qontract-reconcile 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev430__py3-none-any.whl

reconcile/utils/ocm/base.py

@@ -141,16 +141,16 @@ class OCMClusterAWSOperatorRole(BaseModel):
 
 
 class OCMAWSSTS(OCMClusterFlag):
-    role_arn: str | None
-    support_role_arn: str | None
-    oidc_endpoint_url: str | None
-    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None
-    instance_iam_roles: dict[str, str] | None
-    operator_role_prefix: str | None
+    role_arn: str | None = None
+    support_role_arn: str | None = None
+    oidc_endpoint_url: str | None = None
+    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None = None
+    instance_iam_roles: dict[str, str] | None = None
+    operator_role_prefix: str | None = None
 
 
 class OCMClusterAWSSettings(BaseModel):
-    sts: OCMAWSSTS | None
+    sts: OCMAWSSTS | None = None
 
     @property
     def sts_enabled(self) -> bool:
@@ -264,21 +264,21 @@ class OCMCluster(BaseModel):
     product: OCMModelLink
     identity_providers: OCMCollectionLink
 
-    aws: OCMClusterAWSSettings | None
+    aws: OCMClusterAWSSettings | None = None
 
     version: OCMClusterVersion
 
     hypershift: OCMClusterFlag
 
-    console: OCMClusterConsole | None
+    console: OCMClusterConsole | None = None
 
-    api: OCMClusterAPI | None
+    api: OCMClusterAPI | None = None
 
-    dns: OCMClusterDns | None
+    dns: OCMClusterDns | None = None
 
-    external_configuration: OCMExternalConfiguration | None
+    external_configuration: OCMExternalConfiguration | None = None
 
-    external_auth_config: OCMExternalAuthConfig | None
+    external_auth_config: OCMExternalAuthConfig | None = None
 
     def minor_version(self) -> str:
         version_info = parse_semver(self.version.raw_id)
@@ -570,15 +570,12 @@ class OCMOIdentityProviderGithub(OCMOIdentityProvider):
     )
 
 
-class OCMOIdentityProviderOidcOpenIdClaims(BaseModel):
+class OCMOIdentityProviderOidcOpenIdClaims(BaseModel, frozen=True):
     email: list[str]
     name: list[str] = []
     preferred_username: list[str]
     groups: list[str] = []
 
-    class Config:
-        frozen = True
-
 
 class OCMOIdentityProviderOidcOpenId(BaseModel):
     client_id: str
@@ -618,11 +615,11 @@ class OCMAddonUpgradePolicy(BaseModel):
     id: str
     addon_id: str
     cluster_id: str
-    next_run: str | None
-    schedule: str | None
+    next_run: str | None = None
+    schedule: str | None = None
     schedule_type: str
     version: str
-    state: str | None
+    state: str | None = None
 
 
 def build_label_container(

reconcile/utils/ocm/cluster_groups.py

@@ -17,7 +17,7 @@ def add_user_to_cluster_group(
     """
     ocm_api.post(
         build_cluster_group_users_url(cluster_id, group),
-        OCMClusterUser(id=user_name).dict(by_alias=True),
+        OCMClusterUser(id=user_name).model_dump(by_alias=True),
     )
 
 

reconcile/utils/ocm/identity_providers.py

@@ -42,7 +42,7 @@ def add_identity_provider(
         )
     ocm_api.post(
         api_path=ocm_cluster.identity_providers.href,
-        data=idp.dict(by_alias=True, exclude_none=True),
+        data=idp.model_dump(by_alias=True, exclude_none=True),
     )
 
 
@@ -55,7 +55,7 @@ def update_identity_provider(
         raise ValueError(f"IDP {idp.name} does not have a href!")
     ocm_api.patch(
         api_path=idp.href,
-        data=idp.dict(by_alias=True, exclude_none=True, exclude={"name"}),
+        data=idp.model_dump(by_alias=True, exclude_none=True, exclude={"name"}),
     )
 
