qontract-reconcile 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

reconcile/openshift_rolebindings.py

@@ -33,14 +33,11 @@ QONTRACT_INTEGRATION = "openshift-rolebindings"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 3, 0)
 
 
-class OCResource(BaseModel):
+class OCResource(BaseModel, arbitrary_types_allowed=True):
     resource: OR
     resource_name: str
     privileged: bool
 
-    class Config:
-        arbitrary_types_allowed = True
-
 
 @dataclass
 class ServiceAccountSpec:
@@ -61,7 +58,7 @@ class ServiceAccountSpec:
         ]
 
 
-class RoleBindingSpec(BaseModel):
+class RoleBindingSpec(BaseModel, validate_by_alias=True, arbitrary_types_allowed=True):
     role_name: str
     role_kind: str
     namespace: NamespaceV1
@@ -70,9 +67,6 @@ class RoleBindingSpec(BaseModel):
     usernames: set[str]
     openshift_service_accounts: list[ServiceAccountSpec]
 
-    class Config:
-        arbitrary_types_allowed = True
-
     def get_users_desired_state(self) -> list[dict[str, str]]:
         return [
             {"cluster": self.cluster.name, "user": username}
@@ -93,7 +87,9 @@ class RoleBindingSpec(BaseModel):
         if not (access.role or access.cluster_role):
             return None
         privileged = access.namespace.cluster_admin or False
-        auth_dict = [auth.dict(by_alias=True) for auth in access.namespace.cluster.auth]
+        auth_dict = [
+            auth.model_dump(by_alias=True) for auth in access.namespace.cluster.auth
+        ]
         usernames = RoleBindingSpec.get_usernames_from_users(
             users,
             ob.determine_user_keys_for_access(
@@ -290,7 +286,7 @@ def is_valid_namespace(namespace: NamespaceV1 | CommonNamespaceV1) -> bool:
     return (
         bool(namespace.managed_roles)
         and is_in_shard(f"{namespace.cluster.name}/{namespace.name}")
-        and not ob.is_namespace_deleted(namespace.dict(by_alias=True))
+        and not ob.is_namespace_deleted(namespace.model_dump(by_alias=True))
     )
 
 
@@ -304,7 +300,7 @@ def run(
     defer: Callable | None = None,
 ) -> None:
     namespaces = [
-        namespace.dict(by_alias=True, exclude={"openshift_resources"})
+        namespace.model_dump(by_alias=True, exclude={"openshift_resources"})
         for namespace in get_namespaces()
         if is_valid_namespace(namespace)
     ]

reconcile/openshift_saas_deploy.py

@@ -1,4 +1,3 @@
-import json
 import logging
 import os
 import sys
@@ -28,6 +27,7 @@ from reconcile.typed_queries.saas_files import (
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
 from reconcile.utils.defer import defer
 from reconcile.utils.gitlab_api import GitLabApi
+from reconcile.utils.json import json_dumps
 from reconcile.utils.openshift_resource import ResourceInventory
 from reconcile.utils.saasherder import SaasHerder
 from reconcile.utils.secret_reader import create_secret_reader
@@ -150,7 +150,7 @@ def run(
                     + "when using slack notifications"
                 )
             slack = slackapi_from_slack_workspace(
-                saas_file.slack.dict(by_alias=True),
+                saas_file.slack.model_dump(by_alias=True),
                 secret_reader,
                 QONTRACT_INTEGRATION,
                 init_usergroups=False,
@@ -224,7 +224,7 @@ def run(
         default=False,
     )
     ri, oc_map = ob.fetch_current_state(
-        namespaces=[ns.dict(by_alias=True) for ns in saasherder.namespaces],
+        namespaces=[ns.model_dump(by_alias=True) for ns in saasherder.namespaces],
         thread_pool_size=thread_pool_size,
         integration=QONTRACT_INTEGRATION,
         integration_version=QONTRACT_INTEGRATION_VERSION,
@@ -319,14 +319,13 @@ def run(
         openshift_saas_deploy_trigger_upstream_jobs.QONTRACT_INTEGRATION,
         openshift_saas_deploy_trigger_images.QONTRACT_INTEGRATION,
     ]
-    scan = (
+    if (
         not dry_run
         and len(saas_files) == 1
         and trigger_integration
         and trigger_integration in allowed_integration
         and trigger_reason
-    )
-    if scan:
+    ):
         saas_file = saas_files[0]
         owners = saas_file.app.service_owners or []
         emails = " ".join([o.email for o in owners])
@@ -346,4 +345,4 @@ def run(
         if image_auth.auth_server:
             json_file = os.path.join(io_dir, "dockerconfigjson")
             with open(json_file, "w", encoding="locale") as f:
-                f.write(json.dumps(image_auth.get_docker_config_json(), indent=2))
+                f.write(json_dumps(image_auth.get_docker_config_json(), indent=2))

reconcile/openshift_saas_deploy_change_tester.py

@@ -34,7 +34,7 @@ class Definition(BaseModel):
 class State(BaseModel):
     saas_file_path: str
     saas_file_name: str
-    saas_file_deploy_resources: DeployResourcesV1 | None
+    saas_file_deploy_resources: DeployResourcesV1 | None = None
     resource_template_name: str
     cluster: str
     namespace: str
@@ -44,10 +44,10 @@ class State(BaseModel):
     parameters: dict[str, Any]
     secret_parameters: dict[str, VaultSecret]
     saas_file_definitions: Definition
-    upstream: SaasResourceTemplateTargetUpstreamV1 | None
-    disable: bool | None
-    delete: bool | None
-    target_path: str | None
+    upstream: SaasResourceTemplateTargetUpstreamV1 | None = None
+    disable: bool | None = None
+    delete: bool | None = None
+    target_path: str | None = None
 
 
 def osd_run_wrapper(
@@ -213,11 +213,13 @@ def run(
     saas_file_list = SaasFileList()
     desired_saas_file_state = collect_state(saas_file_list.saas_files)
     # compare dicts against dicts which is much faster than comparing BaseModel objects
-    comparison_saas_file_state_dicts = [s.dict() for s in comparison_saas_file_state]
+    comparison_saas_file_state_dicts = [
+        s.model_dump() for s in comparison_saas_file_state
+    ]
     saas_file_state_diffs = [
         s
         for s in desired_saas_file_state
-        if s.dict() not in comparison_saas_file_state_dicts
+        if s.model_dump() not in comparison_saas_file_state_dicts
     ]
     if not saas_file_state_diffs:
         return

reconcile/openshift_saas_deploy_trigger_cleaner.py

@@ -1,14 +1,11 @@
 import logging
 from collections.abc import Callable
 from datetime import (
-    UTC,
     datetime,
     timedelta,
 )
 from typing import Any
 
-from dateutil import parser
-
 from reconcile.gql_definitions.fragments.pipeline_provider_retention import (
     PipelineProviderRetention,
 )
@@ -19,6 +16,7 @@ from reconcile.typed_queries.tekton_pipeline_providers import (
     get_tekton_pipeline_providers,
 )
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.oc_map import (
     OCLogMsg,
@@ -35,7 +33,7 @@ def within_retention_days(
     resource: dict[str, Any], days: int, now_date: datetime
 ) -> bool:
     metadata = resource["metadata"]
-    creation_date = parser.parse(metadata["creationTimestamp"])
+    creation_date = from_utc_iso_format(metadata["creationTimestamp"])
     interval = now_date.timestamp() - creation_date.timestamp()
 
     return interval < timedelta(days=days).total_seconds()
@@ -69,7 +67,7 @@ def run(
     use_jump_host: bool = True,
     defer: Callable | None = None,
 ) -> None:
-    now_date = datetime.now(UTC)
+    now_date = utc_now()
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
     pipeline_providers = get_tekton_pipeline_providers()

reconcile/openshift_serviceaccount_tokens.py

@@ -177,7 +177,7 @@ def canonicalize_namespaces(namespaces: Iterable[NamespaceV1]) -> list[Namespace
             key = f"{sat.namespace.cluster.name}/{sat.namespace.name}"
             if key not in canonicalized_namespaces:
                 canonicalized_namespaces[key] = NamespaceV1(
-                    **sat.namespace.dict(by_alias=True),
+                    **sat.namespace.model_dump(by_alias=True),
                     sharedResources=None,
                     openshiftServiceAccountTokens=None,
                 )
@@ -217,7 +217,7 @@ def run(
         get_namespaces_with_serviceaccount_tokens(gql_api.query)
     )
     ri, oc_map = ob.fetch_current_state(
-        namespaces=[ns.dict(by_alias=True) for ns in namespaces],
+        namespaces=[ns.model_dump(by_alias=True) for ns in namespaces],
         thread_pool_size=thread_pool_size,
         integration=QONTRACT_INTEGRATION,
         integration_version=QONTRACT_INTEGRATION_VERSION,

reconcile/openshift_upgrade_watcher.py

@@ -3,7 +3,6 @@ from collections.abc import (
     Callable,
     Iterable,
 )
-from datetime import datetime
 
 from reconcile import queries
 from reconcile.gql_definitions.common.clusters import ClusterV1
@@ -13,6 +12,7 @@ from reconcile.typed_queries.app_interface_vault_settings import (
 )
 from reconcile.typed_queries.clusters import get_clusters
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.oc_map import (
     OCLogMsg,
@@ -101,7 +101,7 @@ def notify_upgrades_start(
     state: State,
     slack: SlackApi | None,
 ) -> None:
-    now = datetime.utcnow()
+    now = utc_now()
     for cluster in clusters:
         if cluster.spec and not cluster.spec.hypershift:
             upgrade_at, version = _get_start_osd(oc_map, cluster.name)
@@ -113,7 +113,7 @@ def notify_upgrades_start(
             continue
 
         if upgrade_at and version:
-            upgrade_at_obj = datetime.strptime(upgrade_at, "%Y-%m-%dT%H:%M:%SZ")
+            upgrade_at_obj = from_utc_iso_format(upgrade_at)
             state_key = f"{cluster.name}-{upgrade_at}1"
             # if this is the first iteration in which 'now' had passed
             # the upgrade at date time, we send a notification
@@ -185,7 +185,7 @@ def run(
     if defer:
         defer(oc_map.cleanup)
 
-    cluster_like_objects = [cluster.dict(by_alias=True) for cluster in clusters]
+    cluster_like_objects = [cluster.model_dump(by_alias=True) for cluster in clusters]
     ocm_map = OCMMap(
         clusters=cluster_like_objects,
         integration=QONTRACT_INTEGRATION,

reconcile/oum/labelset.py

@@ -1,4 +1,5 @@
 from collections import defaultdict
+from typing import Annotated
 
 from pydantic import BaseModel
 
@@ -22,9 +23,10 @@ class _GroupMappingLabelset(BaseModel):
     the sre-capabilities.user-mgmt.$provider prefix.
     """
 
-    authz_roles: dict[str, CSV] | None = sre_capability_labels.labelset_groupfield(
-        group_prefix="authz."
-    )
+    authz_roles: Annotated[
+        dict[str, CSV] | None,
+        sre_capability_labels.labelset_groupfield(group_prefix="authz."),
+    ]
 
 
 def build_cluster_config_from_labels(

reconcile/oum/models.py

@@ -56,7 +56,7 @@ class ClusterUserManagementSpec(BaseModel):
     errors: list[ClusterError] = Field(default_factory=list)
 
 
-class ClusterRoleReconcileResult(BaseModel):
+class ClusterRoleReconcileResult(BaseModel, arbitrary_types_allowed=True):
     """
     Holds the result of a cluster role reconciliation.
     """
@@ -64,6 +64,3 @@ class ClusterRoleReconcileResult(BaseModel):
     users_added: int = 0
     users_removed: int = 0
     error: Exception | None = None
-
-    class Config:
-        arbitrary_types_allowed = True

reconcile/prometheus_rules_tester/integration.py

@@ -56,7 +56,7 @@ class Test(BaseModel):
     rule_path: str
     rule: dict
     rule_length: int
-    tests: list[TestContent] | None
+    tests: list[TestContent] | None = None
     result: CommandExecutionResult | None = None
     promtool_version: str
 
@@ -76,7 +76,7 @@ def fetch_rule_and_tests(
     openshift_resource = orb.fetch_openshift_resource(
         resource=rule.resource,
         parent=rule.namespace,
-        settings=vault_settings.dict(by_alias=True),
+        settings=vault_settings.model_dump(by_alias=True),
     )
 
     rule_body = openshift_resource.body
@@ -96,7 +96,7 @@ def fetch_rule_and_tests(
             test_raw_yaml = process_extracurlyjinja2_template(
                 body=test_raw_yaml,
                 vars=variables,
-                settings=vault_settings.dict(by_alias=True),
+                settings=vault_settings.model_dump(by_alias=True),
             )
 
         test_yaml_spec = yaml.safe_load(test_raw_yaml)

reconcile/quay_mirror.py

@@ -66,7 +66,7 @@ class QuayMirror:
     }
     """
 
-    response_cache: dict[tuple[str, str], Response] = {}
+    response_cache: dict[tuple[str, str | None], Response] = {}
 
     def __init__(
         self,

reconcile/queries.py

@@ -476,8 +476,13 @@ AWS_ACCOUNTS_QUERY = """
     disable {
       integrations
     }
-    disableKeys
     deleteKeys
+    organization {
+      payerAccount {
+        organizationAccountTags
+      }
+      tags
+    }
     {% if reset_passwords %}
     resetPasswords {
       user {
@@ -500,6 +505,12 @@ AWS_ACCOUNTS_QUERY = """
         name
         uid
         supportedDeploymentRegions
+        organization {
+          payerAccount {
+            organizationAccountTags
+          }
+          tags
+        }
       }
       ... on AWSAccountSharingOptionAMI_v1 {
         regex
@@ -607,6 +618,12 @@ awsInfrastructureManagementAccounts {
       version
       format
     }
+    organization {
+      payerAccount {
+        organizationAccountTags
+      }
+      tags
+    }
   }
   accessLevel
   default
@@ -637,6 +654,12 @@ awsInfrastructureAccess {
         version
         format
       }
+      organization {
+        payerAccount {
+          organizationAccountTags
+        }
+        tags
+      }
     }
     roles {
       users {
@@ -746,6 +769,12 @@ CLUSTERS_QUERY = """
             version
             format
           }
+          organization {
+            payerAccount {
+                organizationAccountTags
+            }
+            tags
+          }
           rosa {
             ocm_environments {
               ocm {
@@ -774,6 +803,7 @@ CLUSTERS_QUERY = """
       private
       provision_shard_id
       disable_user_workload_monitoring
+      fips
     }
     externalConfiguration {
       labels
@@ -830,6 +860,12 @@ CLUSTERS_QUERY = """
                 version
                 format
               }
+              organization {
+                payerAccount {
+                  organizationAccountTags
+                }
+                tags
+              }
             }
             vpc_id
             cidr_block
@@ -848,6 +884,12 @@ CLUSTERS_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
         }
@@ -862,6 +904,12 @@ CLUSTERS_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
           cidrBlock
@@ -890,6 +938,12 @@ CLUSTERS_QUERY = """
                     version
                     format
                   }
+                  organization {
+                    payerAccount {
+                      organizationAccountTags
+                    }
+                    tags
+                  }
                 }
               }
               accessLevel
@@ -915,6 +969,12 @@ CLUSTERS_QUERY = """
                       version
                       format
                     }
+                    organization {
+                      payerAccount {
+                        organizationAccountTags
+                      }
+                      tags
+                    }
                   }
                 }
               }
@@ -1068,6 +1128,12 @@ CLUSTER_PEERING_QUERY = """
           version
           format
         }
+        organization {
+          payerAccount {
+            organizationAccountTags
+          }
+          tags
+        }
       }
       accessLevel
       default
@@ -1089,6 +1155,12 @@ CLUSTER_PEERING_QUERY = """
             version
             format
           }
+          organization {
+            payerAccount {
+              organizationAccountTags
+            }
+            tags
+          }
         }
       }
     }
@@ -1113,6 +1185,12 @@ CLUSTER_PEERING_QUERY = """
                 version
                 format
               }
+              organization {
+                payerAccount {
+                  organizationAccountTags
+                }
+                tags
+              }
             }
             vpc_id
             cidr_block
@@ -1132,6 +1210,12 @@ CLUSTER_PEERING_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
           assumeRole
@@ -1147,6 +1231,12 @@ CLUSTER_PEERING_QUERY = """
               version
               format
             }
+            organization {
+              payerAccount {
+                organizationAccountTags
+              }
+              tags
+            }
           }
           tags
           cidrBlock
@@ -1176,6 +1266,12 @@ CLUSTER_PEERING_QUERY = """
                     version
                     format
                   }
+                  organization {
+                    payerAccount {
+                      organizationAccountTags
+                    }
+                    tags
+                  }
                 }
               }
             }
@@ -1191,6 +1287,12 @@ CLUSTER_PEERING_QUERY = """
                   version
                   format
                 }
+                organization {
+                  payerAccount {
+                    organizationAccountTags
+                  }
+                  tags
+                }
               }
               accessLevel
               default
@@ -1217,6 +1319,12 @@ CLUSTER_PEERING_QUERY = """
                             version
                             format
                           }
+                          organization {
+                            payerAccount {
+                              organizationAccountTags
+                            }
+                            tags
+                          }
                         }
                       }
                     }
@@ -1232,6 +1340,12 @@ CLUSTER_PEERING_QUERY = """
                       version
                       format
                     }
+                    organization {
+                      payerAccount {
+                        organizationAccountTags
+                      }
+                      tags
+                    }
                   }
                 }
               }
@@ -2231,6 +2345,12 @@ JIRA_BOARDS_QUICK_QUERY = """
         version
         format
       }
+      email {
+        path
+        field
+        version
+        format
+      }
     }
   }
 }
@@ -2337,6 +2457,12 @@ DNS_ZONES_QUERY = """
         version
         format
       }
+      organization {
+        payerAccount {
+          organizationAccountTags
+        }
+        tags
+      }
     }
     vpc {
       vpc_id
@@ -2698,6 +2824,10 @@ APP_METADATA = """
               path
               field
             }
+            email {
+              path
+              field
+            }
           }
         }
         slackUserGroup {

reconcile/rhidp/common.py

@@ -7,10 +7,7 @@ from enum import StrEnum
 from typing import Any
 from urllib.parse import urlparse
 
-from pydantic import (
-    BaseModel,
-    root_validator,
-)
+from pydantic import BaseModel, model_validator
 
 from reconcile.gql_definitions.common.ocm_environments import (
     query as ocm_environment_query,
@@ -63,7 +60,8 @@ class ClusterAuth(BaseModel):
     issuer: str
     status: str
 
-    @root_validator
+    @model_validator(mode="before")
+    @classmethod
     def name_no_spaces(
         cls, values: MutableMapping[str, Any]
     ) -> MutableMapping[str, Any]:

reconcile/rhidp/sso_client/base.py

@@ -237,7 +237,7 @@ def create_sso_client(
     secret_reader.vault_client.write(
         secret={
             "path": secret.path,
-            "data": sso_client.dict(),
+            "data": sso_client.model_dump(),
         },
         decode_base64=False,
     )

reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py

@@ -177,7 +177,7 @@ def is_namespace_addressed_by_selector(
     # json representation of namespace to filter on
     # remove all the None values to simplify the jsonpath expressions
     namespace_as_dict = {
-        "namespace": [namespace.dict(by_alias=True, exclude_none=True)]
+        "namespace": [namespace.model_dump(by_alias=True, exclude_none=True)]
     }
 
     do_include = any(

reconcile/saas_auto_promotions_manager/subscriber.py

@@ -2,7 +2,7 @@ import hashlib
 import logging
 from collections.abc import Iterable
 from dataclasses import dataclass
-from datetime import UTC, datetime, timedelta
+from datetime import timedelta
 
 from croniter import croniter
 
@@ -13,6 +13,7 @@ from reconcile.saas_auto_promotions_manager.publisher import (
     DeploymentInfo,
     Publisher,
 )
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.slo_document_manager import SLODocumentManager
 
 CONTENT_HASH_LENGTH = 32
@@ -113,7 +114,7 @@ class Subscriber:
         We accumulate the time a ref is running on all publishers for this subscriber.
         We compare that accumulated time with the soak_days setting of the subscriber.
         """
-        now = datetime.now(UTC)
+        now = utc_now()
         delta = timedelta(days=0)
         for channel in self.channels:
             for publisher in channel.publishers:
@@ -136,7 +137,7 @@ class Subscriber:
                 self.schedule,
             )
             return False
-        return croniter.match(self.schedule, datetime.now(UTC), day_or=False)
+        return croniter.match(self.schedule, utc_now(), day_or=False)
 
     def _compute_desired_ref(self) -> None:
         """