qontract-reconcile 0.10.2.dev394__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

reconcile/utils/oc.py

@@ -68,7 +68,8 @@ if TYPE_CHECKING:
 urllib3.disable_warnings()
 
 GET_REPLICASET_MAX_ATTEMPTS = 20
-
+DEFAULT_GROUP = ""
+PROJECT_KIND = "Project.project.openshift.io"
 
 oc_run_execution_counter = Counter(
     name="oc_run_execution_counter",
@@ -145,6 +146,14 @@ class RequestEntityTooLargeError(Exception):
     pass
 
 
+class KindNotFoundError(Exception):
+    pass
+
+
+class AmbiguousResourceTypeError(Exception):
+    pass
+
+
 class OCDecorators:
     @classmethod
     def process_reconcile_time(cls, function: Callable) -> Callable:
@@ -380,10 +389,7 @@ class OCCli:
 
         self.init_projects = init_projects
         if self.init_projects:
-            if self.is_kind_supported("Project"):
-                kind = "Project.project.openshift.io"
-            else:
-                kind = "Namespace"
+            kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
             self.projects = {p["metadata"]["name"] for p in self.get_all(kind)["items"]}
 
         self.slow_oc_reconcile_threshold = float(
@@ -453,10 +459,7 @@ class OCCli:
 
         self.init_projects = init_projects
         if self.init_projects:
-            if self.is_kind_supported("Project"):
-                kind = "Project.project.openshift.io"
-            else:
-                kind = "Namespace"
+            kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
             self.projects = {p["metadata"]["name"] for p in self.get_all(kind)["items"]}
 
         self.slow_oc_reconcile_threshold = float(
@@ -637,11 +640,9 @@ class OCCli:
     def project_exists(self, name: str) -> bool:
         if name in self.projects:
             return True
+        kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
         try:
-            if self.is_kind_supported("Project"):
-                self.get(None, "Project.project.openshift.io", name)
-            else:
-                self.get(None, "Namespace", name)
+            self.get(None, kind, name)
         except StatusCodeError as e:
             if "NotFound" in str(e):
                 return False
@@ -650,7 +651,7 @@ class OCCli:
 
     @OCDecorators.process_reconcile_time
     def new_project(self, namespace: str) -> OCProcessReconcileTimeDecoratorMsg:
-        if self.is_kind_supported("Project"):
+        if self.is_kind_supported(PROJECT_KIND):
             cmd = ["new-project", namespace]
         else:
             cmd = ["create", "namespace", namespace]
@@ -666,7 +667,7 @@ class OCCli:
 
     @OCDecorators.process_reconcile_time
     def delete_project(self, namespace: str) -> OCProcessReconcileTimeDecoratorMsg:
-        if self.is_kind_supported("Project"):
+        if self.is_kind_supported(PROJECT_KIND):
             cmd = ["delete", "project", namespace]
         else:
             cmd = ["delete", "namespace", namespace]
@@ -715,9 +716,9 @@ class OCCli:
 
     def sa_get_token(self, namespace: str, name: str) -> str:
         cmd = ["sa", "-n", namespace, "get-token", name]
-        return self._run(cmd)
+        return self._run(cmd).decode("utf-8")
 
-    def get_api_resources(self) -> dict[str, Any]:
+    def get_api_resources(self) -> dict[str, list[OCCliApiResource]]:
         with self.api_resources_lock:
             if not self.api_resources:
                 cmd = ["api-resources", "--no-headers"]
@@ -1187,7 +1188,7 @@ class OCCli:
     def _run_json(
         self, cmd: list[str], allow_not_found: bool = False
     ) -> dict[str, Any]:
-        out = self._run(cmd, allow_not_found=allow_not_found)
+        out = self._run(cmd, allow_not_found=allow_not_found).decode("utf-8")
 
         try:
             out_json = json.loads(out)
@@ -1196,76 +1197,90 @@ class OCCli:
 
         return out_json
 
-    def _parse_kind(self, kind_name: str) -> tuple[str, str]:
-        # This is a provisional solution while we work in redefining
-        # the api resources initialization.
-        if not self.api_resources:
-            self.get_api_resources()
+    def parse_kind(self, kind: str) -> tuple[str, str, str]:
+        """Parse a Kubernetes kind string into its components.
 
