qontract-reconcile 0.10.2.dev394__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

reconcile/acs_rbac.py

@@ -65,7 +65,7 @@ class AcsRole(BaseModel):
     assignments: list[AssignmentPair]
     permission_set_name: str
     access_scope: AcsAccessScope
-    system_default: bool | None
+    system_default: bool | None = None
 
     @classmethod
     def build(cls, permission: Permission, usernames: list[str]) -> Self:
@@ -151,7 +151,7 @@ class AcsRbacIntegration(QontractReconcileIntegration[NoParams]):
                 for permission in role.oidc_permissions or []:
                     if isinstance(permission, OidcPermissionAcsV1):
                         permission_usernames[
-                            Permission(**permission.dict(by_alias=True))
+                            Permission(**permission.model_dump(by_alias=True))
                         ].append(user.org_username)
         return list(starmap(AcsRole.build, permission_usernames.items()))
 

reconcile/aus/advanced_upgrade_service.py

@@ -1,13 +1,13 @@
 import logging
 from collections import defaultdict
 from datetime import timedelta
-from typing import Optional
+from typing import Annotated, Optional
 
 from pydantic import (
     BaseModel,
     Field,
     ValidationError,
-    validator,
+    field_validator,
 )
 from pydantic.dataclasses import dataclass
 
@@ -289,13 +289,16 @@ class OrganizationLabelSet(BaseModel):
 
     blocked_versions: CSV | None = Field(alias=aus_label_key("blocked-versions"))
 
-    sector_max_parallel_upgrades: dict[str, str] = labelset_groupfield(
-        group_prefix=aus_label_key("sector-max-parallel-upgrades.")
-    )
+    sector_max_parallel_upgrades: Annotated[
+        dict[str, str],
+        labelset_groupfield(
+            group_prefix=aus_label_key("sector-max-parallel-upgrades.")
+        ),
+    ]
 
-    sector_deps: dict[str, CSV] = labelset_groupfield(
-        group_prefix=aus_label_key("sector-deps.")
-    )
+    sector_deps: Annotated[
+        dict[str, CSV], labelset_groupfield(group_prefix=aus_label_key("sector-deps."))
+    ]
     """
     Each sector with dependencies is represented as a `sector-deps.<sector-name>` label
     with a CSV formatted list of dependant sectors. The custom `labelset_groupfield``
@@ -357,7 +360,7 @@ def _build_org_upgrade_spec(
         ]
 
     org_labelset = build_labelset(org_labels, OrganizationLabelSet)
-    final_org = org.copy(deep=True)
+    final_org = org.model_copy(deep=True)
     final_org.blocked_versions = org_labelset.blocked_versions  # type: ignore
     final_org.sectors = org_labelset.sector_dependencies()
     final_org.inherit_version_data = inherit_version_data
@@ -411,7 +414,7 @@ class ClusterUpgradePolicyLabelSet(BaseModel):
     """
 
     soak_days: int = Field(alias=aus_label_key("soak-days"), ge=0)
-    workloads: CSV = Field(alias=aus_label_key("workloads"), csv_min_items=1)
+    workloads: CSV = Field(alias=aus_label_key("workloads"), min_length=1)
     schedule: str = Field(alias=aus_label_key("schedule"))
     mutexes: CSV | None = Field(alias=aus_label_key("mutexes"))
     sector: str | None = Field(alias=aus_label_key("sector"))
@@ -419,14 +422,14 @@ class ClusterUpgradePolicyLabelSet(BaseModel):
     version_gate_approvals: CSV | None = Field(
         alias=aus_label_key("version-gate-approvals")
     )
-    _schedule_validator = validator("schedule", allow_reuse=True)(cron_validator)
+    _schedule_validator = field_validator("schedule")(cron_validator)
 
     def build_labels_dict(self) -> dict[str, str]:
         """
         Build a dictionary of all labels in this labelset.
         """
         labels = {}
-        for k, v in self.dict(by_alias=True).items():
+        for k, v in self.model_dump(by_alias=True).items():
             if v is None:
                 continue
             if isinstance(v, list):

reconcile/aus/base.py

@@ -16,7 +16,7 @@ from typing import (
 )
 
 from croniter import croniter
-from pydantic import BaseModel, Extra
+from pydantic import BaseModel
 from requests.exceptions import HTTPError
 from semver import VersionInfo
 
