qontract-reconcile 0.10.2.dev50__py3-none-any.whl → 0.10.2.dev52__py3-none-any.whl

reconcile/utils/gitlab_api.py

@@ -2,7 +2,9 @@ import logging
 import os
 import re
 from collections.abc import (
+    Callable,
     Iterable,
+    Mapping,
     Set,
 )
 from functools import cached_property
@@ -12,6 +14,8 @@ from operator import (
 )
 from typing import (
     Any,
+    Protocol,
+    Self,
     TypedDict,
     cast,
 )
@@ -25,6 +29,7 @@ from gitlab.const import (
     MAINTAINER_ACCESS,
     OWNER_ACCESS,
     REPORTER_ACCESS,
+    AccessLevel,
 )
 from gitlab.v4.objects import (
     CurrentUser,
@@ -32,16 +37,20 @@ from gitlab.v4.objects import (
     GroupMember,
     PersonalAccessToken,
     Project,
+    ProjectFile,
+    ProjectHook,
     ProjectIssue,
     ProjectIssueManager,
     ProjectMergeRequest,
     ProjectMergeRequestManager,
     ProjectMergeRequestNote,
+    ProjectMergeRequestResourceLabelEvent,
+    User,
 )
 from sretoolbox.utils import retry
 
 from reconcile.utils.metrics import gitlab_request
-from reconcile.utils.secret_reader import SecretReader
+from reconcile.utils.secret_reader import SecretReader, SecretReaderBase
 
 # The following line will suppress
 # `InsecureRequestWarning: Unverified HTTPS request is being made`
@@ -90,16 +99,20 @@ class GLGroupMember(TypedDict):
     access_level: str
 
 
-class GitLabApi:  # pylint: disable=too-many-public-methods
+class GitlabUser(Protocol):
+    user: str
+    access_level: int
+
+
+class GitLabApi:
     def __init__(
         self,
-        instance,
-        project_id=None,
-        settings=None,
-        secret_reader=None,
-        project_url=None,
-        saas_files=None,
-        timeout=30,
+        instance: Mapping,
+        project_id: str | int | None = None,
+        settings: Mapping | None = None,
+        secret_reader: SecretReaderBase | None = None,
+        project_url: str | None = None,
+        timeout: float = 30,
     ):
         self.server = instance["url"]
         if not secret_reader:
@@ -115,6 +128,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
             timeout=timeout,
         )
         self._auth()
+        assert self.gl.user
         self.user: CurrentUser = self.gl.user
         if project_id is None:
             # When project_id is not provide, we try to get the project
@@ -127,7 +141,6 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         else:
             gitlab_request.labels(integration=INTEGRATION_NAME).inc()
             self.project = self.gl.projects.get(project_id)
-        self.saas_files = saas_files
 
     @cached_property
     def project_main_branch(self) -> str:
@@ -138,38 +151,40 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
 
     @property
     def main_branch(self) -> str:
-        return self.project_main_branch if self.project else DEFAULT_MAIN_BRANCH
+        return self.project_main_branch
 
-    def __enter__(self):
+    def __enter__(self) -> Self:
         return self
 
-    def __exit__(self, *exc):
+    def __exit__(self, *exc: Any) -> None:
         self.cleanup()
 
-    def __str__(self):
+    def __str__(self) -> str:
         return self.project.web_url
 
-    def cleanup(self):
+    def cleanup(self) -> None:
         """
         Close gl session.
         """
         self.gl.session.close()
 
     @retry()
-    def _auth(self):
+    def _auth(self) -> None:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         self.gl.auth()
 
-    def create_branch(self, new_branch, source_branch):
+    def create_branch(self, new_branch: str, source_branch: str) -> None:
         data = {"branch": new_branch, "ref": source_branch}
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         self.project.branches.create(data)
 
-    def delete_branch(self, branch):
+    def delete_branch(self, branch: str) -> None:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         self.project.branches.delete(branch)
 
-    def create_commit(self, branch_name, commit_message, actions):
+    def create_commit(
+        self, branch_name: str, commit_message: str, actions: Iterable[Mapping]
+    ) -> None:
         """
         actions is a list of 'action' dictionaries. The 'action' dict is
         documented here: https://docs.gitlab.com/ee/api/commits.html
@@ -183,7 +198,9 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
             "actions": actions,
         })
 
