diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index bb6b8231e..1c6e32482 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -22,7 +22,4 @@ jobs: labels: bottlerocket_ubuntu-latest_16-core steps: - uses: actions/checkout@v3 - - run: cargo build --locked - - run: cargo test --locked - - run: cargo fmt -- --check - - run: cargo clippy --locked -- -D warnings --no-deps + - run: make build diff --git a/Cargo.lock b/Cargo.lock index 0fff98bae..0c07d3886 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -126,16 +126,6 @@ dependencies = [ "serde", ] -[[package]] -name = "assert-json-diff" -version = "2.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47e4f2b81832e72834d7518d8487a0396a28cc408186a2e8854c0f98011faf12" -dependencies = [ - "serde", - "serde_json", -] - [[package]] name = "async-recursion" version = "1.0.5" @@ -175,52 +165,23 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" -[[package]] -name = "aws-config" -version = "0.54.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c3d1e2a1f1ab3ac6c4b884e37413eaa03eb9d901e4fc68ee8f5c1d49721680e" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-http 0.54.1", - "aws-sdk-sso 0.24.0", - "aws-sdk-sts 0.24.0", - "aws-smithy-async 0.54.4", - "aws-smithy-client 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-http-tower 0.54.4", - "aws-smithy-json 0.54.4", - "aws-smithy-types 0.54.4", - "aws-types 0.54.1", - "bytes", - "hex", - "http", - "hyper", - "ring", - "time", - "tokio", - "tower", - "tracing", - "zeroize", -] - [[package]] name = "aws-config" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bcdcf0d683fe9c23d32cf5b53c9918ea0a500375a9fb20109802552658e576c9" dependencies = [ - "aws-credential-types 0.55.3", - "aws-http 0.55.3", - "aws-sdk-sso 0.28.0", - "aws-sdk-sts 0.28.0", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-http", + "aws-sdk-sso", + "aws-sdk-sts", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-types", + "aws-types", "bytes", "fastrand 1.9.0", "hex", @@ -234,90 +195,44 @@ dependencies = [ "zeroize", ] -[[package]] -name = "aws-credential-types" -version = "0.54.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb0696a0523a39a19087747e4dafda0362dc867531e3d72a3f195564c84e5e08" -dependencies = [ - "aws-smithy-async 0.54.4", - "aws-smithy-types 0.54.4", - "tokio", - "tracing", - "zeroize", -] - [[package]] name = "aws-credential-types" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fcdb2f7acbc076ff5ad05e7864bdb191ca70a6fd07668dc3a1a8bcd051de5ae" dependencies = [ - "aws-smithy-async 0.55.3", - "aws-smithy-types 0.55.3", + "aws-smithy-async", + "aws-smithy-types", "fastrand 1.9.0", "tokio", "tracing", "zeroize", ] -[[package]] -name = "aws-endpoint" -version = "0.54.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80a4f935ab6a1919fbfd6102a80c4fccd9ff5f47f94ba154074afe1051903261" -dependencies = [ - "aws-smithy-http 0.54.4", - "aws-smithy-types 0.54.4", - "aws-types 0.54.1", - "http", - "regex", - "tracing", -] - [[package]] name = "aws-endpoint" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8cce1c41a6cfaa726adee9ebb9a56fcd2bbfd8be49fd8a04c5e20fd968330b04" dependencies = [ - "aws-smithy-http 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-smithy-http", + "aws-smithy-types", + "aws-types", "http", "regex", "tracing", ] -[[package]] -name = "aws-http" -version = "0.54.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82976ca4e426ee9ca3ffcf919d9b2c8d14d0cd80d43cc02173737a8f07f28d4d" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-smithy-http 0.54.4", - "aws-smithy-types 0.54.4", - "aws-types 0.54.1", - "bytes", - "http", - "http-body", - "lazy_static", - "percent-encoding", - "pin-project-lite", - "tracing", -] - [[package]] name = "aws-http" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aadbc44e7a8f3e71c8b374e03ecd972869eb91dd2bc89ed018954a52ba84bc44" dependencies = [ - "aws-credential-types 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-smithy-http", + "aws-smithy-types", + "aws-types", "bytes", "http", "http-body", @@ -327,51 +242,23 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-sdk-cloudformation" -version = "0.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f32bb66da99e2955ce49e346200cb14421784755a39c74fe2c043536b2d57ba" -dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-query 0.55.3", - "aws-smithy-types 0.55.3", - "aws-smithy-xml 0.55.3", - "aws-types 0.55.3", - "bytes", - "fastrand 1.9.0", - "http", - "regex", - "tokio-stream", - "tower", - "tracing", -] - [[package]] name = "aws-sdk-ebs" version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c44666651c93b43b78bc3d0bc280efffa64ab6c23ecb3370ed0760d6e69d417" dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-endpoint", + "aws-http", + "aws-sig-auth", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-types", + "aws-types", "bytes", "fastrand 1.9.0", "http", @@ -387,19 +274,19 @@ version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eab2493c5857725eeafe12ec66ba4ce6feb3355e3af6828d9ef28d6152972a27" dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-query 0.55.3", - "aws-smithy-types 0.55.3", - "aws-smithy-xml 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-endpoint", + "aws-http", + "aws-sig-auth", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-query", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", "bytes", "fastrand 1.9.0", "http", @@ -409,112 +296,29 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-sdk-kms" -version = "0.24.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "434d7097fc824eee1d94cf6c5e3a30714da15b81a5b99618f8feb67f8eb2f70a" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-endpoint 0.54.1", - "aws-http 0.54.1", - "aws-sig-auth 0.54.1", - "aws-smithy-async 0.54.4", - "aws-smithy-client 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-http-tower 0.54.4", - "aws-smithy-json 0.54.4", - "aws-smithy-types 0.54.4", - "aws-types 0.54.1", - "bytes", - "http", - "regex", - "tokio-stream", - "tower", - "tracing", -] - [[package]] name = "aws-sdk-kms" version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "545335abd7c6ef7285d2972a67b9f8279ff5fec8bbb3ffc637fa436ba1e6e434" dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", - "bytes", - "http", - "regex", - "tokio-stream", - "tower", - "tracing", -] - -[[package]] -name = "aws-sdk-s3" -version = "0.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fba197193cbb4bcb6aad8d99796b2291f36fa89562ded5d4501363055b0de89f" -dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-sigv4 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-checksums", - "aws-smithy-client 0.55.3", - "aws-smithy-eventstream", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-types 0.55.3", - "aws-smithy-xml 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-endpoint", + "aws-http", + "aws-sig-auth", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-types", + "aws-types", "bytes", "http", - "http-body", - "once_cell", - "percent-encoding", "regex", "tokio-stream", "tower", "tracing", - "url", -] - -[[package]] -name = "aws-sdk-ssm" -version = "0.24.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47a1993b71d6301d8f68f2ce6d87768b2f76130709b3c666d00e7fee52adb73c" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-endpoint 0.54.1", - "aws-http 0.54.1", - "aws-sig-auth 0.54.1", - "aws-smithy-async 0.54.4", - "aws-smithy-client 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-http-tower 0.54.4", - "aws-smithy-json 0.54.4", - "aws-smithy-types 0.54.4", - "aws-types 0.54.1", - "bytes", - "fastrand 1.9.0", - "http", - "regex", - "tokio-stream", - "tower", ] [[package]] @@ -523,17 +327,17 @@ version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "014a095ed73c1f789699dfeb45a2b1debb03119910392bd7fcda4a07a72b3af4" dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-endpoint", + "aws-http", + "aws-sig-auth", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-types", + "aws-types", "bytes", "fastrand 1.9.0", "http", @@ -543,47 +347,23 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-sdk-sso" -version = "0.24.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca0119bacf0c42f587506769390983223ba834e605f049babe514b2bd646dbb2" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-endpoint 0.54.1", - "aws-http 0.54.1", - "aws-sig-auth 0.54.1", - "aws-smithy-async 0.54.4", - "aws-smithy-client 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-http-tower 0.54.4", - "aws-smithy-json 0.54.4", - "aws-smithy-types 0.54.4", - "aws-types 0.54.1", - "bytes", - "http", - "regex", - "tokio-stream", - "tower", -] - [[package]] name = "aws-sdk-sso" version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8b812340d86d4a766b2ca73f740dfd47a97c2dff0c06c8517a16d88241957e4" dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-endpoint", + "aws-http", + "aws-sig-auth", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-types", + "aws-types", "bytes", "http", "regex", @@ -592,51 +372,25 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-sdk-sts" -version = "0.24.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "270b6a33969ebfcb193512fbd5e8ee5306888ad6c6d5d775cdbfb2d50d94de26" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-endpoint 0.54.1", - "aws-http 0.54.1", - "aws-sig-auth 0.54.1", - "aws-smithy-async 0.54.4", - "aws-smithy-client 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-http-tower 0.54.4", - "aws-smithy-json 0.54.4", - "aws-smithy-query 0.54.4", - "aws-smithy-types 0.54.4", - "aws-smithy-xml 0.54.4", - "aws-types 0.54.1", - "bytes", - "http", - "regex", - "tower", - "tracing", -] - [[package]] name = "aws-sdk-sts" version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "265fac131fbfc188e5c3d96652ea90ecc676a934e3174eaaee523c6cec040b3b" dependencies = [ - "aws-credential-types 0.55.3", - "aws-endpoint 0.55.3", - "aws-http 0.55.3", - "aws-sig-auth 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-json 0.55.3", - "aws-smithy-query 0.55.3", - "aws-smithy-types 0.55.3", - "aws-smithy-xml 0.55.3", - "aws-types 0.55.3", + "aws-credential-types", + "aws-endpoint", + "aws-http", + "aws-sig-auth", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-json", + "aws-smithy-query", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", "bytes", "http", "regex", @@ -644,51 +398,17 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-sig-auth" -version = "0.54.