qontract-reconcile 0.10.2.dev349__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

reconcile/acs_rbac.py

@@ -65,7 +65,7 @@ class AcsRole(BaseModel):
     assignments: list[AssignmentPair]
     permission_set_name: str
     access_scope: AcsAccessScope
-    system_default: bool | None
+    system_default: bool | None = None
 
     @classmethod
     def build(cls, permission: Permission, usernames: list[str]) -> Self:
@@ -151,7 +151,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
                 for permission in role.oidc_permissions or []:
                     if isinstance(permission, OidcPermissionAcsV1):
                         permission_usernames[
-                            Permission(**permission.dict(by_alias=True))
+                            Permission(**permission.model_dump(by_alias=True))
                         ].append(user.org_username)
         return list(starmap(AcsRole.build, permission_usernames.items()))
 

reconcile/aus/advanced_upgrade_service.py

@@ -1,13 +1,13 @@
 import logging
 from collections import defaultdict
 from datetime import timedelta
-from typing import Optional
+from typing import Annotated, Optional
 
 from pydantic import (
     BaseModel,
     Field,
     ValidationError,
-    validator,
+    field_validator,
 )
 from pydantic.dataclasses import dataclass
 
@@ -289,13 +289,16 @@ class OrganizationLabelSet(BaseModel):
 
     blocked_versions: CSV | None = Field(alias=aus_label_key("blocked-versions"))
 
-    sector_max_parallel_upgrades: dict[str, str] = labelset_groupfield(
-        group_prefix=aus_label_key("sector-max-parallel-upgrades.")
-    )
+    sector_max_parallel_upgrades: Annotated[
+        dict[str, str],
+        labelset_groupfield(
+            group_prefix=aus_label_key("sector-max-parallel-upgrades.")
+        ),
+    ]
 
-    sector_deps: dict[str, CSV] = labelset_groupfield(
-        group_prefix=aus_label_key("sector-deps.")
-    )
+    sector_deps: Annotated[
+        dict[str, CSV], labelset_groupfield(group_prefix=aus_label_key("sector-deps."))
+    ]
     """
     Each sector with dependencies is represented as a `sector-deps.<sector-name>` label
     with a CSV formatted list of dependant sectors. The custom `labelset_groupfield``
@@ -357,7 +360,7 @@ def _build_org_upgrade_spec(
         ]
 
     org_labelset = build_labelset(org_labels, OrganizationLabelSet)
-    final_org = org.copy(deep=True)
+    final_org = org.model_copy(deep=True)
     final_org.blocked_versions = org_labelset.blocked_versions  # type: ignore
     final_org.sectors = org_labelset.sector_dependencies()
     final_org.inherit_version_data = inherit_version_data
@@ -411,7 +414,7 @@ class ClusterUpgradePolicyLabelSet(BaseModel):
     """
 
     soak_days: int = Field(alias=aus_label_key("soak-days"), ge=0)
-    workloads: CSV = Field(alias=aus_label_key("workloads"), csv_min_items=1)
+    workloads: CSV = Field(alias=aus_label_key("workloads"), min_length=1)
     schedule: str = Field(alias=aus_label_key("schedule"))
     mutexes: CSV | None = Field(alias=aus_label_key("mutexes"))
     sector: str | None = Field(alias=aus_label_key("sector"))
@@ -419,14 +422,14 @@ class ClusterUpgradePolicyLabelSet(BaseModel):
     version_gate_approvals: CSV | None = Field(
         alias=aus_label_key("version-gate-approvals")
     )
-    _schedule_validator = validator("schedule", allow_reuse=True)(cron_validator)
+    _schedule_validator = field_validator("schedule")(cron_validator)
 
     def build_labels_dict(self) -> dict[str, str]:
         """
         Build a dictionary of all labels in this labelset.
         """
         labels = {}
-        for k, v in self.dict(by_alias=True).items():
+        for k, v in self.model_dump(by_alias=True).items():
             if v is None:
                 continue
             if isinstance(v, list):

reconcile/aus/base.py

@@ -1,4 +1,3 @@
-import datetime as dt
 import logging
 import sys
 from abc import (
@@ -17,7 +16,7 @@ from typing import (
 )
 
 from croniter import croniter
-from pydantic import BaseModel, Extra
+from pydantic import BaseModel
 from requests.exceptions import HTTPError
 from semver import VersionInfo
 
