PyPI - qontract-reconcile - Versions diffs - 0.9.1rc298__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl - Mend

qontract-reconcile 0.9.1rc298py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (843) hide show

qontract_reconcile-0.10.1.dev1203.dist-info/METADATA +500 -0
qontract_reconcile-0.10.1.dev1203.dist-info/RECORD +771 -0
{qontract_reconcile-0.9.1rc298.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/WHEEL +1 -2
{qontract_reconcile-0.9.1rc298.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/entry_points.txt +4 -2
reconcile/acs_notifiers.py +126 -0
reconcile/acs_policies.py +243 -0
reconcile/acs_rbac.py +596 -0
reconcile/aus/advanced_upgrade_service.py +621 -8
reconcile/aus/aus_label_source.py +115 -0
reconcile/aus/base.py +1053 -353
reconcile/{utils → aus}/cluster_version_data.py +27 -12
reconcile/aus/healthchecks.py +77 -0
reconcile/aus/metrics.py +158 -0
reconcile/aus/models.py +245 -5
reconcile/aus/node_pool_spec.py +35 -0
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +225 -110
reconcile/aus/ocm_upgrade_scheduler.py +76 -71
reconcile/aus/ocm_upgrade_scheduler_org.py +81 -23
reconcile/aus/version_gate_approver.py +204 -0
reconcile/aus/version_gates/__init__.py +12 -0
reconcile/aus/version_gates/handler.py +33 -0
reconcile/aus/version_gates/ingress_gate_handler.py +32 -0
reconcile/aus/version_gates/ocp_gate_handler.py +26 -0
reconcile/aus/version_gates/sts_version_gate_handler.py +100 -0
reconcile/aws_account_manager/README.md +5 -0
reconcile/aws_account_manager/integration.py +373 -0
reconcile/aws_account_manager/merge_request_manager.py +114 -0
reconcile/aws_account_manager/metrics.py +39 -0
reconcile/aws_account_manager/reconciler.py +403 -0
reconcile/aws_account_manager/utils.py +41 -0
reconcile/aws_ami_cleanup/integration.py +273 -0
reconcile/aws_ami_share.py +18 -14
reconcile/aws_cloudwatch_log_retention/integration.py +253 -0
reconcile/aws_iam_keys.py +1 -1
reconcile/aws_iam_password_reset.py +56 -20
reconcile/aws_saml_idp/integration.py +204 -0
reconcile/aws_saml_roles/integration.py +322 -0
reconcile/aws_support_cases_sos.py +2 -2
reconcile/aws_version_sync/integration.py +430 -0
reconcile/aws_version_sync/merge_request_manager/merge_request.py +156 -0
reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py +160 -0
reconcile/aws_version_sync/utils.py +64 -0
reconcile/blackbox_exporter_endpoint_monitoring.py +2 -5
reconcile/change_owners/README.md +34 -0
reconcile/change_owners/approver.py +7 -9
reconcile/change_owners/bundle.py +134 -9
reconcile/change_owners/change_log_tracking.py +236 -0
reconcile/change_owners/change_owners.py +204 -194
reconcile/change_owners/change_types.py +183 -265
reconcile/change_owners/changes.py +488 -0
reconcile/change_owners/decision.py +120 -41
reconcile/change_owners/diff.py +63 -92
reconcile/change_owners/implicit_ownership.py +19 -16
reconcile/change_owners/self_service_roles.py +158 -35
reconcile/change_owners/tester.py +20 -18
reconcile/checkpoint.py +4 -6
reconcile/cli.py +1523 -242
reconcile/closedbox_endpoint_monitoring_base.py +10 -17
reconcile/cluster_auth_rhidp/integration.py +257 -0
reconcile/cluster_deployment_mapper.py +2 -5
reconcile/cna/assets/asset.py +4 -7
reconcile/cna/assets/null.py +2 -5
reconcile/cna/integration.py +2 -3
reconcile/cna/state.py +6 -9
reconcile/dashdotdb_base.py +31 -10
reconcile/dashdotdb_cso.py +3 -6
reconcile/dashdotdb_dora.py +530 -0
reconcile/dashdotdb_dvo.py +10 -13
reconcile/dashdotdb_slo.py +75 -19
reconcile/database_access_manager.py +753 -0
reconcile/deadmanssnitch.py +207 -0
reconcile/dynatrace_token_provider/dependencies.py +69 -0
reconcile/dynatrace_token_provider/integration.py +656 -0
reconcile/dynatrace_token_provider/metrics.py +62 -0
reconcile/dynatrace_token_provider/model.py +14 -0
reconcile/dynatrace_token_provider/ocm.py +140 -0
reconcile/dynatrace_token_provider/validate.py +48 -0
reconcile/endpoints_discovery/integration.py +348 -0
reconcile/endpoints_discovery/merge_request.py +96 -0
reconcile/endpoints_discovery/merge_request_manager.py +178 -0
reconcile/external_resources/aws.py +204 -0
reconcile/external_resources/factories.py +163 -0
reconcile/external_resources/integration.py +194 -0
reconcile/external_resources/integration_secrets_sync.py +47 -0
reconcile/external_resources/manager.py +405 -0
reconcile/external_resources/meta.py +17 -0
reconcile/external_resources/metrics.py +95 -0
reconcile/external_resources/model.py +350 -0
reconcile/external_resources/reconciler.py +265 -0
reconcile/external_resources/secrets_sync.py +465 -0
reconcile/external_resources/state.py +258 -0
reconcile/gabi_authorized_users.py +19 -11
reconcile/gcr_mirror.py +43 -34
reconcile/github_org.py +4 -6
reconcile/github_owners.py +1 -1
reconcile/github_repo_invites.py +2 -5
reconcile/gitlab_fork_compliance.py +14 -13
reconcile/gitlab_housekeeping.py +185 -91
reconcile/gitlab_labeler.py +15 -14
reconcile/gitlab_members.py +126 -120
reconcile/gitlab_owners.py +53 -66
reconcile/gitlab_permissions.py +167 -6
reconcile/glitchtip/README.md +150 -0
reconcile/glitchtip/integration.py +99 -51
reconcile/glitchtip/reconciler.py +99 -70
reconcile/glitchtip_project_alerts/__init__.py +0 -0
reconcile/glitchtip_project_alerts/integration.py +333 -0
reconcile/glitchtip_project_dsn/integration.py +43 -43
reconcile/gql_definitions/acs/__init__.py +0 -0
reconcile/gql_definitions/acs/acs_instances.py +83 -0
reconcile/gql_definitions/acs/acs_policies.py +239 -0
reconcile/gql_definitions/acs/acs_rbac.py +111 -0
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +46 -8
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +38 -8
reconcile/gql_definitions/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +61 -0
reconcile/gql_definitions/aws_account_manager/__init__.py +0 -0
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +177 -0
reconcile/gql_definitions/aws_ami_cleanup/__init__.py +0 -0
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +161 -0
reconcile/gql_definitions/aws_saml_idp/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/roles.py +97 -0
reconcile/gql_definitions/aws_version_sync/__init__.py +0 -0
reconcile/gql_definitions/aws_version_sync/clusters.py +83 -0
reconcile/gql_definitions/aws_version_sync/namespaces.py +143 -0
reconcile/gql_definitions/change_owners/queries/change_types.py +16 -29
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +45 -11
reconcile/gql_definitions/cluster_auth_rhidp/__init__.py +0 -0
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +128 -0
reconcile/gql_definitions/cna/queries/cna_provisioners.py +6 -8
reconcile/gql_definitions/cna/queries/cna_resources.py +3 -5
reconcile/gql_definitions/common/alerting_services_settings.py +2 -2
reconcile/gql_definitions/common/app_code_component_repos.py +9 -5
reconcile/gql_definitions/{glitchtip/glitchtip_settings.py → common/app_interface_custom_messages.py} +14 -16
reconcile/gql_definitions/common/app_interface_dms_settings.py +86 -0
reconcile/gql_definitions/common/app_interface_repo_settings.py +2 -2
reconcile/gql_definitions/common/app_interface_state_settings.py +3 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +3 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +120 -0
reconcile/gql_definitions/common/apps.py +72 -0
reconcile/gql_definitions/common/aws_vpc_requests.py +109 -0
reconcile/gql_definitions/common/aws_vpcs.py +84 -0
reconcile/gql_definitions/common/clusters.py +120 -254
reconcile/gql_definitions/common/clusters_minimal.py +11 -35
reconcile/gql_definitions/common/clusters_with_dms.py +72 -0
reconcile/gql_definitions/common/clusters_with_peering.py +70 -98
reconcile/gql_definitions/common/github_orgs.py +2 -2
reconcile/gql_definitions/common/jira_settings.py +68 -0
reconcile/gql_definitions/common/jiralert_settings.py +68 -0
reconcile/gql_definitions/common/namespaces.py +74 -32
reconcile/gql_definitions/common/namespaces_minimal.py +4 -10
reconcile/gql_definitions/common/ocm_env_telemeter.py +95 -0
reconcile/gql_definitions/common/ocm_environments.py +4 -2
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -11
reconcile/gql_definitions/common/pipeline_providers.py +45 -90
reconcile/gql_definitions/common/quay_instances.py +64 -0
reconcile/gql_definitions/common/quay_orgs.py +68 -0
reconcile/gql_definitions/common/reserved_networks.py +94 -0
reconcile/gql_definitions/common/saas_files.py +133 -95
reconcile/gql_definitions/common/saas_target_namespaces.py +41 -26
reconcile/gql_definitions/common/saasherder_settings.py +2 -2
reconcile/gql_definitions/common/slack_workspaces.py +62 -0
reconcile/gql_definitions/common/smtp_client_settings.py +2 -2
reconcile/gql_definitions/common/state_aws_account.py +77 -0
reconcile/gql_definitions/common/users.py +3 -2
reconcile/gql_definitions/cost_report/__init__.py +0 -0
reconcile/gql_definitions/cost_report/app_names.py +68 -0
reconcile/gql_definitions/cost_report/cost_namespaces.py +86 -0
reconcile/gql_definitions/cost_report/settings.py +77 -0
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +42 -12
reconcile/gql_definitions/dynatrace_token_provider/__init__.py +0 -0
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +79 -0
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +84 -0
reconcile/gql_definitions/endpoints_discovery/__init__.py +0 -0
reconcile/gql_definitions/endpoints_discovery/namespaces.py +127 -0
reconcile/gql_definitions/external_resources/__init__.py +0 -0
reconcile/gql_definitions/external_resources/aws_accounts.py +73 -0
reconcile/gql_definitions/external_resources/external_resources_modules.py +78 -0
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +1111 -0
reconcile/gql_definitions/external_resources/external_resources_settings.py +98 -0
reconcile/gql_definitions/fragments/aus_organization.py +34 -39
reconcile/gql_definitions/fragments/aws_account_common.py +62 -0
reconcile/gql_definitions/fragments/aws_account_managed.py +57 -0
reconcile/gql_definitions/fragments/aws_account_sso.py +35 -0
reconcile/gql_definitions/fragments/aws_infra_management_account.py +2 -2
reconcile/gql_definitions/fragments/aws_vpc.py +47 -0
reconcile/gql_definitions/fragments/aws_vpc_request.py +65 -0
reconcile/gql_definitions/fragments/aws_vpc_request_subnet.py +29 -0
reconcile/gql_definitions/fragments/deplopy_resources.py +7 -7
reconcile/gql_definitions/fragments/disable.py +28 -0
reconcile/gql_definitions/fragments/jumphost_common_fields.py +2 -2
reconcile/gql_definitions/fragments/membership_source.py +47 -0
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +29 -0
reconcile/gql_definitions/fragments/oc_connection_cluster.py +4 -9
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +30 -0
reconcile/gql_definitions/fragments/prometheus_instance.py +48 -0
reconcile/gql_definitions/fragments/resource_limits_requirements.py +29 -0
reconcile/gql_definitions/fragments/{resource_requirements.py → resource_requests_requirements.py} +3 -3
reconcile/gql_definitions/fragments/resource_values.py +2 -2
reconcile/gql_definitions/fragments/saas_target_namespace.py +55 -12
reconcile/gql_definitions/fragments/serviceaccount_token.py +38 -0
reconcile/gql_definitions/fragments/terraform_state.py +36 -0
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -3
reconcile/gql_definitions/fragments/user.py +3 -2
reconcile/gql_definitions/fragments/vault_secret.py +2 -2
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +6 -2
reconcile/gql_definitions/gitlab_members/permissions.py +3 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +16 -2
reconcile/gql_definitions/glitchtip/glitchtip_project.py +22 -23
reconcile/gql_definitions/glitchtip_project_alerts/__init__.py +0 -0
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +173 -0
reconcile/gql_definitions/integrations/integrations.py +62 -45
reconcile/gql_definitions/introspection.json +51176 -0
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +13 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +79 -0
reconcile/gql_definitions/jira/__init__.py +0 -0
reconcile/gql_definitions/jira/jira_servers.py +80 -0
reconcile/gql_definitions/jira_permissions_validator/__init__.py +0 -0
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +131 -0
reconcile/gql_definitions/jumphosts/jumphosts.py +3 -5
reconcile/gql_definitions/ldap_groups/__init__.py +0 -0
reconcile/gql_definitions/ldap_groups/roles.py +111 -0
reconcile/gql_definitions/ldap_groups/settings.py +79 -0
reconcile/gql_definitions/maintenance/__init__.py +0 -0
reconcile/gql_definitions/maintenance/maintenances.py +101 -0
reconcile/gql_definitions/membershipsources/__init__.py +0 -0
reconcile/gql_definitions/membershipsources/roles.py +112 -0
reconcile/gql_definitions/ocm_labels/__init__.py +0 -0
reconcile/gql_definitions/ocm_labels/clusters.py +112 -0
reconcile/gql_definitions/ocm_labels/organizations.py +78 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +126 -0
reconcile/gql_definitions/openshift_groups/managed_groups.py +2 -2
reconcile/gql_definitions/openshift_groups/managed_roles.py +3 -2
reconcile/gql_definitions/openshift_serviceaccount_tokens/__init__.py +0 -0