@@ -404,12 +404,12 @@ class AbstractUpgradePolicy(ABC, BaseModel):
 
     cluster: OCMCluster
 
-    id: str | None
-    next_run: str | None
-    schedule: str | None
+    id: str | None = None
+    next_run: str | None = None
+    schedule: str | None = None
     schedule_type: str
     version: str
-    state: str | None
+    state: str | None = None
 
     @abstractmethod
     def create(self, ocm_api: OCMBaseClient) -> None:
@@ -430,15 +430,12 @@ def addon_upgrade_policy_soonest_next_run() -> str:
     return to_utc_seconds_iso_format(next_run)
 
 
-class AddonUpgradePolicy(AbstractUpgradePolicy):
+class AddonUpgradePolicy(AbstractUpgradePolicy, arbitrary_types_allowed=True):
     """Class to create and delete Addon upgrade policies in OCM"""
 
     addon_id: str
     addon_service: AddonService
 
-    class Config:
-        arbitrary_types_allowed = True
-
     def create(self, ocm_api: OCMBaseClient) -> None:
         self.addon_service.create_addon_upgrade_policy(
             ocm_api=ocm_api,
@@ -521,9 +518,10 @@ class ControlPlaneUpgradePolicy(AbstractUpgradePolicy):
 
 
 class NodePoolUpgradePolicy(AbstractUpgradePolicy):
-    node_pool: str
     """Class to create NodePoolUpgradePolicies in OCM"""
 
+    node_pool: str
+
     def create(self, ocm_api: OCMBaseClient) -> None:
         policy = {
             "version": self.version,
@@ -550,7 +548,7 @@ class NodePoolUpgradePolicy(AbstractUpgradePolicy):
         return f"node pool upgrade policy - {remove_none_values_from_dict(details)}"
 
 
-class UpgradePolicyHandler(BaseModel, extra=Extra.forbid):
+class UpgradePolicyHandler(BaseModel, extra="forbid"):
     """Class to handle upgrade policy actions"""
 
     action: str
@@ -1124,12 +1122,10 @@ def calculate_diff(
                     UpgradePolicyHandler(
                         action="create",
                         policy=AddonUpgradePolicy(
-                            action="create",
                             cluster=spec.cluster,
                             version=version,
                             schedule_type="manual",
                             addon_id=addon_id,
-                            upgrade_type="ADDON",
                             addon_service=addon_service,
                         ),
                     )

reconcile/aus/cluster_version_data.py

@@ -1,4 +1,3 @@
-import json
 from collections.abc import Iterable
 from datetime import datetime
 from typing import (
@@ -20,6 +19,17 @@ class WorkloadHistory(BaseModel):
     soak_days: float = 0.0
     reporting: list[str] = Field(default_factory=list)
 
+    def __eq__(self, value: Any) -> bool:
+        if isinstance(value, WorkloadHistory):
+            return super().__eq__(value)
+
+        if isinstance(value, dict):
+            return self.soak_days == value.get("soak_days", 0.0) and sorted(
+                self.reporting
+            ) == sorted(value.get("reporting", []))
+
+        return False
+
 
 class VersionHistory(BaseModel):
     workloads: dict[str, WorkloadHistory] = Field(default_factory=dict)
@@ -38,7 +48,7 @@ class Stats(BaseModel):
 
     min_version: str
     min_version_per_workload: dict[str, str] = Field(default_factory=dict)
-    inherited: Optional["Stats"]
+    inherited: Optional["Stats"] = None
 
     def inherit(self, added: "Stats") -> None:
         """adds the provided stats to our inherited data
@@ -93,12 +103,12 @@ class VersionData(BaseModel):
     upgrade policies.
     """
 
-    check_in: datetime | None
+    check_in: datetime | None = None
     versions: dict[str, VersionHistory] = Field(default_factory=dict)
-    stats: Stats | None
+    stats: Stats | None = None
 
     def jsondict(self) -> dict[str, Any]:
-        return json.loads(self.json(exclude_none=True))
+        return self.model_dump(mode="json", exclude_none=True)
 
     def save(self, state: State, ocm_name: str) -> None:
         state.add(ocm_name, self.jsondict(), force=True)

reconcile/aus/models.py

@@ -232,7 +232,7 @@ class SectorConfigError(Exception):
 
 class Sector(BaseModel):
     name: str
-    max_parallel_upgrades: str | None
+    max_parallel_upgrades: str | None = None
     dependencies: list[Sector] = Field(default_factory=list)
     _specs: dict[str, ClusterUpgradeSpec] = PrivateAttr(default_factory=dict)
 