@@ -71,6 +70,12 @@ from reconcile.utils.clusterhealth.telemeter import (
     TELEMETER_SOURCE,
     TelemeterClusterHealthProvider,
 )
+from reconcile.utils.datetime_util import (
+    ensure_utc,
+    from_utc_iso_format,
+    to_utc_seconds_iso_format,
+    utc_now,
+)
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
 from reconcile.utils.filtering import remove_none_values_from_dict
@@ -399,12 +404,12 @@ class AbstractUpgradePolicy(ABC, BaseModel):
 
     cluster: OCMCluster
 
-    id: str | None
-    next_run: str | None
-    schedule: str | None
+    id: str | None = None
+    next_run: str | None = None
+    schedule: str | None = None
     schedule_type: str
     version: str
-    state: str | None
+    state: str | None = None
 
     @abstractmethod
     def create(self, ocm_api: OCMBaseClient) -> None:
@@ -420,20 +425,17 @@ class AbstractUpgradePolicy(ABC, BaseModel):
 
 
 def addon_upgrade_policy_soonest_next_run() -> str:
-    now = datetime.now(tz=dt.UTC)
+    now = utc_now()
     next_run = now + timedelta(minutes=MIN_DELTA_MINUTES)
-    return next_run.strftime("%Y-%m-%dT%H:%M:%SZ")
+    return to_utc_seconds_iso_format(next_run)
 
 
-class AddonUpgradePolicy(AbstractUpgradePolicy):
+class AddonUpgradePolicy(AbstractUpgradePolicy, arbitrary_types_allowed=True):
     """Class to create and delete Addon upgrade policies in OCM"""
 
     addon_id: str
     addon_service: AddonService
 
-    class Config:
-        arbitrary_types_allowed = True
-
     def create(self, ocm_api: OCMBaseClient) -> None:
         self.addon_service.create_addon_upgrade_policy(
             ocm_api=ocm_api,
@@ -516,9 +518,10 @@ class ControlPlaneUpgradePolicy(AbstractUpgradePolicy):
 
 
 class NodePoolUpgradePolicy(AbstractUpgradePolicy):
-    node_pool: str
     """Class to create NodePoolUpgradePolicies in OCM"""
 
+    node_pool: str
+
     def create(self, ocm_api: OCMBaseClient) -> None:
         policy = {
             "version": self.version,
@@ -545,7 +548,7 @@ class NodePoolUpgradePolicy(AbstractUpgradePolicy):
         return f"node pool upgrade policy - {remove_none_values_from_dict(details)}"
 
 
-class UpgradePolicyHandler(BaseModel, extra=Extra.forbid):
+class UpgradePolicyHandler(BaseModel, extra="forbid"):
     """Class to handle upgrade policy actions"""
 
     action: str
@@ -638,8 +641,8 @@ def update_history(
         version_data (VersionData): version data, including history of soakdays
         upgrade_policies (list): query results of clusters upgrade policies
     """
-    now = datetime.utcnow()
-    check_in = version_data.check_in or now
+    now = utc_now()
+    check_in = ensure_utc(version_data.check_in or now)
 
