Skip to content

Commit

Permalink
cargo update, tighten cargo-deny settings
Browse files Browse the repository at this point in the history 
This change also contains several major-version updates for dependencies
to pass the cargo-deny checks.
  • Loading branch information
@cbgbt
cbgbt committed Jul 19, 2024
1 parent 7ab590c commit e032c24
Show file tree
Hide file tree
Showing 19 changed files with 224 additions and 271 deletions.
322 changes: 118 additions & 204 deletions Cargo.lock
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion agent/builder-derive/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ publish = false
license = "MIT OR Apache-2.0"

[dependencies]
syn = "1"
syn = "2"
quote = "1"
proc-macro2 = "1"
serde = "1"
Expand Down
26 changes: 10 additions & 16 deletions agent/builder-derive/src/derive.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,26 +27,22 @@ pub(crate) fn build_struct(ast: &syn::DeriveInput) -> TokenStream {
.attrs
.iter()
.filter_map(|v| {
v.parse_meta().ok().map(|meta| {
if meta.path().is_ident("crd") {
v.parse_args::<LitStr>().ok()
} else {
None
}
})
if v.meta.path().is_ident("crd") {
v.parse_args::<LitStr>().ok()
} else {
None
}
})
.last()
.flatten()
.expect("`crd` is a required attribute (Test, Resource)")
.value();

// Get a list of fields and their types
let fields = data.fields.iter().filter_map(|field| {
let attrs = field.attrs.iter().filter(|v| {
v.parse_meta()
.map(|meta| meta.path().is_ident("doc") || meta.path().is_ident("serde"))
.unwrap_or(false)
});
let attrs = field
.attrs
.iter()
.filter(|v| v.meta.path().is_ident("doc") || v.meta.path().is_ident("serde"));
let field_name = match field.ident.as_ref() {
Some(ident) => ident.to_string(),
None => return None,
Expand All @@ -61,9 +57,7 @@ pub(crate) fn build_struct(ast: &syn::DeriveInput) -> TokenStream {
// Create the setters for each field, one for typed values and one for templated strings
let setters = data.fields.iter().filter_map(|field| {
let doc = field.attrs.iter().filter(|v| {
v.parse_meta()
.map(|meta| meta.path().is_ident("doc"))
.unwrap_or(false)
v.meta.path().is_ident("doc")
});
let field_name = match field.ident.as_ref() {
Some(ident) => ident.to_string(),
Expand Down
2 changes: 1 addition & 1 deletion agent/configuration-derive/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ publish = false
license = "MIT OR Apache-2.0"

[dependencies]
syn = "1"
syn = "2"
quote = "1"

[lib]
Expand Down
2 changes: 1 addition & 1 deletion agent/utils/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ aws-sdk-iam = "1"
aws-sdk-ssm = "1"
aws-sdk-sts = "1"
aws-smithy-types = "1"
base64 = "0.20"
base64 = "0.22"
env_logger = "0.10"
log = "0.4"
testsys-model = { version = "0.0.13", path = "../../model" }
Expand Down
7 changes: 5 additions & 2 deletions agent/utils/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
!*/

use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use constants::DEFAULT_AGENT_LEVEL_FILTER;
use env_logger::Builder;
pub use error::Error;
Expand All @@ -27,8 +29,9 @@ pub async fn base64_decode_write_file(
path_to_write_to: &str,
) -> Result<(), error::Error> {
let path = Path::new(path_to_write_to);
let decoded_bytes =
base64::decode(base64_content.as_bytes()).context(error::Base64DecodeSnafu)?;
let decoded_bytes = Base64
.decode(base64_content.as_bytes())
.context(error::Base64DecodeSnafu)?;
fs::write(path, decoded_bytes).context(error::WriteFileSnafu {
path: path_to_write_to,
})?;
Expand Down
6 changes: 3 additions & 3 deletions bottlerocket/agents/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,20 @@ aws-sdk-iam = "1"
aws-sdk-ssm = "1"
aws-sdk-sts = "1"
aws-sdk-cloudformation = "1"
base64 = "0.20"
base64 = "0.22"
flate2 = "1.0"
hex ="0.4"
k8s-openapi = { version = "0.21", default-features = false, features = ["v1_24"] }
kube = { version = "0.88", default-features = false, features = ["config", "derive", "client"] }
log = "0.4"
maplit = "1"
openssh = { version = "0.9", features = ["native-mux"] }
openssh = { version = "0.10", features = ["native-mux"] }
testsys-model = { version = "0.0.13", path = "../../model" }
reqwest = { version = "0.11", default-features = false, features = ["rustls-tls", "blocking"] }
resource-agent = { version = "0.0.13", path = "../../agent/resource-agent" }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
serde_yaml = "0.8"
serde_yaml = "0.9"
sha2 = "0.10"
snafu = "0.8"
tar = "0.4"
Expand Down
14 changes: 8 additions & 6 deletions bottlerocket/agents/src/bin/ec2-resource-agent/ec2_provider.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ use aws_sdk_ec2::types::{
InstanceMetadataEndpointState, InstanceMetadataOptionsRequest, InstanceType, ResourceType, Tag,
TagSpecification,
};
use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use bottlerocket_agents::userdata::{decode_to_string, merge_values};
use bottlerocket_types::agent_config::{
ClusterType, CustomUserData, Ec2Config, AWS_CREDENTIALS_SECRET_NAME,
Expand Down Expand Up @@ -444,10 +446,10 @@ fn userdata(
.context(Resources::Clear, "Failed to parse TOML")?;
merge_values(&merge_from, merge_into)
.context(Resources::Clear, "Failed to merge TOML")?;
Ok(base64::encode(toml::to_string(merge_into).context(
Resources::Clear,
"Failed to serialize merged TOML",
)?))
Ok(Base64.encode(
toml::to_string(merge_into)
.context(Resources::Clear, "Failed to serialize merged TOML")?,
))
}
}
}
Expand All @@ -459,7 +461,7 @@ fn default_eks_userdata(
cluster_dns_ip: &Option<String>,
memo: &ProductionMemo,
) -> Result<String, ProviderError> {
Ok(base64::encode(format!(
Ok(Base64.encode(format!(
r#"[settings.updates]
ignore-waves = true
Expand All @@ -482,7 +484,7 @@ cluster-dns-ip = "{}""#,
}

