PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev299__py3-none-any.whl → 0.10.2.dev430__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev299py3-none-any.whl → 0.10.2.dev430py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (403) hide show

{qontract_reconcile-0.10.2.dev299.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/METADATA +13 -12
{qontract_reconcile-0.10.2.dev299.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/RECORD +399 -394
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/base.py +134 -32
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gates/sts_version_gate_handler.py +54 -1
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +4 -4
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +32 -25
reconcile/aws_version_sync/integration.py +125 -84
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +2 -4
reconcile/checkpoint.py +12 -4
reconcile/cli.py +111 -18
reconcile/cluster_deployment_mapper.py +2 -3
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +125 -121
reconcile/deadmanssnitch.py +1 -5
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +9 -11
reconcile/external_resources/factories.py +5 -12
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -5
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +20 -20
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +8 -11
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +8 -5
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_mr_sqs_consumer.py +2 -2
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +10 -10
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +6 -6
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +32 -32
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +26 -26
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +6 -7
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +51 -12
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +11 -11
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +28 -68
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +20 -10
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +10 -10
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +9 -9
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +18 -18
reconcile/gql_definitions/common/alerting_services_settings.py +9 -9
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +120 -0
reconcile/gql_definitions/common/app_interface_state_settings.py +10 -10
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +23 -10
reconcile/gql_definitions/common/aws_vpcs.py +11 -11
reconcile/gql_definitions/common/clusters.py +37 -35
reconcile/gql_definitions/common/clusters_minimal.py +14 -14
reconcile/gql_definitions/common/clusters_with_dms.py +6 -6
reconcile/gql_definitions/common/clusters_with_peering.py +29 -30
reconcile/gql_definitions/common/github_orgs.py +10 -10
reconcile/gql_definitions/common/jira_settings.py +10 -10
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +42 -44
reconcile/gql_definitions/common/namespaces_minimal.py +15 -13
reconcile/gql_definitions/common/ocm_env_telemeter.py +12 -12
reconcile/gql_definitions/common/ocm_environments.py +19 -19
reconcile/gql_definitions/common/pagerduty_instances.py +9 -9
reconcile/gql_definitions/common/pgp_reencryption_settings.py +6 -6
reconcile/gql_definitions/common/pipeline_providers.py +29 -29
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +44 -44
reconcile/gql_definitions/common/saas_target_namespaces.py +10 -10
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +19 -19
reconcile/gql_definitions/common/state_aws_account.py +7 -8
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +9 -9
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +43 -43
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +10 -10
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +8 -8
reconcile/gql_definitions/email_sender/users.py +6 -6
reconcile/gql_definitions/endpoints_discovery/apps.py +10 -10
reconcile/gql_definitions/external_resources/aws_accounts.py +9 -9
reconcile/gql_definitions/external_resources/external_resources_modules.py +23 -23
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +492 -410
reconcile/gql_definitions/external_resources/external_resources_settings.py +28 -26
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +40 -40
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/{aws_vpc_request_subnet.py → aws_organization.py} +12 -8
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +10 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +9 -9
reconcile/gql_definitions/gcp/gcp_projects.py +9 -9
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +9 -9
reconcile/gql_definitions/gitlab_members/permissions.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +9 -9
reconcile/gql_definitions/glitchtip/glitchtip_project.py +11 -11
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +9 -9
reconcile/gql_definitions/integrations/integrations.py +48 -51
reconcile/gql_definitions/introspection.json +3050 -1393
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +11 -11
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +10 -10
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +14 -10
reconcile/gql_definitions/jumphosts/jumphosts.py +13 -13
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +9 -9
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +18 -19
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +22 -22
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +6 -6
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +10 -10
reconcile/gql_definitions/quay_membership/quay_membership.py +6 -6
reconcile/gql_definitions/rhcs/certs.py +33 -87
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +18 -18
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +8 -8
reconcile/gql_definitions/sharding/aws_accounts.py +10 -10
