From 9770d39304d47f31e93f5581db89b33e473f251c Mon Sep 17 00:00:00 2001 From: "Sean P. Kelly" Date: Thu, 31 Aug 2023 21:38:49 +0000 Subject: [PATCH] update to actix-web 4.4 for rustls 2.1 --- Cargo.lock | 117 +++++++++++++++++++++++-------------- apiserver/Cargo.toml | 2 +- apiserver/src/api/error.rs | 2 +- apiserver/src/api/mod.rs | 6 +- clarify.toml | 1 - models/src/node/mod.rs | 12 ++-- 6 files changed, 85 insertions(+), 55 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6f3bdcb8..0374d59a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8,7 +8,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "617a8268e3537fe1d8c9ead925fca49ef6400927ee7bc26750e90ecee14ce4b8" dependencies = [ - "bitflags", + "bitflags 1.3.2", "bytes", "futures-core", "futures-sink", @@ -21,9 +21,9 @@ dependencies = [ [[package]] name = "actix-http" -version = "3.3.1" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2079246596c18b4a33e274ae10c0e50613f4d32a4198e09c7b93771013fed74" +checksum = "a92ef85799cba03f76e4f7c10f533e66d87c9a7e7055f3391f09000ad8351bc9" dependencies = [ "actix-codec", "actix-rt", @@ -32,7 +32,7 @@ dependencies = [ "actix-utils", "ahash 0.8.3", "base64 0.21.2", - "bitflags", + "bitflags 2.4.0", "brotli", "bytes", "bytestring", @@ -61,12 +61,12 @@ dependencies = [ [[package]] name = "actix-macros" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "465a6172cf69b960917811022d8f29bc0b7fa1398bc4f78b3c466673db1213b6" +checksum = "e01ed3140b2f8d422c68afa1ed2e85d996ea619c988ac834d255db32138655cb" dependencies = [ "quote", - "syn 1.0.109", + "syn 2.0.28", ] [[package]] @@ -84,9 +84,9 @@ dependencies = [ [[package]] name = "actix-rt" -version = "2.8.0" +version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15265b6b8e2347670eb363c47fc8c75208b4a4994b27192f345fcbe707804f3e" +checksum = "28f32d40287d3f402ae0028a9d54bef51af15c8769492826a69d28f81893151d" dependencies = [ "futures-core", "tokio", @@ -94,9 +94,9 @@ dependencies = [ [[package]] name = "actix-server" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e8613a75dd50cc45f473cee3c34d59ed677c0f7b44480ce3b8247d7dc519327" +checksum = "3eb13e7eef0423ea6eab0e59f6c72e7cb46d33691ad56a726b3cd07ddec2c2d4" dependencies = [ "actix-rt", "actix-service", @@ -104,8 +104,7 @@ dependencies = [ "futures-core", "futures-util", "mio", - "num_cpus", - "socket2", + "socket2 0.5.3", "tokio", "tracing", ] @@ -123,21 +122,24 @@ dependencies = [ [[package]] name = "actix-tls" -version = "3.0.3" +version = "3.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fde0cf292f7cdc7f070803cb9a0d45c018441321a78b1042ffbbb81ec333297" +checksum = "72616e7fbec0aa99c6f3164677fa48ff5a60036d0799c98cab894a44f3e0efc3" dependencies = [ - "actix-codec", "actix-rt", "actix-service", "actix-utils", "futures-core", "http", - "log", + "impl-more", "pin-project-lite", - "tokio-rustls 0.23.4", + "rustls 0.21.7", + "rustls-webpki", + "tokio", + "tokio-rustls 0.24.0", "tokio-util", - "webpki-roots", + "tracing", + "webpki-roots 0.25.2", ] [[package]] @@ -152,9 +154,9 @@ dependencies = [ [[package]] name = "actix-web" -version = "4.3.1" +version = "4.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd3cb42f9566ab176e1ef0b8b3a896529062b4efc6be0123046095914c4c1c96" +checksum = "0e4a5b5e29603ca8c94a77c65cf874718ceb60292c5a5c3e5f4ace041af462b9" dependencies = [ "actix-codec", "actix-http", @@ -166,7 +168,7 @@ dependencies = [ "actix-tls", "actix-utils", "actix-web-codegen", - "ahash 0.7.6", + "ahash 0.8.3", "bytes", "bytestring", "cfg-if", @@ -175,7 +177,6 @@ dependencies = [ "encoding_rs", "futures-core", "futures-util", - "http", "itoa", "language-tags", "log", @@ -187,21 +188,21 @@ dependencies = [ "serde_json", "serde_urlencoded", "smallvec", - "socket2", + "socket2 0.5.3", "time", "url", ] [[package]] name = "actix-web-codegen" -version = "4.2.0" +version = "4.