qontract-reconcile 0.9.1rc237__py3-none-any.whl → 0.9.1rc238__py3-none-any.whl

{qontract_reconcile-0.9.1rc237.dist-info → qontract_reconcile-0.9.1rc238.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: qontract-reconcile
-Version: 0.9.1rc237
+Version: 0.9.1rc238
 Summary: Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
 Home-page: https://github.com/app-sre/qontract-reconcile
 Author: Red Hat App-SRE Team

{qontract_reconcile-0.9.1rc237.dist-info → qontract_reconcile-0.9.1rc238.dist-info}/RECORD

@@ -80,7 +80,7 @@ reconcile/openshift_namespaces.py,sha256=Pq2EE1OuClFYK66r6i-989B0h-K0IH5BKak7W-E
 reconcile/openshift_network_policies.py,sha256=X48jTvKOXhrLwWymkxbieYqJg01bDn90FnXFDr0WBI8,4189
 reconcile/openshift_resourcequotas.py,sha256=QR73mIa7rCEQgUqfRCCvlg9trqFNPjeIJZ_qVzY-mSQ,2795
 reconcile/openshift_resources.py,sha256=Lkn3KdIqxUCmOzlwoKjM2xVotTbJDfgjMGySvWtBZjU,1314
-reconcile/openshift_resources_base.py,sha256=RUUySaSdb3fY9isyMG1QnPNHZz9yVypB6C-xa-id8oc,40820
+reconcile/openshift_resources_base.py,sha256=yyYBaZwtYbNW58ObLNyaAvC0xvy_Hhjo8iYdJTd5H3E,40365
 reconcile/openshift_rolebindings.py,sha256=1k0o3hb3ZhhlbUjc8cP7IjKFux0oZApT8kLT8Y-pvqI,6579
 reconcile/openshift_routes.py,sha256=fXvuPSjcjVw1X3j2EQvUAdbOepmIFdKk-M3qP8QzPiw,1075
 reconcile/openshift_saas_deploy.py,sha256=5ELZi8pKji6XIS55aRwusLRNat-RQoSbmw9H1cMN5PM,9949
@@ -324,8 +324,8 @@ reconcile/test/test_openshift_tekton_resources.py,sha256=Sn01SpAH1uYViuJXhzIvPPh
 reconcile/test/test_openshift_upgrade_watcher.py,sha256=o1Y5az-zp_ve0vAQNSu3NEPqUPLpQztEZI8WTka3opg,4784
 reconcile/test/test_prometheus_rules_tester.py,sha256=usJ_XgqiqoMDPj_2QAqKPeIsnuH99zs9dSbzV1PuzPk,1918
 reconcile/test/test_quay_membership.py,sha256=e29Giz5S9ckFgjpTO8PBo8qVPocIQmy4WqsRhgTFd9A,2643
-reconcile/test/test_quay_mirror.py,sha256=8Uu_4I_1uRQ35E1lXs-LPfYrk4BD3NdFdupjr4FxyJo,4142
-reconcile/test/test_quay_mirror_org.py,sha256=L01uGW1ICvSIB3kbU4l-moYkA5oE4X_PfszL_SBFz5Y,2589
+reconcile/test/test_quay_mirror.py,sha256=Dc485iUwevbBue7TuE6eaz0WugwZD4v4IPTbd87SEHE,4142
+reconcile/test/test_quay_mirror_org.py,sha256=93B6yrzUj7oWajsGl2pTXZ2OeEZn82t7hM106sj3H1o,2589
 reconcile/test/test_quay_repos.py,sha256=TdkcRF_a8PLp01Kti9eZZN-vGup2yPBT4Iba3k08qe0,1810
 reconcile/test/test_queries.py,sha256=SpH3RmNpBjEr_ne3VjAMCgKK8RE1z1zo7bypkT5uoO4,1946
 reconcile/test/test_repo_owners.py,sha256=uRYMLbMmh-9usF0TerabZTZV-Z1CS4I6ybT-LQqCLe8,1423
@@ -454,7 +454,7 @@ reconcile/utils/expiration.py,sha256=BXwKE50sNIV-Lszke97fxitNkLxYszoOLW1LBgp_yqg
 reconcile/utils/external_resource_spec.py,sha256=epSXhJU8PFmX0-YJWr4fre5mxbRDOyOS5vvYB-umMGA,6184
 reconcile/utils/external_resources.py,sha256=301hqVVDt78i88VLFTkSc5mq1KvVP4OiHh_DQX-B1G8,6492
 reconcile/utils/git.py,sha256=kgjN93MMB5mnkuNb1n53f5kldGGf5u0pBHj9YJbiE_c,1455
-reconcile/utils/git_secrets.py,sha256=Wot8ILeTyUhyxEDr15sr1KiRNZ3YsFlr3H8bJoYt7_4,2169
+reconcile/utils/git_secrets.py,sha256=897nRs7tycA3m7YYeVEbzOhI8RFrI9IJT2E0di1eJhc,1956
 reconcile/utils/github_api.py,sha256=6gdlKK0W3vZpxbbtOcohRgvZ4YkiSki7Gxdb16goHPo,2316
 reconcile/utils/gitlab_api.py,sha256=_qRSdbzBxKzAhAeeBniH3AKd64R44M8ca4DHV9HBqFw,24610
 reconcile/utils/gpg.py,sha256=EKG7_fdMv8BMlV5yUdPiqoTx-KrzmVSEAl2sLkaKwWI,1123