reconcile/gql_definitions/sharding/ocm_organization.py +8 -8
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +10 -10
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +9 -9
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +6 -7
reconcile/gql_definitions/statuspage/statuspages.py +9 -9
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +11 -11
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +20 -25
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +6 -6
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +12 -12
reconcile/gql_definitions/terraform_init/aws_accounts.py +23 -9
reconcile/gql_definitions/terraform_repo/terraform_repo.py +9 -9
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +448 -402
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +23 -17
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +9 -9
reconcile/gql_definitions/vault_instances/vault_instances.py +61 -61
reconcile/gql_definitions/vault_policies/vault_policies.py +11 -11
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +8 -8
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_job_builder.py +1 -1
reconcile/jenkins_worker_fleets.py +80 -11
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -56
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +122 -10
reconcile/openshift_cluster_bots.py +5 -5
reconcile/openshift_groups.py +5 -0
reconcile/openshift_limitranges.py +1 -1
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +10 -5
reconcile/openshift_rhcs_certs.py +77 -40
reconcile/openshift_rolebindings.py +230 -130
reconcile/openshift_saas_deploy.py +6 -7
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +8 -7
reconcile/openshift_tekton_resources.py +1 -1
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/openshift_users.py +5 -3
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/oum/providers.py +1 -1
reconcile/prometheus_rules_tester/integration.py +4 -4
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -0
reconcile/requests_sender.py +8 -3
reconcile/resource_scraper.py +1 -5
reconcile/rhidp/common.py +5 -5
reconcile/rhidp/sso_client/base.py +19 -10
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/sendgrid_teammates.py +20 -9
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status.py +2 -2
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +4 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +3 -0
reconcile/templating/lib/merge_request_manager.py +2 -2
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +12 -13
reconcile/terraform_aws_route53.py +18 -8
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +12 -13
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +18 -10
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +29 -21
reconcile/terraform_vpc_peerings.py +16 -4
reconcile/terraform_vpc_resources/integration.py +32 -2
reconcile/typed_queries/app_interface_roles.py +10 -0
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +13 -13
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aggregated_list.py +4 -3
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +24 -1
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gpg.py +5 -3
reconcile/utils/gql.py +4 -7
reconcile/utils/helm.py +2 -1
reconcile/utils/helpers.py +1 -1
reconcile/utils/imap_client.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jenkins_api.py +24 -1
reconcile/utils/jinja2/utils.py +6 -8
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +59 -43
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +74 -0
reconcile/utils/ldap_client.py +4 -3
reconcile/utils/lean_terraform_client.py +3 -1
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/__init__.py +3 -1
reconcile/utils/mr/app_interface_reporter.py +6 -3
reconcile/utils/mr/aws_access.py +1 -1
reconcile/utils/mr/base.py +7 -13
reconcile/utils/mr/clusters_updates.py +4 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +4 -1
reconcile/utils/mr/promote_qontract.py +28 -12
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +7 -6
reconcile/utils/oc.py +445 -336
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +27 -20
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/ocm.py +81 -71
reconcile/utils/ocm/products.py +9 -3
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/ocm_base_client.py +4 -4
reconcile/utils/openshift_resource.py +83 -52
reconcile/utils/openssl.py +2 -2
reconcile/utils/output.py +3 -2
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +11 -8
reconcile/utils/repo_owners.py +21 -29
reconcile/utils/rhcsv2_certs.py +138 -35
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/meta.py +2 -1
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +25 -21
reconcile/utils/saasherder/saasherder.py +60 -32
reconcile/utils/secret_reader.py +6 -6
reconcile/utils/sharding.py +1 -1
reconcile/utils/slack_api.py +26 -4
reconcile/utils/sloth.py +224 -0
reconcile/utils/sqs_gateway.py +16 -11
reconcile/utils/state.py +2 -1
reconcile/utils/structs.py +4 -4
reconcile/utils/terraform_client.py +32 -29
reconcile/utils/terrascript_aws_client.py +658 -480
reconcile/utils/three_way_diff_strategy.py +1 -1
reconcile/utils/throughput.py +1 -1
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +44 -41
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +119 -58
reconcile/vpc_peerings_validator.py +2 -2
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/cli_commands/gpg_encrypt.py +4 -1
tools/cli_commands/systems_and_tools.py +5 -1
tools/qontract_cli.py +36 -21
tools/sre_checkpoints/util.py +5 -3
tools/template_validation.py +3 -1
reconcile/gql_definitions/ocm_oidc_idp/__init__.py +0 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/jenkins/__init__.py +0 -0
reconcile/jenkins/types.py +0 -77
{qontract_reconcile-0.10.2.dev299.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev299.dist-info → qontract_reconcile-0.10.2.dev430.dist-info}/entry_points.txt +0 -0

