qontract-reconcile 0.10.2.dev299__py3-none-any.whl → 0.10.2.dev430__py3-none-any.whl

reconcile/utils/oc_filters.py

@@ -19,19 +19,19 @@ class Namespace(Protocol):
 NS = TypeVar("NS", bound=Namespace)
 
 
-def filter_namespaces_by_cluster(
+def filter_namespaces_by_cluster[NS: Namespace](
     namespaces: Iterable[NS], cluster_names: Iterable[str]
 ) -> list[NS]:
     return [n for n in namespaces if n.cluster.name in cluster_names]
 
 
-def filter_namespaces_by_name(
+def filter_namespaces_by_name[NS: Namespace](
     namespaces: Iterable[NS], namespace_names: Iterable[str]
 ) -> list[NS]:
     return [n for n in namespaces if n.name in namespace_names]
 
 
-def filter_namespaces_by_cluster_and_namespace(
+def filter_namespaces_by_cluster_and_namespace[NS: Namespace](
     namespaces: Iterable[NS],
     cluster_names: Iterable[str] | None,
     namespace_names: Iterable[str] | None,

reconcile/utils/ocm/addons.py

@@ -188,7 +188,6 @@ class AddonServiceV2(AddonService):
                     next_run=policy.get("next_run"),
                     version=policy["version"],
                     state=policy.get("state"),
-                    addon_service=self,
                 )
             )
 

reconcile/utils/ocm/base.py

@@ -141,16 +141,16 @@ class OCMClusterAWSOperatorRole(BaseModel):
 
 
 class OCMAWSSTS(OCMClusterFlag):
-    role_arn: str | None
-    support_role_arn: str | None
-    oidc_endpoint_url: str | None
-    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None
-    instance_iam_roles: dict[str, str] | None
-    operator_role_prefix: str | None
+    role_arn: str | None = None
+    support_role_arn: str | None = None
+    oidc_endpoint_url: str | None = None
+    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None = None
+    instance_iam_roles: dict[str, str] | None = None
+    operator_role_prefix: str | None = None
 
 
 class OCMClusterAWSSettings(BaseModel):
-    sts: OCMAWSSTS | None
+    sts: OCMAWSSTS | None = None
 
     @property
     def sts_enabled(self) -> bool:
@@ -215,6 +215,10 @@ class OCMExternalConfiguration(BaseModel):
     syncsets: dict
 
 
+class OCMExternalAuthConfig(BaseModel):
+    enabled: bool
+
+
 PRODUCT_ID_OSD = "osd"
 PRODUCT_ID_ROSA = "rosa"
 
@@ -260,19 +264,21 @@ class OCMCluster(BaseModel):
     product: OCMModelLink
     identity_providers: OCMCollectionLink
 
-    aws: OCMClusterAWSSettings | None
+    aws: OCMClusterAWSSettings | None = None
 
     version: OCMClusterVersion
 
     hypershift: OCMClusterFlag
 
-    console: OCMClusterConsole | None
+    console: OCMClusterConsole | None = None
+
+    api: OCMClusterAPI | None = None
 
-    api: OCMClusterAPI | None
+    dns: OCMClusterDns | None = None
 
-    dns: OCMClusterDns | None
+    external_configuration: OCMExternalConfiguration | None = None
 
-    external_configuration: OCMExternalConfiguration | None
+    external_auth_config: OCMExternalAuthConfig | None = None
 
     def minor_version(self) -> str:
         version_info = parse_semver(self.version.raw_id)
@@ -315,6 +321,10 @@ class OCMCluster(BaseModel):
     def base_domain(self) -> str | None:
         return self.dns.base_domain if self.dns else None
 
+    @property
+    def external_auth_enabled(self) -> bool:
+        return self.external_auth_config.enabled if self.external_auth_config else False
+
 
 class OCMLabel(BaseModel):
     """
@@ -560,15 +570,12 @@ class OCMOIdentityProviderGithub(OCMOIdentityProvider):
     )
 
