qontract-reconcile 0.10.2.dev361__py3-none-any.whl → 0.10.2.dev474__py3-none-any.whl

reconcile/external_resources/model.py

@@ -1,7 +1,4 @@
 import hashlib
-from abc import (
-    ABC,
-)
 from collections.abc import ItemsView, Iterable, Iterator, MutableMapping
 from enum import StrEnum
 from typing import Any
@@ -22,6 +19,7 @@ from reconcile.gql_definitions.external_resources.external_resources_namespaces
     NamespaceTerraformResourceElastiCacheV1,
     NamespaceTerraformResourceKMSV1,
     NamespaceTerraformResourceMskV1,
+    NamespaceTerraformResourceRDSProxyV1,
     NamespaceTerraformResourceRDSV1,
     NamespaceV1,
 )
@@ -87,9 +85,6 @@ class ExternalResourceKey(BaseModel, frozen=True):
             provider=spec.provider,
         )
 
-    def hash(self) -> str:
-        return hashlib.md5(json_dumps(self.dict()).encode("utf-8")).hexdigest()
-
     @property
     def state_path(self) -> str:
         return f"{self.provision_provider}/{self.provisioner_name}/{self.provider}/{self.identifier}"
@@ -102,6 +97,7 @@ SUPPORTED_RESOURCE_TYPES = (
     | NamespaceTerraformResourceElastiCacheV1
     | NamespaceTerraformResourceKMSV1
     | NamespaceTerraformResourceCloudWatchV1
+    | NamespaceTerraformResourceRDSProxyV1
 )
 
 
@@ -113,7 +109,9 @@ class ExternalResourcesInventory(MutableMapping):
             (rp, ns)
             for ns in namespaces
             for rp in ns.external_resources or []
-            if isinstance(rp, SUPPORTED_RESOURCE_PROVIDERS) and rp.resources
+            if isinstance(rp, SUPPORTED_RESOURCE_PROVIDERS)
+            and rp.resources
+            and ns.managed_external_resources
         ]
 
         desired_specs = [
@@ -134,17 +132,17 @@ class ExternalResourcesInventory(MutableMapping):
     ) -> ExternalResourceSpec:
         spec = ExternalResourceSpec(
             provision_provider=provider.provider,
-            provisioner=provider.provisioner.dict(),
-            resource=resource.dict(
+            provisioner=provider.provisioner.model_dump(),
+            resource=resource.model_dump(
                 exclude={
                     FLAG_RESOURCE_MANAGED_BY_ERV2,
                     FLAG_DELETE_RESOURCE,
                     MODULE_OVERRIDES,
                 }
             ),
-            namespace=namespace.dict(by_alias=True),
+            namespace=namespace.model_dump(by_alias=True),
         )
-        spec.metadata[FLAG_DELETE_RESOURCE] = resource.delete
+        spec.metadata[FLAG_DELETE_RESOURCE] = resource.delete or namespace.delete
         spec.metadata[MODULE_OVERRIDES] = resource.module_overrides
         return spec
 
@@ -383,7 +381,7 @@ class Reconciliation(BaseModel, frozen=True):
     )
     # linked_resources store dependants resources. They will get reconciled
     # every time the parent resource reconciliation finishes.
-    linked_resources: frozenset[ExternalResourceKey] | None
+    linked_resources: frozenset[ExternalResourceKey] | None = None
 
 
 class ReconcileAction(StrEnum):
@@ -403,7 +401,7 @@ class ReconciliationStatus(BaseModel):
     resource_status: ResourceStatus
 
 
-class ModuleProvisionData(ABC, BaseModel):
+class ModuleProvisionData(BaseModel):
     pass
 
