions/common/users_with_paths.py,sha256=kOYzIXKG11JI0afgRMA5WLlEwJlvElAKytE8RAeuSco,2726
 reconcile/gql_definitions/cost_report/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/cost_report/app_names.py,sha256=fzqYXyiTSll359J1F1o7qapco0MSxgs3sr_Ssb2Kbns,1786
 reconcile/gql_definitions/cost_report/cost_namespaces.py,sha256=URRozAgSa9OnkqOCZf3MGH21_wcnsqYl0n-olXdjQH0,2286
@@ -465,7 +467,7 @@ reconcile/oum/base.py,sha256=WCFdHOHXLPrJcvxVqw6HjaJthT7olC5BQqqXlD4DM6c,13552
 reconcile/oum/labelset.py,sha256=f5kDndbaIT4iNYxTRPSELTUgj_aMlzEJDPzooAkG2mE,2154
 reconcile/oum/metrics.py,sha256=S_0C-hIW4jHVl9Lltgis9q-p33fdBjADWBouQ9Emeao,1575
 reconcile/oum/models.py,sha256=teH0bJTCMTzbdbYD9CU4yXDuMr34ceLcM0KuoIPU8gI,1712
-reconcile/oum/providers.py,sha256=3kEjXvsTPzXc7gzrdO7hWqgzcMmMZMpk2S0X7wQUTWU,1767
+reconcile/oum/providers.py,sha256=lfG6d7YV-A4Lte45EMv1Gx4A346piJ_jAkrU5AHJZ_g,1834
 reconcile/oum/standalone.py,sha256=EN5y1S-3DwUZYzSRqRMtf63mI2slvBHKiU9zOTjYvWM,7334
 reconcile/prometheus_rules_tester/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/prometheus_rules_tester/integration.py,sha256=8lXZSaNqZAemulVNDxanrxwl7ZGfUxtwfptJlMPX8ac,9308
@@ -561,6 +563,7 @@ reconcile/typed_queries/jenkins.py,sha256=Pus8Rhsb04F92Iqh31xe-rW1TLiEziIWd0UAth
 reconcile/typed_queries/jira.py,sha256=jq6-ERCr_Fh96_3i9A9UKfpAAstoc4Iz6Irl-_0IUkw,235
 reconcile/typed_queries/jira_settings.py,sha256=i0ddx5xxHrM1v-9mtL_6OB-jBFLw7-HS6xenpIDjrkw,570
 reconcile/typed_queries/jiralert_settings.py,sha256=y59S5xvYmuaGxszzfKhVLjbCyDwKiaSIlajocbK5MDE,793
+reconcile/typed_queries/ldap_settings.py,sha256=k8LWM11wPHn6_x2TMP7xkiwQTOPBgzuYdjzygG1WVT4,664
 reconcile/typed_queries/namespaces.py,sha256=vItPrn7sfcHOix-VvkzQkf54_ljzI_ymyxh5esdBJ5Y,262
 reconcile/typed_queries/namespaces_minimal.py,sha256=rUtqNQ0ORXXUTQfnpsMURymAJ4gYtE77V-Lb3LiJFEY,278
 reconcile/typed_queries/ocm.py,sha256=aTXW9NaMpMq-90sBUAUQmGPtk6Hnsk2rzSbXv3pD8dY,312
@@ -577,6 +580,7 @@ reconcile/typed_queries/tekton_pipeline_providers.py,sha256=LtoSnSRkuckYsXIU64L1
 reconcile/typed_queries/terraform_namespaces.py,sha256=4H9WE90jN_BVYBAt1DxJITS4vkL-vykbXZIS1H4EKNM,413
 reconcile/typed_queries/unleash.py,sha256=7HDc4owF044xM9Thx4WsXV7DZgETxJjy4lbpwmqz1vU,282
 reconcile/typed_queries/users.py,sha256=UXlaxeZAoNIugMEndfcjbkHYowUURE72aWcdmxfb3yk,377
+reconcile/typed_queries/users_with_paths.py,sha256=lvW0QzTJtKkLS2O_Jm9_0mFXJFKvGlZE809LI-5ddvc,342
 reconcile/typed_queries/vault.py,sha256=lkRsmobykorof3fcrIPLz-NgvAiSOWSOZc_jXBlnl1w,274