-    def create_file(self, branch_name, file_path, commit_message, content):
+    def create_file(
+        self, branch_name: str, file_path: str, commit_message: str, content: str
+    ) -> None:
         data = {
             "branch": branch_name,
             "commit_message": commit_message,
@@ -194,7 +211,9 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         self.project.commits.create(data)
 
-    def delete_file(self, branch_name, file_path, commit_message):
+    def delete_file(
+        self, branch_name: str, file_path: str, commit_message: str
+    ) -> None:
         data = {
             "branch": branch_name,
             "commit_message": commit_message,
@@ -203,7 +222,9 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         self.project.commits.create(data)
 
-    def update_file(self, branch_name, file_path, commit_message, content):
+    def update_file(
+        self, branch_name: str, file_path: str, commit_message: str, content: str
+    ) -> None:
         data = {
             "branch": branch_name,
             "commit_message": commit_message,
@@ -216,12 +237,12 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
 
     def create_mr(
         self,
-        source_branch,
-        target_branch,
-        title,
-        remove_source_branch=True,
-        labels=None,
-    ):
+        source_branch: str,
+        target_branch: str,
+        title: str,
+        remove_source_branch: bool = True,
+        labels: Iterable[str] | None = None,
+    ) -> ProjectMergeRequest:
         if labels is None:
             labels = []
         data = {
@@ -232,7 +253,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
             "labels": labels,
         }
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-        return self.project.mergerequests.create(data)
+        return cast(ProjectMergeRequest, self.project.mergerequests.create(data))
 
     def mr_exists(self, title: str) -> bool:
         mrs = self.get_merge_requests(state=MRState.OPENED)
@@ -253,7 +274,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
             members = self.get_items(project.members_all.list)
         return [m.username for m in members if m.access_level >= 40]
 
-    def get_app_sre_group_users(self):
+    def get_app_sre_group_users(self) -> list[GroupMember]:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         app_sre_group = self.gl.groups.get("app-sre")
         return self.get_items(app_sre_group.members.list)
@@ -304,7 +325,9 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
                 if not self._is_bot_username(m.username)
             ]
 
-    def add_project_member(self, repo_url, user, access="maintainer"):
+    def add_project_member(
+        self, repo_url: str, user: GroupMember, access: str = "maintainer"
+    ) -> None:
         project = self.get_project(repo_url)
         if project is None:
             return
@@ -316,7 +339,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
             member.access_level = access_level
             member.save()
 
-    def add_group_member(self, group, user):
+    def add_group_member(self, group: Group, user: GitlabUser) -> None:
         gitlab_user = self.get_user(user.user)
         if gitlab_user is not None:
             gitlab_request.labels(integration=INTEGRATION_NAME).inc()
@@ -331,41 +354,34 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
                 member.access_level = user.access_level
                 member.save()
 
-    def remove_group_member(self, group, user_id):
+    def remove_group_member(self, group: Group, user_id: str) -> None:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         group.members.delete(user_id)
 
-    def change_access(self, member, access_level):
+    def change_access(self, member: GroupMember, access_level: int) -> None:
         member.access_level = access_level
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         member.save()
 
     @staticmethod
-    def get_access_level_string(access_level):
-        if access_level == OWNER_ACCESS:
-            return "owner"
-        if access_level == MAINTAINER_ACCESS:
-            return "maintainer"
-        if access_level == DEVELOPER_ACCESS:
-            return "developer"
-        if access_level == REPORTER_ACCESS:
-            return "reporter"
-        if access_level == GUEST_ACCESS:
-            return "guest"
+    def get_access_level_string(access_level: int) -> str:
+        return AccessLevel(access_level).name.lower()
 
     @staticmethod
-    def get_access_level(access):
-        access = access.lower()
-        if access == "owner":
-            return OWNER_ACCESS
-        if access == "maintainer":
-            return MAINTAINER_ACCESS
-        if access == "developer":
-            return DEVELOPER_ACCESS
-        if access == "reporter":
-            return REPORTER_ACCESS
-        if access == "guest":
-            return GUEST_ACCESS
+    def get_access_level(access: str) -> int:
+        match access.lower():
+            case "owner":
+                return OWNER_ACCESS
+            case "maintainer":
+                return MAINTAINER_ACCESS
+            case "developer":
+                return DEVELOPER_ACCESS
+            case "reporter":
+                return REPORTER_ACCESS
+            case "guest":
+                return GUEST_ACCESS
+            case _:
+                raise ValueError(f"Invalid access level: {access}")
 
     def get_group_id_and_projects(self, group_name: str) -> tuple[str, list[str]]:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
@@ -376,11 +392,11 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         return self.gl.groups.get(group_name)
 