@@ -470,10 +470,10 @@ reconcile/utils/jjb_client.py,sha256=L9rkfObDW6TsxcSJ1BMYkAL4zFXP_v_m4_sgrYULlj4
 reconcile/utils/jsonpath.py,sha256=8L3byngge3g6vNAYCXuHRRUsvUcFeC6hUAZPNmhh3bM,4675
 reconcile/utils/jump_host.py,sha256=yJZBRnoCJ-fknhT9f_cli_1J5hBRh1PsRVDyDWpjhws,4935
 reconcile/utils/ldap_client.py,sha256=atreTLA1f7gnG54Ub3JWkToP9tCwAci-q17dqB5XShA,1453
-reconcile/utils/lean_terraform_client.py,sha256=PJio087h5zUoievA3SppDP_io6ypiS9refaN5Hpm1Dg,1055
+reconcile/utils/lean_terraform_client.py,sha256=no9MMgG6TsgjM3EypIhLQtRmPZl9eNnZ0k0llWSBn6Y,865
 reconcile/utils/make.py,sha256=QaEwucrzbl8-VHS66Wfdjfo0ubmAcvt_hZGpiGsKU50,231
 reconcile/utils/metrics.py,sha256=7DO12hEJ7sNOjrTNmA24l5wmAe4MT0WgY-Y2iPhBgXI,2015
-reconcile/utils/oc.py,sha256=_1ryGmPhSi5UNy8122l4sLDVU5xavy8ZpNpCSsOLDuk,68547
+reconcile/utils/oc.py,sha256=-vPfw85S5Bgzy53OJqreP3UE2nL9fiAaiOWhzfxyPBs,68448
 reconcile/utils/oc_connection_parameters.py,sha256=jlEMObRAx0NuWQfEF7NXkLoY-Ewrr9egA7nUr_oUHyM,10011
 reconcile/utils/oc_filters.py,sha256=RWn8pC5A7ZZT7C6WPq9bOw5KBNkiAb5puFSr_FpdAf8,1358
 reconcile/utils/oc_map.py,sha256=2y8A2B7iSNG4dTxaF9OkKlbw0DYcUwjeF3uv-P0lTBM,9538
@@ -499,7 +499,7 @@ reconcile/utils/state.py,sha256=IMSrg2T11uP8xcxt6NIIuoWDhsun6qBYSWYFa8RmUZ0,7421
 reconcile/utils/structs.py,sha256=B05uQsZLxl4a-wLqiUTJ8ccr1dkjG_UbleMY2jrqoe0,296
 reconcile/utils/template.py,sha256=wTvRU4AnAV_o042tD4Mwls2dwWMuk7MKnde3MaCjaYg,331
 reconcile/utils/terraform_client.py,sha256=AYnA1pW7JgNuroHzhrLW8gZ8yN-pLKwH_aAnRj9JcEA,27679
-reconcile/utils/terrascript_aws_client.py,sha256=h5bCWv7MUk4b_dS3as4Aq9uyMcTxxDaT6tBj67tE0Hg,251172
+reconcile/utils/terrascript_aws_client.py,sha256=4iAfp5DJ5Yeiuvh2phk42VE4cYeRzp-mw_5alVZpq3s,251109
 reconcile/utils/throughput.py,sha256=iP4UWAe2LVhDo69mPPmgo9nQ7RxHD6_GS8MZe-aSiuM,344
 reconcile/utils/unleash.py,sha256=xY8fXxJApZhYnhJHmqNAK1YPNWf6larzDtk0VuNvn08,2875
 reconcile/utils/vault.py,sha256=CnhNu0pZfqS14kD1dQmBldITvTcSJHaHfk-KPNNDC7k,14471
@@ -561,8 +561,8 @@ tools/sre_checkpoints/util.py,sha256=zEDbGr18ZeHNQwW8pUsr2JRjuXIPz--WAGJxZo9sv_Y
 tools/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tools/test/test_qontract_cli.py,sha256=awwTHEc2DWlykuqGIYM0WOBoSL0KRnOraCLk3C7izis,1401
 tools/test/test_sre_checkpoints.py,sha256=SKqPPTl9ua0RFdSSofnoQX-JZE6dFLO3LRhfQzqtfh8,2607
-qontract_reconcile-0.9.1rc237.dist-info/METADATA,sha256=zxJHMutcehp2XjsQeCt5IvLHBXOUIzhqjFqptYd7sFU,2248
-qontract_reconcile-0.9.1rc237.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-qontract_reconcile-0.9.1rc237.dist-info/entry_points.txt,sha256=aIVvB7OTCxYu0QkONzBPfFEyg68Pr8KUVKEEm4ChDVc,333
-qontract_reconcile-0.9.1rc237.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
-qontract_reconcile-0.9.1rc237.dist-info/RECORD,,
+qontract_reconcile-0.9.1rc238.dist-info/METADATA,sha256=47CGewECheJDS5LQ6I-pFcOYSP1LzRfeGMTDkFzO13M,2248
+qontract_reconcile-0.9.1rc238.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+qontract_reconcile-0.9.1rc238.dist-info/entry_points.txt,sha256=aIVvB7OTCxYu0QkONzBPfFEyg68Pr8KUVKEEm4ChDVc,333
+qontract_reconcile-0.9.1rc238.dist-info/top_level.txt,sha256=j0CHPIc8TsVRB50wOz_jhxjjaRyCJB3NOQeXhuHS67c,34
+qontract_reconcile-0.9.1rc238.dist-info/RECORD,,