 reconcile/typed_queries/app_interface_metrics_exporter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py,sha256=X-N1WJGOL6OR9940P0_K4-YJzkL5Vg4favhYrBxXD9A,327
@@ -629,7 +633,7 @@ reconcile/utils/jjb_client.py,sha256=e5cDeNAeJMGz3sZMJ1KUIMFyLdRet0YnC0Qgj1vTPHc
 reconcile/utils/jsonpath.py,sha256=wdxOMqR-GMpQf5vRPWRMqAF7bCiXDBkkcFfY2U4j_tk,5536
 reconcile/utils/jump_host.py,sha256=gi8vGUDgdTVwJvROvRVauFxtL0YAramhbWvG70L7AY8,5137
 reconcile/utils/keycloak.py,sha256=YWSEUGrOVqFaJUk055dKUWpLDPdDRvhcmvR-lfbmxdE,3388
-reconcile/utils/ldap_client.py,sha256=sxvvSEwuswDexrTlLSz9GKQ4ym9OJr-yk2dnCM5cmxs,2463
+reconcile/utils/ldap_client.py,sha256=HxOxpqyLRbXxOARZyBNbccceWIk6gF8PQjNQmBvjF2o,2148
 reconcile/utils/lean_terraform_client.py,sha256=X9358loxzkhwRExTeDv_NC8Q6HNr2tJK6Lx897YtJUc,4004
 reconcile/utils/make.py,sha256=QaEwucrzbl8-VHS66Wfdjfo0ubmAcvt_hZGpiGsKU50,231
 reconcile/utils/metrics.py,sha256=kiOoWO0b0mO-MDZWxyClYz9SeohQ0QU-xji0p-cSiLo,18462
@@ -727,7 +731,7 @@ reconcile/utils/mr/ocm_update_recommended_version.py,sha256=p_aVP0TGrlKk9WBwgQnY
 reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py,sha256=5EncHGr4QRnZgHedRfCwMYZ9CaijYzHGj7-M6lhtQRo,3004
 reconcile/utils/mr/promote_qontract.py,sha256=wgvX2CBlcZaihKJSXJ0zcEK8NGaEP2_DUQDz0STzGes,7158
 reconcile/utils/mr/update_access_report_base.py,sha256=4Grohtp44v1sSHZyIAYOwClxH8SLj_nnOrCcHPKp9p0,4361
-reconcile/utils/mr/user_maintenance.py,sha256=ZlR1Id_r2BUXsoerJW-0Ioh5bcbwlnQxBBhSs-ri9Dk,5099
+reconcile/utils/mr/user_maintenance.py,sha256=KSfl4i0k1CqCa9mj93bvFxHeBHPRMn3sBWdGS1nNzYY,5371
 reconcile/utils/ocm/__init__.py,sha256=Y-bp8GomMpyCo0tFW6kJ78-ZG1UIupYRtBzbMWU0kwM,798
 reconcile/utils/ocm/addons.py,sha256=_LDdJ-gapM3s5exKlIUt-MlXZTAUoHezbYBU0QmvfWQ,7335
 reconcile/utils/ocm/base.py,sha256=8rZ8WilNeAfq7HRNI8kNOLB4VcYzQpqQ5gvWbS54MuM,14576
@@ -805,7 +809,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=UfwwRLS5Ya4_Nh1w5n1dvoYtchQvYE9yj1VANt2IKqI,3925
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev186.dist-info/METADATA,sha256=0hGybBCljHc9z_10Wcq6RvjgFFVSF7GPG9w5yhdMTTM,24555
-qontract_reconcile-0.10.2.dev186.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev186.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev186.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev187.dist-info/METADATA,sha256=-iInkgy_ICSk6OCktOC27DWeGBEvZpYlsXpPFJ640IU,24555
+qontract_reconcile-0.10.2.dev187.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev187.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev187.dist-info/RECORD,,

