Skip to content

Commit

Permalink
pydantic: bump to >=2,<3
Browse files Browse the repository at this point in the history 
Signed-off-by: William Woodruff <[email protected]>
  • Loading branch information
@woodruffw
woodruffw committed Jul 13, 2023
1 parent 51e2d08 commit 57a5348
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 17 deletions.
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ dependencies = [
"cryptography >= 39",
"id >= 1.0.0",
"importlib_resources ~= 5.7; python_version < '3.11'",
"pydantic ~= 1.10",
"pydantic >= 2,< 3",
"pyjwt >= 2.1",
"pyOpenSSL >= 23.0.0",
"requests",
Expand Down
10 changes: 6 additions & 4 deletions sigstore/_internal/fulcio/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
SignedCertificateTimestamp,
Version,
)
from pydantic import BaseModel, Field, validator
from pydantic import BaseModel, ConfigDict, Field, validator

from sigstore._utils import B64Str
from sigstore.oidc import IdentityToken
Expand Down Expand Up @@ -96,15 +96,17 @@ class DetachedFulcioSCT(BaseModel):
Represents a "detached" SignedCertificateTimestamp from Fulcio.
"""

model_config = ConfigDict(populate_by_name=True, arbitrary_types_allowed=True)

version: Version = Field(..., alias="sct_version")
log_id: bytes = Field(..., alias="id")
timestamp: datetime.datetime
digitally_signed: bytes = Field(..., alias="signature")
extension_bytes: bytes = Field(..., alias="extensions")

class Config:
allow_population_by_field_name = True
arbitrary_types_allowed = True
@validator("timestamp")
def _validate_timestamp(cls, v: datetime.datetime) -> datetime.datetime:
return v.replace(tzinfo=datetime.timezone.utc)

@validator("digitally_signed", pre=True)
def _validate_digitally_signed(cls, v: bytes) -> bytes:
Expand Down
14 changes: 10 additions & 4 deletions sigstore/transparency.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,14 @@
from dataclasses import dataclass
from typing import Any, Dict, List, Optional

from pydantic import BaseModel, Field, StrictInt, StrictStr, validator
from pydantic import (
BaseModel,
ConfigDict,
Field,
StrictInt,
StrictStr,
validator,
)
from securesystemslib.formats import encode_canonical

from sigstore._utils import B64Str
Expand Down Expand Up @@ -136,15 +143,14 @@ class LogInclusionProof(BaseModel):
Represents an inclusion proof for a transparency log entry.
"""

model_config = ConfigDict(populate_by_name=True)

checkpoint: StrictStr = Field(..., alias="checkpoint")
hashes: List[StrictStr] = Field(..., alias="hashes")
log_index: StrictInt = Field(..., alias="logIndex")
root_hash: StrictStr = Field(..., alias="rootHash")
tree_size: StrictInt = Field(..., alias="treeSize")

class Config:
allow_population_by_field_name = True

@validator("log_index")
def _log_index_positive(cls, v: int) -> int:
if v < 0:
Expand Down
1 change: 1 addition & 0 deletions sigstore/verify/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,7 @@ def rekor_entry(self, client: RekorClient) -> LogEntry:
# we *opportunistically* use the offline Rekor entry,
# so long as it contains an inclusion proof. If it doesn't
# contain an inclusion proof, then we do an online entry lookup.
# TODO: Check for checkpoint here?
offline = self._offline
has_rekor_entry = self.has_rekor_entry
has_inclusion_proof = (
Expand Down
10 changes: 5 additions & 5 deletions sigstore/verify/verifier.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
X509StoreContext,
X509StoreContextError,
)
from pydantic import ConfigDict

from sigstore._internal.merkle import (
InvalidInclusionProofError,
Expand Down Expand Up @@ -88,14 +89,13 @@ class CertificateVerificationFailure(VerificationFailure):
verification failures, with additional exception context.
"""

# Needed for the `exception` field above, since exceptions are
# not trivially serializable.
model_config = ConfigDict(arbitrary_types_allowed=True)

reason: str = "Failed to verify signing certificate"
exception: Exception

class Config:
# Needed for the `exception` field above, since exceptions are
# not trivially serializable.
arbitrary_types_allowed = True


class Verifier:
"""
Expand Down
7 changes: 4 additions & 3 deletions test/unit/internal/fulcio/test_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

import json
from base64 import b64encode
from datetime import datetime
from datetime import datetime, timezone

import pytest
from cryptography.hazmat.primitives import hashes
Expand Down Expand Up @@ -53,7 +53,7 @@ def test_fulcio_sct_virtual_subclass(self):

def test_fields(self):
blob = enc(b"this is a base64-encoded blob")
now = datetime.now()
now = datetime.now(tz=timezone.utc)
sct = client.DetachedFulcioSCT(
version=0,
log_id=blob,
Expand Down Expand Up @@ -102,7 +102,8 @@ def test_constructor_equivalence(self):
@pytest.mark.parametrize("version", [-1, 1, 2, 3])
def test_invalid_version(self, version):
with pytest.raises(
ValidationError, match="value is not a valid enumeration member"
ValidationError,
match=r"1 validation error for DetachedFulcioSCT.*",
):
client.DetachedFulcioSCT(
version=version,
Expand Down

0 comments on commit 57a5348

Please sign in to comment.