reconcile/terraform_users.py CHANGED Viewed

@@ -1,8 +1,8 @@
 import sys
+from collections.abc import Iterable, Mapping
 from textwrap import indent
 from typing import (
     Any,
-    cast,
 )
 from reconcile import (
@@ -11,6 +11,7 @@ from reconcile import (
 )
 from reconcile.change_owners.diff import IDENTIFIER_FIELD_NAME
 from reconcile.gql_definitions.common.pgp_reencryption_settings import query
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils import (
     expiration,
     gql,
@@ -30,7 +31,6 @@ from reconcile.utils.terraform_client import TerraformClient as Terraform
 from reconcile.utils.terrascript_aws_client import TerrascriptClient as Terrascript
 from reconcile.utils.vault import (
     VaultClient,
-    _VaultClient,
 )
 TF_POLICY = """
@@ -81,8 +81,10 @@ QONTRACT_INTEGRATION = "terraform_users"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 4, 2)
 QONTRACT_TF_PREFIX = "qrtf"
+Role = dict[str, Any]
-def get_tf_roles() -> list[dict[str, Any]]:
+def get_tf_roles() -> list[Role]:
     gqlapi = gql.get_api()
     roles: list[dict] = expiration.filter(gqlapi.query(TF_QUERY)["roles"])
     return [
@@ -93,9 +95,9 @@ def get_tf_roles() -> list[dict[str, Any]]:
 def _filter_participating_aws_accounts(
-    accounts: list,
-    roles: list[dict[str, Any]],
-) -> list:
+    accounts: Iterable[dict[str, Any]],
+    roles: Iterable[Mapping[str, Any]],
+) -> list[dict[str, Any]]:
     participating_aws_account_names: set[str] = set()
     for role in roles:
         participating_aws_account_names.update(
@@ -109,7 +111,7 @@ def _filter_participating_aws_accounts(
 def setup(
-    print_to_file,
+    print_to_file: str | None,
     thread_pool_size: int,
     skip_reencrypt_accounts: list[str],
     appsre_pgp_key: str | None = None,
@@ -125,12 +127,18 @@ def setup(
     participating_aws_accounts = _filter_participating_aws_accounts(accounts, roles)
     settings = queries.get_app_interface_settings()
+    try:
+        default_tags = get_settings().default_tags
+    except ValueError:
+        # no external resources settings found
+        default_tags = None
     ts = Terrascript(
         QONTRACT_INTEGRATION,
         QONTRACT_TF_PREFIX,
         thread_pool_size,
         participating_aws_accounts,
         settings=settings,
+        default_tags=default_tags,
     )
     err = ts.populate_users(
         roles,
@@ -144,10 +152,10 @@ def setup(
 def send_email_invites(
-    new_users,
+    new_users: Iterable[tuple[str, str, str, str]],
     smtp_client: SmtpClient,
-    skip_reencrypt_accounts: list[str],
-):
+    skip_reencrypt_accounts: Iterable[str],
+) -> None:
     msg_template = """
 You have been invited to join the {} AWS account!
 Below you will find credentials for the first sign in.
@@ -185,11 +193,11 @@ Encrypted password: {}
 def write_user_to_vault(
-    vault_client: _VaultClient,
+    vault_client: VaultClient,
     vault_path: str,
-    new_users: list[tuple[str, str, str, str]],
-    skip_reencrypt_accounts: list[str],
-):
+    new_users: Iterable[tuple[str, str, str, str]],
+    skip_reencrypt_accounts: Iterable[str],
+) -> None:
     for account, console_url, user_name, enc_password in new_users:
         if account in skip_reencrypt_accounts:
             continue
@@ -206,13 +214,13 @@ def write_user_to_vault(
         vault_client.write(desired_secret, decode_base64=False)
-def cleanup_and_exit(tf=None, status=False):
+def cleanup_and_exit(tf: Terraform | None = None, status: bool = False) -> None:
     if tf is not None:
         tf.cleanup()
     sys.exit(status)
-def get_reencrypt_settings():
+def get_reencrypt_settings() -> tuple[list[str], str | None, Any]:
     all_reencrypt_settings = query(
         query_func=gql.get_api().query
     ).pgp_reencryption_settings
@@ -241,7 +249,7 @@ def run(
     thread_pool_size: int = DEFAULT_THREAD_POOL_SIZE,
     send_mails: bool = True,
     account_name: str | None = None,
-):
+) -> None:
     skip_accounts, appsre_pgp_key, reencrypt_settings = get_reencrypt_settings()
     # setup errors should skip resources that will lead
@@ -295,7 +303,7 @@ def run(
     new_users = tf.get_new_users()
     if reencrypt_settings:
-        vc = cast("_VaultClient", VaultClient())
+        vc = VaultClient.get_instance()
         write_user_to_vault(
             vc, reencrypt_settings.reencrypt_vault_path, new_users, skip_accounts
         )
@@ -317,7 +325,7 @@ def run(
     cleanup_and_exit(tf, setup_err)
-def early_exit_desired_state(*args, **kwargs) -> dict[str, Any]:
+def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     """
     Finding diffs in deeply nested structures is time/resource consuming.
     Having a unique known property to identify objects makes it easier to match
@@ -328,11 +336,11 @@ def early_exit_desired_state(*args, **kwargs) -> dict[str, Any]:
     for the DeepDiff library used in qontract-reconcile.
     """
-    def add_account_identity(acc):
+    def add_account_identity(acc: dict[str, Any]) -> dict[str, Any]:
         acc[IDENTIFIER_FIELD_NAME] = acc["path"]
         return acc
-    def add_role_identity(role):
+    def add_role_identity(role: dict[str, Any]) -> dict[str, Any]:
         role[IDENTIFIER_FIELD_NAME] = role["name"]
         return role