reconcile/openshift_resources_base.py

@@ -209,6 +209,21 @@ APP_INT_BASE_URL = "https://gitlab.cee.redhat.com/service/app-interface"
 _log_lock = Lock()
 
 
+def _locked_info_log(msg: str):
+    with _log_lock:
+        logging.info(msg)
+
+
+def _locked_debug_log(msg: str):
+    with _log_lock:
+        logging.debug(msg)
+
+
+def _locked_error_log(msg: str):
+    with _log_lock:
+        logging.error(msg)
+
+
 class FetchSecretError(Exception):
     def __init__(self, msg):
         super().__init__("error fetching secret: " + str(msg))
@@ -538,8 +553,6 @@ def fetch_provider_vault_secret(
 
 
 def fetch_provider_route(resource: dict, tls_path, tls_version, settings=None) -> OR:
-    global _log_lock
-
     path = resource["path"]
     openshift_resource = fetch_provider_resource(resource)
 
@@ -568,9 +581,7 @@ def fetch_provider_route(resource: dict, tls_path, tls_version, settings=None) -
         msg = "Route secret '{}' key '{}' not in valid keys {}".format(
             tls_path, k, valid_keys
         )
-        _log_lock.acquire()  # pylint: disable=consider-using-with
-        logging.info(msg)
-        _log_lock.release()
+        _locked_info_log(msg)
 
     host = openshift_resource.body["spec"].get("host")
     certificate = openshift_resource.body["spec"]["tls"].get("certificate")
@@ -583,21 +594,13 @@ def fetch_provider_route(resource: dict, tls_path, tls_version, settings=None) -
     return openshift_resource
 