fn default_ecs_userdata(cluster_name: &str) -> String {
base64::encode(format!(
Base64.encode(format!(
r#"[settings.ecs]
cluster = "{}""#,
cluster_name,
Expand Down
7 changes: 5 additions & 2 deletions bottlerocket/agents/src/bin/eks-resource-agent/eks_provider.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ use aws_sdk_eks::error::SdkError as EksSdkError;
use aws_sdk_eks::operation::describe_cluster::{DescribeClusterError, DescribeClusterOutput};
use aws_sdk_eks::types::{Cluster, IpFamily};
use aws_types::SdkConfig;
use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use bottlerocket_agents::is_cluster_creation_required;
use bottlerocket_types::agent_config::{
CreationPolicy, EksClusterConfig, EksctlConfig, K8sVersion, AWS_CREDENTIALS_SECRET_NAME,
Expand Down Expand Up @@ -131,7 +133,8 @@ impl ClusterConfig {
pub fn new(eksctl_config: EksctlConfig) -> ProviderResult<Self> {
let config = match eksctl_config {
EksctlConfig::File { encoded_config } => {
let decoded_config = base64::decode(encoded_config)
let decoded_config = Base64
.decode(encoded_config)
.context(Resources::Clear, "Unable to decode eksctl configuration.")?;

let config: Value =
Expand Down Expand Up @@ -410,7 +413,7 @@ impl Create for EksCreator {
)?;
let kubeconfig = std::fs::read_to_string(kubeconfig_dir)
.context(Resources::Remaining, "Unable to read kubeconfig.")?;
let encoded_kubeconfig = base64::encode(kubeconfig);
let encoded_kubeconfig = Base64.encode(kubeconfig);

info!("Gathering information about the cluster");

Expand Down
20 changes: 16 additions & 4 deletions bottlerocket/agents/src/bin/metal-k8s-cluster-resource-agent/metal_k8s_cluster_provider.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ k8s artifacts included in the workload cluster config are deleted.
use agent_utils::aws::aws_config;
use agent_utils::base64_decode_write_file;
use agent_utils::ssm::{create_ssm_activation, ensure_ssm_service_role, wait_for_ssm_ready};
use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use bottlerocket_agents::clusters::{
download_eks_a_bundle, install_eks_a_binary, retrieve_workload_cluster_kubeconfig,
write_validate_mgmt_kubeconfig,
Expand Down Expand Up @@ -179,7 +181,8 @@ impl Create for MetalK8sClusterCreator {
"Unable to decode and write hardware requirements",
)?;

let decoded_config = base64::decode(&spec.configuration.cluster_config_base64)
let decoded_config = Base64
.decode(&spec.configuration.cluster_config_base64)
.context(Resources::Clear, "Unable to decode eksctl configuration.")?;

let deserialized_config = serde_yaml::Deserializer::from_slice(decoded_config.as_slice())
Expand Down Expand Up @@ -296,7 +299,7 @@ impl Create for MetalK8sClusterCreator {
let k8s_client = kube::client::Client::try_from(
Config::from_custom_kubeconfig(
Kubeconfig::from_yaml(&String::from_utf8_lossy(
&base64::decode(&encoded_kubeconfig).context(
&Base64.decode(&encoded_kubeconfig).context(
resources,
"Unable to decode encoded workload cluster kubeconfig",
)?,
Expand Down Expand Up @@ -342,7 +345,16 @@ impl Create for MetalK8sClusterCreator {
"Control container host container userdata: {}",
control_host_ctr_userdata
);
let ssm_json = json!({"host-containers":{"control":{"enabled":true, "user-data": base64::encode(control_host_ctr_userdata.to_string())}}});
let ssm_json = json!({
"host-containers": {
"control": {
"enabled": true,
"user-data": Base64.encode(
control_host_ctr_userdata.to_string())
}
}
}
);

