qontract-reconcile 0.10.2.dev394__py3-none-any.whl → 0.10.2.dev414__py3-none-any.whl

reconcile/aws_version_sync/integration.py

@@ -7,12 +7,7 @@ from enum import StrEnum
 from typing import Any
 
 import semver
-from pydantic import (
-    BaseModel,
-    ValidationError,
-    root_validator,
-    validator,
-)
+from pydantic import BaseModel, ValidationError, field_validator, model_validator
 
 from reconcile.aws_version_sync.merge_request_manager.merge_request import (
     Renderer,
@@ -81,7 +76,7 @@ class SupportedResourceProvider(StrEnum):
     ELASTICACHE = "elasticache"
 
 
-class ExternalResource(BaseModel):
+class ExternalResource(BaseModel, arbitrary_types_allowed=True):
     namespace_file: str | None = None
     provider: str = "aws"
     provisioner: ExternalResourceProvisioner
@@ -94,9 +89,6 @@ class ExternalResource(BaseModel):
     # used to map AWS cache name to resource_identifier
     redis_replication_group_id: str | None = None
 
-    class Config:
-        arbitrary_types_allowed = True
-
     @property
     def key(self) -> tuple:
         return (
@@ -106,7 +98,8 @@ class ExternalResource(BaseModel):
             self.resource_identifier,
         )
 
-    @validator("resource_engine_version", pre=True)
+    @field_validator("resource_engine_version", mode="before")
+    @classmethod
     def parse_resource_engine_version(
         cls, v: str | semver.VersionInfo
     ) -> semver.VersionInfo:
@@ -114,7 +107,8 @@ class ExternalResource(BaseModel):
             return v
         return parse_semver(str(v), optional_minor_and_patch=True)
 
-    @root_validator(pre=True)
+    @model_validator(mode="before")
+    @classmethod
     def set_resource_engine_version_format(cls, values: dict) -> dict:
         resource_engine_version, resource_engine_version_format = (
             str(values.get("resource_engine_version")),

reconcile/change_owners/bundle.py

@@ -62,8 +62,8 @@ class QontractServerDatafileDiff(BaseModel):
 
     datafilepath: str
     datafileschema: str
-    old: dict[str, Any] | None
-    new: dict[str, Any] | None
+    old: dict[str, Any] | None = None
+    new: dict[str, Any] | None = None
 
     @property
     def old_datafilepath(self) -> str | None:
@@ -119,7 +119,7 @@ class QontractServerResourcefileDiffState(BaseModel):
     content: str
     resourcefileschema: str | None = Field(..., alias="$schema")
     sha256sum: str
-    backrefs: list[QontractServerResourcefileBackref] | None
+    backrefs: list[QontractServerResourcefileBackref] | None = None
 
 
 class QontractServerResourcefileDiff(BaseModel):

reconcile/change_owners/change_log_tracking.py

@@ -155,7 +155,8 @@ class ChangeLogIntegration(QontractReconcileIntegration[ChangeLogIntegrationPara
             changes = aggregate_resource_changes(
                 bundle_changes=aggregate_file_moves(parse_bundle_changes(diff)),
                 content_store={
-                    c.path: c.dict(by_alias=True) for c in namespaces + jenkins_configs
+                    c.path: c.model_dump(by_alias=True)
+                    for c in namespaces + jenkins_configs
                 },
                 supported_schemas={
                     "/openshift/namespace-1.yml",
@@ -239,4 +240,4 @@ class ChangeLogIntegration(QontractReconcileIntegration[ChangeLogIntegrationPara
             change_log.items, key=lambda i: i.merged_at, reverse=True
         )
         if not dry_run:
-            integration_state.add(BUNDLE_DIFFS_OBJ, change_log.dict(), force=True)
+            integration_state.add(BUNDLE_DIFFS_OBJ, change_log.model_dump(), force=True)