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "660a02a98ab1af83bd8d714afbab2d502ba9b18c49e7e4cddd6bf8837ff778cb" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-sigv4 0.54.2", - "aws-smithy-http 0.54.4", - "aws-types 0.54.1", - "http", - "tracing", -] - [[package]] name = "aws-sig-auth" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3b94acb10af0c879ecd5c7bdf51cda6679a0a4f4643ce630905a77673bfa3c61" dependencies = [ - "aws-credential-types 0.55.3", - "aws-sigv4 0.55.3", - "aws-smithy-eventstream", - "aws-smithy-http 0.55.3", - "aws-types 0.55.3", - "http", - "tracing", -] - -[[package]] -name = "aws-sigv4" -version = "0.54.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86529e7b64d902efea8fff52c1b2529368d04f90305cf632729e3713f6b57dc0" -dependencies = [ - "aws-smithy-http 0.54.4", - "form_urlencoded", - "hex", - "hmac", + "aws-credential-types", + "aws-sigv4", + "aws-smithy-http", + "aws-types", "http", - "once_cell", - "percent-encoding", - "regex", - "sha2", - "time", "tracing", ] @@ -698,9 +418,7 @@ version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d2ce6f507be68e968a33485ced670111d1cbad161ddbbab1e313c03d37d8f4c" dependencies = [ - "aws-smithy-eventstream", - "aws-smithy-http 0.55.3", - "bytes", + "aws-smithy-http", "form_urlencoded", "hex", "hmac", @@ -713,18 +431,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-smithy-async" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63c712a28a4f2f2139759235c08bf98aca99d4fdf1b13c78c5f95613df0a5db9" -dependencies = [ - "futures-util", - "pin-project-lite", - "tokio", - "tokio-stream", -] - [[package]] name = "aws-smithy-async" version = "0.55.3" @@ -737,60 +443,16 @@ dependencies = [ "tokio-stream", ] -[[package]] -name = "aws-smithy-checksums" -version = "0.55.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07ed8b96d95402f3f6b8b57eb4e0e45ee365f78b1a924faf20ff6e97abf1eae6" -dependencies = [ - "aws-smithy-http 0.55.3", - "aws-smithy-types 0.55.3", - "bytes", - "crc32c", - "crc32fast", - "hex", - "http", - "http-body", - "md-5", - "pin-project-lite", - "sha1", - "sha2", - "tracing", -] - -[[package]] -name = "aws-smithy-client" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "104ca17f56cde00a10207169697dfe9c6810db339d52fb352707e64875b30a44" -dependencies = [ - "aws-smithy-async 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-http-tower 0.54.4", - "aws-smithy-types 0.54.4", - "bytes", - "fastrand 1.9.0", - "http", - "http-body", - "hyper", - "hyper-rustls 0.23.2", - "lazy_static", - "pin-project-lite", - "tokio", - "tower", - "tracing", -] - [[package]] name = "aws-smithy-client" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0a86aa6e21e86c4252ad6a0e3e74da9617295d8d6e374d552be7d3059c41cedd" dependencies = [ - "aws-smithy-async 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-http-tower 0.55.3", - "aws-smithy-types 0.55.3", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-http-tower", + "aws-smithy-types", "bytes", "fastrand 1.9.0", "http", @@ -805,47 +467,13 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-smithy-eventstream" -version = "0.55.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "460c8da5110835e3d9a717c61f5556b20d03c32a1dec57f8fc559b360f733bb8" -dependencies = [ - "aws-smithy-types 0.55.3", - "bytes", - "crc32fast", -] - -[[package]] -name = "aws-smithy-http" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "873f316f1833add0d3aa54ed1b0cd252ddd88c792a0cf839886400099971e844" -dependencies = [ - "aws-smithy-types 0.54.4", - "bytes", - "bytes-utils", - "futures-core", - "http", - "http-body", - "hyper", - "once_cell", - "percent-encoding", - "pin-project-lite", - "pin-utils", - "tokio", - "tokio-util", - "tracing", -] - [[package]] name = "aws-smithy-http" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b3b693869133551f135e1f2c77cb0b8277d9e3e17feaf2213f735857c4f0d28" dependencies = [ - "aws-smithy-eventstream", - "aws-smithy-types 0.55.3", + "aws-smithy-types", "bytes", "bytes-utils", "futures-core", @@ -861,30 +489,14 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-smithy-http-tower" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f38231d3f5dac9ac7976f44e12803add1385119ffca9e5f050d8e980733d164" -dependencies = [ - "aws-smithy-http 0.54.4", - "aws-smithy-types 0.54.4", - "bytes", - "http", - "http-body", - "pin-project-lite", - "tower", - "tracing", -] - [[package]] name = "aws-smithy-http-tower" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ae4f6c5798a247fac98a867698197d9ac22643596dc3777f0c76b91917616b9" dependencies = [ - "aws-smithy-http 0.55.3", - "aws-smithy-types 0.55.3", + "aws-smithy-http", + "aws-smithy-types", "bytes", "http", "http-body", @@ -893,32 +505,13 @@ dependencies = [ "tracing", ] -[[package]] -name = "aws-smithy-json" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bd83ff2b79e9f729746fcc8ad798676b68fe6ea72986571569a5306a277a182" -dependencies = [ - "aws-smithy-types 0.54.4", -] - [[package]] name = "aws-smithy-json" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "23f9f42fbfa96d095194a632fbac19f60077748eba536eb0b9fecc28659807f8" dependencies = [ - "aws-smithy-types 0.55.3", -] - -[[package]] -name = "aws-smithy-query" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2f0445dafe9d2cd50b44339ae3c3ed46549aad8ac696c52ad660b3e7ae8682b" -dependencies = [ - "aws-smithy-types 0.54.4", - "urlencoding", + "aws-smithy-types", ] [[package]] @@ -927,23 +520,10 @@ version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "98819eb0b04020a1c791903533b638534ae6c12e2aceda3e6e6fba015608d51d" dependencies = [ - "aws-smithy-types 0.55.3", + "aws-smithy-types", "urlencoding", ] -[[package]] -name = "aws-smithy-types" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8161232eda10290f5136610a1eb9de56aceaccd70c963a26a260af20ac24794f" -dependencies = [ - "base64-simd", - "itoa", - "num-integer", - "ryu", - "time", -] - [[package]] name = "aws-smithy-types" version = "0.55.3" @@ -957,15 +537,6 @@ dependencies = [ "time", ] -[[package]] -name = "aws-smithy-xml" -version = "0.54.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "343ffe9a9bb3f542675f4df0e0d5933513d6ad038ca3907ad1767ba690a99684" -dependencies = [ - "xmlparser", -] - [[package]] name = "aws-smithy-xml" version = "0.55.3" @@ -975,33 +546,17 @@ dependencies = [ "xmlparser", ] -[[package]] -name = "aws-types" -version = "0.54.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8f15b34253b68cde08e39b0627cc6101bcca64351229484b4743392c035d057" -dependencies = [ - "aws-credential-types 0.54.1", - "aws-smithy-async 0.54.4", - "aws-smithy-client 0.54.4", - "aws-smithy-http 0.54.4", - "aws-smithy-types 0.54.4", - "http", - "rustc_version", - "tracing", -] - [[package]] name = "aws-types" version = "0.55.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6dd209616cc8d7bfb82f87811a5c655dc97537f592689b18743bddf5dc5c4829" dependencies = [ - "aws-credential-types 0.55.3", - "aws-smithy-async 0.55.3", - "aws-smithy-client 0.55.3", - "aws-smithy-http 0.55.3", - "aws-smithy-types 0.55.3", + "aws-credential-types", + "aws-smithy-async", + "aws-smithy-client", + "aws-smithy-http", + "aws-smithy-types", "http", "rustc_version", "tracing", @@ -1131,7 +686,7 @@ dependencies = [ "serde_plain", "sha2", "snafu", - "toml 0.5.11", + "toml 0.8.0", "url", "walkdir", ] @@ -1299,11 +854,11 @@ checksum = "faa54b44a1a199e3f37ba30ffb7391ed2fe1e4deb15cc55232786b2ca228cb33" dependencies = [ "argh", "async-trait", - "aws-config 0.55.3", + "aws-config", "aws-sdk-ebs", "aws-sdk-ec2", - "aws-smithy-http 0.55.3", - "aws-types 0.55.3", + "aws-smithy-http", + "aws-types", "base64 0.13.1", "bytes", "env_logger", @@ -1370,15 +925,6 @@ dependencies = [ "libc", ] -[[package]] -name = "crc32c" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8f48d60e5b4d2c53d5c2b1d8a58c849a70ae5e5509b08a48d047e3b65714a74" -dependencies = [ - "rustc_version", -] - [[package]] name = "crc32fast" version = "1.3.2" @@ -1785,7 +1331,7 @@ checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" dependencies = [ "cfg-if", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", ] [[package]] @@ -1809,9 +1355,9 @@ dependencies = [ [[package]] name = "governor" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c390a940a5d157878dd057c78680a33ce3415bcd05b4799509ea44210914b4d5" +checksum = "821239e5672ff23e2a7060901fa622950bbd80b649cdaadd78d1c1767ed14eb4" dependencies = [ "cfg-if", "dashmap", @@ -2100,30 +1646,6 @@ dependencies = [ "unicode-width", ] -[[package]] -name = "infrasys" -version = "0.1.0" -dependencies = [ - "assert-json-diff", - "async-trait", - "aws-config 0.55.3", - "aws-sdk-cloudformation", - "aws-sdk-s3", - "aws-types 0.55.3", - "clap 4.4.3", - "hex", - "log", - "pubsys-config", - "serde_json", - "serde_yaml 0.9.25", - "sha2", - "shell-words", - "simplelog", - "snafu", - "tokio", - "url", -] - [[package]] name = "instant" version = "0.1.12" @@ -2324,10 +1846,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] -name = "mach" -version = "0.3.2" +name = "mach2" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b823e83b2affd8f40a9ee8c29dbc56404c1e34cd2710921f2801e2cf29527afa" +checksum = "6d0d1830bcd151a6fc4aea1369af235b36c1528fe976b8ff678683c9995eade8" dependencies = [ "libc", ] @@ -2338,15 +1860,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" -[[package]] -name = "md-5" -version = "0.10.