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +132 -0
reconcile/gql_definitions/quay_membership/quay_membership.py +3 -5
reconcile/gql_definitions/rhidp/__init__.py +0 -0
reconcile/gql_definitions/rhidp/organizations.py +96 -0
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +2 -2
reconcile/gql_definitions/service_dependencies/service_dependencies.py +9 -31
reconcile/gql_definitions/sharding/aws_accounts.py +2 -2
reconcile/gql_definitions/sharding/ocm_organization.py +63 -0
reconcile/gql_definitions/skupper_network/site_controller_template.py +2 -2
reconcile/gql_definitions/skupper_network/skupper_networks.py +12 -38
reconcile/gql_definitions/slack_usergroups/clusters.py +2 -2
reconcile/gql_definitions/slack_usergroups/permissions.py +8 -15
reconcile/gql_definitions/slack_usergroups/users.py +3 -2
reconcile/gql_definitions/slo_documents/__init__.py +0 -0
reconcile/gql_definitions/slo_documents/slo_documents.py +142 -0
reconcile/gql_definitions/status_board/__init__.py +0 -0
reconcile/gql_definitions/status_board/status_board.py +163 -0
reconcile/gql_definitions/statuspage/statuspages.py +56 -7
reconcile/gql_definitions/templating/__init__.py +0 -0
reconcile/gql_definitions/templating/template_collection.py +130 -0
reconcile/gql_definitions/templating/templates.py +108 -0
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +8 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +6 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +45 -56
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +4 -8
reconcile/gql_definitions/terraform_init/__init__.py +0 -0
reconcile/gql_definitions/terraform_init/aws_accounts.py +93 -0
reconcile/gql_definitions/terraform_repo/__init__.py +0 -0
reconcile/gql_definitions/terraform_repo/terraform_repo.py +141 -0
reconcile/gql_definitions/terraform_resources/database_access_manager.py +158 -0
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +153 -162
reconcile/gql_definitions/terraform_tgw_attachments/__init__.py +0 -0
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +119 -0
reconcile/gql_definitions/unleash_feature_toggles/__init__.py +0 -0
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +113 -0
reconcile/gql_definitions/vault_instances/vault_instances.py +17 -50
reconcile/gql_definitions/vault_policies/vault_policies.py +2 -2
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +49 -12
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +7 -2
reconcile/integrations_manager.py +25 -13
reconcile/jenkins/types.py +5 -1
reconcile/jenkins_base.py +36 -0
reconcile/jenkins_job_builder.py +10 -48
reconcile/jenkins_job_builds_cleaner.py +40 -25
reconcile/jenkins_job_cleaner.py +1 -3
reconcile/jenkins_roles.py +22 -26
reconcile/jenkins_webhooks.py +9 -6
reconcile/jenkins_worker_fleets.py +11 -6
reconcile/jira_permissions_validator.py +340 -0
reconcile/jira_watcher.py +3 -5
reconcile/ldap_groups/__init__.py +0 -0
reconcile/ldap_groups/integration.py +279 -0
reconcile/ldap_users.py +3 -0
reconcile/ocm/types.py +39 -59
reconcile/ocm_additional_routers.py +0 -1
reconcile/ocm_addons_upgrade_tests_trigger.py +10 -15
reconcile/ocm_aws_infrastructure_access.py +30 -32
reconcile/ocm_clusters.py +217 -130
reconcile/ocm_external_configuration_labels.py +15 -0
reconcile/ocm_github_idp.py +1 -1
reconcile/ocm_groups.py +25 -5
reconcile/ocm_internal_notifications/__init__.py +0 -0
reconcile/ocm_internal_notifications/integration.py +119 -0
reconcile/ocm_labels/__init__.py +0 -0
reconcile/ocm_labels/integration.py +409 -0
reconcile/ocm_machine_pools.py +517 -108
reconcile/ocm_upgrade_scheduler_org_updater.py +15 -11
reconcile/openshift_base.py +609 -207
reconcile/openshift_cluster_bots.py +344 -0
reconcile/openshift_clusterrolebindings.py +15 -15
reconcile/openshift_groups.py +42 -45
reconcile/openshift_limitranges.py +1 -0
reconcile/openshift_namespace_labels.py +22 -28
reconcile/openshift_namespaces.py +22 -22
reconcile/openshift_network_policies.py +4 -8
reconcile/openshift_prometheus_rules.py +43 -0
reconcile/openshift_resourcequotas.py +2 -16
reconcile/openshift_resources.py +12 -10
reconcile/openshift_resources_base.py +304 -328
reconcile/openshift_rolebindings.py +18 -20
reconcile/openshift_saas_deploy.py +105 -21
reconcile/openshift_saas_deploy_change_tester.py +30 -35
reconcile/openshift_saas_deploy_trigger_base.py +39 -36
reconcile/openshift_saas_deploy_trigger_cleaner.py +41 -27
reconcile/openshift_saas_deploy_trigger_configs.py +1 -2
reconcile/openshift_saas_deploy_trigger_images.py +1 -2
reconcile/openshift_saas_deploy_trigger_moving_commits.py +1 -2
reconcile/openshift_saas_deploy_trigger_upstream_jobs.py +1 -2
reconcile/openshift_serviceaccount_tokens.py +138 -74
reconcile/openshift_tekton_resources.py +89 -24
reconcile/openshift_upgrade_watcher.py +110 -62
reconcile/openshift_users.py +16 -15
reconcile/openshift_vault_secrets.py +11 -6
reconcile/oum/__init__.py +0 -0
reconcile/oum/base.py +387 -0
reconcile/oum/labelset.py +55 -0
reconcile/oum/metrics.py +71 -0
reconcile/oum/models.py +69 -0
reconcile/oum/providers.py +59 -0
reconcile/oum/standalone.py +196 -0
reconcile/prometheus_rules_tester/integration.py +31 -23
reconcile/quay_base.py +4 -1
reconcile/quay_membership.py +1 -2
reconcile/quay_mirror.py +111 -61
reconcile/quay_mirror_org.py +34 -21
reconcile/quay_permissions.py +7 -3
reconcile/quay_repos.py +24 -32
reconcile/queries.py +263 -198
reconcile/query_validator.py +3 -5
reconcile/resource_scraper.py +3 -4
reconcile/{template_tester.py → resource_template_tester.py} +3 -3
reconcile/rhidp/__init__.py +0 -0
reconcile/rhidp/common.py +214 -0
reconcile/rhidp/metrics.py +20 -0
reconcile/rhidp/ocm_oidc_idp/__init__.py +0 -0
reconcile/rhidp/ocm_oidc_idp/base.py +221 -0
reconcile/rhidp/ocm_oidc_idp/integration.py +56 -0
reconcile/rhidp/ocm_oidc_idp/metrics.py +22 -0
reconcile/rhidp/sso_client/__init__.py +0 -0
reconcile/rhidp/sso_client/base.py +266 -0
reconcile/rhidp/sso_client/integration.py +60 -0
reconcile/rhidp/sso_client/metrics.py +39 -0
reconcile/run_integration.py +293 -0
reconcile/saas_auto_promotions_manager/integration.py +69 -24
reconcile/saas_auto_promotions_manager/merge_request_manager/batcher.py +208 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/desired_state.py +28 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request.py +3 -4
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager_v2.py +172 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/metrics.py +42 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/mr_parser.py +226 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/open_merge_requests.py +23 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +108 -32
reconcile/saas_auto_promotions_manager/meta.py +4 -0
reconcile/saas_auto_promotions_manager/publisher.py +32 -4
reconcile/saas_auto_promotions_manager/s3_exporter.py +77 -0
reconcile/saas_auto_promotions_manager/subscriber.py +110 -23
reconcile/saas_auto_promotions_manager/utils/saas_files_inventory.py +48 -41
reconcile/saas_file_validator.py +16 -6
reconcile/sendgrid_teammates.py +27 -12
reconcile/service_dependencies.py +0 -3
reconcile/signalfx_endpoint_monitoring.py +2 -5
reconcile/skupper_network/integration.py +10 -11
reconcile/skupper_network/models.py +3 -5
reconcile/skupper_network/reconciler.py +28 -35
reconcile/skupper_network/site_controller.py +8 -8
reconcile/slack_base.py +4 -7
reconcile/slack_usergroups.py +249 -171
reconcile/sql_query.py +324 -171
reconcile/status.py +0 -1
reconcile/status_board.py +275 -0
reconcile/statuspage/__init__.py +0 -5
reconcile/statuspage/atlassian.py +219 -80
reconcile/statuspage/integration.py +9 -97
reconcile/statuspage/integrations/__init__.py +0 -0
reconcile/statuspage/integrations/components.py +77 -0
reconcile/statuspage/integrations/maintenances.py +111 -0
reconcile/statuspage/page.py +107 -72
reconcile/statuspage/state.py +6 -11
reconcile/statuspage/status.py +8 -12
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +60 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +61 -0
reconcile/templating/__init__.py +0 -0
reconcile/templating/lib/__init__.py +0 -0
reconcile/templating/lib/merge_request_manager.py +180 -0
reconcile/templating/lib/model.py +20 -0
reconcile/templating/lib/rendering.py +191 -0
reconcile/templating/renderer.py +410 -0
reconcile/templating/validator.py +153 -0
reconcile/terraform_aws_route53.py +13 -10
reconcile/terraform_cloudflare_dns.py +92 -122
reconcile/terraform_cloudflare_resources.py +15 -13
reconcile/terraform_cloudflare_users.py +27 -27
reconcile/terraform_init/__init__.py +0 -0
reconcile/terraform_init/integration.py +165 -0
reconcile/terraform_init/merge_request.py +57 -0
reconcile/terraform_init/merge_request_manager.py +102 -0
reconcile/terraform_repo.py +403 -0
reconcile/terraform_resources.py +266 -168
reconcile/terraform_tgw_attachments.py +417 -167
reconcile/terraform_users.py +40 -17
reconcile/terraform_vpc_peerings.py +310 -142
reconcile/terraform_vpc_resources/__init__.py +0 -0
reconcile/terraform_vpc_resources/integration.py +220 -0
reconcile/terraform_vpc_resources/merge_request.py +57 -0
reconcile/terraform_vpc_resources/merge_request_manager.py +107 -0
reconcile/typed_queries/alerting_services_settings.py +1 -2
reconcile/typed_queries/app_interface_custom_messages.py +24 -0
reconcile/typed_queries/app_interface_deadmanssnitch_settings.py +17 -0
reconcile/typed_queries/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py +13 -0
reconcile/typed_queries/app_interface_repo_url.py +1 -2
reconcile/typed_queries/app_interface_state_settings.py +1 -3
reconcile/typed_queries/app_interface_vault_settings.py +1 -2
reconcile/typed_queries/app_quay_repos_escalation_policies.py +14 -0
reconcile/typed_queries/apps.py +11 -0
reconcile/typed_queries/aws_vpc_requests.py +9 -0
reconcile/typed_queries/aws_vpcs.py +12 -0
reconcile/typed_queries/cloudflare.py +10 -0
reconcile/typed_queries/clusters.py +7 -5
reconcile/typed_queries/clusters_minimal.py +6 -5
reconcile/typed_queries/clusters_with_dms.py +16 -0
reconcile/typed_queries/cost_report/__init__.py +0 -0
reconcile/typed_queries/cost_report/app_names.py +22 -0
reconcile/typed_queries/cost_report/cost_namespaces.py +43 -0
reconcile/typed_queries/cost_report/settings.py +15 -0
reconcile/typed_queries/dynatrace.py +10 -0
reconcile/typed_queries/dynatrace_environments.py +14 -0
reconcile/typed_queries/dynatrace_token_provider_token_specs.py +14 -0
reconcile/typed_queries/external_resources.py +46 -0
reconcile/typed_queries/get_state_aws_account.py +20 -0
reconcile/typed_queries/glitchtip.py +10 -0
reconcile/typed_queries/jenkins.py +25 -0
reconcile/typed_queries/jira.py +7 -0
reconcile/typed_queries/jira_settings.py +16 -0
reconcile/typed_queries/jiralert_settings.py +22 -0
reconcile/typed_queries/ocm.py +8 -0
reconcile/typed_queries/pagerduty_instances.py +2 -7
reconcile/typed_queries/quay.py +23 -0
reconcile/typed_queries/repos.py +20 -8
reconcile/typed_queries/reserved_networks.py +12 -0
reconcile/typed_queries/saas_files.py +221 -167
reconcile/typed_queries/slack.py +7 -0
reconcile/typed_queries/slo_documents.py +12 -0
reconcile/typed_queries/status_board.py +58 -0
reconcile/typed_queries/tekton_pipeline_providers.py +1 -2
reconcile/typed_queries/terraform_namespaces.py +1 -2
reconcile/typed_queries/terraform_tgw_attachments/__init__.py +0 -0
reconcile/typed_queries/terraform_tgw_attachments/aws_accounts.py +16 -0
reconcile/typed_queries/unleash.py +10 -0
reconcile/typed_queries/users.py +11 -0
reconcile/typed_queries/vault.py +10 -0
reconcile/unleash_feature_toggles/__init__.py +0 -0
reconcile/unleash_feature_toggles/integration.py +287 -0
reconcile/utils/acs/__init__.py +0 -0
reconcile/utils/acs/base.py +81 -0
reconcile/utils/acs/notifiers.py +143 -0
reconcile/utils/acs/policies.py +163 -0
reconcile/utils/acs/rbac.py +277 -0
reconcile/utils/aggregated_list.py +11 -9
reconcile/utils/amtool.py +6 -4
reconcile/utils/aws_api.py +279 -66
reconcile/utils/aws_api_typed/__init__.py +0 -0
reconcile/utils/aws_api_typed/account.py +23 -0
reconcile/utils/aws_api_typed/api.py +273 -0
reconcile/utils/aws_api_typed/dynamodb.py +16 -0
reconcile/utils/aws_api_typed/iam.py +67 -0
reconcile/utils/aws_api_typed/organization.py +152 -0
reconcile/utils/aws_api_typed/s3.py +26 -0
reconcile/utils/aws_api_typed/service_quotas.py +79 -0
reconcile/utils/aws_api_typed/sts.py +36 -0
reconcile/utils/aws_api_typed/support.py +79 -0
reconcile/utils/aws_helper.py +42 -3
reconcile/utils/batches.py +11 -0
reconcile/utils/binary.py +7 -9
reconcile/utils/cloud_resource_best_practice/__init__.py +0 -0
reconcile/utils/cloud_resource_best_practice/aws_rds.py +66 -0
reconcile/utils/clusterhealth/__init__.py +0 -0
reconcile/utils/clusterhealth/providerbase.py +39 -0
reconcile/utils/clusterhealth/telemeter.py +39 -0
reconcile/utils/config.py +3 -4
reconcile/utils/deadmanssnitch_api.py +86 -0
reconcile/utils/differ.py +205 -0
reconcile/utils/disabled_integrations.py +4 -6
reconcile/utils/dynatrace/__init__.py +0 -0
reconcile/utils/dynatrace/client.py +93 -0
reconcile/utils/early_exit_cache.py +289 -0