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2262160a7ae29e3415554a3f1fc04c764b1540c116aa524683208078b7a75bc9" +checksum = "eb1f50ebbb30eca122b188319a4398b3f7bb4a8cdf50ecfb73bfc6a3c3ce54f5" dependencies = [ "actix-router", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.28", ] [[package]] @@ -348,7 +349,7 @@ dependencies = [ "opentelemetry", "opentelemetry-prometheus", "reqwest", - "rustls 0.21.1", + "rustls 0.21.7", "rustls-pemfile", "schemars", "serde", @@ -896,6 +897,12 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "bitflags" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" + [[package]] name = "block-buffer" version = "0.10.4" @@ -1643,7 +1650,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2", + "socket2 0.4.9", "tokio", "tower-service", "tracing", @@ -1674,7 +1681,7 @@ dependencies = [ "http", "hyper", "log", - "rustls 0.21.1", + "rustls 0.21.7", "rustls-native-certs", "tokio", "tokio-rustls 0.24.0", @@ -1748,6 +1755,12 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb56e1aa765b4b4f3aadfab769793b7087bb03a4ea4920644a6d238e2df5b9ed" +[[package]] +name = "impl-more" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "206ca75c9c03ba3d4ace2460e57b189f39f43de612c2f85836e65c929701bb2d" + [[package]] name = "indexmap" version = "1.9.3" @@ -1958,7 +1971,7 @@ dependencies = [ "kube-core", "pem", "pin-project", - "rustls 0.21.1", + "rustls 0.21.7", "rustls-pemfile", "secrecy", "serde", @@ -2627,7 +2640,7 @@ version = "10.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c297679cb867470fa8c9f67dbba74a78d78e3e98d7cf2b08d6d71540f797332" dependencies = [ - "bitflags", + "bitflags 1.3.2", ] [[package]] @@ -2636,7 +2649,7 @@ version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" dependencies = [ - "bitflags", + "bitflags 1.3.2", ] [[package]] @@ -2694,7 +2707,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls 0.21.1", + "rustls 0.21.7", "rustls-pemfile", "serde", "serde_json", @@ -2706,7 +2719,7 @@ dependencies = [ "wasm-bindgen", "wasm-bindgen-futures", "web-sys", - "webpki-roots", + "webpki-roots 0.22.6", "winreg", ] @@ -2746,7 +2759,7 @@ version = "0.37.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d" dependencies = [ - "bitflags", + "bitflags 1.3.2", "errno", "io-lifetimes", "libc", @@ -2768,9 +2781,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.1" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c911ba11bc8433e811ce56fde130ccf32f5127cab0e0194e9c68c5a5b671791e" +checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", "ring", @@ -2801,9 +2814,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.100.2" +version = "0.101.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e98ff011474fa39949b7e5c0428f9b4937eda7da7848bbb947786b7be0b27dab" +checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" dependencies = [ "ring", "untrusted", @@ -2886,7 +2899,7 @@ version = "2.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fc758eb7bffce5b308734e9b0c1468893cae9ff70ebf13e7090be8dcbcc83a8" dependencies = [ - "bitflags", + "bitflags 1.3.2", "core-foundation", "core-foundation-sys", "libc", @@ -3092,6 +3105,16 @@ dependencies = [ "winapi", ] +[[package]] +name = "socket2" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877" +dependencies = [ + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "spin" version = "0.5.2" @@ -3247,7 +3270,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2", + "socket2 0.4.9", "tokio-macros", "windows-sys 0.48.0", ] @@ -3301,7 +3324,7 @@ version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e0d409377ff5b1e3ca6437aa86c1eb7d40c134bfec254e44c830defa92669db5" dependencies = [ - "rustls 0.21.1", + "rustls 0.21.7", "tokio", ] @@ -3355,7 +3378,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5d1d42a9b3f3ec46ba828e8d376aec14592ea199f70a06a548587ecd1c4ab658" dependencies = [ "base64 0.20.0", - "bitflags", + "bitflags 1.3.2", "bytes", "futures-core", "futures-util", @@ -3730,6 +3753,12 @@ dependencies = [ "webpki", ] +[[package]] +name = "webpki-roots" +version = "0.25.