-    def create_project(self, group_id, project):
+    def create_project(self, group_id: str, project: str) -> None:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         self.gl.projects.create({"name": project, "namespace_id": group_id})
 
-    def get_project_url(self, group, project):
+    def get_project_url(self, group: str, project: str) -> str:
         return f"{self.server}/{group}/{project}"
 
     @retry()
@@ -398,17 +414,19 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         return self.gl.projects.get(project_id)
 
-    def get_issues(self, state):
+    def get_issues(self, state: str) -> list[ProjectIssue]:
         return self.get_items(self.project.issues.list, state=state)
 
-    def get_merge_request(self, mr_id):
+    def get_merge_request(self, mr_id: str | int) -> ProjectMergeRequest:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         return self.project.mergerequests.get(mr_id)
 
-    def get_merge_requests(self, state):
+    def get_merge_requests(self, state: str) -> list[ProjectMergeRequest]:
         return self.get_items(self.project.mergerequests.list, state=state)
 
-    def get_merge_request_label_events(self, mr: ProjectMergeRequest):
+    def get_merge_request_label_events(
+        self, mr: ProjectMergeRequest
+    ) -> list[ProjectMergeRequestResourceLabelEvent]:
         return self.get_items(mr.resourcelabelevents.list)
 
     def get_merge_request_pipelines(self, mr: ProjectMergeRequest) -> list[dict]:
@@ -506,7 +524,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
     def add_labels_to_merge_request(
         merge_request: ProjectMergeRequest,
         labels: Iterable[str],
-    ):
+    ) -> None:
         """Adds labels to a Merge Request"""
         # merge_request maybe stale, refresh it to reduce the possibility of labels overwriting
         GitLabApi.refresh_labels(merge_request)
@@ -557,7 +575,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
 
     # TODO: deprecated this method as new support of list(get_all=True), and figure out request counter metrics
     @staticmethod
-    def get_items(method, **kwargs):
+    def get_items(method: Callable, **kwargs: Any) -> list:
         all_items = []
         page = 1
         while True:
@@ -575,7 +593,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         self.project.labels.create({"name": label_text, "color": label_color})
 
     @staticmethod
-    def refresh_labels(item: ProjectMergeRequest | ProjectIssue):
+    def refresh_labels(item: ProjectMergeRequest | ProjectIssue) -> None:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         manager: ProjectMergeRequestManager | ProjectIssueManager
         match item:
@@ -613,7 +631,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
     def remove_label(
         item: ProjectMergeRequest | ProjectIssue,
         label: str,
-    ):
+    ) -> None:
         # item maybe stale, refresh it to reduce the possibility of labels overwriting
         GitLabApi.refresh_labels(item)
 
@@ -628,7 +646,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
     def remove_labels(
         item: ProjectMergeRequest | ProjectIssue,
         labels: Iterable[str],
-    ):
+    ) -> None:
         # item maybe stale, refresh it to reduce the possibility of labels overwriting
         GitLabApi.refresh_labels(item)
 
@@ -643,21 +661,21 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         item.save()
 
     @staticmethod
-    def close(item):
+    def close(item: ProjectIssue | ProjectMergeRequest) -> None:
         item.state_event = "close"
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         item.save()
 
-    def get_user(self, username):
+    def get_user(self, username: str) -> User | None:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
-        user = self.gl.users.list(search=username, page=1, per_page=1)
-        if len(user) == 0:
-            logging.error(username + " user not found")
-            return
+        user = cast(list[User], self.gl.users.list(search=username, page=1, per_page=1))
+        if not user:
+            logging.error(f"{username} user not found")
+            return None
         return user[0]
 
     @retry()
-    def get_project_hooks(self, repo_url):
+    def get_project_hooks(self, repo_url: str) -> list[ProjectHook]:
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         p = self.get_project(repo_url)
         if p is None:
@@ -666,7 +684,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         # TODO: get_all may send multiple requests, update metrics accordingly
         return p.hooks.list(per_page=100, get_all=True)
 
-    def create_project_hook(self, repo_url, data):
+    def create_project_hook(self, repo_url: str, data: Mapping) -> None:
         p = self.get_project(repo_url)
         if p is None:
             return
@@ -682,13 +700,13 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         p.hooks.create(hook)
 