 

reconcile/utils/ocm/labels.py

@@ -159,7 +159,7 @@ def build_container_for_prefix(
 
     return LabelContainer(
         labels={
-            strip_prefix_if_needed(label.key): label.copy(
+            strip_prefix_if_needed(label.key): label.model_copy(
                 update={"key": strip_prefix_if_needed(label.key)}
             )
             for label in container.labels.values()

reconcile/utils/ocm/products.py

@@ -178,11 +178,11 @@ class OCMProductOsd(OCMProduct):
             ],
             provision_shard_id=provision_shard_id,
             hypershift=cluster["hypershift"]["enabled"],
-            fips=cluster.get("fips"),
+            fips=cluster.get("fips") or False,
         )
 
         if not cluster["ccs"]["enabled"]:
-            cluster_spec_data = spec.dict()
+            cluster_spec_data = spec.model_dump()
             cluster_spec_data["storage"] = (
                 cluster["storage_quota"]["value"] // BYTES_IN_GIGABYTE
             )
@@ -229,7 +229,7 @@ class OCMProductOsd(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -259,7 +259,7 @@ class OCMProductOsd(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
-            "fips": bool(cluster.spec.fips),
+            "fips": cluster.spec.fips,
         }
 
         # Workaround to enable type checks.
@@ -429,7 +429,7 @@ class OCMProductRosa(OCMProduct):
             subnet_ids=cluster["aws"].get("subnet_ids"),
             availability_zones=cluster["nodes"].get("availability_zones"),
             oidc_endpoint_url=oidc_endpoint_url,
-            fips=cluster.get("fips"),
+            fips=cluster.get("fips") or False,
         )
 
         machine_pools = [
@@ -474,7 +474,7 @@ class OCMProductRosa(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -517,7 +517,7 @@ class OCMProductRosa(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
-            "fips": bool(cluster.spec.fips),
+            "fips": cluster.spec.fips,
         }
 
         provision_shard_id = cluster.spec.provision_shard_id
@@ -706,7 +706,7 @@ class OCMProductHypershift(OCMProduct):
             availability_zones=cluster["nodes"].get("availability_zones"),
             hypershift=cluster["hypershift"]["enabled"],
             oidc_endpoint_url=oidc_endpoint_url,
-            fips=cluster.get("fips"),
+            fips=cluster.get("fips") or False,
         )
 
         network = OCMClusterNetwork(

reconcile/utils/ocm/search_filters.py

@@ -5,7 +5,6 @@ from abc import (
 from collections.abc import Iterable
 from dataclasses import dataclass
 from datetime import (
-    UTC,
     datetime,
 )
 from enum import Enum
@@ -16,6 +15,8 @@ from typing import (
 
 import dateparser
 
+from reconcile.utils.datetime_util import utc_now
+
 
 @dataclass
 class FilterCondition:
@@ -166,17 +167,13 @@ class DateRangeCondition(FilterCondition):
             return date
         parsed = dateparser.parse(
             date,
-            settings={"RELATIVE_BASE": DateRangeCondition.now()},
+            settings={"RELATIVE_BASE": utc_now()},
         )
         if parsed is None:
             raise InvalidFilterError(f"Invalid relative date: {date}")
 
         return parsed
 
-    @staticmethod
-    def now() -> datetime:
-        return datetime.now(tz=UTC)
-
 
 class InvalidFilterError(Exception):
     pass

reconcile/utils/ocm/service_log.py

@@ -1,9 +1,7 @@
 from collections.abc import Generator
-from datetime import (
-    datetime,
-    timedelta,
-)
+from datetime import timedelta
 
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.ocm.base import (
     OCMClusterServiceLog,
     OCMClusterServiceLogCreateModel,
@@ -47,7 +45,7 @@ def create_service_log(
                 .eq("severity", service_log.severity.value)
                 .eq("summary", service_log.summary)
                 .eq("description", service_log.description)
-                .after("created_at", datetime.utcnow() - dedup_interval),
+                .after("created_at", utc_now() - dedup_interval),
             ),
             None,
         )
@@ -57,6 +55,6 @@ def create_service_log(
     return OCMClusterServiceLog(
         **ocm_api.post(
             api_path=CLUSTER_SERVICE_LOGS_CREATE_ENDPOINT,
-            data=service_log.dict(by_alias=True),
+            data=service_log.model_dump(by_alias=True),
         )
     )

reconcile/utils/ocm/sre_capability_labels.py

@@ -1,7 +1,7 @@
 from typing import Any
 
-from pydantic import Field
-from pydantic.fields import ModelField
+from pydantic import WithJsonSchema
+from pydantic.fields import FieldInfo
 
 from reconcile.utils.ocm.base import (
     LabelContainer,
@@ -22,11 +22,11 @@ def sre_capability_label_key(
     return f"sre-capabilities.{sre_capability}.{config_atom}"
 
 
-def labelset_groupfield(group_prefix: str) -> Any:
+def labelset_groupfield(group_prefix: str) -> WithJsonSchema:
     """
     Helper function to build the FieldMeta for a labelset field that groups labels.
     """
-    return Field(group_by_prefix=group_prefix)
+    return WithJsonSchema({"group_by_prefix": group_prefix})
 
 
 def build_labelset(
@@ -36,16 +36,23 @@ def build_labelset(
     Instantiates a dataclass from a set of labels.
     """
     raw_data = {
-        field.alias: _labelset_field_value(labels, field)
-        for field in dataclass.__fields__.values()
+        field.alias or name: _labelset_field_value(labels, name, field)
+        for name, field in dataclass.model_fields.items()
     }
     return dataclass(**raw_data)
 
 
-def _labelset_field_value(labels: LabelContainer, field: ModelField) -> Any | None:
-    key_prefix = field.field_info.extra.get("group_by_prefix")
-    if key_prefix:
-        return build_container_for_prefix(
-            labels, key_prefix, strip_key_prefix=True
-        ).get_values_dict()
-    return labels.get_label_value(field.alias)
+def _labelset_field_value(
+    labels: LabelContainer, name: str, field: FieldInfo
+) -> Any | None:
+    schema = next((m for m in field.metadata if isinstance(m, WithJsonSchema)), None)
+    if (
+        schema is None
+        or not schema.json_schema
+        or "group_by_prefix" not in schema.json_schema
+    ):
+        return labels.get_label_value(field.alias or name)
+
+    return build_container_for_prefix(
+        labels, schema.json_schema["group_by_prefix"], strip_key_prefix=True
+    ).get_values_dict()

reconcile/utils/openshift_resource.py

@@ -4,8 +4,8 @@ from __future__ import annotations
 import base64
 import contextlib
 import copy
-import datetime
 import hashlib
+import logging
 import re
 from threading import Lock
 from typing import TYPE_CHECKING, Any
@@ -14,6 +14,7 @@ import semver
 from pydantic import BaseModel
 
 from reconcile.external_resources.meta import SECRET_UPDATED_AT
+from reconcile.utils.datetime_util import to_utc_seconds_iso_format, utc_now
 from reconcile.utils.json import json_dumps
 from reconcile.utils.metrics import GaugeMetric
 
@@ -368,8 +369,8 @@ class OpenshiftResource:
         annotations[QONTRACT_ANNOTATION_INTEGRATION] = self.integration
         annotations[QONTRACT_ANNOTATION_INTEGRATION_VERSION] = self.integration_version
         annotations[QONTRACT_ANNOTATION_SHA256SUM] = sha256sum
-        now = datetime.datetime.utcnow().replace(microsecond=0).isoformat()
-        annotations[QONTRACT_ANNOTATION_UPDATE] = now
+        now = utc_now()
+        annotations[QONTRACT_ANNOTATION_UPDATE] = to_utc_seconds_iso_format(now)
         if self.caller_name:
             annotations[QONTRACT_ANNOTATION_CALLER_NAME] = self.caller_name
 
@@ -601,6 +602,10 @@ class ResourceInventory:
         resource: OpenshiftResource,
         privileged: bool = False,
     ) -> None:
+        if cluster not in self._clusters:
+            logging.error(f"Cluster {cluster} not initialized in ResourceInventory")
+            return
+
         if resource.kind_and_group in self._clusters[cluster][namespace]:
             kind = resource.kind_and_group
         else:

reconcile/utils/pagerduty_api.py

@@ -3,8 +3,7 @@ from collections.abc import (
     Callable,
     Iterable,
 )
-from datetime import datetime as dt
-from datetime import timedelta
+from datetime import datetime, timedelta
 from typing import (
     Protocol,
 )
@@ -14,6 +13,7 @@ import requests
 from pydantic import BaseModel
 from sretoolbox.utils import retry
 
+from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.secret_reader import (
     HasSecret,
     SecretReader,
@@ -52,10 +52,13 @@ class PagerDutyTarget(Protocol):
     which must be implemented by a class to be compatible."""
 
     name: str
-    instance: PagerDutyInstance
     escalation_policy_id: str | None
     schedule_id: str | None
 
+    @property
+    def instance(self) -> PagerDutyInstance:
+        pass
+
 
 class PagerDutyConfig(BaseModel):
     """PagerDuty Config."""
@@ -80,7 +83,7 @@ class PagerDutyApi:
     def get_pagerduty_users(
         self, resource_type: str, resource_id: str
     ) -> list[pypd.User]:
-        now = dt.utcnow()
+        now = utc_now()
 
         try:
             if resource_type == "schedule":
@@ -103,7 +106,7 @@ class PagerDutyApi:
         self.users.append(user)
         return user.email.split("@")[0]
 
-    def get_schedule_users(self, schedule_id: str, now: dt) -> list[pypd.User]:
+    def get_schedule_users(self, schedule_id: str, now: datetime) -> list[pypd.User]:
         until = now + timedelta(seconds=60)
         s = pypd.Schedule.fetch(id=schedule_id, since=now, until=until, time_zone="UTC")
         entries = s["final_schedule"]["rendered_schedule_entries"]
@@ -115,7 +118,7 @@ class PagerDutyApi:
         ]
 
     def get_escalation_policy_users(
-        self, escalation_policy_id: str, now: dt
+        self, escalation_policy_id: str, now: datetime
     ) -> list[pypd.User]:
         ep = pypd.EscalationPolicy.fetch(
             id=escalation_policy_id, since=now, until=now, time_zone="UTC"
@@ -189,7 +192,7 @@ def get_pagerduty_name(user: PagerDutyUser) -> str:
     return user.pagerduty_username or user.org_username
 
 
-@retry(no_retry_exceptions=PagerDutyTargetError)
+@retry(no_retry_exceptions=(PagerDutyTargetError,))
 def get_usernames_from_pagerduty(
     pagerduties: Iterable[PagerDutyTarget],
     users: Iterable[PagerDutyUser],

reconcile/utils/promotion_state.py

@@ -3,13 +3,12 @@ from collections import defaultdict
 
 from pydantic import (
     BaseModel,
-    Extra,
 )
 
 from reconcile.utils.state import State
 
 
-class PromotionData(BaseModel):
+class PromotionData(BaseModel, extra="forbid"):
     """
     A class that strictly corresponds to the json stored in S3.
 
@@ -20,17 +19,13 @@ class PromotionData(BaseModel):
 
     # The success is primarily used for SAPM auto-promotions
     success: bool
-    target_config_hash: str | None
-    saas_file: str | None
-    check_in: str | None
+    target_config_hash: str | None = None
+    saas_file: str | None = None
+    check_in: str | None = None
     # Whether this promotion has ever succeeded
     # Note, this shouldnt be overridden on subsequent promotions of same ref
     # This attribute is primarily used by saasherder validations
-    has_succeeded_once: bool | None
-
-    class Config:
-        smart_union = True
-        extra = Extra.forbid
+    has_succeeded_once: bool | None = None
 
 
 class PromotionState:
@@ -107,5 +102,5 @@ class PromotionState:
         self, sha: str, channel: str, target_uid: str, data: PromotionData
     ) -> None:
         state_key_v2 = f"promotions_v2/{channel}/{target_uid}/{sha}"
-        self._state.add(state_key_v2, data.dict(), force=True)
+        self._state.add(state_key_v2, data.model_dump(), force=True)
         logging.info("Uploaded %s to %s", data, state_key_v2)

reconcile/utils/raw_github_api.py

@@ -76,7 +76,7 @@ class RawGithubApi:
             if login is not None
         ]
 
-    def team_invitations(self, org_id: str, team_id: str) -> list[str]:
+    def team_invitations(self, org_id: str | int, team_id: str | int) -> list[str]:
         invitations = self.query(f"/organizations/{org_id}/team/{team_id}/invitations")
 
         return [

reconcile/utils/rhcsv2_certs.py

@@ -1,22 +1,33 @@
+import base64
 import re
 from datetime import UTC
+from enum import StrEnum
 
 import requests
 from cryptography import x509
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.serialization import pkcs12
 from cryptography.x509.oid import NameOID
 from pydantic import BaseModel, Field
 
 
-class RhcsV2Cert(BaseModel):
+class CertificateFormat(StrEnum):
+    PEM = "PEM"
+    PKCS12 = "PKCS12"
+
+
+class RhcsV2CertPem(BaseModel, validate_by_name=True, validate_by_alias=True):
     certificate: str = Field(alias="tls.crt")
     private_key: str = Field(alias="tls.key")
     ca_cert: str = Field(alias="ca.crt")
     expiration_timestamp: int
 
-    class Config:
-        allow_population_by_field_name = True
+
+class RhcsV2CertPkcs12(BaseModel, validate_by_name=True, validate_by_alias=True):
+    pkcs12_keystore: str = Field(alias="keystore.pkcs12.b64")
+    pkcs12_truststore: str = Field(alias="truststore.pkcs12.b64")
+    expiration_timestamp: int
 
 
 def extract_cert(text: str) -> re.Match:
@@ -70,7 +81,66 @@ def get_cert_expiry_timestamp(js_escaped_pem: str) -> int:
     return int(dt_expiry.timestamp())
 
 
-def generate_cert(issuer_url: str, uid: str, pwd: str, ca_url: str) -> RhcsV2Cert:
+def _format_pem(
+    private_key: rsa.RSAPrivateKey,
+    cert_pem: str,
+    ca_pem: str,
+    cert_expiry_timestamp: int,
+) -> RhcsV2CertPem:
+    """Generate RhcsV2Cert with PEM components."""
+    private_key_pem = private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption(),
+    ).decode()
+    return RhcsV2CertPem(
+        private_key=private_key_pem,
+        certificate=cert_pem.encode().decode("unicode_escape").replace("\\/", "/"),
+        ca_cert=ca_pem,
+        expiration_timestamp=cert_expiry_timestamp,
+    )
+
+
+def _format_pkcs12(
+    private_key: rsa.RSAPrivateKey,
+    cert_pem: str,
+    ca_pem: str,
+    uid: str,
+    pwd: str,
+    cert_expiry_timestamp: int,
+) -> RhcsV2CertPkcs12:
+    """Generate PKCS#12 keystore and truststore components, returns base64-encoded strings."""
+    clean_cert_pem = cert_pem.encode().decode("unicode_escape").replace("\\/", "/")
+    cert_obj = x509.load_pem_x509_certificate(clean_cert_pem.encode())
+    ca_obj = x509.load_pem_x509_certificate(ca_pem.encode())
+    keystore_p12 = pkcs12.serialize_key_and_certificates(
+        name=uid.encode("utf-8"),
+        key=private_key,
+        cert=cert_obj,
+        cas=[ca_obj],
+        encryption_algorithm=serialization.BestAvailableEncryption(pwd.encode("utf-8")),
+    )
+    truststore_p12 = pkcs12.serialize_key_and_certificates(
+        name=b"ca-trust",
+        key=None,
+        cert=None,
+        cas=[ca_obj],
+        encryption_algorithm=serialization.NoEncryption(),
+    )
+    return RhcsV2CertPkcs12(
+        pkcs12_keystore=base64.b64encode(keystore_p12).decode("utf-8"),
+        pkcs12_truststore=base64.b64encode(truststore_p12).decode("utf-8"),
+        expiration_timestamp=cert_expiry_timestamp,
+    )
+
+
+def generate_cert(
+    issuer_url: str,
+    uid: str,
+    pwd: str,
+    ca_url: str,
+    cert_format: CertificateFormat = CertificateFormat.PEM,
+) -> RhcsV2CertPem | RhcsV2CertPkcs12:
     private_key = rsa.generate_private_key(65537, 4096)
     csr = (
         x509.CertificateSigningRequestBuilder()
@@ -81,6 +151,7 @@ def generate_cert(issuer_url: str, uid: str, pwd: str, ca_url: str) -> RhcsV2Cer
         )
         .sign(private_key, hashes.SHA256())
     )
+
     data = {
         "uid": uid,
         "pwd": pwd,
@@ -90,27 +161,19 @@ def generate_cert(issuer_url: str, uid: str, pwd: str, ca_url: str) -> RhcsV2Cer
         "renewal": "false",
         "xmlOutput": "false",
     }
-    response = requests.post(issuer_url, data=data)
+    response = requests.post(issuer_url, data=data, timeout=30)
     response.raise_for_status()
+    cert_pem = extract_cert(response.text).group(1)
+    cert_expiry_timestamp = get_cert_expiry_timestamp(cert_pem)
 
-    cert_pem = extract_cert(response.text)
-    cert_expiry_timestamp = get_cert_expiry_timestamp(cert_pem.group(1))
-    private_key_pem = private_key.private_bytes(
-        encoding=serialization.Encoding.PEM,
-        format=serialization.PrivateFormat.TraditionalOpenSSL,
-        encryption_algorithm=serialization.NoEncryption(),
-    ).decode()
-
-    response = requests.get(ca_url)
+    response = requests.get(ca_url, timeout=30)
     response.raise_for_status()
     ca_pem = response.text
 
-    return RhcsV2Cert(
-        private_key=private_key_pem,
-        certificate=cert_pem.group(1)
-        .encode()
-        .decode("unicode_escape")
-        .replace("\\/", "/"),
-        ca_cert=ca_pem,
-        expiration_timestamp=cert_expiry_timestamp,
-    )
+    match cert_format:
+        case CertificateFormat.PKCS12:
+            return _format_pkcs12(
+                private_key, cert_pem, ca_pem, uid, pwd, cert_expiry_timestamp
+            )
+        case CertificateFormat.PEM:
+            return _format_pem(private_key, cert_pem, ca_pem, cert_expiry_timestamp)

reconcile/utils/rosa/session.py

@@ -178,6 +178,22 @@ class RosaSession:
             )
             result.write_logs_to_logger(logging.info)
 
+    def upgrade_rosa_roles(
+        self,
+        cluster_name: str,
+        upgrade_version: str,
+        policy_version: str,
+        dry_run: bool,
+    ) -> None:
+        logging.info(
+            f"Upgrade  roles in AWS account {self.aws_account_id} to {upgrade_version}"
+        )
+        if not dry_run:
+            result = self.cli_execute(
+                f"rosa upgrade roles  -c {cluster_name} --cluster-version {upgrade_version}  --policy-version {policy_version} -y -m=auto"
+            )
+            result.write_logs_to_logger(logging.info)
+
 
 def generate_rosa_creation_script(
     cluster_name: str, cluster: OCMSpec, dry_run: bool

reconcile/utils/runtime/integration.py

@@ -7,7 +7,6 @@ from dataclasses import dataclass
 from types import ModuleType
 from typing import (
     Any,
-    Generic,
     Optional,
     TypeVar,
 )
@@ -120,7 +119,7 @@ class PydanticRunParams(RunParams, BaseModel):
     def copy_and_update(
         self: PydanticRunParamsSelfTypeVar, update: dict[str, Any]
     ) -> PydanticRunParamsSelfTypeVar:
-        return self.copy(update=update)
+        return self.model_copy(update=update)
 
     def get(self, field: str) -> Any:
         return getattr(self, field)
@@ -144,7 +143,7 @@ IntegrationClassTypeVar = TypeVar(
 )
 
 
-class QontractReconcileIntegration(ABC, Generic[RunParamsTypeVar]):
+class QontractReconcileIntegration[RunParamsTypeVar: RunParams](ABC):
     """
     The base class for all integrations. It defines the basic interface to interact
     with an integration and offers hook methods that allow the integration to opt