reconcile/github_users.py

@@ -1,6 +1,7 @@
 import logging
 import os
 import re
+from collections import defaultdict
 from collections.abc import Callable
 
 from github import Github
@@ -17,9 +18,9 @@ from reconcile import (
     typed_queries,
 )
 from reconcile.github_org import get_default_config
-from reconcile.ldap_users import init_users as init_users_and_paths
 from reconcile.utils.defer import defer
 from reconcile.utils.mr import CreateDeleteUserAppInterface
+from reconcile.utils.mr.user_maintenance import PathSpec, PathTypes
 from reconcile.utils.secret_reader import SecretReader
 from reconcile.utils.smtp_client import (
     DEFAULT_SMTP_TIMEOUT,
@@ -39,6 +40,33 @@ def init_github() -> Github:
     return Github(token, base_url=GH_BASE_URL)
 
 
+def init_users_and_paths() -> list[dict[str, list]]:
+    app_int_users = queries.get_users(refs=True)
+
+    users = defaultdict(list)
+    for user in app_int_users:
+        u = user["org_username"]
+        item = PathSpec(type=PathTypes.USER, path=user["path"])
+        users[u].append(item)
+        for r in user.get("requests"):
+            item = PathSpec(type=PathTypes.REQUEST, path=r["path"])
+            users[u].append(item)
+        for q in user.get("queries"):
+            item = PathSpec(type=PathTypes.QUERY, path=q["path"])
+            users[u].append(item)
+        for g in user.get("gabi_instances"):
+            item = PathSpec(type=PathTypes.GABI, path=g["path"])
+            users[u].append(item)
+        for a in user.get("aws_accounts", []):
+            item = PathSpec(type=PathTypes.AWS_ACCOUNTS, path=a["path"])
+            users[u].append(item)
+        for s in user.get("schedules"):
+            item = PathSpec(type=PathTypes.SCHEDULE, path=s["path"])
+            users[u].append(item)
+
+    return [{"username": username, "paths": paths} for username, paths in users.items()]
+
+
 @retry(exceptions=(GithubException, ReadTimeout))
 def get_user_company(user: dict, github: Github) -> UserAndCompany:
     gh_user = github.get_user(login=user["github_username"])

reconcile/gql_definitions/common/ldap_settings.py

@@ -0,0 +1,68 @@
+"""
+Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+"""
+from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
+from datetime import datetime  # noqa: F401 # pylint: disable=W0611
+from enum import Enum  # noqa: F401 # pylint: disable=W0611
+from typing import (  # noqa: F401 # pylint: disable=W0611
+    Any,
+    Optional,
+    Union,
+)
+
+from pydantic import (  # noqa: F401 # pylint: disable=W0611
+    BaseModel,
+    Extra,
+    Field,
+    Json,
+)
+
+
+DEFINITION = """
+query LdapSettings {
+  settings: app_interface_settings_v1 {
+    ldap {
+      serverUrl
+      baseDn
+    }
+  }
+}
+"""
+
+
+class ConfiguredBaseModel(BaseModel):
+    class Config:
+        smart_union=True
+        extra=Extra.forbid
+
+
+class LdapSettingsV1(ConfiguredBaseModel):
+    server_url: str = Field(..., alias="serverUrl")
+    base_dn: str = Field(..., alias="baseDn")
+
+
+class AppInterfaceSettingsV1(ConfiguredBaseModel):
+    ldap: Optional[LdapSettingsV1] = Field(..., alias="ldap")
+
+
+class LdapSettingsQueryData(ConfiguredBaseModel):
+    settings: Optional[list[AppInterfaceSettingsV1]] = Field(..., alias="settings")
+
+
+def query(query_func: Callable, **kwargs: Any) -> LdapSettingsQueryData:
+    """
+    This is a convenience function which queries and parses the data into
+    concrete types. It should be compatible with most GQL clients.
+    You do not have to use it to consume the generated data classes.
+    Alternatively, you can also mime and alternate the behavior
+    of this function in the caller.
+
+    Parameters:
+        query_func (Callable): Function which queries your GQL Server
+        kwargs: optional arguments that will be passed to the query function
+
+    Returns:
+        LdapSettingsQueryData: queried data parsed into generated classes
+    """
+    raw_data: dict[Any, Any] = query_func(DEFINITION, **kwargs)
+    return LdapSettingsQueryData(**raw_data)

reconcile/gql_definitions/common/users_with_paths.py

@@ -0,0 +1,102 @@
+"""
+Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+"""
+from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
+from datetime import datetime  # noqa: F401 # pylint: disable=W0611
+from enum import Enum  # noqa: F401 # pylint: disable=W0611
+from typing import (  # noqa: F401 # pylint: disable=W0611
+    Any,
+    Optional,
+    Union,
+)
+
+from pydantic import (  # noqa: F401 # pylint: disable=W0611
+    BaseModel,
+    Extra,
+    Field,
+    Json,
+)
+
+
+DEFINITION = """
+query UsersWithPaths {
+  users: users_v1 {
+    path
+    org_username
+    aws_accounts {
+      path
+    }
+    requests {
+      path
+    }
+    queries {
+      path
+    }
+    gabi_instances {
+      path
+    }
+    schedules {
+      path
+    }
+  }
+}
+"""
+
+
+class ConfiguredBaseModel(BaseModel):
+    class Config:
+        smart_union=True
+        extra=Extra.forbid
+
+
+class AWSAccountV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+
+
+class CredentialsRequestV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+
+
+class AppInterfaceSqlQueryV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+
+
+class GabiInstanceV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+
+
+class ScheduleV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+
+
+class UserV1(ConfiguredBaseModel):
+    path: str = Field(..., alias="path")
+    org_username: str = Field(..., alias="org_username")
+    aws_accounts: Optional[list[AWSAccountV1]] = Field(..., alias="aws_accounts")
+    requests: Optional[list[CredentialsRequestV1]] = Field(..., alias="requests")
+    queries: Optional[list[AppInterfaceSqlQueryV1]] = Field(..., alias="queries")
+    gabi_instances: Optional[list[GabiInstanceV1]] = Field(..., alias="gabi_instances")
+    schedules: Optional[list[ScheduleV1]] = Field(..., alias="schedules")
+
+
+class UsersWithPathsQueryData(ConfiguredBaseModel):
+    users: Optional[list[UserV1]] = Field(..., alias="users")
+
+
+def query(query_func: Callable, **kwargs: Any) -> UsersWithPathsQueryData:
+    """
+    This is a convenience function which queries and parses the data into
+    concrete types. It should be compatible with most GQL clients.
+    You do not have to use it to consume the generated data classes.
+    Alternatively, you can also mime and alternate the behavior
+    of this function in the caller.
+
+    Parameters:
+        query_func (Callable): Function which queries your GQL Server
+        kwargs: optional arguments that will be passed to the query function
+
+    Returns:
+        UsersWithPathsQueryData: queried data parsed into generated classes
+    """
+    raw_data: dict[Any, Any] = query_func(DEFINITION, **kwargs)
+    return UsersWithPathsQueryData(**raw_data)

reconcile/ldap_users.py

@@ -1,99 +1,126 @@
 import logging
-from collections import defaultdict
+from collections.abc import Callable
+
+from pydantic import BaseModel, Field
 
 from reconcile import (
     mr_client_gateway,
-    queries,
 )
-from reconcile.utils import gql
+from reconcile.gql_definitions.common.ldap_settings import LdapSettingsV1
+from reconcile.gql_definitions.common.users_with_paths import UserV1
+from reconcile.typed_queries.ldap_settings import get_ldap_settings
+from reconcile.typed_queries.users_with_paths import get_users_with_paths
 from reconcile.utils.defer import defer
 from reconcile.utils.ldap_client import LdapClient
 from reconcile.utils.mr import (
     CreateDeleteUserAppInterface,
     CreateDeleteUserInfra,
 )
-from reconcile.utils.mr.user_maintenance import PathTypes
+from reconcile.utils.mr.user_maintenance import PathSpec, PathTypes
 
 QONTRACT_INTEGRATION = "ldap-users"
 
 
-def init_users() -> list[dict[str, list]]:
-    app_int_users = queries.get_users(refs=True)
-
-    users = defaultdict(list)
-    for user in app_int_users:
-        u = user["org_username"]
-        item = {"type": PathTypes.USER, "path": "data" + user["path"]}
-        users[u].append(item)
-        for r in user.get("requests"):
-            item = {"type": PathTypes.REQUEST, "path": "data" + r["path"]}
-            users[u].append(item)
-        for q in user.get("queries"):
-            item = {"type": PathTypes.QUERY, "path": "data" + q["path"]}
-            users[u].append(item)
-        for g in user.get("gabi_instances"):
-            item = {"type": PathTypes.GABI, "path": "data" + g["path"]}
-            users[u].append(item)
-        for a in user.get("aws_accounts", []):
-            item = {"type": PathTypes.AWS_ACCOUNTS, "path": "data" + a["path"]}
-            users[u].append(item)
-        for s in user.get("schedules"):
-            item = {"type": PathTypes.SCHEDULE, "path": "data" + s["path"]}
-            users[u].append(item)
-
-    return [{"username": username, "paths": paths} for username, paths in users.items()]
-
-
-LDAP_SETTINGS_QUERY = """
-{
-  settings: app_interface_settings_v1 {
-    ldap {
-      serverUrl
-      baseDn
-    }
-  }
-}
-"""
-
-
-def get_ldap_settings() -> dict:
-    """Returns LDAP settings"""
-    gqlapi = gql.get_api()
-    settings = gqlapi.query(LDAP_SETTINGS_QUERY)["settings"]
-    if settings:
-        # assuming a single settings file for now
-        return settings[0]
-    raise ValueError("no app-interface-settings settings found")
+class UserPaths(BaseModel):
+    username: str
+    paths: list[PathSpec] = Field(default_factory=list)
 
 
-@defer
-def run(dry_run, app_interface_project_id, infra_project_id, defer=None):
-    users = init_users()
-    with LdapClient.from_settings(get_ldap_settings()) as ldap_client:
-        ldap_users = ldap_client.get_users([u["username"] for u in users])
+def transform_users_with_paths(users_with_paths: list[UserV1]) -> list[UserPaths]:
+    """Converts UserV1 objects into UserPaths, consolidating all associated resource paths by type."""
+
+    users_paths = []
+    for user in users_with_paths:
+        up = UserPaths(username=user.org_username)
+        up.paths.append(PathSpec(type=PathTypes.USER, path=user.path))
+        for r in user.requests or []:
+            up.paths.append(PathSpec(type=PathTypes.REQUEST, path=r.path))
+        for q in user.queries or []:
+            up.paths.append(PathSpec(type=PathTypes.QUERY, path=q.path))
+        for g in user.gabi_instances or []:
+            up.paths.append(PathSpec(type=PathTypes.GABI, path=g.path))
+        for a in user.aws_accounts or []:
+            up.paths.append(PathSpec(type=PathTypes.AWS_ACCOUNTS, path=a.path))
+        for s in user.schedules or []:
+            up.paths.append(PathSpec(type=PathTypes.SCHEDULE, path=s.path))
+
+        users_paths.append(up)
+
+    return users_paths
+
+
+def get_usernames(users_paths: list[UserPaths]) -> list[str]:
+    """Extracts a list of usernames from a list of UserPaths objects."""
+    return [u.username for u in users_paths]
+
+
+def filter_users_not_exists(
+    users_paths: list[UserPaths], ldap_users: set[str]
+) -> list[UserPaths]:
+    """Filters out UserPaths objects whose usernames are not present in the given set of LDAP users."""
+
+    return [u for u in users_paths if u.username not in ldap_users]
+
 
-    users_to_delete = [u for u in users if u["username"] not in ldap_users]
+def get_ldap_users(ldap_settings: LdapSettingsV1, usernames: list[str]) -> set[str]:
+    """Retrieves existing usernames from LDAP based on the provided list and connection settings."""
+    with LdapClient.from_params(
+        server_url=ldap_settings.server_url,
+        user=None,
+        password=None,
+        base_dn=ldap_settings.base_dn,
+    ) as ldap_client:
+        return ldap_client.get_users(usernames)
 
+
+@defer
+def delete_user_from_app_interface(
+    dry_run: bool,
+    app_interface_project_id: str | int | None,
+    users: list[UserPaths],
+    defer: Callable | None = None,
+) -> None:
+    """Delete user data stored in the repository app-interface related with the given users."""
     if not dry_run:
         mr_cli_app_interface = mr_client_gateway.init(
             gitlab_project_id=app_interface_project_id, sqs_or_gitlab="gitlab"
         )
-        defer(mr_cli_app_interface.cleanup)
-        mr_cli_infra = mr_client_gateway.init(
-            gitlab_project_id=infra_project_id, sqs_or_gitlab="gitlab"
-        )
-        defer(mr_cli_infra.cleanup)
+        if defer:
+            defer(mr_cli_app_interface.cleanup)
 
-    for u in users_to_delete:
-        username = u["username"]
-        paths = u["paths"]
-        logging.info(["delete_user", username])
+    for user in users:
+        logging.info(["delete_user", user.username])
 
         if not dry_run:
-            mr = CreateDeleteUserAppInterface(username, paths)
+            mr = CreateDeleteUserAppInterface(user.username, user.paths)
             mr.submit(cli=mr_cli_app_interface)
 
+
+def delete_user_from_infra(
+    dry_run: bool,
+    infra_project_id: str | int | None,
+    usernames: list[str],
+) -> None:
+    """Delete user data stored in the repository infra related with the given usernames."""
     if not dry_run:
-        usernames = [u["username"] for u in users_to_delete]
-        mr_infra = CreateDeleteUserInfra(usernames)
-        mr_infra.submit(cli=mr_cli_infra)
+        with mr_client_gateway.init(
+            gitlab_project_id=infra_project_id, sqs_or_gitlab="gitlab"
+        ) as mr_cli_infra:
+            mr_infra = CreateDeleteUserInfra(usernames)
+            mr_infra.submit(cli=mr_cli_infra)
+
+
+def run(dry_run: bool, app_interface_project_id: str, infra_project_id: str) -> None:
+    """
+    Synchronizes user data stored in the repositories app_interface and infra
+    associated with users that are no longer found in the LDAP.
+    """
+    users_paths = transform_users_with_paths(get_users_with_paths())
+
+    ldap_users = get_ldap_users(get_ldap_settings(), get_usernames(users_paths))
+
+    users_to_delete = filter_users_not_exists(users_paths, ldap_users)
+    usernames_to_delete = get_usernames(users_to_delete)
+
+    delete_user_from_app_interface(dry_run, app_interface_project_id, users_to_delete)
+    delete_user_from_infra(dry_run, infra_project_id, usernames_to_delete)

reconcile/oum/providers.py

@@ -3,7 +3,7 @@ from abc import (
     abstractmethod,
 )
 
-from reconcile.ldap_users import get_ldap_settings
+from reconcile.typed_queries.ldap_settings import get_ldap_settings
 from reconcile.utils.ldap_client import LdapClient
 
 
@@ -53,7 +53,10 @@ def init_ldap_group_member_provider(group_base_dn: str) -> LdapGroupMemberProvid
     settings = get_ldap_settings()
     return LdapGroupMemberProvider(
         LdapClient.from_params(
-            settings["ldap"]["serverUrl"], None, None, settings["ldap"]["baseDn"]
+            server_url=settings.server_url,
+            user=None,
+            password=None,
+            base_dn=settings.base_dn,
         ),
         group_base_dn,
     )

reconcile/typed_queries/ldap_settings.py

@@ -0,0 +1,20 @@
+from collections.abc import Callable
+
+from reconcile.gql_definitions.common.ldap_settings import (
+    LdapSettingsV1,
+    query,
+)
+from reconcile.utils import gql
+from reconcile.utils.exceptions import AppInterfaceSettingsError
+
+
+def get_ldap_settings(
+    query_func: Callable | None = None,
+) -> LdapSettingsV1:
+    """Returns App Interface Settings and raises err if none are found"""
+    if not query_func:
+        query_func = gql.get_api().query
+    data = query(query_func)
+    if data.settings and len(data.settings) == 1 and data.settings[0].ldap:
+        return data.settings[0].ldap
+    raise AppInterfaceSettingsError("Ldap settings is not defined.")

reconcile/typed_queries/users_with_paths.py

@@ -0,0 +1,10 @@
+from collections.abc import Callable
+
+from reconcile.gql_definitions.common.users_with_paths import UserV1, query
+from reconcile.utils import gql
+
+
+def get_users_with_paths(query_func: Callable | None = None) -> list[UserV1]:
+    if not query_func:
+        query_func = gql.get_api().query
+    return query(query_func=query_func).users or []

reconcile/utils/ldap_client.py

@@ -56,13 +56,6 @@ class LdapClient:
 
         return dict(groups_and_members)
 
-    @classmethod
-    def from_settings(cls, settings: dict) -> "LdapClient":
-        """Requires a nested dictionary with key 'ldap' in addition sub keys 'serverUrl' and 'baseDn'."""
-        return LdapClient.from_params(
-            settings["ldap"]["serverUrl"], None, None, settings["ldap"]["baseDn"]
-        )
-
     @classmethod
     def from_params(
         cls, server_url: str, user: str | None, password: str | None, base_dn: str

reconcile/utils/mr/user_maintenance.py

@@ -1,5 +1,8 @@
+from collections.abc import Iterable
+from enum import Enum
 from pathlib import Path
 
+from pydantic import BaseModel, validator
 from ruamel import yaml
 
 from reconcile.utils.gitlab_api import GitLabApi
@@ -7,7 +10,7 @@ from reconcile.utils.mr.base import MergeRequestBase
 from reconcile.utils.mr.labels import AUTO_MERGE
 
 
-class PathTypes:
+class PathTypes(Enum):
     USER = 0
     REQUEST = 1
     QUERY = 2
@@ -16,10 +19,19 @@ class PathTypes:
     SCHEDULE = 5
 
 
+class PathSpec(BaseModel):
+    type: PathTypes
+    path: str
+
+    @validator("path")
+    def prepend_data_to_path(cls, v):
+        return "data" + v
+
+
 class CreateDeleteUserAppInterface(MergeRequestBase):
     name = "create_delete_user_mr"
 
-    def __init__(self, username, paths):
+    def __init__(self, username, paths: Iterable[PathSpec]):
         self.username = username
         self.paths = paths
 
@@ -37,8 +49,8 @@ class CreateDeleteUserAppInterface(MergeRequestBase):
 
     def process(self, gitlab_cli: GitLabApi) -> None:
         for path_spec in self.paths:
-            path_type = path_spec["type"]
-            path = path_spec["path"]
+            path_type = path_spec.type
+            path = path_spec.path
             if path_type in {PathTypes.USER, PathTypes.REQUEST, PathTypes.QUERY}:
                 gitlab_cli.delete_file(
                     branch_name=self.branch, file_path=path, commit_message=self.title