qontract-reconcile 0.10.2.dev465__py3-none-any.whl → 0.10.2.dev473__py3-none-any.whl

{qontract_reconcile-0.10.2.dev465.dist-info → qontract_reconcile-0.10.2.dev473.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qontract-reconcile
-Version: 0.10.2.dev465
+Version: 0.10.2.dev473
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Project-URL: homepage, https://github.com/app-sre/qontract-reconcile
 Project-URL: repository, https://github.com/app-sre/qontract-reconcile

{qontract_reconcile-0.10.2.dev465.dist-info → qontract_reconcile-0.10.2.dev473.dist-info}/RECORD

@@ -82,13 +82,13 @@ reconcile/openshift_tekton_resources.py,sha256=5mUWEQqU9RpMLQZxHOb6IkbbZzx4iJnaV
 reconcile/openshift_upgrade_watcher.py,sha256=93l8X1-RHNtL89GzPg1XWivWart49l_hpAVFChvT6Wg,6643
 reconcile/openshift_users.py,sha256=lxHYrOhKntLnRy5mVZfh_8XWvwZaUgzrDNqkoon905U,5508
 reconcile/openshift_vault_secrets.py,sha256=Ax-_EBWWU1VRHYyKaUkGJkIjHGwWM3bZgjXL5CkPW8k,1883
-reconcile/quay_base.py,sha256=hfHv8ET6iw0GqPyncYJMRH7YFwJc5E1C9z7zET5MCjo,2327
-reconcile/quay_membership.py,sha256=No2sgEyTVj-hr5VPLy_xdrYAPvt-xo-CPpOt0X3x_6o,6623
+reconcile/quay_base.py,sha256=4gNca076ICJ2fDoTwCgcA3L-DqmVmBgHWLCubTk78uc,2832
+reconcile/quay_membership.py,sha256=ul4KcEdarri0WzH3ZBHzXup7oF9MhGLDpCyHtfxuuZ0,6844
 reconcile/quay_mirror.py,sha256=vhPL44TMEsritkiJhNQLf2Ir45RLApdO_mh3aZV0OuI,14334
-reconcile/quay_mirror_org.py,sha256=ltPbHuWUI8Wnl8gV4aeYmvoYFA1uXLWqlXqEPpw7Hi0,11065
-reconcile/quay_permissions.py,sha256=BF539lRxjpgwm88WzazklzgaCF_ipRALwbO2AdpqUqE,4388
-reconcile/quay_repos.py,sha256=fBleLzMtfDmTidpzbrTt8kGCy-Bk3J06EO4hhyghGnQ,7570
-reconcile/queries.py,sha256=L0NbIr6-M12P7xqU2s_2-tgi5BOC5QEo6Otu33WG5tI,56598
+reconcile/quay_mirror_org.py,sha256=9YeOpRsuTOWxnql1oj-rbUAkb_aGSlzmHVbMyLhSalM,11092
+reconcile/quay_permissions.py,sha256=wsQZ5wi2jrlTlV3Aq3dn_mJpjMlcjnjVvFNflBFBdGk,4706
+reconcile/quay_repos.py,sha256=JpR9vyvDIdKfP4EwLw1c2X53LOjLZY35pJ8AvNxZIGo,7674
+reconcile/queries.py,sha256=nEko5_luE4Xoj-nBI1XEX3YRcxfAObtvqZbN7LSlJVY,56597
 reconcile/query_validator.py,sha256=csOSkKxcf6ZlpchJu4ck2jLYKUN6y1l-UmSQUFHgssY,1618
 reconcile/requests_sender.py,sha256=g-tlrudvIqhneQPDMrfYF0Xsq7BSW2QcBPirl7hFM6I,4058
 reconcile/resource_scraper.py,sha256=TcMhXga7konX9x97NhpoijnDGWA-ZjdpiiXjm5qCmPk,2249
@@ -214,7 +214,7 @@ reconcile/glitchtip_project_alerts/integration.py,sha256=prje61EOuLEIZLLxlJS_YN0
 reconcile/glitchtip_project_dsn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/glitchtip_project_dsn/integration.py,sha256=3GgcqUM6hWhLpo9Yx5Xr9vrdexF-WNevVCNL9bJ0Upc,8162
 reconcile/gql_definitions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reconcile/gql_definitions/introspection.json,sha256=t_E8pSEQnQWn0rV-lMmdBnC5G6_KgF8qm0Og0VcdBYA,2430149
+reconcile/gql_definitions/introspection.json,sha256=liDjRAOJ0_ZN7bagOacrd1yGlybaxK8V9rQTflnecxo,2429961
 reconcile/gql_definitions/acs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/acs/acs_instances.py,sha256=VySMcnWddg-jXj-bj_ddLIwLX3u1GSFUm02H8rJDBYU,2167
 reconcile/gql_definitions/acs/acs_policies.py,sha256=jEV1U8j4VYL9ih17JSK1tiz2s_1CegVECmXU-NVEQvA,4333
@@ -307,7 +307,7 @@ reconcile/gql_definitions/endpoints_discovery/apps.py,sha256=p3hvzvrtkCCQfQoJ3mi
 reconcile/gql_definitions/external_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/external_resources/aws_accounts.py,sha256=bRzfuPDLJvVJRx7IzqAJKnqpd7SBWdj3trI1rNPeYnU,2033
 reconcile/gql_definitions/external_resources/external_resources_modules.py,sha256=w07PFh526GaYnZRe-SH92MaxA-aeD2TDT2kG_3Da_HE,3241
-reconcile/gql_definitions/external_resources/external_resources_namespaces.py,sha256=jA2Q_j8-zEL57jJ10rb4xyUzQyOJZdKyHFquxQVd0pw,46606
+reconcile/gql_definitions/external_resources/external_resources_namespaces.py,sha256=DGKKoJK7rOng2FBan8vxunLdlysX9Hb9_GTPsm2wyf8,46616
 reconcile/gql_definitions/external_resources/external_resources_settings.py,sha256=RvAMgipgH3MoLfWaqCPaYUy8GS3v0Dr4Cod17OsaNx0,3567
 reconcile/gql_definitions/external_resources/fragments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/external_resources/fragments/external_resources_module_overrides.py,sha256=jjABgAhVx7LO3NJd9l90JH8s-_TJFvduBZRbdVquLfY,1313
@@ -427,7 +427,7 @@ reconcile/gql_definitions/terraform_repo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5
 reconcile/gql_definitions/terraform_repo/terraform_repo.py,sha256=vocF7fpLk4Rdz1maZ2Hi_d5l4bt3kuL2HyDGvFIUu8M,3868
