chore(backend): deprecation sweep — Pydantic V1 -> V2, utcnow -> tz-aware

Two low-risk Pydantic V1 idioms that will be hard errors in V3: - Query(regex=...) -> Query(pattern=...) (audit_routes, control_generator_routes) - class Config: from_attributes=True -> model_config = ConfigDict(...) in source_policy_router.py (schemas.py is intentionally skipped — it is the Phase 1 schema-split target and the ConfigDict conversion is most efficient to do during that split). Naive -> aware datetime sweep across 47 files: - datetime.utcnow() -> datetime.now(timezone.utc) - default=datetime.utcnow -> default=lambda: datetime.now(timezone.utc) - onupdate=datetime.utcnow -> onupdate=lambda: datetime.now(timezone.utc) All SQLAlchemy DateTime columns in the project already declare timezone=True, so the DB schema expects aware datetimes. Before this commit, the in-Python side was generating naive values and the driver was silently coercing them. This is a latent-bug fix, not a behavior change at the DB boundary. Verified: - 173/173 pytest compliance/tests/ pass (same as baseline) - tests/contracts/test_openapi_baseline.py passes (360 paths, 484 operations unchanged) - DeprecationWarning count dropped from 158 -> 35 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 13:09:59 +02:00
parent 512b7a0f6c
commit cb90d0db0c
47 changed files with 260 additions and 261 deletions
--- a/backend-compliance/compliance/db/isms_repository.py
+++ b/backend-compliance/compliance/db/isms_repository.py
@@ -10,7 +10,7 @@ Provides CRUD operations for ISO 27001 certification-related entities:
 """

 import uuid
-from datetime import datetime, date
+from datetime import datetime, date, timezone
 from typing import List, Optional, Dict, Any, Tuple

 from sqlalchemy.orm import Session as DBSession
@@ -94,11 +94,11 @@ class ISMSScopeRepository:
        import hashlib
        scope.status = ApprovalStatusEnum.APPROVED
        scope.approved_by = approved_by
-        scope.approved_at = datetime.utcnow()
+        scope.approved_at = datetime.now(timezone.utc)
        scope.effective_date = effective_date
        scope.review_date = review_date
        scope.approval_signature = hashlib.sha256(
-            f"{scope.scope_statement}|{approved_by}|{datetime.utcnow().isoformat()}".encode()
+            f"{scope.scope_statement}|{approved_by}|{datetime.now(timezone.utc).isoformat()}".encode()
        ).hexdigest()

        self.db.commit()
@@ -185,7 +185,7 @@ class ISMSPolicyRepository:
        policy.status = ApprovalStatusEnum.APPROVED
        policy.reviewed_by = reviewed_by
        policy.approved_by = approved_by
-        policy.approved_at = datetime.utcnow()
+        policy.approved_at = datetime.now(timezone.utc)
        policy.effective_date = effective_date
        policy.next_review_date = date(
            effective_date.year + (policy.review_frequency_months // 12),
@@ -193,7 +193,7 @@ class ISMSPolicyRepository:
            effective_date.day
        )
        policy.approval_signature = hashlib.sha256(
-            f"{policy.policy_id}|{approved_by}|{datetime.utcnow().isoformat()}".encode()
+            f"{policy.policy_id}|{approved_by}|{datetime.now(timezone.utc).isoformat()}".encode()
        ).hexdigest()

        self.db.commit()
@@ -472,7 +472,7 @@ class AuditFindingRepository:
        finding.verification_method = verification_method
        finding.verification_evidence = verification_evidence
        finding.verified_by = closed_by
-        finding.verified_at = datetime.utcnow()
+        finding.verified_at = datetime.now(timezone.utc)

        self.db.commit()
        self.db.refresh(finding)
@@ -644,7 +644,7 @@ class ManagementReviewRepository:

        review.status = "approved"
        review.approved_by = approved_by
-        review.approved_at = datetime.utcnow()
+        review.approved_at = datetime.now(timezone.utc)
        review.next_review_date = next_review_date
        review.minutes_document_path = minutes_document_path