-    def get_repository_tree(self, ref="master"):
+    def get_repository_tree(self, ref: str = "master") -> list[dict]:
         """
         Wrapper around Gitlab.repository_tree() with pagination enabled.
         """
         return self.get_items(self.project.repository_tree, ref=ref, recursive=True)
 
-    def get_file(self, path, ref="master"):
+    def get_file(self, path: str, ref: str = "master") -> ProjectFile | None:
         """
         Wrapper around Gitlab.files.get() with exception handling.
         """
@@ -699,7 +717,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         except gitlab.exceptions.GitlabGetError:
             return None
 
-    def initiate_saas_bundle_repo(self, repo_url):
+    def initiate_saas_bundle_repo(self, repo_url: str) -> None:
         project = self.get_project(repo_url)
         if project is None:
             return
@@ -714,7 +732,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         self.create_branch("production", "master")
 
     def is_last_action_by_team(
-        self, mr, team_usernames: list[str], hold_labels: list[str]
+        self, mr: ProjectMergeRequest, team_usernames: list[str], hold_labels: list[str]
     ) -> bool:
         # what is the time of the last app-sre response?
         last_action_by_team = None
@@ -731,7 +749,10 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         # labels
         gitlab_request.labels(integration=INTEGRATION_NAME).inc()
         # TODO: this may send multiple requests, update metrics accordingly
-        label_events = mr.resourcelabelevents.list(get_all=True)
+        label_events = cast(
+            list[ProjectMergeRequestResourceLabelEvent],
+            mr.resourcelabelevents.list(get_all=True),
+        )
         for label in reversed(label_events):
             if label.action == "add" and label.label["name"] in hold_labels:
                 username = label.user["username"]
@@ -798,7 +819,7 @@ class GitLabApi:  # pylint: disable=too-many-public-methods
         return None
 
     def last_comment(
-        self, mr: ProjectMergeRequest, exclude_bot=True
+        self, mr: ProjectMergeRequest, exclude_bot: bool = True
     ) -> dict[str, Any] | None:
         comments = self.get_merge_request_comments(mr)
         comments.sort(key=itemgetter("created_at"), reverse=True)

reconcile/utils/mr/base.py

@@ -5,7 +5,7 @@ from abc import (
     abstractmethod,
 )
 from collections.abc import Iterable
-from typing import Any
+from typing import Any, cast
 from uuid import uuid4
 
 from gitlab.exceptions import GitlabError
@@ -224,8 +224,11 @@ class MergeRequestBase(ABC):
                 )
 
     def diffs(self, gitlab_cli: GitLabApi) -> Any:
-        return gitlab_cli.project.repository_compare(
-            from_=gitlab_cli.main_branch, to=self.branch
+        return cast(
+            dict,
+            gitlab_cli.project.repository_compare(
+                from_=gitlab_cli.main_branch, to=self.branch
+            ),
         )["diffs"]
 
     def submit(self, cli: MRClient) -> Any | None:

reconcile/utils/mr/update_access_report_base.py

@@ -100,10 +100,10 @@ class UpdateAccessReportBase(MergeRequestBase):
         return new_workbook_md
 
     def process(self, gitlab_cli: GitLabApi) -> None:
-        workbook_md = gitlab_cli.project.files.get(
+        workbook_file = gitlab_cli.project.files.get(
             file_path=self._workbook_file_name, ref=self.branch
         )
-        workbook_md = self._update_workbook(workbook_md.decode().decode("utf-8"))
+        workbook_md = self._update_workbook(workbook_file.decode().decode("utf-8"))
 
         if not self._dry_run:
             logging.info(

reconcile/utils/output.py

@@ -1,9 +1,6 @@
 import json
 import re
-from collections.abc import (
-    Iterable,
-    Mapping,
-)
+from collections.abc import Iterable, Mapping
 
 import yaml
 from tabulate import tabulate
@@ -11,11 +8,11 @@ from tabulate import tabulate
 
 def print_output(
     options: Mapping[str, str | bool],
-    content: list[dict],
+    content: Iterable[dict],
     columns: Iterable[str] = (),
 ) -> str | None:
     if options["sort"]:
-        content.sort(key=lambda c: tuple(c.values()))
+        content = sorted(content, key=lambda c: tuple(c.values()))
     if options.get("to_string"):
         for c in content:
             for k, v in c.items():