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" + [[package]] name = "winapi" version = "0.3.9" diff --git a/apiserver/Cargo.toml b/apiserver/Cargo.toml index fa42187d..16eba0c2 100644 --- a/apiserver/Cargo.toml +++ b/apiserver/Cargo.toml @@ -15,7 +15,7 @@ server = [] models = { path = "../models", version = "0.1.0" } # tracing-actix-web version must align with actix-web version -actix-web = { version = "4", features = ["rustls"] } +actix-web = { version = "4.4", features = ["rustls-0_21"] } awc = "3" actix-web-opentelemetry = { version = "0.13", features = ["metrics", "metrics-prometheus"] } rustls = { version = "0.21" } diff --git a/apiserver/src/api/error.rs b/apiserver/src/api/error.rs index 4b718c8c..0bcc6fdd 100644 --- a/apiserver/src/api/error.rs +++ b/apiserver/src/api/error.rs @@ -53,7 +53,7 @@ pub enum Error { CertExtract { path: String, source: io::Error }, #[snafu(display("Failed to add CA to cert store: {}", source))] - CertStore { source: webpki::Error }, + CertStore { source: rustls::Error }, #[snafu(display("Failed to build TLS config from loaded certs: {}", source))] TLSConfigBuild { source: rustls::Error }, diff --git a/apiserver/src/api/mod.rs b/apiserver/src/api/mod.rs index 783e9997..ab87fb3c 100644 --- a/apiserver/src/api/mod.rs +++ b/apiserver/src/api/mod.rs @@ -45,7 +45,7 @@ use rustls::{ }; use rustls_pemfile::{certs, pkcs8_private_keys}; use snafu::{OptionExt, ResultExt}; -use std::{env, fs::File, io::BufReader}; +use std::{env, fs::File, io::BufReader, sync::Arc}; use tokio::time::{sleep, Duration}; use tracing::{event, Level}; use tracing_actix_web::TracingLogger; @@ -216,7 +216,7 @@ pub async fn run_server( cert_store.add(&ca).context(error::CertStoreSnafu)?; } - let verifier = AllowAnyAnonymousOrAuthenticatedClient::new(cert_store); + let verifier = Arc::new(AllowAnyAnonymousOrAuthenticatedClient::new(cert_store)); let tls_config_builder = ServerConfig::builder() .with_safe_defaults() @@ -276,7 +276,7 @@ pub async fn run_server( web::get().to(ping::health_check), ) }) - .bind_rustls(server_addr, tls_config) + .bind_rustls_021(server_addr, tls_config) .context(error::HttpServerSnafu)? .run(); diff --git a/clarify.toml b/clarify.toml index 2d3f9fe7..e86f2f42 100644 --- a/clarify.toml +++ b/clarify.toml @@ -106,5 +106,4 @@ license-files = [ expression = "ISC" license-files = [ { path = "LICENSE", hash = 0x001c7e6c }, - { path = "third-party/chromium/LICENSE", hash = 0x9b209a1a }, ] diff --git a/models/src/node/mod.rs b/models/src/node/mod.rs index d22b3905..e9c05211 100644 --- a/models/src/node/mod.rs +++ b/models/src/node/mod.rs @@ -4,11 +4,13 @@ mod drain; pub use self::client::client_error::Error as BottlerocketShadowClientError; pub use self::client::*; -pub use self::crd::*; -pub use self::error::Error as BottlerocketShadowError; - -/// The module-wide result type. -type Result = std::result::Result; +// pub use self::crd::*; +pub use self::crd::{ + brs_name_from_node_name, combined_crds, error, v1, v2, BottlerocketShadow, + BottlerocketShadowResource, BottlerocketShadowSelector, BottlerocketShadowSpec, + BottlerocketShadowState, BottlerocketShadowStatus, Result, Selector, +}; +pub use crd::error::Error as BottlerocketShadowError; use lazy_static::lazy_static; pub use semver::Version;