Merge Master to Edge

.github/dependabot.yml

@@ -7,50 +7,50 @@ updates:
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     target-branch: "master"
-    labels: ["dependencies", "python", "poetry"]
+    labels: [ "dependencies", "python", "poetry" ]
     open-pull-requests-limit: 10
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-major"]
+        update-types: [ "version-update:semver-major" ]
 
   # ---------------------------
   # NodeJS (root)
   # ---------------------------
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     target-branch: "master"
-    labels: ["dependencies", "npm"]
+    labels: [ "dependencies", "npm" ]
     open-pull-requests-limit: 10
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-major"]
+        update-types: [ "version-update:semver-major" ]
 
   # ---------------------------
   # NodeJS (sandbox/)
   # ---------------------------
   - package-ecosystem: "npm"
     directory: "/sandbox"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     target-branch: "master"
-    labels: ["dependencies", "npm", "sandbox"]
+    labels: [ "dependencies", "npm", "sandbox" ]
     open-pull-requests-limit: 10
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-major"]
+        update-types: [ "version-update:semver-major" ]
 
   # ---------------------------
   # GitHub Actions
   # ---------------------------
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     target-branch: "master"
-    labels: ["dependencies", "github-actions"]
+    labels: [ "dependencies", "github-actions" ]
     cooldown:
-      default-days: 7
+      default-days: 7

.github/workflows/publish.yml

@@ -21,7 +21,7 @@ jobs:
         run: pip install poetry
 
       - name: Cache poetry packages
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         id: cache
         with:
           path: ~/.venv

.github/workflows/sbom.yml

@@ -69,7 +69,7 @@ jobs:
           python .github/scripts/sbom_json_to_csv.py sbom.json SBOM_${REPO_NAME}.csv
 
       - name: Upload SBOM CSV as artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: sbom-csv
           path: SBOM_${{ github.event.repository.name }}.csv
@@ -89,7 +89,7 @@ jobs:
           python .github/scripts/grype_json_to_csv.py grype-report.json grype-report-${REPO_NAME}.csv
 
       - name: Upload Vulnerability Report
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: grype-report
           path: grype-report-${{ github.event.repository.name }}.csv
@@ -101,7 +101,7 @@ jobs:
           python .github/scripts/sbom_packages_to_csv.py sbom.json $REPO_NAME
 
       - name: Upload Package Inventory CSV
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: sbom-packages
           path: sbom-packages-${{ github.event.repository.name }}.csv

ansible/collections/ansible_collections/nhsd/apigee/plugins/action/add_policy_to_pre_flow.py

@@ -32,7 +32,7 @@ def run(self, tmp=None, task_vars=None):
         proxies_dir = args.dist_dir.joinpath(
             "proxies", args.proxy_dir, "apiproxy/proxies"
         )
-        proxies_files = [f for f in proxies_dir.glob("*.xml")]
+        proxies_files = list(proxies_dir.glob("*.xml"))
 
         if len(proxies_files) != 1:
             return {
@@ -57,13 +57,12 @@ def run(self, tmp=None, task_vars=None):
             name = step.find("Name")
             if name.text == args.policy_name:
                 return {"changed": False}
-                break
 
         result = {"changed": True}
         if diff_mode:
             result["diff"] = {
                 "before": etree.tostring(tree, pretty_print=True).decode(),
-                "before_header": str(proxies_file)
+                "before_header": str(proxies_file),
             }
 
         step = etree.Element("Step")
@@ -76,8 +75,8 @@ def run(self, tmp=None, task_vars=None):
             result["diff"].update(
                 {
                     "after": etree.tostring(tree, pretty_print=True).decode(),
-                    "after_header": str(proxies_file)
-                 }
+                    "after_header": str(proxies_file),
+                }
             )
 
         if check_mode or result["changed"] is False:

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/apigee_action.py

@@ -4,10 +4,10 @@
 
 
 class ApigeeAction(ansible.plugins.action.ActionBase):
-    def validate_args(self, Validator: pydantic.BaseModel):
+    def validate_args(self, validator: type[pydantic.BaseModel]):
         """Returns two-length tuple of validated_args and errors dicts."""
         try:
-            args = Validator(**self._task.args)
+            args = validator(**self._task.args)
             return args, {}
         except pydantic.ValidationError as e:
             return (

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/models/ansible/validate_manifest.py

@@ -53,14 +53,14 @@ def check_service_name(cls, service_name, values):
     def prepend_dist_dir_to_spec_paths(cls, manifest, values):
         dist_dir = values.get("dist_dir")
         print(dist_dir)
-        if not dist_dir:
-            return manifest
-        apigee = manifest["apigee"]
-        for env_dict in apigee["environments"]:
-            for spec_dict in env_dict["specs"]:
-                path = spec_dict.get("path")
-                if path is not None:
-                    spec_dict["path"] = os.path.join(dist_dir, path)
+        if dist_dir:
+            apigee = manifest["apigee"]
+            for env_dict in apigee["environments"]:
+                for spec_dict in env_dict["specs"]:
+                    path = spec_dict.get("path")
+                    if path is not None:
+                        spec_dict["path"] = os.path.join(dist_dir, path)
+
         return manifest
 
     @pydantic.validator("manifest")

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/models/apigee/product.py

@@ -1,5 +1,5 @@
 import json
-from typing import Union, Literal, List, Dict, Any, Type
+from typing import Optional, Union, Literal, List, Dict, Any, Type
 from typing_extensions import Annotated
 from pydantic import (
     Field,
@@ -110,29 +110,34 @@ def _literal_name(class_):
     + ")$)"
 )
 