reconcile/terraform_vpc_peerings.py CHANGED Viewed

@@ -7,6 +7,7 @@ from typing import Any, TypedDict
 import reconcile.utils.terraform_client as terraform
 import reconcile.utils.terrascript_aws_client as terrascript
 from reconcile import queries
+from reconcile.typed_queries import external_resources
 from reconcile.utils import (
     aws_api,
     ocm,
@@ -73,6 +74,7 @@ def _build_infrastructure_assume_role(
     ocm: OCM | None,
     provided_assume_role: str | None,
 ) -> dict[str, Any] | None:
+    assume_role: str | None = None
     if provided_assume_role:
         assume_role = provided_assume_role
     elif cluster["spec"].get("account"):
@@ -565,7 +567,7 @@ def build_desired_state_vpc(
 @defer
 def run(
     dry_run: bool,
-    print_to_file: bool | None = None,
+    print_to_file: str | None = None,
     enable_deletion: bool = False,
     thread_pool_size: int = DEFAULT_THREAD_POOL_SIZE,
     account_name: str | None = None,
@@ -653,8 +655,18 @@ def run(
         ])
     account_by_name = {a["name"]: a for a in accounts}
+    try:
+        default_tags = external_resources.get_settings().default_tags
+    except ValueError:
+        # no external resources settings found
+        default_tags = None
     with terrascript.TerrascriptClient(
-        QONTRACT_INTEGRATION, "", thread_pool_size, infra_accounts, settings=settings
+        QONTRACT_INTEGRATION,
+        "",
+        thread_pool_size,
+        infra_accounts,
+        settings=settings,
+        default_tags=default_tags,
     ) as ts:
         rosa_cluster_accounts = [
             account_by_name[c["spec"]["account"]["name"]]
@@ -663,8 +675,8 @@ def run(
         ]
         ts.populate_configs(rosa_cluster_accounts)
-        for infra_account_name, items in participating_accounts.items():
-            ts.populate_additional_providers(infra_account_name, items)
+        for infra_account_name, accounts in participating_accounts.items():
+            ts.populate_additional_providers(infra_account_name, accounts)
         ts.populate_vpc_peerings(desired_state)
         working_dirs = ts.dump(print_to_file=print_to_file)
         terraform_configurations = ts.terraform_configurations()