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6365506850d44bff6e2fbcb5176cf63650e48bd45ef2fe2665ae1570e0f4b9ca" -dependencies = [ - "digest", -] - [[package]] name = "memchr" version = "2.6.3" @@ -2384,7 +1897,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" dependencies = [ "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "windows-sys 0.48.0", ] @@ -2720,15 +2233,15 @@ dependencies = [ name = "pubsys" version = "0.1.0" dependencies = [ - "aws-config 0.55.3", - "aws-credential-types 0.55.3", + "aws-config", + "aws-credential-types", "aws-sdk-ebs", "aws-sdk-ec2", - "aws-sdk-kms 0.28.0", - "aws-sdk-ssm 0.28.0", - "aws-sdk-sts 0.28.0", - "aws-smithy-types 0.55.3", - "aws-types 0.55.3", + "aws-sdk-kms", + "aws-sdk-ssm", + "aws-sdk-sts", + "aws-smithy-types", + "aws-types", "buildsys", "chrono", "clap 4.4.3", @@ -2756,10 +2269,10 @@ dependencies = [ "tinytemplate", "tokio", "tokio-stream", - "toml 0.5.11", - "tough 0.14.0", - "tough-kms 0.6.0", - "tough-ssm 0.9.0", + "toml 0.8.0", + "tough", + "tough-kms", + "tough-ssm", "update-metadata", "url", ] @@ -2776,7 +2289,7 @@ dependencies = [ "serde", "serde_yaml 0.9.25", "snafu", - "toml 0.5.11", + "toml 0.8.0", "url", ] @@ -2799,16 +2312,16 @@ dependencies = [ [[package]] name = "quanta" -version = "0.9.3" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20afe714292d5e879d8b12740aa223c6a88f118af41870e8b6196e39a02238a8" +checksum = "a17e662a7a8291a865152364c20c7abc5e60486ab2001e8ec10b24862de0b9ab" dependencies = [ "crossbeam-utils", "libc", - "mach", + "mach2", "once_cell", "raw-cpuid", - "wasi 0.10.2+wasi-snapshot-preview1", + "wasi", "web-sys", "winapi", ] @@ -3520,14 +3033,14 @@ name = "testsys" version = "0.1.0" dependencies = [ "async-trait", - "aws-config 0.55.3", + "aws-config", "aws-sdk-ec2", - "base64 0.20.0", + "base64 0.21.4", "bottlerocket-types", "bottlerocket-variant", "clap 4.4.3", "env_logger", - "fastrand 1.9.0", + "fastrand 2.0.0", "futures", "handlebars", "log", @@ -3791,7 +3304,19 @@ dependencies = [ "serde", "serde_spanned", "toml_datetime", - "toml_edit", + "toml_edit 0.19.15", +] + +[[package]] +name = "toml" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c226a7bba6d859b63c92c4b4fe69c5b6b72d0cb897dbc8e6012298e6154cb56e" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit 0.20.0", ] [[package]] @@ -3817,38 +3342,24 @@ dependencies = [ ] [[package]] -name = "topological-sort" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea68304e134ecd095ac6c3574494fc62b909f416c4fca77e440530221e549d3d" - -[[package]] -name = "tough" -version = "0.13.0" +name = "toml_edit" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c259b2bd13fdff3305a5a92b45befb1adb315d664612c8991be57fb6a83dc126" +checksum = "8ff63e60a958cefbb518ae1fd6566af80d9d4be430a33f3723dfc47d1d411d95" dependencies = [ - "chrono", - "dyn-clone", - "globset", - "hex", - "log", - "olpc-cjson", - "path-absolutize", - "pem", - "percent-encoding", - "reqwest", - "ring", + "indexmap 2.0.0", "serde", - "serde_json", - "serde_plain", - "snafu", - "tempfile", - "untrusted", - "url", - "walkdir", + "serde_spanned", + "toml_datetime", + "winnow", ] +[[package]] +name = "topological-sort" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea68304e134ecd095ac6c3574494fc62b909f416c4fca77e440530221e549d3d" + [[package]] name = "tough" version = "0.14.0" @@ -3876,49 +3387,19 @@ dependencies = [ "walkdir", ] -[[package]] -name = "tough-kms" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72673807e50c73071b1f522f1fc53410bb66ae9958d572e70e6581af35beaa90" -dependencies = [ - "aws-config 0.54.1", - "aws-sdk-kms 0.24.0", - "pem", - "ring", - "snafu", - "tokio", - "tough 0.13.0", -] - [[package]] name = "tough-kms" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cc49c1a5300e54484604162ec78417fc39306f0c9e2c98166df3ebfa203d6800" dependencies = [ - "aws-config 0.55.3", - "aws-sdk-kms 0.28.0", + "aws-config", + "aws-sdk-kms", "pem", "ring", "snafu", "tokio", - "tough 0.14.0", -] - -[[package]] -name = "tough-ssm" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f66050278d78786eae031e26d0d290be173da16bda6cf613546a8ec70df13e2" -dependencies = [ - "aws-config 0.54.1", - "aws-sdk-ssm 0.24.0", - "serde", - "serde_json", - "snafu", - "tokio", - "tough 0.13.0", + "tough", ] [[package]] @@ -3927,11 +3408,11 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bcf4932265842607b42840e65f3fde9dde2834eaa97209b994d6c1a7ff9f3fd7" dependencies = [ - "aws-config 0.55.3", - "aws-sdk-ssm 0.28.0", + "aws-config", + "aws-sdk-ssm", "snafu", "tokio", - "tough 0.14.0", + "tough", ] [[package]] @@ -4034,20 +3515,19 @@ checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" [[package]] name = "tuftool" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03ea883fbc5923a59fd28ea9e0ad11c8899827de27837676fcfc5a427e91de51" +checksum = "659f5ef4d8b3f2ef48f73df042820dc19e66b375aeca341aa1e8f0b1b989a134" dependencies = [ - "aws-config 0.54.1", - "aws-sdk-kms 0.24.0", - "aws-sdk-ssm 0.24.0", + "aws-config", + "aws-sdk-kms", + "aws-sdk-ssm", "chrono", "clap 3.2.25", "hex", "log", "maplit", "olpc-cjson", - "pem", "rayon", "reqwest", "ring", @@ -4056,10 +3536,9 @@ dependencies = [ "simplelog", "snafu", "tempfile", - "tokio", - "tough 0.13.0", - "tough-kms 0.5.0", - "tough-ssm 0.8.0", + "tough", + "tough-kms", + "tough-ssm", "url", "walkdir", ] @@ -4104,7 +3583,7 @@ dependencies = [ "tempfile", "testsys", "tokio", - "toml 0.7.8", + "toml 0.8.0", "tuftool", "uuid", ] @@ -4178,7 +3657,7 @@ dependencies = [ "serde_json", "serde_plain", "snafu", - "toml 0.5.11", + "toml 0.8.0", ] [[package]] @@ -4251,12 +3730,6 @@ dependencies = [ "try-lock", ] -[[package]] -name = "wasi" -version = "0.10.2+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" - [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" diff --git a/Cargo.toml b/Cargo.toml index 1aca2af1e..58fbb9244 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,7 +5,6 @@ members = [ "tools/bottlerocket-variant", "tools/buildsys", "tools/generate-readme", - "tools/infrasys", "tools/parse-datetime", "tools/pubsys", "tools/pubsys-config", diff --git a/Makefile b/Makefile index 7e281b4a3..5e5b46f95 100644 --- a/Makefile +++ b/Makefile @@ -4,3 +4,26 @@ design: ## render design diagrams ./docs/design/bin/render-plantuml.sh \ ./docs/design/diagrams/build-sequence.plantuml \ ./docs/design/diagrams/build-sequence.svg + +.PHONY: deny +deny: + cargo deny --no-default-features check licenses bans sources + +.PHONY: clippy +clippy: + cargo clippy --locked -- -D warnings --no-deps + +.PHONY: fmt +fmt: + cargo fmt --check + +.PHONY: test +test: + cargo test --release --locked + +.PHONY: check +check: fmt clippy test + +.PHONY: build +build: check + cargo build --release --locked diff --git a/deny.toml b/deny.toml index 584d80be9..03fe3b02e 100644 --- a/deny.toml +++ b/deny.toml @@ -71,14 +71,18 @@ skip = [ { name = "bitflags", version = "=1.3" }, # several dependencies are using an old version of serde_yaml { name = "serde_yaml", version = "=0.8" }, - # governor uses an old version of wasi - { name = "wasi", version = "=0.10.2" }, # aws-sdk-rust is using an old version of fastrand { name = "fastrand", version = "=1.9" }, + # tuftool is using an old clap (v3) which is using old hermit-abi + { name = "hermit-abi", version = "0.1" }, # aws-sdk-rust is using an old version of rustls, hyper-rustls, and tokio-rustls { name = "rustls", version = "=0.20" }, { name = "hyper-rustls", version = "=0.23" }, { name = "tokio-rustls", version = "=0.23" }, + # hyper and tokio are using different versions of socket2 + { name = "socket2", version = "0.4" }, + # Testsys is using a feature of TOML 0.5 that has been removed in subsequent versions. + { name = "toml", version = "0.5" }, # kube-client uses an old version of redox_syscall { name = "redox_syscall", version = "=0.2" }, ] @@ -89,7 +93,7 @@ skip-tree = [ # dependency tree because windows-sys has many sub-crates # that differ in major version. { name = "windows-sys" }, - # generate-readme uses an old version of clap and other dependencies + # tuftool uses an old version of clap and other dependencies { name = "generate-readme", version = "0.1.0" } ] diff --git a/tools/buildsys/Cargo.toml b/tools/buildsys/Cargo.toml index 8fbd0dc74..0e360e45d 100644 --- a/tools/buildsys/Cargo.toml +++ b/tools/buildsys/Cargo.toml @@ -20,7 +20,7 @@ serde = { version = "1", features = ["derive"] } serde_plain = "1" sha2 = "0.10" snafu = "0.7" -toml = "0.5" +toml = "0.8" url = { version = "2", features = ["serde"] } walkdir = "2" nonzero_ext = "0.3" diff --git a/tools/infrasys/Cargo.toml b/tools/infrasys/Cargo.toml deleted file mode 100644 index 8579f62ee..000000000 --- a/tools/infrasys/Cargo.toml +++ /dev/null @@ -1,29 +0,0 @@ -[package] -name = "infrasys" -version = "0.1.0" -license = "Apache-2.0 OR MIT" -authors = ["Aashna Sheth "] -edition = "2021" -publish = false - -[dependencies] -async-trait = "0.1" -clap = { version = "4", features = ["derive"] } -hex = "0.4" -log = "0.4" -pubsys-config = { path = "../pubsys-config/", version = "0.1" } -aws-config = "0.55" -aws-types = "0.55" -aws-sdk-cloudformation = "0.28" -aws-sdk-s3 = "0.28" -serde_json = "1" -serde_yaml = "0.9" -sha2 = "0.10" -shell-words = "1" -simplelog = "0.12" -snafu = "0.7" -tokio = { version = "1", default-features = false, features = ["macros", "rt-multi-thread"] } -url = "2" - -[dev-dependencies] -assert-json-diff = "2" diff --git a/tools/infrasys/cloudformation-templates/kms_key_setup.yml b/tools/infrasys/cloudformation-templates/kms_key_setup.yml deleted file mode 100644 index 385174526..000000000 --- a/tools/infrasys/cloudformation-templates/kms_key_setup.yml +++ /dev/null @@ -1,30 +0,0 @@ -Parameters: - Alias: - Description: "Required. Alias for KMS key to be created" - Type: String - -Resources: - KMSKey: - Type: AWS::KMS::Key - Properties: - KeySpec: RSA_3072 - KeyUsage: SIGN_VERIFY - KeyPolicy: - Statement: - - Effect: Allow - Principal: - AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root" - Action: "kms:*" - Resource: "*" - - KMSKeyAlias: - Type: AWS::KMS::Alias - DependsOn: - - KMSKey - Properties: - AliasName: !Sub "alias/${Alias}" - TargetKeyId: !Ref KMSKey - -Outputs: - KeyId: - Value: !GetAtt KMSKey.Arn diff --git a/tools/infrasys/cloudformation-templates/s3_setup.yml b/tools/infrasys/cloudformation-templates/s3_setup.yml deleted file mode 100644 index 31b4e9fe3..000000000 --- a/tools/infrasys/cloudformation-templates/s3_setup.yml +++ /dev/null @@ -1,25 +0,0 @@ -Resources: - TUFRepoBucket: - Type: AWS::S3::Bucket - DeletionPolicy: Retain - Properties: - VersioningConfiguration: - Status: Enabled - AccessControl: LogDeliveryWrite - MetricsConfigurations: - - Id: BucketMetrics - BucketEncryption: - ServerSideEncryptionConfiguration: - - ServerSideEncryptionByDefault: - SSEAlgorithm: AES256 - PublicAccessBlockConfiguration: - BlockPublicAcls: True - BlockPublicPolicy: True - IgnorePublicAcls: True - RestrictPublicBuckets: True - -Outputs: - BucketName: - Value: !Ref TUFRepoBucket - RDN: - Value: !GetAtt TUFRepoBucket.RegionalDomainName diff --git a/tools/infrasys/src/error.rs b/tools/infrasys/src/error.rs deleted file mode 100644 index 1a3b668b1..000000000 --- a/tools/infrasys/src/error.rs +++ /dev/null @@ -1,169 +0,0 @@ -use aws_sdk_s3::error::SdkError; -use snafu::Snafu; -use std::io; -use std::path::PathBuf; - -#[derive(Debug, Snafu)] -#[snafu(visibility(pub(super)))] -pub enum Error { - #[snafu(display( - "Failed to create CFN stack '{}' in '{}': {}", - stack_name, - region, - source - ))] - CreateStack { - stack_name: String, - region: String, - source: SdkError, - }, - - #[snafu(display( - "Received CREATE_FAILED status for CFN stack '{}' in '{}'", - stack_name, - region - ))] - CreateStackFailure { stack_name: String, region: String }, - - #[snafu(display("Error splitting shell command '{}': {}", command, source))] - CommandSplit { - command: String, - source: shell_words::ParseError, - }, - - #[snafu(display("Error reading Infra.toml: {}", source))] - Config { source: pubsys_config::Error }, - - #[snafu(display( - "Stuck in indefinite CREATE_IN_PROGRESS loop for CFN stack '{}' in '{}'", - stack_name, - region - ))] - CreateStackTimeout { stack_name: String, region: String }, - - #[snafu(display("No stack data returned for CFN stack '{}' in {}", stack_name, region))] - MissingStack { stack_name: String, region: String }, - - #[snafu(display( - "Failed to fetch stack details for CFN stack '{}' in '{}': {}", - stack_name, - region, - source - ))] - DescribeStack { - stack_name: String, - region: String, - source: SdkError, - }, - - #[snafu(display("Missing environment variable '{}'", var))] - Environment { - var: String, - source: std::env::VarError, - }, - - #[snafu(display("File already exists at '{}'", path.display()))] - FileExists { path: PathBuf }, - - #[snafu(display("Failed to open file at '{}': {}", path.display(), source))] - FileOpen { path: PathBuf, source: io::Error }, - - #[snafu(display("Failed to read file at '{}': {}", path.display(), source))] - FileRead { path: PathBuf, source: io::Error }, - - #[snafu(display("Failed to write file at '{}': {}", path.display(), source))] - FileWrite { path: PathBuf, source: io::Error }, - - #[snafu(display("Failed to get bucket policy statement for bucket '{}'", bucket_name))] - GetPolicyStatement { bucket_name: String }, - - #[snafu(display("Failed to convert '{}' to yaml: {}", what, source))] - InvalidJson { - what: String, - source: serde_json::Error, - }, - - #[snafu(display("Invalid path '{}' for '{}'", path.display(), thing))] - InvalidPath { path: PathBuf, thing: String }, - - #[snafu(display("Publication/Root key threshold must be <= {}, currently {}", num_keys.to_string(), threshold))] - InvalidThreshold { threshold: String, num_keys: usize }, - - #[snafu(display("Failed to convert updated Infra.toml information to yaml: {}", source))] - InvalidYaml { source: serde_yaml::Error }, - - #[snafu(display( - "Failed to create keys due to invalid key config. Missing '{}'.", - missing - ))] - KeyConfig { missing: String }, - - #[snafu(display( - "Failed to create new keys or access pre-existing keys in available_keys list." - ))] - KeyCreation, - - #[snafu(display("Logger setup error: {}", source))] - Logger { source: log::SetLoggerError }, - - #[snafu(display("Infra.toml is missing '{}'", missing))] - MissingConfig { missing: String }, - - #[snafu(display("Failed to create directory '{}': {}", path.display(), source))] - Mkdir { path: PathBuf, source: io::Error }, - - #[snafu(display("Failed to get parent of path '{}'", path.display()))] - Parent { path: PathBuf }, - - #[snafu(display("Failed to parse '{}' to int: {}", what, source))] - ParseInt { - what: String, - source: std::num::ParseIntError, - }, - - #[snafu(display("Failed to find default region"))] - DefaultRegion, - - #[snafu(display("Unable to parse stack status"))] - ParseStatus, - - #[snafu(display( - "Failed to find field '{}' after attempting to create resource '{}'", - what, - resource_name - ))] - ParseResponse { what: String, resource_name: String }, - - #[snafu(display("Failed to convert '{}' to URL: {}", input, source))] - ParseUrl { - input: String, - source: url::ParseError, - }, - - #[snafu(display("Failed to push object to bucket '{}': {}", bucket_name, source))] - PutObject { - bucket_name: String, - source: SdkError, - }, - - #[snafu(display( - "Failed to update bucket policy for bucket '{}': {}", - bucket_name, - source - ))] - PutPolicy { - bucket_name: String, - source: SdkError, - }, - - #[snafu(display("Failed to create async runtime: {}", source))] - Runtime { source: std::io::Error }, - - #[snafu(display("'tuftool {}' returned {}", command, code))] - TuftoolResult { command: String, code: String }, - - #[snafu(display("Failed to start tuftool: {}", source))] - TuftoolSpawn { source: io::Error }, -} - -pub type Result = std::result::Result; diff --git a/tools/infrasys/src/keys.rs b/tools/infrasys/src/keys.rs deleted file mode 100644 index a00283c25..000000000 --- a/tools/infrasys/src/keys.rs +++ /dev/null @@ -1,150 +0,0 @@ -use async_trait::async_trait; -use aws_sdk_cloudformation::Client as CloudFormationClient; -use aws_types::region::Region; -use pubsys_config::{KMSKeyConfig, SigningKeyConfig}; -use snafu::{OptionExt, ResultExt}; -use std::fs; - -use super::{error, shared, Result}; - -/// Creates keys using data stored in SigningKeyConfig enum -/// Output: Edits KMSConfig fields in place after creating new keys -pub async fn create_keys(signing_key_config: &mut SigningKeyConfig) -> Result<()> { - // An extra check even through these parameters are checked earlier in main.rs - check_signing_key_config(signing_key_config)?; - match signing_key_config { - SigningKeyConfig::file { .. } => (), - SigningKeyConfig::kms { config, .. } => { - config - .as_mut() - .context(error::MissingConfigSnafu { - missing: "config field for a kms key", - })? - .create_kms_keys() - .await?; - } - SigningKeyConfig::ssm { .. } => (), - } - Ok(()) -} - -pub fn check_signing_key_config(signing_key_config: &SigningKeyConfig) -> Result<()> { - match signing_key_config { - SigningKeyConfig::file { .. } => (), - SigningKeyConfig::kms { config, .. } => { - let config = config.as_ref().context(error::MissingConfigSnafu { - missing: "config field for kms keys", - })?; - - match ( - config.available_keys.is_empty(), - config.regions.is_empty(), - config.key_alias.as_ref(), - ) { - // everything is unspecified (no way to allocate a key_id) - (true, true, None) => error::KeyConfigSnafu { - missing: "an available_key or region/key_alias", - } - .fail()?, - // regions is populated, but no key alias - // (it doesn't matter if available keys are listed or not) - (_, false, None) => error::KeyConfigSnafu { - missing: "key_alias", - } - .fail()?, - // key alias is populated, but no key regions to create keys in - // (it doesn't matter if available keys are listed or not) - (_, true, Some(..)) => error::KeyConfigSnafu { missing: "region" }.fail()?, - _ => (), - }; - } - SigningKeyConfig::ssm { .. } => (), - } - Ok(()) -} - -/// Must create a trait because can't directly implement a method for an struct in an -/// external crate like KMSKeyConfig (which lives in pubsys-config/lib.rs) -#[async_trait] -trait KMSKeyConfigExt { - async fn create_kms_keys(&mut self) -> Result<()>; -} - -/// Creates new KMS keys using cloudformation in regions specified -/// Input Conditions: Alias+Region or AvailableKeys must be specified -/// Output: Populates KMSKeyConfig with information about resources created -/// 'available-keys' starts as a map of pre-existing keyids:regions and will end as a -/// map of pre-existing and generated keyids:regions, -/// 'key-stack-arns' starts empty and will end as a -/// map of keyids:stackarn if new keys are created -#[async_trait] -impl KMSKeyConfigExt for KMSKeyConfig { - async fn create_kms_keys(&mut self) -> Result<()> { - // Generating new keys (if regions is non-empty) - for region in self.regions.iter() { - let stack_name = format!( - "TUF-KMS-{}", - self.key_alias.as_ref().context(error::KeyConfigSnafu { - missing: "key_alias", - })? - ); - - let config = aws_config::from_env() - .region(Region::new(region.to_owned())) - .load() - .await; - let cfn_client = CloudFormationClient::new(&config); - - let cfn_filepath = format!