reconcile/automated_actions/config/integration.py

@@ -20,6 +20,7 @@ from reconcile.gql_definitions.automated_actions.instance import (
     AutomatedActionExternalResourceFlushElastiCacheV1,
     AutomatedActionExternalResourceRdsRebootV1,
     AutomatedActionExternalResourceRdsSnapshotV1,
+    AutomatedActionOpenshiftTriggerCronjobV1,
     AutomatedActionOpenshiftWorkloadDeleteV1,
     AutomatedActionOpenshiftWorkloadRestartArgumentV1,
     AutomatedActionOpenshiftWorkloadRestartV1,
@@ -82,7 +83,7 @@ class AutomatedActionsConfigIntegration(
             query_func = gql.get_api().query
         return {
             "automated_actions_instances": [
-                c.dict() for c in self.get_automated_actions_instances(query_func)
+                c.model_dump() for c in self.get_automated_actions_instances(query_func)
             ]
         }
 
@@ -167,7 +168,7 @@ class AutomatedActionsConfigIntegration(
                 case AutomatedActionActionListV1():
                     # no special handling needed, just dump the values
                     parameters.extend(
-                        arg.dict(exclude_none=True, exclude_defaults=True)
+                        arg.model_dump(exclude_none=True, exclude_defaults=True)
                         for arg in action.action_list_arguments or []
                     )
                 case AutomatedActionExternalResourceFlushElastiCacheV1():
@@ -205,6 +206,17 @@ class AutomatedActionsConfigIntegration(
                                 "account": f"^{rds_snapshot_er.provisioner.name}$",
                                 "identifier": rds_snapshot_arg.identifier,
                             })
+                case AutomatedActionOpenshiftTriggerCronjobV1():
+                    parameters.extend(
+                        {
+                            # all parameter values are regexes in the OPA policy
+                            # therefore, cluster and namespace must be fixed to the current strings
+                            "cluster": f"^{arg.namespace.cluster.name}$",
+                            "namespace": f"^{arg.namespace.name}$",
+                            "cronjob": arg.cronjob,
+                        }
+                        for arg in action.openshift_trigger_cronjob_arguments
+                    )
                 case AutomatedActionOpenshiftWorkloadDeleteV1():
                     parameters.extend(
                         {
@@ -257,7 +269,7 @@ class AutomatedActionsConfigIntegration(
             {
                 "users": {user.username: sorted(user.roles) for user in users},
                 "roles": {
-                    role: [policy.dict() for policy in policies]
+                    role: [policy.model_dump() for policy in policies]
                     for role, policies in roles.items()
                 },
             },

reconcile/aws_account_manager/integration.py

@@ -42,14 +42,14 @@ QONTRACT_INTEGRATION_VERSION = make_semver(1, 0, 0)
 
 
 class AwsAccountMgmtIntegrationParams(PydanticRunParams):
-    account_name: str | None
+    account_name: str | None = None
     flavor: str
     organization_account_role: str = "OrganizationAccountAccessRole"
     default_tags: dict[str, str] = {}
     initial_user_name: str = "terraform"
     initial_user_policy_arn: str = "arn:aws:iam::aws:policy/AdministratorAccess"
     initial_user_secret_vault_path: str = (
-        "app-sre-v2/creds/terraform/{account_name}/config"
+        "app-sre-v2/creds/terraform/{account_name}/config"  # noqa: RUF027
     )
     # To avoid the accidental deletion of the resource file, explicitly set the
     # qontract.cli option in the integration extraArgs!
@@ -76,9 +76,9 @@ class AwsAccountMgmtIntegration(
             query_func, account_name=self.params.account_name
         )
         return {
-            "payer_accounts": [account.dict() for account in payer_accounts],
+            "payer_accounts": [account.model_dump() for account in payer_accounts],
             "non_organization_accounts": [
-                account.dict() for account in non_organization_accounts
+                account.model_dump() for account in non_organization_accounts
             ],
         }
 
@@ -98,7 +98,7 @@ class AwsAccountMgmtIntegration(
             lstrip_blocks=True,
             keep_trailing_newline=True,
         ).render({
-            "accountRequest": account_request.dict(by_alias=True),
+            "accountRequest": account_request.model_dump(by_alias=True),
             "uid": uid,
             "settings": settings,
             "timestamp": int(utc_now().timestamp()),
@@ -187,7 +187,7 @@ class AwsAccountMgmtIntegration(
                     template=account_template,
                     account_request=account_request,
                     uid=uid,
-                    settings=self.params.dict(),
+                    settings=self.params.model_dump(),
                 ),
                 account_request_file_path=f"data/{account_request.path.strip('/')}",
             )

reconcile/aws_account_manager/reconciler.py

@@ -35,7 +35,7 @@ class Quota(Protocol):
     quota_code: str
     value: float
 
-    def dict(self) -> dict[str, Any]: ...
+    def model_dump(self) -> dict[str, Any]: ...
 
