update to actix-web 4.4 for rustls 2.1

bottlerocket-os · Sep 1, 2023 · 04d8f7e · 04d8f7e
1 parent 9cb1165
commit 04d8f7e
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 41 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/apiserver/Cargo.toml b/apiserver/Cargo.toml
@@ -15,7 +15,7 @@ server = []
 models = { path = "../models", version = "0.1.0" }
 
 # tracing-actix-web version must align with actix-web version
-actix-web = { version = "4", features = ["rustls"] }
+actix-web = { version = "4.4", features = ["rustls-0_21"] }
 awc = "3"
 actix-web-opentelemetry = { version = "0.13", features = ["metrics", "metrics-prometheus"] }
 rustls = { version = "0.21" }

diff --git a/apiserver/src/api/error.rs b/apiserver/src/api/error.rs
@@ -53,7 +53,7 @@ pub enum Error {
     CertExtract { path: String, source: io::Error },
 
     #[snafu(display("Failed to add CA to cert store: {}", source))]
-    CertStore { source: webpki::Error },
+    CertStore { source: rustls::Error },
 
     #[snafu(display("Failed to build TLS config from loaded certs: {}", source))]
     TLSConfigBuild { source: rustls::Error },

diff --git a/apiserver/src/api/mod.rs b/apiserver/src/api/mod.rs
@@ -45,7 +45,7 @@ use rustls::{
 };
 use rustls_pemfile::{certs, pkcs8_private_keys};
 use snafu::{OptionExt, ResultExt};
-use std::{env, fs::File, io::BufReader};
+use std::{env, fs::File, io::BufReader, sync::Arc};
 use tokio::time::{sleep, Duration};
 use tracing::{event, Level};
 use tracing_actix_web::TracingLogger;
@@ -216,7 +216,7 @@ pub async fn run_server<T: 'static + BottlerocketShadowClient>(
         cert_store.add(&ca).context(error::CertStoreSnafu)?;
     }
 
-    let verifier = AllowAnyAnonymousOrAuthenticatedClient::new(cert_store);
+    let verifier = Arc::new(AllowAnyAnonymousOrAuthenticatedClient::new(cert_store));
 
     let tls_config_builder = ServerConfig::builder()
         .with_safe_defaults()
@@ -276,7 +276,7 @@ pub async fn run_server<T: 'static + BottlerocketShadowClient>(
                 web::get().to(ping::health_check),
             )
     })
-    .bind_rustls(server_addr, tls_config)
+    .bind_rustls_021(server_addr, tls_config)
     .context(error::HttpServerSnafu)?
     .run();
 

diff --git a/clarify.toml b/clarify.toml
@@ -115,5 +115,4 @@ license-files = [
 expression = "ISC"
 license-files = [
     { path = "LICENSE", hash = 0x001c7e6c },
-    { path = "third-party/chromium/LICENSE", hash = 0x9b209a1a },
 ]
diff --git a/models/src/node/mod.rs b/models/src/node/mod.rs
@@ -4,11 +4,13 @@ mod drain;
 
 pub use self::client::client_error::Error as BottlerocketShadowClientError;
 pub use self::client::*;
-pub use self::crd::*;
-pub use self::error::Error as BottlerocketShadowError;
-
-/// The module-wide result type.
-type Result<T> = std::result::Result<T, error::Error>;
+// pub use self::crd::*;
+pub use self::crd::{
+    brs_name_from_node_name, combined_crds, error, v1, v2, BottlerocketShadow,
+    BottlerocketShadowResource, BottlerocketShadowSelector, BottlerocketShadowSpec,
+    BottlerocketShadowState, BottlerocketShadowStatus, Result, Selector,
+};
+pub use crd::error::Error as BottlerocketShadowError;
 
 use lazy_static::lazy_static;
 pub use semver::Version;