reconcile/change_owners/change_owners.py

@@ -140,7 +140,7 @@ def write_coverage_report_to_mr(
     approver_reachability = set()
     for d in change_decisions:
         approvers = [
-            f"{cr.context} - {' '.join([f'@{a.org_username}' if a.tag_on_merge_requests else a.org_username for a in cr.approvers])}"
+            f"{cr.context} - {' '.join([f'@{a.org_username}' if (a.tag_on_merge_requests or len(cr.approvers) == 1) else a.org_username for a in cr.approvers])}"
             for cr in d.change_responsibles
         ]
         if d.coverable_by_fragment_decisions:

reconcile/dashdotdb_dora.py

@@ -466,7 +466,7 @@ class DashdotdbDORA(DashdotdbBase):
         ]
 
     def _github_compare_commits(self, rc: RepoChanges, repo: str) -> list[Commit]:
-        if not rc.repo_url:
+        if not rc.repo_url or not rc.ref_from or not rc.ref_to:
             return []
 
         return [

reconcile/dashdotdb_slo.py

@@ -119,4 +119,4 @@ def run(
 
 
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
-    return {doc.name: doc.dict() for doc in get_slo_documents()}
+    return {doc.name: doc.model_dump() for doc in get_slo_documents()}

reconcile/database_access_manager.py

@@ -61,20 +61,19 @@ def get_database_access_namespaces(
     return query(query_func).namespaces_v1 or []
 
 
-class DatabaseConnectionParameters(BaseModel):
+class DatabaseConnectionParameters(
+    BaseModel, validate_by_name=True, validate_by_alias=True
+):
     host: str = Field(..., alias="db.host")
     port: str = Field(..., alias="db.port")
     user: str = Field(..., alias="db.user")
     password: str = Field(..., alias="db.password")
     database: str = Field(..., alias="db.name")
 
-    class Config:
-        allow_population_by_field_name = True
-
 
 class PSQLScriptGenerator(BaseModel):
     db_access: DatabaseAccessV1
-    current_db_access: DatabaseAccessV1 | None
+    current_db_access: DatabaseAccessV1 | None = None
     connection_parameter: DatabaseConnectionParameters
     admin_connection_parameter: DatabaseConnectionParameters
     engine: str
@@ -597,7 +596,7 @@ def _process_db_access(
     current_db_access: DatabaseAccessV1 | None = None
     if state.exists(state_key):
         current_state = state.get(state_key)
-        if current_state == db_access.dict(by_alias=True):
+        if current_state == db_access.model_dump(by_alias=True):
             return
         current_db_access = DatabaseAccessV1(**current_state)
         if current_db_access.database != db_access.database:
@@ -610,7 +609,7 @@ def _process_db_access(
 
     resource_prefix = f"dbam-{state_key.replace('/', '-')}"
     with OC_Map(
-        clusters=[namespace.cluster.dict(by_alias=True)],
+        clusters=[namespace.cluster.model_dump(by_alias=True)],
         integration=QONTRACT_INTEGRATION,
         settings=settings,
     ) as oc_map:
@@ -677,7 +676,7 @@ def _process_db_access(
             if not dry_run and not db_access.delete:
                 secret = {
                     "path": f"{vault_output_path}/{QONTRACT_INTEGRATION}/{state_key}",
-                    "data": connections["user"].dict(by_alias=True),
+                    "data": connections["user"].model_dump(by_alias=True),
                 }
                 vault_client.write(secret, decode_base64=False)
             logging.debug("job completed, cleaning up")
@@ -693,7 +692,7 @@ def _process_db_access(
                 )
             state.add(
                 state_key,
-                value=db_access.dict(by_alias=True),
+                value=db_access.model_dump(by_alias=True),
                 force=True,
             )
         else:

reconcile/dynatrace_token_provider/integration.py

@@ -82,7 +82,7 @@ class DynatraceTokenProviderIntegration(QontractReconcileIntegration[NoParams]):
         return {
             "version": QONTRACT_INTEGRATION_VERSION,
             "specs": {
-                spec.name: spec.dict()
+                spec.name: spec.model_dump()
                 for spec in get_dynatrace_token_provider_token_specs()
             },
         }

reconcile/endpoints_discovery/integration.py

@@ -150,7 +150,10 @@ class EndpointsDiscoveryIntegration(
             return []
 
         routes = defaultdict(list)
-        for item in oc.get_items(kind="Route", namespace=namespace.name):
+        for item in oc.get_items(
+            kind="Route.route.openshift.io",
+            namespace=namespace.name,
+        ):
             tls = bool(item["spec"].get("tls"))
             host = item["spec"]["host"]
             # group all routes with the same hostname/tls

reconcile/endpoints_discovery/merge_request.py

@@ -89,7 +89,7 @@ class Renderer:
 
     def render_description(self, hash: str) -> str:
         """Render the description for a merge request."""
-        return DESC.safe_substitute(EPDInfo(hash=hash).dict())
+        return DESC.safe_substitute(EPDInfo(hash=hash).model_dump())
 
     def render_title(self) -> str:
         """Render the title for a merge request."""

reconcile/endpoints_discovery/merge_request_manager.py

@@ -64,7 +64,7 @@ class Endpoint(BaseModel):
 
     @property
     def hash(self) -> str:
-        return hashlib.sha256(json_dumps(self.dict()).encode()).hexdigest()
+        return hashlib.sha256(json_dumps(self.model_dump()).encode()).hexdigest()
 
 
 EndpointsToAdd = list[Endpoint]

reconcile/external_resources/integration.py

@@ -45,7 +45,7 @@ from reconcile.utils.secret_reader import SecretReaderBase, create_secret_reader
 def fetch_current_state(
     ri: ResourceInventory, oc: OCCli, cluster: str, namespace: str
 ) -> None:
-    for item in oc.get_items("Job", namespace=namespace):
+    for item in oc.get_items("Job.batch", namespace=namespace):
         r = OpenshiftResource(item, QONTRACT_INTEGRATION, QONTRACT_INTEGRATION_VERSION)
         ri.add_current(cluster, namespace, "Job", r.name, r)
 

reconcile/external_resources/manager.py

@@ -45,6 +45,7 @@ from reconcile.utils.datetime_util import utc_now
 from reconcile.utils.external_resource_spec import (
     ExternalResourceSpec,
 )
+from reconcile.utils.json import json_dumps
 from reconcile.utils.secret_reader import SecretReaderBase
 
 
@@ -244,7 +245,7 @@ class ExternalResourcesManager:
             reconciliation = Reconciliation(
                 key=key,
                 resource_hash=resource.hash(),
-                input=resource.json(),
+                input=json_dumps(resource),
                 action=Action.APPLY,
                 module_configuration=module_conf,
                 linked_resources=self._find_linked_resources(spec),
@@ -252,11 +253,15 @@ class ExternalResourcesManager:
             r.add(reconciliation)
         return r
 
-    def _get_deleted_objects_reconciliations(self) -> set[Reconciliation]:
+    def _get_deleted_objects_reconciliations(
+        self, enable_migration: bool = False
+    ) -> set[Reconciliation]:
         to_reconcile: set[Reconciliation] = set()
         deleted_keys = (k for k, v in self.er_inventory.items() if v.marked_to_delete)
         for key in deleted_keys:
-            state = self.state_mgr.get_external_resource_state(key)
+            state = self.state_mgr.get_external_resource_state(
+                key, enable_migration=enable_migration
+            )
             if state.resource_status == ResourceStatus.NOT_EXISTS:
                 logging.debug("Resource has already been removed. key: %s", key)
                 continue
@@ -349,7 +354,9 @@ class ExternalResourcesManager:
 