 
@@ -428,7 +426,7 @@ class ExternalResourceProvision(BaseModel):
     target_cluster: str
     target_namespace: str
     target_secret_name: str
-    module_provision_data: ModuleProvisionData
+    module_provision_data: ModuleProvisionData | TerraformModuleProvisionData
 
 
 class ExternalResource(BaseModel):
@@ -436,4 +434,10 @@ class ExternalResource(BaseModel):
     provision: ExternalResourceProvision
 
     def hash(self) -> str:
-        return hashlib.md5(json_dumps(self.data).encode("utf-8")).hexdigest()
+        return hashlib.sha256(json_dumps(self.data).encode("utf-8")).hexdigest()
+
+    def export(
+        self, exclude: dict[str, Any] | None = None, indent: int | None = None
+    ) -> str:
+        """Export the ExternalResource as a JSON string."""
+        return json_dumps(self, exclude=exclude, indent=indent)

reconcile/external_resources/reconciler.py

@@ -70,10 +70,13 @@ class ReconciliationK8sJob(K8sJob, BaseModel, frozen=True):
     dry_run_suffix: str = ""
 
     def name_prefix(self) -> str:
+        identifier = (
+            f"{self.reconciliation.key.provider}-{self.reconciliation.key.identifier}"
+        )
         if self.is_dry_run:
-            return f"er-dry-run-mr-{self.dry_run_suffix}"
+            return f"er-dry-run-mr-{self.dry_run_suffix}-{identifier}"
         else:
-            return "er"
+            return f"er-{identifier}"
 
     def unit_of_work_identity(self) -> Any:
         return self.reconciliation.key
@@ -96,10 +99,10 @@ class ReconciliationK8sJob(K8sJob, BaseModel, frozen=True):
             image=self.reconciliation.module_configuration.image_version,
             image_pull_policy="Always",
             resources=V1ResourceRequirements(
-                requests=self.reconciliation.module_configuration.resources.requests.dict(
+                requests=self.reconciliation.module_configuration.resources.requests.model_dump(
                     exclude_none=True
                 ),
-                limits=self.reconciliation.module_configuration.resources.limits.dict(
+                limits=self.reconciliation.module_configuration.resources.limits.model_dump(
                     exclude_none=True
                 ),
             ),

reconcile/external_resources/secrets_sync.py

@@ -3,7 +3,6 @@ import json
 import logging
 from abc import abstractmethod
 from collections.abc import Iterable, Mapping
-from datetime import UTC, datetime
 from hashlib import shake_128
 from typing import Any
 
@@ -18,13 +17,13 @@ from reconcile.external_resources.meta import (
     SECRET_ANN_PROVISION_PROVIDER,
     SECRET_ANN_PROVISIONER,
     SECRET_UPDATED_AT,
-    SECRET_UPDATED_AT_TIMEFORMAT,
 )
 from reconcile.external_resources.model import (
     ExternalResourceKey,
 )
 from reconcile.openshift_base import ApplyOptions, apply_action
 from reconcile.typed_queries.clusters_minimal import get_clusters_minimal
+from reconcile.utils.datetime_util import to_utc_seconds_iso_format, utc_now
 from reconcile.utils.differ import diff_mappings
 from reconcile.utils.external_resource_spec import (
     ExternalResourceSpec,
@@ -47,8 +46,8 @@ class VaultSecret(BaseModel):
 
     path: str
     field: str
-    version: int | None
-    q_format: str | None
+    version: int | None = None
+    q_format: str | None = None
 
 
 class SecretHelper:
@@ -352,9 +351,7 @@ class InClusterSecretsReconciler(SecretsReconciler):
             secret_name = secret["metadata"]["name"]
             spec = secrets_map[secret_name]
             spec.secret = self.output_secrets_formatter.format(secret["data"])
-            spec.metadata[SECRET_UPDATED_AT] = datetime.now(UTC).strftime(
-                SECRET_UPDATED_AT_TIMEFORMAT
-            )
+            spec.metadata[SECRET_UPDATED_AT] = to_utc_seconds_iso_format(utc_now())
 
     def _delete_source_secret(self, spec: ExternalResourceSpec) -> None:
         secret_name = self._get_spec_outputs_secret_name(spec)
@@ -451,9 +448,8 @@ class VaultSecretsReconciler(SecretsReconciler):
         secret_path = self.secret_path(self.vault_path, spec)
         try:
             logging.debug("Reading Secret %s", secret_path)
-            data = self.secrets_reader.read_all({"path": secret_path})
-            spec.metadata[SECRET_UPDATED_AT] = data[SECRET_UPDATED_AT]
-            del data[SECRET_UPDATED_AT]
+            data = self.secrets_reader.read_all({"path": secret_path}).copy()
+            spec.metadata[SECRET_UPDATED_AT] = data.pop(SECRET_UPDATED_AT)
             spec.secret = data
         except SecretNotFoundError:
             logging.info("Error getting secret from vault, skipping. [%s]", secret_path)

reconcile/external_resources/state.py

@@ -1,7 +1,9 @@
+import json
 import logging
 from collections.abc import Mapping
-from datetime import UTC, datetime
+from datetime import datetime
 from enum import StrEnum
+from hashlib import sha256
 from typing import Any
 
 from pydantic import BaseModel
@@ -16,6 +18,8 @@ from reconcile.external_resources.model import (
     ResourceStatus,
 )
 from reconcile.utils.aws_api_typed.api import AWSApi
+from reconcile.utils.datetime_util import to_utc_microseconds_iso_format, utc_now
+from reconcile.utils.json import json_dumps
 
 DATE_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
 
@@ -41,7 +45,7 @@ class ExternalResourceState(BaseModel):
         self, reconciliation_status: ReconciliationStatus
     ) -> None:
         if self.reconciliation_needs_state_update(reconciliation_status):
-            self.ts = datetime.now()
+            self.ts = utc_now()
             self.resource_status = reconciliation_status.resource_status
 
     def reconciliation_needs_state_update(
@@ -169,8 +173,8 @@ class DynamoDBStateAdapter:
 
     def serialize(self, state: ExternalResourceState) -> dict[str, Any]:
         return {
-            self.ER_KEY_HASH: {"S": state.key.hash()},
-            self.TIMESTAMP: {"S": state.ts.isoformat()},
+            self.ER_KEY_HASH: {"S": state.key.state_path},
+            self.TIMESTAMP: {"S": to_utc_microseconds_iso_format(state.ts)},
             self.RESOURCE_STATUS: {"S": state.resource_status.value},
             self.ER_KEY: {
                 "M": {
@@ -258,24 +262,30 @@ class ExternalResourcesStateDynamoDB:
         self._table = table_name
         self.partial_resources = self._get_partial_resources()
 
+    def _new_sha256_hash(self, item: dict) -> str:
+        resource_json = item[self.adapter.RECONC]["M"][self.adapter.RECONC_INPUT]["S"]
+        resource_dict = json.loads(resource_json)
+        data = resource_dict["data"]
+        return sha256(json_dumps(data).encode("utf-8")).hexdigest()
+
     def get_external_resource_state(
-        self, key: ExternalResourceKey
+        self,
+        key: ExternalResourceKey,
     ) -> ExternalResourceState:
         data = self.aws_api.dynamodb.boto3_client.get_item(
             TableName=self._table,
             ConsistentRead=True,
-            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+            Key={self.adapter.ER_KEY_HASH: {"S": key.state_path}},
         )
         if "Item" in data:
             return self.adapter.deserialize(data["Item"])
-        else:
-            return ExternalResourceState(
-                key=key,
-                ts=datetime.now(UTC),
-                resource_status=ResourceStatus.NOT_EXISTS,
-                reconciliation=Reconciliation(key=key),
-                reconciliation_errors=0,
-            )
+        return ExternalResourceState(
+            key=key,
+            ts=utc_now(),
+            resource_status=ResourceStatus.NOT_EXISTS,
+            reconciliation=Reconciliation(key=key),
+            reconciliation_errors=0,
+        )
 
     def set_external_resource_state(
         self,
@@ -288,7 +298,7 @@ class ExternalResourcesStateDynamoDB:
     def del_external_resource_state(self, key: ExternalResourceKey) -> None:
         self.aws_api.dynamodb.boto3_client.delete_item(
             TableName=self._table,
-            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+            Key={self.adapter.ER_KEY_HASH: {"S": key.state_path}},
         )
 
     def _get_partial_resources(
@@ -330,7 +340,7 @@ class ExternalResourcesStateDynamoDB:
     ) -> None:
         self.aws_api.dynamodb.boto3_client.update_item(
             TableName=self._table,
-            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+            Key={self.adapter.ER_KEY_HASH: {"S": key.state_path}},
             UpdateExpression="set resource_status=:new_value",
             ExpressionAttributeValues={":new_value": {"S": status.value}},
             ReturnValues="UPDATED_NEW",

reconcile/fleet_labeler/integration.py

@@ -58,7 +58,7 @@ class FleetLabelerIntegration(QontractReconcileIntegration[NoParams]):
         """Return the desired state for early exit."""
         return {
             "version": QONTRACT_INTEGRATION_VERSION,
-            "specs": {spec.name: spec.dict() for spec in get_fleet_label_specs()},
+            "specs": {spec.name: spec.model_dump() for spec in get_fleet_label_specs()},
         }
 
     def run(self, dry_run: bool) -> None:

reconcile/gabi_authorized_users.py

@@ -16,6 +16,7 @@ from reconcile import queries
 from reconcile.status import ExitCodes
 from reconcile.utils.aggregated_list import RunnerError
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
+from reconcile.utils.datetime_util import ensure_utc, utc_now
 from reconcile.utils.defer import defer
 from reconcile.utils.disabled_integrations import integration_is_enabled
 from reconcile.utils.external_resources import get_external_resource_specs
@@ -65,8 +66,10 @@ def fetch_desired_state(
     gabi_instances: Iterable[Mapping], ri: ResourceInventory
 ) -> None:
     for g in gabi_instances:
-        expiration_date = datetime.strptime(g["expirationDate"], "%Y-%m-%d").date()
-        if (expiration_date - date.today()).days > EXPIRATION_DAYS_MAX:
+        expiration_date = ensure_utc(
+            datetime.strptime(g["expirationDate"], "%Y-%m-%d")  # noqa: DTZ007
+        ).date()
+        if (expiration_date - utc_now().date()).days > EXPIRATION_DAYS_MAX:
             raise RunnerError(
                 f"The maximum expiration date of {g['name']} shall not "
                 f"exceed {EXPIRATION_DAYS_MAX} days from today"

reconcile/gcp_image_mirror.py

@@ -132,7 +132,7 @@ class QuayMirror:
             mirror_creds = None
             pull_credentials = item.mirror.pull_credentials
             if pull_credentials:
-                raw_data = self.secret_reader.read_all(pull_credentials.dict())
+                raw_data = self.secret_reader.read_all(pull_credentials.model_dump())
                 username = raw_data["user"]
                 password = raw_data["token"]
                 mirror_creds = f"{username}:{password}"
@@ -226,7 +226,7 @@ class QuayMirror:
         return False
 
     def _decode_push_secret(self, secret: VaultSecret) -> str:
-        raw_data = self.secret_reader.read_all(secret.dict())
+        raw_data = self.secret_reader.read_all(secret.model_dump())
         token = base64.b64decode(raw_data["token"]).decode()
         return f"{raw_data['user']}:{token}"
 

reconcile/github_org.py

@@ -144,7 +144,7 @@ def get_org_and_teams(
 
 
 @retry()
-def get_members(unit: Organization) -> list[str]:
+def get_members(unit: Organization | Team) -> list[str]:
     return [member.login for member in unit.get_members()]
 
 

reconcile/github_owners.py

@@ -2,6 +2,7 @@ import logging
 import os
 
 import github
+import github.NamedUser
 from github import Github
 from sretoolbox.utils import retry
 
@@ -100,4 +101,7 @@ def run(dry_run: bool) -> None:
 
                 if not dry_run:
                     gh_user = gh.get_user(github_username)
+                    assert isinstance(
+                        gh_user, github.NamedUser.NamedUser
+                    )  # make mypy happy
                     gh_org.add_to_members(gh_user, "admin")

reconcile/gitlab_housekeeping.py

@@ -6,7 +6,6 @@ from collections.abc import (
 from contextlib import suppress
 from dataclasses import dataclass
 from datetime import (
-    UTC,
     datetime,
     timedelta,
 )
@@ -30,6 +29,7 @@ from sretoolbox.utils import retry
 
 from reconcile import queries
 from reconcile.change_owners.change_types import ChangeTypePriority
+from reconcile.utils.datetime_util import ensure_utc, from_utc_iso_format, utc_now
 from reconcile.utils.gitlab_api import (
     GitLabApi,
     MRState,
@@ -72,7 +72,6 @@ HOLD_LABELS = [
 ]
 
 QONTRACT_INTEGRATION = "gitlab-housekeeping"
-DATE_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
 EXPIRATION_DATE_FORMAT = "%Y-%m-%d"
 SQUASH_OPTION_ALWAYS = "always"
 
@@ -128,9 +127,7 @@ def _calculate_time_since_approval(approved_at: str) -> float:
     Returns the number of minutes since a MR has been approved.
     :param approved_at: the datetime the MR was approved in format %Y-%m-%dT%H:%M:%S.%fZ
     """
-    time_since_approval = datetime.utcnow() - datetime.strptime(
-        approved_at, DATE_FORMAT
-    )
+    time_since_approval = utc_now() - from_utc_iso_format(approved_at)
     return time_since_approval.total_seconds() / 60
 
 
@@ -138,7 +135,7 @@ def get_timed_out_pipelines(
     pipelines: list[ProjectMergeRequestPipeline],
     pipeline_timeout: int = 60,
 ) -> list[ProjectMergeRequestPipeline]:
-    now = datetime.utcnow()
+    now = utc_now()
 
     pending_pipelines = [
         p
@@ -152,7 +149,7 @@ def get_timed_out_pipelines(
     timed_out_pipelines = []
 
     for p in pending_pipelines:
-        update_time = datetime.strptime(p.updated_at, DATE_FORMAT)
+        update_time = from_utc_iso_format(p.updated_at)
 
         elapsed = (now - update_time).total_seconds()
 
@@ -279,7 +276,7 @@ def handle_stale_items(
 ) -> None:
     LABEL = "stale"  # noqa: N806
 
-    now = datetime.utcnow()
+    now = utc_now()
     for item in items:
         if AUTO_MERGE in item.labels:
             if item.merge_status == MRStatus.UNCHECKED:
@@ -287,7 +284,7 @@ def handle_stale_items(
                 item = gl.get_merge_request(item.iid)
             if item.merge_status == MRStatus.CANNOT_BE_MERGED:
                 close_item(dry_run, gl, enable_closing, item_type, item)
-        update_date = datetime.strptime(item.updated_at, DATE_FORMAT)
+        update_date = from_utc_iso_format(item.updated_at)
 
         # if item is over days_interval
         current_interval = now.date() - update_date.date()
@@ -315,10 +312,9 @@ def handle_stale_items(
             if not cancel_notes:
                 continue
 
-            cancel_notes_dates = [
-                datetime.strptime(item.updated_at, DATE_FORMAT) for note in cancel_notes
-            ]
-            latest_cancel_note_date = max(d for d in cancel_notes_dates)
+            latest_cancel_note_date = max(
+                from_utc_iso_format(note.updated_at) for note in cancel_notes
+            )
             # if the latest cancel note is under
             # days_interval - remove 'stale' label
             current_interval = now.date() - latest_cancel_note_date.date()
@@ -653,8 +649,10 @@ def publish_access_token_expiration_metrics(gl: GitLabApi) -> None:
 
     for pat in pats:
         if pat.active:
-            expiration_date = datetime.strptime(pat.expires_at, EXPIRATION_DATE_FORMAT)
-            days_until_expiration = expiration_date.date() - datetime.now(UTC).date()
+            expiration_date = ensure_utc(
+                datetime.strptime(pat.expires_at, EXPIRATION_DATE_FORMAT)  # noqa: DTZ007
+            )
+            days_until_expiration = expiration_date.date() - utc_now().date()
             gitlab_token_expiration.labels(pat.name).set(days_until_expiration.days)
         else:
             with suppress(KeyError, ValueError):

reconcile/gitlab_members.py

@@ -44,19 +44,13 @@ class GitlabUser(BaseModel):
     access_level: int
 
 
-class CurrentStateSpec(BaseModel):
+class CurrentStateSpec(BaseModel, arbitrary_types_allowed=True):
     members: dict[str, GroupMember]
 
-    class Config:
-        arbitrary_types_allowed = True
 
-
-class DesiredStateSpec(BaseModel):
+class DesiredStateSpec(BaseModel, arbitrary_types_allowed=True):
     members: dict[str, GitlabUser]
 
-    class Config:
-        arbitrary_types_allowed = True
-
 
 CurrentState = dict[str, CurrentStateSpec]
 DesiredState = dict[str, DesiredStateSpec]
@@ -122,8 +116,8 @@ def build_desired_state_spec(
                     pagerduty_map,
                     get_username_method=lambda u: u.org_username,
                 )
-                for u in usernames_from_pagerduty:
-                    gu = GitlabUser(user=u, access_level=p_access_level)
+                for pu in usernames_from_pagerduty:
+                    gu = GitlabUser(user=pu, access_level=p_access_level)
                     add_or_update_user(desired_state_spec, gu)
     return desired_state_spec
 
@@ -239,6 +233,6 @@ def reconcile_gitlab_members(
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     gqlapi = gql.get_api()
     return {
-        "instance": get_gitlab_instance(gqlapi.query).dict(),
-        "permissions": [p.dict() for p in get_permissions(gqlapi.query)],
+        "instance": get_gitlab_instance(gqlapi.query).model_dump(),
+        "permissions": [p.model_dump() for p in get_permissions(gqlapi.query)],
     }

reconcile/gitlab_owners.py

@@ -2,12 +2,12 @@ import logging
 from collections.abc import Callable, Mapping
 from typing import Any
 
-from dateutil import parser as dateparser
 from gitlab.v4.objects import ProjectMergeRequest
 from sretoolbox.utils import threaded
 
 from reconcile import queries
 from reconcile.utils.constants import DEFAULT_THREAD_POOL_SIZE
+from reconcile.utils.datetime_util import from_utc_iso_format
 from reconcile.utils.defer import defer
 from reconcile.utils.gitlab_api import (
     GitLabApi,
@@ -49,12 +49,14 @@ class MRApproval:
         self.dry_run = dry_run
         self.persistent_lgtm = persistent_lgtm
 
-        # Get the date of the most recent commit (top commit) in the MR, but avoid comparing against None
-        self.top_commit_created_at = dateparser.parse("2000-01-01")
-        commits = self.mr.commits()
-        if commits:
-            top_commit = next(commits)
-            self.top_commit_created_at = dateparser.parse(top_commit.created_at)
+        # Get the date of the most recent commit (top commit) in the MR
+        self.top_commit_created_at = next(
+            (
+                from_utc_iso_format(commit.created_at)
+                for commit in merge_request.commits()
+            ),
+            None,
+        )
 
     def get_change_owners_map(self) -> dict[str, dict[str, list[str]]]:
         """
@@ -95,9 +97,10 @@ class MRApproval:
 
             # Only interested in comments created after the top commit
             # creation time
-            comment_created_at = dateparser.parse(comment.created_at)
+            comment_created_at = from_utc_iso_format(comment.created_at)
             if (
-                comment_created_at < self.top_commit_created_at
+                self.top_commit_created_at is not None
+                and comment_created_at < self.top_commit_created_at
                 and not self.persistent_lgtm
             ):
                 continue
@@ -185,9 +188,10 @@ class MRApproval:
             # If the comment was created before the last commit,
             # it means we had a push after the comment. In this case,
             # we delete the comment and move on.
-            comment_created_at = dateparser.parse(comment.created_at)
+            comment_created_at = from_utc_iso_format(comment.created_at)
             if (
-                comment_created_at < self.top_commit_created_at
+                self.top_commit_created_at is not None
+                and comment_created_at < self.top_commit_created_at
                 and comment.note is not None
             ):
                 # Deleting stale comments

reconcile/gitlab_permissions.py

@@ -94,14 +94,6 @@ class GroupPermissionHandler:
         desired_state: dict[str, GroupSpec],
         current_state: dict[str, GroupSpec],
     ) -> None:
-        # gather list of app-interface managed repos
-        instance = queries.get_gitlab_instance()
-        managed_repos = {
-            f"{instance['url']}/{project_request['group']}/{r}"
-            for project_request in instance.get("projectRequests", [])
-            for r in project_request.get("projects", [])
-        }
-
         # get the diff data
         diff_data = diff_mappings(
             current=current_state,
@@ -112,11 +104,10 @@ class GroupPermissionHandler:
         errors: list[Exception] = []
         for repo in diff_data.add:
             project = self.gl.get_project(repo)
-            if not project and repo in managed_repos:
-                logging.info(
-                    f"New app-interface managed repository {repo} hasn't been created yet - skipping"
-                )
+            if not project:
+                logging.info(f"{repo} hasn't been created yet - skipping")
                 continue
+
             if not self.can_share_project(project):
                 errors.append(
                     GroupAccessLevelError(
@@ -136,8 +127,13 @@ class GroupPermissionHandler:
                     group_id=self.group.id,
                     access_level=self.access_level,
                 )
+
         for repo in diff_data.change:
             project = self.gl.get_project(repo)
+            if not project:
+                logging.info(f"{repo} hasn't been created yet - skipping")
+                continue
+
             if not self.can_share_project(project):
                 errors.append(
                     GroupAccessLevelError(

reconcile/glitchtip_project_alerts/integration.py

@@ -69,7 +69,9 @@ class GlitchtipProjectAlertsIntegration(
         return QONTRACT_INTEGRATION
 
     def get_early_exit_desired_state(self) -> dict[str, Any] | None:
-        return {"projects": [c.dict() for c in self.get_projects(gql.get_api().query)]}
+        return {
+            "projects": [c.model_dump() for c in self.get_projects(gql.get_api().query)]
+        }
 
     def get_projects(self, query_func: Callable) -> list[GlitchtipProjectV1]:
         return glitchtip_project_query(query_func=query_func).glitchtip_projects or []

reconcile/gql_definitions/acs/acs_instances.py

@@ -1,5 +1,5 @@
 """
-Generated by qenerate plugin=pydantic_v1. DO NOT MODIFY MANUALLY!
+Generated by qenerate plugin=pydantic_v2. DO NOT MODIFY MANUALLY!
 """
 from collections.abc import Callable  # noqa: F401 # pylint: disable=W0611
 from datetime import datetime  # noqa: F401 # pylint: disable=W0611
@@ -12,7 +12,7 @@ from typing import (  # noqa: F401 # pylint: disable=W0611
 
 from pydantic import (  # noqa: F401 # pylint: disable=W0611
     BaseModel,
-    Extra,
+    ConfigDict,
     Field,
     Json,
 )
@@ -44,9 +44,9 @@ query AcsInstance {
 
 
 class ConfiguredBaseModel(BaseModel):
-    class Config:
-        smart_union=True
-        extra=Extra.forbid
+    model_config = ConfigDict(
+        extra='forbid'
+    )
 
 
 class AcsInstanceAuthProviderV1(ConfiguredBaseModel):