 reconcile/gql_definitions/terraform_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/terraform_resources/database_access_manager.py,sha256=17CC1Wk65HtBn45Bo6iGsFNaLOnKD03MV3QQtixFtPw,4808
-reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=q-X_7yCtlAXR1eTOfb9V1q9vWQymrP8lg5lKUOwkWrk,44754
+reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py,sha256=oaLnYx6FtG33zDtE2TN8_iPXFfP8mRvPivYtoPo_8M8,44764
 reconcile/gql_definitions/terraform_tgw_attachments/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py,sha256=VVWXcTGrHlZ8xqAf7p9Ygocwkm7dWZRaO_B6d_SamCc,2719
 reconcile/gql_definitions/unleash_feature_toggles/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -507,7 +507,7 @@ reconcile/templates/rosa-classic-cluster-creation.sh.j2,sha256=7VlxlKpqIA9Pq7SMn
 reconcile/templates/rosa-hcp-cluster-creation.sh.j2,sha256=UbLexFWBsDbSUUe3-5S5aLaH1u_t8ikZnoKd5QTk_ro,2376
 reconcile/templating/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/templating/renderer.py,sha256=nR1CM3DDOoLOH7UOxO0PMDkOmhiYFbGriKcjDA-Z8j8,14810
-reconcile/templating/validator.py,sha256=5f9f35PCHOOdjb7KZquL2YdabyuAUokPDa4xutSEHIQ,5360
+reconcile/templating/validator.py,sha256=cyvSNsQqheIBl78HHDu4u_H82rt0zC8_YZL5BtT_Y1w,5266
 reconcile/templating/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/templating/lib/merge_request_manager.py,sha256=MaEI9Vrtblb5LIpaa394ACut0Rq_gzxJTfNVSgG113o,5234
 reconcile/templating/lib/model.py,sha256=YVUIXuPny3_kpFgBMSud8q_ndY5o882wKiX0l0A14L4,481
@@ -518,8 +518,8 @@ reconcile/terraform_init/merge_request.py,sha256=3CYtgSd7Q9zjKg4wsDz437EPCRfGeZZ
 reconcile/terraform_init/merge_request_manager.py,sha256=TQmtHq4DH-xgyYvuRyGu7VEgjPU2Yjj-uexIy-L7i88,3098
 reconcile/terraform_vpc_resources/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 reconcile/terraform_vpc_resources/integration.py,sha256=q5il4l4Bd9fmCQePy4XSy5R3nokVvcz1v2znwadelhU,9703
-reconcile/terraform_vpc_resources/merge_request.py,sha256=loRymUigCIvaaT0s_NzktZchh-DGRQnCICdBSCAcFPY,1503
-reconcile/terraform_vpc_resources/merge_request_manager.py,sha256=6jfwgbqXEFQlgLM6zmModpOkQX8wqddpoE0pZJL1Acc,3256
+reconcile/terraform_vpc_resources/merge_request.py,sha256=MFRG7JQojmCTgr-9rLXVotcjH9mMIZZ0-kPai9UDJWA,1732
+reconcile/terraform_vpc_resources/merge_request_manager.py,sha256=erCC9aY-gWMCVeLrFxG5_q3G2p3iVBS8eeYIUZR_6_o,4123
 reconcile/typed_queries/__init__.py,sha256=rRk4CyslLsBr4vAh1pIPgt6s3P4R1M9NSEPLnyQgBpk,61
 reconcile/typed_queries/alerting_services_settings.py,sha256=YKQd60O_2C_H103nLrYgcUInndM2vFypqW_NO706L2E,833
 reconcile/typed_queries/app_interface_custom_messages.py,sha256=bgSAJEzqee8aiPVCj_bIIqb4VTkrF0-vti1dos7ebEg,684
@@ -644,7 +644,7 @@ reconcile/utils/password_validator.py,sha256=knR6jJGc-v44v-hhQFvpYrEubuFfCCc3Qly
 reconcile/utils/prometheus.py,sha256=Ad0rwLbxRuuYjHwkwJloHEdK0bvy42h-p-HIT1DhDhs,3832
 reconcile/utils/promotion_state.py,sha256=4NTBswYkzxlJIIkMz4j92dOj-jn0m36DKQg8CqZEyo8,3910
 reconcile/utils/promtool.py,sha256=YnqwMAzsQVGuBZ1j9zy3UcVPFQVJgBMLzQkxhK_KFkU,3079
-reconcile/utils/quay_api.py,sha256=ZWjfjzFnIsbKRDcdAnP9tWQezclf53I7VWZJ0gbF2kE,8260
+reconcile/utils/quay_api.py,sha256=zlzM-1_GsVSQVd2z0SMwx3uv5wqzZ7JUKE5ZOqQPKXc,7728
 reconcile/utils/quay_mirror.py,sha256=dpWCNv5lITwIk6Q9RkmqaQKHNk_JPy27UQEribJ7E-U,1324
 reconcile/utils/raw_github_api.py,sha256=ZUDtOxdMSMs-Z0noKi0pyMtXHi5V2nCMFDB5JIM_oQ0,3057
 reconcile/utils/repo_owners.py,sha256=c6Z-U5TkiRPvuhr_zYWvZG9HZGzoT-l-d2PJ33lGflE,6507
@@ -802,7 +802,7 @@ tools/saas_promotion_state/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 tools/saas_promotion_state/saas_promotion_state.py,sha256=uQv2QJAmUXP1g2GPIH30WTlvL9soY6m9lefpZEVDM5w,3965
 tools/sre_checkpoints/__init__.py,sha256=CDaDaywJnmRCLyl_NCcvxi-Zc0hTi_3OdwKiFOyS39I,145
 tools/sre_checkpoints/util.py,sha256=KcYVfa3UmJHVP_ocgrKe8NkrO5IDB9aWEDydSokPcRk,975
-qontract_reconcile-0.10.2.dev465.dist-info/METADATA,sha256=ScW_C4JCmkdyTIXDqZrqfFVmZtjNv3mNn_WklW7ZtTo,24948
-qontract_reconcile-0.10.2.dev465.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-qontract_reconcile-0.10.2.dev465.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
-qontract_reconcile-0.10.2.dev465.dist-info/RECORD,,
+qontract_reconcile-0.10.2.dev473.dist-info/METADATA,sha256=cqVPSqOjgcxHnzId0KJ1x9lHen_cPLUwfkBQjZe6ULI,24948
+qontract_reconcile-0.10.2.dev473.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+qontract_reconcile-0.10.2.dev473.dist-info/entry_points.txt,sha256=5i9l54La3vQrDLAdwDKQWC0iG4sV9RRfOb1BpvzOWLc,698
+qontract_reconcile-0.10.2.dev473.dist-info/RECORD,,

reconcile/gql_definitions/external_resources/external_resources_namespaces.py

@@ -1184,7 +1184,7 @@ class AppV1(ConfiguredBaseModel):
     path: str = Field(..., alias="path")
     name: str = Field(..., alias="name")
     app_code: str = Field(..., alias="appCode")
-    cost_center: str = Field(..., alias="costCenter")
+    cost_center: Optional[str] = Field(..., alias="costCenter")
 
 
 class ClusterSpecV1(ConfiguredBaseModel):

reconcile/gql_definitions/introspection.json

@@ -16708,13 +16708,9 @@
                             "description": null,
                             "args": [],
                             "type": {
-                                "kind": "NON_NULL",
-                                "name": null,
-                                "ofType": {
-                                    "kind": "SCALAR",
-                                    "name": "String",
-                                    "ofType": null
-                                }
+                                "kind": "SCALAR",
+                                "name": "String",
+                                "ofType": null
                             },
                             "isDeprecated": false,
                             "deprecationReason": null

reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py

@@ -1117,7 +1117,7 @@ class EnvironmentV1(ConfiguredBaseModel):
 class AppV1(ConfiguredBaseModel):
     name: str = Field(..., alias="name")
     app_code: str = Field(..., alias="appCode")
-    cost_center: str = Field(..., alias="costCenter")
+    cost_center: Optional[str] = Field(..., alias="costCenter")
 
 
 class ClusterSpecV1(ConfiguredBaseModel):

reconcile/quay_base.py

@@ -1,4 +1,4 @@
-from collections import namedtuple
+from collections import UserDict, namedtuple
 from typing import Any, TypedDict
 
 from reconcile import queries
@@ -10,22 +10,34 @@ OrgKey = namedtuple("OrgKey", ["instance", "org_name"])
 
 class OrgInfo(TypedDict):
     url: str
-    api: QuayApi
     push_token: dict[str, str] | None
     teams: list[str]
     managedRepos: bool
     mirror: OrgKey | None
     mirror_filters: dict[str, Any]
+    api: QuayApi
+
 
+class QuayApiStore(UserDict[OrgKey, OrgInfo]):
+    def __init__(self) -> None:
+        super().__init__(get_quay_api_store())
 
-QuayApiStore = dict[OrgKey, OrgInfo]
+    def cleanup(self) -> None:
+        """Close all QuayApi sessions."""
+        for org_info in self.data.values():
+            org_info["api"].cleanup()
 
+    def __enter__(self) -> "QuayApiStore":
+        return self
 
-def get_quay_api_store() -> QuayApiStore:
+    def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
+        self.cleanup()
+
+
+def get_quay_api_store() -> dict[OrgKey, OrgInfo]:
     """
     Returns a dictionary with a key for each Quay organization
     managed in app-interface.
-    Each key contains an initiated QuayApi instance.
     """
     quay_orgs = queries.get_quay_orgs()
     settings = queries.get_app_interface_settings()
@@ -61,14 +73,21 @@ def get_quay_api_store() -> QuayApiStore:
         else:
             push_token = None
 
+        # Create QuayApi instance for this org
+        api = QuayApi(
+            token=token,
+            organization=org_name,
+            base_url=base_url,
+        )
+
         org_info: OrgInfo = {
             "url": base_url,
-            "api": QuayApi(token, org_name, base_url=base_url),
             "push_token": push_token,
             "teams": org_data.get("managedTeams") or [],
             "managedRepos": bool(org_data.get("managedRepos")),
             "mirror": mirror,
             "mirror_filters": mirror_filters,
+            "api": api,
         }
 
         store[org_key] = org_info

reconcile/quay_membership.py

@@ -10,7 +10,7 @@ from reconcile.gql_definitions.quay_membership.quay_membership import (
     PermissionQuayOrgTeamV1,
     UserV1,
 )
-from reconcile.quay_base import QuayApiStore, get_quay_api_store
+from reconcile.quay_base import QuayApiStore
 from reconcile.status import ExitCodes
 from reconcile.utils import (
     expiration,
@@ -58,10 +58,11 @@ def fetch_current_state(quay_api_store: QuayApiStore) -> AggregatedList:
     state = AggregatedList()
 
     for org_key, org_data in quay_api_store.items():
-        quay_api = org_data["api"]
         teams = org_data["teams"]
         if not teams:
             continue
+
+        quay_api = org_data["api"]
         for team in teams:
             try:
                 members = quay_api.list_team_members(team)
@@ -77,7 +78,11 @@ def fetch_current_state(quay_api_store: QuayApiStore) -> AggregatedList:
                 # Teams are only added to the state if they exist so that
                 # there is a proper diff between the desired and current state.
                 state.add(
-                    {"service": "quay-membership", "org": org_key, "team": team},
+                    {
+                        "service": "quay-membership",
+                        "org": org_key.org_name,
+                        "team": team,
+                    },
                     members,
                 )
     return state
@@ -117,9 +122,10 @@ class RunnerAction:
         def action(params: dict, items: list) -> bool:
             org = params["org"]
             team = params["team"]
+            org_data = self.quay_api_store[org]
+            quay_api = org_data["api"]
 
             missing_users = False
-            quay_api = self.quay_api_store[org]["api"]
             for member in items:
                 logging.info([label, member, org, team])
                 user_exists = quay_api.user_exists(member)
@@ -147,10 +153,11 @@ class RunnerAction:
         def action(params: dict, items: list) -> bool:
             org = params["org"]
             team = params["team"]
+            org_data = self.quay_api_store[org]
 
             # Ensure all quay org/teams are declared as dependencies in a
             # `/dependencies/quay-org-1.yml` datafile.
-            if team not in self.quay_api_store[org]["teams"]:
+            if team not in org_data["teams"]:
                 raise RunnerError(
                     f"Quay team {team} is not defined as a "
                     f"managedTeam in the {org} org."
@@ -159,7 +166,7 @@ class RunnerAction:
             logging.info([label, org, team])
 
             if not self.dry_run:
-                quay_api = self.quay_api_store[org]["api"]
+                quay_api = org_data["api"]
                 quay_api.create_or_update_team(team)
 
             return True
@@ -172,12 +179,13 @@ class RunnerAction:
         def action(params: dict, items: list) -> bool:
             org = params["org"]
             team = params["team"]
+            org_data = self.quay_api_store[org]
 
+            quay_api = org_data["api"]
             if self.dry_run:
                 for member in items:
                     logging.info([label, member, org, team])
             else:
-                quay_api = self.quay_api_store[org]["api"]
                 for member in items:
                     logging.info([label, member, org, team])
                     quay_api.remove_user_from_team(member, team)
@@ -188,24 +196,23 @@ class RunnerAction:
 
 
 def run(dry_run: bool) -> None:
-    quay_api_store = get_quay_api_store()
-
-    current_state = fetch_current_state(quay_api_store)
-    desired_state = fetch_desired_state()
-
-    # calculate diff
-    diff = current_state.diff(desired_state)
-    logging.debug("State diff: %s", diff)
-
-    # Run actions
-    runner_action = RunnerAction(dry_run, quay_api_store)
-    runner = AggregatedDiffRunner(diff)
-
-    runner.register("insert", runner_action.create_team())
-    runner.register("update-insert", runner_action.add_to_team())
-    runner.register("update-delete", runner_action.del_from_team())
-    runner.register("delete", runner_action.del_from_team())
-
-    status = runner.run()
-    if not status:
-        sys.exit(ExitCodes.ERROR)
+    with QuayApiStore() as quay_api_store:
+        current_state = fetch_current_state(quay_api_store)
+        desired_state = fetch_desired_state()
+
+        # calculate diff
+        diff = current_state.diff(desired_state)
+        logging.debug("State diff: %s", diff)
+
+        # Run actions
+        runner_action = RunnerAction(dry_run, quay_api_store)
+        runner = AggregatedDiffRunner(diff)
+
+        runner.register("insert", runner_action.create_team())
+        runner.register("update-insert", runner_action.add_to_team())
+        runner.register("update-delete", runner_action.del_from_team())
+        runner.register("delete", runner_action.del_from_team())
+
+        status = runner.run()
+        if not status:
+            sys.exit(ExitCodes.ERROR)

reconcile/quay_mirror_org.py

@@ -17,7 +17,7 @@ from sretoolbox.container.image import (
 )
 from sretoolbox.container.skopeo import SkopeoCmdError
 
-from reconcile.quay_base import get_quay_api_store
+from reconcile.quay_base import QuayApiStore
 from reconcile.quay_mirror import QuayMirror
 from reconcile.utils.quay_mirror import record_timestamp, sync_tag
 
@@ -45,7 +45,7 @@ class QuayMirrorOrg:
     ) -> None:
         self.dry_run = dry_run
         self.skopeo_cli = Skopeo(dry_run)
-        self.quay_api_store = get_quay_api_store()
+        self.quay_api_store = QuayApiStore()
         self.compare_tags = compare_tags
         self.compare_tags_interval = compare_tags_interval
         self.orgs = orgs
@@ -71,6 +71,7 @@ class QuayMirrorOrg:
 
     def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
         self.session.close()
+        self.quay_api_store.cleanup()
 
     def run(self) -> None:
         sync_tasks = self.process_sync_tasks()
@@ -101,11 +102,9 @@ class QuayMirrorOrg:
             if self.orgs and org_key.org_name not in self.orgs:
                 continue
 
-            quay_api = org_info["api"]
             upstream_org_key = org_info["mirror"]
             assert upstream_org_key is not None
             upstream_org = self.quay_api_store[upstream_org_key]
-            upstream_quay_api = upstream_org["api"]
 
             push_token = upstream_org["push_token"]
 
@@ -114,7 +113,10 @@ class QuayMirrorOrg:
             username = push_token["user"]
             token = push_token["token"]
 
+            quay_api = org_info["api"]
             org_repos = [item["name"] for item in quay_api.list_images()]
+
+            upstream_quay_api = upstream_org["api"]
             for repo in upstream_quay_api.list_images():
                 if repo["name"] not in org_repos:
                     continue

reconcile/quay_permissions.py

@@ -2,7 +2,10 @@ import logging
 import sys
 from typing import Any
 
-from reconcile.quay_base import OrgKey, get_quay_api_store
+from reconcile.quay_base import (
+    OrgKey,
+    QuayApiStore,
+)
 from reconcile.status import ExitCodes
 from reconcile.utils import gql
 
@@ -57,85 +60,88 @@ def run(dry_run: bool) -> None:
         return
 
     apps: list[dict[str, Any]] = result.get("apps") or []
-    quay_api_store = get_quay_api_store()
     error = False
-    for app in apps:
-        quay_repo_configs = app.get("quayRepos")
-        if not quay_repo_configs:
-            continue
-        for quay_repo_config in quay_repo_configs:
-            instance_name = quay_repo_config["org"]["instance"]["name"]
-            org_name = quay_repo_config["org"]["name"]
-            org_key = OrgKey(instance_name, org_name)
-
-            if not quay_repo_config["org"]["managedRepos"]:
-                logging.error(
-                    f"[{app['name']}] Can not manage repo permissions in {org_name} "
-                    "since managedRepos is set to false."
-                )
-                error = True
-                continue
-
-            # processing quayRepos section
-            logging.debug(["app", app["name"], instance_name, org_name])
 
-            quay_api = quay_api_store[org_key]["api"]
-            teams = quay_repo_config.get("teams")
-            if not teams:
+    with QuayApiStore() as quay_api_store:
+        for app in apps:
+            quay_repo_configs = app.get("quayRepos")
+            if not quay_repo_configs:
                 continue
-            repos = quay_repo_config["items"]
-            for repo in repos:
-                repo_name = repo["name"]
-
-                # processing repo section
-                logging.debug(["repo", repo_name])
-
-                for team in teams:
-                    permissions = team["permissions"]
-                    role = team["role"]
-                    for permission in permissions:
-                        if permission["service"] != "quay-membership":
-                            logging.warning(
-                                "wrong service kind, should be quay-membership"
+            for quay_repo_config in quay_repo_configs:
+                instance_name = quay_repo_config["org"]["instance"]["name"]
+                org_name = quay_repo_config["org"]["name"]
+                org_key = OrgKey(instance_name, org_name)
+
+                if not quay_repo_config["org"]["managedRepos"]:
+                    logging.error(
+                        f"[{app['name']}] Can not manage repo permissions in {org_name} "
+                        "since managedRepos is set to false."
+                    )
+                    error = True
+                    continue
+
+                # processing quayRepos section
+                logging.debug(["app", app["name"], instance_name, org_name])
+
+                org_data = quay_api_store[org_key]
+                teams = quay_repo_config.get("teams")
+                if not teams:
+                    continue
+                repos = quay_repo_config["items"]
+                quay_api = org_data["api"]
+
+                for repo in repos:
+                    repo_name = repo["name"]
+
+                    # processing repo section
+                    logging.debug(["repo", repo_name])
+
+                    for team in teams:
+                        permissions = team["permissions"]
+                        role = team["role"]
+                        for permission in permissions:
+                            if permission["service"] != "quay-membership":
+                                logging.warning(
+                                    "wrong service kind, should be quay-membership"
+                                )
+                                continue
+
+                            perm_org_key = OrgKey(
+                                permission["quayOrg"]["instance"]["name"],
+                                permission["quayOrg"]["name"],
                             )
-                            continue
-
-                        perm_org_key = OrgKey(
-                            permission["quayOrg"]["instance"]["name"],
-                            permission["quayOrg"]["name"],
-                        )
-
-                        if perm_org_key != org_key:
-                            logging.warning(f"wrong org, should be {org_key}")
-                            continue
 
-                        team_name = permission["team"]
-
-                        # processing team section
-                        logging.debug(["team", team_name])
-                        try:
-                            current_role = quay_api.get_repo_team_permissions(
-                                repo_name, team_name
-                            )
-                            if current_role != role:
-                                logging.info([
-                                    "update_role",
-                                    org_key,
-                                    repo_name,
-                                    team_name,
-                                    role,
-                                ])
-                                if not dry_run:
-                                    quay_api.set_repo_team_permissions(
-                                        repo_name, team_name, role
-                                    )
-                        except Exception:
-                            error = True
-                            logging.exception(
-                                "could not manage repo permissions: "
-                                f"repo name: {repo_name}, "
-                                f"team name: {team_name}"
-                            )
+                            if perm_org_key != org_key:
+                                logging.warning(f"wrong org, should be {org_key}")
+                                continue
+
+                            team_name = permission["team"]
+
+                            # processing team section
+                            logging.debug(["team", team_name])
+                            try:
+                                current_role = quay_api.get_repo_team_permissions(
+                                    repo_name, team_name
+                                )
+                                if current_role != role:
+                                    logging.info([
+                                        "update_role",
+                                        org_key,
+                                        repo_name,
+                                        team_name,
+                                        role,
+                                    ])
+                                    if not dry_run:
+                                        quay_api.set_repo_team_permissions(
+                                            repo_name, team_name, role
+                                        )
+                            except Exception:
+                                error = True
+                                logging.exception(
+                                    "could not manage repo permissions: "
+                                    f"repo name: {repo_name}, "
+                                    f"team name: {team_name}"
+                                )
 
     if error:
         sys.exit(ExitCodes.ERROR)

reconcile/quay_repos.py

@@ -3,18 +3,14 @@ from __future__ import annotations
 import logging
 import sys
 from collections import namedtuple
-from typing import TYPE_CHECKING
 
 from reconcile.quay_base import (
     OrgKey,
-    get_quay_api_store,
+    QuayApiStore,
 )
 from reconcile.status import ExitCodes
 from reconcile.utils import gql
 
-if TYPE_CHECKING:
-    from reconcile.quay_base import QuayApiStore
-
 QUAY_REPOS_QUERY = """
 {
   apps: apps_v1 {
@@ -51,7 +47,6 @@ def fetch_current_state(quay_api_store: QuayApiStore) -> list[RepoInfo]:
             continue
 
         quay_api = org_info["api"]
-
         for repo in quay_api.list_images():
             name = repo["name"]
             public = repo["is_public"]
@@ -150,7 +145,8 @@ def act_delete(
         current_repo.name,
     ])
     if not dry_run:
-        api = quay_api_store[current_repo.org_key]["api"]
+        org_data = quay_api_store[current_repo.org_key]
+        api = org_data["api"]
         api.repo_delete(current_repo.name)
 
 
@@ -164,7 +160,8 @@ def act_create(
         desired_repo.name,
     ])
     if not dry_run:
-        api = quay_api_store[desired_repo.org_key]["api"]
+        org_data = quay_api_store[desired_repo.org_key]
+        api = org_data["api"]
         api.repo_create(
             desired_repo.name, desired_repo.description, desired_repo.public
         )
@@ -180,7 +177,8 @@ def act_description(
         desired_repo.description,
     ])
     if not dry_run:
-        api = quay_api_store[desired_repo.org_key]["api"]
+        org_data = quay_api_store[desired_repo.org_key]
+        api = org_data["api"]
         api.repo_update_description(desired_repo.name, desired_repo.description)
 
 
@@ -194,7 +192,8 @@ def act_public(
         desired_repo.name,
     ])
     if not dry_run:
-        api = quay_api_store[desired_repo.org_key]["api"]
+        org_data = quay_api_store[desired_repo.org_key]
+        api = org_data["api"]
         if desired_repo.public:
             api.repo_make_public(desired_repo.name)
         else:
@@ -223,32 +222,31 @@ def act(
 
 
 def run(dry_run: bool) -> None:
-    quay_api_store = get_quay_api_store()
-
-    # consistency checks
-    for org_key, org_info in quay_api_store.items():
-        if org_info.get("mirror"):
-            # ensure there are no circular mirror dependencies
-            mirror_org_key = org_info["mirror"]
-            assert mirror_org_key is not None
-            mirror_org = quay_api_store[mirror_org_key]
-            if mirror_org.get("mirror"):
-                logging.error(
-                    f"{mirror_org_key.instance}/"
-                    + f"{mirror_org_key.org_name} "
-                    + "can't have mirrors and be a mirror"
-                )
-                sys.exit(ExitCodes.ERROR)
+    with QuayApiStore() as quay_api_store:
+        # consistency checks
+        for org_key, org_info in quay_api_store.items():
+            if org_info.get("mirror"):
+                # ensure there are no circular mirror dependencies
+                mirror_org_key = org_info["mirror"]
+                assert mirror_org_key is not None
+                mirror_org = quay_api_store[mirror_org_key]
+                if mirror_org.get("mirror"):
+                    logging.error(
+                        f"{mirror_org_key.instance}/"
+                        + f"{mirror_org_key.org_name} "
+                        + "can't have mirrors and be a mirror"
+                    )
+                    sys.exit(ExitCodes.ERROR)
 
-            # ensure no org defines `managedRepos` and `mirror` at the same
-            if org_info.get("managedRepos"):
-                logging.error(
-                    f"{org_key.instance}/{org_key.org_name} "
-                    + "has defined mirror and managedRepos"
-                )
-                sys.exit(ExitCodes.ERROR)
+                # ensure no org defines `managedRepos` and `mirror` at the same
+                if org_info.get("managedRepos"):
+                    logging.error(
+                        f"{org_key.instance}/{org_key.org_name} "
+                        + "has defined mirror and managedRepos"
+                    )
+                    sys.exit(ExitCodes.ERROR)
 
-    # run integration
-    current_state = fetch_current_state(quay_api_store)
-    desired_state = fetch_desired_state(quay_api_store)
-    act(dry_run, quay_api_store, current_state, desired_state)
+        # run integration
+        current_state = fetch_current_state(quay_api_store)
+        desired_state = fetch_desired_state(quay_api_store)
+        act(dry_run, quay_api_store, current_state, desired_state)

reconcile/queries.py

@@ -1815,7 +1815,7 @@ def get_review_repos() -> list[dict[str, str]]:
     return [
         {"url": c["url"], "name": c["name"]}
         for c in code_components
-        if c["showInReviewQueue"] is not None
+        if c.get("showInReviewQueue", False)
     ]
 
 

reconcile/templating/validator.py

@@ -141,11 +141,11 @@ class TemplateValidatorIntegration(QontractReconcileIntegration):
         if diffs:
             for diff in diffs:
                 logging.error(f"template: {diff.template}, test: {diff.test}")
-                # This log should never be added except for local debugging.
-                # Credentials could be leaked, i.e. creating an MR with a diff,
-                # using a template, that uses the vault function.
-                # Use template-validator CLI instead.
                 # logging.debug(diff.diff)
+
+            logging.error(
+                "The diff is never logged to avoid accidental credential leaks. Use template-validator CLI locally for debugging templates."
+            )
             raise ValueError("Template validation failed")
 
     @property

reconcile/terraform_vpc_resources/merge_request.py

@@ -1,5 +1,6 @@
 import re
 import string
+from enum import StrEnum
 
 from pydantic import BaseModel
 
@@ -9,6 +10,12 @@ PROMOTION_DATA_SEPARATOR = "**DO NOT MANUALLY CHANGE ANYTHING BELOW THIS LINE**"
 VERSION = "0.1.0"
 LABEL = "terraform-vpc-resources"
 
+
+class Action(StrEnum):
+    CREATE = "create"
+    UPDATE = "update"
+
+
 VERSION_REF = "tf_vpc_resources_version"
 ACCOUNT_REF = "account"
 COMPILED_REGEXES = {
@@ -53,5 +60,8 @@ class Renderer:
     def render_description(self, account: str) -> str:
         return DESC.safe_substitute(account=account)
 
-    def render_title(self, account: str) -> str:
-        return f"[auto] VPC data file creation to {account}"
+    def render_title(self, account: str, action: Action) -> str:
+        return f"[auto] {action} VPC data file for {account}"
+
+    def render_update_title(self, account: str) -> str:
+        return f"[auto] VPC data file update for {account}"

reconcile/terraform_vpc_resources/merge_request_manager.py

@@ -5,6 +5,7 @@ from pydantic import BaseModel
 
 from reconcile.terraform_vpc_resources.merge_request import (
     LABEL,
+    Action,
     Info,
     Renderer,
 )
@@ -28,6 +29,7 @@ class VPCRequestMR(MergeRequestBase):
         vpc_tmpl_file_path: str,
         vpc_tmpl_file_content: str,
         labels: list[str],
+        action: Action,
     ):
         super().__init__()
         self._title = title
@@ -35,6 +37,7 @@ class VPCRequestMR(MergeRequestBase):
         self._vpc_tmpl_file_path = vpc_tmpl_file_path
         self._vpc_tmpl_file_content = vpc_tmpl_file_content
         self.labels = labels
+        self._action = action
 
     @property
     def title(self) -> str:
@@ -45,12 +48,21 @@ class VPCRequestMR(MergeRequestBase):
         return self._description
 
     def process(self, gitlab_cli: GitLabApi) -> None:
-        gitlab_cli.create_file(
-            branch_name=self.branch,
-            file_path=self._vpc_tmpl_file_path,
-            commit_message="add vpc datafile",
-            content=self._vpc_tmpl_file_content,
-        )
+        # Create or update file based on whether it already exists
+        if self._action == Action.UPDATE:
+            gitlab_cli.update_file(
+                branch_name=self.branch,
+                file_path=self._vpc_tmpl_file_path,
+                commit_message="update vpc datafile",
+                content=self._vpc_tmpl_file_content,
+            )
+        else:
+            gitlab_cli.create_file(
+                branch_name=self.branch,
+                file_path=self._vpc_tmpl_file_path,
+                commit_message="add vpc datafile",
+                content=self._vpc_tmpl_file_content,
+            )
 
 
 class MrData(BaseModel):
@@ -73,26 +85,37 @@ class MergeRequestManager(MergeRequestManagerBase[Info]):
         self._renderer = renderer
         self._auto_merge_enabled = auto_merge_enabled
 
-    def create_merge_request(self, data: MrData) -> None:
-        """Open a new MR, if not already present, for a VPC datafile and close any outdated before."""
-        if not self._housekeeping_ran:
-            self.housekeeping()
-
+    def _create_action(self, data: MrData) -> Action | None:
         if self._merge_request_already_exists({"account": data.account}):
             logging.info("MR already exists for %s", data.account)
             return None
-
         try:
-            self._vcs.get_file_content_from_app_interface_ref(file_path=data.path)
-            # the file exists, nothing to do
-            return None
+            existing_content = self._vcs.get_file_content_from_app_interface_ref(
+                file_path=data.path
+            )
         except GitlabGetError as e:
-            if e.response_code != 404:
-                raise
+            if e.response_code == 404:
+                return Action.CREATE
+            raise
+
+        if existing_content.strip() != data.content.strip():
+            return Action.UPDATE
+
+        logging.info("VPC data file exists and is up-to-date for %s", data.account)
+        return None
+
+    def create_merge_request(self, data: MrData) -> None:
+        """Open a new MR for VPC datafile updates, or update existing if changed."""
+        if not self._housekeeping_ran:
+            self.housekeeping()
+        action = self._create_action(data)
+        if action is None:
+            return
 
         description = self._renderer.render_description(account=data.account)
-        title = self._renderer.render_title(account=data.account)
-        logging.info("Open MR for %s", data.account)
+        title = self._renderer.render_title(account=data.account, action=action)
+
+        logging.info("Open MR for %s (%s)", data.account, action)
         mr_labels = [LABEL]
         if self._auto_merge_enabled:
             mr_labels.append(AUTO_MERGE)
@@ -103,5 +126,6 @@ class MergeRequestManager(MergeRequestManagerBase[Info]):
                 description=description,
                 vpc_tmpl_file_content=data.content,
                 labels=mr_labels,
+                action=action,
             )
         )

reconcile/utils/quay_api.py

@@ -1,13 +1,16 @@
+import contextlib
 from typing import Any
 
 import requests
 
+from reconcile.utils.rest_api_base import ApiBase, BearerTokenAuth
+
 
 class QuayTeamNotFoundError(Exception):
     pass
 
 
-class QuayApi:
+class QuayApi(ApiBase):
     LIMIT_FOLLOWS = 15
 
     def __init__(
@@ -17,14 +20,18 @@ class QuayApi:
         base_url: str = "quay.io",
         timeout: int = 60,
     ) -> None:
-        self.token = token
+        # Support both hostname (e.g., "quay.io") and full URLs (e.g., "http://localhost:12345")
+        if base_url.startswith(("http://", "https://")):
+            host = base_url
+        else:
+            host = f"https://{base_url}"
+        super().__init__(
+            host=host,
+            auth=BearerTokenAuth(token),
+            read_timeout=timeout,
+        )
         self.organization = organization
-        self.auth_header = {"Authorization": "Bearer %s" % (token,)}
         self.team_members: dict[str, Any] = {}
-        self.api_url = f"https://{base_url}/api/v1"
-
-        self._timeout = timeout
-        """Timeout to use for HTTP calls to Quay (seconds)."""
 
     def list_team_members(self, team: str, **kwargs: Any) -> list[dict]:
         """
@@ -38,19 +45,20 @@ class QuayApi:
             if cache_members:
                 return cache_members
 
-        url = f"{self.api_url}/organization/{self.organization}/team/{team}/members?includePending=true"
-
-        r = requests.get(url, headers=self.auth_header, timeout=self._timeout)
-        if r.status_code == 404:
-            raise QuayTeamNotFoundError(
-                f"team {team} is not found in "
-                f"org {self.organization}. "
-                f"contact org owner to create the "
-                f"team manually."
-            )
-        r.raise_for_status()
-
-        body = r.json()
+        url = f"/api/v1/organization/{self.organization}/team/{team}/members"
+        params = {"includePending": "true"}
+
+        try:
+            body = self._get(url, params=params)
+        except requests.exceptions.HTTPError as e:
+            if e.response.status_code == 404:
+                raise QuayTeamNotFoundError(
+                    f"team {team} is not found in "
+                    f"org {self.organization}. "
+                    f"contact org owner to create the "
+                    f"team manually."
+                ) from e
+            raise
 
         # Using a set because members may be repeated
         members = {member["name"] for member in body["members"]}
@@ -61,30 +69,37 @@ class QuayApi:
         return members_list
 
     def user_exists(self, user: str) -> bool:
-        url = f"{self.api_url}/users/{user}"
-        r = requests.get(url, headers=self.auth_header, timeout=self._timeout)
-        return r.ok
+        url = f"/api/v1/users/{user}"
+        try:
+            self._get(url)
+            return True
+        except requests.exceptions.HTTPError:
+            return False
 
     def remove_user_from_team(self, user: str, team: str) -> bool:
         """Deletes an user from a team.
 
         :raises HTTPError if there are any problems with the request
         """
-        url_team = f"{self.api_url}/organization/{self.organization}/team/{team}/members/{user}"
+        url_team = (
+            f"/api/v1/organization/{self.organization}/team/{team}/members/{user}"
+        )
 
-        r = requests.delete(url_team, headers=self.auth_header, timeout=self._timeout)
-        if not r.ok:
-            message = r.json().get("message", "")
+        try:
+            self._delete(url_team)
+        except requests.exceptions.HTTPError as e:
+            message = ""
+            if e.response is not None:
+                with contextlib.suppress(ValueError, AttributeError):
+                    message = e.response.json().get("message", "")
 
             expected_message = f"User {user} does not belong to team {team}"
 
             if message != expected_message:
-                r.raise_for_status()
+                raise
 
-        url_org = f"{self.api_url}/organization/{self.organization}/members/{user}"
-
-        r = requests.delete(url_org, headers=self.auth_header, timeout=self._timeout)
-        r.raise_for_status()
+        url_org = f"/api/v1/organization/{self.organization}/members/{user}"
+        self._delete(url_org)
 
         return True
 
@@ -96,9 +111,8 @@ class QuayApi:
         if user in self.list_team_members(team, cache=True):
             return True
 
-        url = f"{self.api_url}/organization/{self.organization}/team/{team}/members/{user}"
-        r = requests.put(url, headers=self.auth_header, timeout=self._timeout)
-        r.raise_for_status()
+        url = f"/api/v1/organization/{self.organization}/team/{team}/members/{user}"
+        self._put(url)
         return True
 
     def create_or_update_team(
@@ -115,17 +129,14 @@ class QuayApi:
         :raises HTTPError: unsuccessful attempt to create the team
         """
 
-        url = f"{self.api_url}/organization/{self.organization}/team/{team}"
+        url = f"/api/v1/organization/{self.organization}/team/{team}"
 
         payload = {"role": role}
 
         if description:
             payload.update({"description": description})
 
-        r = requests.put(
-            url, headers=self.auth_header, json=payload, timeout=self._timeout
-        )
-        r.raise_for_status()
+        self._put(url, data=payload)
 
     def list_images(
         self, images: list | None = None, page: str | None = None, count: int = 0
@@ -140,7 +151,7 @@ class QuayApi:
         if count > self.LIMIT_FOLLOWS:
             raise ValueError("Too many page follows")
 
-        url = f"{self.api_url}/repository"
+        url = "/api/v1/repository"
 
         # params
         params = {"namespace": self.organization}
@@ -148,13 +159,7 @@ class QuayApi:
             params["next_page"] = page
 
         # perform request
-        r = requests.get(
-            url, params=params, headers=self.auth_header, timeout=self._timeout
-        )
-        r.raise_for_status()
-
-        # read body
-        body = r.json()
+        body = self._get(url, params=params)
         repositories = body.get("repositories", [])
         next_page = body.get("next_page")
 
@@ -176,7 +181,7 @@ class QuayApi:
         """
         visibility = "public" if public else "private"
 
-        url = f"{self.api_url}/repository"
+        url = "/repository"
 
         params = {
             "repo_kind": "image",
@@ -186,29 +191,16 @@ class QuayApi:
             "description": description,
         }
 
-        # perform request
-        r = requests.post(
-            url, json=params, headers=self.auth_header, timeout=self._timeout
-        )
-        r.raise_for_status()
+        self._post(url, data=params)
 
     def repo_delete(self, repo_name: str) -> None:
-        url = f"{self.api_url}/repository/{self.organization}/{repo_name}"
-
-        # perform request
-        r = requests.delete(url, headers=self.auth_header, timeout=self._timeout)
-        r.raise_for_status()
+        url = f"/api/v1/repository/{self.organization}/{repo_name}"
+        self._delete(url)
 
     def repo_update_description(self, repo_name: str, description: str) -> None:
-        url = f"{self.api_url}/repository/{self.organization}/{repo_name}"
-
+        url = f"/api/v1/repository/{self.organization}/{repo_name}"
         params = {"description": description}
-
-        # perform request
-        r = requests.put(
-            url, json=params, headers=self.auth_header, timeout=self._timeout
-        )
-        r.raise_for_status()
+        self._put(url, data=params)
 
     def repo_make_public(self, repo_name: str) -> None:
         self._repo_change_visibility(repo_name, "public")
@@ -217,39 +209,34 @@ class QuayApi:
         self._repo_change_visibility(repo_name, "private")
 
     def _repo_change_visibility(self, repo_name: str, visibility: str) -> None:
-        url = f"{self.api_url}/repository/{self.organization}/{repo_name}/changevisibility"
-
+        url = f"/api/v1/repository/{self.organization}/{repo_name}/changevisibility"
         params = {"visibility": visibility}
-
-        # perform request
-        r = requests.post(
-            url, json=params, headers=self.auth_header, timeout=self._timeout
-        )
-        r.raise_for_status()
+        self._post(url, data=params)
 
     def get_repo_team_permissions(self, repo_name: str, team: str) -> str | None:
         url = (
-            f"{self.api_url}/repository/{self.organization}/"
+            f"/api/v1/repository/{self.organization}/"
             + f"{repo_name}/permissions/team/{team}"
         )
-        r = requests.get(url, headers=self.auth_header, timeout=self._timeout)
-        if not r.ok:
-            message = r.json().get("message")
+        try:
+            body = self._get(url)
+            return body.get("role") or None
+        except requests.exceptions.HTTPError as e:
+            message = ""
+            if e.response is not None:
+                with contextlib.suppress(ValueError, AttributeError):
+                    message = e.response.json().get("message", "")
+
             expected_message = "Team does not have permission for repo."
             if message == expected_message:
                 return None
 
-            r.raise_for_status()
-
-        return r.json().get("role") or None
+            raise
 
     def set_repo_team_permissions(self, repo_name: str, team: str, role: str) -> None:
         url = (
-            f"{self.api_url}/repository/{self.organization}/"
+            f"/api/v1/repository/{self.organization}/"
             + f"{repo_name}/permissions/team/{team}"
         )
         body = {"role": role}
-        r = requests.put(
-            url, json=body, headers=self.auth_header, timeout=self._timeout
-        )
-        r.raise_for_status()
+        self._put(url, data=body)