 
-def _locked_log(lock, msg):
-    lock.acquire()  # pylint: disable=consider-using-with
-    logging.debug(msg)
-    lock.release()
-
-
 def fetch_openshift_resource(
     resource, parent, settings=None, skip_validation=False
 ) -> OR:
-    global _log_lock
-
     provider = resource["provider"]
     if provider == "resource":
         path = resource["resource"]["path"]
-        _locked_log(_log_lock, "Processing {}: {}".format(provider, path))
+        _locked_debug_log("Processing {}: {}".format(provider, path))
         validate_json = resource.get("validate_json") or False
         add_path_to_prom_rules = resource.get("add_path_to_prom_rules", True)
         validate_alertmanager_config = (
@@ -617,7 +620,7 @@ def fetch_openshift_resource(
         )
     elif provider == "resource-template":
         path = resource["resource"]["path"]
-        _locked_log(_log_lock, "Processing {}: {}".format(provider, path))
+        _locked_debug_log("Processing {}: {}".format(provider, path))
         add_path_to_prom_rules = resource.get("add_path_to_prom_rules", True)
         validate_alertmanager_config = (
             resource.get("validate_alertmanager_config") or False
@@ -655,7 +658,7 @@ def fetch_openshift_resource(
     elif provider == "vault-secret":
         path = resource["path"]
         version = resource["version"]
-        _locked_log(_log_lock, "Processing {}: {} - {}".format(provider, path, version))
+        _locked_debug_log("Processing {}: {} - {}".format(provider, path, version))
         rn = resource["name"]
         name = path.split("/")[-1] if rn is None else rn
         rl = resource["labels"]
@@ -688,7 +691,7 @@ def fetch_openshift_resource(
             raise FetchSecretError(e)
     elif provider == "route":
         path = resource["resource"]["path"]
-        _locked_log(_log_lock, "Processing {}: {}".format(provider, path))
+        _locked_debug_log("Processing {}: {}".format(provider, path))
         tls_path = resource["vault_tls_secret_path"]
         tls_version = resource["vault_tls_secret_version"]
         openshift_resource = fetch_provider_route(
@@ -708,12 +711,7 @@ def fetch_current_state(
     kind: str,
     resource_names=Iterable[str],
 ):
-    global _log_lock
-
-    msg = f"Fetching {kind} from {cluster}/{namespace}"
-    _log_lock.acquire()  # pylint: disable=consider-using-with
-    logging.debug(msg)
-    _log_lock.release()
+    _locked_debug_log(f"Fetching {kind} from {cluster}/{namespace}")
     if not oc.is_kind_supported(kind):
         logging.warning(f"[{cluster}] cluster has no API resource {kind}.")
         return
@@ -740,8 +738,6 @@ def fetch_desired_state(
     privileged: bool,
     settings: Optional[Mapping[str, Any]] = None,
 ):
-    global _log_lock
-
     try:
         openshift_resource = fetch_openshift_resource(resource, parent, settings)
     except (
@@ -752,9 +748,7 @@ def fetch_desired_state(
     ) as e:
         ri.register_error()
         msg = "[{}/{}] {}".format(cluster, namespace, str(e))
-        _log_lock.acquire()  # pylint: disable=consider-using-with
-        logging.error(msg)
-        _log_lock.release()
+        _locked_error_log(msg)
         return
 
     # add to inventory
@@ -774,9 +768,7 @@ def fetch_desired_state(
         msg = "[{}/{}] unknown kind: {}. hint: is it missing from managedResourceTypes?".format(
             cluster, namespace, openshift_resource.kind
         )
-        _log_lock.acquire()  # pylint: disable=consider-using-with
-        logging.error(msg)
-        _log_lock.release()
+        _locked_error_log(msg)
         return
     except ResourceKeyExistsError:
         # This is failing because an attempt to add
@@ -786,9 +778,7 @@ def fetch_desired_state(
         msg = ("[{}/{}] desired item already exists: {}/{}.").format(
             cluster, namespace, openshift_resource.kind, openshift_resource.name
         )
-        _log_lock.acquire()  # pylint: disable=consider-using-with
-        logging.error(msg)
-        _log_lock.release()
+        _locked_error_log(msg)
         return
 
 

reconcile/test/test_quay_mirror.py

@@ -48,7 +48,7 @@ class TestIsCompareTags:
         with open(os.path.join(self.tmp_dir.name, CONTROL_FILE_NAME), "w") as fh:
             fh.write(str(NOW - 100.0))
 
-    def teardown_mehtod(self):
+    def teardown_method(self):
         self.tmp_dir.cleanup()
 
     # Last run was in NOW - 100s, we run compare tags every 10s.

reconcile/test/test_quay_mirror_org.py

@@ -36,7 +36,7 @@ class TestIsCompareTags:
         with open(os.path.join(self.tmp_dir.name, CONTROL_FILE_NAME), "w") as fh:
             fh.write(str(NOW - 100.0))
 
-    def teardown_mehtod(self):
+    def teardown_method(self):
         self.tmp_dir.cleanup()
 
     # Last run was in NOW - 100s, we run compare tags every 10s.

reconcile/utils/git_secrets.py

@@ -1,54 +1,38 @@
 import logging
 import os
-import shutil
+import subprocess
 import tempfile
-from subprocess import (
-    PIPE,
-    Popen,
-)
 
 import requests
 from sretoolbox.utils import retry
 
 from reconcile.utils import git
-from reconcile.utils.defer import defer
 
 
-@defer
 @retry()
-def scan_history(repo_url, existing_keys, defer=None):
-    # pylint: disable=consider-using-with
+def scan_history(repo_url, existing_keys):
     logging.info("scanning {}".format(repo_url))
     if requests.get(repo_url, timeout=60).status_code == 404:
         logging.info("not found {}".format(repo_url))
         return []
 
-    wd = tempfile.mkdtemp()
-    defer(lambda: cleanup(wd))
-
-    git.clone(repo_url, wd)
-    DEVNULL = open(os.devnull, "w")
-    proc = Popen(["git", "secrets", "--register-aws"], cwd=wd, stdout=DEVNULL)
-    proc.communicate()
-    proc = Popen(["git", "secrets", "--scan-history"], cwd=wd, stdout=PIPE, stderr=PIPE)
-    _, err = proc.communicate()
-    if proc.returncode == 0:
-        return []
-
-    logging.info("found suspects in {}".format(repo_url))
-    suspected_files = get_suspected_files(err.decode("utf-8"))
-    leaked_keys = get_leaked_keys(wd, suspected_files, existing_keys)
-    if leaked_keys:
-        logging.info("found suspected leaked keys: {}".format(leaked_keys))
-
-    return leaked_keys
-
-
-def cleanup(wd):
-    try:
-        shutil.rmtree(wd)
-    except Exception:
-        pass
+    with tempfile.TemporaryDirectory() as wd:
+        git.clone(repo_url, wd)
+        subprocess.run(["git", "secrets", "--install"], check=False, cwd=wd)
+        result = subprocess.run(
+            ["git", "secrets", "--scan-history"],
+            capture_output=True,
+            check=False,
+            cwd=wd,
+        )
+        if result.returncode == 0:
+            return []
+        logging.info("found suspects in {}".format(repo_url))
+        suspected_files = get_suspected_files(result.stderr.decode("utf-8"))
+        leaked_keys = get_leaked_keys(wd, suspected_files, existing_keys)
+        if leaked_keys:
+            logging.info("found suspected leaked keys: {}".format(leaked_keys))
+        return leaked_keys
 
 
 def get_suspected_files(error):

reconcile/utils/lean_terraform_client.py

@@ -1,38 +1,27 @@
 import json
 import logging
-from subprocess import (
-    PIPE,
-    Popen,
-)
+import subprocess
 
 
 def state_rm_access_key(working_dirs, account, user):
-    # pylint: disable=consider-using-with
     wd = working_dirs[account]
-    proc = Popen(["terraform", "init"], cwd=wd, stdout=PIPE, stderr=PIPE)
-    proc.communicate()
-    if proc.returncode:
+    init_result = subprocess.run(["terraform", "init"], check=False, cwd=wd)
+    if init_result.returncode != 0:
         return False
     resource = "aws_iam_access_key.{}".format(user)
-    proc = Popen(
-        ["terraform", "state", "rm", resource], cwd=wd, stdout=PIPE, stderr=PIPE
-    )
-    proc.communicate()
-    return proc.returncode == 0
+    result = subprocess.run(["terraform", "state", "rm", resource], check=False, cwd=wd)
+    return result.returncode == 0
 