 
-class OCMOIdentityProviderOidcOpenIdClaims(BaseModel):
+class OCMOIdentityProviderOidcOpenIdClaims(BaseModel, frozen=True):
     email: list[str]
-    name: list[str]
+    name: list[str] = []
     preferred_username: list[str]
     groups: list[str] = []
 
-    class Config:
-        frozen = True
-
 
 class OCMOIdentityProviderOidcOpenId(BaseModel):
     client_id: str
@@ -608,11 +615,11 @@ class OCMAddonUpgradePolicy(BaseModel):
     id: str
     addon_id: str
     cluster_id: str
-    next_run: str | None
-    schedule: str | None
+    next_run: str | None = None
+    schedule: str | None = None
     schedule_type: str
     version: str
-    state: str | None
+    state: str | None = None
 
 
 def build_label_container(

reconcile/utils/ocm/cluster_groups.py

@@ -17,7 +17,7 @@ def add_user_to_cluster_group(
     """
     ocm_api.post(
         build_cluster_group_users_url(cluster_id, group),
-        OCMClusterUser(id=user_name).dict(by_alias=True),
+        OCMClusterUser(id=user_name).model_dump(by_alias=True),
     )
 
 

reconcile/utils/ocm/identity_providers.py

@@ -42,7 +42,7 @@ def add_identity_provider(
         )
     ocm_api.post(
         api_path=ocm_cluster.identity_providers.href,
-        data=idp.dict(by_alias=True, exclude_none=True),
+        data=idp.model_dump(by_alias=True, exclude_none=True),
     )
 
 
@@ -55,7 +55,7 @@ def update_identity_provider(
         raise ValueError(f"IDP {idp.name} does not have a href!")
     ocm_api.patch(
         api_path=idp.href,
-        data=idp.dict(by_alias=True, exclude_none=True, exclude={"name"}),
+        data=idp.model_dump(by_alias=True, exclude_none=True, exclude={"name"}),
     )
 
 

reconcile/utils/ocm/labels.py

@@ -159,7 +159,7 @@ def build_container_for_prefix(
 
     return LabelContainer(
         labels={
-            strip_prefix_if_needed(label.key): label.copy(
+            strip_prefix_if_needed(label.key): label.model_copy(
                 update={"key": strip_prefix_if_needed(label.key)}
             )
             for label in container.labels.values()

reconcile/utils/ocm/ocm.py

@@ -21,7 +21,7 @@ from reconcile.utils.ocm_base_client import (
 from reconcile.utils.secret_reader import SecretReader
 
 if TYPE_CHECKING:
-    from collections.abc import Mapping
+    from collections.abc import Iterable, Mapping, MutableMapping
 
     from reconcile.ocm.types import OCMSpec
 
@@ -83,13 +83,13 @@ class OCM:
 
     def __init__(
         self,
-        name,
-        org_id,
+        name: str,
+        org_id: str,
         ocm_env: str,
         ocm_client: OCMBaseClient,
-        init_provision_shards=False,
-        init_addons=False,
-        init_version_gates=False,
+        init_provision_shards: bool = False,
+        init_addons: bool = False,
+        init_version_gates: bool = False,
         product_portfolio: OCMProductPortfolio | None = None,
     ):
         """Initiates access token and gets clusters information."""
@@ -130,7 +130,7 @@ class OCM:
             and cluster["product"]["id"] in self.product_portfolio.product_names
         )
 
-    def _init_clusters(self, init_provision_shards: bool):
+    def _init_clusters(self, init_provision_shards: bool) -> None:
         api = f"{CS_API_BASE}/v1/clusters"
         product_csv = ",".join([f"'{p}'" for p in self.product_portfolio.product_names])
         params = {
@@ -168,19 +168,19 @@ class OCM:
         spec = impl.get_ocm_spec(self.ocm_api, cluster, init_provision_shards)
         return spec
 