+
 class ApigeeProductAttributeOther(BaseModel):
     name: constr(regex=PRODUCT_ATTRIBUTE_REGEX)
     value: str
 
+
 ApigeeProductAttributeSpecial = Annotated[
-    Union [
+    Union[
         ApigeeProductAttributeAccess,
         ApigeeProductAttributeRateLimit,
         ApigeeProductAttributeRateLimiting,
     ],
-    Field(discriminator="name")
+    Field(discriminator="name"),
 ]
 
+
 def _count_cls(items: List[Any], cls: Type):
     return sum(isinstance(item, cls) for item in items)
 
 
 class ApigeeProduct(BaseModel):
     name: str
     approvalType: Literal["auto", "manual"] = "manual"
-    attributes: List[Union[ApigeeProductAttributeSpecial, ApigeeProductAttributeOther]] = [{"name": "access", "value": "private"}]
-    description: str = None
-    displayName: str = None
+    attributes: List[
+        Union[ApigeeProductAttributeSpecial, ApigeeProductAttributeOther]
+    ] = [{"name": "access", "value": "private"}]
+    description: Optional[str] = None
+    displayName: Optional[str] = None
 
     # Note: This value is manually inserted by apigee_environment
     # object that contains this product. So if you do not provide a

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/models/apigee/rate_limiting_config.py

@@ -2,13 +2,13 @@
 Pydantic class for the rateliming config JSON, attached to products
 and apps to control the ApplyRateLimiting shared flow.
 """
-from typing import Literal
+
+from typing import Literal, Optional
 
 from pydantic import BaseModel, conint, constr, Extra
 
 
 class ExcludeNoneModel(BaseModel):
-
     """
     Providing default values for ratelimiting here would mean that
     changing defaults required a redeploy for all proxies.
@@ -21,26 +21,27 @@ class ExcludeNoneModel(BaseModel):
     update the defaults for everyone by just by updating the shared
     flow.
     """
+
     def dict(self, **kwargs):
         kwargs["exclude_none"] = True
         return super().dict(**kwargs)
 
     class Config:
-        extra=Extra.forbid
+        extra = Extra.forbid
 
 
 class QuotaConfig(ExcludeNoneModel):
-    enabled: bool = None
+    enabled: Optional[bool] = None
     interval: conint(gt=0) = None
     limit: conint(gt=0) = None
     timeunit: Literal["minute", "hour", "day", "week", "month"] = None
 
 
 class SpikeArrestConfig(ExcludeNoneModel):
-    enabled: bool = None
-    ratelimit: constr(regex=r"^[1-9][0-9]*(ps|pm)$") = None
+    enabled: Optional[bool] = None
+    ratelimit: Optional[constr(regex=r"^[1-9][0-9]*(ps|pm)$")] = None
 
 
 class RateLimitingConfig(ExcludeNoneModel):
-    quota: QuotaConfig = None
-    spikeArrest: SpikeArrestConfig = None
+    quota: Optional[QuotaConfig] = None
+    spikeArrest: Optional[SpikeArrestConfig] = None

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/models/manifest/meta.py

@@ -9,7 +9,6 @@
 _REGISTRY_DATA = {}
 
 
-
 class ManifestMetaApi(pydantic.BaseModel):
     name: pydantic.constr(regex=r"^[a-z][a-z0-9]*(-[a-z0-9]+)*$")
     id: typing.Optional[pydantic.UUID4] = pydantic.Field(
@@ -29,7 +28,7 @@ def dict(self, **kwargs):
             {
                 "guid": str(native["guid"]),
                 "spec_guids": [str(guid) for guid in spec_guids],
-             }
+            }
         )
         return native
 
@@ -58,7 +57,9 @@ def validate_guid(cls, guid, values):
             guid = _REGISTRY_DATA[name]["guid"]
         registered_guid = _REGISTRY_DATA[name]["guid"]
         if str(guid) != registered_guid:
-            raise ValueError(f"Supplied guid {guid} does not match registered guid {registered_guid}")
+            raise ValueError(
+                f"Supplied guid {guid} does not match registered guid {registered_guid}"
+            )
         return guid
 
     @pydantic.validator("spec_guids")
@@ -78,11 +79,12 @@ def validate_spec_guids(cls, spec_guids, values):
             if str(spec_guid) not in registered_spec_guids:
                 invalid.append(str(spec_guid))
         if len(invalid) > 0:
-            raise ValueError(f"Supplied spec_guids {invalid} do not match registered spec_guids {registered_spec_guids}")
+            raise ValueError(
+                f"Supplied spec_guids {invalid} do not match registered spec_guids {registered_spec_guids}"
+            )
         return spec_guids
 
 
-
 class ManifestMeta(pydantic.BaseModel):
     schema_version: pydantic.constr(regex=r"[1-9][0-9]*(\.[0-9]+){0,2}")
     api: ManifestMetaApi
@@ -91,7 +93,7 @@ class ManifestMeta(pydantic.BaseModel):
     def validate_schema_version(cls, schema_version):
         semantic_parts = schema_version.split(".")
 
-        MAJOR, MINOR, PATCH = [int(x) for x in SCHEMA_VERSION.split(".")]
+        MAJOR, _, _ = [int(x) for x in SCHEMA_VERSION.split(".")]
         major = int(semantic_parts[0])
 
         # Checking against minor/patch would not allow to us deploy