PyPI - qontract-reconcile - Versions diffs - 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev474__py3-none-any.whl - Mend

qontract-reconcile 0.10.2.dev361py3-none-any.whl → 0.10.2.dev474py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/METADATA +14 -13
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/RECORD +371 -364
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/WHEEL +1 -1
reconcile/acs_rbac.py +2 -2
reconcile/aus/advanced_upgrade_service.py +18 -12
reconcile/aus/aus_sts_gate_handler.py +59 -0
reconcile/aus/base.py +137 -34
reconcile/aus/cluster_version_data.py +15 -5
reconcile/aus/models.py +3 -1
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +1 -0
reconcile/aus/ocm_upgrade_scheduler.py +8 -1
reconcile/aus/ocm_upgrade_scheduler_org.py +20 -5
reconcile/aus/version_gate_approver.py +1 -16
reconcile/aus/version_gates/sts_version_gate_handler.py +5 -72
reconcile/automated_actions/config/integration.py +16 -4
reconcile/aws_account_manager/integration.py +21 -9
reconcile/aws_account_manager/reconciler.py +3 -3
reconcile/aws_account_manager/utils.py +1 -1
reconcile/aws_ami_cleanup/integration.py +8 -12
reconcile/aws_ami_share.py +69 -62
reconcile/aws_cloudwatch_log_retention/integration.py +155 -126
reconcile/aws_ecr_image_pull_secrets.py +1 -1
reconcile/aws_iam_keys.py +1 -0
reconcile/aws_saml_idp/integration.py +12 -4
reconcile/aws_saml_roles/integration.py +30 -23
reconcile/aws_version_sync/integration.py +6 -12
reconcile/change_owners/README.md +1 -1
reconcile/change_owners/bundle.py +3 -3
reconcile/change_owners/change_log_tracking.py +3 -2
reconcile/change_owners/change_owners.py +108 -42
reconcile/change_owners/decision.py +1 -1
reconcile/change_owners/diff.py +0 -2
reconcile/checkpoint.py +11 -3
reconcile/cli.py +94 -11
reconcile/dashdotdb_dora.py +5 -12
reconcile/dashdotdb_slo.py +1 -1
reconcile/database_access_manager.py +123 -117
reconcile/dynatrace_token_provider/integration.py +1 -1
reconcile/endpoints_discovery/integration.py +4 -1
reconcile/endpoints_discovery/merge_request.py +1 -1
reconcile/endpoints_discovery/merge_request_manager.py +8 -8
reconcile/external_resources/factories.py +4 -6
reconcile/external_resources/integration.py +1 -1
reconcile/external_resources/manager.py +8 -6
reconcile/external_resources/meta.py +0 -1
reconcile/external_resources/metrics.py +1 -1
reconcile/external_resources/model.py +19 -15
reconcile/external_resources/reconciler.py +7 -4
reconcile/external_resources/secrets_sync.py +6 -10
reconcile/external_resources/state.py +26 -16
reconcile/fleet_labeler/integration.py +1 -1
reconcile/gabi_authorized_users.py +5 -2
reconcile/gcp_image_mirror.py +2 -2
reconcile/github_org.py +1 -1
reconcile/github_owners.py +4 -0
reconcile/gitlab_housekeeping.py +13 -15
reconcile/gitlab_members.py +6 -12
reconcile/gitlab_owners.py +15 -11
reconcile/gitlab_permissions.py +8 -12
reconcile/glitchtip_project_alerts/integration.py +3 -1
reconcile/gql_definitions/acs/acs_instances.py +5 -5
reconcile/gql_definitions/acs/acs_policies.py +5 -5
reconcile/gql_definitions/acs/acs_rbac.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +5 -5
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +5 -5
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/roles.py +5 -5
reconcile/gql_definitions/app_sre_tekton_access_revalidation/users.py +5 -5
reconcile/gql_definitions/automated_actions/instance.py +46 -7
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +14 -5
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_cloudwatch_log_retention/aws_accounts.py +27 -66
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +15 -5
reconcile/gql_definitions/aws_saml_roles/roles.py +5 -5
reconcile/gql_definitions/aws_version_sync/clusters.py +5 -5
reconcile/gql_definitions/aws_version_sync/namespaces.py +5 -5
reconcile/gql_definitions/change_owners/queries/change_types.py +5 -5
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +5 -5
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +5 -5
reconcile/gql_definitions/common/alerting_services_settings.py +5 -5
reconcile/gql_definitions/common/app_code_component_repos.py +5 -5
reconcile/gql_definitions/common/app_interface_custom_messages.py +5 -5
reconcile/gql_definitions/common/app_interface_dms_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_repo_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_roles.py +5 -5
reconcile/gql_definitions/common/app_interface_state_settings.py +5 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +5 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +5 -5
reconcile/gql_definitions/common/apps.py +5 -5
reconcile/gql_definitions/common/aws_vpc_requests.py +18 -5
reconcile/gql_definitions/common/aws_vpcs.py +5 -5
reconcile/gql_definitions/common/clusters.py +7 -5
reconcile/gql_definitions/common/clusters_minimal.py +5 -5
reconcile/gql_definitions/common/clusters_with_dms.py +5 -5
reconcile/gql_definitions/common/clusters_with_peering.py +5 -5
reconcile/gql_definitions/common/github_orgs.py +5 -5
reconcile/gql_definitions/common/jira_settings.py +5 -5
reconcile/gql_definitions/common/jiralert_settings.py +5 -5
reconcile/gql_definitions/common/ldap_settings.py +5 -5
reconcile/gql_definitions/common/namespaces.py +5 -5
reconcile/gql_definitions/common/namespaces_minimal.py +7 -5
reconcile/gql_definitions/common/ocm_env_telemeter.py +5 -5
reconcile/gql_definitions/common/ocm_environments.py +5 -5
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -5
reconcile/gql_definitions/common/pipeline_providers.py +5 -5
reconcile/gql_definitions/common/quay_instances.py +5 -5
reconcile/gql_definitions/common/quay_orgs.py +5 -5
reconcile/gql_definitions/common/reserved_networks.py +5 -5
reconcile/gql_definitions/common/rhcs_provider_settings.py +5 -5
reconcile/gql_definitions/common/saas_files.py +5 -5
reconcile/gql_definitions/common/saas_target_namespaces.py +5 -5
reconcile/gql_definitions/common/saasherder_settings.py +5 -5
reconcile/gql_definitions/common/slack_workspaces.py +5 -5
reconcile/gql_definitions/common/smtp_client_settings.py +5 -5
reconcile/gql_definitions/common/state_aws_account.py +5 -5
reconcile/gql_definitions/common/users.py +5 -5
reconcile/gql_definitions/common/users_with_paths.py +5 -5
reconcile/gql_definitions/cost_report/app_names.py +5 -5
reconcile/gql_definitions/cost_report/cost_namespaces.py +5 -5
reconcile/gql_definitions/cost_report/settings.py +5 -5
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +5 -5
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +5 -5
reconcile/gql_definitions/email_sender/apps.py +5 -5
reconcile/gql_definitions/email_sender/emails.py +5 -5
reconcile/gql_definitions/email_sender/users.py +5 -5
reconcile/gql_definitions/endpoints_discovery/apps.py +5 -5
reconcile/gql_definitions/external_resources/aws_accounts.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_modules.py +5 -5
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +38 -7
reconcile/gql_definitions/external_resources/external_resources_settings.py +5 -5
reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py +5 -5
reconcile/gql_definitions/fleet_labeler/fleet_labels.py +5 -5
reconcile/gql_definitions/fragments/aus_organization.py +5 -5
reconcile/gql_definitions/fragments/aws_account_common.py +7 -5
reconcile/gql_definitions/fragments/aws_account_managed.py +5 -5
reconcile/gql_definitions/fragments/aws_account_sso.py +5 -5
reconcile/gql_definitions/fragments/aws_infra_management_account.py +5 -5
reconcile/gql_definitions/fragments/aws_organization.py +33 -0
reconcile/gql_definitions/fragments/aws_vpc.py +5 -5
reconcile/gql_definitions/fragments/aws_vpc_request.py +12 -5
reconcile/gql_definitions/fragments/container_image_mirror.py +5 -5
reconcile/gql_definitions/fragments/deploy_resources.py +5 -5
reconcile/gql_definitions/fragments/disable.py +5 -5
reconcile/gql_definitions/fragments/email_service.py +5 -5
reconcile/gql_definitions/fragments/email_user.py +5 -5
reconcile/gql_definitions/fragments/jumphost_common_fields.py +5 -5
reconcile/gql_definitions/fragments/membership_source.py +5 -5
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +5 -5
reconcile/gql_definitions/fragments/oc_connection_cluster.py +5 -5
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +5 -5
reconcile/gql_definitions/fragments/prometheus_instance.py +5 -5
reconcile/gql_definitions/fragments/resource_limits_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_requests_requirements.py +5 -5
reconcile/gql_definitions/fragments/resource_values.py +5 -5
reconcile/gql_definitions/fragments/saas_slo_document.py +5 -5
reconcile/gql_definitions/fragments/saas_target_namespace.py +5 -5
reconcile/gql_definitions/fragments/serviceaccount_token.py +5 -5
reconcile/gql_definitions/fragments/terraform_state.py +5 -5
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -5
reconcile/gql_definitions/fragments/user.py +5 -5
reconcile/gql_definitions/fragments/vault_secret.py +5 -5
reconcile/gql_definitions/gcp/gcp_docker_repos.py +5 -5
reconcile/gql_definitions/gcp/gcp_projects.py +5 -5
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +5 -5
reconcile/gql_definitions/gitlab_members/permissions.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +5 -5
reconcile/gql_definitions/glitchtip/glitchtip_project.py +5 -5
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +5 -5
reconcile/gql_definitions/integrations/integrations.py +5 -5
reconcile/gql_definitions/introspection.json +775 -136
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +5 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +5 -5
reconcile/gql_definitions/jira/jira_servers.py +5 -5
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +9 -5
reconcile/gql_definitions/jumphosts/jumphosts.py +5 -5
reconcile/gql_definitions/ldap_groups/roles.py +5 -5
reconcile/gql_definitions/ldap_groups/settings.py +5 -5
reconcile/gql_definitions/maintenance/maintenances.py +5 -5
reconcile/gql_definitions/membershipsources/roles.py +5 -5
reconcile/gql_definitions/ocm_labels/clusters.py +5 -5
reconcile/gql_definitions/ocm_labels/organizations.py +5 -5
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_groups.py +5 -5
reconcile/gql_definitions/openshift_groups/managed_roles.py +5 -5
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +5 -5
reconcile/gql_definitions/quay_membership/quay_membership.py +5 -5
reconcile/gql_definitions/rhcs/certs.py +25 -79
reconcile/gql_definitions/rhcs/openshift_resource_rhcs_cert.py +43 -0
reconcile/gql_definitions/rhidp/organizations.py +5 -5
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +5 -5
reconcile/gql_definitions/service_dependencies/service_dependencies.py +5 -5
reconcile/gql_definitions/sharding/aws_accounts.py +5 -5
reconcile/gql_definitions/sharding/ocm_organization.py +5 -5
reconcile/gql_definitions/skupper_network/site_controller_template.py +5 -5
reconcile/gql_definitions/skupper_network/skupper_networks.py +5 -5
reconcile/gql_definitions/slack_usergroups/clusters.py +5 -5
reconcile/gql_definitions/slack_usergroups/permissions.py +5 -5
reconcile/gql_definitions/slack_usergroups/users.py +5 -5
reconcile/gql_definitions/slo_documents/slo_documents.py +5 -5
reconcile/gql_definitions/status_board/status_board.py +5 -5
reconcile/gql_definitions/statuspage/statuspages.py +5 -5
reconcile/gql_definitions/templating/template_collection.py +5 -5
reconcile/gql_definitions/templating/templates.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +5 -5
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +5 -5
reconcile/gql_definitions/terraform_init/aws_accounts.py +19 -5
reconcile/gql_definitions/terraform_repo/terraform_repo.py +5 -5
reconcile/gql_definitions/terraform_resources/database_access_manager.py +5 -5
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +37 -7
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +15 -5
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +5 -5
reconcile/gql_definitions/vault_instances/vault_instances.py +5 -5
reconcile/gql_definitions/vault_policies/vault_policies.py +5 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +8 -5
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +6 -5
reconcile/integrations_manager.py +3 -3
reconcile/jenkins_worker_fleets.py +10 -8
reconcile/jira_permissions_validator.py +237 -122
reconcile/ldap_groups/integration.py +1 -1
reconcile/ocm/types.py +35 -57
reconcile/ocm_aws_infrastructure_access.py +1 -1
reconcile/ocm_clusters.py +4 -4
reconcile/ocm_labels/integration.py +3 -2
reconcile/ocm_machine_pools.py +33 -27
reconcile/openshift_base.py +113 -4
reconcile/openshift_cluster_bots.py +1 -1
reconcile/openshift_namespace_labels.py +1 -1
reconcile/openshift_namespaces.py +96 -101
reconcile/openshift_resources_base.py +6 -2
reconcile/openshift_rhcs_certs.py +74 -37
reconcile/openshift_rolebindings.py +7 -11
reconcile/openshift_saas_deploy.py +4 -5
reconcile/openshift_saas_deploy_change_tester.py +9 -7
reconcile/openshift_saas_deploy_trigger_cleaner.py +3 -5
reconcile/openshift_serviceaccount_tokens.py +2 -2
reconcile/openshift_upgrade_watcher.py +4 -4
reconcile/oum/labelset.py +5 -3
reconcile/oum/models.py +1 -4
reconcile/prometheus_rules_tester/integration.py +3 -3
reconcile/quay_base.py +25 -6
reconcile/quay_membership.py +55 -29
reconcile/quay_mirror.py +1 -1
reconcile/quay_mirror_org.py +6 -4
reconcile/quay_permissions.py +81 -75
reconcile/quay_repos.py +35 -37
reconcile/queries.py +132 -1
reconcile/rhidp/common.py +3 -5
reconcile/rhidp/sso_client/base.py +16 -5
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +1 -1
reconcile/saas_auto_promotions_manager/subscriber.py +4 -3
reconcile/skupper_network/integration.py +2 -2
reconcile/slack_usergroups.py +35 -14
reconcile/sql_query.py +1 -0
reconcile/status_board.py +6 -6
reconcile/statuspage/atlassian.py +7 -7
reconcile/statuspage/integrations/maintenances.py +4 -3
reconcile/statuspage/page.py +4 -9
reconcile/statuspage/status.py +5 -8
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +1 -1
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +1 -1
reconcile/templating/lib/rendering.py +3 -3
reconcile/templating/renderer.py +2 -2
reconcile/templating/validator.py +4 -4
reconcile/terraform_aws_route53.py +7 -1
reconcile/terraform_cloudflare_dns.py +3 -3
reconcile/terraform_cloudflare_resources.py +5 -5
reconcile/terraform_cloudflare_users.py +3 -2
reconcile/terraform_init/integration.py +187 -23
reconcile/terraform_repo.py +16 -12
reconcile/terraform_resources.py +6 -6
reconcile/terraform_tgw_attachments.py +27 -19
reconcile/terraform_users.py +7 -0
reconcile/terraform_vpc_peerings.py +14 -3
reconcile/terraform_vpc_resources/integration.py +20 -8
reconcile/terraform_vpc_resources/merge_request.py +12 -2
reconcile/terraform_vpc_resources/merge_request_manager.py +43 -19
reconcile/typed_queries/aws_account_tags.py +41 -0
reconcile/typed_queries/cost_report/app_names.py +1 -1
reconcile/typed_queries/cost_report/cost_namespaces.py +2 -2
reconcile/typed_queries/saas_files.py +20 -15
reconcile/typed_queries/status_board.py +2 -2
reconcile/unleash_feature_toggles/integration.py +4 -2
reconcile/utils/acs/base.py +6 -3
reconcile/utils/acs/policies.py +2 -2
reconcile/utils/aws_api.py +51 -20
reconcile/utils/aws_api_typed/api.py +38 -9
reconcile/utils/aws_api_typed/cloudformation.py +149 -0
reconcile/utils/aws_api_typed/logs.py +73 -0
reconcile/utils/aws_api_typed/organization.py +4 -2
reconcile/utils/binary.py +7 -12
reconcile/utils/datetime_util.py +67 -0
reconcile/utils/deadmanssnitch_api.py +1 -1
reconcile/utils/differ.py +2 -3
reconcile/utils/early_exit_cache.py +11 -12
reconcile/utils/environ.py +5 -0
reconcile/utils/expiration.py +7 -3
reconcile/utils/external_resource_spec.py +2 -0
reconcile/utils/filtering.py +1 -1
reconcile/utils/gitlab_api.py +19 -5
reconcile/utils/glitchtip/client.py +6 -2
reconcile/utils/glitchtip/models.py +25 -28
reconcile/utils/gql.py +4 -7
reconcile/utils/helpers.py +1 -1
reconcile/utils/instrumented_wrappers.py +1 -1
reconcile/utils/internal_groups/client.py +2 -2
reconcile/utils/internal_groups/models.py +8 -17
reconcile/utils/jinja2/utils.py +6 -101
reconcile/utils/jira_client.py +82 -63
reconcile/utils/jjb_client.py +26 -13
reconcile/utils/jobcontroller/controller.py +2 -2
reconcile/utils/jobcontroller/models.py +17 -1
reconcile/utils/json.py +43 -1
reconcile/utils/membershipsources/app_interface_resolver.py +4 -2
reconcile/utils/membershipsources/models.py +16 -23
reconcile/utils/membershipsources/resolver.py +4 -2
reconcile/utils/merge_request_manager/merge_request_manager.py +4 -4
reconcile/utils/merge_request_manager/parser.py +6 -6
reconcile/utils/metrics.py +5 -5
reconcile/utils/models.py +304 -82
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/notificator.py +3 -3
reconcile/utils/mr/update_access_report_base.py +3 -4
reconcile/utils/mr/user_maintenance.py +3 -2
reconcile/utils/oc.py +252 -201
reconcile/utils/oc_filters.py +3 -3
reconcile/utils/ocm/addons.py +0 -1
reconcile/utils/ocm/base.py +17 -20
reconcile/utils/ocm/cluster_groups.py +1 -1
reconcile/utils/ocm/identity_providers.py +2 -2
reconcile/utils/ocm/labels.py +1 -1
reconcile/utils/ocm/products.py +8 -8
reconcile/utils/ocm/search_filters.py +3 -6
reconcile/utils/ocm/service_log.py +4 -6
reconcile/utils/ocm/sre_capability_labels.py +20 -13
reconcile/utils/openshift_resource.py +8 -3
reconcile/utils/pagerduty_api.py +10 -7
reconcile/utils/promotion_state.py +6 -11
reconcile/utils/quay_api.py +74 -87
reconcile/utils/raw_github_api.py +1 -1
reconcile/utils/rhcsv2_certs.py +86 -23
reconcile/utils/rosa/session.py +16 -0
reconcile/utils/runtime/integration.py +2 -3
reconcile/utils/runtime/runner.py +2 -2
reconcile/utils/saasherder/interfaces.py +13 -20
reconcile/utils/saasherder/models.py +23 -20
reconcile/utils/saasherder/saasherder.py +50 -27
reconcile/utils/slack_api.py +2 -2
reconcile/utils/sloth.py +171 -2
reconcile/utils/structs.py +1 -1
reconcile/utils/terraform_client.py +5 -4
reconcile/utils/terrascript_aws_client.py +274 -124
reconcile/utils/unleash/server.py +2 -8
reconcile/utils/vault.py +5 -12
reconcile/utils/vcs.py +8 -8
reconcile/vault_replication.py +107 -42
reconcile/vpc_peerings_validator.py +13 -0
tools/app_interface_reporter.py +4 -4
tools/cli_commands/cost_report/cost_management_api.py +3 -3
tools/cli_commands/cost_report/view.py +7 -6
tools/cli_commands/erv2.py +1 -1
tools/qontract_cli.py +28 -17
tools/template_validation.py +3 -1
{qontract_reconcile-0.10.2.dev361.dist-info → qontract_reconcile-0.10.2.dev474.dist-info}/entry_points.txt +0 -0

reconcile/openshift_resources_base.py CHANGED Viewed

@@ -806,7 +806,11 @@ def fetch_data(
         init_api_resources=init_api_resources,
     )
     state_specs = ob.init_specs_to_fetch(
-        ri, oc_map, namespaces=namespaces, override_managed_types=overrides
+        ri,
+        oc_map,
+        namespaces=namespaces,
+        override_managed_types=overrides,
+        cluster_scope_resource_validation=True,
     )
     threaded.run(fetch_states, state_specs, thread_pool_size, ri=ri, settings=settings)
@@ -861,7 +865,7 @@ def canonicalize_namespaces(
             elif providers[0] == "route":
                 override = ["Route"]
             elif providers[0] == "prometheus-rule":
-                override = ["PrometheusRule"]
+                override = ["PrometheusRule.monitoring.coreos.com"]
             namespace_info["openshiftResources"] = ors
             canonicalized_namespaces.append(namespace_info)

reconcile/openshift_rhcs_certs.py CHANGED Viewed

@@ -2,7 +2,7 @@ import logging
 import sys
 import time
 from collections.abc import Callable, Iterable, Mapping
-from typing import Any, cast
+from typing import Any
 import reconcile.openshift_base as ob
 import reconcile.openshift_resources_base as orb
@@ -10,8 +10,8 @@ from reconcile.gql_definitions.common.rhcs_provider_settings import (
     RhcsProviderSettingsV1,
 )
 from reconcile.gql_definitions.rhcs.certs import (
-    NamespaceOpenshiftResourceRhcsCertV1,
     NamespaceV1,
+    OpenshiftResourceRhcsCert,
 )
 from reconcile.gql_definitions.rhcs.certs import (
     query as rhcs_certs_query,
@@ -32,7 +32,12 @@ from reconcile.utils.openshift_resource import (
     ResourceInventory,
     base64_encode_secret_field_value,
 )
-from reconcile.utils.rhcsv2_certs import RhcsV2Cert, generate_cert
+from reconcile.utils.rhcsv2_certs import (
+    CertificateFormat,
+    RhcsV2CertPem,
+    RhcsV2CertPkcs12,
+    generate_cert,
+)
 from reconcile.utils.runtime.integration import DesiredStateShardConfig
 from reconcile.utils.secret_reader import create_secret_reader
 from reconcile.utils.semver_helper import make_semver
@@ -40,7 +45,6 @@ from reconcile.utils.vault import SecretNotFoundError, VaultClient
 QONTRACT_INTEGRATION = "openshift-rhcs-certs"
 QONTRACT_INTEGRATION_VERSION = make_semver(1, 9, 3)
-PROVIDERS = ["rhcs-cert"]
 def desired_state_shard_config() -> DesiredStateShardConfig:
@@ -67,8 +71,29 @@ class OpenshiftRhcsCertExpiration(GaugeMetric):
         return "qontract_reconcile_rhcs_cert_expiration_timestamp"
-def _is_rhcs_cert(obj: Any) -> bool:
-    return getattr(obj, "provider", None) == "rhcs-cert"
+def _generate_placeholder_cert(
+    cert_format: CertificateFormat,
+) -> RhcsV2CertPem | RhcsV2CertPkcs12:
+    match cert_format:
+        case CertificateFormat.PKCS12:
+            return RhcsV2CertPkcs12(
+                pkcs12_keystore="PLACEHOLDER_KEYSTORE",
+                pkcs12_truststore="PLACEHOLDER_TRUSTSTORE",
+                expiration_timestamp=int(time.time()),
+            )
+        case CertificateFormat.PEM:
+            return RhcsV2CertPem(
+                certificate="PLACEHOLDER_CERT",
+                private_key="PLACEHOLDER_PRIVATE_KEY",
+                ca_cert="PLACEHOLDER_CA_CERT",
+                expiration_timestamp=int(time.time()),
+            )
+def get_certificate_format(
+    cert_resource: OpenshiftResourceRhcsCert,
+) -> CertificateFormat:
+    return CertificateFormat(cert_resource.certificate_format or "PEM")
 def get_namespaces_with_rhcs_certs(
@@ -77,26 +102,33 @@ def get_namespaces_with_rhcs_certs(
 ) -> list[NamespaceV1]:
     result: list[NamespaceV1] = []
     for ns in rhcs_certs_query(query_func=query_func).namespaces or []:
-        ob.aggregate_shared_resources_typed(cast("Any", ns))  # mypy: ignore[arg-type]
+        ob.aggregate_shared_resources_typed(ns)
         if (
             integration_is_enabled(QONTRACT_INTEGRATION, ns.cluster)
             and not bool(ns.delete)
             and (not cluster_name or ns.cluster.name in cluster_name)
-            and any(_is_rhcs_cert(r) for r in ns.openshift_resources or [])
+            and ns.openshift_resources
         ):
             result.append(ns)
     return result
 def construct_rhcs_cert_oc_secret(
-    secret_name: str, cert: Mapping[str, Any], annotations: Mapping[str, str]
+    secret_name: str,
+    cert: Mapping[str, Any],
+    annotations: Mapping[str, str],
+    certificate_format: CertificateFormat,
 ) -> OR:
     body: dict[str, Any] = {
         "apiVersion": "v1",
         "kind": "Secret",
-        "type": "kubernetes.io/tls",
         "metadata": {"name": secret_name, "annotations": annotations},
     }
+    match certificate_format:
+        case CertificateFormat.PKCS12:
+            body["type"] = "Opaque"
+        case CertificateFormat.PEM:
+            body["type"] = "kubernetes.io/tls"
     for k, v in cert.items():
         v = base64_encode_secret_field_value(v)
         body.setdefault("data", {})[k] = v
@@ -105,7 +137,7 @@ def construct_rhcs_cert_oc_secret(
 def cert_expires_within_threshold(
     ns: NamespaceV1,
-    cert_resource: NamespaceOpenshiftResourceRhcsCertV1,
+    cert_resource: OpenshiftResourceRhcsCert,
     vault_cert_secret: Mapping[str, Any],
 ) -> bool:
     auto_renew_threshold_days = cert_resource.auto_renew_threshold_days or 7
@@ -121,7 +153,7 @@ def cert_expires_within_threshold(
 def get_vault_cert_secret(
     ns: NamespaceV1,
-    cert_resource: NamespaceOpenshiftResourceRhcsCertV1,
+    cert_resource: OpenshiftResourceRhcsCert,
     vault: VaultClient,
     vault_base_path: str,
 ) -> dict | None:
@@ -140,7 +172,7 @@ def get_vault_cert_secret(
 def generate_vault_cert_secret(
     dry_run: bool,
     ns: NamespaceV1,
-    cert_resource: NamespaceOpenshiftResourceRhcsCertV1,
+    cert_resource: OpenshiftResourceRhcsCert,
     vault: VaultClient,
     vault_base_path: str,
     issuer_url: str,
@@ -149,18 +181,19 @@ def generate_vault_cert_secret(
     logging.info(
         f"Creating cert with service account credentials for '{cert_resource.service_account_name}'. cluster='{ns.cluster.name}', namespace='{ns.name}', secret='{cert_resource.secret_name}'"
     )
-    sa_password = vault.read(cert_resource.service_account_password.dict())
+    sa_password = vault.read(cert_resource.service_account_password.model_dump())
+    cert_format = get_certificate_format(cert_resource)
     if dry_run:
-        rhcs_cert = RhcsV2Cert(
-            certificate="PLACEHOLDER_CERT",
-            private_key="PLACEHOLDER_PRIVATE_KEY",
-            ca_cert="PLACEHOLDER_CA_CERT",
-            expiration_timestamp=int(time.time()),
-        )
+        rhcs_cert = _generate_placeholder_cert(cert_format)
     else:
         try:
             rhcs_cert = generate_cert(
-                issuer_url, cert_resource.service_account_name, sa_password, ca_cert_url
+                issuer_url=issuer_url,
+                uid=cert_resource.service_account_name,
+                pwd=sa_password,
+                ca_url=ca_cert_url,
+                cert_format=cert_format,
             )
         except ValueError as e:
             raise Exception(
@@ -171,18 +204,18 @@ def generate_vault_cert_secret(
         )
         vault.write(
             secret={
-                "data": rhcs_cert.dict(by_alias=True),
+                "data": rhcs_cert.model_dump(by_alias=True, exclude_none=True),
                 "path": f"{vault_base_path}/{ns.cluster.name}/{ns.name}/{cert_resource.secret_name}",
             },
             decode_base64=False,
         )
-    return rhcs_cert.dict(by_alias=True)
+    return rhcs_cert.model_dump(by_alias=True, exclude_none=True)
 def fetch_openshift_resource_for_cert_resource(
     dry_run: bool,
     ns: NamespaceV1,
-    cert_resource: NamespaceOpenshiftResourceRhcsCertV1,
+    cert_resource: OpenshiftResourceRhcsCert,
     vault: VaultClient,
     rhcs_settings: RhcsProviderSettingsV1,
 ) -> OR:
@@ -218,6 +251,7 @@ def fetch_openshift_resource_for_cert_resource(
         secret_name=cert_resource.secret_name,
         cert=vault_cert_secret,
         annotations=cert_resource.annotations or {},
+        certificate_format=get_certificate_format(cert_resource),
     )
@@ -231,18 +265,13 @@ def fetch_desired_state(
     cert_provider = get_rhcs_provider_settings(query_func=query_func)
     for ns in namespaces:
         for cert_resource in ns.openshift_resources or []:
-            if _is_rhcs_cert(cert_resource):
-                ri.add_desired_resource(
-                    cluster=ns.cluster.name,
-                    namespace=ns.name,
-                    resource=fetch_openshift_resource_for_cert_resource(
-                        dry_run,
-                        ns,
-                        cast("NamespaceOpenshiftResourceRhcsCertV1", cert_resource),
-                        vault,
-                        cert_provider,
-                    ),
-                )
+            ri.add_desired_resource(
+                cluster=ns.cluster.name,
+                namespace=ns.name,
+                resource=fetch_openshift_resource_for_cert_resource(
+                    dry_run, ns, cert_resource, vault, cert_provider
+                ),
+            )
 @defer
@@ -277,7 +306,7 @@ def run(
     state_specs = ob.init_specs_to_fetch(
         ri,
         oc_map,
-        namespaces=[ns.dict(by_alias=True) for ns in namespaces],
+        namespaces=[ns.model_dump(by_alias=True) for ns in namespaces],
         override_managed_types=["Secret"],
     )
     for spec in state_specs:
@@ -295,3 +324,11 @@ def run(
     ob.publish_metrics(ri, QONTRACT_INTEGRATION)
     if ri.has_error_registered():
         sys.exit(1)
+def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
+    if not (query_func := kwargs.get("query_func")):
+        query_func = gql.get_api().query
+    cluster_name = kwargs.get("cluster_name")
+    return {"namespace": get_namespaces_with_rhcs_certs(query_func, cluster_name)}

reconcile/openshift_rolebindings.py CHANGED Viewed

@@ -33,14 +33,11 @@ QONTRACT_INTEGRATION = "openshift-rolebindings"
 QONTRACT_INTEGRATION_VERSION = make_semver(0, 3, 0)
-class OCResource(BaseModel):
+class OCResource(BaseModel, arbitrary_types_allowed=True):
     resource: OR
     resource_name: str
     privileged: bool
-    class Config:
-        arbitrary_types_allowed = True
 @dataclass
 class ServiceAccountSpec:
@@ -61,7 +58,7 @@ class ServiceAccountSpec:
         ]
-class RoleBindingSpec(BaseModel):
+class RoleBindingSpec(BaseModel, validate_by_alias=True, arbitrary_types_allowed=True):
     role_name: str
     role_kind: str
     namespace: NamespaceV1
@@ -70,9 +67,6 @@ class RoleBindingSpec(BaseModel):
     usernames: set[str]
     openshift_service_accounts: list[ServiceAccountSpec]
-    class Config:
-        arbitrary_types_allowed = True
     def get_users_desired_state(self) -> list[dict[str, str]]:
         return [
             {"cluster": self.cluster.name, "user": username}
@@ -93,7 +87,9 @@ class RoleBindingSpec(BaseModel):
         if not (access.role or access.cluster_role):
             return None
         privileged = access.namespace.cluster_admin or False
-        auth_dict = [auth.dict(by_alias=True) for auth in access.namespace.cluster.auth]
+        auth_dict = [
+            auth.model_dump(by_alias=True) for auth in access.namespace.cluster.auth
+        ]
         usernames = RoleBindingSpec.get_usernames_from_users(
             users,
             ob.determine_user_keys_for_access(
@@ -290,7 +286,7 @@ def is_valid_namespace(namespace: NamespaceV1 | CommonNamespaceV1) -> bool:
     return (
         bool(namespace.managed_roles)
         and is_in_shard(f"{namespace.cluster.name}/{namespace.name}")
-        and not ob.is_namespace_deleted(namespace.dict(by_alias=True))
+        and not ob.is_namespace_deleted(namespace.model_dump(by_alias=True))
     )
@@ -304,7 +300,7 @@ def run(
     defer: Callable | None = None,
 ) -> None:
     namespaces = [
-        namespace.dict(by_alias=True, exclude={"openshift_resources"})
+        namespace.model_dump(by_alias=True, exclude={"openshift_resources"})
         for namespace in get_namespaces()
         if is_valid_namespace(namespace)
     ]

reconcile/openshift_saas_deploy.py CHANGED Viewed

@@ -150,7 +150,7 @@ def run(
                     + "when using slack notifications"
                 )
             slack = slackapi_from_slack_workspace(
-                saas_file.slack.dict(by_alias=True),
+                saas_file.slack.model_dump(by_alias=True),
                 secret_reader,
                 QONTRACT_INTEGRATION,
                 init_usergroups=False,
@@ -224,7 +224,7 @@ def run(
         default=False,
     )
     ri, oc_map = ob.fetch_current_state(
-        namespaces=[ns.dict(by_alias=True) for ns in saasherder.namespaces],
+        namespaces=[ns.model_dump(by_alias=True) for ns in saasherder.namespaces],
         thread_pool_size=thread_pool_size,
         integration=QONTRACT_INTEGRATION,
         integration_version=QONTRACT_INTEGRATION_VERSION,
@@ -319,14 +319,13 @@ def run(
         openshift_saas_deploy_trigger_upstream_jobs.QONTRACT_INTEGRATION,
         openshift_saas_deploy_trigger_images.QONTRACT_INTEGRATION,
     ]
-    scan = (
+    if (
         not dry_run
         and len(saas_files) == 1
         and trigger_integration
         and trigger_integration in allowed_integration
         and trigger_reason
-    )
-    if scan:
+    ):
         saas_file = saas_files[0]
         owners = saas_file.app.service_owners or []
         emails = " ".join([o.email for o in owners])

reconcile/openshift_saas_deploy_change_tester.py CHANGED Viewed

@@ -34,7 +34,7 @@ class Definition(BaseModel):
 class State(BaseModel):
     saas_file_path: str
     saas_file_name: str
-    saas_file_deploy_resources: DeployResourcesV1 | None
+    saas_file_deploy_resources: DeployResourcesV1 | None = None
     resource_template_name: str
     cluster: str
     namespace: str
@@ -44,10 +44,10 @@ class State(BaseModel):
     parameters: dict[str, Any]
     secret_parameters: dict[str, VaultSecret]
     saas_file_definitions: Definition
-    upstream: SaasResourceTemplateTargetUpstreamV1 | None
-    disable: bool | None
-    delete: bool | None
-    target_path: str | None
+    upstream: SaasResourceTemplateTargetUpstreamV1 | None = None
+    disable: bool | None = None
+    delete: bool | None = None
+    target_path: str | None = None
 def osd_run_wrapper(
@@ -213,11 +213,13 @@ def run(
     saas_file_list = SaasFileList()
     desired_saas_file_state = collect_state(saas_file_list.saas_files)
     # compare dicts against dicts which is much faster than comparing BaseModel objects
-    comparison_saas_file_state_dicts = [s.dict() for s in comparison_saas_file_state]
+    comparison_saas_file_state_dicts = [
+        s.model_dump() for s in comparison_saas_file_state
+    ]
     saas_file_state_diffs = [
         s
         for s in desired_saas_file_state
-        if s.dict() not in comparison_saas_file_state_dicts
+        if s.model_dump() not in comparison_saas_file_state_dicts
     ]
     if not saas_file_state_diffs:
         return

reconcile/openshift_saas_deploy_trigger_cleaner.py CHANGED Viewed

@@ -1,14 +1,11 @@
 import logging
 from collections.abc import Callable
 from datetime import (
-    UTC,
     datetime,
     timedelta,
 )
 from typing import Any
-from dateutil import parser
 from reconcile.gql_definitions.fragments.pipeline_provider_retention import (
     PipelineProviderRetention,
 )
@@ -19,6 +16,7 @@ from reconcile.typed_queries.tekton_pipeline_providers import (
     get_tekton_pipeline_providers,
 )
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.oc_map import (
     OCLogMsg,
@@ -35,7 +33,7 @@ def within_retention_days(
     resource: dict[str, Any], days: int, now_date: datetime
 ) -> bool:
     metadata = resource["metadata"]
-    creation_date = parser.parse(metadata["creationTimestamp"])
+    creation_date = from_utc_iso_format(metadata["creationTimestamp"])
     interval = now_date.timestamp() - creation_date.timestamp()
     return interval < timedelta(days=days).total_seconds()
@@ -69,7 +67,7 @@ def run(
     use_jump_host: bool = True,
     defer: Callable | None = None,
 ) -> None:
-    now_date = datetime.now(UTC)
+    now_date = utc_now()
     vault_settings = get_app_interface_vault_settings()
     secret_reader = create_secret_reader(use_vault=vault_settings.vault)
     pipeline_providers = get_tekton_pipeline_providers()

reconcile/openshift_serviceaccount_tokens.py CHANGED Viewed

@@ -177,7 +177,7 @@ def canonicalize_namespaces(namespaces: Iterable[NamespaceV1]) -> list[Namespace
             key = f"{sat.namespace.cluster.name}/{sat.namespace.name}"
             if key not in canonicalized_namespaces:
                 canonicalized_namespaces[key] = NamespaceV1(
-                    **sat.namespace.dict(by_alias=True),
+                    **sat.namespace.model_dump(by_alias=True),
                     sharedResources=None,
                     openshiftServiceAccountTokens=None,
                 )
@@ -217,7 +217,7 @@ def run(
         get_namespaces_with_serviceaccount_tokens(gql_api.query)
     )
     ri, oc_map = ob.fetch_current_state(
-        namespaces=[ns.dict(by_alias=True) for ns in namespaces],
+        namespaces=[ns.model_dump(by_alias=True) for ns in namespaces],
         thread_pool_size=thread_pool_size,
         integration=QONTRACT_INTEGRATION,
         integration_version=QONTRACT_INTEGRATION_VERSION,

reconcile/openshift_upgrade_watcher.py CHANGED Viewed

@@ -3,7 +3,6 @@ from collections.abc import (
     Callable,
     Iterable,
 )
-from datetime import datetime
 from reconcile import queries
 from reconcile.gql_definitions.common.clusters import ClusterV1
@@ -13,6 +12,7 @@ from reconcile.typed_queries.app_interface_vault_settings import (
 )
 from reconcile.typed_queries.clusters import get_clusters
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
+from reconcile.utils.datetime_util import from_utc_iso_format, utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.oc_map import (
     OCLogMsg,
@@ -101,7 +101,7 @@ def notify_upgrades_start(
     state: State,
     slack: SlackApi | None,
 ) -> None:
-    now = datetime.utcnow()
+    now = utc_now()
     for cluster in clusters:
         if cluster.spec and not cluster.spec.hypershift:
             upgrade_at, version = _get_start_osd(oc_map, cluster.name)
@@ -113,7 +113,7 @@ def notify_upgrades_start(
             continue
         if upgrade_at and version:
-            upgrade_at_obj = datetime.strptime(upgrade_at, "%Y-%m-%dT%H:%M:%SZ")
+            upgrade_at_obj = from_utc_iso_format(upgrade_at)
             state_key = f"{cluster.name}-{upgrade_at}1"
             # if this is the first iteration in which 'now' had passed
             # the upgrade at date time, we send a notification
@@ -185,7 +185,7 @@ def run(
     if defer:
         defer(oc_map.cleanup)
-    cluster_like_objects = [cluster.dict(by_alias=True) for cluster in clusters]
+    cluster_like_objects = [cluster.model_dump(by_alias=True) for cluster in clusters]
     ocm_map = OCMMap(
         clusters=cluster_like_objects,
         integration=QONTRACT_INTEGRATION,

reconcile/oum/labelset.py CHANGED Viewed

@@ -1,4 +1,5 @@
 from collections import defaultdict
+from typing import Annotated
 from pydantic import BaseModel
@@ -22,9 +23,10 @@ class _GroupMappingLabelset(BaseModel):
     the sre-capabilities.user-mgmt.$provider prefix.
     """
-    authz_roles: dict[str, CSV] | None = sre_capability_labels.labelset_groupfield(
-        group_prefix="authz."
-    )
+    authz_roles: Annotated[
+        dict[str, CSV] | None,
+        sre_capability_labels.labelset_groupfield(group_prefix="authz."),
+    ]
 def build_cluster_config_from_labels(

reconcile/oum/models.py CHANGED Viewed

@@ -56,7 +56,7 @@ class ClusterUserManagementSpec(BaseModel):
     errors: list[ClusterError] = Field(default_factory=list)
-class ClusterRoleReconcileResult(BaseModel):
+class ClusterRoleReconcileResult(BaseModel, arbitrary_types_allowed=True):
     """
     Holds the result of a cluster role reconciliation.
     """
@@ -64,6 +64,3 @@ class ClusterRoleReconcileResult(BaseModel):
     users_added: int = 0
     users_removed: int = 0
     error: Exception | None = None
-    class Config:
-        arbitrary_types_allowed = True

reconcile/prometheus_rules_tester/integration.py CHANGED Viewed

@@ -56,7 +56,7 @@ class Test(BaseModel):
     rule_path: str
     rule: dict
     rule_length: int
-    tests: list[TestContent] | None
+    tests: list[TestContent] | None = None
     result: CommandExecutionResult | None = None
     promtool_version: str
@@ -76,7 +76,7 @@ def fetch_rule_and_tests(
     openshift_resource = orb.fetch_openshift_resource(
         resource=rule.resource,
         parent=rule.namespace,
-        settings=vault_settings.dict(by_alias=True),
+        settings=vault_settings.model_dump(by_alias=True),
     )
     rule_body = openshift_resource.body
@@ -96,7 +96,7 @@ def fetch_rule_and_tests(
             test_raw_yaml = process_extracurlyjinja2_template(
                 body=test_raw_yaml,
                 vars=variables,
-                settings=vault_settings.dict(by_alias=True),
+                settings=vault_settings.model_dump(by_alias=True),
             )
         test_yaml_spec = yaml.safe_load(test_raw_yaml)

reconcile/quay_base.py CHANGED Viewed

@@ -1,4 +1,4 @@
-from collections import namedtuple
+from collections import UserDict, namedtuple
 from typing import Any, TypedDict
 from reconcile import queries
@@ -10,22 +10,34 @@ OrgKey = namedtuple("OrgKey", ["instance", "org_name"])
 class OrgInfo(TypedDict):
     url: str
-    api: QuayApi
     push_token: dict[str, str] | None
     teams: list[str]
     managedRepos: bool
     mirror: OrgKey | None
     mirror_filters: dict[str, Any]
+    api: QuayApi
+class QuayApiStore(UserDict[OrgKey, OrgInfo]):
+    def __init__(self) -> None:
+        super().__init__(get_quay_api_store())
-QuayApiStore = dict[OrgKey, OrgInfo]
+    def cleanup(self) -> None:
+        """Close all QuayApi sessions."""
+        for org_info in self.data.values():
+            org_info["api"].cleanup()
+    def __enter__(self) -> "QuayApiStore":
+        return self
-def get_quay_api_store() -> QuayApiStore:
+    def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
+        self.cleanup()
+def get_quay_api_store() -> dict[OrgKey, OrgInfo]:
     """
     Returns a dictionary with a key for each Quay organization
     managed in app-interface.
-    Each key contains an initiated QuayApi instance.
     """
     quay_orgs = queries.get_quay_orgs()
     settings = queries.get_app_interface_settings()
@@ -61,14 +73,21 @@ def get_quay_api_store() -> QuayApiStore:
         else:
             push_token = None
+        # Create QuayApi instance for this org
+        api = QuayApi(
+            token=token,
+            organization=org_name,
+            base_url=base_url,
+        )
         org_info: OrgInfo = {
             "url": base_url,
-            "api": QuayApi(token, org_name, base_url=base_url),
             "push_token": push_token,
             "teams": org_data.get("managedTeams") or [],
             "managedRepos": bool(org_data.get("managedRepos")),
             "mirror": mirror,
             "mirror_filters": mirror_filters,
+            "api": api,
         }
         store[org_key] = org_info

qontract-reconcile 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev474__py3-none-any.whl

qontract-reconcile 0.10.2.dev361py3-none-any.whl → 0.10.2.dev474py3-none-any.whl