reconcile/terraform_vpc_resources/integration.py CHANGED Viewed

@@ -20,6 +20,7 @@ from reconcile.typed_queries.app_interface_vault_settings import (
     get_app_interface_vault_settings,
 )
 from reconcile.typed_queries.aws_vpc_requests import get_aws_vpc_requests
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.typed_queries.github_orgs import get_github_orgs
 from reconcile.typed_queries.gitlab_instances import get_gitlab_instances
 from reconcile.utils import gql
@@ -31,7 +32,11 @@ from reconcile.utils.runtime.integration import (
 from reconcile.utils.secret_reader import create_secret_reader
 from reconcile.utils.semver_helper import make_semver
 from reconcile.utils.terraform_client import TerraformClient
-from reconcile.utils.terrascript_aws_client import TerrascriptClient
+from reconcile.utils.terrascript_aws_client import (
+    VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS,
+    VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS,
+    TerrascriptClient,
+)
 from reconcile.utils.vcs import VCS
 QONTRACT_INTEGRATION = "terraform_vpc_resources"
@@ -89,15 +94,32 @@ class TerraformVpcResources(QontractReconcileIntegration[TerraformVpcResourcesPa
             public_subnets = outputs_per_account.get(
                 f"{request.identifier}-public_subnets", {}
             ).get("value", [])
+            availability_zones: list[str] = []
+            if request.subnets:
+                private_subnet_tags = VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS | (
+                    request.subnets.private_subnet_tags or {}
+                )
+                public_subnet_tags = VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS | (
+                    request.subnets.public_subnet_tags or {}
+                )
+                availability_zones = request.subnets.availability_zones or []
+            else:
+                private_subnet_tags = VPC_REQUEST_DEFAULT_PRIVATE_SUBNET_TAGS
+                public_subnet_tags = VPC_REQUEST_DEFAULT_PUBLIC_SUBNET_TAGS
             values = {
                 "static": {
                     "vpc_id": outputs_per_account.get(
                         f"{request.identifier}-vpc_id", {}
                     ).get("value"),
+                    "vpc_tags": request.vpc_tags or {},
                     "subnets": {
                         "private": private_subnets,
                         "public": public_subnets,
+                        "private_subnet_tags": private_subnet_tags,
+                        "public_subnet_tags": public_subnet_tags,
+                        "availability_zones": availability_zones,
                     },
                     "account_name": request.account.name,
                     "region": request.region,
@@ -140,13 +162,21 @@ class TerraformVpcResources(QontractReconcileIntegration[TerraformVpcResourcesPa
             logging.debug("No VPC requests found, nothing to do.")
             sys.exit(ExitCodes.SUCCESS)
-        accounts_untyped: list[dict] = [acc.dict(by_alias=True) for acc in accounts]
+        accounts_untyped: list[dict] = [
+            acc.model_dump(by_alias=True) for acc in accounts
+        ]
+        try:
+            default_tags = get_settings().default_tags
+        except ValueError:
+            # no external resources settings found
+            default_tags = None
         with TerrascriptClient(
             integration=QONTRACT_INTEGRATION,
             integration_prefix=QONTRACT_TF_PREFIX,
             thread_pool_size=thread_pool_size,
             accounts=accounts_untyped,
             secret_reader=secret_reader,
+            default_tags=default_tags,
         ) as ts_client:
             ts_client.populate_vpc_requests(data, AWS_PROVIDER_VERSION)

reconcile/typed_queries/app_interface_roles.py ADDED Viewed

@@ -0,0 +1,10 @@
+from reconcile.gql_definitions.common.app_interface_roles import (
+    RoleV1,
+    query,
+)
+from reconcile.utils import gql
+def get_app_interface_roles() -> list[RoleV1]:
+    data = query(gql.get_api().query)
+    return list(data.roles or [])

reconcile/typed_queries/aws_account_tags.py ADDED Viewed

@@ -0,0 +1,41 @@
+import json
+from collections.abc import Mapping
+from reconcile.gql_definitions.fragments.aws_organization import (
+    AWSOrganization,
+)
+def get_aws_account_tags(
+    organization: AWSOrganization | Mapping | None,
+) -> dict[str, str]:
+    """
+    Get AWS account tags by merging payer account tags
+    Args:
+        organization: AWSOrganization | Mapping | None - The organization object from which to extract tags.
+    Returns:
+        dict[str, str]: A dictionary containing the merged tags from the payer account and the account itself.
+    """
+    if organization is None:
+        return {}
+    match organization:
+        case AWSOrganization():
+            payer_account_tags = (
+                organization.payer_account.organization_account_tags or {}
+            )
+            account_tags = organization.tags or {}
+        case Mapping():
+            payer_account_tags = organization.get("payerAccount", {}).get(
+                "organizationAccountTags", {}
+            )
+            if isinstance(payer_account_tags, str):
+                payer_account_tags = json.loads(payer_account_tags)
+            account_tags = organization.get("tags", {})
+            if isinstance(account_tags, str):
+                account_tags = json.loads(account_tags)
+    return payer_account_tags | account_tags