( - "{}/infrasys/cloudformation-templates/kms_key_setup.yml", - shared::getenv("BUILDSYS_TOOLS_DIR")? - ); - let cfn_template = fs::read_to_string(&cfn_filepath) - .context(error::FileReadSnafu { path: cfn_filepath })?; - - let stack_result = cfn_client - .create_stack() - .parameters(shared::create_parameter( - "Alias".to_string(), - self.key_alias - .as_ref() - .context(error::KeyConfigSnafu { - missing: "key_alias", - })? - .to_string(), - )) - .stack_name(stack_name.clone()) - .template_body(cfn_template.clone()) - .send() - .await - .context(error::CreateStackSnafu { - stack_name: &stack_name, - region, - })?; - - let stack_arn = stack_result - .clone() - .stack_id - .context(error::ParseResponseSnafu { - what: "stack_id", - resource_name: &stack_name, - })?; - - let output_array = shared::get_stack_outputs(&cfn_client, &stack_name, region).await?; - let key_id = - output_array[0] - .output_value - .as_ref() - .context(error::ParseResponseSnafu { - what: "outputs[0].output_value (key id)", - resource_name: stack_name, - })?; - self.available_keys - .insert(key_id.to_string(), region.to_string()); - self.key_stack_arns - .insert(key_id.to_string(), stack_arn.to_string()); - } - - Ok(()) - } -} diff --git a/tools/infrasys/src/main.rs b/tools/infrasys/src/main.rs deleted file mode 100644 index 7fa8ce815..000000000 --- a/tools/infrasys/src/main.rs +++ /dev/null @@ -1,361 +0,0 @@ -mod error; -mod keys; -mod root; -mod s3; -mod shared; - -use aws_sdk_cloudformation::config::Region; -use clap::Parser; -use error::Result; -use log::{error, info}; -use pubsys_config::{InfraConfig, RepoConfig, S3Config, SigningKeyConfig}; -use sha2::{Digest, Sha512}; -use shared::KeyRole; -use simplelog::{CombinedLogger, Config as LogConfig, ConfigBuilder, LevelFilter, SimpleLogger}; -use snafu::{ensure, OptionExt, ResultExt}; -use std::collections::HashMap; -use std::num::NonZeroUsize; -use std::path::{Path, PathBuf}; -use std::{fs, process}; -use tokio::runtime::Runtime; -use url::Url; - -// =^..^= =^..^= =^..^= SUB-COMMAND STRUCTS =^..^= =^..^= =^..^= - -#[derive(Debug, Parser)] -struct Args { - #[arg(global = true, long, default_value = "INFO")] - log_level: LevelFilter, - - // Path to Infra.toml (NOTE: must be specified before subcommand) - #[arg(long)] - infra_config_path: PathBuf, - - #[command(subcommand)] - subcommand: SubCommand, -} - -#[derive(Debug, Parser)] -struct CreateInfraArgs { - /// Path to the root.json file. - #[arg(long)] - root_role_path: PathBuf, -} - -#[derive(Debug, Parser)] -enum SubCommand { - /// Creates infrastructure specified in the Infra.toml file. - CreateInfra(CreateInfraArgs), -} - -// =^..^= =^..^= =^..^= MAIN METHODS =^..^= =^..^= =^..^= - -fn main() { - if let Err(e) = run() { - eprintln!("{}", e); - process::exit(1); - } -} - -fn run() -> Result<()> { - // Parse and store the args passed to the program - let args = Args::parse(); - - match args.log_level { - // Set log level for AWS SDK to error to reduce verbosity. - LevelFilter::Info => { - CombinedLogger::init(vec![ - SimpleLogger::new( - LevelFilter::Info, - ConfigBuilder::new() - .add_filter_ignore_str("aws_config") - .add_filter_ignore_str("aws_smithy") - .add_filter_ignore_str("tracing::span") - .build(), - ), - SimpleLogger::new( - LevelFilter::Warn, - ConfigBuilder::new() - .add_filter_allow_str("aws_config") - .add_filter_allow_str("aws_smithy") - .add_filter_allow_str("tracing::span") - .build(), - ), - ]) - .context(error::LoggerSnafu)?; - } - - // Set the supplied log level across the whole crate. - _ => { - SimpleLogger::init(args.log_level, LogConfig::default()).context(error::LoggerSnafu)? - } - } - - match args.subcommand { - SubCommand::CreateInfra(ref run_task_args) => { - let rt = Runtime::new().context(error::RuntimeSnafu)?; - rt.block_on(async { - create_infra(&args.infra_config_path, &run_task_args.root_role_path).await - }) - } - } -} - -fn check_infra_lock(toml_path: &Path) -> Result<()> { - let lock_path = InfraConfig::compute_lock_path(toml_path).context(error::ConfigSnafu)?; - - ensure!(!lock_path.is_file(), { - error!( - "It looks like you've already created some resources for your custom TUF repository because a lock file exists at '{}'. - \nPlease clean up your TUF resources in AWS, delete Infra.lock, and run again.", - lock_path.display() - ); - error::FileExistsSnafu { path: lock_path } - }); - Ok(()) -} - -/// Automates setting up infrastructure for a custom TUF repo -async fn create_infra(toml_path: &Path, root_role_path: &Path) -> Result<()> { - check_infra_lock(toml_path)?; - info!("Parsing Infra.toml..."); - let mut infra_config = InfraConfig::from_path(toml_path).context(error::ConfigSnafu)?; - let repos = infra_config - .repo - .as_mut() - .context(error::MissingConfigSnafu { missing: "repo" })?; - let s3_info_map = infra_config - .aws - .as_mut() - .context(error::MissingConfigSnafu { missing: "aws" })? - .s3 - .as_mut() - .context(error::MissingConfigSnafu { missing: "aws.s3" })?; - - for (repo_name, repo_config) in repos.iter_mut() { - // Validate repo_config and unwrap required optional data - let mut repo_info = ValidRepoInfo::new(repo_config, repo_name, s3_info_map)?; - - // Validate the key configurations and root file - keys::check_signing_key_config(repo_info.signing_keys)?; - keys::check_signing_key_config(repo_info.root_keys)?; - root::check_root(root_role_path)?; - - // Create the repo - let (s3_stack_arn, bucket_name, bucket_rdn) = - create_repo_infrastructure(&mut repo_info).await?; - *repo_info.stack_arn = Some(s3_stack_arn); - *repo_info.bucket_name = Some(bucket_name.clone()); - update_root_and_sign_root(&mut repo_info, root_role_path).await?; - - // Upload root.json. - info!("Uploading root.json to S3 bucket..."); - s3::upload_file( - &repo_info.s3_region, - &bucket_name, - &repo_info.prefix, - root_role_path, - ) - .await?; - - // Update infra_config with output parameters if not already set - if repo_info.metadata_base_url.is_none() { - *repo_info.metadata_base_url = Some( - Url::parse(format!("https://{}{}/", &bucket_rdn, &repo_info.prefix).as_str()) - .context(error::ParseUrlSnafu { input: &bucket_rdn })?, - ); - } - if repo_info.targets_url.is_none() { - *repo_info.targets_url = Some( - Url::parse( - format!("https://{}{}/targets/", &bucket_rdn, &repo_info.prefix).as_str(), - ) - .context(error::ParseUrlSnafu { input: &bucket_rdn })?, - ); - } - if repo_info.root_role_url.is_none() { - *repo_info.root_role_url = Some( - Url::parse( - format!("https://{}{}/root.json", &bucket_rdn, &repo_info.prefix).as_str(), - ) - .context(error::ParseUrlSnafu { input: &bucket_rdn })?, - ); - } - let root_role_data = fs::read_to_string(root_role_path).context(error::FileReadSnafu { - path: root_role_path, - })?; - let mut d = Sha512::new(); - d.update(&root_role_data); - let digest = hex::encode(d.finalize()); - repo_config.root_role_sha512 = Some(digest); - } - - // Generate Infra.lock - info!("Writing Infra.lock..."); - let yaml_string = serde_yaml::to_string(&infra_config).context(error::InvalidYamlSnafu)?; - fs::write( - toml_path - .parent() - .context(error::ParentSnafu { path: toml_path })? - .join("Infra.lock"), - yaml_string, - ) - .context(error::FileWriteSnafu { path: toml_path })?; - - info!("Complete!"); - Ok(()) -} - -struct ValidRepoInfo<'a> { - bucket_name: &'a mut Option, - metadata_base_url: &'a mut Option, - prefix: String, - pub_key_threshold: &'a NonZeroUsize, - root_key_threshold: &'a NonZeroUsize, - root_keys: &'a mut SigningKeyConfig, - root_role_url: &'a mut Option, - s3_region: Region, - s3_stack_name: String, - signing_keys: &'a mut SigningKeyConfig, - stack_arn: &'a mut Option, - targets_url: &'a mut Option, - vpce_id: &'a String, -} - -impl<'a> ValidRepoInfo<'a> { - fn new( - repo_config: &'a mut RepoConfig, - repo_name: &str, - s3_info_map: &'a mut HashMap, - ) -> Result { - let s3_stack_name = - repo_config - .file_hosting_config_name - .to_owned() - .context(error::MissingConfigSnafu { - missing: "file_hosting_config_name", - })?; - let s3_info = s3_info_map - .get_mut(&s3_stack_name) - .context(error::MissingConfigSnafu { - missing: format!("aws.s3 config with name {}", s3_stack_name), - })?; - Ok(ValidRepoInfo { - s3_stack_name: s3_stack_name.to_string(), - s3_region: Region::new(s3_info.region.as_ref().cloned().context( - error::MissingConfigSnafu { - missing: format!("region for '{}' s3 config", s3_stack_name), - }, - )?), - bucket_name: &mut s3_info.bucket_name, - stack_arn: &mut s3_info.stack_arn, - vpce_id: s3_info - .vpc_endpoint_id - .as_ref() - .context(error::MissingConfigSnafu { - missing: format!("vpc_endpoint_id for '{}' s3 config", s3_stack_name), - })?, - prefix: s3::format_prefix(&s3_info.s3_prefix), - signing_keys: repo_config - .signing_keys - .as_mut() - .context(error::MissingConfigSnafu { - missing: format!("signing_keys for '{}' repo config", repo_name), - })?, - root_keys: repo_config - .root_keys - .as_mut() - .context(error::MissingConfigSnafu { - missing: format!("root_keys for '{}' repo config", repo_name), - })?, - root_key_threshold: repo_config.root_key_threshold.as_mut().context( - error::MissingConfigSnafu { - missing: format!("root_key_threshold for '{}' repo config", repo_name), - }, - )?, - pub_key_threshold: repo_config.pub_key_threshold.as_ref().context( - error::MissingConfigSnafu { - missing: format!("pub_key_threshold for '{}' repo config", repo_name), - }, - )?, - root_role_url: &mut repo_config.root_role_url, - targets_url: &mut repo_config.targets_url, - metadata_base_url: &mut repo_config.metadata_base_url, - }) - } -} - -async fn create_repo_infrastructure( - repo_info: &'_ mut ValidRepoInfo<'_>, -) -> Result<(String, String, String)> { - // Create S3 bucket - info!("Creating S3 bucket..."); - let (s3_stack_arn, bucket_name, bucket_rdn) = - s3::create_s3_bucket(&repo_info.s3_region, &repo_info.s3_stack_name).await?; - - // Add Bucket Policy to newly created bucket - s3::add_bucket_policy( - &repo_info.s3_region, - &bucket_name, - &repo_info.prefix, - repo_info.vpce_id, - ) - .await?; - - // Create root + publication keys - info!