reconcile/utils/elasticsearch_exceptions.py +5 -0
reconcile/utils/environ.py +2 -2
reconcile/utils/exceptions.py +4 -0
reconcile/utils/expiration.py +4 -8
reconcile/utils/extended_early_exit.py +210 -0
reconcile/utils/external_resource_spec.py +34 -12
reconcile/utils/external_resources.py +48 -20
reconcile/utils/filtering.py +16 -0
reconcile/utils/git.py +49 -16
reconcile/utils/github_api.py +10 -9
reconcile/utils/gitlab_api.py +333 -190
reconcile/utils/glitchtip/client.py +97 -100
reconcile/utils/glitchtip/models.py +89 -11
reconcile/utils/gql.py +157 -58
reconcile/utils/grouping.py +17 -0
reconcile/utils/helm.py +89 -18
reconcile/utils/helpers.py +51 -0
reconcile/utils/imap_client.py +5 -6
reconcile/utils/internal_groups/__init__.py +0 -0
reconcile/utils/internal_groups/client.py +160 -0
reconcile/utils/internal_groups/models.py +71 -0
reconcile/utils/jenkins_api.py +10 -34
reconcile/utils/jinja2/__init__.py +0 -0
reconcile/utils/{jinja2_ext.py → jinja2/extensions.py} +6 -4
reconcile/utils/jinja2/filters.py +142 -0
reconcile/utils/jinja2/utils.py +278 -0
reconcile/utils/jira_client.py +165 -8
reconcile/utils/jjb_client.py +47 -35
reconcile/utils/jobcontroller/__init__.py +0 -0
reconcile/utils/jobcontroller/controller.py +413 -0
reconcile/utils/jobcontroller/models.py +195 -0
reconcile/utils/jsonpath.py +4 -5
reconcile/utils/jump_host.py +13 -12
reconcile/utils/keycloak.py +106 -0
reconcile/utils/ldap_client.py +35 -6
reconcile/utils/lean_terraform_client.py +115 -6
reconcile/utils/membershipsources/__init__.py +0 -0
reconcile/utils/membershipsources/app_interface_resolver.py +60 -0
reconcile/utils/membershipsources/models.py +91 -0
reconcile/utils/membershipsources/resolver.py +110 -0
reconcile/utils/merge_request_manager/__init__.py +0 -0
reconcile/utils/merge_request_manager/merge_request_manager.py +99 -0
reconcile/utils/merge_request_manager/parser.py +67 -0
reconcile/utils/metrics.py +511 -1
reconcile/utils/models.py +123 -0
reconcile/utils/mr/README.md +198 -0
reconcile/utils/mr/__init__.py +14 -10
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/aws_access.py +4 -4
reconcile/utils/mr/base.py +51 -31
reconcile/utils/mr/clusters_updates.py +10 -7
reconcile/utils/mr/glitchtip_access_reporter.py +2 -4
reconcile/utils/mr/labels.py +14 -1
reconcile/utils/mr/notificator.py +1 -3
reconcile/utils/mr/ocm_update_recommended_version.py +1 -2
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +7 -3
reconcile/utils/mr/promote_qontract.py +203 -0
reconcile/utils/mr/user_maintenance.py +24 -4
reconcile/utils/oauth2_backend_application_session.py +132 -0
reconcile/utils/oc.py +194 -170
reconcile/utils/oc_connection_parameters.py +40 -51
reconcile/utils/oc_filters.py +11 -13
reconcile/utils/oc_map.py +14 -35
reconcile/utils/ocm/__init__.py +30 -1
reconcile/utils/ocm/addons.py +228 -0
reconcile/utils/ocm/base.py +618 -5
reconcile/utils/ocm/cluster_groups.py +5 -56
reconcile/utils/ocm/clusters.py +111 -99
reconcile/utils/ocm/identity_providers.py +66 -0
reconcile/utils/ocm/label_sources.py +75 -0
reconcile/utils/ocm/labels.py +139 -54
reconcile/utils/ocm/manifests.py +39 -0
reconcile/utils/ocm/ocm.py +182 -928
reconcile/utils/ocm/products.py +758 -0
reconcile/utils/ocm/search_filters.py +20 -28
reconcile/utils/ocm/service_log.py +32 -79
reconcile/utils/ocm/sre_capability_labels.py +51 -0
reconcile/utils/ocm/status_board.py +66 -0
reconcile/utils/ocm/subscriptions.py +49 -59
reconcile/utils/ocm/syncsets.py +39 -0
reconcile/utils/ocm/upgrades.py +181 -0
reconcile/utils/ocm_base_client.py +71 -36
reconcile/utils/openshift_resource.py +113 -67
reconcile/utils/output.py +18 -11
reconcile/utils/pagerduty_api.py +16 -10
reconcile/utils/parse_dhms_duration.py +13 -1
reconcile/utils/prometheus.py +123 -0
reconcile/utils/promotion_state.py +56 -19
reconcile/utils/promtool.py +5 -8
reconcile/utils/quay_api.py +13 -25
reconcile/utils/raw_github_api.py +3 -5
reconcile/utils/repo_owners.py +2 -8
reconcile/utils/rest_api_base.py +126 -0
reconcile/utils/rosa/__init__.py +0 -0
reconcile/utils/rosa/rosa_cli.py +310 -0
reconcile/utils/rosa/session.py +201 -0
reconcile/utils/ruamel.py +16 -0
reconcile/utils/runtime/__init__.py +0 -1
reconcile/utils/runtime/desired_state_diff.py +9 -20
reconcile/utils/runtime/environment.py +33 -8
reconcile/utils/runtime/integration.py +28 -12
reconcile/utils/runtime/meta.py +1 -3
reconcile/utils/runtime/runner.py +8 -11
reconcile/utils/runtime/sharding.py +93 -36
reconcile/utils/saasherder/__init__.py +1 -1
reconcile/utils/saasherder/interfaces.py +143 -138
reconcile/utils/saasherder/models.py +201 -43
reconcile/utils/saasherder/saasherder.py +508 -378
reconcile/utils/secret_reader.py +22 -27
reconcile/utils/semver_helper.py +15 -1
reconcile/utils/slack_api.py +124 -36
reconcile/utils/smtp_client.py +1 -2
reconcile/utils/sqs_gateway.py +10 -6
reconcile/utils/state.py +276 -127
reconcile/utils/terraform/config_client.py +6 -7
reconcile/utils/terraform_client.py +284 -125
reconcile/utils/terrascript/cloudflare_client.py +38 -17
reconcile/utils/terrascript/cloudflare_resources.py +67 -18
reconcile/utils/terrascript/models.py +2 -3
reconcile/utils/terrascript/resources.py +1 -2
reconcile/utils/terrascript_aws_client.py +1292 -540
reconcile/utils/three_way_diff_strategy.py +157 -0
reconcile/utils/unleash/__init__.py +11 -0
reconcile/utils/{unleash.py → unleash/client.py} +35 -29
reconcile/utils/unleash/server.py +145 -0
reconcile/utils/vault.py +42 -32
reconcile/utils/vaultsecretref.py +2 -4
reconcile/utils/vcs.py +250 -0
reconcile/vault_replication.py +38 -31
reconcile/vpc_peerings_validator.py +82 -13
tools/app_interface_metrics_exporter.py +70 -0
tools/app_interface_reporter.py +44 -157
tools/cli_commands/container_images_report.py +154 -0
tools/cli_commands/cost_report/__init__.py +0 -0
tools/cli_commands/cost_report/aws.py +137 -0
tools/cli_commands/cost_report/cost_management_api.py +155 -0
tools/cli_commands/cost_report/model.py +49 -0
tools/cli_commands/cost_report/openshift.py +166 -0
tools/cli_commands/cost_report/openshift_cost_optimization.py +187 -0
tools/cli_commands/cost_report/response.py +124 -0
tools/cli_commands/cost_report/util.py +72 -0
tools/cli_commands/cost_report/view.py +524 -0
tools/cli_commands/erv2.py +620 -0
tools/cli_commands/gpg_encrypt.py +5 -8
tools/cli_commands/systems_and_tools.py +489 -0
tools/glitchtip_access_revalidation.py +1 -1
tools/qontract_cli.py +2301 -673
tools/saas_metrics_exporter/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/channel.py +63 -0
tools/saas_metrics_exporter/commit_distance/commit_distance.py +103 -0
tools/saas_metrics_exporter/commit_distance/metrics.py +19 -0
tools/saas_metrics_exporter/main.py +99 -0
tools/saas_promotion_state/__init__.py +0 -0
tools/saas_promotion_state/saas_promotion_state.py +105 -0
tools/sd_app_sre_alert_report.py +145 -0
tools/template_validation.py +107 -0
e2e_tests/cli.py +0 -83
e2e_tests/create_namespace.py +0 -43
e2e_tests/dedicated_admin_rolebindings.py +0 -44
e2e_tests/dedicated_admin_test_base.py +0 -39
e2e_tests/default_network_policies.py +0 -47
e2e_tests/default_project_labels.py +0 -52
e2e_tests/network_policy_test_base.py +0 -17
e2e_tests/test_base.py +0 -56
qontract_reconcile-0.9.1rc298.dist-info/METADATA +0 -63
qontract_reconcile-0.9.1rc298.dist-info/RECORD +0 -585
qontract_reconcile-0.9.1rc298.dist-info/top_level.txt +0 -4
reconcile/ecr_mirror.py +0 -152
reconcile/github_scanner.py +0 -74
reconcile/gitlab_integrations.py +0 -63
reconcile/gql_definitions/ocm_oidc_idp/clusters.py +0 -195
reconcile/gql_definitions/ocp_release_mirror/ocp_release_mirror.py +0 -287
reconcile/integrations_validator.py +0 -18
reconcile/jenkins_plugins.py +0 -129
reconcile/kafka_clusters.py +0 -208
reconcile/ocm_cluster_admin.py +0 -42
reconcile/ocm_oidc_idp.py +0 -198
reconcile/ocp_release_mirror.py +0 -373
reconcile/prometheus_rules_tester_old.py +0 -436
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager.py +0 -279
reconcile/saas_auto_promotions_manager/utils/vcs.py +0 -141
reconcile/sentry_config.py +0 -613
reconcile/sentry_helper.py +0 -69
reconcile/test/conftest.py +0 -187
reconcile/test/fixtures.py +0 -24
reconcile/test/saas_auto_promotions_manager/conftest.py +0 -69
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/conftest.py +0 -110
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/data_keys.py +0 -10
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_housekeeping.py +0 -200
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_merge_request_manager.py +0 -151
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/conftest.py +0 -63
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/data_keys.py +0 -4
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_multiple_namespaces.py +0 -46
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_namespace.py +0 -94
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_target.py +0 -44
reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py +0 -74
reconcile/test/saas_auto_promotions_manager/subscriber/data_keys.py +0 -11
reconcile/test/saas_auto_promotions_manager/subscriber/test_content_hash.py +0 -155
reconcile/test/saas_auto_promotions_manager/subscriber/test_diff.py +0 -173
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_config_hash.py +0 -226
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_moving_ref.py +0 -224
reconcile/test/saas_auto_promotions_manager/subscriber/test_single_channel_with_single_publisher.py +0 -350
reconcile/test/saas_auto_promotions_manager/test_integration_test.py +0 -129
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_multiple_publishers_for_single_channel.py +0 -70
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_use_target_config_hash.py +0 -63
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_with_auto_promote.py +0 -74
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_without_auto_promote.py +0 -65
reconcile/test/test_aggregated_list.py +0 -237
reconcile/test/test_amtool.py +0 -37
reconcile/test/test_auto_promoter.py +0 -295
reconcile/test/test_aws_ami_share.py +0 -68
reconcile/test/test_aws_iam_keys.py +0 -70
reconcile/test/test_aws_iam_password_reset.py +0 -35
reconcile/test/test_aws_support_cases_sos.py +0 -23
reconcile/test/test_checkpoint.py +0 -178
reconcile/test/test_cli.py +0 -41
reconcile/test/test_closedbox_endpoint_monitoring.py +0 -207
reconcile/test/test_gabi_authorized_users.py +0 -72
reconcile/test/test_github_org.py +0 -154
reconcile/test/test_github_repo_invites.py +0 -123
reconcile/test/test_gitlab_housekeeping.py +0 -88
reconcile/test/test_gitlab_labeler.py +0 -129
reconcile/test/test_gitlab_members.py +0 -283
reconcile/test/test_instrumented_wrappers.py +0 -18
reconcile/test/test_integrations_manager.py +0 -995
reconcile/test/test_jenkins_worker_fleets.py +0 -55
reconcile/test/test_jump_host.py +0 -117
reconcile/test/test_ldap_users.py +0 -123
reconcile/test/test_make.py +0 -28
reconcile/test/test_ocm_additional_routers.py +0 -134
reconcile/test/test_ocm_addons_upgrade_scheduler_org.py +0 -149
reconcile/test/test_ocm_clusters.py +0 -598
reconcile/test/test_ocm_clusters_manifest_updates.py +0 -89
reconcile/test/test_ocm_oidc_idp.py +0 -315
reconcile/test/test_ocm_update_recommended_version.py +0 -145
reconcile/test/test_ocm_upgrade_scheduler.py +0 -614
reconcile/test/test_ocm_upgrade_scheduler_org_updater.py +0 -129
reconcile/test/test_openshift_base.py +0 -730
reconcile/test/test_openshift_namespace_labels.py +0 -345
reconcile/test/test_openshift_namespaces.py +0 -256
reconcile/test/test_openshift_resource.py +0 -415
reconcile/test/test_openshift_resources_base.py +0 -440
reconcile/test/test_openshift_saas_deploy_change_tester.py +0 -310
reconcile/test/test_openshift_tekton_resources.py +0 -253
reconcile/test/test_openshift_upgrade_watcher.py +0 -146
reconcile/test/test_prometheus_rules_tester.py +0 -151
reconcile/test/test_prometheus_rules_tester_old.py +0 -77
reconcile/test/test_quay_membership.py +0 -86
reconcile/test/test_quay_mirror.py +0 -109
reconcile/test/test_quay_mirror_org.py +0 -70
reconcile/test/test_quay_repos.py +0 -59
reconcile/test/test_queries.py +0 -53
reconcile/test/test_repo_owners.py +0 -47
reconcile/test/test_requests_sender.py +0 -139
reconcile/test/test_saasherder.py +0 -1074
reconcile/test/test_saasherder_allowed_secret_paths.py +0 -127
reconcile/test/test_secret_reader.py +0 -153
reconcile/test/test_slack_base.py +0 -185
reconcile/test/test_slack_usergroups.py +0 -744
reconcile/test/test_sql_query.py +0 -19
reconcile/test/test_terraform_cloudflare_dns.py +0 -117
reconcile/test/test_terraform_cloudflare_resources.py +0 -106
reconcile/test/test_terraform_cloudflare_users.py +0 -749
reconcile/test/test_terraform_resources.py +0 -257
reconcile/test/test_terraform_tgw_attachments.py +0 -631
reconcile/test/test_terraform_users.py +0 -57
reconcile/test/test_terraform_vpc_peerings.py +0 -499
reconcile/test/test_terraform_vpc_peerings_build_desired_state.py +0 -1061
reconcile/test/test_unleash.py +0 -138
reconcile/test/test_utils_aws_api.py +0 -240
reconcile/test/test_utils_aws_helper.py +0 -80