reconcile/utils/vcs.py

@@ -222,9 +222,11 @@ class VCS:
             if not file_path.startswith("data")
             else file_path
         )
-        return self._app_interface_api.project.files.get(
-            file_path=file_path, ref="master"
-        ).decode()
+        return (
+            self._app_interface_api.project.files.get(file_path=file_path, ref="master")
+            .decode()
+            .decode("utf-8")
+        )
 
     def get_open_app_interface_merge_requests(self) -> list[ProjectMergeRequest]:
         return self._app_interface_api.get_merge_requests(state=MRState.OPENED)

reconcile/vpc_peerings_validator.py

@@ -8,6 +8,8 @@ from typing import (
 from reconcile import queries
 from reconcile.gql_definitions.vpc_peerings_validator import vpc_peerings_validator
 from reconcile.gql_definitions.vpc_peerings_validator.vpc_peerings_validator import (
+    ClusterPeeringConnectionAccountV1,
+    ClusterPeeringConnectionAccountVPCMeshV1,
     ClusterPeeringConnectionClusterAccepterV1,
     ClusterPeeringConnectionClusterRequesterV1,
     ClusterV1,
@@ -27,21 +29,23 @@ def validate_no_cidr_overlap(
 
     for cluster in clusters:
         if cluster.peering:
+            assert cluster.network
             peerings_entries = [
                 {
                     "provider": "cluster-self-vpc",
                     "vpc_name": cluster.name,
-                    "cidr_block": cluster.network.vpc,  # type: ignore[union-attr]
+                    "cidr_block": cluster.network.vpc,
                 },
             ]
             for peering in cluster.peering.connections:
-                if peering.provider == "account-vpc-mesh":
-                    aws_account_uid = peering.account.uid  # type: ignore[union-attr]
+                if isinstance(peering, ClusterPeeringConnectionAccountVPCMeshV1):
+                    aws_account_uid = peering.account.uid
                     settings = queries.get_secret_reader_settings()
                     accounts = queries.get_aws_accounts(uid=aws_account_uid)
                     awsapi = AWSApi(1, accounts, settings=settings, init_users=False)
-                    tags = peering.tags or "{}"  # type: ignore[union-attr]
-                    mesh_results = awsapi.get_vpcs_details(accounts[0], tags)
+                    mesh_results = awsapi.get_vpcs_details(
+                        accounts[0], peering.tags or {}
+                    )
                     for mesh_result in mesh_results:
                         vpc_peering_info = {
                             "provider": peering.provider,
@@ -49,22 +53,24 @@ def validate_no_cidr_overlap(
                             "cidr_block": mesh_result["cidr_block"],
                         }
                         peerings_entries.append(vpc_peering_info)
-                if peering.provider == "account-vpc":
-                    cidr_block = str(peering.vpc.cidr_block)  # type: ignore[union-attr]
+                if isinstance(peering, ClusterPeeringConnectionAccountV1):
+                    cidr_block = str(peering.vpc.cidr_block)
                     vpc_peering_info = {
                         "provider": peering.provider,
-                        "vpc_name": peering.vpc.name,  # type: ignore[union-attr]
+                        "vpc_name": peering.vpc.name,
                         "cidr_block": cidr_block,
                     }
                     peerings_entries.append(vpc_peering_info)
-                if peering.provider in {
-                    "cluster-vpc-requester",
-                    "cluster-vpc-accepter",
-                }:
+                if isinstance(
+                    peering,
+                    ClusterPeeringConnectionClusterRequesterV1
+                    | ClusterPeeringConnectionClusterAccepterV1,
+                ):
+                    assert peering.cluster.network
                     vpc_peering_info = {
                         "provider": peering.provider,
-                        "vpc_name": peering.cluster.name,  # type: ignore[union-attr]
-                        "cidr_block": peering.cluster.network.vpc,  # type: ignore[union-attr]
+                        "vpc_name": peering.cluster.name,
+                        "cidr_block": peering.cluster.network.vpc,
                     }
                     peerings_entries.append(vpc_peering_info)
             find_overlap = find_cidr_overlap(cluster.name, peerings_entries)
@@ -74,7 +80,7 @@ def validate_no_cidr_overlap(
 
 
 def find_cidr_overlap(cluster_name: str, input_list: list):
-    for i in range(len(input_list)):  # pylint: disable=consider-using-enumerate
+    for i in range(len(input_list)):
         compared_vpc = input_list[i]
         for j in range(i + 1, len(input_list)):
             comparing_vpc = input_list[j]