qontract-reconcile 0.10.2.dev310__py3-none-any.whl → 0.10.2.dev439__py3-none-any.whl

reconcile/utils/ocm/service_log.py

@@ -1,9 +1,7 @@
 from collections.abc import Generator
-from datetime import (
-    datetime,
-    timedelta,
-)
+from datetime import timedelta
 
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.ocm.base import (
     OCMClusterServiceLog,
     OCMClusterServiceLogCreateModel,
@@ -47,7 +45,7 @@ def create_service_log(
                 .eq("severity", service_log.severity.value)
                 .eq("summary", service_log.summary)
                 .eq("description", service_log.description)
-                .after("created_at", datetime.utcnow() - dedup_interval),
+                .after("created_at", utc_now() - dedup_interval),
             ),
             None,
         )
@@ -57,6 +55,6 @@ def create_service_log(
     return OCMClusterServiceLog(
         **ocm_api.post(
             api_path=CLUSTER_SERVICE_LOGS_CREATE_ENDPOINT,
-            data=service_log.dict(by_alias=True),
+            data=service_log.model_dump(by_alias=True),
         )
     )

reconcile/utils/ocm/sre_capability_labels.py

@@ -1,7 +1,7 @@
 from typing import Any
 
-from pydantic import Field
-from pydantic.fields import ModelField
+from pydantic import WithJsonSchema
+from pydantic.fields import FieldInfo
 
 from reconcile.utils.ocm.base import (
     LabelContainer,
@@ -22,11 +22,11 @@ def sre_capability_label_key(
     return f"sre-capabilities.{sre_capability}.{config_atom}"
 
 
-def labelset_groupfield(group_prefix: str) -> Any:
+def labelset_groupfield(group_prefix: str) -> WithJsonSchema:
     """
     Helper function to build the FieldMeta for a labelset field that groups labels.
     """
-    return Field(group_by_prefix=group_prefix)
+    return WithJsonSchema({"group_by_prefix": group_prefix})
 
 
 def build_labelset(
@@ -36,16 +36,23 @@ def build_labelset(
     Instantiates a dataclass from a set of labels.
     """
     raw_data = {
-        field.alias: _labelset_field_value(labels, field)
-        for field in dataclass.__fields__.values()
+        field.alias or name: _labelset_field_value(labels, name, field)
+        for name, field in dataclass.model_fields.items()
     }
     return dataclass(**raw_data)
 
 
-def _labelset_field_value(labels: LabelContainer, field: ModelField) -> Any | None:
-    key_prefix = field.field_info.extra.get("group_by_prefix")
-    if key_prefix:
-        return build_container_for_prefix(
-            labels, key_prefix, strip_key_prefix=True
-        ).get_values_dict()
-    return labels.get_label_value(field.alias)
+def _labelset_field_value(
+    labels: LabelContainer, name: str, field: FieldInfo
+) -> Any | None:
+    schema = next((m for m in field.metadata if isinstance(m, WithJsonSchema)), None)
+    if (
+        schema is None
+        or not schema.json_schema
+        or "group_by_prefix" not in schema.json_schema
+    ):
+        return labels.get_label_value(field.alias or name)
+
+    return build_container_for_prefix(
+        labels, schema.json_schema["group_by_prefix"], strip_key_prefix=True
+    ).get_values_dict()

reconcile/utils/ocm_base_client.py

@@ -49,7 +49,7 @@ class OCMBaseClient:
         self._init_request_headers()
 
     @retry()
-    def _init_access_token(self):
+    def _init_access_token(self) -> None:
         data = {
             "grant_type": "client_credentials",
             "client_id": self._access_token_client_id,
@@ -61,7 +61,7 @@ class OCMBaseClient:
         r.raise_for_status()
         self._access_token = r.json().get("access_token")
 
-    def _init_request_headers(self):
+    def _init_request_headers(self) -> None:
         self._session.headers.update({
             "Authorization": f"Bearer {self._access_token}",
             "accept": "application/json",
@@ -130,7 +130,7 @@ class OCMBaseClient:
         api_path: str,
         data: Mapping[str, Any],
         params: Mapping[str, str] | None = None,
-    ):
+    ) -> None:
         ocm_request.labels(verb="PATCH", client_id=self._access_token_client_id).inc()
         r = self._session.patch(
             f"{self._url}{api_path}",
@@ -144,7 +144,7 @@ class OCMBaseClient:
             logging.error(r.text)
             raise e
 
-    def delete(self, api_path: str):
+    def delete(self, api_path: str) -> None:
         ocm_request.labels(verb="DELETE", client_id=self._access_token_client_id).inc()
         r = self._session.delete(f"{self._url}{api_path}", timeout=REQUEST_TIMEOUT_SEC)
         try:

reconcile/utils/openshift_resource.py

@@ -1,20 +1,26 @@
 # ruff: noqa: SIM114
+from __future__ import annotations
+
 import base64
 import contextlib
 import copy
-import datetime
 import hashlib
-import json
+import logging
 import re
-from collections.abc import Mapping
 from threading import Lock
+from typing import TYPE_CHECKING, Any
 
 import semver
 from pydantic import BaseModel
 
 from reconcile.external_resources.meta import SECRET_UPDATED_AT
+from reconcile.utils.datetime_util import to_utc_seconds_iso_format, utc_now
+from reconcile.utils.json import json_dumps
 from reconcile.utils.metrics import GaugeMetric
 
+if TYPE_CHECKING:
+    from collections.abc import Iterator, Mapping
+
 SECRET_MAX_KEY_LENGTH = 253
 
 
@@ -27,7 +33,7 @@ class ResourceNotManagedError(Exception):
 
 
 class ConstructResourceError(Exception):
-    def __init__(self, msg):
+    def __init__(self, msg: str) -> None:
         super().__init__("error constructing openshift resource: " + str(msg))
 
 
@@ -73,13 +79,13 @@ QONTRACT_ANNOTATIONS = {
 class OpenshiftResource:
     def __init__(
         self,
-        body,
-        integration,
-        integration_version,
-        error_details="",
-        caller_name=None,
-        validate_k8s_object=True,
-    ):
+        body: dict[str, Any],
+        integration: str,
+        integration_version: str,
+        error_details: str = "",
+        caller_name: str | None = None,
+        validate_k8s_object: bool = True,
+    ) -> None:
         self.body = body
         self.integration = integration
         self.integration_version = integration_version
@@ -88,10 +94,12 @@ class OpenshiftResource:
         if validate_k8s_object:
             self.verify_valid_k8s_object()
 
-    def __eq__(self, other):
+    def __eq__(self, other: object) -> bool:
+        if not isinstance(other, OpenshiftResource):
+            return False
         return self.obj_intersect_equal(self.body, other.body)
 
-    def obj_intersect_equal(self, obj1, obj2, depth=0):
+    def obj_intersect_equal(self, obj1: Any, obj2: Any, depth: int = 0) -> bool:
         # obj1 == d_item
         # obj2 == c_item
         if obj1.__class__ != obj2.__class__:
@@ -163,7 +171,7 @@ class OpenshiftResource:
         return True
 
     @staticmethod
-    def ignorable_field(val):
+    def ignorable_field(val: str) -> bool:
         ignorable_fields = [
             "kubectl.kubernetes.io/last-applied-configuration",
             "creationTimestamp",
@@ -176,14 +184,14 @@ class OpenshiftResource:
         return val in ignorable_fields
 
     @staticmethod
-    def ignorable_key_value_pair(key, val):
+    def ignorable_key_value_pair(key: str, val: Any) -> bool:
         ignorable_key_value_pair = {"annotations": None, "divisor": "0"}
         return bool(
             key in ignorable_key_value_pair and ignorable_key_value_pair[key] == val
         )
 
     @staticmethod
-    def cpu_equal(val1, val2):
+    def cpu_equal(val1: Any, val2: Any) -> bool:
         # normalize both to string
         with contextlib.suppress(Exception):
             val1 = f"{int(float(val1) * 1000)}m"
@@ -192,7 +200,7 @@ class OpenshiftResource:
         return val1 == val2
 
     @staticmethod
-    def api_version_mutation(val1, val2):
+    def api_version_mutation(val1: str, val2: str) -> bool:
         # required temporarily, pending response on
         # https://redhat.service-now.com/surl.do?n=INC1224482
         if val1 == "apps/v1" and val2 == "extensions/v1beta1":
@@ -204,7 +212,7 @@ class OpenshiftResource:
         return val1 == val2
 
     @property
-    def name(self):
+    def name(self) -> str:
         # PipelineRun name can be empty when creating
         if self.kind == "PipelineRun" and "name" not in self.body["metadata"]:
             return self.body["metadata"]["generateName"][:-1]
@@ -212,19 +220,19 @@ class OpenshiftResource:
             return self.body["metadata"]["name"]
 
     @property
-    def kind(self):
+    def kind(self) -> str:
         return self.body["kind"]
 
     @property
-    def annotations(self):
+    def annotations(self) -> dict[str, str]:
         return self.body["metadata"].get("annotations", {})
 
     @property
-    def kind_and_group(self):
+    def kind_and_group(self) -> str:
         return fully_qualified_kind(self.kind, self.body["apiVersion"])
 
     @property
-    def caller(self):
+    def caller(self) -> str | None:
         try:
             return (
                 self.caller_name
@@ -233,7 +241,7 @@ class OpenshiftResource:
         except KeyError:
             return None
 
-    def verify_valid_k8s_object(self):
+    def verify_valid_k8s_object(self) -> None:
         try:
             assert self.name
             assert self.kind
@@ -291,7 +299,7 @@ class OpenshiftResource:
             pass
 
     @staticmethod
-    def is_controller_managed_label(kind, label) -> bool:
+    def is_controller_managed_label(kind: str, label: str) -> bool:
         for il in CONTROLLER_MANAGED_LABELS.get(kind, []):
             if isinstance(il, str) and il == label:
                 return True
@@ -299,7 +307,7 @@ class OpenshiftResource:
                 return True
         return False
 
-    def has_qontract_annotations(self):
+    def has_qontract_annotations(self) -> bool:
         try:
             annotations = self.body["metadata"]["annotations"]
 
@@ -322,10 +330,10 @@ class OpenshiftResource:
 
         return True
 
-    def has_owner_reference(self):
+    def has_owner_reference(self) -> bool:
         return bool(self.body["metadata"].get("ownerReferences", []))
 
-    def has_valid_sha256sum(self):
+    def has_valid_sha256sum(self) -> bool:
         try:
             current_sha256sum = self.body["metadata"]["annotations"][
                 "qontract.sha256sum"
@@ -334,7 +342,7 @@ class OpenshiftResource:
         except KeyError:
             return False
 
-    def annotate(self, canonicalize=True):
+    def annotate(self, canonicalize: bool = True) -> OpenshiftResource:
         """
         Creates a OpenshiftResource with the qontract annotations, and removes
         unneeded Openshift fields.
@@ -361,24 +369,24 @@ class OpenshiftResource:
         annotations[QONTRACT_ANNOTATION_INTEGRATION] = self.integration
         annotations[QONTRACT_ANNOTATION_INTEGRATION_VERSION] = self.integration_version
         annotations[QONTRACT_ANNOTATION_SHA256SUM] = sha256sum
-        now = datetime.datetime.utcnow().replace(microsecond=0).isoformat()
-        annotations[QONTRACT_ANNOTATION_UPDATE] = now
+        now = utc_now()
+        annotations[QONTRACT_ANNOTATION_UPDATE] = to_utc_seconds_iso_format(now)
         if self.caller_name:
             annotations[QONTRACT_ANNOTATION_CALLER_NAME] = self.caller_name
 
         return OpenshiftResource(body, self.integration, self.integration_version)
 
-    def sha256sum(self):
+    def sha256sum(self) -> str:
         body = self.annotate().body
 
         annotations = body["metadata"]["annotations"]
         return annotations["qontract.sha256sum"]
 
-    def to_json(self):
+    def to_json(self) -> str:
         return self.serialize(self.body)
 
     @staticmethod
-    def canonicalize(body):
+    def canonicalize(body: dict[str, Any]) -> dict[str, Any]:
         body = copy.deepcopy(body)
 
         # create annotations if not present
@@ -522,11 +530,11 @@ class OpenshiftResource:
         return body
 
     @staticmethod
-    def serialize(body):
-        return json.dumps(body, sort_keys=True)
+    def serialize(body: dict[str, Any]) -> str:
+        return json_dumps(body)
 
     @staticmethod
-    def calculate_sha256sum(body):
+    def calculate_sha256sum(body: str) -> str:
         m = hashlib.sha256()
         m.update(body.encode("utf-8"))
         return m.hexdigest()
@@ -559,19 +567,19 @@ class OpenshiftResourceInventoryGauge(OpenshiftResourceBaseMetric, GaugeMetric):
 
 
 class ResourceInventory:
-    def __init__(self):
-        self._clusters = {}
+    def __init__(self) -> None:
+        self._clusters: dict[str, dict[str, dict[str, dict[str, Any]]]] = {}
         self._error_registered = False
-        self._error_registered_clusters = {}
+        self._error_registered_clusters: dict[str, bool] = {}
         self._lock = Lock()
 
     def initialize_resource_type(
         self,
-        cluster,
-        namespace,
-        resource_type,
+        cluster: str,
+        namespace: str,
+        resource_type: str,
         managed_names: list[str] | None = None,
-    ):
+    ) -> None:
         self._clusters.setdefault(cluster, {})
         self._clusters[cluster].setdefault(namespace, {})
         self._clusters[cluster][namespace].setdefault(
@@ -594,6 +602,10 @@ class ResourceInventory:
         resource: OpenshiftResource,
         privileged: bool = False,
     ) -> None:
+        if cluster not in self._clusters:
+            logging.error(f"Cluster {cluster} not initialized in ResourceInventory")
+            return
+
         if resource.kind_and_group in self._clusters[cluster][namespace]:
             kind = resource.kind_and_group
         else:
@@ -608,8 +620,14 @@ class ResourceInventory:
         )
 
     def add_desired(
-        self, cluster, namespace, resource_type, name, value, privileged=False
-    ):
+        self,
+        cluster: str,
+        namespace: str,
+        resource_type: str,
+        name: str,
+        value: OpenshiftResource,
+        privileged: bool = False,
+    ) -> None:
         # privileged permissions to apply resources to clusters are managed on
         # a per-namespace level in qontract-schema namespace files, but are
         # tracked on a per-resource level in ResourceInventory and the
@@ -633,41 +651,54 @@ class ResourceInventory:
             ]
             admin_token_usage[name] = privileged
 
-    def get_desired(self, cluster, namespace, resource_type, name):
+    def get_desired(
+        self, cluster: str, namespace: str, resource_type: str, name: str
+    ) -> OpenshiftResource | None:
         try:
             return self._clusters[cluster][namespace][resource_type]["desired"][name]
         except KeyError:
             return None
 
-    def get_desired_by_type(self, cluster, namespace, resource_type):
+    def get_desired_by_type(
+        self, cluster: str, namespace: str, resource_type: str
+    ) -> dict[str, OpenshiftResource] | None:
         try:
             return self._clusters[cluster][namespace][resource_type]["desired"]
         except KeyError:
             return None
 
-    def get_current(self, cluster, namespace, resource_type, name):
+    def get_current(
+        self, cluster: str, namespace: str, resource_type: str, name: str
+    ) -> OpenshiftResource | None:
         try:
             return self._clusters[cluster][namespace][resource_type]["current"][name]
         except KeyError:
             return None
 
-    def add_current(self, cluster, namespace, resource_type, name, value):
+    def add_current(
+        self,
+        cluster: str,
+        namespace: str,
+        resource_type: str,
+        name: str,
+        value: OpenshiftResource,
+    ) -> None:
         with self._lock:
             current = self._clusters[cluster][namespace][resource_type]["current"]
             current[name] = value
 
-    def __iter__(self):
+    def __iter__(self) -> Iterator[tuple[str, str, str, dict[str, Any]]]:
         for cluster_name, cluster in self._clusters.items():
             for namespace_name, namespace in cluster.items():
                 for resource_type, resource in namespace.items():
                     yield (cluster_name, namespace_name, resource_type, resource)
 
-    def register_error(self, cluster=None):
+    def register_error(self, cluster: str | None = None) -> None:
         self._error_registered = True
         if cluster is not None:
             self._error_registered_clusters[cluster] = True
 
-    def has_error_registered(self, cluster=None):
+    def has_error_registered(self, cluster: str | None = None) -> bool:
         if cluster is not None:
             return self._error_registered_clusters.get(cluster, False)
         return self._error_registered

reconcile/utils/openssl.py

@@ -1,12 +1,12 @@
 from OpenSSL import crypto
 
 
-def certificate_matches_host(certificate, host):
+def certificate_matches_host(certificate: bytes, host: str) -> bool:
     common_name = get_certificate_common_name(certificate)
     return host.endswith(common_name.replace("*.", ""))
 
 
-def get_certificate_common_name(certificate):
+def get_certificate_common_name(certificate: bytes) -> str:
     cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
     subject = cert.get_subject()
     return subject.CN

reconcile/utils/output.py

@@ -1,10 +1,11 @@
-import json
 import re
 from collections.abc import Iterable, Mapping
 
 import yaml
 from tabulate import tabulate
 
+from reconcile.utils.json import json_dumps
+
 
 def print_output(
     options: Mapping[str, str | bool],
@@ -30,7 +31,7 @@ def print_output(
         )
         print(formatted_content)
     elif output == "json":
-        formatted_content = json.dumps(content)
+        formatted_content = json_dumps(content)
         print(formatted_content)
     elif output == "yaml":
         formatted_content = yaml.dump(content)

reconcile/utils/pagerduty_api.py

@@ -3,8 +3,7 @@ from collections.abc import (
     Callable,
     Iterable,
 )
-from datetime import datetime as dt
-from datetime import timedelta
+from datetime import datetime, timedelta
 from typing import (
     Protocol,
 )
@@ -14,6 +13,7 @@ import requests
 from pydantic import BaseModel
 from sretoolbox.utils import retry
 
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.secret_reader import (
     HasSecret,
     SecretReader,
@@ -52,10 +52,13 @@ class PagerDutyTarget(Protocol):
     which must be implemented by a class to be compatible."""
 
     name: str
-    instance: PagerDutyInstance
     escalation_policy_id: str | None
     schedule_id: str | None
 
+    @property
+    def instance(self) -> PagerDutyInstance:
+        pass
+
 
 class PagerDutyConfig(BaseModel):
     """PagerDuty Config."""
@@ -80,7 +83,7 @@ class PagerDutyApi:
     def get_pagerduty_users(
         self, resource_type: str, resource_id: str
     ) -> list[pypd.User]:
-        now = dt.utcnow()
+        now = utc_now()
 
         try:
             if resource_type == "schedule":
@@ -103,7 +106,7 @@ class PagerDutyApi:
         self.users.append(user)
         return user.email.split("@")[0]
 
-    def get_schedule_users(self, schedule_id: str, now: dt) -> list[pypd.User]:
+    def get_schedule_users(self, schedule_id: str, now: datetime) -> list[pypd.User]:
         until = now + timedelta(seconds=60)
         s = pypd.Schedule.fetch(id=schedule_id, since=now, until=until, time_zone="UTC")
         entries = s["final_schedule"]["rendered_schedule_entries"]
@@ -115,7 +118,7 @@ class PagerDutyApi:
         ]
 
     def get_escalation_policy_users(
-        self, escalation_policy_id: str, now: dt
+        self, escalation_policy_id: str, now: datetime
     ) -> list[pypd.User]:
         ep = pypd.EscalationPolicy.fetch(
             id=escalation_policy_id, since=now, until=now, time_zone="UTC"
@@ -189,7 +192,7 @@ def get_pagerduty_name(user: PagerDutyUser) -> str:
     return user.pagerduty_username or user.org_username
 
 
-@retry(no_retry_exceptions=PagerDutyTargetError)
+@retry(no_retry_exceptions=(PagerDutyTargetError,))
 def get_usernames_from_pagerduty(
     pagerduties: Iterable[PagerDutyTarget],
     users: Iterable[PagerDutyUser],

reconcile/utils/promotion_state.py

@@ -3,13 +3,12 @@ from collections import defaultdict
 
 from pydantic import (
     BaseModel,
-    Extra,
 )
 
 from reconcile.utils.state import State
 
 
-class PromotionData(BaseModel):
+class PromotionData(BaseModel, extra="forbid"):
     """
     A class that strictly corresponds to the json stored in S3.
 
@@ -20,17 +19,13 @@ class PromotionData(BaseModel):
 
     # The success is primarily used for SAPM auto-promotions
     success: bool
-    target_config_hash: str | None
-    saas_file: str | None
-    check_in: str | None
+    target_config_hash: str | None = None
+    saas_file: str | None = None
+    check_in: str | None = None
     # Whether this promotion has ever succeeded
     # Note, this shouldnt be overridden on subsequent promotions of same ref
     # This attribute is primarily used by saasherder validations
-    has_succeeded_once: bool | None
-
-    class Config:
-        smart_union = True
-        extra = Extra.forbid
+    has_succeeded_once: bool | None = None
 
 
 class PromotionState:
@@ -107,5 +102,5 @@ class PromotionState:
         self, sha: str, channel: str, target_uid: str, data: PromotionData
     ) -> None:
         state_key_v2 = f"promotions_v2/{channel}/{target_uid}/{sha}"
-        self._state.add(state_key_v2, data.dict(), force=True)
+        self._state.add(state_key_v2, data.model_dump(), force=True)
         logging.info("Uploaded %s to %s", data, state_key_v2)

reconcile/utils/raw_github_api.py

@@ -1,8 +1,11 @@
 import os
+from typing import Any
 
 import requests
 from sretoolbox.utils import retry
 
+Headers = dict[str, str | bytes | None]
+
 
 class RawGithubApi:
     """
@@ -18,10 +21,10 @@ class RawGithubApi:
         "application/vnd.github.dazzler-preview+json"
     }
 
-    def __init__(self, password):
+    def __init__(self, password: str) -> None:
         self.password = password
 
-    def headers(self, headers=None):
+    def headers(self, headers: Headers | None = None) -> Headers:
         if headers is None:
             headers = {}
         new_headers = headers.copy()
@@ -29,13 +32,13 @@ class RawGithubApi:
         new_headers["Authorization"] = "token %s" % (self.password,)
         return new_headers
 
-    def patch(self, url):
+    def patch(self, url: str) -> requests.Response:
         res = requests.patch(url, headers=self.headers(), timeout=60)
         res.raise_for_status()
         return res
 
     @retry()
-    def query(self, url, headers=None):
+    def query(self, url: str, headers: Headers | None = None) -> Any:
         if headers is None:
             headers = {}
         h = self.headers(headers)
@@ -64,7 +67,7 @@ class RawGithubApi:
 
         return result
 
-    def org_invitations(self, org):
+    def org_invitations(self, org: str) -> list[str]:
         invitations = self.query(f"/orgs/{org}/invitations")
 
         return [
@@ -73,7 +76,7 @@ class RawGithubApi:
             if login is not None
         ]
 
-    def team_invitations(self, org_id, team_id):
+    def team_invitations(self, org_id: str | int, team_id: str | int) -> list[str]:
         invitations = self.query(f"/organizations/{org_id}/team/{team_id}/invitations")
 
         return [
@@ -82,10 +85,10 @@ class RawGithubApi:
             if login is not None
         ]
 
-    def repo_invitations(self):
+    def repo_invitations(self) -> list[dict[str, Any]]:
         return self.query("/user/repository_invitations")
 
-    def accept_repo_invitation(self, invitation_id):
+    def accept_repo_invitation(self, invitation_id: int) -> None:
         url = self.BASE_URL + f"/user/repository_invitations/{invitation_id}"
         res = self.patch(url)
         res.raise_for_status()