reconcile/test/test_utils_cluster_version_data.py +0 -177
reconcile/test/test_utils_data_structures.py +0 -13
reconcile/test/test_utils_disabled_integrations.py +0 -86
reconcile/test/test_utils_expiration.py +0 -109
reconcile/test/test_utils_external_resource_spec.py +0 -383
reconcile/test/test_utils_external_resources.py +0 -247
reconcile/test/test_utils_github_api.py +0 -73
reconcile/test/test_utils_gitlab_api.py +0 -20
reconcile/test/test_utils_gpg.py +0 -69
reconcile/test/test_utils_gql.py +0 -81
reconcile/test/test_utils_helm.py +0 -306
reconcile/test/test_utils_helpers.py +0 -55
reconcile/test/test_utils_imap_client.py +0 -65
reconcile/test/test_utils_jjb_client.py +0 -52
reconcile/test/test_utils_jsonpath.py +0 -286
reconcile/test/test_utils_ldap_client.py +0 -51
reconcile/test/test_utils_mr.py +0 -226
reconcile/test/test_utils_mr_clusters_updates.py +0 -77
reconcile/test/test_utils_oc.py +0 -984
reconcile/test/test_utils_ocm.py +0 -110
reconcile/test/test_utils_pagerduty_api.py +0 -251
reconcile/test/test_utils_parse_dhms_duration.py +0 -34
reconcile/test/test_utils_password_validator.py +0 -155
reconcile/test/test_utils_quay_api.py +0 -86
reconcile/test/test_utils_semver_helper.py +0 -19
reconcile/test/test_utils_sharding.py +0 -56
reconcile/test/test_utils_slack_api.py +0 -439
reconcile/test/test_utils_smtp_client.py +0 -73
reconcile/test/test_utils_state.py +0 -256
reconcile/test/test_utils_terraform.py +0 -13
reconcile/test/test_utils_terraform_client.py +0 -585
reconcile/test/test_utils_terraform_config_client.py +0 -219
reconcile/test/test_utils_terrascript_aws_client.py +0 -277
reconcile/test/test_utils_terrascript_cloudflare_client.py +0 -597
reconcile/test/test_utils_terrascript_cloudflare_resources.py +0 -26
reconcile/test/test_vault_replication.py +0 -515
reconcile/test/test_vault_utils.py +0 -47
reconcile/test/test_version_bump.py +0 -18
reconcile/test/test_vpc_peerings_validator.py +0 -103
reconcile/test/test_wrong_region.py +0 -78
reconcile/typed_queries/glitchtip_settings.py +0 -18
reconcile/typed_queries/ocp_release_mirror.py +0 -11
reconcile/unleash_watcher.py +0 -120
reconcile/utils/git_secrets.py +0 -63
reconcile/utils/mr/auto_promoter.py +0 -218
reconcile/utils/sentry_client.py +0 -383
release/test_version.py +0 -50
release/version.py +0 -100
tools/test/test_qontract_cli.py +0 -60
tools/test/test_sre_checkpoints.py +0 -79
/e2e_tests/__init__.py → /reconcile/aus/upgrades.py +0 -0
/reconcile/{gql_definitions/ocp_release_mirror → aws_account_manager}/__init__.py +0 -0
/reconcile/{test → aws_ami_cleanup}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager → aws_cloudwatch_log_retention}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager → aws_saml_idp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager → aws_saml_roles}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/renderer → aws_version_sync}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/subscriber → aws_version_sync/merge_request_manager}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils → cluster_auth_rhidp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils/saas_files_inventory → dynatrace_token_provider}/__init__.py +0 -0
{release → reconcile/endpoints_discovery}/__init__.py +0 -0
{tools/test → reconcile/external_resources}/__init__.py +0 -0

reconcile/aus/base.py CHANGED Viewed

@@ -1,166 +1,637 @@
-import copy
+import datetime as dt
 import logging
 import sys
-from abc import abstractmethod
-from collections.abc import (
-    Iterable,
-    Mapping,
+from abc import (
+    ABC,
+    abstractmethod,
+)
+from collections.abc import Callable, Sequence
+from datetime import (
+    datetime,
+    timedelta,
 )
-from datetime import datetime
 from typing import (
-    Any,
-    Callable,
-    Optional,
+    Protocol,
+    cast,
 )
 from croniter import croniter
+from pydantic import BaseModel, Extra
 from semver import VersionInfo
-from reconcile.aus.models import OrganizationUpgradeSpec
+from reconcile.aus.cluster_version_data import (
+    VersionData,
+    VersionDataMap,
+    WorkloadHistory,
+    get_version_data,
+)
+from reconcile.aus.metrics import (
+    CLUSTER_HEALTH_HEALTHY_METRIC_VALUE,
+    CLUSTER_HEALTH_UNHEALTHY_METRIC_VALUE,
+    UPGRADE_BLOCKED_METRIC_VALUE,
+    UPGRADE_LONG_RUNNING_METRIC_VALUE,
+    UPGRADE_SCHEDULED_METRIC_VALUE,
+    UPGRADE_STARTED_METRIC_VALUE,
+    AUSClusterHealthStateGauge,
+    AUSClusterUpgradePolicyInfoMetric,
+    AUSOCMEnvironmentError,
+    AUSOrganizationErrorRate,
+    AUSOrganizationValidationErrorsGauge,
+)
+from reconcile.aus.models import (
+    ClusterAddonUpgradeSpec,
+    ClusterUpgradeSpec,
+    OrganizationUpgradeSpec,
+    Sector,
+)
+from reconcile.aus.version_gates import HANDLERS
+from reconcile.gql_definitions.advanced_upgrade_service.aus_organization import (
+    query as aus_organizations_query,
+)
+from reconcile.gql_definitions.common.ocm_env_telemeter import (
+    query as ocm_env_telemeter_query,
+)
 from reconcile.gql_definitions.common.ocm_environments import (
     query as ocm_environment_query,
 )
+from reconcile.gql_definitions.fragments.aus_organization import AUSOCMOrganization
 from reconcile.gql_definitions.fragments.ocm_environment import OCMEnvironment
-from reconcile.utils import gql
-from reconcile.utils.cluster_version_data import (
-    VersionData,
-    WorkloadHistory,
-    get_version_data,
+from reconcile.gql_definitions.fragments.upgrade_policy import ClusterUpgradePolicyV1
+from reconcile.utils import (
+    gql,
+    metrics,
+)
+from reconcile.utils.clusterhealth.providerbase import (
+    ClusterHealthProvider,
+)
+from reconcile.utils.clusterhealth.telemeter import (
+    TELEMETER_SOURCE,
+    TelemeterClusterHealthProvider,
 )
 from reconcile.utils.defer import defer
-from reconcile.utils.ocm import (
-    OCM,
-    OCMMap,
-    Sector,
+from reconcile.utils.disabled_integrations import integration_is_enabled
+from reconcile.utils.filtering import remove_none_values_from_dict
+from reconcile.utils.ocm.addons import AddonService, AddonServiceV1, AddonServiceV2
+from reconcile.utils.ocm.clusters import (
+    OCMCluster,
+)
+from reconcile.utils.ocm.upgrades import (
+    OCMVersionGate,
+    create_control_plane_upgrade_policy,
+    create_node_pool_upgrade_policy,
+    create_upgrade_policy,
+    delete_control_plane_upgrade_policy,
+    delete_upgrade_policy,
+    get_control_plane_upgrade_policies,
+    get_node_pool_upgrade_policies,
+    get_upgrade_policies,
+    get_version_agreement,
+    get_version_gates,
+)
+from reconcile.utils.ocm_base_client import OCMBaseClient
+from reconcile.utils.prometheus import (
+    init_prometheus_http_querier_from_prometheus_instance,
 )
 from reconcile.utils.runtime.integration import (
     PydanticRunParams,
     QontractReconcileIntegration,
 )
 from reconcile.utils.semver_helper import (
+    get_version_prefix,
     parse_semver,
     sort_versions,
 )
 from reconcile.utils.state import init_state
+MIN_DELTA_MINUTES = 6
 class AdvancedUpgradeSchedulerBaseIntegrationParams(PydanticRunParams):
+    ocm_environment: str | None = None
+    ocm_organization_ids: set[str] | None = None
+    excluded_ocm_organization_ids: set[str] | None = None
+    ignore_sts_clusters: bool = False
-    ocm_environment: Optional[str] = None
-    ocm_organization: Optional[str] = None
+class ReconcileErrorSummary(Exception):
+    def __init__(self, exceptions: list[str]) -> None:
+        self.exceptions = exceptions
+    def __str__(self) -> str:
+        formatted_exceptions = "\n".join([f"- {e}" for e in self.exceptions])
+        return f"Reconcile exceptions:\n{formatted_exceptions}"
 class AdvancedUpgradeSchedulerBaseIntegration(
     QontractReconcileIntegration[AdvancedUpgradeSchedulerBaseIntegrationParams]
 ):
     def run(self, dry_run: bool) -> None:
-        upgrade_specs = self.get_upgrade_specs()
-        for ocm_env, env_upgrade_specs in upgrade_specs.items():
-            for org_name, org_upgrade_spec in env_upgrade_specs.items():
-                if org_upgrade_spec.specs:
-                    self.process_upgrade_policies_in_org(dry_run, org_upgrade_spec)
-                else:
-                    logging.debug(
-                        f"Skip org {org_name} in {ocm_env} because it defines no upgrade policies"
-                    )
+        with metrics.transactional_metrics(self.name):
+            upgrade_specs = self.get_upgrade_specs()
+            unhandled_exceptions = []
+            for ocm_env, env_upgrade_specs in upgrade_specs.items():
+                for org_upgrade_spec in env_upgrade_specs.values():
+                    try:
+                        with AUSOrganizationErrorRate(
+                            integration=self.name,
+                            ocm_env=ocm_env,
+                            org_id=org_upgrade_spec.org.org_id,
+                        ):
+                            self.process_org(dry_run, ocm_env, org_upgrade_spec)
+                    except Exception as e:
+                        if not self.signal_reconcile_issues(
+                            dry_run, org_upgrade_spec, e
+                        ):
+                            unhandled_exceptions.append(
+                                f"{ocm_env}/{org_upgrade_spec.org.name}: {e}"
+                            )
+        if unhandled_exceptions:
+            raise ReconcileErrorSummary(unhandled_exceptions)
         sys.exit(0)
-    def get_upgrade_specs(self) -> dict[str, dict[str, OrganizationUpgradeSpec]]:
-        return {
-            ocm_env.name: self.get_ocm_env_upgrade_specs(
-                ocm_env,
-                self.params.ocm_organization,
+    def get_orgs_for_environment(
+        self, ocm_env: OCMEnvironment, only_addon_managed_upgrades: bool = False
+    ) -> list[AUSOCMOrganization]:
+        return get_orgs_for_environment(
+            integration=self.name,
+            ocm_env_name=ocm_env.name,
+            query_func=gql.get_api().query,
+            ocm_organization_ids=self.params.ocm_organization_ids,
+            excluded_ocm_organization_ids=self.params.excluded_ocm_organization_ids,
+            only_addon_managed_upgrades=only_addon_managed_upgrades,
+        )
+    def process_org(
+        self, dry_run: bool, ocm_env: str, org_upgrade_spec: OrganizationUpgradeSpec
+    ) -> None:
+        org_name = org_upgrade_spec.org.name
+        self.expose_org_upgrade_spec_metrics(ocm_env, org_upgrade_spec)
+        if org_upgrade_spec.has_validation_errors:
+            self.signal_validation_issues(dry_run, org_upgrade_spec)
+        elif org_upgrade_spec.specs:
+            self.process_upgrade_policies_in_org(dry_run, org_upgrade_spec)
+        else:
+            logging.debug(
+                f"Skip org {org_upgrade_spec.org.org_id}/{org_name} in {ocm_env} because it defines no upgrade policies"
             )
-            for ocm_env in self.get_ocm_environments()
-        }
-    def get_ocm_environments(self) -> list[OCMEnvironment]:
+    def get_upgrade_specs(self) -> dict[str, dict[str, OrganizationUpgradeSpec]]:
+        envs_org_upgrade_specs: dict[str, dict[str, OrganizationUpgradeSpec]] = {}
+        for ocm_env in self.get_ocm_environments():
+            try:
+                envs_org_upgrade_specs[ocm_env.name] = self.get_ocm_env_upgrade_specs(
+                    ocm_env=ocm_env
+                )
+            except Exception as e:
+                logging.exception(
+                    "Failed to get org upgrade specs for OCM environment %s. Skipping. %s",
+                    ocm_env.name,
+                    e,
+                )
+                metrics.inc_counter(
+                    AUSOCMEnvironmentError(
+                        integration=self.name,
+                        ocm_env=ocm_env.name,
+                    )
+                )
+        return envs_org_upgrade_specs
+    def get_ocm_environments(self, filter: bool = True) -> list[OCMEnvironment]:
         return ocm_environment_query(
             gql.get_api().query,
             variables={"name": self.params.ocm_environment}
-            if self.params.ocm_environment
+            if self.params.ocm_environment and filter
             else None,
         ).environments
+    def expose_remaining_soak_day_metrics(
+        self,
+        org_upgrade_spec: OrganizationUpgradeSpec,
+        version_data: VersionData,
+        current_state: Sequence["AbstractUpgradePolicy"],
+        metrics_builder: "RemainingSoakDayMetricsBuilder",
+    ) -> None:
+        current_cluster_upgrade_policies = {
+            p.cluster.external_id: p for p in current_state
+        }
+        for spec in org_upgrade_spec.specs:
+            upgrades = spec.get_available_upgrades()
+            if not upgrades:
+                continue
+            # calculate the amount every version has soaked. if a version has soaked for
+            # multiple workloads, we will pick the minimum soak day value of all workloads
+            # relevant on the cluster.
+            soaked_versions: dict[str, float] = {}
+            for workload in spec.upgrade_policy.workloads:
+                for version, soak_days in soaking_days(
+                    version_data, upgrades, workload, False
+                ).items():
+                    soaked_versions[version] = min(
+                        soak_days, soaked_versions.get(version, soak_days)
+                    )
+            current_upgrade = current_cluster_upgrade_policies.get(spec.cluster_uuid)
+            for version, metric_value in remaining_soak_day_metric_values_for_cluster(
+                spec, soaked_versions, current_upgrade
+            ).items():
+                metrics.set_gauge(
+                    metrics_builder(
+                        cluster_uuid=spec.cluster.external_id, soaking_version=version
+                    ),
+                    metric_value,
+                )
     @abstractmethod
     def process_upgrade_policies_in_org(
         self, dry_run: bool, org_upgrade_spec: OrganizationUpgradeSpec
-    ) -> None:
-        ...
+    ) -> None: ...
     @abstractmethod
     def get_ocm_env_upgrade_specs(
-        self, ocm_env: OCMEnvironment, org_name: Optional[str] = None
-    ) -> dict[str, OrganizationUpgradeSpec]:
-        ...
+        self, ocm_env: OCMEnvironment
+    ) -> dict[str, OrganizationUpgradeSpec]: ...
+    def signal_validation_issues(
+        self, dry_run: bool, org_upgrade_spec: OrganizationUpgradeSpec
+    ) -> None: ...
+    def signal_reconcile_issues(
+        self,
+        dry_run: bool,
+        org_upgrade_spec: OrganizationUpgradeSpec,
+        exception: Exception,
+    ) -> bool:
+        """
+        The bool return value is used to indicate if the exception was properly handled.
+        The default behaviour returns False, indicating that the exception was not
+        handled so that it can bubble up and potentially fail the integration.
+        This function can be overridden to handle exceptions in a custom way.
+        """
+        return False
+    def expose_org_upgrade_spec_metrics(
+        self, ocm_env: str, org_upgrade_spec: OrganizationUpgradeSpec
+    ) -> None:
+        metrics.set_gauge(
+            AUSOrganizationValidationErrorsGauge(
+                integration=self.name,
+                ocm_env=ocm_env,
+                org_id=org_upgrade_spec.org.org_id,
+            ),
+            org_upgrade_spec.nr_of_validation_errors,
+        )
+        for cluster_upgrade_spec in org_upgrade_spec.specs:
+            mutexes = cluster_upgrade_spec.upgrade_policy.conditions.mutexes
+            metrics.set_info(
+                AUSClusterUpgradePolicyInfoMetric(
+                    integration=self.name,
+                    ocm_env=ocm_env,
+                    cluster_uuid=cluster_upgrade_spec.cluster_uuid,
+                    org_id=cluster_upgrade_spec.org.org_id,
+                    org_name=org_upgrade_spec.org.name,
+                    channel=cluster_upgrade_spec.cluster.version.channel_group,
+                    current_version=cluster_upgrade_spec.oldest_current_version,
+                    cluster_name=cluster_upgrade_spec.name,
+                    schedule=cluster_upgrade_spec.upgrade_policy.schedule,
+                    sector=cluster_upgrade_spec.upgrade_policy.conditions.sector or "",
+                    mutexes=",".join(mutexes) if mutexes else "",
+                    soak_days=str(
+                        cluster_upgrade_spec.upgrade_policy.conditions.soak_days or 0
+                    ),
+                    workloads=",".join(cluster_upgrade_spec.upgrade_policy.workloads),
+                    product=cluster_upgrade_spec.cluster.product.id,
+                    hypershift=cluster_upgrade_spec.cluster.hypershift.enabled,
+                ),
+            )
+            for (
+                source,
+                has_health_error,
+            ) in cluster_upgrade_spec.health.health_errors_by_source().items():
+                metrics.set_gauge(
+                    AUSClusterHealthStateGauge(
+                        integration=self.name,
+                        ocm_env=ocm_env,
+                        health_source=source,
+                        cluster_uuid=cluster_upgrade_spec.cluster_uuid,
+                    ),
+                    CLUSTER_HEALTH_UNHEALTHY_METRIC_VALUE
+                    if has_health_error
+                    else CLUSTER_HEALTH_HEALTHY_METRIC_VALUE,
+                )
-# consider first lower versions and lower soakdays (when versions are equal)
-def sort_key(d: dict) -> tuple:
-    return (
-        parse_semver(d["current_version"]),
-        d["conditions"].get("soakDays") or 0,
-    )
+    def _health_check_providers_for_env(
+        self, ocm_env_name: str
+    ) -> dict[str, ClusterHealthProvider]:
+        providers: dict[str, ClusterHealthProvider] = {}
+        telemeter_provider = self._build_telemeter_health_check_provider_for_env(
+            ocm_env_name
+        )
+        if telemeter_provider:
+            providers[TELEMETER_SOURCE] = telemeter_provider
+        return providers
+    def _build_telemeter_health_check_provider_for_env(
+        self,
+        ocm_env_name: str,
+    ) -> TelemeterClusterHealthProvider | None:
+        ocm_env = next(
+            iter(
+                ocm_env_telemeter_query(
+                    gql.get_api().query, variables={"name": ocm_env_name}
+                ).ocm_envs
+            ),
+            None,
+        )
+        if ocm_env and ocm_env.telemeter:
+            return TelemeterClusterHealthProvider(
+                querier=init_prometheus_http_querier_from_prometheus_instance(
+                    prometheus=ocm_env.telemeter,
+                    secret_reader=self.secret_reader,
+                )
+            )
+        return None
-def fetch_current_state(
-    clusters: list[dict[str, Any]], ocm_map: OCMMap, addons: bool = False
-) -> list[dict[str, Any]]:
-    current_state = []
-    for cluster in clusters:
-        cluster_name = cluster["name"]
-        ocm = ocm_map.get(cluster_name)
-        if addons:
-            upgrade_policies = ocm.get_addon_upgrade_policies(cluster_name)
-        else:
-            upgrade_policies = ocm.get_upgrade_policies(cluster_name)
-        for upgrade_policy in upgrade_policies:
-            upgrade_policy["cluster"] = cluster_name
-            current_state.append(upgrade_policy)
-    return current_state
+def init_addon_service(ocm_env: OCMEnvironment) -> AddonService:
+    """
+    Initialize the right version of addon-service for an OCM environment.
+    Since this is just temporary until all OCM environments are on v2, we
+    use a label on the OCM environmentschema to determine which version to use.
+    """
+    addon_service_version = (ocm_env.labels or {}).get(
+        "feature_flag_addon_service_version"
+    ) or "v2"
+    return init_addon_service_version(addon_service_version)
-def fetch_desired_state(
-    clusters: list[dict[str, Any]], ocm_map: OCMMap, addons: bool = False
-) -> list[dict[str, Any]]:
-    desired_state = []
-    for cluster in clusters:
-        cluster_name = cluster["name"]
-        upgrade_policy = cluster["upgradePolicy"]
-        upgrade_policy["cluster"] = cluster_name
-        ocm: OCM = ocm_map.get(cluster_name)
-        if not ocm.is_ready(cluster_name):
-            # cluster has been deleted in OCM or is not ready yet
-            continue
-        # Replace sector names by their related OCM Sector object, including dependencies
-        sector_name = upgrade_policy["conditions"].get("sector")
-        if sector_name:
-            upgrade_policy["conditions"]["sector"] = ocm.sectors[sector_name]
-        if addons:
-            cluster_addons = ocm.get_cluster_addons(cluster_name, with_version=True)
-            for addon in cluster_addons:
-                policy = copy.deepcopy(upgrade_policy)
-                policy["addon_id"] = addon["id"]
-                policy["current_version"] = addon["version"]
-                desired_state.append(policy)
-        else:
-            spec = ocm.clusters[cluster_name].spec
-            upgrade_policy["current_version"] = spec.version
-            upgrade_policy["channel"] = spec.channel
-            upgrade_policy["available_upgrades"] = ocm.available_cluster_upgrades.get(
-                cluster_name
+def init_addon_service_version(addon_service_version: str) -> AddonService:
+    """
+    Initialize the right version of addon-service based on the version string.
+    Supported versions are:
+    - v1: part of CS
+    - v2: standalone service using upgrade-plans instead of upgrade-policies
+    """
+    match addon_service_version:
+        case "v1":
+            return AddonServiceV1()
+        case "v2":
+            return AddonServiceV2()
+        case _:
+            raise ValueError(f"Unknown addon service version: {addon_service_version}")
+class RemainingSoakDayMetricsBuilder(Protocol):
+    def __call__(
+        self, cluster_uuid: str, soaking_version: str
+    ) -> metrics.GaugeMetric: ...
+class AbstractUpgradePolicy(ABC, BaseModel):
+    """Abstract class for upgrade policies
+    Used to create and delete upgrade policies in OCM."""