-        kind_group = kind_name.split(".", 1)
-        kind = kind_group[0]
-        if kind in self.api_resources:
-            group_version = self.api_resources[kind][0].group_version
-        else:
-            raise StatusCodeError(f"{self.server}: {kind} does not exist")
-
-        # if a kind_group has more than 1 entry than the kind_name is in
-        # the format kind.apigroup.  Find the apigroup/version that matches
-        # the apigroup passed with the kind_name
-        if len(kind_group) > 1:
-            apigroup_override = kind_group[1]
-            find = False
-            for gv in self.api_resources[kind]:
-                if apigroup_override == gv.group:
-                    if not gv.group:
-                        group_version = gv.api_version
-                    else:
-                        group_version = f"{gv.group}/{gv.api_version}"
-                    find = True
-                    break
+        Supports three formats:
+        - kind
+        - kind.group.whatever
+        - kind.group.whatever/version
 
-            if not find:
-                raise StatusCodeError(
-                    f"{self.server}: {apigroup_override} does not have kind {kind}"
-                )
-        return (kind, group_version)
+        Args:
+            kind: A Kubernetes kind string in one of the supported formats
+
+        Returns:
+            Tuple of (kind, group, version) where missing parts are empty strings
+
+        Raises:
+            ValueError: If the kind string format is invalid
+
+        Examples:
+            >>> parse_kind_string("Deployment")
+            ('Deployment', '', '')
+            >>> parse_kind_string("ClusterRoleBinding.rbac.authorization.k8s.io")
+            ('ClusterRoleBinding', 'rbac.authorization.k8s.io', '')
+            >>> parse_kind_string("CustomResource.mygroup.example.com/v1")
+            ('CustomResource', 'mygroup.example.com', 'v1')
+        """
+        pattern = r"^(?P<kind>[^./]+)(?:\.(?P<group>[^/]+))?(?:/(?P<version>.+))?$"
+        match = re.match(pattern, kind)
+        if not match:
+            raise ValueError(f"Invalid kind string: {kind}")
+
+        kind = match.group("kind") or ""
+        group = match.group("group") or DEFAULT_GROUP
+        version = match.group("version") or ""
+
+        return kind, group, version
 
     def is_kind_supported(self, kind: str) -> bool:
-        # This is a provisional solution while we work in redefining
-        # the api resources initialization.
-        if not self.api_resources:
-            self.get_api_resources()
+        """Returns True if the given kind is supported by the cluster, False otherwise.
 
-        if "." in kind:
-            try:
-                self._parse_kind(kind)
-                return True
-            except StatusCodeError:
-                return False
-        else:
-            return kind in self.api_resources
+        Kind can be either kind, kind.group or kind.group/version."""
+        try:
+            self.get_api_resource(kind)
+            return True
+        except KindNotFoundError:
+            return False
 
     def is_kind_namespaced(self, kind: str) -> bool:
-        # This is a provisional solution while we work in redefining
-        # the api resources initialization.
+        """Returns True if the given kind is namespaced, False if it's cluster scoped.
+
+        Kind can be either kind, kind.group or kind.group/version."""
+        return self.get_api_resource(kind).namespaced
+
+    def get_api_resource(self, kind: str) -> OCCliApiResource:
+        """Return the OCCliApiResource for the given resource type.
+
+        Resource type can be either kind, kind.group or kind.group/version.
+        If kind is not unique, group must be specified."""
+
         if not self.api_resources:
-            self.get_api_resources()
+            raise RuntimeError("API resources not initialized")
+
+        kind, group, _ = self.parse_kind(kind)
 
-        kg = kind.split(".", 1)
-        kind = kg[0]
+        if not (resources := self.api_resources.get(kind)):
+            # the kind not found at all
+            raise KindNotFoundError(f"Unsupported resource type: {kind}")
 
-        # Same Kinds might exist in different api groups
-        kind_resources = self.api_resources.get(kind)
-        if not kind_resources:
-            raise StatusCodeError(f"Kind {kind} does not exist in the ApiServer")
+        if len(resources) == 1 and group == DEFAULT_GROUP:
+            return resources[0]
 