 
 class Contact(Protocol):
@@ -44,7 +44,7 @@ class Contact(Protocol):
     email: str
     phone_number: str
 
-    def dict(self) -> dict[str, Any]: ...
+    def model_dump(self) -> dict[str, Any]: ...
 
 
 class AWSReconciler:
@@ -167,7 +167,7 @@ class AWSReconciler:
         self, aws_api: AWSApi, name: str, quotas: Iterable[Quota]
     ) -> list[str] | None:
         """Request service quota changes."""
-        quotas_dict = [q.dict() for q in quotas]
+        quotas_dict = [q.model_dump() for q in quotas]
         with self.state.transaction(
             state_key(name, TASK_REQUEST_SERVICE_QUOTA)
         ) as _state:

reconcile/aws_ami_cleanup/integration.py

@@ -40,15 +40,12 @@ QONTRACT_INTEGRATION = "aws_ami_cleanup"
 MANAGED_TAG = {"Key": "managed_by_integration", "Value": QONTRACT_INTEGRATION}
 
 
-class AWSAmi(BaseModel):
+class AWSAmi(BaseModel, frozen=True):
     name: str
     image_id: str
     creation_date: datetime
     snapshot_ids: list[str]
 
-    class Config:
-        frozen = True
-
 
 def get_aws_amis_from_launch_templates(ec2_client: EC2Client) -> set[str]:
     amis = set()
@@ -176,7 +173,7 @@ def run(dry_run: bool, thread_pool_size: int, defer: Callable | None = None) ->
     # Build AWSApi object. We will use all those accounts listed in ami_accounts since
     # we will also need to look for used AMIs.
     accounts_dicted = [
-        account.dict(by_alias=True)
+        account.model_dump(by_alias=True)
         for account in aws_accounts or []
         if account.name in ami_accounts
     ]

reconcile/aws_ami_share.py

@@ -1,17 +1,19 @@
 import logging
+import re
 from collections.abc import (
-    Callable,
     Iterable,
     Mapping,
 )
 from typing import Any
 
 from reconcile import queries
+from reconcile.typed_queries.aws_account_tags import get_aws_account_tags
+from reconcile.typed_queries.external_resources import get_settings
 from reconcile.utils.aws_api import AWSApi
-from reconcile.utils.defer import defer
 
 QONTRACT_INTEGRATION = "aws-ami-share"
-MANAGED_TAG = {"Key": "managed_by_integration", "Value": QONTRACT_INTEGRATION}
+
+MANAGED_TAG = {"managed_by_integration": QONTRACT_INTEGRATION}
 
 
 def filter_accounts(accounts: Iterable[dict[str, Any]]) -> list[dict[str, Any]]:
@@ -37,65 +39,70 @@ def get_region(
     return region
 
 
-@defer
-def run(dry_run: bool, defer: Callable | None = None) -> None:
+def share_ami(
+    dry_run: bool,
+    src_account: Mapping[str, Any],
+    share: Mapping[str, Any],
+    default_tags: dict[str, str],
+    aws_api: AWSApi,
+) -> None:
+    dst_account = share["account"]
+    regex = re.compile(share["regex"])
+    region = get_region(share, src_account, dst_account)
+    src_amis = aws_api.get_amis_details(src_account, src_account, regex, region)
+    dst_amis = aws_api.get_amis_details(dst_account, src_account, regex, region)
+
+    for ami_id, src_ami_tags in src_amis.items():
+        dst_ami_tags = dst_amis.get(ami_id)
+        if dst_ami_tags is None:
+            logging.info([
+                "share_ami",
+                src_account["name"],
+                dst_account["name"],
+                ami_id,
+            ])
+            if not dry_run:
+                aws_api.share_ami(src_account, dst_account["uid"], ami_id, region)
+        dst_account_tags = default_tags | get_aws_account_tags(
+            dst_account.get("organization", None)
+        )
+        desired_tags = src_ami_tags | dst_account_tags | MANAGED_TAG
+        current_tags = dst_ami_tags or {}
+
+        if desired_tags != current_tags:
+            logging.info([
+                "tag_shared_ami",
+                dst_account["name"],
+                ami_id,
+                desired_tags,
+            ])
+            if not dry_run:
+                aws_api.create_tags(dst_account, ami_id, desired_tags)
+
+
+def run(dry_run: bool) -> None:
     accounts = queries.get_aws_accounts(sharing=True)
     sharing_accounts = filter_accounts(accounts)
     settings = queries.get_app_interface_settings()
-    aws_api = AWSApi(1, sharing_accounts, settings=settings, init_users=False)
-    if defer:
-        defer(aws_api.cleanup)
-
-    for src_account in sharing_accounts:
-        sharing = src_account.get("sharing")
-        if not sharing:
-            continue
-        for share in sharing:
-            if share["provider"] != "ami":
-                continue
-            dst_account = share["account"]
-            regex = share["regex"]
-            region = get_region(share, src_account, dst_account)
-            src_amis = aws_api.get_amis_details(src_account, src_account, regex, region)
-            dst_amis = aws_api.get_amis_details(dst_account, src_account, regex, region)
-
-            for src_ami in src_amis:
-                src_ami_id = src_ami["image_id"]
-                found_dst_amis = [d for d in dst_amis if d["image_id"] == src_ami_id]
-                if not found_dst_amis:
-                    logging.info([
-                        "share_ami",
-                        src_account["name"],
-                        dst_account["name"],
-                        src_ami_id,
-                    ])
-                    if not dry_run:
-                        aws_api.share_ami(
-                            src_account, dst_account["uid"], src_ami_id, region
-                        )
-                    # we assume an unshared ami does not have tags
-                    found_dst_amis = [{"image_id": src_ami_id, "tags": []}]
-
-                dst_ami = found_dst_amis[0]
-                dst_ami_id = dst_ami["image_id"]
-                dst_ami_tags = dst_ami["tags"]
-                if MANAGED_TAG not in dst_ami_tags:
-                    logging.info([
-                        "tag_shared_ami",
-                        dst_account["name"],
-                        dst_ami_id,
-                        MANAGED_TAG,
-                    ])
-                    if not dry_run:
-                        aws_api.create_tag(dst_account, dst_ami_id, MANAGED_TAG)
-                src_ami_tags = src_ami["tags"]
-                for src_tag in src_ami_tags:
-                    if src_tag not in dst_ami_tags:
-                        logging.info([
-                            "tag_shared_ami",
-                            dst_account["name"],
-                            dst_ami_id,
-                            src_tag,
-                        ])
-                        if not dry_run:
-                            aws_api.create_tag(dst_account, dst_ami_id, src_tag)
+    try:
+        default_tags = get_settings().default_tags
+    except ValueError:
+        # no external resources settings found
+        default_tags = {}
+
+    with AWSApi(
+        1,
+        sharing_accounts,
+        settings=settings,
+        init_users=False,
+    ) as aws_api:
+        for src_account in sharing_accounts:
+            for share in src_account.get("sharing") or []:
+                if share["provider"] == "ami":
+                    share_ami(
+                        dry_run=dry_run,
+                        src_account=src_account,
+                        share=share,
+                        default_tags=default_tags,
+                        aws_api=aws_api,
+                    )

reconcile/aws_saml_idp/integration.py

@@ -82,7 +82,7 @@ class AwsSamlIdpIntegration(QontractReconcileIntegration[AwsSamlIdpIntegrationPa
         if not query_func:
             query_func = gql.get_api().query
         return {
-            "accounts": [c.dict() for c in self.get_aws_accounts(query_func)],
+            "accounts": [c.model_dump() for c in self.get_aws_accounts(query_func)],
         }
 
     def get_aws_accounts(
@@ -125,7 +125,9 @@ class AwsSamlIdpIntegration(QontractReconcileIntegration[AwsSamlIdpIntegrationPa
         aws_accounts = self.get_aws_accounts(
             gql_api.query, account_name=self.params.account_name
         )
-        aws_accounts_dict = [account.dict(by_alias=True) for account in aws_accounts]
+        aws_accounts_dict = [
+            account.model_dump(by_alias=True) for account in aws_accounts
+        ]
         try:
             default_tags = get_settings().default_tags
         except ValueError:
@@ -143,7 +145,7 @@ class AwsSamlIdpIntegration(QontractReconcileIntegration[AwsSamlIdpIntegrationPa
         for saml_idp_config in self.build_saml_idp_config(
             aws_accounts,
             saml_idp_name=self.params.saml_idp_name,
-            saml_metadata=self.get_saml_metadata(self.params.saml_metadata_url),
+            saml_metadata=self.get_saml_metadata(str(self.params.saml_metadata_url)),
         ):
             ts.populate_saml_idp(
                 account_name=saml_idp_config.account_name,

reconcile/aws_saml_roles/integration.py

@@ -6,10 +6,11 @@ from collections.abc import (
 )
 from typing import (
     Any,
+    Self,
     TypedDict,
 )
 