 
 def show_json(working_dir, out_file):
-    # pylint: disable=consider-using-with
-    proc = Popen(
+    result = subprocess.run(
         ["terraform", "show", "-no-color", "-json", out_file],
+        capture_output=True,
+        check=False,
         cwd=working_dir,
-        stdout=PIPE,
-        stderr=PIPE,
     )
-    out, err = proc.communicate()
-    if proc.returncode:
-        # out_file is the name of the account as well
-        msg = f"[{out_file}] terraform show failed: {str(err)}"
+    if result.returncode != 0:
+        msg = f"[{out_file}] terraform show failed: {result.stderr.decode('utf-8')}"
         logging.warning(msg)
         raise Exception(msg)
-    return json.loads(out)
+    return json.loads(result.stdout)

reconcile/utils/oc.py

@@ -3,6 +3,7 @@ import json
 import logging
 import os
 import re
+import subprocess
 import tempfile
 import threading
 import time
@@ -14,10 +15,7 @@ from contextlib import suppress
 from dataclasses import dataclass
 from datetime import datetime
 from functools import wraps
-from subprocess import (
-    PIPE,
-    Popen,
-)
+from subprocess import Popen
 from threading import Lock
 from typing import (
     Any,
@@ -1070,24 +1068,14 @@ class OCDeprecated:  # pylint: disable=too-many-public-methods
 
     @retry(exceptions=(StatusCodeError, NoOutputError), max_attempts=10)
     def _run(self, cmd, **kwargs):
-        if kwargs.get("stdin"):
-            stdin = PIPE
-            stdin_text = kwargs.get("stdin").encode()
-        else:
-            stdin = None
-            stdin_text = None
-
-        p = Popen(  # pylint: disable=consider-using-with
-            self.oc_base_cmd + cmd, stdin=stdin, stdout=PIPE, stderr=PIPE
+        stdin = kwargs.get("stdin")
+        stdin_text = stdin.encode() if stdin else None
+        result = subprocess.run(
+            self.oc_base_cmd + cmd, input=stdin_text, capture_output=True, check=False
         )
-        out, err = p.communicate(stdin_text)
-
-        code = p.returncode
-
+        err = result.stderr.decode("utf-8") if result.stderr else ""
         allow_not_found = kwargs.get("allow_not_found")
-
-        if code != 0:
-            err = err.decode("utf-8")
+        if result.returncode != 0:
             if "Unable to connect to the server" in err:
                 raise StatusCodeError(f"[{self.server}]: {err}")
             if kwargs.get("apply"):
@@ -1120,12 +1108,12 @@ class OCDeprecated:  # pylint: disable=too-many-public-methods
             if not (allow_not_found and "NotFound" in err):
                 raise StatusCodeError(f"[{self.server}]: {err}")
 
-        if not out:
+        if not result.stdout:
             if allow_not_found:
                 return "{}"
             raise NoOutputError(err)
 
-        return out.strip()
+        return result.stdout.decode("utf-8").strip()
 
     def _run_json(self, cmd, allow_not_found=False):
         out = self._run(cmd, allow_not_found=allow_not_found)

reconcile/utils/terrascript_aws_client.py

@@ -488,8 +488,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
             r = requests.get(zip_url, timeout=60)
             r.raise_for_status()
             os.makedirs(os.path.dirname(zip_file), exist_ok=True)
-            # pylint: disable=consider-using-with
-            open(zip_file, "wb").write(r.content)
+            with open(zip_file, "wb") as f:
+                f.write(r.content)
         return zip_file
 
     def get_logtoes_zip(self, release_url):
@@ -513,8 +513,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         if not os.path.exists(zip_file):
             r = requests.get(zip_url, timeout=60)
             r.raise_for_status()
-            # pylint: disable=consider-using-with
-            open(zip_file, "wb").write(r.content)
+            with open(zip_file, "wb") as f:
+                f.write(r.content)
         return zip_file
 
     def get_rosa_authenticator_zip(self, release_url):
@@ -542,8 +542,8 @@ class TerrascriptClient:  # pylint: disable=too-many-public-methods
         if not os.path.exists(zip_file):
             r = requests.get(zip_url, timeout=60)
             r.raise_for_status()
-            # pylint: disable=consider-using-with
-            open(zip_file, "wb").write(r.content)
+            with open(zip_file, "wb") as f:
+                f.write(r.content)
         return zip_file
 
     def init_github(self) -> Github: