qontract-reconcile 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

reconcile/utils/oc.py

@@ -12,7 +12,6 @@ import threading
 import time
 from contextlib import suppress
 from dataclasses import dataclass
-from datetime import datetime
 from functools import cache, wraps
 from subprocess import Popen
 from threading import Lock
@@ -47,6 +46,8 @@ from sretoolbox.utils import (
 )
 
 from reconcile.status import RunningState
+from reconcile.utils.datetime_util import utc_now
+from reconcile.utils.json import json_dumps
 from reconcile.utils.jump_host import (
     JumphostParameters,
     JumpHostSSH,
@@ -67,7 +68,8 @@ if TYPE_CHECKING:
 urllib3.disable_warnings()
 
 GET_REPLICASET_MAX_ATTEMPTS = 20
-
+DEFAULT_GROUP = ""
+PROJECT_KIND = "Project.project.openshift.io"
 
 oc_run_execution_counter = Counter(
     name="oc_run_execution_counter",
@@ -144,6 +146,14 @@ class RequestEntityTooLargeError(Exception):
     pass
 
 
+class KindNotFoundError(Exception):
+    pass
+
+
+class AmbiguousResourceTypeError(Exception):
+    pass
+
+
 class OCDecorators:
     @classmethod
     def process_reconcile_time(cls, function: Callable) -> Callable:
@@ -379,10 +389,7 @@ class OCCli:
 
         self.init_projects = init_projects
         if self.init_projects:
-            if self.is_kind_supported("Project"):
-                kind = "Project.project.openshift.io"
-            else:
-                kind = "Namespace"
+            kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
             self.projects = {p["metadata"]["name"] for p in self.get_all(kind)["items"]}
 
         self.slow_oc_reconcile_threshold = float(
@@ -452,10 +459,7 @@ class OCCli:
 
         self.init_projects = init_projects
         if self.init_projects:
-            if self.is_kind_supported("Project"):
-                kind = "Project.project.openshift.io"
-            else:
-                kind = "Namespace"
+            kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
             self.projects = {p["metadata"]["name"] for p in self.get_all(kind)["items"]}
 
         self.slow_oc_reconcile_threshold = float(
@@ -563,7 +567,7 @@ class OCCli:
             "-f",
             "-",
         ] + parameters_to_process
-        result = self._run(cmd, stdin=json.dumps(template, sort_keys=True))
+        result = self._run(cmd, stdin=json_dumps(template))
         return json.loads(result)["items"]
 
     @OCDecorators.process_reconcile_time
@@ -592,7 +596,7 @@ class OCCli:
     def patch(
         self, namespace: str, kind: str, name: str, patch: Mapping[str, Any]
     ) -> OCProcessReconcileTimeDecoratorMsg:
-        cmd = ["patch", "-n", namespace, kind, name, "-p", json.dumps(patch)]
+        cmd = ["patch", "-n", namespace, kind, name, "-p", json_dumps(patch)]
         self._run(cmd)
         resource = OR({"kind": kind, "metadata": {"name": name}}, "", "")
         return self._msg_to_process_reconcile_time(namespace, resource)
@@ -636,11 +640,9 @@ class OCCli:
     def project_exists(self, name: str) -> bool:
         if name in self.projects:
             return True
+        kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
         try:
-            if self.is_kind_supported("Project"):
-                self.get(None, "Project.project.openshift.io", name)
-            else:
-                self.get(None, "Namespace", name)
+            self.get(None, kind, name)
         except StatusCodeError as e:
             if "NotFound" in str(e):
                 return False
@@ -649,7 +651,7 @@ class OCCli:
 
     @OCDecorators.process_reconcile_time
     def new_project(self, namespace: str) -> OCProcessReconcileTimeDecoratorMsg:
-        if self.is_kind_supported("Project"):
+        if self.is_kind_supported(PROJECT_KIND):
             cmd = ["new-project", namespace]
         else:
             cmd = ["create", "namespace", namespace]
@@ -665,7 +667,7 @@ class OCCli:
 