-from pydantic import BaseModel, root_validator, validator
+from pydantic import BaseModel, field_validator, model_validator
 
 from reconcile.gql_definitions.aws_saml_roles.aws_accounts import (
     AWSAccountV1,
@@ -59,7 +60,8 @@ class AwsSamlRolesIntegrationParams(PydanticRunParams):
     extended_early_exit_cache_ttl_seconds: int = 3600
     log_cached_log_output: bool = False
 
-    @validator("max_session_duration_hours")
+    @field_validator("max_session_duration_hours")
+    @classmethod
     def max_session_duration_range(cls, v: str | int) -> int:
         if 1 <= int(v) <= 12:
             return int(v)
@@ -70,7 +72,8 @@ class CustomPolicy(BaseModel):
     name: str
     policy: dict[str, Any]
 
-    @validator("name")
+    @field_validator("name")
+    @classmethod
     def name_size(cls, v: str) -> str:
         """Check the policy name size.
 
@@ -82,7 +85,8 @@ class CustomPolicy(BaseModel):
             )
         return v
 
-    @validator("policy")
+    @field_validator("policy")
+    @classmethod
     def policy_size(cls, v: dict[str, Any]) -> dict[str, Any]:
         """Check the policy size.
 
@@ -105,7 +109,8 @@ class AwsRole(BaseModel):
     custom_policies: list[CustomPolicy]
     managed_policies: list[ManagedPolicy]
 
-    @validator("name")
+    @field_validator("name")
+    @classmethod
     def name_size(cls, v: str) -> str:
         """Check the role name size.
 
@@ -117,29 +122,23 @@ class AwsRole(BaseModel):
             )
         return v
 
-    @root_validator
-    def validate_policies(cls, values: dict[str, Any]) -> dict[str, Any]:
+    @model_validator(mode="after")
+    def validate_policies(self) -> Self:
         """Check the policies.
 
         See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
         """
-        custom_policies = values.get("custom_policies", [])
-        managed_policies = values.get("managed_policies", [])
-        if len(custom_policies) + len(managed_policies) > 20:
+        if len(self.custom_policies) + len(self.managed_policies) > 20:
             raise ValueError(
-                f"The role '{values['name']}' has too many policies. AWS roles can have at most 20 policies (via quota increase). Please consider consolidating the policies."
+                f"The role '{self.name}' has too many policies. AWS roles can have at most 20 policies (via quota increase). Please consider consolidating the policies."
             )
-        cp_names = [cp.name for cp in custom_policies]
+        cp_names = [cp.name for cp in self.custom_policies]
         if len(set(cp_names)) != len(cp_names):
-            raise ValueError(
-                f"The role '{values['name']}' has duplicate custom policies."
-            )
-        mp_names = [mp.name for mp in managed_policies]
+            raise ValueError(f"The role '{self.name}' has duplicate custom policies.")
+        mp_names = [mp.name for mp in self.managed_policies]
         if len(set(mp_names)) != len(mp_names):
-            raise ValueError(
-                f"The role '{values['name']}' has duplicate managed policies."
-            )
-        return values
+            raise ValueError(f"The role '{self.name}' has duplicate managed policies.")
+        return self
 
 
 class RunnerParams(TypedDict):
@@ -164,7 +163,7 @@ class AwsSamlRolesIntegration(
         if not query_func:
             query_func = gql.get_api().query
         return {
-            "roles": [c.dict() for c in self.get_roles(query_func)],
+            "roles": [c.model_dump() for c in self.get_roles(query_func)],
         }
 
     def get_aws_accounts(
@@ -252,7 +251,9 @@ class AwsSamlRolesIntegration(
         aws_accounts = self.get_aws_accounts(
             gql_api.query, account_name=self.params.account_name
         )
-        aws_accounts_dict = [account.dict(by_alias=True) for account in aws_accounts]
+        aws_accounts_dict = [
+            account.model_dump(by_alias=True) for account in aws_accounts
+        ]
         aws_roles = self.get_roles(gql_api.query, account_name=self.params.account_name)
         try:
             default_tags = get_settings().default_tags