@@ -761,7 +761,7 @@ class AuditTrailRepository:
            new_value=new_value,
            change_summary=change_summary,
            performed_by=performed_by,
-            performed_at=datetime.utcnow(),
+            performed_at=datetime.now(timezone.utc),
            checksum=hashlib.sha256(
                f"{entity_type}|{entity_id}|{action}|{performed_by}".encode()
            ).hexdigest(),
--- a/backend-compliance/compliance/db/repository.py
+++ b/backend-compliance/compliance/db/repository.py
@@ -6,7 +6,7 @@ Provides CRUD operations and business logic queries for all compliance entities.
 from __future__ import annotations

 import uuid
-from datetime import datetime, date
+from datetime import datetime, date, timezone
 from typing import List, Optional, Dict, Any

 from sqlalchemy.orm import Session as DBSession, selectinload, joinedload
@@ -86,7 +86,7 @@ class RegulationRepository:
        for key, value in kwargs.items():
            if hasattr(regulation, key):
                setattr(regulation, key, value)
-        regulation.updated_at = datetime.utcnow()
+        regulation.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(regulation)
        return regulation
@@ -425,7 +425,7 @@ class ControlRepository:
        control.status = status
        if status_notes:
            control.status_notes = status_notes
-        control.updated_at = datetime.utcnow()
+        control.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(control)
        return control
@@ -435,10 +435,10 @@ class ControlRepository:
        control = self.get_by_control_id(control_id)
        if not control:
            return None
-        control.last_reviewed_at = datetime.utcnow()
+        control.last_reviewed_at = datetime.now(timezone.utc)
        from datetime import timedelta
-        control.next_review_at = datetime.utcnow() + timedelta(days=control.review_frequency_days)
-        control.updated_at = datetime.utcnow()
+        control.next_review_at = datetime.now(timezone.utc) + timedelta(days=control.review_frequency_days)
+        control.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(control)
        return control
@@ -450,7 +450,7 @@ class ControlRepository:
            .filter(
                or_(
                    ControlDB.next_review_at is None,
-                    ControlDB.next_review_at <= datetime.utcnow()
+                    ControlDB.next_review_at <= datetime.now(timezone.utc)
                )
            )
            .order_by(ControlDB.next_review_at)
@@ -624,7 +624,7 @@ class EvidenceRepository:
        if not evidence:
            return None
        evidence.status = status
-        evidence.updated_at = datetime.utcnow()
+        evidence.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(evidence)
        return evidence
@@ -749,7 +749,7 @@ class RiskRepository:
                    risk.residual_likelihood, risk.residual_impact
                )

-        risk.updated_at = datetime.utcnow()
+        risk.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(risk)
        return risk
@@ -860,9 +860,9 @@ class AuditExportRepository:
            export.compliance_score = compliance_score

        if status == ExportStatusEnum.COMPLETED:
-            export.completed_at = datetime.utcnow()
+            export.completed_at = datetime.now(timezone.utc)

-        export.updated_at = datetime.utcnow()
+        export.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(export)
        return export
@@ -1156,11 +1156,11 @@ class AuditSessionRepository:

        session.status = status
        if status == AuditSessionStatusEnum.IN_PROGRESS and not session.started_at:
-            session.started_at = datetime.utcnow()
+            session.started_at = datetime.now(timezone.utc)
        elif status == AuditSessionStatusEnum.COMPLETED:
-            session.completed_at = datetime.utcnow()
+            session.completed_at = datetime.now(timezone.utc)

-        session.updated_at = datetime.utcnow()
+        session.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(session)
        return session
@@ -1183,7 +1183,7 @@ class AuditSessionRepository:
        if completed_items is not None:
            session.completed_items = completed_items

-        session.updated_at = datetime.utcnow()
+        session.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(session)
        return session
@@ -1207,9 +1207,9 @@ class AuditSessionRepository:
        total_requirements = query.scalar() or 0

        session.status = AuditSessionStatusEnum.IN_PROGRESS
-        session.started_at = datetime.utcnow()
+        session.started_at = datetime.now(timezone.utc)
        session.total_items = total_requirements
-        session.updated_at = datetime.utcnow()
+        session.updated_at = datetime.now(timezone.utc)

        self.db.commit()
        self.db.refresh(session)
@@ -1344,7 +1344,7 @@ class AuditSignOffRepository:
        if sign and signed_by:
            signoff.create_signature(signed_by)

-        signoff.updated_at = datetime.utcnow()
+        signoff.updated_at = datetime.now(timezone.utc)
        self.db.commit()
        self.db.refresh(signoff)

@@ -1376,7 +1376,7 @@ class AuditSignOffRepository:
                signoff.notes = notes
            if sign and signed_by:
                signoff.create_signature(signed_by)
-            signoff.updated_at = datetime.utcnow()
+            signoff.updated_at = datetime.now(timezone.utc)
        else:
            # Create new
            signoff = AuditSignOffDB(
@@ -1416,7 +1416,7 @@ class AuditSignOffRepository:
        ).first()
        if session:
            session.completed_items = completed
-            session.updated_at = datetime.utcnow()
+            session.updated_at = datetime.now(timezone.utc)
            self.db.commit()

    def get_checklist(