reconcile/typed_queries/cost_report/app_names.py CHANGED Viewed

@@ -6,7 +6,7 @@ from reconcile.utils.gql import GqlApi
 class App(BaseModel):
     name: str
-    parent_app_name: str | None
+    parent_app_name: str | None = None
 def get_app_names(

reconcile/typed_queries/cost_report/cost_namespaces.py CHANGED Viewed

@@ -13,7 +13,7 @@ class CostNamespace(BaseModel, frozen=True):
     labels: CostNamespaceLabels
     app_name: str
     cluster_name: str
-    cluster_external_id: str | None
+    cluster_external_id: str | None = None
 def get_cost_namespaces(
@@ -32,7 +32,7 @@ def get_cost_namespaces(
     return [
         CostNamespace(
             name=namespace.name,
-            labels=CostNamespaceLabels.parse_obj(namespace.labels or {}),
+            labels=CostNamespaceLabels.model_validate(namespace.labels or {}),
             app_name=namespace.app.name,
             cluster_name=namespace.cluster.name,
             cluster_external_id=namespace.cluster.spec.external_id

reconcile/typed_queries/saas_files.py CHANGED Viewed

@@ -1,5 +1,4 @@
 import hashlib
-import json
 from collections.abc import Callable
 from threading import Lock
 from typing import Any
@@ -7,7 +6,6 @@ from typing import Any
 from jsonpath_ng.exceptions import JsonPathParserError
 from pydantic import (
     BaseModel,
-    Extra,
     Field,
     Json,
 )
@@ -48,10 +46,16 @@ from reconcile.utils.exceptions import (
     AppInterfaceSettingsError,
     ParameterError,
 )
+from reconcile.utils.json import json_dumps
 from reconcile.utils.jsonpath import parse_jsonpath
-class SaasResourceTemplateTarget(ConfiguredBaseModel):
+class SaasResourceTemplateTarget(
+    ConfiguredBaseModel,
+    validate_by_alias=True,
+    # ignore `namespaceSelector` and 'provider' fields from the GQL schema
+    extra="ignore",
+):
     path: str | None = Field(..., alias="path")
     name: str | None = Field(..., alias="name")
     # the namespace must be required to fulfill the saas file schema (utils.saasherder.interface.SaasFile)
@@ -79,12 +83,8 @@ class SaasResourceTemplateTarget(ConfiguredBaseModel):
             digest_size=20,
         ).hexdigest()
-    class Config:
-        # ignore `namespaceSelector` and 'provider' fields from the GQL schema
-        extra = Extra.ignore
-class SaasResourceTemplate(ConfiguredBaseModel):
+class SaasResourceTemplate(ConfiguredBaseModel, validate_by_alias=True):
     name: str = Field(..., alias="name")
     url: str = Field(..., alias="url")
     path: str = Field(..., alias="path")
@@ -97,7 +97,7 @@ class SaasResourceTemplate(ConfiguredBaseModel):
     targets: list[SaasResourceTemplateTarget] = Field(..., alias="targets")
-class SaasFile(ConfiguredBaseModel):
+class SaasFile(ConfiguredBaseModel, validate_by_alias=True):
     path: str = Field(..., alias="path")
     name: str = Field(..., alias="name")
     labels: Json | None = Field(..., alias="labels")
@@ -221,7 +221,7 @@ class SaasFileList:
             with self._namespaces_as_dict_lock:
                 self._namespaces_as_dict_cache = {
                     "namespace": [
-                        ns.dict(by_alias=True, exclude_none=True)
+                        ns.model_dump(by_alias=True, exclude_none=True)
                         for ns in self.namespaces
                     ]
                 }
@@ -283,7 +283,7 @@ class SaasFileList:
             if app_name and saas_file.app.name != app_name:
                 continue
-            sf = saas_file.copy(deep=True)
+            sf = saas_file.model_copy(deep=True)
             if env_name:
                 for rt in sf.resource_templates[:]:
                     for target in rt.targets[:]:
@@ -302,7 +302,7 @@ def convert_parameters_to_json_string(root: dict[str, Any]) -> dict[str, Any]:
     """Find all parameter occurrences and convert them to a json string."""
     for key, value in root.items():
         if key in {"parameters", "labels"}:
-            root[key] = json.dumps(value) if value is not None else None
+            root[key] = json_dumps(value) if value is not None else None
         elif isinstance(value, dict):
             root[key] = convert_parameters_to_json_string(value)
         elif isinstance(value, list):
@@ -314,7 +314,7 @@ def convert_parameters_to_json_string(root: dict[str, Any]) -> dict[str, Any]:
 def export_model(model: BaseModel) -> dict[str, Any]:
-    return convert_parameters_to_json_string(model.dict(by_alias=True))
+    return convert_parameters_to_json_string(model.model_dump(by_alias=True))
 def get_saas_files(

reconcile/typed_queries/status_board.py CHANGED Viewed

@@ -32,7 +32,7 @@ def get_selected_app_names(
             prefix = f"{namespace.app.parent_app.name}-"
         name = f"{prefix}{namespace.app.name}"
         selected_app_names.add(name)
-        app = namespace.app.dict(by_alias=True)
+        app = namespace.app.model_dump(by_alias=True)
         app["name"] = name
         apps["apps"].append(app)
@@ -40,7 +40,7 @@ def get_selected_app_names(
             name = f"{namespace.app.name}-{child.name}"
             if name not in selected_app_names:
                 selected_app_names.add(f"{namespace.app.name}-{child.name}")
-                child_dict = child.dict(by_alias=True)
+                child_dict = child.model_dump(by_alias=True)
                 child_dict["name"] = name
                 apps["apps"].append(child_dict)

reconcile/unleash_feature_toggles/integration.py CHANGED Viewed

@@ -31,7 +31,7 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
 class UnleashTogglesIntegrationParams(PydanticRunParams):
-    instance: str | None
+    instance: str | None = None
 def feature_toggle_equal(c: FeatureToggle, d: FeatureToggleUnleashV1) -> bool:
@@ -68,7 +68,9 @@ class UnleashTogglesIntegration(
         if not query_func:
             query_func = gql.get_api().query
         return {
-            "toggles": [ft.dict() for ft in self.get_unleash_instances(query_func)],
+            "toggles": [
+                ft.model_dump() for ft in self.get_unleash_instances(query_func)
+            ],
         }
     def get_unleash_instances(

reconcile/utils/acs/base.py CHANGED Viewed

@@ -6,7 +6,7 @@ from typing import (
 )
 import requests
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 from reconcile.gql_definitions.acs.acs_instances import AcsInstanceV1
 from reconcile.gql_definitions.acs.acs_instances import query as acs_instances_query
@@ -19,8 +19,11 @@ class AcsBaseApi(BaseModel):
     timeout: int = 30
     session: requests.Session = requests.Session()
-    class Config:
-        arbitrary_types_allowed = True
+    model_config = ConfigDict(
+        validate_by_name=True,
+        validate_by_alias=True,
+        arbitrary_types_allowed=True,
+    )
     def __enter__(self) -> Self:
         return self

reconcile/utils/acs/policies.py CHANGED Viewed

@@ -11,7 +11,7 @@ class Scope(BaseModel):
     """
     cluster: str
-    namespace: str | None
+    namespace: str | None = None
 class PolicyCondition(BaseModel):
@@ -23,7 +23,7 @@ class PolicyCondition(BaseModel):
     """
     field_name: str
-    negate: bool | None
+    negate: bool | None = None
     values: list[str]

reconcile/utils/aggregated_list.py CHANGED Viewed

@@ -1,8 +1,9 @@
-import json
 import logging
 from collections.abc import Callable, KeysView
 from typing import Any, TypedDict
+from reconcile.utils.json import json_dumps
 Action = Callable[[Any, list[Any]], bool]
 Cond = Callable[[Any], bool]
@@ -89,11 +90,11 @@ class AggregatedList:
         return list(self._dict.values())
     def to_json(self) -> str:
-        return json.dumps(self.dump(), indent=4)
+        return json_dumps(self.dump(), indent=4)
     @staticmethod
     def hash_params(params: Any) -> int:
-        return hash(json.dumps(params, sort_keys=True))
+        return hash(json_dumps(params))
 class AggregatedDiffRunner:

reconcile/utils/aws_api.py CHANGED Viewed

@@ -3,7 +3,6 @@ from __future__ import annotations
 import logging
 import operator
 import os
-import re
 from functools import lru_cache
 from threading import Lock
 from typing import (
@@ -25,6 +24,7 @@ import reconcile.utils.lean_terraform_client as terraform
 from reconcile.utils.secret_reader import SecretReader, SecretReaderBase
 if TYPE_CHECKING:
+    import re
     from collections.abc import (
         Iterable,
         Iterator,
@@ -1074,28 +1074,40 @@ class AWSApi:
         return [rt["RouteTableId"] for rt in vpc_route_tables]
     @staticmethod
-    def _filter_amis(
-        images: Iterable[ImageTypeDef], regex: str
-    ) -> list[dict[str, Any]]:
-        results = []
-        pattern = re.compile(regex)
-        for i in images:
-            if not re.search(pattern, i["Name"]):
-                continue
-            if i["State"] != "available":
-                continue
-            item = {"image_id": i["ImageId"], "tags": i.get("Tags", [])}
-            results.append(item)
+    def normalize_tags(tags: Iterable[TagTypeDef]) -> dict[str, str]:
+        return {tag["Key"]: tag["Value"] for tag in tags}
-        return results
+    @staticmethod
+    def _filter_amis(
+        images: Iterable[ImageTypeDef],
+        regex: re.Pattern,
+    ) -> dict[str, dict[str, str]]:
+        return {
+            image["ImageId"]: AWSApi.normalize_tags(image.get("Tags", []))
+            for image in images
+            if regex.search(image["Name"]) and image["State"] == "available"
+        }
     def get_amis_details(
         self,
         account: Mapping[str, Any],
         owner_account: Mapping[str, Any],
-        regex: str,
+        regex: re.Pattern,
         region: str | None = None,
-    ) -> list[dict[str, Any]]:
+    ) -> dict[str, dict[str, str]]:
+        """
+        Get AMI details for an account, find AMI name matches regex and state is available.
+        Return ImageId and normalized tags.
+        Args:
+            account: AWS account
+            owner_account: AMI owner AWS account uid
+            regex: regex to filter AMI name
+            region: AWS account region
+        Returns:
+            dict[str, dict[str, str]]: Key is AMI ImageId, value is AMI normalized tags.
+        """
         ec2 = self._account_ec2_client(account["name"], region_name=region)
         images = self.get_account_amis(ec2, owner=owner_account["uid"])
         return self._filter_amis(images, regex)
@@ -1175,12 +1187,31 @@ class AWSApi:
         client = self._account_cloudwatch_client(account_name, region_name=region_name)
         client.delete_log_group(logGroupName=group_name)
-    def create_tag(
-        self, account: Mapping[str, Any], resource_id: str, tag: Mapping[str, str]
+    def create_tags(
+        self,
+        account: Mapping[str, Any],
+        resource_id: str,
+        tags: Mapping[str, str],
     ) -> None:
+        """
+        Create tags on EC2 resources (AMI)
+        Args:
+            account: AWS account
+            resource_id: AWS resource id
+            tags: tags to update
+        Returns:
+            None
+        """
         ec2 = self._account_ec2_client(account["name"])
-        tag_type_def: TagTypeDef = {"Key": tag["Key"], "Value": tag["Value"]}
-        ec2.create_tags(Resources=[resource_id], Tags=[tag_type_def])
+        formatted_tags: list[TagTypeDef] = [
+            {"Key": k, "Value": v} for k, v in tags.items()
+        ]
+        ec2.create_tags(
+            Resources=[resource_id],
+            Tags=formatted_tags,
+        )
     def get_alb_network_interface_ips(
         self, account: awsh.Account, service_name: str

qontract-reconcile 0.10.2.dev299__py3-none-any.whl → 0.10.2.dev430__py3-none-any.whl

qontract-reconcile 0.10.2.dev299py3-none-any.whl → 0.10.2.dev430py3-none-any.whl