+    cluster: OCMCluster
+    id: str | None
+    next_run: str | None
+    schedule: str | None
+    schedule_type: str
+    version: str
+    state: str | None
+    @abstractmethod
+    def create(self, ocm_api: OCMBaseClient) -> None:
+        pass
+    @abstractmethod
+    def delete(self, ocm_api: OCMBaseClient) -> None:
+        pass
+    @abstractmethod
+    def summarize(self) -> str:
+        pass
+def addon_upgrade_policy_soonest_next_run() -> str:
+    now = datetime.now(tz=dt.UTC)
+    next_run = now + timedelta(minutes=MIN_DELTA_MINUTES)
+    return next_run.strftime("%Y-%m-%dT%H:%M:%SZ")
+class AddonUpgradePolicy(AbstractUpgradePolicy):
+    """Class to create and delete Addon upgrade policies in OCM"""
+    addon_id: str
+    addon_service: AddonService
+    class Config:
+        arbitrary_types_allowed = True
+    def create(self, ocm_api: OCMBaseClient) -> None:
+        self.addon_service.create_addon_upgrade_policy(
+            ocm_api=ocm_api,
+            cluster_id=self.cluster.id,
+            addon_id=self.addon_id,
+            schedule_type="manual",
+            version=self.version,
+            next_run=self.next_run or addon_upgrade_policy_soonest_next_run(),
+        )
+    def delete(self, ocm_api: OCMBaseClient) -> None:
+        if not self.id:
+            raise ValueError(
+                "Cannot delete addon upgrade policy without id (not created yet)"
             )
-            desired_state.append(upgrade_policy)
+        self.addon_service.delete_addon_upgrade_policy(
+            ocm_api=ocm_api, cluster_id=self.cluster.id, policy_id=self.id
+        )
+    def summarize(self) -> str:
+        details = {
+            "cluster": self.cluster.name,
+            "cluster_id": self.cluster.id,
+            "version": self.version,
+            "next_run": self.next_run,
+            "addon_id": self.addon_id,
+        }
+        return f"addon upgrade policy - {remove_none_values_from_dict(details)}"
-    sorted_desired_state = sorted(desired_state, key=sort_key)
+class ClusterUpgradePolicy(AbstractUpgradePolicy):
+    """Class to create and delete ClusterUpgradePolicies in OCM"""
-    return sorted_desired_state
+    def create(self, ocm_api: OCMBaseClient) -> None:
+        policy = {
+            "version": self.version,
+            "schedule_type": "manual",
+            "next_run": self.next_run,
+        }
+        create_upgrade_policy(ocm_api, self.cluster.id, policy)
+    def delete(self, ocm_api: OCMBaseClient) -> None:
+        if not self.id:
+            raise ValueError(
+                "Cannot delete cluster upgrade policy without id (not created yet)"
+            )
+        delete_upgrade_policy(ocm_api, self.cluster.id, self.id)
+    def summarize(self) -> str:
+        details = {
+            "cluster": self.cluster.name,
+            "cluster_id": self.cluster.id,
+            "from_version": self.cluster.version.raw_id,
+            "to_version": self.version,
+            "next_run": self.next_run,
+        }
+        return f"cluster upgrade policy - {remove_none_values_from_dict(details)}"
+class ControlPlaneUpgradePolicy(AbstractUpgradePolicy):
+    """Class to create and delete ControlPlanUpgradePolicies in OCM"""
+    def create(self, ocm_api: OCMBaseClient) -> None:
+        policy = {
+            "version": self.version,
+            "schedule_type": "manual",
+            "upgrade_type": "ControlPlane",
+            "cluster_id": self.cluster.id,
+            "next_run": self.next_run,
+        }
+        create_control_plane_upgrade_policy(ocm_api, self.cluster.id, policy)
+    def delete(self, ocm_api: OCMBaseClient) -> None:
+        if not self.id:
+            raise ValueError(
+                "Cannot delete controlplane upgrade policy without id (not created yet)"
+            )
+        delete_control_plane_upgrade_policy(ocm_api, self.cluster.id, self.id)
+    def summarize(self) -> str:
+        details = {
+            "cluster": self.cluster.name,
+            "cluster_id": self.cluster.id,
+            "version": self.version,
+            "next_run": self.next_run,
+        }
+        return f"cluster upgrade policy - {remove_none_values_from_dict(details)}"
+class NodePoolUpgradePolicy(AbstractUpgradePolicy):
+    node_pool: str
+    """Class to create and delete NodePoolUpgradePolicies in OCM"""
+    def create(self, ocm_api: OCMBaseClient) -> None:
+        policy = {
+            "version": self.version,
+            "schedule_type": "manual",
+            "upgrade_type": "NodePool",
+            "cluster_id": self.cluster.id,
+            "next_run": self.next_run,
+        }
+        create_node_pool_upgrade_policy(
+            ocm_api, self.cluster.id, self.node_pool, policy
+        )
+    def delete(self, ocm_api: OCMBaseClient) -> None:
+        raise NotImplementedError("NodePoolUpgradePolicy.delete() not implemented")
+    def summarize(self) -> str:
+        details = {
+            "cluster": self.cluster.name,
+            "cluster_id": self.cluster.id,
+            "node_pool": self.node_pool,
+            "version": self.version,
+            "next_run": self.next_run,
+        }
+        return f"node pool upgrade policy - {remove_none_values_from_dict(details)}"
+class UpgradePolicyHandler(BaseModel, extra=Extra.forbid):
+    """Class to handle upgrade policy actions"""
+    action: str
+    policy: AbstractUpgradePolicy
+    def act(self, dry_run: bool, ocm_api: OCMBaseClient) -> None:
+        logging.info(f"{self.action} {self.policy.summarize()}")
+        if dry_run:
+            return
+        if not self.action:
+            pass
+        elif self.action == "delete":
+            self.policy.delete(ocm_api)
+        elif self.action == "create":
+            self.policy.create(ocm_api)
+def fetch_current_state(
+    ocm_api: OCMBaseClient,
+    org_upgrade_spec: OrganizationUpgradeSpec,
+    addons: bool = False,
+) -> list[AbstractUpgradePolicy]:
+    current_state: list[AbstractUpgradePolicy] = []
+    addon_service = init_addon_service(org_upgrade_spec.org.environment)
+    for spec in org_upgrade_spec.specs:
+        if addons and isinstance(spec, ClusterAddonUpgradeSpec):
+            addon_spec = cast(ClusterAddonUpgradeSpec, spec)
+            addon_upgrade_policies = addon_service.get_addon_upgrade_policies(
+                ocm_api, spec.cluster.id, addon_id=addon_spec.addon.addon.id
+            )
+            for addon_upgrade_policy in addon_upgrade_policies:
+                current_state.append(
+                    AddonUpgradePolicy(
+                        id=addon_upgrade_policy.id,
+                        addon_id=addon_spec.addon.addon.id,
+                        cluster=spec.cluster,
+                        next_run=addon_upgrade_policy.next_run,
+                        schedule=addon_upgrade_policy.schedule,
+                        schedule_type=addon_upgrade_policy.schedule_type,
+                        version=addon_upgrade_policy.version,
+                        state=addon_upgrade_policy.state,
+                        addon_service=addon_service,
+                    )
+                )
+        elif spec.cluster.is_rosa_hypershift():
+            upgrade_policies = get_control_plane_upgrade_policies(
+                ocm_api, spec.cluster.id
+            )
+            for upgrade_policy in upgrade_policies:
+                upgrade_policy["cluster"] = spec.cluster
+                current_state.append(ControlPlaneUpgradePolicy(**upgrade_policy))
+            for node_pool in spec.node_pools:
+                node_upgrade_policies = get_node_pool_upgrade_policies(
+                    ocm_api, spec.cluster.id, node_pool.id
+                )
+                for upgrade_policy in node_upgrade_policies:
+                    upgrade_policy["cluster"] = spec.cluster
+                    upgrade_policy["node_pool"] = node_pool.id
+                    current_state.append(NodePoolUpgradePolicy(**upgrade_policy))
+        else:
+            upgrade_policies = get_upgrade_policies(ocm_api, spec.cluster.id)
+            for upgrade_policy in upgrade_policies:
+                upgrade_policy["cluster"] = spec.cluster
+                current_state.append(ClusterUpgradePolicy(**upgrade_policy))
+    return current_state
+# consider first lower versions and lower soakdays (when versions are equal)
+def sort_key(spec: ClusterUpgradeSpec) -> tuple:
+    return (
+        parse_semver(spec.cluster.version.raw_id),
+        spec.upgrade_policy.conditions.soak_days or 0,
+    )
 def update_history(
-    version_data: VersionData, upgrade_policies: list[dict[str, Any]]
+    version_data: VersionData, org_upgrade_spec: OrganizationUpgradeSpec
 ) -> None:
     """Update history with information from clusters with upgrade policies.
@@ -172,10 +643,21 @@ def update_history(
     check_in = version_data.check_in or now
     # we iterate over clusters upgrade policies and update the version history
-    for item in upgrade_policies:
-        current_version = item["current_version"]
-        cluster = item["cluster"]
-        workloads = item["workloads"]
+    for spec in org_upgrade_spec.specs:
+        # ... but we only care about healthy cluster
+        errors = spec.health.get_errors(only_enforced=True)
+        if errors:
+            logging.debug(
+                f"unhealthy cluster {spec.cluster.name} "
+                f"(id={spec.cluster.id}, org_id={spec.org.org_id}, org_name={spec.org.name}) "
+                f"will not contribute to soak days for {spec.cluster.version.raw_id} "
+                f"and workloads {spec.upgrade_policy.workloads}: "
+                f"{', '.join([e.error for e in errors])}"
+            )
+            continue
+        current_version = spec.current_version
+        cluster = spec.cluster.name
+        workloads = spec.upgrade_policy.workloads
         # we keep the version history per workload
         for w in workloads:
             workload_history = version_data.workload_history(
@@ -191,67 +673,83 @@ def update_history(
             else:
                 workload_history.reporting.append(cluster)
-    version_data.update_stats(upgrade_policies)
+    version_data.update_stats(org_upgrade_spec)
     version_data.check_in = now
+def version_data_state_key(ocm_env: str, org_id: str, addon_id: str | None) -> str:
+    return f"{ocm_env}/{org_id}/{addon_id}" if addon_id else f"{ocm_env}/{org_id}"
 @defer
 def get_version_data_map(
     dry_run: bool,
-    upgrade_policies: list[dict[str, Any]],
-    ocm_map: OCMMap,
+    org_upgrade_spec: OrganizationUpgradeSpec,
     integration: str,
     addon_id: str = "",
-    defer: Optional[Callable] = None,
-) -> dict[str, VersionData]:
+    inherit_version_data: bool = True,
+    defer: Callable | None = None,
+) -> VersionDataMap:
     """Get a summary of versions history per OCM instance
     Args:
         dry_run (bool): save updated history to remote state
-        upgrade_policies (list): query results of clusters upgrade policies
-        ocm_map (OCMMap): OCM clients per OCM instance
+        org_upgrade_spec (OrganizationUpgradeSpec): organization upgrade spec
         addon_id (str): optional addon id to get & store the addon specific state,
           additionally to the ocm org name
+        inherit_version_data: whether to inherit version data from other OCM orgs
         defer (Optional<Callable>): defer function
     Returns:
-        dict: version data per OCM instance
+        dict: version data per OCM organization keyed by the organization ID
     """
     state = init_state(integration=integration)
     if defer:
         defer(state.cleanup)
-    results: dict[str, VersionData] = {}
-    # we keep a remote state per OCM instance
-    for ocm_name in ocm_map.instances():
-        state_key = f"{ocm_name}/{addon_id}" if addon_id else ocm_name
-        version_data = get_version_data(state, state_key)
-        update_history(version_data, upgrade_policies)
-        results[ocm_name] = version_data
-        if not dry_run:
-            version_data.save(state, state_key)
+    result = VersionDataMap()
+    # we keep a remote state per OCM org
+    state_key = version_data_state_key(
+        org_upgrade_spec.org.environment.name, org_upgrade_spec.org.org_id, addon_id
+    )
+    version_data = get_version_data(state, state_key)
+    update_history(version_data, org_upgrade_spec)
+    result.add(
+        org_upgrade_spec.org.environment.name, org_upgrade_spec.org.org_id, version_data
+    )
+    if not dry_run:
+        version_data.save(state, state_key)
