qontract-reconcile 0.10.2.dev345__py3-none-any.whl → 0.10.2.dev408__py3-none-any.whl

reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py

@@ -34,6 +34,9 @@ query JiraBoardsForPermissionValidation {
     name
     server {
       serverUrl
+      email {
+        ...VaultSecret
+      }
       token {
         ...VaultSecret
       }
@@ -73,6 +76,7 @@ class ConfiguredBaseModel(BaseModel):
 
 class JiraServerV1(ConfiguredBaseModel):
     server_url: str = Field(..., alias="serverUrl")
+    email: Optional[VaultSecret] = Field(..., alias="email")
     token: VaultSecret = Field(..., alias="token")
 
 

reconcile/gql_definitions/terraform_init/aws_accounts.py

@@ -17,10 +17,18 @@ from pydantic import (  # noqa: F401 # pylint: disable=W0611
     Json,
 )
 
+from reconcile.gql_definitions.fragments.aws_organization import AWSOrganization
 from reconcile.gql_definitions.fragments.vault_secret import VaultSecret
 
 
 DEFINITION = """
+fragment AWSOrganization on AWSOrganization_v1 {
+  payerAccount {
+    organizationAccountTags
+  }
+  tags
+}
+
 fragment VaultSecret on VaultSecret_v1 {
   path
   field
@@ -33,6 +41,7 @@ query TerraformInitAWSAccounts {
     name
     terraformUsername
     terraformState {
+      bucket
       region
     }
     resourcesDefaultRegion
@@ -42,6 +51,9 @@ query TerraformInitAWSAccounts {
     disable {
       integrations
     }
+    organization {
+      ...AWSOrganization
+    }
   }
 }
 """
@@ -54,6 +66,7 @@ class ConfiguredBaseModel(BaseModel):
 
 
 class TerraformStateAWSV1(ConfiguredBaseModel):
+    bucket: str = Field(..., alias="bucket")
     region: str = Field(..., alias="region")
 
 
@@ -68,6 +81,7 @@ class AWSAccountV1(ConfiguredBaseModel):
     resources_default_region: str = Field(..., alias="resourcesDefaultRegion")
     automation_token: VaultSecret = Field(..., alias="automationToken")
     disable: Optional[DisableClusterAutomationsV1] = Field(..., alias="disable")
+    organization: Optional[AWSOrganization] = Field(..., alias="organization")
 
 
 class TerraformInitAWSAccountsQueryData(ConfiguredBaseModel):

reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py

@@ -80,6 +80,7 @@ query TerraformResourcesNamespaces {
             }
           }
           provider
+          tags
           ... on NamespaceTerraformResourceRDS_v1 {
             region
             identifier
@@ -107,6 +108,17 @@ query TerraformResourcesNamespaces {
             }
             managed_by_erv2
           }
+          ... on NamespaceTerraformResourceRDSProxy_v1 {
+            region
+            identifier
+            defaults
+            overrides
+            output_resource_name
+            annotations
+            tags
+            managed_by_erv2
+          }
+
           ... on NamespaceTerraformResourceS3_v1 {
             region
             identifier
@@ -396,6 +408,7 @@ query TerraformResourcesNamespaces {
             }
             output_resource_name
             annotations
+            secret_format
           }
           ... on NamespaceTerraformResourceASG_v1 {
             region
@@ -505,9 +518,12 @@ query TerraformResourcesNamespaces {
     }
     environment {
       name
+      servicePhase
     }
     app {
       name
+      appCode
+      costCenter
     }
     cluster {
       name
@@ -561,6 +577,7 @@ class NamespaceTerraformResourceGenericSecretOutputFormatV1(NamespaceTerraformRe
 class NamespaceTerraformResourceAWSV1(ConfiguredBaseModel):
     output_format: Optional[Union[NamespaceTerraformResourceGenericSecretOutputFormatV1, NamespaceTerraformResourceOutputFormatV1]] = Field(..., alias="output_format")
     provider: str = Field(..., alias="provider")
+    tags: Optional[str] = Field(..., alias="tags")
 
 
 class AWSRDSEventNotificationV1(ConfiguredBaseModel):
@@ -593,6 +610,17 @@ class NamespaceTerraformResourceRDSV1(NamespaceTerraformResourceAWSV1):
     managed_by_erv2: Optional[bool] = Field(..., alias="managed_by_erv2")
 
 
+class NamespaceTerraformResourceRDSProxyV1(NamespaceTerraformResourceAWSV1):
+    region: Optional[str] = Field(..., alias="region")
+    identifier: str = Field(..., alias="identifier")
+    defaults: str = Field(..., alias="defaults")
+    overrides: Optional[str] = Field(..., alias="overrides")
+    output_resource_name: Optional[str] = Field(..., alias="output_resource_name")
+    annotations: Optional[str] = Field(..., alias="annotations")
+    tags: Optional[str] = Field(..., alias="tags")
+    managed_by_erv2: Optional[bool] = Field(..., alias="managed_by_erv2")
+
+
 class AWSS3EventNotificationV1(ConfiguredBaseModel):
     destination_type: str = Field(..., alias="destination_type")
     destination: str = Field(..., alias="destination")
@@ -944,6 +972,7 @@ class NamespaceTerraformResourceSecretsManagerV1(NamespaceTerraformResourceAWSV1
     secret: Optional[VaultSecret] = Field(..., alias="secret")
     output_resource_name: Optional[str] = Field(..., alias="output_resource_name")
     annotations: Optional[str] = Field(..., alias="annotations")
+    secret_format: Optional[str] = Field(..., alias="secret_format")
 
 
 class CloudinitConfigV1(ConfiguredBaseModel):
@@ -1071,15 +1100,18 @@ class NamespaceTerraformResourceMskV1(NamespaceTerraformResourceAWSV1):
 
 
 class NamespaceTerraformProviderResourceAWSV1(NamespaceExternalResourceV1):
-    resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceALBV1, NamespaceTerraformResourceRosaAuthenticatorV1, NamespaceTerraformResourceRoleV1, NamespaceTerraformResourceS3V1, NamespaceTerraformResourceASGV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceSNSTopicV1, NamespaceTerraformResourceCloudWatchV1, NamespaceTerraformResourceServiceAccountV1, NamespaceTerraformResourceS3SQSV1, NamespaceTerraformResourceKMSV1, NamespaceTerraformResourceRosaAuthenticatorVPCEV1, NamespaceTerraformResourceMskV1, NamespaceTerraformResourceS3CloudFrontV1, NamespaceTerraformResourceElasticSearchV1, NamespaceTerraformResourceACMV1, NamespaceTerraformResourceKinesisV1, NamespaceTerraformResourceRoute53ZoneV1, NamespaceTerraformResourceSQSV1, NamespaceTerraformResourceDynamoDBV1, NamespaceTerraformResourceECRV1, NamespaceTerraformResourceS3CloudFrontPublicKeyV1, NamespaceTerraformResourceSecretsManagerV1, NamespaceTerraformResourceSecretsManagerServiceAccountV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
+    resources: list[Union[NamespaceTerraformResourceRDSV1, NamespaceTerraformResourceALBV1, NamespaceTerraformResourceRosaAuthenticatorV1, NamespaceTerraformResourceRoleV1, NamespaceTerraformResourceS3V1, NamespaceTerraformResourceASGV1, NamespaceTerraformResourceRDSProxyV1, NamespaceTerraformResourceElastiCacheV1, NamespaceTerraformResourceSNSTopicV1, NamespaceTerraformResourceCloudWatchV1, NamespaceTerraformResourceServiceAccountV1, NamespaceTerraformResourceS3SQSV1, NamespaceTerraformResourceKMSV1, NamespaceTerraformResourceRosaAuthenticatorVPCEV1, NamespaceTerraformResourceMskV1, NamespaceTerraformResourceS3CloudFrontV1, NamespaceTerraformResourceElasticSearchV1, NamespaceTerraformResourceACMV1, NamespaceTerraformResourceKinesisV1, NamespaceTerraformResourceSecretsManagerV1, NamespaceTerraformResourceRoute53ZoneV1, NamespaceTerraformResourceSQSV1, NamespaceTerraformResourceDynamoDBV1, NamespaceTerraformResourceECRV1, NamespaceTerraformResourceS3CloudFrontPublicKeyV1, NamespaceTerraformResourceSecretsManagerServiceAccountV1, NamespaceTerraformResourceAWSV1]] = Field(..., alias="resources")
 
 
 class EnvironmentV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
+    service_phase: str = Field(..., alias="servicePhase")
 
 
 class AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
+    app_code: str = Field(..., alias="appCode")
+    cost_center: str = Field(..., alias="costCenter")
 
 
 class ClusterSpecV1(ConfiguredBaseModel):

reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py

@@ -51,6 +51,16 @@ fragment AWSAccountCommon on AWSAccount_v1 {
   deleteKeys
   premiumSupport
   partition
+  organization {
+    ...AWSOrganization
+  }
+}
+
+fragment AWSOrganization on AWSOrganization_v1 {
+  payerAccount {
+    organizationAccountTags
+  }
+  tags
 }
 
 fragment TerraformState on TerraformStateAWS_v1 {

reconcile/jenkins_worker_fleets.py

@@ -195,6 +195,7 @@ def run(dry_run: bool) -> None:
         accounts=[],
         settings=settings,
         prefetch_resources_by_schemas=["/aws/asg-defaults-1.yml"],
+        default_tags=None,
     )
 
     for instance in jenkins_instances:

reconcile/jira_permissions_validator.py

@@ -24,7 +24,7 @@ from reconcile.typed_queries.jiralert_settings import get_jiralert_settings
 from reconcile.utils import gql, metrics
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
-from reconcile.utils.jira_client import JiraClient, JiraWatcherSettings
+from reconcile.utils.jira_client import IssueType, JiraClient, JiraWatcherSettings
 from reconcile.utils.runtime.integration import DesiredStateShardConfig
 from reconcile.utils.secret_reader import SecretReaderBase, create_secret_reader
 from reconcile.utils.semver_helper import make_semver
@@ -33,8 +33,6 @@ from reconcile.utils.state import State, init_state
 QONTRACT_INTEGRATION = "jira-permissions-validator"
 QONTRACT_INTEGRATION_VERSION = make_semver(1, 2, 0)
 
-NameToIdMap = dict[str, str]
-
 
 class BaseMetric(BaseModel):
     """Base class for metrics"""
@@ -64,9 +62,6 @@ class ValidationError(IntFlag):
     PROJECT_ARCHIVED = auto()
 
 
-CustomIssueFields = dict[str, dict[str, str]]
-
-
 class RunnerParams(TypedDict):
     boards: list[JiraBoardV1]
     board_check_interval_sec: int
@@ -77,6 +72,179 @@ class CacheSource(TypedDict):
     boards: list
 
 
+NameToIdMap = dict[str, str]
+CustomIssueFields = dict[str, dict[str, str]]
+NO_ERRORS = ValidationError(0)
+
+
+def _validate_project_archived(jira: JiraClient, board: JiraBoardV1) -> ValidationError:
+    """Validate that the project is not archived."""
+    if jira.is_archived:
+        logging.error(f"[{board.name}] project is archived")
+        return ValidationError.PROJECT_ARCHIVED
+    return NO_ERRORS
+
+
+def _validate_permissions(jira: JiraClient, board: JiraBoardV1) -> ValidationError:
+    """Validate that the bot has necessary permissions to create and transition issues."""
+    error = NO_ERRORS
+
+    if not jira.can_create_issues():
+        logging.error(f"[{board.name}] can not create issues in project")
+        error |= ValidationError.CANT_CREATE_ISSUE
+
+    if not jira.can_transition_issues():
+        logging.error(
+            f"[{board.name}] AppSRE Jira Bot user does not have the permission to change the issue status."
+        )
+        error |= ValidationError.CANT_TRANSITION_ISSUES
+
+    return error
+
+
+def _validate_components(jira: JiraClient, board: JiraBoardV1) -> ValidationError:
+    """Validate that all escalation policy components exist in the project."""
+    error = NO_ERRORS
+    components = jira.components()
+
+    for escalation_policy in board.escalation_policies or []:
+        for jira_component in escalation_policy.channels.jira_components or []:
+            if jira_component not in components:
+                logging.error(
+                    f"[{board.name}] escalation policy '{escalation_policy.name}' references a non existing Jira component "
+                    f"'{jira_component}'. Valid components: {components}"
+                )
+                error |= ValidationError.INVALID_COMPONENT
+
+    return error
+
+
+def _validate_issue_type(
+    jira: JiraClient, board: JiraBoardV1, default_issue_type: str
+) -> tuple[ValidationError, IssueType | None]:
+    """Validate that the issue type exists and has statuses."""
+    error = NO_ERRORS
+    issue_type = board.issue_type or default_issue_type
+    project_issue_type = jira.get_issue_type(issue_type)
+
+    if not project_issue_type:
+        project_issue_types_str = ", ".join(t.name for t in jira.project_issue_types())
+        logging.error(
+            f"[{board.name}] '{issue_type}' is not a valid issue type in project. Valid issue types: {project_issue_types_str}"
+        )
+        error |= ValidationError.INVALID_ISSUE_TYPE
+        return error, None
+
+    if not project_issue_type.statuses:
+        logging.error(
+            f"[{board.name}] '{issue_type}' doesn't have any status. Choose a different issue type."
+        )
+        error |= ValidationError.INVALID_ISSUE_TYPE
+
+    return error, project_issue_type
+
+
+def _validate_issue_states(
+    board: JiraBoardV1, project_issue_type: IssueType, default_reopen_state: str
+) -> ValidationError:
+    """Validate that reopen and resolve states are valid for the issue type."""
+    error = NO_ERRORS
+
+    reopen_state = board.issue_reopen_state or default_reopen_state
+    if reopen_state.lower() not in [t.lower() for t in project_issue_type.statuses]:
+        logging.error(
+            f"[{board.name}] '{reopen_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
+        )
+        error |= ValidationError.INVALID_ISSUE_STATE
+
+    if board.issue_resolve_state and board.issue_resolve_state.lower() not in [
+        t.lower() for t in project_issue_type.statuses
+    ]:
+        logging.error(
+            f"[{board.name}] '{board.issue_resolve_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
+        )
+        error |= ValidationError.INVALID_ISSUE_STATE
+
+    return error
+
+
+def _validate_issue_fields(
+    jira: JiraClient, board: JiraBoardV1, project_issue_type: IssueType
+) -> tuple[ValidationError, CustomIssueFields]:
+    """Validate that custom fields exist and have valid values."""
+    error = NO_ERRORS
+    custom_fields: CustomIssueFields = {}
+
+    for field in board.issue_fields or []:
+        project_issue_field = jira.project_issue_field(
+            issue_type_id=project_issue_type.id, field=field.name
+        )
+        if not project_issue_field:
+            logging.error(
+                f"[{board.name}] '{field.name}' is not a valid field for '{project_issue_type.name}' in this project."
+            )
+            error |= ValidationError.INVALID_ISSUE_FIELD
+            continue
+
+        for option in project_issue_field.options:
+            if option == field.value:
+                custom_fields[project_issue_field.id] = option.dict()
+                break
+        else:
+            logging.error(
+                f"[{board.name}] '{field.name}' has an invalid value '{field.value}'. Valid values: {project_issue_field.options}"
+            )
+            error |= ValidationError.INVALID_ISSUE_FIELD
+
+    return error, custom_fields
+
+
+def _validate_security_level(
+    board: JiraBoardV1, public_projects: Iterable[str]
+) -> ValidationError:
+    """Validate that public projects have a security level defined."""
+    if board.name in public_projects and "Security Level" not in [
+        f.name for f in board.issue_fields or []
+    ]:
+        logging.error(
+            f"[{board.name}] is a public project, but the security level is not defined. Please add 'Security Level' field to the issueFields!"
+        )
+        return ValidationError.PUBLIC_PROJECT_NO_SECURITY_LEVEL
+    return NO_ERRORS
+
+
+def _validate_priorities(
+    jira: JiraClient, board: JiraBoardV1, jira_server_priorities: NameToIdMap
+) -> ValidationError:
+    """Validate that all priority mappings are valid for the project."""
+    error = NO_ERRORS
+    project_priorities = jira.project_priority_scheme()
+    project_priorities_names = [
+        p_name
+        for project_p_id in project_priorities
+        for p_name, p_id in jira_server_priorities.items()
+        if p_id == project_p_id
+    ]
+
+    for priority in board.severity_priority_mappings.mappings:
+        if priority.priority not in jira_server_priorities:
+            logging.error(
+                f"[{board.name}] {priority.priority} is not a valid Jira priority. Valid priorities: {project_priorities_names}"
+            )
+            error |= ValidationError.INVALID_PRIORITY
+            continue
+        if (
+            project_priorities
+            and jira_server_priorities[priority.priority] not in project_priorities
+        ):
+            logging.error(
+                f"[{board.name}] {priority.priority} is not a valid priority in project. Valid priorities: {project_priorities_names}"
+            )
+            error |= ValidationError.INVALID_PRIORITY
+
+    return error
+
+
 def board_is_valid(
     jira: JiraClient,
     board: JiraBoardV1,
@@ -85,123 +253,52 @@ def board_is_valid(
     jira_server_priorities: NameToIdMap,
     public_projects: Iterable[str],
 ) -> tuple[ValidationError, CustomIssueFields]:
-    error = ValidationError(0)
+    """Validate all Jira board settings.
+
+    This method orchestrates multiple validation checks for a Jira board configuration.
+    Each validation is performed by a dedicated helper function that focuses on a specific
+    aspect of the board configuration.
+
+    Returns:
+        A tuple of (ValidationError flags, custom_fields dict)
+    """
+    error = NO_ERRORS
     custom_fields: CustomIssueFields = {}
 
     try:
-        if jira.is_archived:
-            logging.error(f"[{board.name}] project is archived")
-            return ValidationError.PROJECT_ARCHIVED, custom_fields
+        # Check if project is archived (early exit)
+        archived_error = _validate_project_archived(jira, board)
+        if archived_error:
+            return archived_error, custom_fields
 
-        if not jira.can_create_issues():
-            logging.error(f"[{board.name}] can not create issues in project")
-            error |= ValidationError.CANT_CREATE_ISSUE
+        # Validate permissions
+        error |= _validate_permissions(jira, board)
 
-        if not jira.can_transition_issues():
-            logging.error(
-                f"[{board.name}] AppSRE Jira Bot user does not have the permission to change the issue status."
-            )
-            error |= ValidationError.CANT_TRANSITION_ISSUES
-
-        components = jira.components()
-        for escalation_policy in board.escalation_policies or []:
-            for jira_component in escalation_policy.channels.jira_components or []:
-                if jira_component not in components:
-                    logging.error(
-                        f"[{board.name}] escalation policy '{escalation_policy.name}' references a non existing Jira component "
-                        f"'{jira_component}'. Valid components: {components}"
-                    )
-                    error |= ValidationError.INVALID_COMPONENT
+        # Validate components
+        error |= _validate_components(jira, board)
 
-        issue_type = board.issue_type or default_issue_type
-        project_issue_type = jira.get_issue_type(issue_type)
-        if not project_issue_type:
-            project_issue_types_str = ", ".join(
-                t.name for t in jira.project_issue_types()
-            )
-            logging.error(
-                f"[{board.name}] '{issue_type}' is not a valid issue type in project. Valid issue types: {project_issue_types_str}"
-            )
-            error |= ValidationError.INVALID_ISSUE_TYPE
+        # Validate issue type
+        issue_type_error, project_issue_type = _validate_issue_type(
+            jira, board, default_issue_type
+        )
+        error |= issue_type_error
 
+        # If issue type is valid, perform additional validations
         if project_issue_type:
-            # Check issue attributes
-            if not project_issue_type.statuses:
-                logging.error(
-                    f"[{board.name}] '{issue_type}' doesn't have any status. Choose a different issue type."
-                )
-                error |= ValidationError.INVALID_ISSUE_TYPE
-
-            reopen_state = board.issue_reopen_state or default_reopen_state
-            if reopen_state.lower() not in [
-                t.lower() for t in project_issue_type.statuses
-            ]:
-                logging.error(
-                    f"[{board.name}] '{reopen_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
-                )
-                error |= ValidationError.INVALID_ISSUE_STATE
-
-            if board.issue_resolve_state and board.issue_resolve_state.lower() not in [
-                t.lower() for t in project_issue_type.statuses
-            ]:
-                logging.error(
-                    f"[{board.name}] '{board.issue_resolve_state}' is not a valid state in project. Valid states: {project_issue_type.statuses}"
-                )
-                error |= ValidationError.INVALID_ISSUE_STATE
+            error |= _validate_issue_states(
+                board, project_issue_type, default_reopen_state
+            )
+            fields_error, custom_fields = _validate_issue_fields(
+                jira, board, project_issue_type
+            )
+            error |= fields_error
 
-            for field in board.issue_fields or []:
-                project_issue_field = jira.project_issue_field(
-                    issue_type_id=project_issue_type.id, field=field.name
-                )
-                if not project_issue_field:
-                    logging.error(
-                        f"[{board.name}] '{field.name}' is not a valid field for '{project_issue_type.name}' in this project."
-                    )
+        # Validate security level for public projects
+        error |= _validate_security_level(board, public_projects)
 
-                    error |= ValidationError.INVALID_ISSUE_FIELD
-                    continue
+        # Validate priorities
+        error |= _validate_priorities(jira, board, jira_server_priorities)
 
-                for option in project_issue_field.options:
-                    if option == field.value:
-                        # cache the field id and option value/name for later use, e.g. in jiralert templates
-                        custom_fields[project_issue_field.id] = option.dict()
-                        break
-                else:
-                    # field.value is not in the allowed options
-                    logging.error(
-                        f"[{board.name}] '{field.name}' has an invalid value '{field.value}'. Valid values: {project_issue_field.options}"
-                    )
-                    error |= ValidationError.INVALID_ISSUE_FIELD
-                    continue
-
-        if board.name in public_projects and "Security Level" not in [
-            f.name for f in board.issue_fields or []
-        ]:
-            logging.error(
-                f"[{board.name}] is a public project, but the security level is not defined. Please add 'Security Level' field to the issueFields!"
-            )
-            error |= ValidationError.PUBLIC_PROJECT_NO_SECURITY_LEVEL
-
-        project_priorities = jira.project_priority_scheme()
-        # get the priority names from the project priorities ids
-        project_priorities_names = [
-            p_name
-            for project_p_id in project_priorities
-            for p_name, p_id in jira_server_priorities.items()
-            if p_id == project_p_id
-        ]
-        for priority in board.severity_priority_mappings.mappings:
-            if priority.priority not in jira_server_priorities:
-                logging.error(
-                    f"[{board.name}] {priority.priority} is not a valid Jira priority. Valid priorities: {project_priorities_names}"
-                )
-                error |= ValidationError.INVALID_PRIORITY
-                continue
-            if jira_server_priorities[priority.priority] not in project_priorities:
-                logging.error(
-                    f"[{board.name}] {priority.priority} is not a valid priority in project. Valid priorities: {project_priorities_names}"
-                )
-                error |= ValidationError.INVALID_PRIORITY
     except JIRAError as e:
         if e.status_code == 401:
             # sporadic 401 errors, retrying
@@ -228,25 +325,41 @@ def validate_boards(
     dry_run: bool,
     state: State,
     jira_client_class: type[JiraClient] = JiraClient,
+    use_cache: bool = False,
 ) -> bool:
+    """Validate all Jira boards.
+
+    The method iterates over all Jira boards and checks if the configuration is valid. If no errors
+    are found, it will skip the next check for the board until the next run time is reached.
+    The next run time is calculated based on the board's check interval and some randomness to avoid
+    all boards checking at the same time.
+
+    Additionally, for any Jira board with a permission error, a Prometheus metric will be set to trigger an alert.
+
+    Returns True if there were any errors. See ValidationError and log messages for details.
+    """
     error = False
     jira_clients: dict[str, JiraClient] = {}
     for board in jira_boards:
-        next_run_time = state.get(board.name, 0)
-        if time.time() <= next_run_time:
-            if not dry_run:
-                # always skip for non-dry-run mode
-                continue
-            # dry-run mode
-            elif len(jira_boards) > 1:
-                logging.info(f"[{board.name}] Use cache results. Skipping ...")
-                continue
+        if use_cache:
+            next_run_time = state.get(board.name, 0)
+            if time.time() <= next_run_time:
+                if not dry_run:
+                    # always skip for non-dry-run mode
+                    continue
+                # dry-run mode
+                elif len(jira_boards) > 1:
+                    logging.info(f"[{board.name}] Use cache results. Skipping ...")
+                    continue
 
         logging.debug(f"[{board.name}] checking ...")
         if board.server.server_url not in jira_clients:
             jira_clients[board.server.server_url] = jira_client_class.create(
                 project_name=board.name,
                 token=secret_reader.read_secret(board.server.token),
+                email=secret_reader.read_secret(board.server.email)
+                if board.server.email
+                else None,
                 server_url=board.server.server_url,
                 jira_watcher_settings=jira_client_settings,
             )
@@ -326,6 +439,7 @@ def run(
     dry_run: bool,
     jira_board_name: list[str] | None = None,
     board_check_interval_sec: int = 3600,
+    use_cache: bool = False,
     defer: Callable | None = None,
 ) -> None:
     gql_api = gql.get_api()
@@ -349,6 +463,7 @@ def run(
             board_check_interval_sec=board_check_interval_sec,
             dry_run=dry_run,
             state=state,
+            use_cache=use_cache,
         )
 
     if error:

reconcile/ocm/types.py

@@ -4,6 +4,7 @@ from pydantic import (
     BaseModel,
     Extra,
     Field,
+    validator,
 )
 
 
@@ -36,6 +37,11 @@ class OCMClusterSpec(BaseModel):
     initial_version: str | None
     version: str
     hypershift: bool | None
+    fips: bool = False
+
+    @validator("fips", pre=True)
+    def set_fips_default(cls, v: bool | None) -> bool:
+        return v or False
 
     class Config:
         extra = Extra.forbid