From 216bc02ac5533590a4708a1573dc007f206b43b7 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:03:39 +0200 Subject: [PATCH 01/11] update clap --- rust/Cargo.lock | 12 ++++++------ rust/Cargo.toml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rust/Cargo.lock b/rust/Cargo.lock index 1f220934..07efdc69 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -54,9 +54,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.5" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6" +checksum = "4cd2405b3ac1faab2990b74d728624cd9fd115651fcecc7c2d8daf01376275ba" dependencies = [ "anstyle", "anstyle-parse", @@ -641,9 +641,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.15" +version = "4.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c12ed66a79a555082f595f7eb980d08669de95009dd4b3d61168c573ebe38fc9" +checksum = "58e54881c004cec7895b0068a0a954cd5d62da01aef83fa35b1e594497bf5445" dependencies = [ "clap_builder", "clap_derive", @@ -651,9 +651,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.15" +version = "4.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f4645eab3431e5a8403a96bea02506a8b35d28cd0f0330977dd5d22f9c84f43" +checksum = "59cb82d7f531603d2fd1f507441cdd35184fa81beff7bd489570de7f773460bb" dependencies = [ "anstream", "anstyle", diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 2fb7b339..8b01f073 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -18,11 +18,11 @@ aws-config = { version = "1.1.2", features = ["behavior-version-latest"] } aws-sdk-cloudformation = "1.11.0" aws-sdk-kms = "1.10.0" aws-sdk-s3 = "1.12.0" -base64 = "0.21.5" -clap = { version = "4.4.13", features = ["derive", "env"] } +base64 = "0.21.7" +clap = { version = "4.4.16", features = ["derive", "env"] } rand = "0.8.5" serde = { version = "1.0.195", features = ["derive"] } -serde_json = "1.0" +serde_json = "1.0.111" thiserror = "1.0.56" tokio = { version = "1", features = ["full"] } From 2946b2334f166f546347a5f3734a8e0e78bfdc86 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:04:50 +0200 Subject: [PATCH 02/11] bump rust version to 0.5.0 --- rust/Cargo.lock | 2 +- rust/Cargo.toml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rust/Cargo.lock b/rust/Cargo.lock index 07efdc69..aa7f81ed 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -1189,7 +1189,7 @@ dependencies = [ [[package]] name = "nitor-vault" -version = "0.4.1" +version = "0.5.0" dependencies = [ "aes-gcm", "anyhow", diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 8b01f073..df6834ea 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -1,15 +1,15 @@ [package] name = "nitor-vault" -version = "0.4.1" +version = "0.5.0" edition = "2021" +description = "Encrypted AWS key-value storage utility." +license = "Apache-2.0" +repository = "https://github.com/nitorcreations/vault" +keywords = ["secrets", "s3", "cli"] authors = [ "Kalle Ahlström ", ] -description = "Encrypted AWS key-value storage" -license = "Apache-2.0" -repository = "https://github.com/nitorcreations/vault" -keywords = ["secrets", "s3"] [dependencies] aes-gcm = "0.10.3" From b2fd4f6acd594961eafe8f335c9124a4ecf6d95c Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:05:00 +0200 Subject: [PATCH 03/11] use lto for release binary --- rust/Cargo.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rust/Cargo.toml b/rust/Cargo.toml index df6834ea..1cbb8636 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -29,3 +29,6 @@ tokio = { version = "1", features = ["full"] } [[bin]] name = "vault" path = "src/main.rs" + +[profile.release] +lto = true From 5c312973d51d0439c80ace8fa3a419040c1b752a Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:18:56 +0200 Subject: [PATCH 04/11] tweak readme --- rust/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rust/README.md b/rust/README.md index 66cf1610..2ba946e9 100644 --- a/rust/README.md +++ b/rust/README.md @@ -23,15 +23,13 @@ cargo build --release cargo run --release ``` -Cargo will output the executable to either +Depending on which build profile is used, Cargo will output the executable to either: ```shell rust/target/debug/vault rust/target/release/vault ``` -depending on which build profile is used. - ## Install You can install a release binary locally using [cargo