     # aggregate data from other ocm orgs
     # this is done *after* saving the state: we do not store the other orgs data in our state.
-    for ocm_name in ocm_map.instances():
-        ocm = ocm_map[ocm_name]
-        for other_ocm in ocm.inheritVersionData:
-            other_ocm_name = other_ocm["name"]
-            if ocm_name == other_ocm_name:
+    if inherit_version_data:
+        for other_ocm in org_upgrade_spec.org.inherit_version_data or []:
+            if org_upgrade_spec.org.org_id == other_ocm.org_id:
                 raise ValueError(
-                    f"[{ocm_name}] OCM organization inherits version data from itself"
+                    f"[{org_upgrade_spec.org.name} - {org_upgrade_spec.org.org_id}] OCM organization inherits version data from itself"
                 )
-            if ocm.name not in [
-                o["name"] for o in other_ocm.get("publishVersionData") or []
+            if org_upgrade_spec.org.org_id not in [
+                o.org_id for o in other_ocm.publish_version_data or []
             ]:
                 raise ValueError(
-                    f"[{ocm_name}] OCM organization inherits version data from {other_ocm_name}, but this data is not published to it: missing publishVersionData in {other_ocm_name}"
+                    f"[{org_upgrade_spec.org.name} - {org_upgrade_spec.org.org_id}] OCM organization inherits version data from "
+                    f"{other_ocm.org_id}, but this data is not published to it: "
+                    f"missing publishVersionData in {other_ocm.org_id}"
                 )
-            state_key = f"{other_ocm_name}/{addon_id}" if addon_id else other_ocm_name
-            other_ocm_data = get_version_data(state, state_key)
-            results[ocm_name].aggregate(other_ocm_data, other_ocm_name)
+            other_ocm_data = get_version_data(
+                state,
+                version_data_state_key(
+                    other_ocm.environment.name, other_ocm.org_id, addon_id
+                ),
+            )
+            result.get(
+                org_upgrade_spec.org.environment.name, org_upgrade_spec.org.org_id
+            ).aggregate(
+                other_ocm_data, f"{other_ocm.environment.name}/{other_ocm.org_id}"
+            )
-    return results
+    return result
 def workload_sector_versions(sector: Sector, workload: str) -> list[VersionInfo]:
@@ -259,13 +757,11 @@ def workload_sector_versions(sector: Sector, workload: str) -> list[VersionInfo]
     get all versions of clusters running the specified workload in that sector
     """
     versions = []
-    for cluster_info in sector.cluster_infos:
+    for spec in sector.specs:
         # clusters within a sector always have workloads (mandatory in schema)
-        workloads = cluster_info["upgradePolicy"]["workloads"]
+        workloads = spec.upgrade_policy.workloads
         if workload in workloads:
-            versions.append(
-                parse_semver(sector.ocmspec(cluster_info["name"]).spec.version)
-            )
+            versions.append(parse_semver(spec.cluster.version.raw_id))
     return versions
@@ -285,34 +781,33 @@ def workload_sector_dependencies(sector: Sector, workload: str) -> set[Sector]:
 def version_conditions_met(
     version: str,
-    version_data_map: dict[str, VersionData],
-    ocm_name: str,
-    workloads: list[str],
-    upgrade_conditions: dict[str, Any],
+    version_data: VersionData,
+    upgrade_policy: ClusterUpgradePolicyV1,
+    sector: Sector | None,
 ) -> bool:
     """Check that upgrade conditions are met for a version
     Args:
         version (string): version to check
-        history (dict): history of versions per OCM instance
-        ocm_name (string): name of OCM instance
-        upgrade_conditions (dict): query results of upgrade conditions
+        version_data (VersionData): history of versions of an OCM organization
         workloads (list): strings representing types of workloads
+        upgrade_policy (ClusterUpgradePolicy): the upgrade policy to validate
     Returns:
         bool: are version upgrade conditions met
     """
-    sector = upgrade_conditions.get("sector")
     if sector:
-        version_data = version_data_map[ocm_name]
         # check that inherited orgs run at least that version for our workloads
-        if not version_data.validate_against_inherited(version, workloads):
+        if not version_data.validate_against_inherited(
+            version, upgrade_policy.workloads
+        ):
             return False
         # check if previous sectors run at least this version for that workload
         # we will check dependencies recursively until there are versions for the given workload
         # or no more dependencies to check
-        for w in workloads:
+        for w in upgrade_policy.workloads:
             for dep in workload_sector_dependencies(sector, w):
                 dep_versions = workload_sector_versions(dep, w)
                 if not dep_versions:
@@ -321,10 +816,9 @@ def version_conditions_met(
                     return False
     # check soak days condition is met for this version
-    soak_days = upgrade_conditions.get("soakDays", None)
+    soak_days = upgrade_policy.conditions.soak_days
     if soak_days is not None:
-        version_data = version_data_map[ocm_name]
-        for w in workloads:
+        for w in upgrade_policy.workloads:
             workload_history = version_data.workload_history(version, w)
             if soak_days > workload_history.soak_days:
                 return False
@@ -332,261 +826,467 @@ def version_conditions_met(
     return True
+def gates_for_minor_version(
+    gates: list[OCMVersionGate],
+    target_version_prefix: str,
+) -> list[OCMVersionGate]:
+    return [g for g in gates if g.version_raw_id_prefix == target_version_prefix]
+def is_gate_applicable_to_cluster(gate: OCMVersionGate, cluster: OCMCluster) -> bool:
+    # check that the cluster has an upgrade path that crosses the gate version
+    minor_version_upgrade_paths = {
+        get_version_prefix(version) for version in cluster.available_upgrades()
+    }
+    if gate.version_raw_id_prefix not in minor_version_upgrade_paths:
+        return False
+    # consider only gates after the clusters current minor version
+    # OCM onls supports creating gate agreements for later minor versions than the
+    # current cluster version
+    if not parse_semver(f"{cluster.minor_version()}.0").match(
+        f"<{gate.version_raw_id_prefix}.0"
+    ):
+        return False
+    # check the handler for the gate type if it is responsible for this kind
+    # of cluster
+    handler = HANDLERS.get(gate.label)
+    if handler:
+        return handler.gate_applicable_to_cluster(cluster)
+    return False
 def gates_to_agree(
-    version_prefix: str, cluster: str, cluster_version: str, ocm: OCM
-) -> list[str]:
+    gates: list[OCMVersionGate],
+    cluster: OCMCluster,
+    acked_gate_ids: set[str],
+) -> list[OCMVersionGate]:
     """Check via OCM if a version is agreed
     Args:
-        version_prefix (string): major.minor version prefix
-        cluster (string)
-        cluster_version (string): current version of the cluster
-        ocm (OCM): used to fetch infos from OCM
+        gates (OCMVersionGate): list of OCMVersionGate objects to check for agreements
+        cluster_id (str): the cluster that needs gate agreements
+        ocm_api (OCMBaseClient): used to fetch infos from OCM
     Returns:
-        bool: true on missing agreement
+        list[OCMVersionGate]: list of gates a cluster has not agreed on yet
     """
-    agreements = {
-        agreement["version_gate"]["id"]
-        for agreement in ocm.get_version_agreement(cluster)
-    }
-    semver_cluster = parse_semver(f"{cluster_version}")
-    return [
-        gate["id"]
-        for gate in ocm.get_version_gates(version_prefix)
-        if gate["id"] not in agreements and semver_cluster.match(f"<{version_prefix}.0")
-    ]
+    applicable_gates = [g for g in gates if is_gate_applicable_to_cluster(g, cluster)]
-def get_version_prefix(version: str) -> str:
-    semver = parse_semver(version)
-    return f"{semver.major}.{semver.minor}"
+    if applicable_gates:
+        return [gate for gate in applicable_gates if gate.id not in acked_gate_ids]
+    return []
 def upgradeable_version(
-    policy: Mapping,
-    version_data_map: dict[str, VersionData],
-    ocm: OCM,
-    upgrades: Iterable[str],
-    addon_id: str = "",
-) -> Optional[str]:
+    spec: ClusterUpgradeSpec,
+    version_data: VersionData,
+    sector: Sector | None,
+) -> str | None:
     """Get the highest next version we can upgrade to, fulfilling all conditions"""
-    for version in reversed(sort_versions(upgrades)):
-        if addon_id and ocm.addon_version_blocked(version, addon_id):
-            continue
-        if not addon_id and ocm.version_blocked(version):
+    for version in reversed(sort_versions(spec.get_available_upgrades())):
+        if spec.version_blocked(version):
             continue
         if version_conditions_met(
             version,
-            version_data_map,
-            ocm.name,
-            policy["workloads"],
-            policy["conditions"],
+            version_data,
+            spec.upgrade_policy,
+            sector,
         ):
             return version
     return None
-def cluster_mutexes(policy: dict) -> list[str]:
-    """List all mutex locks for the given cluster"""
-    return (policy.get("conditions") or {}).get("mutexes") or []
+def verify_current_should_skip(
+    current_state: Sequence[AbstractUpgradePolicy],
+    desired: ClusterUpgradeSpec,
+    now: datetime,
+    addon_id: str = "",
+) -> tuple[bool, UpgradePolicyHandler | None]:
+    current_policies = [c for c in current_state if c.cluster.id == desired.cluster.id]
+    if not current_policies:
+        return False, None
+    # there can only be one upgrade policy per cluster
+    if len(current_policies) != 1:
+        raise ValueError(
+            f"[{desired.org.org_id}/{desired.cluster.name}] expected only one upgrade policy"
+        )
+    current = current_policies[0]
+    version = current.version  # may not exist in automatic upgrades
+    if version and not addon_id and desired.version_blocked(version):
+        next_run = current.next_run
+        if next_run and datetime.strptime(next_run, "%Y-%m-%dT%H:%M:%SZ") < now:
+            logging.warning(
+                f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] currently upgrading to blocked version '{version}'"
+            )
+            return True, None
+        logging.debug(
+            f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] found planned upgrade policy "
+            + f"with blocked version {version}"
+        )
+        return False, UpgradePolicyHandler(action="delete", policy=current)
+    # else
+    logging.debug(
+        f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster with existing upgrade policy"
+    )
+    return True, None
+def verify_schedule_should_skip(
+    desired: ClusterUpgradeSpec,
+    now: datetime,
+    addon_id: str = "",
+) -> str | None:
+    schedule = desired.upgrade_policy.schedule
+    iter = croniter(schedule, day_or=False)
+    # ClusterService refuses scheduling upgrades less than 5m in advance
+    # Let's find the next schedule that is at least 5m ahead.
+    # We do not need that much delay for addon upgrades since they run
+    # immediately
+    delay_minutes = 1 if addon_id else MIN_DELTA_MINUTES
+    next_schedule = iter.get_next(
+        dt.datetime, start_time=now + timedelta(minutes=delay_minutes)
+    )
+    next_schedule_in_seconds = (next_schedule - now).total_seconds()
+    next_schedule_in_hours = next_schedule_in_seconds / 3600  # seconds in hour
+    # ignore clusters with an upgrade schedule not within the next 2 hours
+    within_upgrade_timeframe = next_schedule_in_hours <= 2
+    if addon_id:
+        # addons upgrade cannot be scheduled in advance as the "next_run" field
+        # is not supported. So we run this only 10min before schedule to be somewhat
+        # correct
+        within_upgrade_timeframe = next_schedule_in_seconds / 60 <= 10
+    if not within_upgrade_timeframe:
+        logging.debug(
+            f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster with no upcoming upgrade"
+        )
+        return None
+    return next_schedule.strftime("%Y-%m-%dT%H:%M:%SZ")
+def verify_lock_should_skip(
+    desired: ClusterUpgradeSpec, locked: dict[str, str]
+) -> bool:
+    mutexes = desired.effective_mutexes
+    if any(lock in locked for lock in mutexes):
+        locking = {lock: locked[lock] for lock in mutexes if lock in locked}
+        logging.debug(
+            f"[{desired.org.org_id}/{desired.org.name}/{desired.cluster.name}] skipping cluster: locked out by {locking}"
+        )
+        return True
+    return False
+def _create_upgrade_policy(
+    next_schedule: str, spec: ClusterUpgradeSpec, version: str
+) -> AbstractUpgradePolicy:
+    if spec.cluster.is_rosa_hypershift():
+        return ControlPlaneUpgradePolicy(
+            cluster=spec.cluster,
+            version=version,
+            schedule_type="manual",
+            next_run=next_schedule,
+        )
+    return ClusterUpgradePolicy(
+        cluster=spec.cluster,
+        version=version,
+        schedule_type="manual",
+        next_run=next_schedule,
+    )
+def _calculate_node_pool_diffs(
+    spec: ClusterUpgradeSpec, now: datetime
+) -> UpgradePolicyHandler | None:
+    for pool in spec.node_pools:
+        if parse_semver(pool.version).match(f"<{spec.current_version}"):
+            next_schedule = (now + timedelta(minutes=MIN_DELTA_MINUTES)).strftime(
+                "%Y-%m-%dT%H:%M:%SZ"
+            )
+            return UpgradePolicyHandler(
+                action="create",
+                policy=NodePoolUpgradePolicy(
+                    cluster=spec.cluster,
+                    version=spec.current_version,
+                    schedule_type="manual",
+                    next_run=next_schedule,
+                    node_pool=pool.id,
+                ),
+            )
+    return None
 def calculate_diff(
-    current_state: list[dict[str, Any]],
-    desired_state: list[dict[str, Any]],
-    ocm_map: OCMMap,
-    version_data_map: dict[str, VersionData],
+    current_state: Sequence[AbstractUpgradePolicy],
+    desired_state: OrganizationUpgradeSpec,
+    ocm_api: OCMBaseClient,
+    version_data: VersionData,
     addon_id: str = "",
-) -> list[Any]:
+) -> list[UpgradePolicyHandler]:
     """Check available upgrades for each cluster in the desired state
     according to upgrade conditions
     Args:
-        current_state (list): current state of upgrade policies
-        desired_state (list): desired state of upgrade policies
-        ocm_map (OCMMap): OCM clients per OCM instance
-        version_data_map (dict): version data history per OCM instance
+        current_state (list): currently existing upgrade policies
+        desired_state (OrganizationUpgradeSpec): organization upgrade spec
+        ocm_api (OCMBaseClient): OCM API client
+        version_data (VersionData): version data history of the org
         addon_id (str): optional addonid to calculate diffs for
     Returns:
         list: upgrade policies to be applied
     """
-    diffs = []
-    # all clusters with a current upgradePolicy are considered locked
-    locked = {}
-    for policy in desired_state:
-        if policy["cluster"] in [s["cluster"] for s in current_state]:
-            for mutex in cluster_mutexes(policy):
-                locked[mutex] = policy["cluster"]
+    def set_mutex(
+        locked: dict[str, str], cluster_id: str, mutexes: set[str] | None = None
+    ) -> None:
+        for mutex in mutexes or set():
+            locked[mutex] = cluster_id
+    diffs: list[UpgradePolicyHandler] = []
+    # all clusters IDs with a current upgradePolicy are considered locked
+    locked: dict[str, str] = {}
+    for spec in desired_state.specs:
+        if spec.cluster.id in [s.cluster.id for s in current_state]:
+            for mutex in spec.effective_mutexes:
+                locked[mutex] = spec.cluster.id
+    addon_service = init_addon_service(desired_state.org.environment)
     now = datetime.utcnow()
-    for d in desired_state:
-        # ignore clusters with an existing upgrade policy
-        cluster = d["cluster"]
-        current_version = d["current_version"]
-        ocm = ocm_map.get(cluster)
-        c = [c for c in current_state if c["cluster"] == cluster]
-        if c:
-            # there can only be one upgrade policy per cluster
-            if len(c) != 1:
-                raise ValueError(f"[{cluster}] expected only one upgrade policy")
-            current = c[0]
-            version = current.get("version")  # may not exist in automatic upgrades
-            if version and not addon_id and ocm.version_blocked(version):
-                next_run = current.get("next_run")
-                if next_run and datetime.strptime(next_run, "%Y-%m-%dT%H:%M:%SZ") < now:
-                    logging.warning(
-                        f"[{cluster}] currently upgrading to blocked version '{version}'"
-                    )
-                    continue
-                logging.debug(
-                    f"[{ocm.name}/{cluster}] found planned upgrade policy "
-                    + f"with blocked version {version}"
-                )
-                item = {
-                    "action": "delete",
-                    "cluster": cluster,
-                    "version": version,
-                    "id": current["id"],
-                }
-                diffs.append(item)
-            else:
-                logging.debug(
-                    f"[{ocm.name}/{cluster}] skipping cluster with existing upgrade policy"
-                )
+    gates = get_version_gates(ocm_api)
+    for spec in desired_state.specs:
+        # Upgrading node pools, only required for Hypershift clusters
+        # do this in the same loop, to skip cluster on node pool upgrade
+        if spec.cluster.is_rosa_hypershift():
+            if verify_lock_should_skip(spec, locked):
                 continue
-        schedule = d["schedule"]
-        next_schedule_in_seconds = 0
-        iter = croniter(schedule)
-        # ClusterService refuses scheduling upgrades less than 5m in advance
-        # Let's find the next schedule that is at least 5m ahead.