-        if len(kg) > 1:
-            group = kg[1]
-            for r in kind_resources:
-                if group == r.group:
-                    return r.namespaced
-            raise StatusCodeError(f"Kind: {kind} does nod exist in the ApiServer")
-        return kind_resources[0].namespaced
+        # get the resource with the specified group
+        if resource := next((r for r in resources if r.group == group), None):
+            return resource
+
+        # no resource with the specified group found
+        if group == DEFAULT_GROUP:
+            message = (
+                f"Ambiguous resource type: {kind}. "
+                "Please fully qualify it with its API group. E.g., ClusterRoleBinding -> ClusterRoleBinding.rbac.authorization.k8s.io"
+            )
+            raise AmbiguousResourceTypeError(message)
+
+        # group was specified but no matching resource found
+        raise KindNotFoundError(f"Unsupported resource type: {kind}")
 
 
 REQUEST_TIMEOUT = 60
@@ -1305,20 +1320,19 @@ class OCNative(OCCli):
 
             server = connection_parameters.server_url
 
-        if server:
-            self.client = self._get_client(server, token)
-            self.api_resources = self.get_api_resources()
+        if not server:
+            raise Exception("Server name is required!")
 
-        else:
-            raise Exception("A method relies on client/api_kind_version to be set")
+        if not token:
+            raise Exception("Token is required!")
+
+        self.client = self._get_client(server, token)
+        self.api_resources = self.get_api_resources()
 
         self.projects = set()
         self.init_projects = init_projects
         if self.init_projects:
-            if self.is_kind_supported("Project"):
-                kind = "Project.project.openshift.io"
-            else:
-                kind = "Namespace"
+            kind = PROJECT_KIND if self.is_kind_supported(PROJECT_KIND) else "Namespace"
             self.projects = {p["metadata"]["name"] for p in self.get_all(kind)["items"]}
 
     def __enter__(self) -> OCNative:
@@ -1368,8 +1382,10 @@ class OCNative(OCCli):
 
     @retry(max_attempts=5, exceptions=(ServerTimeoutError))
     def get_items(self, kind: str, **kwargs: Any) -> list[dict[str, Any]]:
-        k, group_version = self._parse_kind(kind)
-        obj_client = self._get_obj_client(group_version=group_version, kind=k)
+        resource = self.get_api_resource(kind)
+        obj_client = self._get_obj_client(
+            group_version=resource.group_version, kind=resource.kind
+        )
 
         namespace = ""
         if "namespace" in kwargs:
@@ -1421,8 +1437,10 @@ class OCNative(OCCli):
         name: str | None = None,
         allow_not_found: bool = False,
     ) -> dict[str, Any]:
-        k, group_version = self._parse_kind(kind)
-        obj_client = self._get_obj_client(group_version=group_version, kind=k)
+        resource = self.get_api_resource(kind)
+        obj_client = self._get_obj_client(
+            group_version=resource.group_version, kind=resource.kind
+        )
         try:
             obj = obj_client.get(
                 name=name,
@@ -1436,8 +1454,10 @@ class OCNative(OCCli):
             raise StatusCodeError(f"[{self.server}]: {e}") from None
 
     def get_all(self, kind: str, all_namespaces: bool = False) -> dict[str, Any]:
-        k, group_version = self._parse_kind(kind)
-        obj_client = self._get_obj_client(group_version=group_version, kind=k)
+        resource = self.get_api_resource(kind)
+        obj_client = self._get_obj_client(
+            group_version=resource.group_version, kind=resource.kind
+        )
         try:
             return obj_client.get(_request_timeout=REQUEST_TIMEOUT).to_dict()
         except NotFoundError as e:

reconcile/utils/ocm/addons.py

@@ -188,7 +188,6 @@ class AddonServiceV2(AddonService):
                     next_run=policy.get("next_run"),
                     version=policy["version"],
                     state=policy.get("state"),
-                    addon_service=self,
                 )
             )
 

reconcile/utils/ocm/base.py

@@ -141,16 +141,16 @@ class OCMClusterAWSOperatorRole(BaseModel):
 