install](https://doc.rust-lang.org/cargo/commands/cargo-install.html). From 2581246dc3cfb526251cc11d8e9de2f28e8f4c68 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:19:53 +0200 Subject: [PATCH 05/11] separate std imports --- rust/src/cli.rs | 3 ++- rust/src/errors.rs | 3 ++- rust/src/lib.rs | 5 +++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/rust/src/cli.rs b/rust/src/cli.rs index 19f6f8b5..85e535dc 100644 --- a/rust/src/cli.rs +++ b/rust/src/cli.rs @@ -1,6 +1,7 @@ +use std::io::{stdin, BufRead}; + use anyhow::{Context, Result}; use clap::{Parser, Subcommand}; -use std::io::{stdin, BufRead}; use nitor_vault::Vault; diff --git a/rust/src/errors.rs b/rust/src/errors.rs index 0c2efe10..00d0fd6c 100644 --- a/rust/src/errors.rs +++ b/rust/src/errors.rs @@ -1,3 +1,5 @@ +use std::string::FromUtf8Error; + use aws_sdk_cloudformation::error::SdkError; use aws_sdk_cloudformation::operation::describe_stacks::DescribeStacksError; use aws_sdk_kms::operation::decrypt::DecryptError; @@ -7,7 +9,6 @@ use aws_sdk_s3::operation::get_object::GetObjectError; use aws_sdk_s3::operation::head_object::HeadObjectError; use aws_sdk_s3::operation::list_objects_v2::ListObjectsV2Error; use aws_sdk_s3::operation::put_object::PutObjectError; -use std::string::FromUtf8Error; use thiserror::Error; #[derive(Debug, Error)] diff --git a/rust/src/lib.rs b/rust/src/lib.rs index 9e30857d..7a6c2477 100644 --- a/rust/src/lib.rs +++ b/rust/src/lib.rs @@ -1,3 +1,6 @@ +use std::env; +use std::fmt; + use aes_gcm::aead::{Aead, Payload}; use aes_gcm::aes::{cipher, Aes256}; use aes_gcm::{AesGcm, KeyInit, Nonce}; @@ -16,8 +19,6 @@ use base64::{engine::general_purpose, Engine as _}; use errors::VaultError; use rand::Rng; use serde::{Deserialize, Serialize}; -use std::env; -use std::fmt; use tokio::try_join; pub mod errors; From f6441db8adfba4b1f984337c4aab22d8ed4ffb29 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:20:05 +0200 Subject: [PATCH 06/11] add env variable for aws region --- rust/src/cli.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/src/cli.rs b/rust/src/cli.rs index 85e535dc..bf3a9d02 100644 --- a/rust/src/cli.rs +++ b/rust/src/cli.rs @@ -22,8 +22,8 @@ pub struct Args { #[arg(short, long, env = "VAULT_KEY")] pub key_arn: Option, - /// Specify AWS region to use - #[arg(short, long, help = "Specify AWS region for the bucket")] + /// Specify AWS region for the bucket + #[arg(short, long, env = "AWS_REGION")] pub region: Option, /// Optional CloudFormation stack to lookup key and bucket From 197e611c3a26330a063bd3f25d789e005ad64d44 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:20:22 +0200 Subject: [PATCH 07/11] simplify error context --- rust/src/main.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/src/main.rs b/rust/src/main.rs index b8032104..03ff72df 100644 --- a/rust/src/main.rs +++ b/rust/src/main.rs @@ -15,11 +15,11 @@ async fn main() -> Result<()> { args.region.as_deref(), ) .await - .with_context(|| "Failed to create vault from given params.".to_string())? + .context("Failed to create vault from given params.")? } else { Vault::new(args.vault_stack.as_deref(), args.region.as_deref()) .await - .with_context(|| "Failed to create vault.".to_string())? + .context("Failed to create vault.")? }; // Handle subcommands From c23885e6821125485ac58f7ac22bcac2ec45912d Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:21:49 +0200 Subject: [PATCH 08/11] rust version 0.6.0 --- rust/Cargo.lock | 2 +- rust/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/Cargo.lock b/rust/Cargo.lock index aa7f81ed..29a73a82 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -1189,7 +1189,7 @@ dependencies = [ [[package]] name = "nitor-vault" -version = "0.5.0" +version = "0.6.0" dependencies = [ "aes-gcm", "anyhow", diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 1cbb8636..300bf002 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nitor-vault" -version = "0.5.0" +version = "0.6.0" edition = "2021" description = "Encrypted AWS key-value storage utility." license = "Apache-2.0" From b9ea497b566c09f5f0fc656c361fdea590672ea6 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Fri, 12 Jan 2024 11:32:09 +0200 Subject: [PATCH 09/11] run formatting checks only when needed --- .github/workflows/black.yml | 3 +++ .github/workflows/cargo.yml | 25 ++++++++++++++++++++----- .github/workflows/go.yml | 3 +++ .github/workflows/isort.yml | 3 +++ .github/workflows/pip.yml | 3 +++ .github/workflows/ruff.yml | 3 +++ 6 files changed, 35 insertions(+), 5 deletions(-) diff --git a/.github/workflows/black.yml b/.github/workflows/black.yml index 658b9e18..b8a6c6ac 100644 --- a/.github/workflows/black.yml +++ b/.github/workflows/black.yml @@ -13,6 +13,9 @@ on: branches: - master - main + paths: + - "**.py" + - ".github/workflows/black.yml" # https://github.com/psf/black jobs: diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml index b60001ea..8e6e2fa3 100644 --- a/.github/workflows/cargo.yml +++ b/.github/workflows/cargo.yml @@ -16,6 +16,9 @@ on: - master - main +env: + CARGO_TERM_COLOR: always + # https://github.com/actions-rs/cargo jobs: cargo: @@ -30,17 +33,29 @@ jobs: with: workspaces: ./rust -> target + - name: Set up cargo cache + uses: actions/cache@v3 + continue-on-error: false + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: ${{ runner.os }}-cargo- + + - name: build + working-directory: rust + run: cargo build + - name: fmt working-directory: rust - # workaround for color output - env: - TERM: xterm-256color run: cargo fmt --check --verbose - name: clippy working-directory: rust - env: - TERM: xterm-256color # exit non-zero if there are any warnings # https://doc.rust-lang.org/stable/clippy/usage.html run: cargo clippy -- -Dwarnings diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 6658ead1..addc8584 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -29,9 +29,12 @@ jobs: with: go-version: "1.21.x" cache-dependency-path: go/go.sum + - name: Install dependencies run: go get . + - name: Build run: go build -v ./... + - name: Test with the Go CLI run: go test diff --git a/.github/workflows/isort.yml b/.github/workflows/isort.yml index abea9de4..401456d9 100644 --- a/.github/workflows/isort.yml +++ b/.github/workflows/isort.yml @@ -13,6 +13,9 @@ on: branches: - master - main + paths: + - "**.py" + - ".github/workflows/isort.yml" # https://github.com/marketplace/actions/python-isort jobs: diff --git a/.github/workflows/pip.yml b/.github/workflows/pip.yml index 90b486d8..72bc0b34 100644 --- a/.github/workflows/pip.yml +++ b/.github/workflows/pip.yml @@ -13,6 +13,9 @@ on: branches: - master - main + paths: + - "python/requirements.txt" + - ".github/workflows/pip.yml" # https://github.com/py-actions/py-dependency-install jobs: diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml index 43cc0654..309f20af 100644 --- a/.github/workflows/ruff.yml +++ b/.github/workflows/ruff.yml @@ -13,6 +13,9 @@ on: branches: - master - main + paths: + - "**.py" + - ".github/workflows/ruff.yml" # https://github.com/chartboost/ruff-action jobs: From 35863caa59f4de0449c89dd2ea1eaf99a6532154 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Mon, 15 Jan 2024 10:11:07 +0200 Subject: [PATCH 10/11] package updates --- .pre-commit-config.yaml | 2 +- rust/Cargo.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7cca466a..f6339300 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,7 +18,7 @@ repos: - id: trailing-whitespace - repo: https://github.com/charliermarsh/ruff-pre-commit - rev: v0.1.11 + rev: v0.1.13 hooks: - id: ruff name: python ruff diff --git a/rust/Cargo.lock b/rust/Cargo.lock index 29a73a82..34697737 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -1657,9 +1657,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.2" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "2593d31f82ead8df961d8bd23a64c2ccf2eb5dd34b0a34bfb4dd54011c72009e" [[package]] name = "socket2" From abfb8ab530537d035ed17aa63f05b857fe7a2825 Mon Sep 17 00:00:00 2001 From: Akseli Lukkarila Date: Mon, 15 Jan 2024 10:32:08 +0200 Subject: [PATCH 11/11] change to patch version update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Kalle Ahlström <71292737+kahlstrm@users.noreply.github.com> --- rust/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 300bf002..4bc4f50d 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nitor-vault" -version = "0.6.0" +version = "0.5.1" edition = "2021" description = "Encrypted AWS key-value storage utility." license = "Apache-2.0"