     @OCDecorators.process_reconcile_time
     def delete_project(self, namespace: str) -> OCProcessReconcileTimeDecoratorMsg:
-        if self.is_kind_supported("Project"):
+        if self.is_kind_supported(PROJECT_KIND):
             cmd = ["delete", "project", namespace]
         else:
             cmd = ["delete", "namespace", namespace]
@@ -714,9 +716,9 @@ class OCCli:
 
     def sa_get_token(self, namespace: str, name: str) -> str:
         cmd = ["sa", "-n", namespace, "get-token", name]
-        return self._run(cmd)
+        return self._run(cmd).decode("utf-8")
 
-    def get_api_resources(self) -> dict[str, Any]:
+    def get_api_resources(self) -> dict[str, list[OCCliApiResource]]:
         with self.api_resources_lock:
             if not self.api_resources:
                 cmd = ["api-resources", "--no-headers"]
@@ -1009,7 +1011,7 @@ class OCCli:
         name = obj["metadata"]["name"]
         logging.info([f"recycle_{kind.lower()}", self.cluster_name, namespace, name])
         if not dry_run:
-            now = datetime.now()
+            now = utc_now()
             recycle_time = now.strftime("%d/%m/%Y %H:%M:%S")
 
             # get the object in case it was modified
@@ -1020,7 +1022,7 @@ class OCCli:
             a["recycle.time"] = recycle_time
             obj["spec"]["template"]["metadata"]["annotations"] = a
             cmd = ["apply", "-n", namespace, "-f", "-"]
-            stdin = json.dumps(obj, sort_keys=True)
+            stdin = json_dumps(obj)
             self._run(cmd, stdin=stdin, apply=True)
 
     def get_obj_root_owner(
@@ -1186,7 +1188,7 @@ class OCCli:
     def _run_json(
         self, cmd: list[str], allow_not_found: bool = False
     ) -> dict[str, Any]:
-        out = self._run(cmd, allow_not_found=allow_not_found)
+        out = self._run(cmd, allow_not_found=allow_not_found).decode("utf-8")
 
         try:
             out_json = json.loads(out)
@@ -1195,76 +1197,90 @@ class OCCli:
 
         return out_json
 
-    def _parse_kind(self, kind_name: str) -> tuple[str, str]:
-        # This is a provisional solution while we work in redefining
-        # the api resources initialization.
-        if not self.api_resources:
-            self.get_api_resources()
+    def parse_kind(self, kind: str) -> tuple[str, str, str]:
+        """Parse a Kubernetes kind string into its components.
 
-        kind_group = kind_name.split(".", 1)
-        kind = kind_group[0]
-        if kind in self.api_resources:
-            group_version = self.api_resources[kind][0].group_version
-        else:
-            raise StatusCodeError(f"{self.server}: {kind} does not exist")
-
-        # if a kind_group has more than 1 entry than the kind_name is in
-        # the format kind.apigroup.  Find the apigroup/version that matches
-        # the apigroup passed with the kind_name
-        if len(kind_group) > 1:
-            apigroup_override = kind_group[1]
-            find = False
-            for gv in self.api_resources[kind]:
-                if apigroup_override == gv.group:
-                    if not gv.group:
-                        group_version = gv.api_version
-                    else:
-                        group_version = f"{gv.group}/{gv.api_version}"
-                    find = True
-                    break
+        Supports three formats:
+        - kind
+        - kind.group.whatever
+        - kind.group.whatever/version
 
-            if not find:
-                raise StatusCodeError(
-                    f"{self.server}: {apigroup_override} does not have kind {kind}"
-                )
-        return (kind, group_version)
+        Args:
+            kind: A Kubernetes kind string in one of the supported formats
+
+        Returns:
+            Tuple of (kind, group, version) where missing parts are empty strings
+
+        Raises:
+            ValueError: If the kind string format is invalid
+
+        Examples:
+            >>> parse_kind_string("Deployment")
+            ('Deployment', '', '')
+            >>> parse_kind_string("ClusterRoleBinding.rbac.authorization.k8s.io")
+            ('ClusterRoleBinding', 'rbac.authorization.k8s.io', '')
+            >>> parse_kind_string("CustomResource.mygroup.example.com/v1")
+            ('CustomResource', 'mygroup.example.com', 'v1')
+        """
+        pattern = r"^(?P<kind>[^./]+)(?:\.(?P<group>[^/]+))?(?:/(?P<version>.+))?$"
+        match = re.match(pattern, kind)
+        if not match:
+            raise ValueError(f"Invalid kind string: {kind}")
+
+        kind = match.group("kind") or ""
+        group = match.group("group") or DEFAULT_GROUP
+        version = match.group("version") or ""
+
+        return kind, group, version
 
     def is_kind_supported(self, kind: str) -> bool:
-        # This is a provisional solution while we work in redefining
-        # the api resources initialization.
-        if not self.api_resources:
-            self.get_api_resources()
+        """Returns True if the given kind is supported by the cluster, False otherwise.
 
-        if "." in kind:
-            try:
-                self._parse_kind(kind)
-                return True
-            except StatusCodeError:
-                return False
-        else:
-            return kind in self.api_resources
+        Kind can be either kind, kind.group or kind.group/version."""
+        try:
+            self.get_api_resource(kind)
+            return True
+        except KindNotFoundError:
+            return False
 
     def is_kind_namespaced(self, kind: str) -> bool:
-        # This is a provisional solution while we work in redefining
-        # the api resources initialization.
+        """Returns True if the given kind is namespaced, False if it's cluster scoped.
+
+        Kind can be either kind, kind.group or kind.group/version."""
+        return self.get_api_resource(kind).namespaced
+
+    def get_api_resource(self, kind: str) -> OCCliApiResource:
+        """Return the OCCliApiResource for the given resource type.
+
+        Resource type can be either kind, kind.group or kind.group/version.
+        If kind is not unique, group must be specified."""
+
         if not self.api_resources:
-            self.get_api_resources()
+            raise RuntimeError("API resources not initialized")
+
+        kind, group, _ = self.parse_kind(kind)
 
-        kg = kind.split(".", 1)
-        kind = kg[0]
+        if not (resources := self.api_resources.get(kind)):
+            # the kind not found at all
+            raise KindNotFoundError(f"Unsupported resource type: {kind}")
 
-        # Same Kinds might exist in different api groups
-        kind_resources = self.api_resources.get(kind)
-        if not kind_resources:
-            raise StatusCodeError(f"Kind {kind} does not exist in the ApiServer")
+        if len(resources) == 1 and group == DEFAULT_GROUP:
+            return resources[0]
 
-        if len(kg) > 1:
-            group = kg[1]
-            for r in kind_resources:
-                if group == r.group:
-                    return r.namespaced
-            raise StatusCodeError(f"Kind: {kind} does nod exist in the ApiServer")
-        return kind_resources[0].namespaced
+        # get the resource with the specified group
+        if resource := next((r for r in resources if r.group == group), None):
+            return resource
+
+        # no resource with the specified group found
+        if group == DEFAULT_GROUP:
+            message = (
+                f"Ambiguous resource type: {kind}. "
+                "Please fully qualify it with its API group. E.g., ClusterRoleBinding -> ClusterRoleBinding.rbac.authorization.k8s.io"
+            )
+            raise AmbiguousResourceTypeError(message)
+
+        # group was specified but no matching resource found
+        raise KindNotFoundError(f"Unsupported resource type: {kind}")
 
 
 REQUEST_TIMEOUT = 60
@@ -1304,20 +1320,19 @@ class OCNative(OCCli):
 
             server = connection_parameters.server_url
 
-        if server:
-            self.client = self._get_client(server, token)
-            self.api_resources = self.get_api_resources()
+        if not server:
+            raise Exception("Server name is required!")
 
-        else:
-            raise Exception("A method relies on client/api_kind_version to be set")
+        if not token:
+            raise Exception("Token is required!")
+
+        self.client = self._get_client(server, token)
+        self.api_resources = self.get_api_resources()
 
         self.projects = set()
         self.init_projects = init_projects
         if self.init_projects:
-            if self.is_kind_supported("Project"):
-                kind = "Project.project.openshift.io"
-            else:
-                kind = "Namespace"
+            kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
             self.projects = {p["metadata"]["name"] for p in self.get_all(kind)["items"]}
 
     def __enter__(self) -> OCNative:
@@ -1367,8 +1382,10 @@ class OCNative(OCCli):
 
     @retry(max_attempts=5, exceptions=(ServerTimeoutError))
     def get_items(self, kind: str, **kwargs: Any) -> list[dict[str, Any]]:
-        k, group_version = self._parse_kind(kind)
-        obj_client = self._get_obj_client(group_version=group_version, kind=k)
+        resource = self.get_api_resource(kind)
+        obj_client = self._get_obj_client(
+            group_version=resource.group_version, kind=resource.kind
+        )
 
         namespace = ""
         if "namespace" in kwargs:
@@ -1420,8 +1437,10 @@ class OCNative(OCCli):
         name: str | None = None,
         allow_not_found: bool = False,
     ) -> dict[str, Any]:
-        k, group_version = self._parse_kind(kind)
-        obj_client = self._get_obj_client(group_version=group_version, kind=k)
+        resource = self.get_api_resource(kind)
+        obj_client = self._get_obj_client(
+            group_version=resource.group_version, kind=resource.kind
+        )
         try:
             obj = obj_client.get(
                 name=name,
@@ -1435,8 +1454,10 @@ class OCNative(OCCli):
             raise StatusCodeError(f"[{self.server}]: {e}") from None
 
     def get_all(self, kind: str, all_namespaces: bool = False) -> dict[str, Any]:
-        k, group_version = self._parse_kind(kind)
-        obj_client = self._get_obj_client(group_version=group_version, kind=k)
+        resource = self.get_api_resource(kind)
+        obj_client = self._get_obj_client(
+            group_version=resource.group_version, kind=resource.kind
+        )
         try:
             return obj_client.get(_request_timeout=REQUEST_TIMEOUT).to_dict()
         except NotFoundError as e:

reconcile/utils/oc_filters.py

@@ -19,19 +19,19 @@ class Namespace(Protocol):
 NS = TypeVar("NS", bound=Namespace)
 
 
-def filter_namespaces_by_cluster(
+def filter_namespaces_by_cluster[NS: Namespace](
     namespaces: Iterable[NS], cluster_names: Iterable[str]
 ) -> list[NS]:
     return [n for n in namespaces if n.cluster.name in cluster_names]
 
 
-def filter_namespaces_by_name(
+def filter_namespaces_by_name[NS: Namespace](
     namespaces: Iterable[NS], namespace_names: Iterable[str]
 ) -> list[NS]:
     return [n for n in namespaces if n.name in namespace_names]
 
 
-def filter_namespaces_by_cluster_and_namespace(
+def filter_namespaces_by_cluster_and_namespace[NS: Namespace](
     namespaces: Iterable[NS],
     cluster_names: Iterable[str] | None,
     namespace_names: Iterable[str] | None,

reconcile/utils/ocm/addons.py

@@ -188,7 +188,6 @@ class AddonServiceV2(AddonService):
                     next_run=policy.get("next_run"),
                     version=policy["version"],
                     state=policy.get("state"),
-                    addon_service=self,
                 )
             )
 

reconcile/utils/ocm/base.py

@@ -141,16 +141,16 @@ class OCMClusterAWSOperatorRole(BaseModel):
 
 
 class OCMAWSSTS(OCMClusterFlag):
-    role_arn: str | None
-    support_role_arn: str | None
-    oidc_endpoint_url: str | None
-    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None
-    instance_iam_roles: dict[str, str] | None
-    operator_role_prefix: str | None
+    role_arn: str | None = None
+    support_role_arn: str | None = None
+    oidc_endpoint_url: str | None = None
+    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None = None
+    instance_iam_roles: dict[str, str] | None = None
+    operator_role_prefix: str | None = None
 
 
 class OCMClusterAWSSettings(BaseModel):
-    sts: OCMAWSSTS | None
+    sts: OCMAWSSTS | None = None
 
     @property
     def sts_enabled(self) -> bool:
@@ -264,21 +264,21 @@ class OCMCluster(BaseModel):
     product: OCMModelLink
     identity_providers: OCMCollectionLink
 
-    aws: OCMClusterAWSSettings | None
+    aws: OCMClusterAWSSettings | None = None
 
     version: OCMClusterVersion
 
     hypershift: OCMClusterFlag
 
-    console: OCMClusterConsole | None
+    console: OCMClusterConsole | None = None
 
-    api: OCMClusterAPI | None
+    api: OCMClusterAPI | None = None
 
-    dns: OCMClusterDns | None
+    dns: OCMClusterDns | None = None
 
-    external_configuration: OCMExternalConfiguration | None
+    external_configuration: OCMExternalConfiguration | None = None
 
-    external_auth_config: OCMExternalAuthConfig | None
+    external_auth_config: OCMExternalAuthConfig | None = None
 
     def minor_version(self) -> str:
         version_info = parse_semver(self.version.raw_id)
@@ -570,15 +570,12 @@ class OCMOIdentityProviderGithub(OCMOIdentityProvider):
     )
 
 
-class OCMOIdentityProviderOidcOpenIdClaims(BaseModel):
+class OCMOIdentityProviderOidcOpenIdClaims(BaseModel, frozen=True):
     email: list[str]
     name: list[str] = []
     preferred_username: list[str]
     groups: list[str] = []
 
-    class Config:
-        frozen = True
-
 
 class OCMOIdentityProviderOidcOpenId(BaseModel):
     client_id: str
@@ -618,11 +615,11 @@ class OCMAddonUpgradePolicy(BaseModel):
     id: str
     addon_id: str
     cluster_id: str
-    next_run: str | None
-    schedule: str | None
+    next_run: str | None = None
+    schedule: str | None = None
     schedule_type: str
     version: str
-    state: str | None
+    state: str | None = None
 
 
 def build_label_container(

reconcile/utils/ocm/cluster_groups.py

@@ -17,7 +17,7 @@ def add_user_to_cluster_group(
     """
     ocm_api.post(
         build_cluster_group_users_url(cluster_id, group),
-        OCMClusterUser(id=user_name).dict(by_alias=True),
+        OCMClusterUser(id=user_name).model_dump(by_alias=True),
     )
 
 

reconcile/utils/ocm/identity_providers.py

@@ -42,7 +42,7 @@ def add_identity_provider(
         )
     ocm_api.post(
         api_path=ocm_cluster.identity_providers.href,
-        data=idp.dict(by_alias=True, exclude_none=True),
+        data=idp.model_dump(by_alias=True, exclude_none=True),
     )
 
 
@@ -55,7 +55,7 @@ def update_identity_provider(
         raise ValueError(f"IDP {idp.name} does not have a href!")
     ocm_api.patch(
         api_path=idp.href,
-        data=idp.dict(by_alias=True, exclude_none=True, exclude={"name"}),
+        data=idp.model_dump(by_alias=True, exclude_none=True, exclude={"name"}),
     )
 
 

reconcile/utils/ocm/labels.py

@@ -159,7 +159,7 @@ def build_container_for_prefix(
 
     return LabelContainer(
         labels={
-            strip_prefix_if_needed(label.key): label.copy(
+            strip_prefix_if_needed(label.key): label.model_copy(
                 update={"key": strip_prefix_if_needed(label.key)}
             )
             for label in container.labels.values()

reconcile/utils/ocm/products.py

@@ -47,6 +47,7 @@ SPEC_ATTR_MULTI_AZ = "multi_az"
 SPEC_ATTR_HYPERSHIFT = "hypershift"
 SPEC_ATTR_SUBNET_IDS = "subnet_ids"
 SPEC_ATTR_AVAILABILITY_ZONES = "availability_zones"
+SPEC_ATTR_FIPS = "fips"
 
 SPEC_ATTR_NETWORK = "network"
 IGNORE_NETWORK_TYPE_ATTR = "type"
@@ -177,10 +178,11 @@ class OCMProductOsd(OCMProduct):
             ],
             provision_shard_id=provision_shard_id,
             hypershift=cluster["hypershift"]["enabled"],
+            fips=cluster.get("fips") or False,
         )
 
         if not cluster["ccs"]["enabled"]:
-            cluster_spec_data = spec.dict()
+            cluster_spec_data = spec.model_dump()
             cluster_spec_data["storage"] = (
                 cluster["storage_quota"]["value"] // BYTES_IN_GIGABYTE
             )
@@ -227,7 +229,7 @@ class OCMProductOsd(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -257,6 +259,7 @@ class OCMProductOsd(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
+            "fips": cluster.spec.fips,
         }
 
         # Workaround to enable type checks.
@@ -426,6 +429,7 @@ class OCMProductRosa(OCMProduct):
             subnet_ids=cluster["aws"].get("subnet_ids"),
             availability_zones=cluster["nodes"].get("availability_zones"),
             oidc_endpoint_url=oidc_endpoint_url,
+            fips=cluster.get("fips") or False,
         )
 
         machine_pools = [
@@ -470,7 +474,7 @@ class OCMProductRosa(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -513,6 +517,7 @@ class OCMProductRosa(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
+            "fips": cluster.spec.fips,
         }
 
         provision_shard_id = cluster.spec.provision_shard_id
@@ -701,6 +706,7 @@ class OCMProductHypershift(OCMProduct):
             availability_zones=cluster["nodes"].get("availability_zones"),
             hypershift=cluster["hypershift"]["enabled"],
             oidc_endpoint_url=oidc_endpoint_url,
+            fips=cluster.get("fips") or False,
         )
 
         network = OCMClusterNetwork(

reconcile/utils/ocm/search_filters.py

@@ -5,7 +5,6 @@ from abc import (
 from collections.abc import Iterable
 from dataclasses import dataclass
 from datetime import (
-    UTC,
     datetime,
 )
 from enum import Enum
@@ -16,6 +15,8 @@ from typing import (
 
 import dateparser
 
+from reconcile.utils.datetime_util import utc_now
+
 
 @dataclass
 class FilterCondition:
@@ -166,17 +167,13 @@ class DateRangeCondition(FilterCondition):
             return date
         parsed = dateparser.parse(
             date,
-            settings={"RELATIVE_BASE": DateRangeCondition.now()},
+            settings={"RELATIVE_BASE": utc_now()},
         )
         if parsed is None:
             raise InvalidFilterError(f"Invalid relative date: {date}")
 
         return parsed
 
-    @staticmethod
-    def now() -> datetime:
-        return datetime.now(tz=UTC)
-
 
 class InvalidFilterError(Exception):
     pass

reconcile/utils/ocm/service_log.py

@@ -1,9 +1,7 @@
 from collections.abc import Generator
-from datetime import (
-    datetime,
-    timedelta,
-)
+from datetime import timedelta
 
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.ocm.base import (
     OCMClusterServiceLog,
     OCMClusterServiceLogCreateModel,
@@ -47,7 +45,7 @@ def create_service_log(
                 .eq("severity", service_log.severity.value)
                 .eq("summary", service_log.summary)
                 .eq("description", service_log.description)
-                .after("created_at", datetime.utcnow() - dedup_interval),
+                .after("created_at", utc_now() - dedup_interval),
             ),
             None,
         )
@@ -57,6 +55,6 @@ def create_service_log(
     return OCMClusterServiceLog(
         **ocm_api.post(
             api_path=CLUSTER_SERVICE_LOGS_CREATE_ENDPOINT,
-            data=service_log.dict(by_alias=True),
+            data=service_log.model_dump(by_alias=True),
         )
     )