-    def create_cluster(self, name: str, cluster: OCMSpec, dry_run: bool):
+    def create_cluster(self, name: str, cluster: OCMSpec, dry_run: bool) -> None:
         impl = self.get_product_impl(cluster.spec.product, cluster.spec.hypershift)
         impl.create_cluster(self.ocm_api, self.org_id, name, cluster, dry_run)
 
     def update_cluster(
-        self, cluster_name: str, update_spec: Mapping[str, Any], dry_run=False
-    ):
+        self, cluster_name: str, update_spec: Mapping[str, Any], dry_run: bool = False
+    ) -> None:
         cluster = self.clusters[cluster_name]
         cluster_id = self.cluster_ids[cluster_name]
         impl = self.get_product_impl(cluster.spec.product, cluster.spec.hypershift)
         impl.update_cluster(self.ocm_api, cluster_id, update_spec, dry_run)
 
-    def get_group_if_exists(self, cluster, group_id):
+    def get_group_if_exists(self, cluster: str, group_id: str) -> dict[str, Any] | None:
         """Returns a list of users in a group in a cluster.
         If the group does not exist, None will be returned.
 
@@ -202,7 +202,7 @@ class OCM:
         users = self._get_json(api).get("items", [])
         return {"users": [u["id"] for u in users]}
 
-    def add_user_to_group(self, cluster, group_id, user):
+    def add_user_to_group(self, cluster: str, group_id: str, user: str) -> None:
         """
         Adds a user to a group in a cluster.
 
@@ -218,7 +218,7 @@ class OCM:
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/" + f"groups/{group_id}/users"
         self._post(api, {"id": user})
 
-    def del_user_from_group(self, cluster, group_id, user_id):
+    def del_user_from_group(self, cluster: str, group_id: str, user_id: str) -> None:
         """Deletes a user from a group in a cluster.
 
         :param cluster: cluster name
@@ -250,7 +250,9 @@ class OCM:
         switch_role_link = role_grants[0][-1]
         return awsh.get_account_uid_from_role_link(switch_role_link)
 
-    def get_aws_infrastructure_access_role_grants(self, cluster):
+    def get_aws_infrastructure_access_role_grants(
+        self, cluster: str
+    ) -> list[tuple[str, str, str, str]]:
         """Returns a list of AWS users (ARN, access level)
         who have AWS infrastructure access in a cluster.
 
@@ -272,8 +274,8 @@ class OCM:
         ]
 
     def get_aws_infrastructure_access_terraform_assume_role(
-        self, cluster, tf_account_id, tf_user
-    ):
+        self, cluster: str, tf_account_id: str, tf_user: str | None
+    ) -> str | None:
         role_grants = self.get_aws_infrastructure_access_role_grants(cluster)
         user_arn = f"arn:aws:iam::{tf_account_id}:user/{tf_user}"
         for arn, role_id, _, console_url in role_grants:
@@ -288,9 +290,11 @@ class OCM:
             role_name = role.replace("roleName=", "")
             return f"arn:aws:iam::{role_account_id}:role/{role_name}"
 
+        return None
+
     def add_user_to_aws_infrastructure_access_role_grants(
-        self, cluster, user_arn, access_level
-    ):
+        self, cluster: str, user_arn: str, access_level: str
+    ) -> None:
         """
         Adds a user to AWS infrastructure access in a cluster.
 
@@ -310,8 +314,8 @@ class OCM:
         self._post(api, {"user_arn": user_arn, "role": {"id": access_level}})
 
     def del_user_from_aws_infrastructure_access_role_grants(
-        self, cluster, user_arn, access_level
-    ):
+        self, cluster: str, user_arn: str, access_level: str
+    ) -> None:
         """
         Deletes a user from AWS infrastructure access in a cluster.
 