 
 class OCMAWSSTS(OCMClusterFlag):
-    role_arn: str | None
-    support_role_arn: str | None
-    oidc_endpoint_url: str | None
-    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None
-    instance_iam_roles: dict[str, str] | None
-    operator_role_prefix: str | None
+    role_arn: str | None = None
+    support_role_arn: str | None = None
+    oidc_endpoint_url: str | None = None
+    operator_iam_roles: list[OCMClusterAWSOperatorRole] | None = None
+    instance_iam_roles: dict[str, str] | None = None
+    operator_role_prefix: str | None = None
 
 
 class OCMClusterAWSSettings(BaseModel):
-    sts: OCMAWSSTS | None
+    sts: OCMAWSSTS | None = None
 
     @property
     def sts_enabled(self) -> bool:
@@ -264,21 +264,21 @@ class OCMCluster(BaseModel):
     product: OCMModelLink
     identity_providers: OCMCollectionLink
 
-    aws: OCMClusterAWSSettings | None
+    aws: OCMClusterAWSSettings | None = None
 
     version: OCMClusterVersion
 
     hypershift: OCMClusterFlag
 
-    console: OCMClusterConsole | None
+    console: OCMClusterConsole | None = None
 
-    api: OCMClusterAPI | None
+    api: OCMClusterAPI | None = None
 
-    dns: OCMClusterDns | None
+    dns: OCMClusterDns | None = None
 
-    external_configuration: OCMExternalConfiguration | None
+    external_configuration: OCMExternalConfiguration | None = None
 
-    external_auth_config: OCMExternalAuthConfig | None
+    external_auth_config: OCMExternalAuthConfig | None = None
 
     def minor_version(self) -> str:
         version_info = parse_semver(self.version.raw_id)
@@ -570,15 +570,12 @@ class OCMOIdentityProviderGithub(OCMOIdentityProvider):
     )
 
 
-class OCMOIdentityProviderOidcOpenIdClaims(BaseModel):
+class OCMOIdentityProviderOidcOpenIdClaims(BaseModel, frozen=True):
     email: list[str]
     name: list[str] = []
     preferred_username: list[str]
     groups: list[str] = []
 
-    class Config:
-        frozen = True
-
 
 class OCMOIdentityProviderOidcOpenId(BaseModel):
     client_id: str
@@ -618,11 +615,11 @@ class OCMAddonUpgradePolicy(BaseModel):
     id: str
     addon_id: str
     cluster_id: str
-    next_run: str | None
-    schedule: str | None
+    next_run: str | None = None
+    schedule: str | None = None
     schedule_type: str
     version: str
-    state: str | None
+    state: str | None = None
 
 
 def build_label_container(

reconcile/utils/ocm/cluster_groups.py

@@ -17,7 +17,7 @@ def add_user_to_cluster_group(
     """
     ocm_api.post(
         build_cluster_group_users_url(cluster_id, group),
-        OCMClusterUser(id=user_name).dict(by_alias=True),
+        OCMClusterUser(id=user_name).model_dump(by_alias=True),
     )
 
 

reconcile/utils/ocm/identity_providers.py

@@ -42,7 +42,7 @@ def add_identity_provider(
         )
     ocm_api.post(
         api_path=ocm_cluster.identity_providers.href,
-        data=idp.dict(by_alias=True, exclude_none=True),
+        data=idp.model_dump(by_alias=True, exclude_none=True),
     )
 
 
@@ -55,7 +55,7 @@ def update_identity_provider(
         raise ValueError(f"IDP {idp.name} does not have a href!")
     ocm_api.patch(
         api_path=idp.href,
-        data=idp.dict(by_alias=True, exclude_none=True, exclude={"name"}),
+        data=idp.model_dump(by_alias=True, exclude_none=True, exclude={"name"}),
     )
 
 

reconcile/utils/ocm/labels.py

@@ -159,7 +159,7 @@ def build_container_for_prefix(
 
     return LabelContainer(
         labels={
-            strip_prefix_if_needed(label.key): label.copy(
+            strip_prefix_if_needed(label.key): label.model_copy(
                 update={"key": strip_prefix_if_needed(label.key)}
             )
             for label in container.labels.values()

reconcile/utils/ocm/products.py

@@ -178,11 +178,11 @@ class OCMProductOsd(OCMProduct):
             ],
             provision_shard_id=provision_shard_id,
             hypershift=cluster["hypershift"]["enabled"],
-            fips=cluster.get("fips"),
+            fips=cluster.get("fips") or False,
         )
 
         if not cluster["ccs"]["enabled"]:
-            cluster_spec_data = spec.dict()
+            cluster_spec_data = spec.model_dump()
             cluster_spec_data["storage"] = (
                 cluster["storage_quota"]["value"] // BYTES_IN_GIGABYTE
             )
@@ -229,7 +229,7 @@ class OCMProductOsd(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -259,7 +259,7 @@ class OCMProductOsd(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
-            "fips": bool(cluster.spec.fips),
+            "fips": cluster.spec.fips,
         }
 
         # Workaround to enable type checks.
@@ -429,7 +429,7 @@ class OCMProductRosa(OCMProduct):
             subnet_ids=cluster["aws"].get("subnet_ids"),
             availability_zones=cluster["nodes"].get("availability_zones"),
             oidc_endpoint_url=oidc_endpoint_url,
-            fips=cluster.get("fips"),
+            fips=cluster.get("fips") or False,
         )
 
         machine_pools = [
@@ -474,7 +474,7 @@ class OCMProductRosa(OCMProduct):
             "compute_machine_type": {"id": default_machine_pool.instance_type},
         }
         if default_machine_pool.autoscale is not None:
-            spec["autoscale_compute"] = default_machine_pool.autoscale.dict()
+            spec["autoscale_compute"] = default_machine_pool.autoscale.model_dump()
         else:
             spec["compute"] = default_machine_pool.replicas
         return spec
@@ -517,7 +517,7 @@ class OCMProductRosa(OCMProduct):
                 if (duwm := cluster.spec.disable_user_workload_monitoring) is not None
                 else True
             ),
-            "fips": bool(cluster.spec.fips),
+            "fips": cluster.spec.fips,
         }
 
         provision_shard_id = cluster.spec.provision_shard_id
@@ -706,7 +706,7 @@ class OCMProductHypershift(OCMProduct):
             availability_zones=cluster["nodes"].get("availability_zones"),
             hypershift=cluster["hypershift"]["enabled"],
             oidc_endpoint_url=oidc_endpoint_url,
-            fips=cluster.get("fips"),
+            fips=cluster.get("fips") or False,
         )
 
         network = OCMClusterNetwork(

reconcile/utils/ocm/service_log.py

@@ -55,6 +55,6 @@ def create_service_log(
     return OCMClusterServiceLog(
         **ocm_api.post(
             api_path=CLUSTER_SERVICE_LOGS_CREATE_ENDPOINT,
-            data=service_log.dict(by_alias=True),
+            data=service_log.model_dump(by_alias=True),
         )
     )

reconcile/utils/ocm/sre_capability_labels.py

@@ -1,7 +1,7 @@
 from typing import Any
 
-from pydantic import Field
-from pydantic.fields import ModelField
+from pydantic import WithJsonSchema
+from pydantic.fields import FieldInfo
 
 from reconcile.utils.ocm.base import (
     LabelContainer,
@@ -22,11 +22,11 @@ def sre_capability_label_key(
     return f"sre-capabilities.{sre_capability}.{config_atom}"
 
 
-def labelset_groupfield(group_prefix: str) -> Any:
+def labelset_groupfield(group_prefix: str) -> WithJsonSchema:
     """
     Helper function to build the FieldMeta for a labelset field that groups labels.
     """
-    return Field(group_by_prefix=group_prefix)
+    return WithJsonSchema({"group_by_prefix": group_prefix})
 
 
 def build_labelset(
@@ -36,16 +36,23 @@ def build_labelset(
     Instantiates a dataclass from a set of labels.
     """
     raw_data = {
-        field.alias: _labelset_field_value(labels, field)
-        for field in dataclass.__fields__.values()
+        field.alias or name: _labelset_field_value(labels, name, field)
+        for name, field in dataclass.model_fields.items()
     }
     return dataclass(**raw_data)
 