("Creating KMS Keys..."); - keys::create_keys(repo_info.signing_keys).await?; - keys::create_keys(repo_info.root_keys).await?; - Ok((s3_stack_arn, bucket_name, bucket_rdn)) -} - -async fn update_root_and_sign_root( - repo_info: &'_ mut ValidRepoInfo<'_>, - root_role_path: &Path, -) -> Result<()> { - // Create and populate (add/sign) root.json - info!("Creating and signing root.json..."); - root::create_root(root_role_path)?; - // Add keys (for both roles) - root::add_keys( - repo_info.signing_keys, - &KeyRole::Publication, - repo_info.pub_key_threshold, - &root_role_path.display().to_string(), - )?; - root::add_keys( - repo_info.root_keys, - &KeyRole::Root, - repo_info.root_key_threshold, - &root_role_path.display().to_string(), - )?; - // Sign root with all root keys - root::sign_root(repo_info.root_keys, &root_role_path.display().to_string())?; - Ok(()) -} - -// =^..^= =^..^= =^..^= TESTS =^..^= =^..^= =^..^= - -#[cfg(test)] -mod tests { - use super::{fs, shared, InfraConfig}; - - #[test] - fn toml_yaml_conversion() { - let test_toml_path = format!( - "{}/test_tomls/toml_yaml_conversion.toml", - shared::getenv("CARGO_MANIFEST_DIR").unwrap() - ); - let toml_struct = InfraConfig::from_path(&test_toml_path).unwrap(); - let yaml_string = serde_yaml::to_string(&toml_struct).expect("Could not write to file!"); - - let test_yaml_path = format!( - "{}/test_tomls/toml_yaml_conversion.yml", - shared::getenv("CARGO_MANIFEST_DIR").unwrap() - ); - fs::write(&test_yaml_path, &yaml_string).expect("Could not write to file!"); - let decoded_yaml = InfraConfig::from_lock_path(&test_yaml_path).unwrap(); - - assert_eq!(toml_struct, decoded_yaml); - } -} diff --git a/tools/infrasys/src/root.rs b/tools/infrasys/src/root.rs deleted file mode 100644 index bd0c61083..000000000 --- a/tools/infrasys/src/root.rs +++ /dev/null @@ -1,206 +0,0 @@ -use super::{error, KeyRole, Result}; -use aws_config::meta::region::RegionProviderChain; -use log::{trace, warn}; -use pubsys_config::SigningKeyConfig; -use snafu::{ensure, OptionExt, ResultExt}; -use std::collections::HashMap; -use std::fs; -use std::num::NonZeroUsize; -use std::path::Path; -use std::process::Command; - -/// The tuftool macro wraps Command to simplify calls to tuftool, adding region functionality. -macro_rules! tuftool { - ($region:expr, $format_str:expr, $($format_arg:expr),*) => { - let arg_str = format!($format_str, $($format_arg),*); - trace!("tuftool arg string: {}", arg_str); - let args = shell_words::split(&arg_str).context(error::CommandSplitSnafu { command: &arg_str })?; - trace!("tuftool split args: {:#?}", args); - - let status = Command::new("tuftool") - .args(args) - .env("AWS_REGION", $region) - .status() - .context(error::TuftoolSpawnSnafu)?; - - ensure!(status.success(), error::TuftoolResultSnafu { - command: arg_str, - code: status.code().map(|i| i.to_string()).unwrap_or_else(|| "".to_string()) - }); - } -} - -pub fn check_root(root_role_path: &Path) -> Result<()> { - ensure!(!root_role_path.is_file(), { - warn!("Cowardly refusing to overwrite the existing root.json at {}. Please manually delete it and run again.", root_role_path.display()); - error::FileExistsSnafu { - path: root_role_path, - } - }); - Ok(()) -} -pub fn get_region() -> Result { - let rt = tokio::runtime::Runtime::new().context(error::RuntimeSnafu)?; - rt.block_on(async { async_get_region().await }) -} - -async fn async_get_region() -> Result { - let default_region_fallback = "us-east-1"; - let default_region = RegionProviderChain::default_provider() - .or_else(default_region_fallback) - .region() - .await - .context(error::DefaultRegionSnafu)? - .to_string(); - Ok(default_region) -} - -/// Creates the directory where root.json will live and creates root.json itself according to details specified in root-role-path -pub fn create_root(root_role_path: &Path) -> Result<()> { - // Make /roles and /keys directories, if they don't exist, so we can write generated files. - let role_dir = root_role_path.parent().context(error::InvalidPathSnafu { - path: root_role_path, - thing: "root role", - })?; - fs::create_dir_all(role_dir).context(error::MkdirSnafu { path: role_dir })?; - let default_region = get_region()?; - - // Initialize root - tuftool!(&default_region, "root init '{}'", root_role_path.display()); - tuftool!( - &default_region, - // TODO: expose expiration date as a configurable parameter - "root expire '{}' 'in 52 weeks'", - root_role_path.display() - ); - Ok(()) -} - -/// Adds keys to root.json according to key type -pub fn add_keys( - signing_key_config: &mut SigningKeyConfig, - role: &KeyRole, - threshold: &NonZeroUsize, - filepath: &str, -) -> Result<()> { - match signing_key_config { - SigningKeyConfig::file { .. } => (), - SigningKeyConfig::kms { key_id, config, .. } => add_keys_kms( - &config - .as_ref() - .context(error::MissingConfigSnafu { - missing: "config field for a kms key", - })? - .available_keys, - role, - threshold, - filepath, - key_id, - )?, - SigningKeyConfig::ssm { .. } => (), - } - Ok(()) -} - -/// Adds KMSKeys to root.json given root or publication type -/// Input: available-keys (keys to sign with), role (root or publication), threshold for role, filepath for root.JSON, -/// mutable key_id -/// Output: in-place edit of root.json and key_id with a valid publication key -/// (If key-id is populated, it will not change. Otherwise, it will be populated with a key-id of an available key) -fn add_keys_kms( - available_keys: &HashMap, - role: &KeyRole, - threshold: &NonZeroUsize, - filepath: &str, - key_id: &mut Option, -) -> Result<()> { - ensure!( - (*available_keys).len() >= (*threshold).get(), - error::InvalidThresholdSnafu { - threshold: threshold.to_string(), - num_keys: (*available_keys).len(), - } - ); - let default_region = get_region()?; - match role { - KeyRole::Root => { - tuftool!( - &default_region, - "root set-threshold '{}' root '{}' ", - filepath, - threshold.to_string() - ); - for (keyid, region) in available_keys.iter() { - tuftool!( - region, - "root add-key '{}' aws-kms:///'{}' --role root", - filepath, - keyid - ); - } - } - KeyRole::Publication => { - tuftool!( - &default_region, - "root set-threshold '{}' snapshot '{}' ", - filepath, - threshold.to_string() - ); - tuftool!( - &default_region, - "root set-threshold '{}' targets '{}' ", - filepath, - threshold.to_string() - ); - tuftool!( - &default_region, - "root set-threshold '{}' timestamp '{}' ", - filepath, - threshold.to_string() - ); - for (keyid, region) in available_keys.iter() { - tuftool!( - region, - "root add-key '{}' aws-kms:///'{}' --role snapshot --role targets --role timestamp", - filepath, - keyid - ); - } - - // Set key_id using a publication key (if one is not already provided) - if key_id.is_none() { - *key_id = Some( - available_keys - .iter() - .next() - .context(error::KeyCreationSnafu)? - .0 - .to_string(), - ); - } - } - } - - Ok(()) -} - -/// Signs root with available_keys under root_keys (will have a different tuftool command depending on key type) -pub fn sign_root(signing_key_config: &SigningKeyConfig, filepath: &str) -> Result<()> { - match signing_key_config { - SigningKeyConfig::file { .. } => (), - SigningKeyConfig::kms { config, .. } => { - for (keyid, region) in config - .as_ref() - .context(error::MissingConfigSnafu { - missing: "KMS key details", - })? - .available_keys - .iter() - { - tuftool!(region, "root sign '{}' -k aws-kms:///'{}'", filepath, keyid); - } - } - SigningKeyConfig::ssm { .. } => (), - } - Ok(()) -} diff --git a/tools/infrasys/src/s3.rs b/tools/infrasys/src/s3.rs deleted file mode 100644 index 6fc9c8047..000000000 --- a/tools/infrasys/src/s3.rs +++ /dev/null @@ -1,369 +0,0 @@ -use aws_sdk_cloudformation::{config::Region, Client as CloudFormationClient}; -use aws_sdk_s3::Client as S3Client; -use snafu::{OptionExt, ResultExt}; -use std::fs; -use std::fs::File; -use std::io::prelude::*; -use std::path::{Path, PathBuf}; - -use super::{error, shared, Result}; - -pub fn format_prefix(prefix: &str) -> String { - if prefix.is_empty() { - return prefix.to_string(); - } - let formatted = { - if prefix.starts_with('/') { - prefix.to_string() - } else { - format!("/{}", prefix) - } - }; - if formatted.ends_with('/') { - formatted[..formatted.len() - 1].to_string() - } else if formatted.ends_with("/*") { - formatted[..formatted.len() - 2].to_string() - } else { - formatted - } -} - -/// Creates a *private* S3 Bucket using a CloudFormation template -/// Input: The region in which the bucket will be created and the name of the bucket -/// Output: The stack_arn of the stack w/ the S3 bucket, the CFN allocated bucket name, -/// and the bucket url (for the url fields in Infra.lock) -pub async fn create_s3_bucket( - region: &Region, - stack_name: &str, -) -> Result<(String, String, String)> { - // TODO: Add support for accommodating pre-existing buckets (skip this creation process) - let config = aws_config::from_env() - .region(region.to_owned()) - .load() - .await; - let cfn_client = CloudFormationClient::new(&config); - - let cfn_filepath: PathBuf = format!( - "{}/infrasys/cloudformation-templates/s3_setup.yml", - shared::getenv("BUILDSYS_TOOLS_DIR")? - ) - .into(); - let cfn_template = - fs::read_to_string(&cfn_filepath).context(error::FileReadSnafu { path: cfn_filepath })?; - - let stack_result = cfn_client - .create_stack() - .stack_name(stack_name.to_string()) - .template_body(cfn_template.clone()) - .send() - .await - .context(error::CreateStackSnafu { - stack_name, - region: region.as_ref(), - })?; - // We don't have to wait for successful stack creation to grab the stack ARN - let stack_arn = stack_result - .clone() - .stack_id - .context(error::ParseResponseSnafu { - what: "stack_id", - resource_name: stack_name, - })?; - - // Grab the StackOutputs to get the Bucketname and BucketURL - let output_array = shared::get_stack_outputs(&cfn_client, stack_name, region.as_ref()).await?; - let bucket_name = output_array[0] - .output_value - .as_ref() - .context(error::ParseResponseSnafu { - what: "outputs[0].output_value (bucket name)", - resource_name: stack_name, - })? - .to_string(); - let bucket_rdn = output_array[1] - .output_value - .as_ref() - .context(error::ParseResponseSnafu { - what: "outputs[1].output_value (bucket url)", - resource_name: stack_name, - })? - .to_string(); - - Ok((stack_arn, bucket_name, bucket_rdn)) -} - -/// Adds a BucketPolicy allowing GetObject access to a specified VPC -/// Input: Region, Name of bucket, which prefix root.json should be put under, and vpcid -/// Note that the prefix parameter must have the format "//*" and the bucket name "" -/// Output: Doesn't need to save any metadata from this action -pub async fn add_bucket_policy( - region: &Region, - bucket_name: &str, - prefix: &str, - vpcid: &str, -) -> Result<()> { - // Get old policy - let config = aws_config::from_env() - .region(region.to_owned()) - .load() - .await; - let s3_client = S3Client::new(&config); - let mut policy: serde_json::Value = match s3_client - .get_bucket_policy() - .bucket(bucket_name.to_string()) - .send() - .await - { - Ok(output) => serde_json::from_str(&output.policy.context(error::ParseResponseSnafu { - what: "policy", - resource_name: bucket_name, - })?) - .context(error::InvalidJsonSnafu { - what: format!("retrieved bucket policy for {}", &bucket_name), - })?, - - Err(..) => serde_json::from_str( - r#"{"Version": "2008-10-17", - "Statement": []}"#, - ) - .context(error::InvalidJsonSnafu { - what: format!("new bucket policy for {}", &bucket_name), - })?, - }; - - // Create a new policy - let new_bucket_policy = serde_json::from_str(&format!( - r#"{{ - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::{}{}/*", - "Condition": {{ - "StringEquals": {{ - "aws:sourceVpce": "{}" - }} - }} - }}"#, - bucket_name, prefix, vpcid - )) - .context(error::InvalidJsonSnafu { - what: format!("new bucket policy for {}", &bucket_name), - })?; - - // Append new policy onto old one - policy - .get_mut("Statement") - .context(error::GetPolicyStatementSnafu { bucket_name })? - .as_array_mut() - .context(error::GetPolicyStatementSnafu { bucket_name })? - .push(new_bucket_policy); - - // Push the new policy as a string - s3_client - .put_bucket_policy() - .bucket(bucket_name.to_string()) - .policy( - serde_json::to_string(&policy).context(error::InvalidJsonSnafu { - what: format!("new bucket policy for {}", &bucket_name), - })?, - ) - .send() - .await - .context(error::PutPolicySnafu { bucket_name })?; - - Ok(()) -} - -/// Uploads root.json to S3 Bucket (automatically creates the folder that the bucket policy was scoped to or will simply add to it) -/// Input: Region, Name of bucket, which prefix root.json should be put under, and path to the S3 bucket CFN template -/// Note that the prefix parameter must have the format "/" and the bucket name "" -/// Output: Doesn't need to save any metadata from this action -pub async fn upload_file( - region: &Region, - bucket_name: &str, - prefix: &str, - file_path: &Path, -) -> Result<()> { - let config = aws_config::from_env() - .region(region.to_owned()) - .load() - .await; - let s3_client = S3Client::new(&config); - - // File --> Bytes - let mut file = File::open(file_path).context(error::FileOpenSnafu { path: file_path })?; - let mut buffer = Vec::new(); - file.read_to_end(&mut buffer) - .context(error::FileReadSnafu { path: file_path })?; - - s3_client - .put_object() - .bucket(format!("{}{}", bucket_name, prefix)) - .key("root.json".to_string()) - .body(aws_sdk_s3::primitives::ByteStream::from(buffer)) - .send() - .await - .context(error::PutObjectSnafu { bucket_name })?; - - Ok(()) -} - -// =^..^= =^..^= =^..^= TESTS =^..^= =^..^= =^..^= - -#[cfg(test)] -mod tests { - use super::format_prefix; - use assert_json_diff::assert_json_include; - - #[test] - fn format_prefix_test() { - let valid = "/prefix"; - let missing_slash = "prefix"; - let excess_ending_1 = "/prefix/"; - let excess_ending_2 = "/prefix/*"; - let slash_and_excess_ending = "prefix/*"; - let empty = ""; - let single_slash = "/"; - - assert_eq!("/prefix", format_prefix(valid)); - assert_eq!("/prefix", format_prefix(missing_slash)); - assert_eq!("/prefix", format_prefix(excess_ending_1)); - assert_eq!("/prefix", format_prefix(excess_ending_2)); - assert_eq!("/prefix", format_prefix(slash_and_excess_ending)); - assert_eq!("", format_prefix(empty)); - assert_eq!("", format_prefix(single_slash)); - } - - #[test] - fn empty_bucket_policy() { - let mut policy: serde_json::Value = serde_json::from_str( - r#"{"Version": "2008-10-17", - "Statement": []}"#, - ) - .unwrap(); - - let new_bucket_policy = serde_json::from_str(&format!( - r#"{{ - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::{}{}/*", - "Condition": {{ - "StringEquals": {{ - "aws:sourceVpce": "{}" - }} - }} - }}"#, - "test-bucket-name", "/test-prefix", "testvpc123" - )) - .unwrap(); - - policy - .get_mut("Statement") - .unwrap() - .as_array_mut() - .unwrap() - .push(new_bucket_policy); - - let expected_policy: serde_json::Value = serde_json::from_str( - r#"{ - "Version": "2008-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*", - "Condition": { - "StringEquals": { - "aws:sourceVpce": "testvpc123" - } - } - } - ] - }"#, - ) - .unwrap(); - - assert_json_include!(expected: expected_policy, actual: &policy); - } - - #[test] - fn populated_bucket_policy() { - let mut policy: serde_json::Value = serde_json::from_str( - r#"{ - "Version": "2008-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*", - "Condition": { - "StringEquals": { - "aws:sourceVpce": "testvpc123" - } - } - } - ] - }"#, - ) - .unwrap(); - - let new_bucket_policy = serde_json::from_str(&format!( - r#"{{ - "Effect": "Deny", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::{}{}/*", - "Condition": {{ - "StringEquals": {{ - "aws:sourceVpce": "{}" - }} - }} - }}"#, - "test-bucket-name", "/test-prefix", "testvpc123" - )) - .unwrap(); - - policy - .get_mut("Statement") - .unwrap() - .as_array_mut() - .unwrap() - .push(new_bucket_policy); - - let expected_policy: serde_json::Value = serde_json::from_str( - r#"{ - "Version": "2008-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*", - "Condition": { - "StringEquals": { - "aws:sourceVpce": "testvpc123" - } - } - }, - { - "Effect": "Deny", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*", - "Condition": { - "StringEquals": { - "aws:sourceVpce": "testvpc123" - } - } - } - ] - }"#, - ) - .unwrap(); - - assert_json_include!(expected: expected_policy, actual: &policy); - } -} diff --git a/tools/infrasys/src/shared.rs b/tools/infrasys/src/shared.rs deleted file mode 100644 index a12a67703..000000000 --- a/tools/infrasys/src/shared.rs +++ /dev/null @@ -1,99 +0,0 @@ -use aws_sdk_cloudformation::types::{Output, Parameter}; -use aws_sdk_cloudformation::Client as CloudFormationClient; -use clap::Parser; -use log::info; -use snafu::{ensure, OptionExt, ResultExt}; -use std::{env, thread, time}; - -use super::{error, Result}; - -#[derive(Debug, Parser)] -pub enum KeyRole { - Root, - Publication, -} - -/// Retrieve a BUILDSYS_* variable that we expect to be set in the environment -pub fn getenv(var: &str) -> Result { - env::var(var).context(error::EnvironmentSnafu { var }) -} - -/// Generates a parameter type object used to specify parameters in CloudFormation templates -pub fn create_parameter(key: String, val: String) -> Parameter { - Parameter::builder() - .parameter_key(key) - .parameter_value(val) - .build() -} - -/// Polls cfn_client for stack_name in region until it's ready -/// Once stack is created, we can grab the outputs (before this point, outputs are empty) -pub async fn get_stack_outputs( - cfn_client: &CloudFormationClient, - stack_name: &str, - region: &str, -) -> Result> { - let mut stack_outputs = cfn_client - .describe_stacks() - .stack_name(stack_name) - .send() - .await - .context(error::DescribeStackSnafu { stack_name, region })? - .stacks - .context(error::ParseResponseSnafu { - what: "stacks", - resource_name: stack_name, - })? - .first() - .context(error::MissingStackSnafu { stack_name, region })? - .clone(); - - // Checking that keys have been created so we can return updated outputs - let mut status = stack_outputs - .stack_status() - .context(error::ParseStatusSnafu)? - .as_str(); - // Max wait is 30 mins (90 attempts * 20s = 1800s = 30mins) - let mut max_attempts: u32 = 90; - while status != "CREATE_COMPLETE" { - ensure!( - max_attempts > 0, - error::CreateStackTimeoutSnafu { stack_name, region } - ); - ensure!( - status != "CREATE_FAILED", - error::CreateStackFailureSnafu { stack_name, region } - ); - info!( - "Waiting for stack resources to be ready, current status is '{}'...", - status - ); - thread::sleep(time::Duration::from_secs(20)); - stack_outputs = cfn_client - .describe_stacks() - .stack_name(stack_name) - .send() - .await - .context(error::DescribeStackSnafu { stack_name, region })? - .stacks - .context(error::ParseResponseSnafu { - what: "stacks", - resource_name: stack_name, - })? - .first() - .context(error::MissingStackSnafu { stack_name, region })? - .clone(); - status = stack_outputs - .stack_status() - .context(error::ParseStatusSnafu)? - .as_str(); - max_attempts -= 1; - } - - let output_array = stack_outputs.outputs.context(error::ParseResponseSnafu { - what: "outputs", - resource_name: stack_name, - })?; - - Ok(output_array) -} diff --git a/tools/infrasys/test_tomls/toml_yaml_conversion.toml b/tools/infrasys/test_tomls/toml_yaml_conversion.toml deleted file mode 100644 index f2e580133..000000000 --- a/tools/infrasys/test_tomls/toml_yaml_conversion.toml +++ /dev/null @@ -1,12 +0,0 @@ -[repo.default] - file_hosting_config_name = "TUF-Repo-S3-Buck" - signing_keys = { kms = { available_keys = { "e4a8f7fe-2272-4e51-bc3e-3f719c77eb31" = "us-west-1" } } } - root_keys = { kms = { available_keys = { "e4a8f7fe-2272-4e51-bc3e-3f719c77eb31" = "us-west-1" } } } - root_key_threshold = 1 - pub_key_threshold = 1 - -[aws] - [aws.s3.TUF-Repo-S3-Buck] - region = "us-west-2" - vpc_endpoint_id = "vpc-12345" - s3_prefix = "/my-bottlerocket-remix" diff --git a/tools/infrasys/test_tomls/toml_yaml_conversion.yml b/tools/infrasys/test_tomls/toml_yaml_conversion.yml deleted file mode 100644 index f4eed72e8..000000000 --- a/tools/infrasys/test_tomls/toml_yaml_conversion.yml +++ /dev/null @@ -1,37 +0,0 @@ -repo: - default: - root_role_url: null - root_role_sha512: null - signing_keys: !kms - key_id: null - available_keys: - e4a8f7fe-2272-4e51-bc3e-3f719c77eb31: us-west-1 - key_alias: null - regions: [] - key_stack_arns: {} - root_keys: !kms - key_id: null - available_keys: - e4a8f7fe-2272-4e51-bc3e-3f719c77eb31: us-west-1 - key_alias: null - regions: [] - key_stack_arns: {} - metadata_base_url: null - targets_url: null - file_hosting_config_name: TUF-Repo-S3-Buck - root_key_threshold: 1 - pub_key_threshold: 1 -aws: - regions: [] - role: null - profile: null - region: {} - ssm_prefix: null - s3: - TUF-Repo-S3-Buck: - region: us-west-2 - s3_prefix: /my-bottlerocket-remix - vpc_endpoint_id: vpc-12345 - stack_arn: null - bucket_name: null -vmware: null diff --git a/tools/pubsys-config/Cargo.toml b/tools/pubsys-config/Cargo.toml index f51bc69d9..6e9bf3c50 100644 --- a/tools/pubsys-config/Cargo.toml +++ b/tools/pubsys-config/Cargo.toml @@ -15,5 +15,5 @@ parse-datetime = { path = "../parse-datetime", version = "0.1" } serde = { version = "1", features = ["derive"] } serde_yaml = "0.9" snafu = "0.7" -toml = "0.5" +toml = "0.8" url = { version = "2", features = ["serde"] } diff --git a/tools/pubsys/Cargo.toml b/tools/pubsys/Cargo.toml index c784437f0..45aaaa2be 100644 --- a/tools/pubsys/Cargo.toml +++ b/tools/pubsys/Cargo.toml @@ -22,7 +22,7 @@ clap = { version = "4", features = ["derive"] } coldsnap = { version = "0.6", default-features = false, features = ["aws-sdk-rust-rustls"] } duct = "0.13" futures = "0.3" -governor = "0.5" +governor = "0.6" indicatif = "0.17" lazy_static = "1" log = "0.4" @@ -44,7 +44,7 @@ tempfile = "3" tinytemplate = "1" tokio = { version = "1", features = ["full"] } # LTS tokio-stream = { version = "0.1", features = ["time"] } -toml = "0.5" +toml = "0.8" tough = { version = "0.14", features = ["http"] } tough-kms = "0.6" tough-ssm = "0.9" diff --git a/tools/pubsys/src/repo.rs b/tools/pubsys/src/repo.rs index 97b37d841..cd564ff3f 100644 --- a/tools/pubsys/src/repo.rs +++ b/tools/pubsys/src/repo.rs @@ -637,7 +637,8 @@ mod error { pub(crate) enum Error { #[snafu(display("Failed to add new update to manifest: {}", source))] AddUpdate { - source: update_metadata::error::Error, + #[snafu(source(from(update_metadata::error::Error, Box::new)))] + source: Box, }, #[snafu(display("Failed to add new target '{}' to repo: {}", path.display(), source))] @@ -697,7 +698,8 @@ mod error { #[snafu(display("Failed to write Manifest to '{}': {}", path.display(), source))] ManifestWrite { path: PathBuf, - source: update_metadata::error::Error, + #[snafu(source(from(update_metadata::error::Error, Box::new)))] + source: Box, }, #[snafu(display("Infra.toml is missing {}", missing))] @@ -791,7 +793,8 @@ mod error { #[snafu(display("Failed to set waves from '{}': {}", wave_policy_path.display(), source))] SetWaves { wave_policy_path: PathBuf, - source: update_metadata::error::Error, + #[snafu(source(from(update_metadata::error::Error, Box::new)))] + source: Box, }, #[snafu(display("Failed to create temporary file: {}", source))] @@ -800,7 +803,8 @@ mod error { #[snafu(display("Failed to read update metadata '{}': {}", path.display(), source))] UpdateMetadataRead { path: PathBuf, - source: update_metadata::error::Error, + #[snafu(source(from(update_metadata::error::Error, Box::new)))] + source: Box, }, } } diff --git a/tools/testsys/Cargo.toml b/tools/testsys/Cargo.toml index 723ecfc8b..a674eaa8c 100644 --- a/tools/testsys/Cargo.toml +++ b/tools/testsys/Cargo.toml @@ -13,7 +13,7 @@ publish = false async-trait = "0.1" aws-config = "0.55" aws-sdk-ec2 = "0.28" -base64 = "0.20" +base64 = "0.21" bottlerocket-types = { git = "https://github.com/bottlerocket-os/bottlerocket-test-system", version = "0.0.9", tag = "v0.0.9" } bottlerocket-variant = { version = "0.1", path = "../bottlerocket-variant" } clap = { version = "4", features = ["derive", "env"] } @@ -24,7 +24,7 @@ log = "0.4" maplit = "1" testsys-model = { git = "https://github.com/bottlerocket-os/bottlerocket-test-system", version = "0.0.9", tag = "v0.0.9" } pubsys-config = { path = "../pubsys-config/", version = "0.1.0" } -fastrand = "1" +fastrand = "2" serde = { version = "1", features = ["derive"] } serde_json = "1" serde_plain = "1" diff --git a/tools/testsys/src/aws_k8s.rs b/tools/testsys/src/aws_k8s.rs index 2fc063fab..2a0ee56e3 100644 --- a/tools/testsys/src/aws_k8s.rs +++ b/tools/testsys/src/aws_k8s.rs @@ -1,4 +1,5 @@ use crate::aws_resources::{ami, ami_name, ec2_crd, ec2_karpenter_crd, get_ami_id}; +use crate::base64; use crate::crds::{ BottlerocketInput, ClusterInput, CrdCreator, CrdInput, CreateCrdOutput, MigrationInput, TestInput, diff --git a/tools/testsys/src/base64.rs b/tools/testsys/src/base64.rs new file mode 100644 index 000000000..0c96f282c --- /dev/null +++ b/tools/testsys/src/base64.rs @@ -0,0 +1,9 @@ +use base64::alphabet::STANDARD; +use base64::engine::{GeneralPurpose, GeneralPurposeConfig}; +use base64::Engine; + +/// This function became deprecated in the base64 library but its interface is much simpler than +/// what replaced it. Rather than change all of our call sites we retain the simple interface here. +pub(crate) fn encode>(input: T) -> String { + GeneralPurpose::new(&STANDARD, GeneralPurposeConfig::default()).encode(input) +} diff --git a/tools/testsys/src/crds.rs b/tools/testsys/src/crds.rs index 43875d936..322c4d380 100644 --- a/tools/testsys/src/crds.rs +++ b/tools/testsys/src/crds.rs @@ -1,3 +1,4 @@ +use crate::base64; use crate::error::{self, Result}; use crate::run::{KnownTestType, TestType}; use bottlerocket_types::agent_config::TufRepoConfig; diff --git a/tools/testsys/src/main.rs b/tools/testsys/src/main.rs index 26a97d4b1..512e9bb3e 100644 --- a/tools/testsys/src/main.rs +++ b/tools/testsys/src/main.rs @@ -16,6 +16,7 @@ use uninstall::Uninstall; mod aws_ecs; mod aws_k8s; mod aws_resources; +mod base64; mod crds; mod delete; mod error; diff --git a/tools/testsys/src/metal_k8s.rs b/tools/testsys/src/metal_k8s.rs index 3cef00a15..1cf48d36e 100644 --- a/tools/testsys/src/metal_k8s.rs +++ b/tools/testsys/src/metal_k8s.rs @@ -1,3 +1,4 @@ +use crate::base64; use crate::crds::{ BottlerocketInput, ClusterInput, CrdCreator, CrdInput, CreateCrdOutput, MigrationInput, TestInput, diff --git a/tools/testsys/src/run.rs b/tools/testsys/src/run.rs index eb03de0a8..120830c1a 100644 --- a/tools/testsys/src/run.rs +++ b/tools/testsys/src/run.rs @@ -1,5 +1,6 @@ use crate::aws_ecs::AwsEcsCreator; use crate::aws_k8s::AwsK8sCreator; +use crate::base64; use crate::crds::{CrdCreator, CrdInput}; use crate::error; use crate::error::Result; diff --git a/tools/testsys/src/sonobuoy.rs b/tools/testsys/src/sonobuoy.rs index d3288442c..bee850ac9 100644 --- a/tools/testsys/src/sonobuoy.rs +++ b/tools/testsys/src/sonobuoy.rs @@ -1,3 +1,4 @@ +use crate::base64; use crate::crds::TestInput; use crate::error::{self, Result}; use crate::run::KnownTestType; diff --git a/tools/update-metadata/Cargo.toml b/tools/update-metadata/Cargo.toml index c079517be..7b33f812f 100644 --- a/tools/update-metadata/Cargo.toml +++ b/tools/update-metadata/Cargo.toml @@ -17,5 +17,5 @@ serde = { version = "1", features = ["derive"] } serde_json = "1" serde_plain = "1" snafu = "0.7" -toml = "0.5" +toml = "0.8" diff --git a/tools/update-metadata/src/lib.rs b/tools/update-metadata/src/lib.rs index 53bae1476..101f655d3 100644 --- a/tools/update-metadata/src/lib.rs +++ b/tools/update-metadata/src/lib.rs @@ -452,7 +452,7 @@ mod tests { fn test_time() -> DateTime { // DateTime for 1/1/2000 00:00:00 - DateTime::::from_utc( + DateTime::::from_naive_utc_and_offset( NaiveDate::from_ymd_opt(2000, 1, 1) .unwrap() .and_hms_milli_opt(0, 0, 0, 0) @@ -641,7 +641,7 @@ mod tests { }; let seed = 1024; // Construct a DateTime object for 1/1/2000 00:00:00 - let time = DateTime::::from_utc( + let time = DateTime::::from_naive_utc_and_offset( NaiveDate::from_ymd_opt(2000, 1, 1) .unwrap() .and_hms_milli_opt(0, 0, 0, 0) diff --git a/twoliter/Cargo.toml b/twoliter/Cargo.toml index 06e000370..742570dad 100644 --- a/twoliter/Cargo.toml +++ b/twoliter/Cargo.toml @@ -22,7 +22,7 @@ sha2 = "0.10" tar = "0.4" tempfile = "3" tokio = { version = "1", default-features = false, features = ["fs", "macros", "process", "rt-multi-thread"] } -toml = "0.7" +toml = "0.8" uuid = { version = "1", features = [ "v4" ] } # Binary dependencies. These are binaries that we want to embed in the Twoliter binary. @@ -30,7 +30,7 @@ buildsys = { version = "0.1.0", artifact = [ "bin:buildsys", "bin:bottlerocket-v pubsys = { version = "0.1.0", artifact = [ "bin:pubsys" ], path = "../tools/pubsys" } pubsys-setup = { version = "0.1.0", artifact = [ "bin:pubsys-setup" ], path = "../tools/pubsys-setup" } testsys = { version = "0.1.0", artifact = [ "bin:testsys" ], path = "../tools/testsys" } -tuftool = { version = "0.9", artifact = [ "bin:tuftool" ] } +tuftool = { version = "0.10", artifact = [ "bin:tuftool" ] } [build-dependencies] bytes = "1"