@@ -375,7 +379,9 @@ class OCM:
 
         return results
 
-    def create_external_configuration_label(self, cluster, label):
+    def create_external_configuration_label(
+        self, cluster: str, label: dict[str, str]
+    ) -> None:
         """Creates a new External Configuration label
 
         :param cluster: cluster name
@@ -390,7 +396,9 @@ class OCM:
         )
         self._post(api, label)
 
-    def delete_external_configuration_label(self, cluster, label):
+    def delete_external_configuration_label(
+        self, cluster: str, label: Mapping[str, str]
+    ) -> None:
         """Deletes an existing External Configuration label
 
         :param cluster: cluster name
@@ -414,14 +422,9 @@ class OCM:
         )
         self._delete(api)
 
-    def get_machine_pools(self, cluster):
-        """Returns a list of details of Machine Pools
-
-        :param cluster: cluster name
-
-        :type cluster: string
-        """
-        results = []
+    def get_machine_pools(self, cluster: str) -> list[dict[str, Any]]:
+        """Returns a list of details of Machine Pools"""
+        results: list[dict[str, Any]] = []
         cluster_id = self.cluster_ids.get(cluster)
         if not cluster_id:
             return results
@@ -436,7 +439,7 @@ class OCM:
 
         return results
 
-    def create_machine_pool(self, cluster, spec):
+    def create_machine_pool(self, cluster: str, spec: Mapping[str, Any]) -> None:
         """Creates a new Machine Pool
 
         :param cluster: cluster name
@@ -449,7 +452,7 @@ class OCM:
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/machine_pools"
         self._post(api, spec)
 
-    def update_machine_pool(self, cluster, spec):
+    def update_machine_pool(self, cluster: str, spec: MutableMapping[str, Any]) -> None:
         """Updates an existing Machine Pool
 
         :param cluster: cluster name
@@ -460,7 +463,7 @@ class OCM:
         """
         cluster_id = self.cluster_ids[cluster]
         machine_pool_id = spec["id"]
-        labels = spec.get("labels", {})
+        labels: dict[str, str] = spec.get("labels", {})
         spec["labels"] = labels
         api = (
             f"{CS_API_BASE}/v1/clusters/{cluster_id}/machine_pools/"
@@ -468,7 +471,7 @@ class OCM:
         )
         self._patch(api, spec)
 
-    def delete_machine_pool(self, cluster, spec):
+    def delete_machine_pool(self, cluster: str, spec: Mapping[str, Any]) -> None:
         """Deletes an existing Machine Pool
 
         :param cluster: cluster name
@@ -485,21 +488,21 @@ class OCM:
         )
         self._delete(api)
 
-    def get_node_pools(self, cluster):
+    def get_node_pools(self, cluster: str) -> list[dict[str, Any]]:
         """Returns a list of details of Node Pools
 
         :param cluster: cluster name
 
         :type cluster: string
         """
-        results = []
+        results: list[dict[str, Any]] = []
         cluster_id = self.cluster_ids.get(cluster)
         if not cluster_id:
             return results
 
         return get_node_pools(self._ocm_client, cluster_id)
 
-    def delete_node_pool(self, cluster, spec):
+    def delete_node_pool(self, cluster: str, spec: Mapping[str, Any]) -> None:
         """Deletes an existing Node Pool
 
         :param cluster: cluster name
@@ -513,7 +516,7 @@ class OCM:
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/node_pools/" + f"{node_pool_id}"
         self._delete(api)
 
-    def create_node_pool(self, cluster, spec):
+    def create_node_pool(self, cluster: str, spec: Mapping[str, Any]) -> None:
         """Creates a new Node Pool
 
         :param cluster: cluster name
@@ -526,7 +529,7 @@ class OCM:
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/node_pools"
         self._post(api, spec)
 
-    def update_node_pool(self, cluster, spec):
+    def update_node_pool(self, cluster: str, spec: MutableMapping[str, Any]) -> None:
         """Updates an existing Node Pool
 
         :param cluster: cluster name
@@ -537,19 +540,19 @@ class OCM:
         """
         cluster_id = self.cluster_ids[cluster]
         node_pool_id = spec["id"]
-        labels = spec.get("labels", {})
+        labels: dict[str, str] = spec.get("labels", {})
         spec["labels"] = labels
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/node_pools/" + f"{node_pool_id}"
         self._patch(api, spec)
 
-    def get_additional_routers(self, cluster):
+    def get_additional_routers(self, cluster: str) -> list[dict[str, Any]]:
         """Returns a list of Additional Application Routers
 
         :param cluster: cluster name
 
         :type cluster: string
         """
-        results = []
+        results: list[dict[str, Any]] = []
         cluster_id = self.cluster_ids.get(cluster)
         if not cluster_id:
             return results
@@ -567,7 +570,7 @@ class OCM:
 
         return results
 
-    def create_additional_router(self, cluster, spec):
+    def create_additional_router(self, cluster: str, spec: Mapping[str, Any]) -> None:
         """Creates a new Additional Application Router
 
         :param cluster: cluster name
@@ -580,7 +583,7 @@ class OCM:
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/ingresses"
         self._post(api, spec)
 
-    def delete_additional_router(self, cluster, spec):
+    def delete_additional_router(self, cluster: str, spec: Mapping[str, Any]) -> None:
         """Deletes an existing Additional Application Router
 
         :param cluster: cluster name
@@ -594,19 +597,19 @@ class OCM:
         api = f"{CS_API_BASE}/v1/clusters/{cluster_id}/" + f"ingresses/{router_id}"
         self._delete(api)
 
-    def _init_addons(self):
+    def _init_addons(self) -> None:
         """Returns a list of Addons"""
         api = f"{CS_API_BASE}/v1/addons"
         self.addons = self._get_json(api).get("items", [])
 
-    def _init_version_gates(self):
+    def _init_version_gates(self) -> None:
         """Returns a list of version gates"""
         if self.version_gates:
             return
         api = f"{CS_API_BASE}/v1/version_gates"
         self.version_gates = self._get_json(api).get("items", [])
 
-    def get_addon(self, id):
+    def get_addon(self, id: str) -> dict[str, Any] | None:
         for addon in self.addons:
             addon_id = addon["id"]
             if id == addon_id:
@@ -652,7 +655,7 @@ class OCM:
 
         return results
 
-    def install_addon(self, cluster, spec):
+    def install_addon(self, cluster: str, spec: MutableMapping[str, Any]) -> None:
         """Installs an addon on a cluster
 
         :param cluster: cluster name
@@ -714,21 +717,28 @@ class OCM:
             return ret_items
         return responses[0]
 
-    def _post(self, api, data=None, params=None):
+    def _post(
+        self,
+        api: str,
+        data: Mapping[str, Any] | None = None,
+        params: Mapping[str, str] | None = None,
+    ) -> Any:
         return self._ocm_client.post(
             api_path=api,
             data=data,
             params=params,
         )
 
-    def _patch(self, api, data, params=None):
+    def _patch(
+        self, api: str, data: Mapping[str, Any], params: Mapping[str, str] | None = None
+    ) -> None:
         return self._ocm_client.patch(
             api_path=api,
             data=data,
             params=params,
         )
 
-    def _delete(self, api):
+    def _delete(self, api: str) -> None:
         return self._ocm_client.delete(
             api_path=api,
         )
@@ -762,14 +772,14 @@ class OCMMap:
 
     def __init__(
         self,
-        clusters=None,
-        namespaces=None,
-        ocms=None,
-        integration="",
-        settings=None,
-        init_provision_shards=False,
-        init_addons=False,
-        init_version_gates=False,
+        clusters: Iterable[Mapping[str, Any]] | None = None,
+        namespaces: Iterable[Mapping[str, Any]] | None = None,
+        ocms: Iterable[Mapping[str, Any]] | None = None,
+        integration: str = "",
+        settings: Mapping[str, Any] | None = None,
+        init_provision_shards: bool = False,
+        init_addons: bool = False,
+        init_version_gates: bool = False,
         product_portfolio: OCMProductPortfolio | None = None,
     ) -> None:
         """Initiates OCM instances for each OCM referenced in a cluster."""
@@ -817,12 +827,12 @@ class OCMMap:
 
     def init_ocm_client_from_cluster(
         self,
-        cluster_info,
-        init_provision_shards,
-        init_addons,
-        init_version_gates,
+        cluster_info: Mapping[str, Any],
+        init_provision_shards: bool,
+        init_addons: bool,
+        init_version_gates: bool,
         product_portfolio: OCMProductPortfolio | None = None,
-    ):
+    ) -> None:
         if self.cluster_disabled(cluster_info):
             return
         cluster_name = cluster_info["name"]
@@ -842,12 +852,12 @@ class OCMMap:
 
     def init_ocm_client(
         self,
-        ocm_info,
-        init_provision_shards,
-        init_addons,
-        init_version_gates,
+        ocm_info: Mapping[str, Any],
+        init_provision_shards: bool,
+        init_addons: bool,
+        init_version_gates: bool,
         product_portfolio: OCMProductPortfolio | None = None,
-    ):
+    ) -> None:
         """
         Initiate OCM client.
         Gets the OCM information and initiates an OCM client.
@@ -901,7 +911,7 @@ class OCMMap:
         """Get list of OCM instance names initiated in the OCM map."""
         return list(self.ocm_map.keys())
 
-    def cluster_disabled(self, cluster_info):
+    def cluster_disabled(self, cluster_info: Mapping[str, Any]) -> bool:
         """
         Checks if the calling integration is disabled in this cluster.
 
@@ -918,7 +928,7 @@ class OCMMap:
 
         return False
 
-    def get(self, cluster) -> OCM:
+    def get(self, cluster: str) -> OCM:
         """
         Gets an OCM instance by cluster.
 

reconcile/utils/ocm/products.py

@@ -47,6 +47,7 @@ SPEC_ATTR_MULTI_AZ = "multi_az"
 SPEC_ATTR_HYPERSHIFT = "hypershift"
 SPEC_ATTR_SUBNET_IDS = "subnet_ids"
 SPEC_ATTR_AVAILABILITY_ZONES = "availability_zones"
+SPEC_ATTR_FIPS = "fips"
 
 SPEC_ATTR_NETWORK = "network"
 IGNORE_NETWORK_TYPE_ATTR = "type"
@@ -177,10 +178,11 @@ class OCMProductOsd(OCMProduct):
             ],
             provision_shard_id=provision_shard_id,
             hypershift=cluster["hypershift"]["enabled"],
+            fips=cluster.get("fips") or False,
         )
 
         if not cluster["ccs"]["enabled"]:
-            cluster_spec_data = spec.dict()
+            cluster_spec_data = spec.model_dump()
             cluster_spec_data["storage"] = (
                 cluster["storage_quota"]["value"] // BYTES_IN_GIGABYTE
             )
@@ -227,7 +229,7 @@ class OCMProductOsd(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -257,6 +259,7 @@ class OCMProductOsd(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
+            "fips": cluster.spec.fips,
         }
 
         # Workaround to enable type checks.
@@ -426,6 +429,7 @@ class OCMProductRosa(OCMProduct):
             subnet_ids=cluster["aws"].get("subnet_ids"),
             availability_zones=cluster["nodes"].get("availability_zones"),
             oidc_endpoint_url=oidc_endpoint_url,
+            fips=cluster.get("fips") or False,
         )
 
         machine_pools = [
@@ -470,7 +474,7 @@ class OCMProductRosa(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -513,6 +517,7 @@ class OCMProductRosa(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
+            "fips": cluster.spec.fips,
         }
 
         provision_shard_id = cluster.spec.provision_shard_id
@@ -701,6 +706,7 @@ class OCMProductHypershift(OCMProduct):
             availability_zones=cluster["nodes"].get("availability_zones"),
             hypershift=cluster["hypershift"]["enabled"],
             oidc_endpoint_url=oidc_endpoint_url,
+            fips=cluster.get("fips") or False,
         )
 
         network = OCMClusterNetwork(