PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev349py3-none-any.whl → 0.10.2.dev414py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (356) hide show

{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/METADATA +12 -11
{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/RECORD +356 -350
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +15 -12
reconcile/aus/base.py +26 -27
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +1 -1
reconcile/automated_actions/config/integration.py +15 -3
reconcile/aws_account_manager/integration.py +8 -8
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +2 -2
reconcile/aws_iam_keys.py +7 -41
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +32 -25
reconcile/aws_version_sync/integration.py +6 -12
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +1 -1
reconcile/change_owners/diff.py +2 -4
reconcile/checkpoint.py +11 -3
reconcile/cli.py +33 -8
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +123 -117
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +9 -11
reconcile/external_resources/factories.py +5 -12
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +24 -10
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +13 -13
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +6 -8
reconcile/external_resources/state.py +60 -17
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +8 -5
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_mr_sqs_consumer.py +2 -2
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +5 -5
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +5 -5
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +46 -7
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +5 -5
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +27 -66
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +5 -5
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +5 -5
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +5 -5
reconcile/gql_definitions/common/alerting_services_settings.py +5 -5
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +5 -5
reconcile/gql_definitions/common/app_interface_state_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +15 -5
reconcile/gql_definitions/common/aws_vpcs.py +5 -5
reconcile/gql_definitions/common/clusters.py +7 -5
reconcile/gql_definitions/common/clusters_minimal.py +5 -5
reconcile/gql_definitions/common/clusters_with_dms.py +5 -5
reconcile/gql_definitions/common/clusters_with_peering.py +5 -5
reconcile/gql_definitions/common/github_orgs.py +5 -5
reconcile/gql_definitions/common/jira_settings.py +5 -5
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +5 -5
reconcile/gql_definitions/common/namespaces_minimal.py +7 -5
reconcile/gql_definitions/common/ocm_env_telemeter.py +5 -5
reconcile/gql_definitions/common/ocm_environments.py +5 -5
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -5
reconcile/gql_definitions/common/pipeline_providers.py +5 -5
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +5 -5
reconcile/gql_definitions/common/saas_target_namespaces.py +5 -5
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +5 -5
reconcile/gql_definitions/common/state_aws_account.py +5 -5
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +5 -5
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +5 -5
reconcile/gql_definitions/email_sender/users.py +5 -5
reconcile/gql_definitions/endpoints_discovery/apps.py +5 -5
reconcile/gql_definitions/external_resources/aws_accounts.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_modules.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +89 -6
reconcile/gql_definitions/external_resources/external_resources_settings.py +7 -5
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +5 -5
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/aws_organization.py +33 -0
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +7 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +5 -5
reconcile/gql_definitions/gcp/gcp_projects.py +5 -5
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +5 -5
reconcile/gql_definitions/gitlab_members/permissions.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_project.py +5 -5
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +5 -5
reconcile/gql_definitions/integrations/integrations.py +5 -5
reconcile/gql_definitions/introspection.json +2137 -1053
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +5 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +5 -5
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +9 -5
reconcile/gql_definitions/jumphosts/jumphosts.py +5 -5
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +5 -5
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +5 -5
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +5 -5
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +5 -5
reconcile/gql_definitions/quay_membership/quay_membership.py +5 -5
reconcile/gql_definitions/rhcs/certs.py +5 -5
reconcile/gql_definitions/rhidp/organizations.py +5 -5
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +5 -5
reconcile/gql_definitions/sharding/aws_accounts.py +5 -5
reconcile/gql_definitions/sharding/ocm_organization.py +5 -5
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +5 -5
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +5 -5
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +5 -5
reconcile/gql_definitions/statuspage/statuspages.py +5 -5
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +5 -5
reconcile/gql_definitions/terraform_init/aws_accounts.py +19 -5
reconcile/gql_definitions/terraform_repo/terraform_repo.py +5 -5
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +38 -6
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +15 -5
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +5 -5
reconcile/gql_definitions/vault_instances/vault_instances.py +5 -5
reconcile/gql_definitions/vault_policies/vault_policies.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +5 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_worker_fleets.py +10 -8
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -56
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +23 -23
reconcile/openshift_base.py +53 -2
reconcile/openshift_cluster_bots.py +3 -2
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +97 -101
reconcile/openshift_resources_base.py +6 -2
reconcile/openshift_rhcs_certs.py +5 -5
reconcile/openshift_rolebindings.py +7 -11
reconcile/openshift_saas_deploy.py +6 -7
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +2 -2
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/prometheus_rules_tester/integration.py +3 -3
reconcile/quay_mirror.py +1 -1
reconcile/queries.py +131 -1
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +1 -1
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +4 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +3 -0
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +4 -3
reconcile/terraform_aws_route53.py +7 -1
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +5 -5
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +17 -7
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +7 -0
reconcile/terraform_vpc_peerings.py +14 -3
reconcile/terraform_vpc_resources/integration.py +10 -1
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +13 -13
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aggregated_list.py +4 -3
reconcile/utils/aws_api.py +51 -54
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +24 -1
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +7 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gql.py +4 -7
reconcile/utils/helm.py +2 -1
reconcile/utils/helpers.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jinja2/utils.py +6 -101
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +9 -12
reconcile/utils/jobcontroller/controller.py +1 -1
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +70 -0
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/base.py +2 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +3 -2
reconcile/utils/oc.py +118 -97
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +17 -20
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/products.py +9 -3
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/openshift_resource.py +10 -5
reconcile/utils/output.py +3 -2
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/raw_github_api.py +1 -1
reconcile/utils/rhcsv2_certs.py +1 -4
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +25 -21
reconcile/utils/saasherder/saasherder.py +35 -24
reconcile/utils/slack_api.py +26 -4
reconcile/utils/sloth.py +171 -2
reconcile/utils/sqs_gateway.py +2 -1
reconcile/utils/state.py +2 -1
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +5 -4
reconcile/utils/terrascript_aws_client.py +171 -114
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +5 -12
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +107 -42
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +3 -1
tools/cli_commands/systems_and_tools.py +5 -1
tools/qontract_cli.py +31 -18
tools/template_validation.py +3 -1
{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/WHEEL +0 -0
{qontract_reconcile-0.10.2.dev349.dist-info → qontract_reconcile-0.10.2.dev414.dist-info}/entry_points.txt +0 -0

reconcile/ocm_machine_pools.py CHANGED Viewed

@@ -7,11 +7,7 @@ from collections.abc import Iterable, Mapping
 from enum import Enum
 from typing import Any, Self
-from pydantic import (
-    BaseModel,
-    Field,
-    root_validator,
-)
+from pydantic import BaseModel, Field, model_validator
 from reconcile import queries
 from reconcile.gql_definitions.common.clusters import (
@@ -22,6 +18,7 @@ from reconcile.gql_definitions.common.clusters import (
 from reconcile.typed_queries.clusters import get_clusters
 from reconcile.utils.differ import diff_mappings
 from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.json import json_dumps
 from reconcile.utils.ocm import (
     DEFAULT_OCM_MACHINE_POOL_ID,
     OCM,
@@ -61,7 +58,8 @@ class MachinePoolAutoscaling(AbstractAutoscaling):
     min_replicas: int
     max_replicas: int
-    @root_validator()
+    @model_validator(mode="before")
+    @classmethod
     def max_greater_min(cls, field_values: Mapping[str, Any]) -> Mapping[str, Any]:
         min_replicas = field_values.get("min_replicas")
         max_replicas = field_values.get("max_replicas")
@@ -82,7 +80,8 @@ class NodePoolAutoscaling(AbstractAutoscaling):
     min_replica: int
     max_replica: int
-    @root_validator()
+    @model_validator(mode="before")
+    @classmethod
     def max_greater_min(cls, field_values: Mapping[str, Any]) -> Mapping[str, Any]:
         min_replica = field_values.get("min_replica")
         max_replica = field_values.get("max_replica")
@@ -103,14 +102,15 @@ class AbstractPool(ABC, BaseModel):
     # Abstract class for machine pools, to be implemented by OSD/HyperShift classes
     id: str
-    replicas: int | None
-    taints: list[Mapping[str, str]] | None
-    labels: Mapping[str, str] | None
+    replicas: int | None = None
+    taints: list[Mapping[str, str]] | None = None
+    labels: Mapping[str, str] | None = None
     cluster: str
     cluster_type: ClusterType = Field(..., exclude=True)
-    autoscaling: AbstractAutoscaling | None
+    autoscaling: AbstractAutoscaling | None = None
-    @root_validator()
+    @model_validator(mode="before")
+    @classmethod
     def validate_scaling(cls, field_values: Mapping[str, Any]) -> Mapping[str, Any]:
         if field_values.get("autoscaling") and field_values.get("replicas"):
             raise ValueError("autoscaling and replicas are mutually exclusive")
@@ -154,13 +154,13 @@ class MachinePool(AbstractPool):
     instance_type: str
     def delete(self, ocm: OCM) -> None:
-        ocm.delete_machine_pool(self.cluster, self.dict(by_alias=True))
+        ocm.delete_machine_pool(self.cluster, self.model_dump(by_alias=True))
     def create(self, ocm: OCM) -> None:
-        ocm.create_machine_pool(self.cluster, self.dict(by_alias=True))
+        ocm.create_machine_pool(self.cluster, self.model_dump(by_alias=True))
     def update(self, ocm: OCM) -> None:
-        update_dict = self.dict(by_alias=True)
+        update_dict = self.model_dump(by_alias=True)
         # can not update instance_type
         del update_dict["instance_type"]
         if not update_dict["labels"]:
@@ -214,7 +214,7 @@ class MachinePool(AbstractPool):
             replicas=pool.replicas,
             autoscaling=autoscaling,
             instance_type=pool.instance_type,
-            taints=[p.dict(by_alias=True) for p in pool.taints or []],
+            taints=[p.model_dump(by_alias=True) for p in pool.taints or []],
             labels=pool.labels,
             cluster=cluster,
             cluster_type=cluster_type,
@@ -232,14 +232,14 @@ class NodePool(AbstractPool):
     subnet: str | None
     def delete(self, ocm: OCM) -> None:
-        ocm.delete_node_pool(self.cluster, self.dict(by_alias=True))
+        ocm.delete_node_pool(self.cluster, self.model_dump(by_alias=True))
     def create(self, ocm: OCM) -> None:
-        spec = self.dict(by_alias=True)
+        spec = self.model_dump(by_alias=True)
         ocm.create_node_pool(self.cluster, spec)
     def update(self, ocm: OCM) -> None:
-        update_dict = self.dict(by_alias=True)
+        update_dict = self.model_dump(by_alias=True)
         # can not update instance_type
         del update_dict["aws_node_pool"]
         # can not update subnet
@@ -297,7 +297,7 @@ class NodePool(AbstractPool):
             aws_node_pool=AWSNodePool(
                 instance_type=pool.instance_type,
             ),
-            taints=[p.dict(by_alias=True) for p in pool.taints or []],
+            taints=[p.model_dump(by_alias=True) for p in pool.taints or []],
             labels=pool.labels,
             subnet=pool.subnet,
             cluster=cluster,
@@ -312,7 +312,7 @@ class PoolHandler(BaseModel):
     pool: AbstractPool
     def act(self, dry_run: bool, ocm: OCM) -> None:
-        logging.info(f"{self.action} {self.pool.dict(by_alias=True)}")
+        logging.info(f"{self.action} {self.pool.model_dump(by_alias=True)}")
         if dry_run:
             return
@@ -469,7 +469,7 @@ def calculate_diff(
         if invalid_diff:
             errors.append(
                 InvalidUpdateError(
-                    f"can not update {invalid_diff} for existing machine pool on cluster {cluster_name}, CURRENT: {diff_pair.current.json()}, DESIRED: {diff_pair.desired.json()}"
+                    f"can not update {invalid_diff} for existing machine pool on cluster {cluster_name}, CURRENT: {json_dumps(diff_pair.current)}, DESIRED: {json_dumps(diff_pair.desired)}"
                 )
             )
         else:
@@ -531,7 +531,7 @@ def run(dry_run: bool) -> None:
     settings = queries.get_app_interface_settings()
     cluster_like_objects = [
-        cluster.dict(by_alias=True) for cluster in filtered_clusters
+        cluster.model_dump(by_alias=True) for cluster in filtered_clusters
     ]
     ocm_map = OCMMap(
         clusters=cluster_like_objects,

reconcile/openshift_base.py CHANGED Viewed

@@ -30,9 +30,11 @@ from reconcile.utils import (
 )
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
 from reconcile.utils.oc import (
+    AmbiguousResourceTypeError,
     DeploymentFieldIsImmutableError,
     FieldIsImmutableError,
     InvalidValueApplyError,
+    KindNotFoundError,
     MayNotChangeOnceSetError,
     MetaDataAnnotationsTooLongApplyError,
     OC_Map,
@@ -128,6 +130,29 @@ class ClusterMap(Protocol):
     ) -> list[str]: ...
+def validate_managed_resource_types(
+    oc: OCCli,
+    managed_resource_types: Iterable[str],
+    managed_resource_names: Iterable[Mapping[str, Any]],
+    cluster_scope_resource_validation: bool,
+) -> None:
+    """Validate the managed resource types."""
+    managed_resources = [
+        managed_resource_name["resource"]
+        for managed_resource_name in managed_resource_names
+    ]
+    for managed_resource_type in managed_resource_types:
+        # The k8s kind must be supported by the cluster
+        resource = oc.get_api_resource(managed_resource_type)
+        if cluster_scope_resource_validation and not resource.namespaced:
+            # cluster-scoped resources must be use managedResourceNames!
+            if managed_resource_type not in managed_resources:
+                raise ValidationError(
+                    f"Cluster-scoped resource {managed_resource_type} must be managed by name only. Please use 'managedResourceNames' field to specify the names of the resources to manage."
+                )
 def init_specs_to_fetch(
     ri: ResourceInventory,
     oc_map: ClusterMap,
@@ -136,6 +161,7 @@ def init_specs_to_fetch(
     override_managed_types: Iterable[str] | None = None,
     managed_types_key: str = "managedResourceTypes",
     cluster_admin: bool = False,
+    cluster_scope_resource_validation: bool = False,
 ) -> list[StateSpec]:
     state_specs: list[StateSpec] = []
@@ -163,9 +189,27 @@ def init_specs_to_fetch(
                 logging.log(level=ex.log_level, msg=ex.message)
                 continue
+            managed_resource_names = namespace_info.get("managedResourceNames") or []
+            try:
+                validate_managed_resource_types(
+                    oc,
+                    managed_types,
+                    managed_resource_names,
+                    cluster_scope_resource_validation=cluster_scope_resource_validation,
+                )
+            except KindNotFoundError:
+                # We must allow kinds that are not supported by the cluster because:
+                # 1. We install CRD with an operator in the same MR
+                # 2. SAAS files initialize the namespace objects with managedResourceTypes from the SAAS file
+                #    and we can't expect that all of those are valid for all clusters
+                pass
+            except (AmbiguousResourceTypeError, ValidationError) as e:
+                ri.register_error()
+                logging.error(f"[{cluster}/{namespace_info['name']}] {e}")
+                continue
             namespace = namespace_info["name"]
             # These may exit but have a value of None
-            managed_resource_names = namespace_info.get("managedResourceNames") or []
             managed_resource_type_overrides = (
                 namespace_info.get("managedResourceTypeOverrides") or []
             )
@@ -340,6 +384,7 @@ def fetch_current_state(
     cluster_admin: bool = False,
     caller: str | None = None,
     init_projects: bool = False,
+    cluster_scope_resource_validation: bool = False,
 ) -> tuple[ResourceInventory, OC_Map]:
     ri = ResourceInventory()
     settings = queries.get_app_interface_settings()
@@ -362,6 +407,7 @@ def fetch_current_state(
         clusters=clusters,
         override_managed_types=override_managed_types,
         cluster_admin=cluster_admin,
+        cluster_scope_resource_validation=cluster_scope_resource_validation,
     )
     threaded.run(
         populate_current_state,
@@ -1363,6 +1409,11 @@ class HasOpenShiftResources(Protocol):
     openshift_resources: list | None
+@runtime_checkable
+class HasOpenShiftResourcesRequired(Protocol):
+    openshift_resources: list
 @runtime_checkable
 class HasOpenshiftServiceAccountTokens(Protocol):
     openshift_service_account_tokens: list | None
@@ -1371,7 +1422,7 @@ class HasOpenshiftServiceAccountTokens(Protocol):
 @runtime_checkable
 class HasSharedResourcesOpenShiftResources(Protocol):
     @property
-    def shared_resources(self) -> Sequence[HasOpenShiftResources] | None: ...
+    def shared_resources(self) -> Sequence[HasOpenShiftResourcesRequired] | None: ...
 @runtime_checkable

reconcile/openshift_cluster_bots.py CHANGED Viewed

@@ -16,6 +16,7 @@ from reconcile.gql_definitions.openshift_cluster_bots.clusters import ClusterV1
 from reconcile.status import ExitCodes
 from reconcile.utils import gql
 from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.json import json_dumps
 from reconcile.utils.mr import clusters_updates
 from reconcile.utils.ocm import OCM, OCMMap
 from reconcile.utils.openshift_resource import (
@@ -102,7 +103,7 @@ def oc(
 def oc_apply(kubeconfig: str, namespace: str, items: list[dict]) -> None:
     for item in items:
-        stdin = json.dumps(item).encode()
+        stdin = json_dumps(item).encode()
         oc(kubeconfig, namespace, ["apply", "-f", "-"], stdin)
@@ -300,7 +301,7 @@ def filter_clusters(clusters: list[ClusterV1]) -> list[ClusterV1]:
 def get_ocm_map(clusters: list[ClusterV1]) -> OCMMap:
     settings = queries.get_app_interface_settings()
-    clusters_info = [c.dict(by_alias=True) for c in clusters]
+    clusters_info = [c.model_dump(by_alias=True) for c in clusters]
     return OCMMap(
         settings=settings,
         clusters=clusters_info,

reconcile/openshift_namespace_labels.py CHANGED Viewed

@@ -229,7 +229,7 @@ def get_gql_namespaces_in_shard() -> list[NamespaceV1]:
     return [
         ns
         for ns in all_namespaces
-        if not ob.is_namespace_deleted(ns.dict(by_alias=True))
+        if not ob.is_namespace_deleted(ns.model_dump(by_alias=True))
         and is_in_shard(f"{ns.cluster.name}/{ns.name}")
     ]

reconcile/openshift_namespaces.py CHANGED Viewed

@@ -1,25 +1,27 @@
 import logging
-import sys
+from collections import defaultdict
 from collections.abc import (
     Callable,
     Iterable,
-    Mapping,
     Sequence,
 )
+from dataclasses import dataclass
+from enum import StrEnum
 from typing import Any
 from sretoolbox.utils import threaded
 import reconcile.openshift_base as ob
 from reconcile.gql_definitions.common.namespaces_minimal import NamespaceV1
-from reconcile.status import ExitCodes
 from reconcile.typed_queries.app_interface_vault_settings import (
     get_app_interface_vault_settings,
 )
 from reconcile.typed_queries.namespaces_minimal import get_namespaces_minimal
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
 from reconcile.utils.defer import defer
-from reconcile.utils.oc_filters import filter_namespaces_by_cluster_and_namespace
+from reconcile.utils.oc_filters import (
+    filter_namespaces_by_cluster_and_namespace,
+)
 from reconcile.utils.oc_map import (
     OCLogMsg,
     OCMap,
@@ -30,113 +32,112 @@ from reconcile.utils.sharding import is_in_shard
 QONTRACT_INTEGRATION = "openshift-namespaces"
-NS_STATE_PRESENT = "present"
-NS_STATE_ABSENT = "absent"
-NS_ACTION_CREATE = "create"
-NS_ACTION_DELETE = "delete"
+class Action(StrEnum):
+    CREATE = "create"
+    DELETE = "delete"
-DUPLICATES_LOG_MSG = "Found multiple definitions for the namespace {key}"
+@dataclass(frozen=True)
+class DesiredState:
+    cluster: str
+    namespace: str
+    delete: bool
-def get_desired_state(namespaces: Iterable[NamespaceV1]) -> list[dict[str, str]]:
-    desired_state: list[dict[str, str]] = []
-    for ns in namespaces:
-        state = NS_STATE_PRESENT
-        if ns.delete:
-            state = NS_STATE_ABSENT
-        desired_state.append({
-            "cluster": ns.cluster.name,
-            "namespace": ns.name,
-            "desired_state": state,
-        })
+class NamespaceDuplicateError(Exception):
+    pass
-    return desired_state
+def get_namespaces(
+    cluster_name: Sequence[str] | None,
+    namespace_name: Sequence[str] | None,
+) -> tuple[list[NamespaceV1], list[NamespaceDuplicateError]]:
+    all_namespaces = get_namespaces_minimal()
-def get_shard_namespaces(
-    namespaces: Iterable[NamespaceV1],
-) -> tuple[list[NamespaceV1], bool]:
-    # Structure holding duplicates by namespace key
-    duplicates: dict[str, list[NamespaceV1]] = {}
-    # namespace filtered list without duplicates
-    filtered_ns: dict[str, NamespaceV1] = {}
-    err = False
-    for ns in namespaces:
-        key = f"{ns.cluster.name}/{ns.name}"
+    namespaces_by_shard_key = defaultdict(list)
+    for namespace in all_namespaces:
+        key = f"{namespace.cluster.name}/{namespace.name}"
         if is_in_shard(key):
-            if key not in filtered_ns:
-                filtered_ns[key] = ns
-            else:
-                # Duplicated NS
-                dupe_list_by_key = duplicates.setdefault(key, [])
-                dupe_list_by_key.append(ns)
-    for key, dupe_list in duplicates.items():
-        dupe_list.append(filtered_ns[key])
-        delete_flags = (
-            [ns.delete for ns in dupe_list_by_key] if dupe_list_by_key else []
-        )
+            namespaces_by_shard_key[key].append(namespace)
-        if len(set(delete_flags)) > 1:
-            # If true only some definitions in list have the delete flag.
-            # this case will generate an error
-            err = True
-            # Remove the namespace found from the filtered list
-            del filtered_ns[key]
-            logging.error(DUPLICATES_LOG_MSG.format(key=key))
+    managed_namespaces = []
+    duplicate_errors = []
+    for key, namespaces in namespaces_by_shard_key.items():
+        if len(namespaces) == 1:
+            namespace = namespaces[0]
+            if not namespace.managed_by_external:
+                managed_namespaces.append(namespace)
         else:
-            # If all namespaces have the same delete option
-            # The action will be performaed
-            logging.debug(DUPLICATES_LOG_MSG.format(key=key))
+            msg = f"Found multiple definitions for the namespace {key}"
+            duplicate_errors.append(NamespaceDuplicateError(msg))
+            logging.error(msg)
+    namespaces = filter_namespaces_by_cluster_and_namespace(
+        namespaces=managed_namespaces,
+        cluster_names=cluster_name,
+        namespace_names=namespace_name,
+    )
+    return namespaces, duplicate_errors
-    return list(filtered_ns.values()), err
+def build_desired_state(
+    namespaces: Iterable[NamespaceV1],
+) -> list[DesiredState]:
+    return [
+        DesiredState(
+            cluster=namespace.cluster.name,
+            namespace=namespace.name,
+            delete=namespace.delete or False,
+        )
+        for namespace in namespaces
+    ]
-def manage_namespaces(spec: Mapping[str, str], oc_map: OCMap, dry_run: bool) -> None:
-    cluster = spec["cluster"]
-    namespace = spec["namespace"]
-    desired_state = spec["desired_state"]
+def manage_namespace(
+    desired_state: DesiredState,
+    oc_map: OCMap,
+    dry_run: bool,
+) -> None:
+    namespace = desired_state.namespace
-    oc = oc_map.get(cluster)
+    oc = oc_map.get(desired_state.cluster)
     if isinstance(oc, OCLogMsg):
         logging.log(level=oc.log_level, msg=oc.message)
-        return None
+        return
-    act = {NS_ACTION_CREATE: oc.new_project, NS_ACTION_DELETE: oc.delete_project}
+    current_delete = not oc.project_exists(namespace)
-    exists = oc.project_exists(namespace)
-    action = None
-    if not exists and desired_state == NS_STATE_PRESENT:
-        if namespace.startswith("openshift-"):
-            raise ValueError('cannot request a project starting with "openshift-"')
-        action = NS_ACTION_CREATE
-    elif exists and desired_state == NS_STATE_ABSENT:
-        action = NS_ACTION_DELETE
+    if desired_state.delete == current_delete:
+        return
-    if action:
-        logging.info([action, cluster, namespace])
-        if not dry_run:
-            act[action](namespace)
+    action = Action.DELETE if desired_state.delete else Action.CREATE
+    if namespace.startswith("openshift-"):
+        raise ValueError(f'cannot {action} a project starting with "openshift-"')
-def check_results(
-    desired_state: Iterable[Mapping[str, str]], results: Iterable[Any]
-) -> bool:
-    err = False
+    logging.info([str(action), desired_state.cluster, namespace])
+    if not dry_run:
+        match action:
+            case Action.CREATE:
+                oc.new_project(namespace)
+            case Action.DELETE:
+                oc.delete_project(namespace)
+def build_runtime_errors(
+    desired_state: Iterable[DesiredState],
+    results: Iterable[Any],
+) -> list[Exception]:
+    exceptions = []
     for s, e in zip(desired_state, results, strict=False):
         if isinstance(e, Exception):
-            err = True
-            msg = (
-                f"cluster: {s['cluster']}, namespace: {s['namespace']}, "
-                f"exception: {e!s}"
-            )
-            logging.error(msg)
-    return err
+            e.add_note(f"cluster: {s.cluster}, namespace: {s.namespace}")
+            exceptions.append(e)
+    return exceptions
 @defer
@@ -149,15 +150,8 @@ def run(
     namespace_name: Sequence[str] | None = None,
     defer: Callable | None = None,
 ) -> None:
-    all_namespaces = get_namespaces_minimal()
-    shard_namespaces, duplicates = get_shard_namespaces(all_namespaces)
-    namespaces = filter_namespaces_by_cluster_and_namespace(
-        namespaces=shard_namespaces,
-        cluster_names=cluster_name,
-        namespace_names=namespace_name,
-    )
-    desired_state = get_desired_state(namespaces)
+    namespaces, duplicate_errors = get_namespaces(cluster_name, namespace_name)
+    desired_state = build_desired_state(namespaces)
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
@@ -171,16 +165,17 @@ def run(
         thread_pool_size=thread_pool_size,
         init_projects=True,
     )
     if defer:
         defer(oc_map.cleanup)
     ob.publish_cluster_desired_metrics_from_state(
-        desired_state, QONTRACT_INTEGRATION, "Namespace"
+        state=({"cluster": s.cluster} for s in desired_state),
+        integration=QONTRACT_INTEGRATION,
+        kind="Namespace",
     )
     results = threaded.run(
-        manage_namespaces,
+        manage_namespace,
         desired_state,
         thread_pool_size,
         return_exceptions=True,
@@ -188,6 +183,7 @@ def run(
         oc_map=oc_map,
     )
-    err = check_results(desired_state=desired_state, results=results)
-    if err or duplicates:
-        sys.exit(ExitCodes.ERROR)
+    runtime_errors = build_runtime_errors(desired_state, results)
+    errors = runtime_errors + duplicate_errors
+    if errors:
+        raise ExceptionGroup("Reconcile errors occurred", errors)

reconcile/openshift_resources_base.py CHANGED Viewed

@@ -806,7 +806,11 @@ def fetch_data(
         init_api_resources=init_api_resources,
     )
     state_specs = ob.init_specs_to_fetch(
-        ri, oc_map, namespaces=namespaces, override_managed_types=overrides
+        ri,
+        oc_map,
+        namespaces=namespaces,
+        override_managed_types=overrides,
+        cluster_scope_resource_validation=True,
     )
     threaded.run(fetch_states, state_specs, thread_pool_size, ri=ri, settings=settings)
@@ -861,7 +865,7 @@ def canonicalize_namespaces(
             elif providers[0] == "route":
                 override = ["Route"]
             elif providers[0] == "prometheus-rule":
-                override = ["PrometheusRule"]
+                override = ["PrometheusRule.monitoring.coreos.com"]
             namespace_info["openshiftResources"] = ors
             canonicalized_namespaces.append(namespace_info)

reconcile/openshift_rhcs_certs.py CHANGED Viewed

@@ -77,7 +77,7 @@ def get_namespaces_with_rhcs_certs(
 ) -> list[NamespaceV1]:
     result: list[NamespaceV1] = []
     for ns in rhcs_certs_query(query_func=query_func).namespaces or []:
-        ob.aggregate_shared_resources_typed(cast("Any", ns))  # mypy: ignore[arg-type]
+        ob.aggregate_shared_resources_typed(ns)
         if (
             integration_is_enabled(QONTRACT_INTEGRATION, ns.cluster)
             and not bool(ns.delete)
@@ -149,7 +149,7 @@ def generate_vault_cert_secret(
     logging.info(
         f"Creating cert with service account credentials for '{cert_resource.service_account_name}'. cluster='{ns.cluster.name}', namespace='{ns.name}', secret='{cert_resource.secret_name}'"
     )
-    sa_password = vault.read(cert_resource.service_account_password.dict())
+    sa_password = vault.read(cert_resource.service_account_password.model_dump())
     if dry_run:
         rhcs_cert = RhcsV2Cert(
             certificate="PLACEHOLDER_CERT",
@@ -171,12 +171,12 @@ def generate_vault_cert_secret(
         )
         vault.write(
             secret={
-                "data": rhcs_cert.dict(by_alias=True),
+                "data": rhcs_cert.model_dump(by_alias=True),
                 "path": f"{vault_base_path}/{ns.cluster.name}/{ns.name}/{cert_resource.secret_name}",
             },
             decode_base64=False,
         )
-    return rhcs_cert.dict(by_alias=True)
+    return rhcs_cert.model_dump(by_alias=True)
 def fetch_openshift_resource_for_cert_resource(
@@ -277,7 +277,7 @@ def run(
     state_specs = ob.init_specs_to_fetch(
         ri,
         oc_map,
-        namespaces=[ns.dict(by_alias=True) for ns in namespaces],
+        namespaces=[ns.model_dump(by_alias=True) for ns in namespaces],
         override_managed_types=["Secret"],
     )
     for spec in state_specs:

qontract-reconcile 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

qontract-reconcile 0.10.2.dev349py3-none-any.whl → 0.10.2.dev414py3-none-any.whl