Migration to Pydantic V2

cli/cenclave/pyproject.toml

@@ -24,8 +24,7 @@ dependencies = [
     "intel-sgx-ra>=2.3.2,<3.0.0",
     "jinja2>=3.1.4,<3.2.0",
     "cenclave-lib-crypto>=1.0.0,<2.0.0",
-    "pydantic>=1.10.18,<2.0.0",
-    "pyjwt>=2.9.0,<3.0.0",
+    "pydantic>=2.10.6,<3.0.0",
     "requests>=2.32.3,<2.33.0",
     "toml>=0.10.2,<0.11.0",
     "urllib3>=2.2.3,<3.0.0",

cli/cenclave/src/cenclave/core/bootstrap.py

@@ -16,10 +16,10 @@ class ConfigurationPayload(BaseModel):
     """Definition of the bootstrap server payload."""
 
     app_id: UUID
-    secrets: Optional[Any]
-    sealed_secrets: Optional[bytes]
-    code_secret_key: Optional[bytes]
-    ssl_private_key: Optional[str]
+    secrets: Optional[Any] = None
+    sealed_secrets: Optional[bytes] = None
+    code_secret_key: Optional[bytes] = None
+    ssl_private_key: Optional[str] = None
 
     def payload(self) -> Dict[str, Any]:
         """Build the payload to send to the configuration server."""

cli/cenclave/src/cenclave/core/conf.py

@@ -1,25 +1,22 @@
 """cenclave.core.conf module."""
 
-from __future__ import annotations
-
 import os
 from enum import Enum
 from pathlib import Path
-from typing import TYPE_CHECKING, Any, Dict, List, Optional
+from typing import Annotated, Any, Dict, List, Optional
 
 import toml
-from pydantic import BaseModel, constr, validator
+from pydantic import BaseModel, StringConstraints, model_validator
 
 from cenclave.error import BadApplicationInput
 
-if TYPE_CHECKING:
-    Str255 = str
-    Str16 = str
-    StrUnlimited = str
-else:
-    Str255 = constr(min_length=1, max_length=255, strip_whitespace=True)
-    Str16 = constr(min_length=1, max_length=16, strip_whitespace=True)
-    StrUnlimited = constr(min_length=1)
+Str255 = Annotated[
+    str, StringConstraints(min_length=1, max_length=255, strip_whitespace=True)
+]
+Str16 = Annotated[
+    str, StringConstraints(min_length=1, max_length=16, strip_whitespace=True)
+]
+StrUnlimited = Annotated[str, StringConstraints(min_length=1)]
 
 
 def absolute_from_conf_file(conf_file: Path, path: Path) -> Path:
@@ -73,12 +70,11 @@ class AppConf(BaseModel):
     # The package to install before testing the application
     tests_requirements: List[str]
 
-    @validator("healthcheck_endpoint", pre=False)
-    # pylint: disable=no-self-argument,unused-argument
-    def check_healthcheck_endpoint(cls, v: str):
+    @model_validator(mode="after")
+    def check_healthcheck_endpoint(self):
         """Validate that `healthcheck_endpoint` is an endpoint."""
-        if v.startswith("/"):
-            return v
+        if self.healthcheck_endpoint.startswith("/"):
+            return self
         raise ValueError('healthcheck_endpoint should start with a "/"')
 
     # pylint: disable=unused-argument

cli/cenclave/src/cenclave/core/no_sgx_docker.py

@@ -14,9 +14,9 @@ class NoSgxDockerConfig(BaseModel):
 
     subject: str
     subject_alternative_name: str
-    expiration_date: Optional[int]
-    client_certificate: Optional[str]
-    ssl_verify_mode: Optional[int]
+    expiration_date: Optional[int] = None
+    client_certificate: Optional[str] = None
+    ssl_verify_mode: Optional[int] = None
     size: int
     app_id: UUID
     application: str

cli/cenclave/src/cenclave/core/sgx_docker.py

@@ -4,7 +4,7 @@
 from typing import Any, ClassVar, Dict, List, Optional, Tuple
 from uuid import UUID
 
-from pydantic import BaseModel, validator
+from pydantic import BaseModel, model_validator
 
 
 class SgxDockerConfig(BaseModel):
@@ -17,8 +17,8 @@ class SgxDockerConfig(BaseModel):
     subject: str
     subject_alternative_name: str
     expiration_date: int
-    client_certificate: Optional[str]
-    ssl_verify_mode: Optional[int]
+    client_certificate: Optional[str] = None
+    ssl_verify_mode: Optional[int] = None
     app_dir: Path
     application: str
     healthcheck: str
@@ -29,19 +29,21 @@ class SgxDockerConfig(BaseModel):
     docker_label: ClassVar[str] = "cenclave"
     entrypoint: ClassVar[str] = "cenclave-run"
 
-    # pylint: disable=no-self-argument
-    @validator("ssl_verify_mode")
-    def check_ssl_verify_mode(cls, v, values):
+    @model_validator(mode="after")
+    def check_ssl_verify_mode(self):
         """Validate ssl_verify_mode with client_certificate."""
-        if "ssl_verify_mode" in values and not values["client_certificate"]:
+        if self.ssl_verify_mode is not None and self.client_certificate is None:
             raise ValueError("no client_certificate with ssl_verify_mode")
 
-        if v and v not in (1, 2):
+        if self.client_certificate is not None and self.client_certificate not in (
+            1,
+            2,
+        ):
             raise ValueError(
                 "ssl_verify_mode must be 1 (CERT_OPTIONAL) or 2 (CERT_REQUIRED)"
             )
 
-        return v
+        return self
 
     def cmd(self) -> List[str]:
         """Serialize the docker command args."""

cli/cenclave/src/cenclave/core/test_docker.py

@@ -12,9 +12,9 @@ class TestDockerConfig(BaseModel):
     port: int
     code: Path
     application: str
-    sealed_secrets: Optional[Path]
-    secrets: Optional[Path]
-    simu_enclave_sk: Optional[Path]
+    sealed_secrets: Optional[Path] = None
+    secrets: Optional[Path] = None
+    simu_enclave_sk: Optional[Path] = None
 
     secret_mountpoint: ClassVar[str] = "/root/.cache/cenclave/secrets.json"
     sealed_secrets_mountpoint: ClassVar[str] = (

cli/cenclave/src/cenclave/model/evidence.py

@@ -17,7 +17,7 @@
     load_pem_x509_certificate,
     load_pem_x509_crl,
 )
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 from cenclave.core.no_sgx_docker import NoSgxDockerConfig
 
@@ -33,11 +33,7 @@ class ApplicationEvidence(BaseModel):
     tcb_cert: Certificate
     signer_pk: PublicKeyTypes
     input_args: NoSgxDockerConfig
-
-    class Config:
-        """Overwrite internal structure."""
-
-        arbitrary_types_allowed = True
+    model_config = ConfigDict(arbitrary_types_allowed=True)
 
     @property
     def collaterals(