 
-def _labelset_field_value(labels: LabelContainer, field: ModelField) -> Any | None:
-    key_prefix = field.field_info.extra.get("group_by_prefix")
-    if key_prefix:
-        return build_container_for_prefix(
-            labels, key_prefix, strip_key_prefix=True
-        ).get_values_dict()
-    return labels.get_label_value(field.alias)
+def _labelset_field_value(
+    labels: LabelContainer, name: str, field: FieldInfo
+) -> Any | None:
+    schema = next((m for m in field.metadata if isinstance(m, WithJsonSchema)), None)
+    if (
+        schema is None
+        or not schema.json_schema
+        or "group_by_prefix" not in schema.json_schema
+    ):
+        return labels.get_label_value(field.alias or name)
+
+    return build_container_for_prefix(
+        labels, schema.json_schema["group_by_prefix"], strip_key_prefix=True
+    ).get_values_dict()

reconcile/utils/openshift_resource.py

@@ -5,6 +5,7 @@ import base64
 import contextlib
 import copy
 import hashlib
+import logging
 import re
 from threading import Lock
 from typing import TYPE_CHECKING, Any
@@ -601,6 +602,10 @@ class ResourceInventory:
         resource: OpenshiftResource,
         privileged: bool = False,
     ) -> None:
+        if cluster not in self._clusters:
+            logging.error(f"Cluster {cluster} not initialized in ResourceInventory")
+            return
+
         if resource.kind_and_group in self._clusters[cluster][namespace]:
             kind = resource.kind_and_group
         else:

reconcile/utils/pagerduty_api.py

@@ -52,10 +52,13 @@ class PagerDutyTarget(Protocol):
     which must be implemented by a class to be compatible."""
 
     name: str
-    instance: PagerDutyInstance
     escalation_policy_id: str | None
     schedule_id: str | None
 
+    @property
+    def instance(self) -> PagerDutyInstance:
+        pass
+
 
 class PagerDutyConfig(BaseModel):
     """PagerDuty Config."""
@@ -189,7 +192,7 @@ def get_pagerduty_name(user: PagerDutyUser) -> str:
     return user.pagerduty_username or user.org_username
 
 
-@retry(no_retry_exceptions=PagerDutyTargetError)
+@retry(no_retry_exceptions=(PagerDutyTargetError,))
 def get_usernames_from_pagerduty(
     pagerduties: Iterable[PagerDutyTarget],
     users: Iterable[PagerDutyUser],

reconcile/utils/promotion_state.py

@@ -3,13 +3,12 @@ from collections import defaultdict
 
 from pydantic import (
     BaseModel,
-    Extra,
 )
 
 from reconcile.utils.state import State
 
 
-class PromotionData(BaseModel):
+class PromotionData(BaseModel, extra="forbid"):
     """
     A class that strictly corresponds to the json stored in S3.
 
@@ -20,17 +19,13 @@ class PromotionData(BaseModel):
 
     # The success is primarily used for SAPM auto-promotions
     success: bool
-    target_config_hash: str | None
-    saas_file: str | None
-    check_in: str | None
+    target_config_hash: str | None = None
+    saas_file: str | None = None
+    check_in: str | None = None
     # Whether this promotion has ever succeeded
     # Note, this shouldnt be overridden on subsequent promotions of same ref
     # This attribute is primarily used by saasherder validations
-    has_succeeded_once: bool | None
-
-    class Config:
-        smart_union = True
-        extra = Extra.forbid
+    has_succeeded_once: bool | None = None
 
 
 class PromotionState:
@@ -107,5 +102,5 @@ class PromotionState:
         self, sha: str, channel: str, target_uid: str, data: PromotionData
     ) -> None:
         state_key_v2 = f"promotions_v2/{channel}/{target_uid}/{sha}"
-        self._state.add(state_key_v2, data.dict(), force=True)
+        self._state.add(state_key_v2, data.model_dump(), force=True)
         logging.info("Uploaded %s to %s", data, state_key_v2)