-        # We do not need that much delay for addon upgrades since they run
-        # immediately
-        delay_minutes = 1 if addon_id else 5
-        while next_schedule_in_seconds < delay_minutes * 60:
-            next_schedule = iter.get_next(datetime)
-            next_schedule_in_seconds = (next_schedule - now).total_seconds()
-        next_schedule_in_hours = next_schedule_in_seconds / 3600  # seconds in hour
-        # ignore clusters with an upgrade schedule not within the next 2 hours
-        within_upgrade_timeframe = next_schedule_in_hours <= 2
-        if addon_id:
-            # addons upgrade cannot be scheduled in advance as the "next_run" field
-            # is not supported. So we run this only 10min before schedule to be somewhat
-            # correct
-            within_upgrade_timeframe = next_schedule_in_seconds / 60 <= 10
-        if not within_upgrade_timeframe:
-            logging.debug(
-                f"[{ocm.name}/{cluster}] skipping cluster with no upcoming upgrade"
-            )
+            node_pool_update = _calculate_node_pool_diffs(spec, now)
+            if node_pool_update:  # node pool update policy not yet created
+                diffs.append(node_pool_update)
+                set_mutex(locked, spec.cluster.id, spec.effective_mutexes)
+                continue
+        # ignore clusters with an existing upgrade policy
+        skip, delete_policy = verify_current_should_skip(
+            current_state, spec, now, addon_id
+        )
+        if skip:
             continue
+        if delete_policy:
+            diffs.append(delete_policy)
-        if any(lock in locked for lock in cluster_mutexes(d)):
-            locking = {
-                lock: locked[lock] for lock in cluster_mutexes(d) if lock in locked
-            }
-            logging.debug(
-                f"[{ocm.name}/{cluster}] skipping cluster: locked out by {locking}"
-            )
+        next_schedule = verify_schedule_should_skip(spec, now, addon_id)
+        if not next_schedule:
             continue
-        # choose version that meets the conditions and add it to the diffs
-        if addon_id:
-            # an alternative is to find available upgrades for our current version from
-            # ${API_CLUSTERS_MGMT}/addons/${addon_id}/versions
-            # .items[] | select(.id == {current_version}) | .available_upgrades
-            # but we will always want to get the one that is currently published normally
-            upgrades = [
-                a["version"]["id"]
-                for a in ocm.addons
-                if a["id"] == addon_id and a["version"]["id"] != d["current_version"]
-            ]
-        else:
-            upgrades = ocm.get_available_upgrades(d["current_version"], d["channel"])
-        version = upgradeable_version(d, version_data_map, ocm, upgrades, addon_id)
+        if verify_lock_should_skip(spec, locked):
+            continue
+        sector_name = spec.upgrade_policy.conditions.sector
+        sector = None
+        if sector_name:
+            sector = desired_state.sectors[sector_name]
+        version = upgradeable_version(spec, version_data, sector)
         if version:
-            item = {
-                "action": "create",
-                "cluster": cluster,
-                "version": version,
-                "schedule_type": "manual",
-            }
             if addon_id:
-                item["addon_id"] = addon_id
-                item["cluster_id"] = ocm.cluster_ids[cluster]
-                item["upgrade_type"] = "ADDON"
-                # next_run is not supported by addons
+                diffs.append(
+                    UpgradePolicyHandler(
+                        action="create",
+                        policy=AddonUpgradePolicy(
+                            action="create",
+                            cluster=spec.cluster,
+                            version=version,
+                            schedule_type="manual",
+                            addon_id=addon_id,
+                            upgrade_type="ADDON",
+                            addon_service=addon_service,
+                        ),
+                    )
+                )
             else:
-                item["next_run"] = next_schedule.strftime("%Y-%m-%dT%H:%M:%SZ")
-                item["gates_to_agree"] = gates_to_agree(
-                    get_version_prefix(version),
-                    cluster,
-                    current_version,
-                    ocm,
+                target_version_prefix = get_version_prefix(version)
+                minor_version_gates = gates_for_minor_version(
+                    gates=gates,
+                    target_version_prefix=target_version_prefix,
+                )
+                gates_with_missing_agreements = gates_to_agree(
+                    gates=minor_version_gates,
+                    cluster=spec.cluster,
+                    acked_gate_ids={
+                        agreement["version_gate"]["id"]
+                        for agreement in get_version_agreement(ocm_api, spec.cluster.id)
+                    },
+                )
+                if gates_with_missing_agreements:
+                    missing_gate_ids = [
+                        gate.id for gate in gates_with_missing_agreements
+                    ]
+                    logging.info(
+                        f"[{spec.org.org_id}/{spec.org.name}/{spec.cluster.name}] found gates with missing agreements for {target_version_prefix} - {missing_gate_ids} "
+                        "Skip creation of an upgrade policy until all of them have been acked by the version-gate-approver integration or a user."
+                    )
+                    continue
+                diffs.append(
+                    UpgradePolicyHandler(
+                        action="create",
+                        policy=_create_upgrade_policy(next_schedule, spec, version),
+                    )
                 )
-            for mutex in cluster_mutexes(d):
-                locked[mutex] = cluster
-            diffs.append(item)
+            set_mutex(locked, spec.cluster.id, spec.effective_mutexes)
     return diffs
-def sort_diffs(diff: dict[str, Any]) -> int:
-    if diff["action"] == "delete":
+def sort_diffs(diff: UpgradePolicyHandler) -> int:
+    if diff.action == "delete":
         return 1
     return 2
-def action_log(*items: Optional[str]) -> None:
-    # log all non-empty, non-null items
-    logging.info([item for item in items if item])
-def act(dry_run: bool, diffs: list[dict], ocm_map: OCMMap, addon_id: str = "") -> None:
+def act(
+    dry_run: bool,
+    diffs: list[UpgradePolicyHandler],
+    ocm_api: OCMBaseClient,
+    addon_id: str | None = None,
+) -> None:
     diffs.sort(key=sort_diffs)
     for diff in diffs:
-        action = diff.pop("action")
-        cluster = diff.pop("cluster")
-        ocm = ocm_map.get(cluster)
-        if action == "create":
-            action_log(
-                action,
-                ocm.name,
-                cluster,
-                addon_id,
-                diff["version"],
-                diff.get("next_run"),
-            )
-            if not dry_run:
-                if addon_id:
-                    ocm.create_addon_upgrade_policy(cluster, diff)
-                else:
-                    gates_to_agree = diff.pop("gates_to_agree")
-                    for gate in gates_to_agree:
-                        action_log(
-                            action,
-                            ocm.name,
-                            cluster,
-                            addon_id,
-                            diff["version"],
-                            f"Creating version agreement for gate {gate}",
-                        )
-                        agreement = ocm.create_version_agreement(gate, cluster)
-                        if agreement.get("version_gate") is None:
-                            logging.error(
-                                f"Unexpected response while creating version "
-                                f"agreement with id {gate} for cluster {cluster}"
-                            )
-                    ocm.create_upgrade_policy(cluster, diff)
-        elif action == "delete":
-            action_log(action, ocm.name, cluster, addon_id, diff["version"])
-            if not dry_run:
-                if addon_id:
-                    ocm.delete_addon_upgrade_policy(cluster, diff)
-                else:
-                    ocm.delete_upgrade_policy(cluster, diff)
+        policy = diff.policy
+        if (
+            addon_id
+            and isinstance(policy, AddonUpgradePolicy)
+            and addon_id != policy.addon_id
+        ):
+            continue
+        diff.act(dry_run, ocm_api)
+def soaking_days(
+    version_data: VersionData,
+    upgrades: list[str],
+    workload: str,
+    only_soaking: bool,
+) -> dict[str, float]:
+    soaking = {}
+    for version in upgrades:
+        workload_history = version_data.workload_history(version, workload)
+        soaking[version] = round(workload_history.soak_days, 2)
+        if not only_soaking and version not in soaking:
+            soaking[version] = 0
+    return soaking
+def get_orgs_for_environment(
+    integration: str,
+    ocm_env_name: str,
+    query_func: Callable,
+    ocm_organization_ids: set[str] | None = None,
+    excluded_ocm_organization_ids: set[str] | None = None,
+    only_addon_managed_upgrades: bool = False,
+) -> list[AUSOCMOrganization]:
+    """
+    Returns a list of organizations for the given OCM environment, applying
+    filters based on the provided arguments.
+    Args:
+        ocm_env_name (str): OCM environment name to filter
+        ocm_organization_ids (Optional[set[str]]): if any organization IDs are provided, any other organizations are excluded from the results
+        excluded_ocm_organization_ids (Optional[set[str]]): if any organization IDs are provided, these organizations are excluded from the results
+        only_addon_managed_upgrades (bool): if True, organizations without enabled addon management are excluded from the results
+        query_func (Callable): function to query organizations via GQL
+    Returns:
+        list[AUSOCMOrganization]: list of organizations matching the given filters
+    """
+    orgs = aus_organizations_query(query_func=query_func).organizations or []
+    return [
+        org
+        for org in orgs or []
+        if org.environment.name == ocm_env_name
+        and integration_is_enabled(integration, org)
+        and (not only_addon_managed_upgrades or org.addon_managed_upgrades)
+        and (not ocm_organization_ids or org.org_id in ocm_organization_ids)
+        and (
+            not excluded_ocm_organization_ids
+            or org.org_id not in excluded_ocm_organization_ids
+        )
+    ]
+def remaining_soak_day_metric_values_for_cluster(
+    spec: ClusterUpgradeSpec,
+    soaked_versions: dict[str, float],
+    current_upgrade: AbstractUpgradePolicy | None,
+) -> dict[str, float]:
+    """
+    Calculate what versions and metric values to report for `AUS*VersionRemainingSoakDaysGauge` metrics.
+    Usually, the remaining soak days for a version are reported but there are some special cases
+    where we report negative values to indicate that a version is blocked or an upgrade has been
+    scheduled or started.
+    Additionally certain versions are not reported when it is not meaningful (e.g. an upgrade will never happen)
+    to prevent metric clutter.
+    """
+    upgrades = spec.get_available_upgrades()
+    if not upgrades:
+        return {}
+    # calculate the remaining soakdays for each upgrade version candidate of the cluster.
+    # when a version is soaking, it has a value > 0 and when it soaked enough, the value is 0.
+    remaining_soakdays: list[float] = [
+        max(
+            (spec.upgrade_policy.conditions.soak_days or 0) - soaked_versions.get(v, 0),
+            0,
+        )
+        for v in upgrades
+    ]
+    # under certain conditions, the remaining soak day value for a version needs to be
+    # replaced with special marker values
+    version_metrics: dict[str, float] = {}
+    for idx, version in reversed(list(enumerate(upgrades))):
+        # if an upgrade is `scheduled` or `started`` for the specific version, their respective negative
+        # marker values will be used instead of their actual soak days. there are other states than `scheduled`
+        # and `started` but the `UpgradePolicy` vanishes too quickly to observe them reliably, when such
+        # states are reached.
+        if current_upgrade and current_upgrade.version == version:
+            if current_upgrade.state == "scheduled":
+                remaining_soakdays[idx] = UPGRADE_SCHEDULED_METRIC_VALUE
+            elif current_upgrade.state in {"started", "delayed"}:
+                remaining_soakdays[idx] = UPGRADE_STARTED_METRIC_VALUE
+                if current_upgrade.next_run:
+                    # if an upgrade runs for over 6 hours, we mark it as a long running upgrade
+                    next_run = datetime.strptime(
+                        current_upgrade.next_run, "%Y-%m-%dT%H:%M:%SZ"
+                    )
+                    now = datetime.utcnow()
+                    hours_ago = (now - next_run).total_seconds() / 3600
+                    if hours_ago >= 6:
+                        remaining_soakdays[idx] = UPGRADE_LONG_RUNNING_METRIC_VALUE
+        elif spec.version_blocked(version):
+            # if a version is blocked, we will still report it but with a dedicated negative marker value
+            remaining_soakdays[idx] = UPGRADE_BLOCKED_METRIC_VALUE
+        # we are intentionally not reporting versions that still soak or soaked enough when
+        # there is a later version that also soaked enough. the later one will be picked
+        # for an upgrade over the older one anyways.
+        if remaining_soakdays[idx] >= 0 and any(
+            later_version_remaining_soak_days
+            in {
+                0,
+                UPGRADE_SCHEDULED_METRIC_VALUE,
+                UPGRADE_STARTED_METRIC_VALUE,
+                UPGRADE_LONG_RUNNING_METRIC_VALUE,
+            }
+            for later_version_remaining_soak_days in remaining_soakdays[idx + 1 :]
+        ):
+            continue
+        version_metrics[version] = remaining_soakdays[idx]
+    return version_metrics

qontract-reconcile 0.9.1rc298__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl

qontract-reconcile 0.9.1rc298py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl