qontract-reconcile 0.10.2.dev294__py3-none-any.whl → 0.10.2.dev295__py3-none-any.whl

{qontract_reconcile-0.10.2.dev294.dist-info → qontract_reconcile-0.10.2.dev295.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev294
+Version: 0.10.2.dev295
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile

{qontract_reconcile-0.10.2.dev294.dist-info → qontract_reconcile-0.10.2.dev295.dist-info}/RECORD

@@ -4,7 +4,7 @@ reconcile/acs_rbac.py,sha256=15vNfNzdG_DeXaJ-f5m8DSaJh__LUK766_xAECqyTsg,22657
 reconcile/aws_ami_share.py,sha256=M_gT7y3cSAyT_Pm90PBCNDSmbZtqREqe2jNETh0i9Qs,3808
 reconcile/aws_ecr_image_pull_secrets.py,sha256=F58PtX1GlB9XHqj8hGy9ItiTznXLAAKTNlWD9iT2MWI,2593
 reconcile/aws_iam_keys.py,sha256=pVqaXus2pH1LcRlog0C9UsWFttW420tuf7n_Ox-OJs4,4091
-reconcile/aws_iam_password_reset.py,sha256=FpAqAXngmLFqkOtOjrz_i90qteUyLHJL0GMjotc2tJE,3178
+reconcile/aws_iam_password_reset.py,sha256=5oajSspJVAvpGd445hKsxtEGYb75dM4l1_PJTzrfHk0,3253
 reconcile/aws_support_cases_sos.py,sha256=G9g0oM6ohvuJ5N592ePjiPeaDug4_vapAy58RyG-S3Y,3478
 reconcile/blackbox_exporter_endpoint_monitoring.py,sha256=O1wFp52EyF538c6txaWBs8eMtUIy19gyHZ6VzJ6QXS8,3512
 reconcile/checkpoint.py,sha256=gjtS8g6KIyKFYlHMSZjAqDUOlVh83nh4go-9yNrhWZU,5016
@@ -44,7 +44,7 @@ reconcile/jenkins_worker_fleets.py,sha256=tLFEF3ijnqF0jA7hgmFOOrshmfjGYXHFlQcvMZ
 reconcile/jira_permissions_validator.py,sha256=nVHZg7kNn04Q-ryNM20wthMrhXos28g3O9b0ahzxAKc,14690
 reconcile/ldap_users.py,sha256=oP1CAxmgSi3zDJ3vKTPySjap6WmEX1U469FmFrov5l4,4599
 reconcile/mr_client_gateway.py,sha256=3L21YncbetuUI3HYvDAEb5JX5HO5KG2CfUyjapX3w8E,2063
-reconcile/ocm_additional_routers.py,sha256=e5P_OJAaV0jp0626dJ0Hp1-xUsEKXRCnrJzFTIQBdJg,3854
+reconcile/ocm_additional_routers.py,sha256=FUtMeh14i1u2TJ5LSL0pAVjkdBRB7_FietObWO0s_UU,3942
 reconcile/ocm_addons.py,sha256=b59NWAMmd_zW4pxAH7hm8jzAkis0VZrUBmPYgduVlJc,3684
 reconcile/ocm_addons_upgrade_tests_trigger.py,sha256=A9zXeYG-_52DsS1dz47yDSnHz62du5XpPBlaeRa6zxY,3975
 reconcile/ocm_aws_infrastructure_access.py,sha256=f-zVCEf0ucdslhWvfeLcXxQ6Y4xtfCXUG6pxswGgWnU,7251
@@ -88,7 +88,7 @@ reconcile/quay_mirror.py,sha256=pA1_OujRduwQ6dYljoWXU_VJgAwlv7DzThk26ymKmGs,1432
 reconcile/quay_mirror_org.py,sha256=2xLD-PZggP33LhZYxun5I3deF8hwGH9zueMtAByphzE,10842
 reconcile/quay_permissions.py,sha256=BF539lRxjpgwm88WzazklzgaCF_ipRALwbO2AdpqUqE,4388
 reconcile/quay_repos.py,sha256=woB2afCBgz0UPekHcYtV8zwQCZHZZBL8VDf82ATWZxE,7524
-reconcile/queries.py,sha256=aaffpfMIlmHy73CUxos--NnUsTR5ms3VPeaUY3dnvIs,49879
+reconcile/queries.py,sha256=FLUZBtFC2S-e6yjtC1Oq968CJP6t3nc36NPj0wYa0bE,53472
 reconcile/query_validator.py,sha256=csOSkKxcf6ZlpchJu4ck2jLYKUN6y1l-UmSQUFHgssY,1618
 reconcile/requests_sender.py,sha256=914iluuF4UVgG3VyxxtnHOu4yf6YKS2fIy6PViSsFTQ,3875
 reconcile/resource_scraper.py,sha256=sg10j7lwAE8JxsyBTaxixOR3QYnePctsNuwOLiz4QVg,2309
@@ -728,7 +728,7 @@ reconcile/utils/ocm/identity_providers.py,sha256=dKed09N8iWmn39tI_MpwgVe47x23eLs
 reconcile/utils/ocm/label_sources.py,sha256=ES_5VP4X6gsRxMFZ95WgbwE_HqqIUo_JRjHjdGYw6Ss,1846
 reconcile/utils/ocm/labels.py,sha256=CmAgaOEPiaUb4gLtKab9vNkSDJceuREPd4ApgGcIA1U,6240
 reconcile/utils/ocm/manifests.py,sha256=Q6kgOeiAwLbJY_vO_BEW2oePvbLDZcMZk20YpJJGpOA,1195
-reconcile/utils/ocm/ocm.py,sha256=iCAOxRYaQcJchKLrkwfeDbibZfieQYI8k3uelP0w_Y0,31366
+reconcile/utils/ocm/ocm.py,sha256=tHRGWdpHkvrq6XakDjE1KrXNijdh-ubxKgK183fdhyQ,31378
 reconcile/utils/ocm/products.py,sha256=UtWpkAvSMCxPOulEB7aV5ZY8ej_rmErlE_HVdm9Gnjk,26021
 reconcile/utils/ocm/search_filters.py,sha256=09p4Wq1d1HGrDiinf1dmLJ46VtFhkkRCOL4V-N-zwjY,14808
 reconcile/utils/ocm/service_log.py,sha256=RG1f0MMn6joKaRCAm2xveSJCavdOPP1BVo9FXecDxaI,2018
@@ -765,12 +765,12 @@ reconcile/utils/unleash/server.py,sha256=907gDh9Ee8UxLqusnfpzE-7LUnttB38D4xhVJ0v
 tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/alert_report.py,sha256=cyQTei8_SYOggW_6uYvzhrF7Nae-9xOz-jmh9O9V8R8,5589
 tools/app_interface_metrics_exporter.py,sha256=mCi6SZf20mo5yvRI2VoqmrCdz46Ph3JhpEJPvryXncY,2261
-tools/app_interface_reporter.py,sha256=8pxjJTPOcMKlUVUqpafpDmvUEpeqMiKik7Eopoe-qtU,17204
+tools/app_interface_reporter.py,sha256=m6zAtwIR0l388khSFyoytDSjyEoSg5fjXMAMA9KhCIU,17602
 tools/app_sre_tekton_access_reporter.py,sha256=5qmkevJdlb2j_lpGC5Pu1Pmo0eomX5ZxzS_GNkqHAEE,3104
 tools/app_sre_tekton_access_revalidation.py,sha256=vwL1o_j7oSTOhrHNH1znpgjA2LHGzb8yc5iG3aaY4m0,2684
 tools/glitchtip_access_reporter.py,sha256=wnaiDGW4MkYONV_erltnJ6nGkEj0kQrAiv04NNnOS0k,2859
 tools/glitchtip_access_revalidation.py,sha256=jjeLO53LTbz_LfQw3G2Cs8lVLO_6xqU39BYyTH3cEPE,2764
-tools/qontract_cli.py,sha256=S6TorZiixrXe1nd9m9QhP-uUS3_gOy45_y6wP7X0z80,159520
+tools/qontract_cli.py,sha256=KyK2iCSh68cPolZygQtYb18ZtjIUlFw4aZT9D5p91kw,159892
 tools/template_validation.py,sha256=Xn9X4sGFznx-rvBDnq9Kq16rfET8V3bqH1EwavsGBac,3335
 tools/cli_commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/cli_commands/container_images_report.py,sha256=8mAjCS6XR0yD7k0mfiVBlt6xbYU47q_ftdYNi5o5VKE,5566
@@ -796,7 +796,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=uQv2QJAmUXP1g2GPIH30WTlvL9soY6m9lefpZEVDM5w,3965
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y,894
-qontract_reconcile-0.10.2.dev294.dist-info/METADATA,sha256=5ZB0vx3CC7pReUDOAiLvr3MqYohLV2skk6DSZ6XQ_wE,24916
-qontract_reconcile-0.10.2.dev294.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-qontract_reconcile-0.10.2.dev294.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev294.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev295.dist-info/METADATA,sha256=b48r1FF0GwIfFEiB6y-etqnHajQ5GHIn079H9KABEys,24916
+qontract_reconcile-0.10.2.dev295.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+qontract_reconcile-0.10.2.dev295.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev295.dist-info/RECORD,,

reconcile/aws_iam_password_reset.py

@@ -90,16 +90,16 @@ def run(dry_run: bool, defer: Callable | None = None) -> None:
                 )
             )
 
-    for a in accounts_to_reset:
-        if not a.reset_passwords:
+    for account_to_reset in accounts_to_reset:
+        if not account_to_reset.reset_passwords:
             continue
 
-        with AWSApi(1, [a.account], settings=settings) as aws_api:
-            for r in a.reset_passwords:
+        with AWSApi(1, [account_to_reset.account], settings=settings) as aws_api:
+            for r in account_to_reset.reset_passwords:
                 user_name = r.user_name
                 state_key = r.state_key
 
-                account_name = a.account["name"]
+                account_name = account_to_reset.account["name"]
 
                 logging.info(["reset_password", account_name, user_name])
 

reconcile/ocm_additional_routers.py

@@ -1,8 +1,9 @@
+from __future__ import annotations
+
 import json
 import logging
 import sys
-from collections.abc import Iterable, Mapping, MutableMapping
-from typing import Any
+from typing import TYPE_CHECKING, Any
 
 from reconcile import queries
 from reconcile.status import ExitCodes
@@ -12,13 +13,16 @@ from reconcile.utils.ocm import (
     OCMMap,
 )
 
+if TYPE_CHECKING:
+    from collections.abc import Iterable, Mapping, MutableMapping, Sequence
+
 QONTRACT_INTEGRATION = "ocm-additional-routers"
 
 SUPPORTED_OCM_PRODUCTS = [OCM_PRODUCT_OSD]
 
 
 def fetch_current_state(
-    clusters: list[Mapping[str, Any]],
+    clusters: Sequence[Mapping[str, Any]],
 ) -> tuple[OCMMap, list[dict[str, Any]]]:
     settings = queries.get_app_interface_settings()
     ocm_map = OCMMap(

reconcile/queries.py

@@ -25,7 +25,10 @@ SECRET_READER_SETTINGS = """
 def get_secret_reader_settings() -> Mapping[str, Any] | None:
     """Returns SecretReader settings"""
     gqlapi = gql.get_api()
-    settings = gqlapi.query(SECRET_READER_SETTINGS)["settings"]
+    data = gqlapi.query(SECRET_READER_SETTINGS)
+    if not data:
+        return None
+    settings = data.get("settings")
     if settings:
         # assuming a single settings file for now
         return settings[0]
@@ -114,14 +117,13 @@ APP_INTERFACE_SETTINGS_QUERY = """
 """
 
 
-def get_app_interface_settings():
+def get_app_interface_settings() -> dict[str, Any]:
     """Returns App Interface settings"""
     gqlapi = gql.get_api()
-    settings = gqlapi.query(APP_INTERFACE_SETTINGS_QUERY)["settings"]
-    if settings:
-        # assuming a single settings file for now
-        return settings[0]
-    return None
+    data = gqlapi.query(APP_INTERFACE_SETTINGS_QUERY)
+    if not data or not (settings := data.get("settings")):
+        raise ValueError("no App Interface settings found")
+    return settings[0]
 
 
 CREDENTIALS_REQUESTS_QUERY = """
@@ -139,10 +141,13 @@ CREDENTIALS_REQUESTS_QUERY = """
 """
 
 
-def get_credentials_requests():
+def get_credentials_requests() -> list[dict[str, Any]]:
     """Returns Credentials Requests resources defined in app-interface"""
     gqlapi = gql.get_api()
-    return gqlapi.query(CREDENTIALS_REQUESTS_QUERY)["credentials_requests"]
+    data = gqlapi.query(CREDENTIALS_REQUESTS_QUERY)
+    if not data:
+        return []
+    return data.get("credentials_requests") or []
 
 
 JUMPHOST_FIELDS = """
@@ -252,11 +257,13 @@ INTEGRATIONS_QUERY = """
 """ % (indent(JUMPHOST_FIELDS, 12 * " "),)
 
 
-def get_integrations(managed=False):
+def get_integrations(managed: bool = False) -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
-    if managed:
-        return gqlapi.query(INTEGRATIONS_QUERY)["integrations"]
-    return gqlapi.query(gql.INTEGRATIONS_QUERY)["integrations"]
+    query = INTEGRATIONS_QUERY if managed else gql.INTEGRATIONS_QUERY
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("integrations") or []
 
 
 JENKINS_INSTANCES_QUERY = """
@@ -326,16 +333,19 @@ JENKINS_INSTANCES_QUERY = """
 """
 
 
-def get_jenkins_instances(worker_fleets=False):
+def get_jenkins_instances(worker_fleets: bool = False) -> list[dict[str, Any]]:
     """Returns a list of Jenkins instances"""
     gqlapi = gql.get_api()
     query = Template(JENKINS_INSTANCES_QUERY).render(worker_fleets=worker_fleets)
-    return gqlapi.query(query)["instances"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("instances") or []
 
 
-def get_jenkins_instances_previous_urls():
+def get_jenkins_instances_previous_urls() -> list[str]:
     instances = get_jenkins_instances()
-    all_previous_urls = []
+    all_previous_urls: list[str] = []
     for instance in instances:
         previous_urls = instance.get("previousUrls")
         if previous_urls:
@@ -364,11 +374,13 @@ GITLAB_INSTANCES_QUERY = """
 """
 
 
-def get_gitlab_instance():
+def get_gitlab_instance() -> dict[str, Any]:
     """Returns a single GitLab instance"""
     gqlapi = gql.get_api()
-    # assuming a single GitLab instance for now
-    return gqlapi.query(GITLAB_INSTANCES_QUERY)["instances"][0]
+    data = gqlapi.query(GITLAB_INSTANCES_QUERY)
+    if not data or not (instances := data.get("instances")):
+        raise ValueError("no GitLab instance found")
+    return instances[0]
 
 
 GITHUB_INSTANCE_QUERY = """
@@ -386,13 +398,16 @@ GITHUB_INSTANCE_QUERY = """
 """
 
 
-def get_github_instance():
+def get_github_instance() -> dict[str, Any]:
     """Returns a single Github instance"""
     gqlapi = gql.get_api()
-    instances = gqlapi.query(GITHUB_INSTANCE_QUERY)["instances"]
+    data = gqlapi.query(GITHUB_INSTANCE_QUERY)
+    if not data or not (instances := data.get("instances")):
+        raise ValueError("no Github instance found")
     for instance in instances:
         if instance["url"] == "https://github.com/app-sre":
             return instance
+    raise ValueError("no Github instance found")
 
 
 GITHUB_ORGS_QUERY = """
@@ -411,10 +426,13 @@ GITHUB_ORGS_QUERY = """
 """
 
 
-def get_github_orgs():
+def get_github_orgs() -> list[dict[str, Any]]:
     """Returns all GitHub orgs"""
     gqlapi = gql.get_api()
-    return gqlapi.query(GITHUB_ORGS_QUERY)["orgs"]
+    data = gqlapi.query(GITHUB_ORGS_QUERY)
+    if not data:
+        return []
+    return data.get("orgs") or []
 
 
 AWS_ACCOUNTS_QUERY = """
@@ -521,14 +539,14 @@ AWS_ACCOUNTS_QUERY = """
 
 
 def get_aws_accounts(
-    reset_passwords=False,
-    name=None,
-    uid=None,
-    sharing=False,
-    terraform_state=False,
-    ecrs=True,
-    cleanup=False,
-):
+    reset_passwords: bool = False,
+    name: str | None = None,
+    uid: str | None = None,
+    sharing: bool = False,
+    terraform_state: bool = False,
+    ecrs: bool = True,
+    cleanup: bool = False,
+) -> list[dict[str, Any]]:
     """Returns all AWS accounts"""
     gqlapi = gql.get_api()
     search = name or uid
@@ -542,16 +560,19 @@ def get_aws_accounts(
         ecrs=ecrs,
         cleanup=cleanup,
     )
-    return gqlapi.query(query)["accounts"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("accounts") or []
 
 
-def get_state_aws_accounts(reset_passwords=False):
+def get_state_aws_accounts(reset_passwords: bool = False) -> list[dict[str, Any]]:
     """Returns AWS accounts to use for state management"""
     name = os.environ["APP_INTERFACE_STATE_BUCKET_ACCOUNT"]
     return get_aws_accounts(reset_passwords=reset_passwords, name=name)
 
 
-def get_queue_aws_accounts():
+def get_queue_aws_accounts() -> list[dict[str, Any]]:
     """Returns AWS accounts to use for queue management"""
     uid = os.environ["gitlab_pr_submitter_queue_url"].split("/")[3]  # noqa: SIM112
     return get_aws_accounts(uid=uid)
@@ -987,7 +1008,9 @@ CLUSTERS_MINIMAL_QUERY = """
 )
 
 
-def get_clusters(minimal: bool = False, aws_infrastructure_access: bool = False):
+def get_clusters(
+    minimal: bool = False, aws_infrastructure_access: bool = False
+) -> list[dict[str, Any]]:
     """Returns all Clusters"""
     gqlapi = gql.get_api()
     tmpl = CLUSTERS_MINIMAL_QUERY if minimal else CLUSTERS_QUERY
@@ -995,7 +1018,10 @@ def get_clusters(minimal: bool = False, aws_infrastructure_access: bool = False)
         filter=None,
         aws_infrastructure_access=aws_infrastructure_access,
     )
-    return gqlapi.query(query)["clusters"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("clusters") or []
 
 
 CLUSTER_PEERING_QUERY = """
@@ -1223,7 +1249,10 @@ CLUSTER_PEERING_QUERY = """
 
 
 def get_clusters_with_peering_settings() -> list[dict[str, Any]]:
-    clusters = gql.get_api().query(CLUSTER_PEERING_QUERY)["clusters"]
+    data = gql.get_api().query(CLUSTER_PEERING_QUERY)
+    if not data:
+        return []
+    clusters = data.get("clusters") or []
     return [c for c in clusters if c.get("peering") is not None]
 
 
@@ -1232,14 +1261,19 @@ class ClusterFilter:
     name: str = ""
 
 
-def get_clusters_by(filter: ClusterFilter, minimal: bool = False) -> list[dict]:
+def get_clusters_by(
+    filter: ClusterFilter, minimal: bool = False
+) -> list[dict[str, Any]]:
     """Returns all Clusters fitting given filter"""
     gqlapi = gql.get_api()
     tmpl = CLUSTERS_MINIMAL_QUERY if minimal else CLUSTERS_QUERY
     query = Template(tmpl).render(
         filter=filter,
     )
-    return gqlapi.query(query)["clusters"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("clusters") or []
 
 
 OCM_QUERY = """
@@ -1352,7 +1386,10 @@ OCM_QUERY = """
 
 
 def get_openshift_cluster_managers() -> list[dict[str, Any]]:
-    return gql.get_api().query(OCM_QUERY)["instances"]
+    data = gql.get_api().query(OCM_QUERY)
+    if not data:
+        return []
+    return data.get("instances") or []
 
 
 NAMESPACES_QUERY = """
@@ -1510,12 +1547,14 @@ NAMESPACES_MINIMAL_QUERY = """
 """ % (indent(JUMPHOST_FIELDS, 8 * " "),)
 
 
-def get_namespaces(minimal=False):
+def get_namespaces(minimal: bool = False) -> list[dict[str, Any]]:
     """Returns all Namespaces"""
     gqlapi = gql.get_api()
-    if minimal:
-        return gqlapi.query(NAMESPACES_MINIMAL_QUERY)["namespaces"]
-    return gqlapi.query(NAMESPACES_QUERY)["namespaces"]
+    query = NAMESPACES_MINIMAL_QUERY if minimal else NAMESPACES_QUERY
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("namespaces") or []
 
 
 PRODUCTS_QUERY = """
@@ -1533,10 +1572,13 @@ PRODUCTS_QUERY = """
 """
 
 
-def get_products():
+def get_products() -> list[dict[str, Any]]:
     """Returns all Products"""
     gqlapi = gql.get_api()
-    return gqlapi.query(PRODUCTS_QUERY)["products"]
+    data = gqlapi.query(PRODUCTS_QUERY)
+    if not data:
+        return []
+    return data.get("products") or []
 
 
 ENVIRONMENTS_QUERY = """
@@ -1562,10 +1604,13 @@ ENVIRONMENTS_QUERY = """
 """
 
 
-def get_environments():
+def get_environments() -> list[dict[str, Any]]:
     """Returns all Products"""
     gqlapi = gql.get_api()
-    return gqlapi.query(ENVIRONMENTS_QUERY)["environments"]
+    data = gqlapi.query(ENVIRONMENTS_QUERY)
+    if not data:
+        return []
+    return data.get("environments") or []
 
 
 APPS_QUERY = """
@@ -1630,13 +1675,16 @@ CODE_COMPONENT_REPO_QUERY = """
 """
 
 
-def get_apps():
+def get_apps() -> list[dict[str, Any]]:
     """Returns all Apps."""
     gqlapi = gql.get_api()
-    return gqlapi.query(APPS_QUERY)["apps"]
+    data = gqlapi.query(APPS_QUERY)
+    if not data:
+        return []
+    return data.get("apps") or []
 
 
-def get_code_components():
+def get_code_components() -> list[dict[str, Any]]:
     """Returns code components from all apps."""
     apps = get_apps()
     code_components_lists = [
@@ -1646,13 +1694,13 @@ def get_code_components():
     return code_components
 
 
-def get_review_repos():
+def get_review_repos() -> list[dict[str, str]]:
     """Returns name and url of code components marked for review"""
     code_components = get_code_components()
     return [
         {"url": c["url"], "name": c["name"]}
         for c in code_components
-        if c is not None and c["showInReviewQueue"] is not None
+        if c["showInReviewQueue"] is not None
     ]
 
 
@@ -1661,7 +1709,10 @@ def get_repos(server: str = "", exclude_manage_permissions: bool = False) -> lis
     Optional arguments:
     server: url of the server to return. for example: https://github.com
     """
-    apps = gql.get_api().query(CODE_COMPONENT_REPO_QUERY)["apps"]
+    data = gql.get_api().query(CODE_COMPONENT_REPO_QUERY)
+    if not data:
+        return []
+    apps = data.get("apps") or []
     repos: list[str] = []
     for a in apps:
         if a["codeComponents"] is not None:
@@ -1673,7 +1724,7 @@ def get_repos(server: str = "", exclude_manage_permissions: bool = False) -> lis
     return repos
 
 
-def get_repos_gitlab_owner(server=""):
+def get_repos_gitlab_owner(server: str = "") -> list[dict[str, Any]]:
     """Returns all repos defined under codeComponents that have gitlabOwner
     enabled.
     Optional arguments:
@@ -1689,7 +1740,7 @@ def get_repos_gitlab_owner(server=""):
     ]
 
 
-def get_repos_gitlab_housekeeping(server=""):
+def get_repos_gitlab_housekeeping(server: str = "") -> list[dict[str, Any]]:
     """Returns all repos defined under codeComponents that have
     gitlabHousekeeping enabled.
     Optional arguments:
@@ -1705,7 +1756,7 @@ def get_repos_gitlab_housekeeping(server=""):
     ]
 
 
-def get_repos_gitlab_jira(server=""):
+def get_repos_gitlab_jira(server: str = "") -> list[dict[str, Any]]:
     code_components = get_code_components()
     return [
         {"url": c["url"], "jira": c["jira"]}
@@ -1754,10 +1805,13 @@ QUAY_ORGS_QUERY = """
 """
 
 
-def get_quay_orgs():
+def get_quay_orgs() -> list[dict[str, Any]]:
     """Returns all Quay orgs."""
     gqlapi = gql.get_api()
-    return gqlapi.query(QUAY_ORGS_QUERY)["quay_orgs"]
+    data = gqlapi.query(QUAY_ORGS_QUERY)
+    if not data:
+        return []
+    return data.get("quay_orgs") or []
 
 
 USERS_QUERY = """
@@ -1880,22 +1934,33 @@ ROLES_QUERY = """
 """
 
 
-def get_roles(aws=True, saas_files=True, sendgrid=False, permissions=True):
+def get_roles(
+    aws: bool = True,
+    saas_files: bool = True,
+    sendgrid: bool = False,
+    permissions: bool = True,
+) -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
     query = Template(ROLES_QUERY).render(
         aws=aws, saas_files=saas_files, sendgrid=sendgrid, permissions=permissions
     )
-    return gqlapi.query(query)["users"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("users") or []
 
 
-def get_users(refs=False):
+def get_users(refs: bool = False) -> list[dict[str, Any]]:
     """Returnes all Users."""
     gqlapi = gql.get_api()
     query = Template(USERS_QUERY).render(
         filter=None,
         refs=refs,
     )
-    return gqlapi.query(query)["users"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("users") or []
 
 
 @dataclass
@@ -1910,7 +1975,10 @@ def get_users_by(filter: UserFilter, refs: bool = False) -> list[dict[str, str]]
         filter=filter,
         refs=refs,
     )
-    return gqlapi.query(query)["users"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("users") or []
 
 
 BOTS_QUERY = """
@@ -1926,10 +1994,13 @@ BOTS_QUERY = """
 """
 
 
-def get_bots():
+def get_bots() -> list[dict[str, Any]]:
     """Returnes all Bots."""
     gqlapi = gql.get_api()
-    return gqlapi.query(BOTS_QUERY)["bots"]
+    data = gqlapi.query(BOTS_QUERY)
+    if not data:
+        return []
+    return data.get("bots") or []
 
 
 EXTERNAL_USERS_QUERY = """
@@ -1943,10 +2014,13 @@ EXTERNAL_USERS_QUERY = """
 """
 
 
-def get_external_users():
+def get_external_users() -> list[dict[str, Any]]:
     """Returnes all Users."""
     gqlapi = gql.get_api()
-    return gqlapi.query(EXTERNAL_USERS_QUERY)["external_users"]
+    data = gqlapi.query(EXTERNAL_USERS_QUERY)
+    if not data:
+        return []
+    return data.get("external_users") or []
 
 
 APP_INTERFACE_SQL_QUERIES_QUERY = """
@@ -2019,10 +2093,13 @@ APP_INTERFACE_SQL_QUERIES_QUERY = """
 """
 
 
-def get_app_interface_sql_queries():
+def get_app_interface_sql_queries() -> list[dict[str, Any]]:
     """Returns SqlQuery resources defined in app-interface"""
     gqlapi = gql.get_api()
-    return gqlapi.query(APP_INTERFACE_SQL_QUERIES_QUERY)["sql_queries"]
+    data = gqlapi.query(APP_INTERFACE_SQL_QUERIES_QUERY)
+    if not data:
+        return []
+    return data.get("sql_queries") or []
 
 
 PIPELINES_PROVIDERS_QUERY = """
@@ -2121,10 +2198,13 @@ PIPELINES_PROVIDERS_QUERY = """
 """ % (indent(JUMPHOST_FIELDS, 12 * " "),)
 
 
-def get_pipelines_providers():
+def get_pipelines_providers() -> list[dict[str, Any]]:
     """Returns PipelinesProvider resources defined in app-interface."""
     gqlapi = gql.get_api()
-    pipelines_providers = gqlapi.query(PIPELINES_PROVIDERS_QUERY)["pipelines_providers"]
+    data = gqlapi.query(PIPELINES_PROVIDERS_QUERY)
+    if not data:
+        return []
+    pipelines_providers = data.get("pipelines_providers") or []
 
     for pp in pipelines_providers:
         defaults = pp.pop("defaults")
@@ -2156,10 +2236,13 @@ JIRA_BOARDS_QUICK_QUERY = """
 """
 
 
-def get_simple_jira_boards(app_path: str):
+def get_simple_jira_boards(app_path: str) -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
     query = JIRA_BOARDS_QUICK_QUERY.replace("APATH", shlex.quote(app_path))
-    return gqlapi.query(query)["jira_boards"]
+    data = gqlapi.query(query)
+    if not data:
+        return []
+    return data.get("jira_boards") or []
 
 
 UNLEASH_INSTANCES_QUERY = """
@@ -2207,10 +2290,13 @@ UNLEASH_INSTANCES_QUERY = """
 """
 
 
-def get_unleash_instances():
+def get_unleash_instances() -> list[dict[str, Any]]:
     """Returns Unleash instances defined in app-interface"""
     gqlapi = gql.get_api()
-    return gqlapi.query(UNLEASH_INSTANCES_QUERY)["unleash_instances"]
+    data = gqlapi.query(UNLEASH_INSTANCES_QUERY)
+    if not data:
+        return []
+    return data.get("unleash_instances") or []
 
 
 DNS_RECORD = """
@@ -2304,12 +2390,15 @@ DNS_ZONES_QUERY = """
 """ % (indent(DNS_RECORD, 6 * " "),)
 
 
-def get_dns_zones(account_name=None):
+def get_dns_zones(account_name: str | None = None) -> list[dict[str, Any]]:
     """Returnes all AWS Route53 DNS Zones."""
     gqlapi = gql.get_api()
-    zones = gqlapi.query(DNS_ZONES_QUERY)["zones"]
+    data = gqlapi.query(DNS_ZONES_QUERY)
+    if not data:
+        return []
+    zones = data.get("zones") or []
     if account_name:
-        zones = [z for z in zones if z["account"]["name"] == account_name]
+        zones = [z for z in zones if z.get("account", {}).get("name") == account_name]
 
     return zones
 
@@ -2345,13 +2434,16 @@ SLACK_WORKSPACES_QUERY = """
 """
 
 
-def get_slack_workspace():
+def get_slack_workspace() -> dict[str, Any] | None:
     """Returns a single Slack workspace"""
     gqlapi = gql.get_api()
-    slack_workspaces = gqlapi.query(SLACK_WORKSPACES_QUERY)["slack_workspaces"]
-    if len(slack_workspaces) != 1:
+    data = gqlapi.query(SLACK_WORKSPACES_QUERY)
+    if not data:
+        return None
+    slack_workspaces = data.get("slack_workspaces") or []
+    if len(slack_workspaces) > 1:
         logging.warning("multiple Slack workspaces found.")
-    return slack_workspaces[0]
+    return slack_workspaces[0] if slack_workspaces else None
 
 
 SENDGRID_ACCOUNTS_QUERY = """
@@ -2370,10 +2462,13 @@ SENDGRID_ACCOUNTS_QUERY = """
 """
 
 
-def get_sendgrid_accounts():
+def get_sendgrid_accounts() -> list[dict[str, Any]]:
     """Returns SendGrid accounts"""
     gqlapi = gql.get_api()
-    return gqlapi.query(SENDGRID_ACCOUNTS_QUERY)["sendgrid_accounts"]
+    data = gqlapi.query(SENDGRID_ACCOUNTS_QUERY)
+    if not data:
+        return []
+    return data.get("sendgrid_accounts") or []
 
 
 QUAY_REPOS_QUERY = """
@@ -2408,9 +2503,12 @@ QUAY_REPOS_QUERY = """
 """
 
 
-def get_quay_repos():
+def get_quay_repos() -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
-    return gqlapi.query(QUAY_REPOS_QUERY)["apps"]
+    data = gqlapi.query(QUAY_REPOS_QUERY)
+    if not data:
+        return []
+    return data.get("apps") or []
 
 
 SRE_CHECKPOINTS_QUERY = """
@@ -2426,9 +2524,12 @@ SRE_CHECKPOINTS_QUERY = """
 """
 
 
-def get_sre_checkpoints():
+def get_sre_checkpoints() -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
-    return gqlapi.query(SRE_CHECKPOINTS_QUERY)["sre_checkpoints"]
+    data = gqlapi.query(SRE_CHECKPOINTS_QUERY)
+    if not data:
+        return []
+    return data.get("sre_checkpoints") or []
 
 
 GABI_INSTANCES_QUERY = """
@@ -2490,9 +2591,12 @@ GABI_INSTANCES_QUERY = """
 """ % (indent(JUMPHOST_FIELDS, 12 * " "),)
 
 
-def get_gabi_instances():
+def get_gabi_instances() -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
-    return gqlapi.query(GABI_INSTANCES_QUERY)["gabi_instances"]
+    data = gqlapi.query(GABI_INSTANCES_QUERY)
+    if not data:
+        return []
+    return data.get("gabi_instances") or []
 
 
 CLOSED_BOX_MONITORING_PROBES_QUERY = """
@@ -2556,9 +2660,12 @@ CLOSED_BOX_MONITORING_PROBES_QUERY = """
 """
 
 
-def get_service_monitoring_endpoints():
+def get_service_monitoring_endpoints() -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
-    return gqlapi.query(CLOSED_BOX_MONITORING_PROBES_QUERY)["apps"]
+    data = gqlapi.query(CLOSED_BOX_MONITORING_PROBES_QUERY)
+    if not data:
+        return []
+    return data.get("apps") or []
 
 
 # Use APATH as place holder because query strings have a lot of curly
@@ -2606,7 +2713,10 @@ def get_app_metadata(app_path: str) -> dict:
     """Fetch the metadata for the path stored in app_path."""
     app_query = APP_METADATA.replace("APATH", shlex.quote(app_path))
     gqlapi = gql.get_api()
-    return gqlapi.query(app_query)["apps"]
+    data = gqlapi.query(app_query)
+    if not data:
+        return {}
+    return data.get("apps", {})
 
 
 BLACKBOX_EXPORTER_MONITORING_PROVIDER = """
@@ -2631,7 +2741,10 @@ BLACKBOX_EXPORTER_MONITORING_PROVIDER = """
 
 def get_blackbox_exporter_monitoring_provider() -> dict:
     gqlapi = gql.get_api()
-    return gqlapi.query(BLACKBOX_EXPORTER_MONITORING_PROVIDER)["providers"]
+    data = gqlapi.query(BLACKBOX_EXPORTER_MONITORING_PROVIDER)
+    if not data:
+        return {}
+    return data.get("providers", {})
 
 
 JENKINS_CONFIGS = """
@@ -2662,9 +2775,12 @@ JENKINS_CONFIGS = """
 """
 
 
-def get_jenkins_configs():
+def get_jenkins_configs() -> list[dict[str, Any]]:
     gqlapi = gql.get_api()
-    return gqlapi.query(JENKINS_CONFIGS)["jenkins_configs"]
+    data = gqlapi.query(JENKINS_CONFIGS)
+    if not data:
+        return []
+    return data.get("jenkins_configs") or []
 
 
 TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER = """
@@ -2686,10 +2802,15 @@ def get_tf_resources_provider_exclusions_by_provisioner() -> (
     list[dict[str, Any]] | None
 ):
     gqlapi = gql.get_api()
-    settings = gqlapi.query(TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER)[
-        "tf_provider_exclusions"
-    ]
-    if len(settings) == 1 and "terraformResourcesProviderExclusions" in settings[0]:
+    data = gqlapi.query(TF_RESOURCES_PROVIDER_EXCLUSIONS_BY_PROVISIONER)
+    if not data:
+        return None
+    settings = data.get("tf_provider_exclusions")
+    if (
+        settings
+        and len(settings) == 1
+        and "terraformResourcesProviderExclusions" in settings[0]
+    ):
         return settings[0]["terraformResourcesProviderExclusions"]
     return None
 
@@ -2719,4 +2840,7 @@ SCHEMAS_QUERY = """
 # TODO: replace with typed query following https://issues.redhat.com/browse/APPSRE-10983
 def get_schemas() -> dict:
     gqlapi = gql.get_api()
-    return gqlapi.query(SCHEMAS_QUERY)["schemas"]
+    data = gqlapi.query(SCHEMAS_QUERY)
+    if not data:
+        return {}
+    return data.get("schemas", {})

reconcile/utils/ocm/ocm.py

@@ -403,7 +403,7 @@ class OCM:
         api = (
             f"{CS_API_BASE}/v1/clusters/{cluster_id}" + "/external_configuration/labels"
         )
-        items = self._get_json(api).get("items")
+        items = self._get_json(api).get("items", [])
         item = [item for item in items if label.items() <= item.items()]
         if not item:
             return
@@ -597,14 +597,14 @@ class OCM:
     def _init_addons(self):
         """Returns a list of Addons"""
         api = f"{CS_API_BASE}/v1/addons"
-        self.addons = self._get_json(api).get("items")
+        self.addons = self._get_json(api).get("items", [])
 
     def _init_version_gates(self):
         """Returns a list of version gates"""
         if self.version_gates:
             return
         api = f"{CS_API_BASE}/v1/version_gates"
-        self.version_gates = self._get_json(api).get("items")
+        self.version_gates = self._get_json(api).get("items", [])
 
     def get_addon(self, id):
         for addon in self.addons:

tools/app_interface_reporter.py

@@ -275,17 +275,17 @@ def get_apps_data(
                         cluster = sample.labels["cluster"]
                         if app_namespace["cluster"]["name"] != cluster:
                             continue
-                        namespace = sample.labels["namespace"]
-                        if app_namespace["name"] != namespace:
+                        sample_namespace = sample.labels["namespace"]
+                        if app_namespace["name"] != sample_namespace:
                             continue
                         severity = sample.labels["severity"]
                         if cluster not in vuln_mx:
                             vuln_mx[cluster] = {}
-                        if namespace not in vuln_mx[cluster]:
-                            vuln_mx[cluster][namespace] = {}
-                        if severity not in vuln_mx[cluster][namespace]:
+                        if sample_namespace not in vuln_mx[cluster]:
+                            vuln_mx[cluster][sample_namespace] = {}
+                        if severity not in vuln_mx[cluster][sample_namespace]:
                             value = int(sample.value)
-                            vuln_mx[cluster][namespace][severity] = value
+                            vuln_mx[cluster][sample_namespace][severity] = value
         for family in text_string_to_metric_families(validt_metrics):
             for sample in family.samples:
                 if sample.name == "deploymentvalidation_total":
@@ -293,8 +293,8 @@ def get_apps_data(
                         cluster = sample.labels["cluster"]
                         if app_namespace["cluster"]["name"] != cluster:
                             continue
-                        namespace = sample.labels["namespace"]
-                        if app_namespace["name"] != namespace:
+                        sample_namespace = sample.labels["namespace"]
+                        if app_namespace["name"] != sample_namespace:
                             continue
                         validation = sample.labels["validation"]
                         # dvo: fail == 1, pass == 0, py: true == 1, false == 0
@@ -302,14 +302,19 @@ def get_apps_data(
                         status = ("Passed", "Failed")[int(sample.labels["status"])]
                         if cluster not in validt_mx:
                             validt_mx[cluster] = {}
-                        if namespace not in validt_mx[cluster]:
-                            validt_mx[cluster][namespace] = {}
-                        if validation not in validt_mx[cluster][namespace]:
-                            validt_mx[cluster][namespace][validation] = {}
-                        if status not in validt_mx[cluster][namespace][validation]:
-                            validt_mx[cluster][namespace][validation][status] = {}
+                        if sample_namespace not in validt_mx[cluster]:
+                            validt_mx[cluster][sample_namespace] = {}
+                        if validation not in validt_mx[cluster][sample_namespace]:
+                            validt_mx[cluster][sample_namespace][validation] = {}
+                        if (
+                            status
+                            not in validt_mx[cluster][sample_namespace][validation]
+                        ):
+                            validt_mx[cluster][sample_namespace][validation][
+                                status
+                            ] = {}
                         value = int(sample.value)
-                        validt_mx[cluster][namespace][validation][status] = value
+                        validt_mx[cluster][sample_namespace][validation][status] = value
         for family in text_string_to_metric_families(slo_metrics):
             for sample in family.samples:
                 if sample.name == "serviceslometrics":
@@ -317,25 +322,28 @@ def get_apps_data(
                         cluster = sample.labels["cluster"]
                         if app_namespace["cluster"]["name"] != cluster:
                             continue
-                        namespace = sample.labels["namespace"]
-                        if app_namespace["name"] != namespace:
+                        sample_namespace = sample.labels["namespace"]
+                        if app_namespace["name"] != sample_namespace:
                             continue
                         slo_doc_name = sample.labels["slodoc"]
                         slo_name = sample.labels["name"]
                         if cluster not in slo_mx:
                             slo_mx[cluster] = {}
-                        if namespace not in slo_mx[cluster]:
-                            slo_mx[cluster][namespace] = {}
-                        if slo_doc_name not in slo_mx[cluster][namespace]:
-                            slo_mx[cluster][namespace][slo_doc_name] = {}
-                        if slo_name not in slo_mx[cluster][namespace][slo_doc_name]:
-                            slo_mx[cluster][namespace][slo_doc_name][slo_name] = {
-                                sample.labels["type"]: sample.value
-                            }
+                        if sample_namespace not in slo_mx[cluster]:
+                            slo_mx[cluster][sample_namespace] = {}
+                        if slo_doc_name not in slo_mx[cluster][sample_namespace]:
+                            slo_mx[cluster][sample_namespace][slo_doc_name] = {}
+                        if (
+                            slo_name
+                            not in slo_mx[cluster][sample_namespace][slo_doc_name]
+                        ):
+                            slo_mx[cluster][sample_namespace][slo_doc_name][
+                                slo_name
+                            ] = {sample.labels["type"]: sample.value}
                         else:
-                            slo_mx[cluster][namespace][slo_doc_name][slo_name].update({
-                                sample.labels["type"]: sample.value
-                            })
+                            slo_mx[cluster][sample_namespace][slo_doc_name][
+                                slo_name
+                            ].update({sample.labels["type"]: sample.value})
         app["container_vulnerabilities"] = vuln_mx
         app["deployment_validations"] = validt_mx
         app["service_slo"] = slo_mx

tools/qontract_cli.py

@@ -1715,7 +1715,10 @@ def add_resource(item: dict, resource: Mapping, columns: list[str]) -> None:
 @click.pass_context
 def cluster_openshift_resources(ctx: click.Context) -> None:
     gqlapi = gql.get_api()
-    namespaces = gqlapi.query(orb.NAMESPACES_QUERY)["namespaces"]
+    data = gqlapi.query(orb.NAMESPACES_QUERY)
+    if not data:
+        raise ValueError("no namespaces found")
+    namespaces = data.get("namespaces", [])
     columns = ["name", "total"]
     results: dict = {}
     for ns_info in namespaces:
@@ -1912,6 +1915,7 @@ def rds_recommendations(ctx: click.Context) -> None:
     print("[TOC]")
     for account in accounts:
         account_name = account.get("name")
+        assert account_name is not None  # make mypy happy
         account_deployment_regions = account.get("supportedDeploymentRegions")
         for region in account_deployment_regions or []:
             with AWSApi(1, [account], settings=settings, init_users=False) as aws:
@@ -1926,9 +1930,9 @@ def rds_recommendations(ctx: click.Context) -> None:
                 recommendations = [
                     {
                         **rec,
-                        "ResourceName": rec["ResourceArn"].split(":")[-1],
+                        "ResourceName": rec.get("ResourceArn", "").split(":")[-1],
                         # The Description field has \n that are causing issues with the markdown table
-                        "Description": rec["Description"].replace("\n", " "),
+                        "Description": rec.get("Description", "").replace("\n", " "),
                     }
                     for rec in db_recommendations
                     if rec.get("Status") not in ignored_statuses
@@ -2710,16 +2714,16 @@ def ec2_jenkins_workers(
                 )
                 continue
             instance = ec2.Instance(i["InstanceId"])
-            state = instance.state["Name"]
+            state = instance.state.get("Name")
             if state != "running":
                 continue
             os = ""
             url = ""
             for t in instance.tags:
                 if t.get("Key") == "os":
-                    os = t["Value"]
+                    os = t.get("Value", "")
                 if t.get("Key") == "jenkins_controller":
-                    url = f"https://{t['Value'].replace('-', '.')}.devshift.net/computer/{instance.id}"
+                    url = f"https://{t.get('Value', '').replace('-', '.')}.devshift.net/computer/{instance.id}"
             image = ec2.Image(instance.image_id)
             commit_url = ""
             for t in image.tags:
@@ -3633,7 +3637,10 @@ def template(
     secret_reader: str,
 ) -> None:
     gqlapi = gql.get_api()
-    namespaces = gqlapi.query(orb.NAMESPACES_QUERY)["namespaces"]
+    data = gqlapi.query(orb.NAMESPACES_QUERY)
+    if not data:
+        raise ValueError("no namespaces found")
+    namespaces = data.get("namespaces", [])
     namespaces_info = [
         n
         for n in namespaces
@@ -3725,7 +3732,7 @@ def run_prometheus_test(
     ptr.run_test(test=test, alerting_services=get_alerting_services())
 
     print(test.result)
-    if not test.result:
+    if test.result is None:
         sys.exit(1)
 
 
@@ -3804,7 +3811,10 @@ def alert_to_receiver(
         additional_labels[key] = value
 
     gqlapi = gql.get_api()
-    namespaces = gqlapi.query(orb.NAMESPACES_QUERY)["namespaces"]
+    data = gqlapi.query(orb.NAMESPACES_QUERY)
+    if not data:
+        raise ValueError("no namespaces found")
+    namespaces = data.get("namespaces", [])
     cluster_namespaces = [n for n in namespaces if n["cluster"]["name"] == cluster]
 
     if len(cluster_namespaces) == 0:
@@ -4027,15 +4037,16 @@ def query(output: str, query: str) -> None:
 def promquery(cluster: str, query: str) -> None:
     """Run a PromQL query"""
     config_data = config.get_config()
-    auth = {"path": config_data["promql-auth"]["secret_path"], "field": "token"}
+    prom_auth = {"path": config_data["promql-auth"]["secret_path"], "field": "token"}
     settings = queries.get_app_interface_settings()
     secret_reader = SecretReader(settings=settings)
-    prom_auth_creds = secret_reader.read(auth)
-    prom_auth = requests.auth.HTTPBasicAuth(*prom_auth_creds.split(":"))
+    prom_user, prom_pass = secret_reader.read(prom_auth).split(":")
 
     url = f"https://prometheus.{cluster}.devshift.net/api/v1/query"
 
-    response = requests.get(url, params={"query": query}, auth=prom_auth, timeout=60)
+    response = requests.get(
+        url, params={"query": query}, auth=(prom_user, prom_pass), timeout=60
+    )
     response.raise_for_status()
 
     print(json.dumps(response.json(), indent=4))
@@ -4092,11 +4103,12 @@ def sre_checkpoint_metadata(
         board_info = queries.get_simple_jira_boards(jiradef)
     else:
         board_info = app["escalationPolicy"]["channels"]["jiraBoard"]
-    board_info = board_info[0]
+    assert board_info  # make mypy happy
+    board = board_info[0]
     # Overrides for easier testing
     if jiraboard:
-        board_info["name"] = jiraboard
-    report_invalid_metadata(app, app_path, board_info, settings, parent_ticket, dry_run)
+        board["name"] = jiraboard
+    report_invalid_metadata(app, app_path, board, settings, parent_ticket, dry_run)
 
 
 @root.command()