             if r.linked_resources:
                 for lr in r.linked_resources:
-                    lrs = self.state_mgr.get_external_resource_state(lr)
+                    lrs = self.state_mgr.get_external_resource_state(
+                        lr, enable_migration=True
+                    )
                     if not lrs.resource_status.is_in_progress:
                         lrs.resource_status = ResourceStatus.RECONCILIATION_REQUESTED
                         self.state_mgr.set_external_resource_state(lrs)
@@ -416,10 +423,12 @@ class ExternalResourcesManager:
 
     def handle_resources(self) -> None:
         desired_r = self._get_desired_objects_reconciliations()
-        deleted_r = self._get_deleted_objects_reconciliations()
+        deleted_r = self._get_deleted_objects_reconciliations(enable_migration=True)
         to_sync_keys: set[ExternalResourceKey] = set()
         for r in desired_r.union(deleted_r):
-            state = self.state_mgr.get_external_resource_state(r.key)
+            state = self.state_mgr.get_external_resource_state(
+                r.key, enable_migration=True
+            )
             reconciliation_status = self._get_reconciliation_status(r, state)
             self._update_resource_state(r, state, reconciliation_status)
 
@@ -450,7 +459,10 @@ class ExternalResourcesManager:
             r
             for r in desired_r.union(deleted_r)
             if self._reconciliation_needs_dry_run_run(
-                r, self.state_mgr.get_external_resource_state(key=r.key)
+                r,
+                self.state_mgr.get_external_resource_state(
+                    key=r.key, enable_migration=False
+                ),
             )
         }
 

reconcile/external_resources/metrics.py

@@ -13,7 +13,7 @@ from reconcile.utils.metrics import (
 
 
 class ExternalResourcesBaseMetric(BaseModel):
-    integration = normalize_integration_name(QONTRACT_INTEGRATION)
+    integration: str = normalize_integration_name(QONTRACT_INTEGRATION)
     app: str
     environment: str
     provision_provider: str

reconcile/external_resources/model.py

@@ -89,7 +89,7 @@ class ExternalResourceKey(BaseModel, frozen=True):
         )
 
     def hash(self) -> str:
-        return hashlib.md5(json_dumps(self.dict()).encode("utf-8")).hexdigest()
+        return hashlib.md5(json_dumps(self.model_dump()).encode("utf-8")).hexdigest()
 
     @property
     def state_path(self) -> str:
@@ -138,15 +138,15 @@ class ExternalResourcesInventory(MutableMapping):
     ) -> ExternalResourceSpec:
         spec = ExternalResourceSpec(
             provision_provider=provider.provider,
-            provisioner=provider.provisioner.dict(),
-            resource=resource.dict(
+            provisioner=provider.provisioner.model_dump(),
+            resource=resource.model_dump(
                 exclude={
                     FLAG_RESOURCE_MANAGED_BY_ERV2,
                     FLAG_DELETE_RESOURCE,
                     MODULE_OVERRIDES,
                 }
             ),
-            namespace=namespace.dict(by_alias=True),
+            namespace=namespace.model_dump(by_alias=True),
         )
         spec.metadata[FLAG_DELETE_RESOURCE] = resource.delete or namespace.delete
         spec.metadata[MODULE_OVERRIDES] = resource.module_overrides
@@ -387,7 +387,7 @@ class Reconciliation(BaseModel, frozen=True):
     )
     # linked_resources store dependants resources. They will get reconciled
     # every time the parent resource reconciliation finishes.
-    linked_resources: frozenset[ExternalResourceKey] | None
+    linked_resources: frozenset[ExternalResourceKey] | None = None
 
 
 class ReconcileAction(StrEnum):
@@ -440,4 +440,4 @@ class ExternalResource(BaseModel):
     provision: ExternalResourceProvision
 
     def hash(self) -> str:
-        return hashlib.md5(json_dumps(self.data).encode("utf-8")).hexdigest()
+        return hashlib.sha256(json_dumps(self.data).encode("utf-8")).hexdigest()

reconcile/external_resources/reconciler.py

@@ -70,10 +70,13 @@ class ReconciliationK8sJob(K8sJob, BaseModel, frozen=True):
     dry_run_suffix: str = ""
 
     def name_prefix(self) -> str:
+        identifier = (
+            f"{self.reconciliation.key.provider}-{self.reconciliation.key.identifier}"
+        )
         if self.is_dry_run:
-            return f"er-dry-run-mr-{self.dry_run_suffix}"
+            return f"er-dry-run-mr-{self.dry_run_suffix}-{identifier}"
         else:
-            return "er"
+            return f"er-{identifier}"
 
     def unit_of_work_identity(self) -> Any:
         return self.reconciliation.key
@@ -96,10 +99,10 @@ class ReconciliationK8sJob(K8sJob, BaseModel, frozen=True):
             image=self.reconciliation.module_configuration.image_version,
             image_pull_policy="Always",
             resources=V1ResourceRequirements(
-                requests=self.reconciliation.module_configuration.resources.requests.dict(
+                requests=self.reconciliation.module_configuration.resources.requests.model_dump(
                     exclude_none=True
                 ),
-                limits=self.reconciliation.module_configuration.resources.limits.dict(
+                limits=self.reconciliation.module_configuration.resources.limits.model_dump(
                     exclude_none=True
                 ),
             ),

reconcile/external_resources/secrets_sync.py

@@ -46,8 +46,8 @@ class VaultSecret(BaseModel):
 
     path: str
     field: str
-    version: int | None
-    q_format: str | None
+    version: int | None = None
+    q_format: str | None = None
 
 
 class SecretHelper:

reconcile/external_resources/state.py

@@ -1,7 +1,9 @@
+import json
 import logging
 from collections.abc import Mapping
 from datetime import datetime
 from enum import StrEnum
+from hashlib import sha256
 from typing import Any
 
 from pydantic import BaseModel
@@ -17,6 +19,7 @@ from reconcile.external_resources.model import (
 )
 from reconcile.utils.aws_api_typed.api import AWSApi
 from reconcile.utils.datetime_util import to_utc_microseconds_iso_format, utc_now
+from reconcile.utils.json import json_dumps
 
 DATE_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
 
@@ -170,7 +173,7 @@ class DynamoDBStateAdapter:
 
     def serialize(self, state: ExternalResourceState) -> dict[str, Any]:
         return {
-            self.ER_KEY_HASH: {"S": state.key.hash()},
+            self.ER_KEY_HASH: {"S": state.key.state_path},
             self.TIMESTAMP: {"S": to_utc_microseconds_iso_format(state.ts)},
             self.RESOURCE_STATUS: {"S": state.resource_status.value},
             self.ER_KEY: {
@@ -259,24 +262,63 @@ class ExternalResourcesStateDynamoDB:
         self._table = table_name
         self.partial_resources = self._get_partial_resources()
 
+    def _new_sha256_hash(self, item: dict) -> str:
+        resource_json = item[self.adapter.RECONC]["M"][self.adapter.RECONC_INPUT]["S"]
+        resource_dict = json.loads(resource_json)
+        data = resource_dict["data"]
+        return sha256(json_dumps(data).encode("utf-8")).hexdigest()
+
     def get_external_resource_state(
-        self, key: ExternalResourceKey
+        self,
+        key: ExternalResourceKey,
+        enable_migration: bool = False,
     ) -> ExternalResourceState:
         data = self.aws_api.dynamodb.boto3_client.get_item(
             TableName=self._table,
             ConsistentRead=True,
-            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+            Key={self.adapter.ER_KEY_HASH: {"S": key.state_path}},
         )
-        if "Item" in data:
+        item = data.get("Item")
+        if item:
             return self.adapter.deserialize(data["Item"])
-        else:
-            return ExternalResourceState(
-                key=key,
-                ts=utc_now(),
-                resource_status=ResourceStatus.NOT_EXISTS,
-                reconciliation=Reconciliation(key=key),
-                reconciliation_errors=0,
-            )
+
+        old_data = self.aws_api.dynamodb.boto3_client.get_item(
+            TableName=self._table,
+            ConsistentRead=True,
+            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+        )
+        old_item = old_data.get("Item")
+        if old_item:
+            old_item[self.adapter.ER_KEY_HASH]["S"] = key.state_path
+            old_item[self.adapter.RECONC]["M"][self.adapter.RECONC_RESOURCE_HASH][
+                "S"
+            ] = self._new_sha256_hash(old_item)
+            if enable_migration:
+                self.aws_api.dynamodb.boto3_client.transact_write_items(
+                    TransactItems=[
+                        {
+                            "Put": {
+                                "TableName": self._table,
+                                "Item": old_item,
+                            }
+                        },
+                        {
+                            "Delete": {
+                                "TableName": self._table,
+                                "Key": {self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+                            }
+                        },
+                    ]
+                )
+            return self.adapter.deserialize(old_item)
+
+        return ExternalResourceState(
+            key=key,
+            ts=utc_now(),
+            resource_status=ResourceStatus.NOT_EXISTS,
+            reconciliation=Reconciliation(key=key),
+            reconciliation_errors=0,
+        )
 
     def set_external_resource_state(
         self,
@@ -289,7 +331,7 @@ class ExternalResourcesStateDynamoDB:
     def del_external_resource_state(self, key: ExternalResourceKey) -> None:
         self.aws_api.dynamodb.boto3_client.delete_item(
             TableName=self._table,
-            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+            Key={self.adapter.ER_KEY_HASH: {"S": key.state_path}},
         )
 
     def _get_partial_resources(
@@ -331,7 +373,7 @@ class ExternalResourcesStateDynamoDB:
     ) -> None:
         self.aws_api.dynamodb.boto3_client.update_item(
             TableName=self._table,
-            Key={self.adapter.ER_KEY_HASH: {"S": key.hash()}},
+            Key={self.adapter.ER_KEY_HASH: {"S": key.state_path}},
             UpdateExpression="set resource_status=:new_value",
             ExpressionAttributeValues={":new_value": {"S": status.value}},
             ReturnValues="UPDATED_NEW",

reconcile/fleet_labeler/integration.py

@@ -58,7 +58,7 @@ class FleetLabelerIntegration(QontractReconcileIntegration[NoParams]):
         """Return the desired state for early exit."""
         return {
             "version": QONTRACT_INTEGRATION_VERSION,
-            "specs": {spec.name: spec.dict() for spec in get_fleet_label_specs()},
+            "specs": {spec.name: spec.model_dump() for spec in get_fleet_label_specs()},
         }
 
     def run(self, dry_run: bool) -> None:

reconcile/gcp_image_mirror.py

@@ -132,7 +132,7 @@ class QuayMirror:
             mirror_creds = None
             pull_credentials = item.mirror.pull_credentials
             if pull_credentials:
-                raw_data = self.secret_reader.read_all(pull_credentials.dict())
+                raw_data = self.secret_reader.read_all(pull_credentials.model_dump())
                 username = raw_data["user"]
                 password = raw_data["token"]
                 mirror_creds = f"{username}:{password}"
@@ -226,7 +226,7 @@ class QuayMirror:
         return False
 
     def _decode_push_secret(self, secret: VaultSecret) -> str:
-        raw_data = self.secret_reader.read_all(secret.dict())
+        raw_data = self.secret_reader.read_all(secret.model_dump())
         token = base64.b64decode(raw_data["token"]).decode()
         return f"{raw_data['user']}:{token}"
 

reconcile/github_org.py

@@ -144,7 +144,7 @@ def get_org_and_teams(
 
 
 @retry()
-def get_members(unit: Organization) -> list[str]:
+def get_members(unit: Organization | Team) -> list[str]:
     return [member.login for member in unit.get_members()]
 
 

reconcile/github_owners.py

@@ -2,6 +2,7 @@ import logging
 import os
 
 import github
+import github.NamedUser
 from github import Github
 from sretoolbox.utils import retry
 
@@ -100,4 +101,7 @@ def run(dry_run: bool) -> None:
 
                 if not dry_run:
                     gh_user = gh.get_user(github_username)
+                    assert isinstance(
+                        gh_user, github.NamedUser.NamedUser
+                    )  # make mypy happy
                     gh_org.add_to_members(gh_user, "admin")

reconcile/gitlab_members.py

@@ -44,19 +44,13 @@ class GitlabUser(BaseModel):
     access_level: int
 
 
-class CurrentStateSpec(BaseModel):
+class CurrentStateSpec(BaseModel, arbitrary_types_allowed=True):
     members: dict[str, GroupMember]
 
-    class Config:
-        arbitrary_types_allowed = True
 
-
-class DesiredStateSpec(BaseModel):
+class DesiredStateSpec(BaseModel, arbitrary_types_allowed=True):
     members: dict[str, GitlabUser]
 
-    class Config:
-        arbitrary_types_allowed = True
-
 
 CurrentState = dict[str, CurrentStateSpec]
 DesiredState = dict[str, DesiredStateSpec]
@@ -122,8 +116,8 @@ def build_desired_state_spec(
                     pagerduty_map,
                     get_username_method=lambda u: u.org_username,
                 )
-                for u in usernames_from_pagerduty:
-                    gu = GitlabUser(user=u, access_level=p_access_level)
+                for pu in usernames_from_pagerduty:
+                    gu = GitlabUser(user=pu, access_level=p_access_level)
                     add_or_update_user(desired_state_spec, gu)
     return desired_state_spec
 
@@ -239,6 +233,6 @@ def reconcile_gitlab_members(
 def early_exit_desired_state(*args: Any, **kwargs: Any) -> dict[str, Any]:
     gqlapi = gql.get_api()
     return {
-        "instance": get_gitlab_instance(gqlapi.query).dict(),
-        "permissions": [p.dict() for p in get_permissions(gqlapi.query)],
+        "instance": get_gitlab_instance(gqlapi.query).model_dump(),
+        "permissions": [p.model_dump() for p in get_permissions(gqlapi.query)],
     }

reconcile/gitlab_permissions.py

@@ -94,14 +94,6 @@ class GroupPermissionHandler:
         desired_state: dict[str, GroupSpec],
         current_state: dict[str, GroupSpec],
     ) -> None:
-        # gather list of app-interface managed repos
-        instance = queries.get_gitlab_instance()
-        managed_repos = {
-            f"{instance['url']}/{project_request['group']}/{r}"
-            for project_request in instance.get("projectRequests", [])
-            for r in project_request.get("projects", [])
-        }
-
         # get the diff data
         diff_data = diff_mappings(
             current=current_state,
@@ -112,11 +104,10 @@ class GroupPermissionHandler:
         errors: list[Exception] = []
         for repo in diff_data.add:
             project = self.gl.get_project(repo)
-            if not project and repo in managed_repos:
-                logging.info(
-                    f"New app-interface managed repository {repo} hasn't been created yet - skipping"
-                )
+            if not project:
+                logging.info(f"{repo} hasn't been created yet - skipping")
                 continue
+
             if not self.can_share_project(project):
                 errors.append(
                     GroupAccessLevelError(
@@ -136,8 +127,13 @@ class GroupPermissionHandler:
                     group_id=self.group.id,
                     access_level=self.access_level,
                 )
+
         for repo in diff_data.change:
             project = self.gl.get_project(repo)
+            if not project:
+                logging.info(f"{repo} hasn't been created yet - skipping")
+                continue
+
             if not self.can_share_project(project):
                 errors.append(
                     GroupAccessLevelError(