     # we iterate over clusters upgrade policies and update the version history
     for spec in org_upgrade_spec.specs:
@@ -930,7 +933,7 @@ def verify_schedule_should_skip(
     # immediately
     delay_minutes = 1 if addon_id else MIN_DELTA_MINUTES
     next_schedule = iter.get_next(
-        dt.datetime, start_time=now + timedelta(minutes=delay_minutes)
+        datetime, start_time=now + timedelta(minutes=delay_minutes)
     )
     next_schedule_in_seconds = (next_schedule - now).total_seconds()
     next_schedule_in_hours = next_schedule_in_seconds / 3600  # seconds in hour
@@ -947,7 +950,7 @@ def verify_schedule_should_skip(
             f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster with no upcoming upgrade"
         )
         return None
-    return next_schedule.strftime("%Y-%m-%dT%H:%M:%SZ")
+    return to_utc_seconds_iso_format(next_schedule)
 
 
 def verify_max_upgrades_should_skip(
@@ -1024,8 +1027,8 @@ def _calculate_node_pool_diffs(
 ) -> UpgradePolicyHandler | None:
     for pool in spec.node_pools:
         if parse_semver(pool.version).match(f"<{spec.current_version}"):
-            next_schedule = (now + timedelta(minutes=MIN_DELTA_MINUTES)).strftime(
-                "%Y-%m-%dT%H:%M:%SZ"
+            next_schedule = to_utc_seconds_iso_format(
+                now + timedelta(minutes=MIN_DELTA_MINUTES)
             )
             return UpgradePolicyHandler(
                 action="create",
@@ -1082,7 +1085,7 @@ def calculate_diff(
             set_upgrading(spec.cluster.id, spec.effective_mutexes, sector_name)
 
     addon_service = init_addon_service(desired_state.org.environment)
-    now = datetime.utcnow()
+    now = utc_now()
     gates = get_version_gates(ocm_api)
     for spec in desired_state.specs:
         sector_name = spec.upgrade_policy.conditions.sector
@@ -1119,12 +1122,10 @@ def calculate_diff(
                     UpgradePolicyHandler(
                         action="create",
                         policy=AddonUpgradePolicy(
-                            action="create",
                             cluster=spec.cluster,
                             version=version,
                             schedule_type="manual",
                             addon_id=addon_id,
-                            upgrade_type="ADDON",
                             addon_service=addon_service,
                         ),
                     )
@@ -1297,10 +1298,8 @@ def remaining_soak_day_metric_values_for_cluster(
                 remaining_soakdays[idx] = UPGRADE_STARTED_METRIC_VALUE
                 if current_upgrade.next_run:
                     # if an upgrade runs for over 6 hours, we mark it as a long running upgrade
-                    next_run = datetime.strptime(
-                        current_upgrade.next_run, "%Y-%m-%dT%H:%M:%SZ"
-                    )
-                    now = datetime.utcnow()
+                    next_run = from_utc_iso_format(current_upgrade.next_run)
+                    now = utc_now()
                     hours_ago = (now - next_run).total_seconds() / 3600
                     if hours_ago >= 6:
                         remaining_soakdays[idx] = UPGRADE_LONG_RUNNING_METRIC_VALUE

reconcile/aus/cluster_version_data.py

@@ -1,4 +1,3 @@
-import json
 from collections.abc import Iterable
 from datetime import datetime
 from typing import (
@@ -20,6 +19,17 @@ class WorkloadHistory(BaseModel):
     soak_days: float = 0.0
     reporting: list[str] = Field(default_factory=list)
 
+    def __eq__(self, value: Any) -> bool:
+        if isinstance(value, WorkloadHistory):
+            return super().__eq__(value)
+
+        if isinstance(value, dict):
+            return self.soak_days == value.get("soak_days", 0.0) and sorted(
+                self.reporting
+            ) == sorted(value.get("reporting", []))
+
+        return False
+
 
 class VersionHistory(BaseModel):
     workloads: dict[str, WorkloadHistory] = Field(default_factory=dict)
@@ -38,7 +48,7 @@ class Stats(BaseModel):
 
     min_version: str
     min_version_per_workload: dict[str, str] = Field(default_factory=dict)
-    inherited: Optional["Stats"]
+    inherited: Optional["Stats"] = None
 
     def inherit(self, added: "Stats") -> None:
         """adds the provided stats to our inherited data
@@ -93,12 +103,12 @@ class VersionData(BaseModel):
     upgrade policies.
     """
 
-    check_in: datetime | None
+    check_in: datetime | None = None
     versions: dict[str, VersionHistory] = Field(default_factory=dict)
-    stats: Stats | None
+    stats: Stats | None = None
 
     def jsondict(self) -> dict[str, Any]:
-        return json.loads(self.json(exclude_none=True))
+        return self.model_dump(mode="json", exclude_none=True)
 
     def save(self, state: State, ocm_name: str) -> None:
         state.add(ocm_name, self.jsondict(), force=True)

reconcile/aus/models.py

@@ -232,7 +232,7 @@ class SectorConfigError(Exception):
 
 class Sector(BaseModel):
     name: str
-    max_parallel_upgrades: str | None
+    max_parallel_upgrades: str | None = None
     dependencies: list[Sector] = Field(default_factory=list)
     _specs: dict[str, ClusterUpgradeSpec] = PrivateAttr(default_factory=dict)
 

reconcile/automated_actions/config/integration.py

@@ -20,6 +20,7 @@ from reconcile.gql_definitions.automated_actions.instance import (
     AutomatedActionExternalResourceFlushElastiCacheV1,
     AutomatedActionExternalResourceRdsRebootV1,
     AutomatedActionExternalResourceRdsSnapshotV1,
+    AutomatedActionOpenshiftTriggerCronjobV1,
     AutomatedActionOpenshiftWorkloadDeleteV1,
     AutomatedActionOpenshiftWorkloadRestartArgumentV1,
     AutomatedActionOpenshiftWorkloadRestartV1,
@@ -82,7 +83,7 @@ class AutomatedActionsConfigIntegration(
             query_func = gql.get_api().query
         return {
             "automated_actions_instances": [
-                c.dict() for c in self.get_automated_actions_instances(query_func)
+                c.model_dump() for c in self.get_automated_actions_instances(query_func)
             ]
         }
 
@@ -167,7 +168,7 @@ class AutomatedActionsConfigIntegration(
                 case AutomatedActionActionListV1():
                     # no special handling needed, just dump the values
                     parameters.extend(
-                        arg.dict(exclude_none=True, exclude_defaults=True)
+                        arg.model_dump(exclude_none=True, exclude_defaults=True)
                         for arg in action.action_list_arguments or []
                     )
                 case AutomatedActionExternalResourceFlushElastiCacheV1():
@@ -205,6 +206,17 @@ class AutomatedActionsConfigIntegration(
                                 "account": f"^{rds_snapshot_er.provisioner.name}$",
                                 "identifier": rds_snapshot_arg.identifier,
                             })
+                case AutomatedActionOpenshiftTriggerCronjobV1():
+                    parameters.extend(
+                        {
+                            # all parameter values are regexes in the OPA policy
+                            # therefore, cluster and namespace must be fixed to the current strings
+                            "cluster": f"^{arg.namespace.cluster.name}$",
+                            "namespace": f"^{arg.namespace.name}$",
+                            "cronjob": arg.cronjob,
+                        }
+                        for arg in action.openshift_trigger_cronjob_arguments
+                    )
                 case AutomatedActionOpenshiftWorkloadDeleteV1():
                     parameters.extend(
                         {
@@ -257,7 +269,7 @@ class AutomatedActionsConfigIntegration(
             {
                 "users": {user.username: sorted(user.roles) for user in users},
                 "roles": {
-                    role: [policy.dict() for policy in policies]
+                    role: [policy.model_dump() for policy in policies]
                     for role, policies in roles.items()
                 },
             },

reconcile/aws_account_manager/integration.py

@@ -1,5 +1,4 @@
 from collections.abc import Callable, Iterable
-from datetime import UTC, datetime
 from typing import Any
 
 import jinja2
@@ -26,6 +25,7 @@ from reconcile.typed_queries.gitlab_instances import get_gitlab_instances
 from reconcile.utils import gql, metrics
 from reconcile.utils.aws_api_typed.api import AWSApi, AWSStaticCredentials
 from reconcile.utils.aws_api_typed.iam import AWSAccessKey
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
 from reconcile.utils.runtime.integration import (
@@ -42,14 +42,14 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
 
 
 class AwsAccountMgmtIntegrationParams(PydanticRunParams):
-    account_name: str | None
+    account_name: str | None = None
     flavor: str
     organization_account_role: str = "OrganizationAccountAccessRole"
     default_tags: dict[str, str] = {}
     initial_user_name: str = "terraform"
     initial_user_policy_arn: str = "arn:aws:iam::aws:policy/AdministratorAccess"
     initial_user_secret_vault_path: str = (
-        "app-sre-v2/creds/terraform/{account_name}/config"
+        "app-sre-v2/creds/terraform/{account_name}/config"  # noqa: RUF027
     )
     # To avoid the accidental deletion of the resource file, explicitly set the
     # qontract.cli option in the integration extraArgs!
@@ -76,9 +76,9 @@ class AwsAccountMgmtIntegration(
             query_func, account_name=self.params.account_name
         )
         return {
-            "payer_accounts": [account.dict() for account in payer_accounts],
+            "payer_accounts": [account.model_dump() for account in payer_accounts],
             "non_organization_accounts": [
-                account.dict() for account in non_organization_accounts
+                account.model_dump() for account in non_organization_accounts
             ],
         }
 
@@ -98,10 +98,10 @@ class AwsAccountMgmtIntegration(
             lstrip_blocks=True,
             keep_trailing_newline=True,
         ).render({
-            "accountRequest": account_request.dict(by_alias=True),
+            "accountRequest": account_request.model_dump(by_alias=True),
             "uid": uid,
             "settings": settings,
-            "timestamp": int(datetime.now(tz=UTC).timestamp()),
+            "timestamp": int(utc_now().timestamp()),
         })
         return tmpl
 
@@ -187,7 +187,7 @@ class AwsAccountMgmtIntegration(
                     template=account_template,
                     account_request=account_request,
                     uid=uid,
-                    settings=self.params.dict(),
+                    settings=self.params.model_dump(),
                 ),
                 account_request_file_path=f"data/{account_request.path.strip('/')}",
             )

reconcile/aws_account_manager/reconciler.py

@@ -35,7 +35,7 @@ class Quota(Protocol):
     quota_code: str
     value: float
 
-    def dict(self) -> dict[str, Any]: ...
+    def model_dump(self) -> dict[str, Any]: ...
 
 
 class Contact(Protocol):
@@ -44,7 +44,7 @@ class Contact(Protocol):
     email: str
     phone_number: str
 
-    def dict(self) -> dict[str, Any]: ...
+    def model_dump(self) -> dict[str, Any]: ...
 
 
 class AWSReconciler:
@@ -167,7 +167,7 @@ class AWSReconciler:
         self, aws_api: AWSApi, name: str, quotas: Iterable[Quota]
     ) -> list[str] | None:
         """Request service quota changes."""
-        quotas_dict = [q.dict() for q in quotas]
+        quotas_dict = [q.model_dump() for q in quotas]
         with self.state.transaction(
             state_key(name, TASK_REQUEST_SERVICE_QUOTA)
         ) as _state:

reconcile/aws_ami_cleanup/integration.py

@@ -26,6 +26,7 @@ from reconcile.typed_queries.app_interface_vault_settings import (
 )
 from reconcile.utils import gql
 from reconcile.utils.aws_api import AWSApi
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.parse_dhms_duration import dhms_to_seconds
 from reconcile.utils.secret_reader import create_secret_reader
@@ -39,15 +40,12 @@ QONTRACT_INTEGRATION = "aws_ami_cleanup"
 MANAGED_TAG = {"Key": "managed_by_integration", "Value": QONTRACT_INTEGRATION}
 
 
-class AWSAmi(BaseModel):
+class AWSAmi(BaseModel, frozen=True):
     name: str
     image_id: str
     creation_date: datetime
     snapshot_ids: list[str]
 
-    class Config:
-        frozen = True
-
 
 def get_aws_amis_from_launch_templates(ec2_client: EC2Client) -> set[str]:
     amis = set()
@@ -77,7 +75,7 @@ def get_aws_amis(
     owner: str,
     regex: str,
     age_in_seconds: int,
-    utc_now: datetime,
+    now: datetime,
 ) -> list[AWSAmi]:
     """Get amis that match regex older than given age"""
 
@@ -89,10 +87,8 @@ def get_aws_amis(
             if not re.search(pattern, image["Name"]):
                 continue
 
-            creation_date = datetime.strptime(
-                image["CreationDate"], "%Y-%m-%dT%H:%M:%S.%fZ"
-            )
-            current_delta = utc_now - creation_date
+            creation_date = from_utc_iso_format(image["CreationDate"])
+            current_delta = now - creation_date
             delete_delta = timedelta(seconds=age_in_seconds)
 
             if current_delta < delete_delta:
@@ -135,7 +131,7 @@ def get_region(
 
 @defer
 def run(dry_run: bool, thread_pool_size: int, defer: Callable | None = None) -> None:
-    utc_now = datetime.utcnow()
+    now = utc_now()
     gqlapi = gql.get_api()
     aws_accounts = aws_accounts_query(gqlapi.query).accounts
 
@@ -177,7 +173,7 @@ def run(dry_run: bool, thread_pool_size: int, defer: Callable | None = None) ->
     # Build AWSApi object. We will use all those accounts listed in ami_accounts since
     # we will also need to look for used AMIs.
     accounts_dicted = [
-        account.dict(by_alias=True)
+        account.model_dump(by_alias=True)
         for account in aws_accounts or []
         if account.name in ami_accounts
     ]
@@ -222,7 +218,7 @@ def run(dry_run: bool, thread_pool_size: int, defer: Callable | None = None) ->
                 owner=account.uid,
                 regex=cleanup_config.regex,
                 age_in_seconds=age_in_seconds,
-                utc_now=utc_now,
+                now=now,
             )
 
             for ami in aws_amis:

reconcile/aws_ami_share.py

@@ -1,17 +1,19 @@
 import logging
+import re
 from collections.abc import (
-    Callable,
     Iterable,
     Mapping,
 )
 from typing import Any
 
 from reconcile import queries
+from reconcile.typed_queries.aws_account_tags import get_aws_account_tags
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils.aws_api import AWSApi
-from reconcile.utils.defer import defer
 
 QONTRACT_INTEGRATION = "aws-ami-share"
-MANAGED_TAG = {"Key": "managed_by_integration", "Value": QONTRACT_INTEGRATION}
+
+MANAGED_TAG = {"managed_by_integration": QONTRACT_INTEGRATION}
 
 
 def filter_accounts(accounts: Iterable[dict[str, Any]]) -> list[dict[str, Any]]:
@@ -37,65 +39,70 @@ def get_region(
     return region
 
 
-@defer
-def run(dry_run: bool, defer: Callable | None = None) -> None:
+def share_ami(
+    dry_run: bool,
+    src_account: Mapping[str, Any],
+    share: Mapping[str, Any],
+    default_tags: dict[str, str],
+    aws_api: AWSApi,
+) -> None:
+    dst_account = share["account"]
+    regex = re.compile(share["regex"])
+    region = get_region(share, src_account, dst_account)
+    src_amis = aws_api.get_amis_details(src_account, src_account, regex, region)
+    dst_amis = aws_api.get_amis_details(dst_account, src_account, regex, region)
+
+    for ami_id, src_ami_tags in src_amis.items():
+        dst_ami_tags = dst_amis.get(ami_id)
+        if dst_ami_tags is None:
+            logging.info([
+                "share_ami",
+                src_account["name"],
+                dst_account["name"],
+                ami_id,
+            ])
+            if not dry_run:
+                aws_api.share_ami(src_account, dst_account["uid"], ami_id, region)
+        dst_account_tags = default_tags | get_aws_account_tags(
+            dst_account.get("organization", None)
+        )
+        desired_tags = src_ami_tags | dst_account_tags | MANAGED_TAG
+        current_tags = dst_ami_tags or {}
+
+        if desired_tags != current_tags:
+            logging.info([
+                "tag_shared_ami",
+                dst_account["name"],
+                ami_id,
+                desired_tags,
+            ])
+            if not dry_run:
+                aws_api.create_tags(dst_account, ami_id, desired_tags)
+
+
+def run(dry_run: bool) -> None:
     accounts = queries.get_aws_accounts(sharing=True)
     sharing_accounts = filter_accounts(accounts)
     settings = queries.get_app_interface_settings()
-    aws_api = AWSApi(1, sharing_accounts, settings=settings, init_users=False)
-    if defer:
-        defer(aws_api.cleanup)
-
-    for src_account in sharing_accounts:
-        sharing = src_account.get("sharing")
-        if not sharing:
-            continue
-        for share in sharing:
-            if share["provider"] != "ami":
-                continue
-            dst_account = share["account"]
-            regex = share["regex"]
-            region = get_region(share, src_account, dst_account)
-            src_amis = aws_api.get_amis_details(src_account, src_account, regex, region)
-            dst_amis = aws_api.get_amis_details(dst_account, src_account, regex, region)
-
-            for src_ami in src_amis:
-                src_ami_id = src_ami["image_id"]
-                found_dst_amis = [d for d in dst_amis if d["image_id"] == src_ami_id]
-                if not found_dst_amis:
-                    logging.info([
-                        "share_ami",
-                        src_account["name"],
-                        dst_account["name"],
-                        src_ami_id,
-                    ])
-                    if not dry_run:
-                        aws_api.share_ami(
-                            src_account, dst_account["uid"], src_ami_id, region
-                        )
-                    # we assume an unshared ami does not have tags
-                    found_dst_amis = [{"image_id": src_ami_id, "tags": []}]
-
-                dst_ami = found_dst_amis[0]
-                dst_ami_id = dst_ami["image_id"]
-                dst_ami_tags = dst_ami["tags"]
-                if MANAGED_TAG not in dst_ami_tags:
-                    logging.info([
-                        "tag_shared_ami",
-                        dst_account["name"],
-                        dst_ami_id,
-                        MANAGED_TAG,
-                    ])
-                    if not dry_run:
-                        aws_api.create_tag(dst_account, dst_ami_id, MANAGED_TAG)
-                src_ami_tags = src_ami["tags"]
-                for src_tag in src_ami_tags:
-                    if src_tag not in dst_ami_tags:
-                        logging.info([
-                            "tag_shared_ami",
-                            dst_account["name"],
-                            dst_ami_id,
-                            src_tag,
-                        ])
-                        if not dry_run:
-                            aws_api.create_tag(dst_account, dst_ami_id, src_tag)
+    try:
+        default_tags = get_settings().default_tags
+    except ValueError:
+        # no external resources settings found
+        default_tags = {}
+
+    with AWSApi(
+        1,
+        sharing_accounts,
+        settings=settings,
+        init_users=False,
+    ) as aws_api:
+        for src_account in sharing_accounts:
+            for share in src_account.get("sharing") or []:
+                if share["provider"] == "ami":
+                    share_ami(
+                        dry_run=dry_run,
+                        src_account=src_account,
+                        share=share,
+                        default_tags=default_tags,
+                        aws_api=aws_api,
+                    )