let custom_settings = &spec
.configuration
Expand All @@ -351,7 +363,7 @@ impl Create for MetalK8sClusterCreator {
CustomUserData::Replace { encoded_userdata }
| CustomUserData::Merge { encoded_userdata } => encoded_userdata,
})
.map(base64::decode)
.map(|userdata| Base64.decode(userdata))
.transpose()
.context(resources, "Unable to decode custom user data")?
.map(|userdata| toml::from_slice::<serde_json::Value>(&userdata))
Expand Down
4 changes: 3 additions & 1 deletion ...erocket/agents/src/bin/vsphere-k8s-cluster-resource-agent/vsphere_k8s_cluster_provider.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
use agent_utils::base64_decode_write_file;
use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use bottlerocket_agents::clusters::{
download_eks_a_bundle, install_eks_a_binary, retrieve_workload_cluster_kubeconfig,
write_validate_mgmt_kubeconfig,
Expand Down Expand Up @@ -598,7 +600,7 @@ spec:
"###
);
debug!("{}", &clusterspec);
memo.encoded_clusterspec = base64::encode(&clusterspec);
memo.encoded_clusterspec = Base64.encode(&clusterspec);
fs::write(clusterspec_path, clusterspec).context(
resources,
format!(
Expand Down
14 changes: 8 additions & 6 deletions bottlerocket/agents/src/bin/vsphere-vm-resource-agent/vsphere_vm_provider.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
use agent_utils::aws::aws_config;
use agent_utils::base64_decode_write_file;
use agent_utils::ssm::{create_ssm_activation, ensure_ssm_service_role, wait_for_ssm_ready};
use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use bottlerocket_agents::constants::TEST_CLUSTER_KUBECONFIG_PATH;
use bottlerocket_agents::tuf::{download_target, tuf_repo_urls};
use bottlerocket_agents::userdata::{decode_to_string, merge_values};
Expand Down Expand Up @@ -360,7 +362,7 @@ impl Create for VMCreator {
control_host_ctr_userdata
);
let encoded_control_host_ctr_userdata =
base64::encode(control_host_ctr_userdata.to_string());
Base64.encode(control_host_ctr_userdata.to_string());

let custom_user_data = spec.configuration.custom_user_data;

Expand Down Expand Up @@ -542,10 +544,10 @@ fn userdata(
.context(Resources::Clear, "Failed to parse TOML")?;
merge_values(&merge_from, merge_into)
.context(Resources::Clear, "Failed to merge TOML")?;
Ok(base64::encode(toml::to_string(merge_into).context(
Resources::Clear,
"Failed to serialize merged TOML",
)?))
Ok(Base64.encode(
toml::to_string(merge_into)
.context(Resources::Clear, "Failed to serialize merged TOML")?,
))
}
}
}
Expand All @@ -557,7 +559,7 @@ fn default_userdata(
certificate: &str,
control_container_userdata: &str,
) -> String {
base64::encode(format!(
Base64.encode(format!(
r#"[settings.updates]
ignore-waves = true
Expand Down
7 changes: 5 additions & 2 deletions bottlerocket/agents/src/userdata.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
// Heavily borrowed from Bottlerocket's merge-toml crate.
// See https://github.com/bottlerocket-os/bottlerocket/blob/v1.11.1/sources/api/storewolf/merge-toml/src/lib.rs

use base64::decode;
use base64::engine::general_purpose::STANDARD as Base64;
use base64::Engine;
use resource_agent::provider::{IntoProviderError, ProviderError, ProviderResult, Resources};
use std::str::from_utf8;
use toml::{map::Entry, Value};
Expand Down Expand Up @@ -66,7 +67,9 @@ pub fn merge_values<'a>(merge_from: &'a Value, merge_into: &'a mut Value) -> Pro

pub fn decode_to_string(encoded_userdata: &String) -> ProviderResult<String> {
Ok(from_utf8(
&decode(encoded_userdata).context(Resources::Clear, "Failed to decode base64 TOML")?,
&Base64
.decode(encoded_userdata)
.context(Resources::Clear, "Failed to decode base64 TOML")?,
)
.context(Resources::Clear, "Failed to decode base64 TOML")?
.to_string())
Expand Down
2 changes: 1 addition & 1 deletion bottlerocket/types/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ builder-derive = { version = "0.0.13", path = "../../agent/builder-derive" }
testsys-model = { version = "0.0.13", path = "../../model" }
serde = "1"
serde_plain = "1"
serde_yaml = "0.8"
serde_yaml = "0.9"
serde_json = "1"
8 changes: 4 additions & 4 deletions cli/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,18 @@ license = "MIT OR Apache-2.0"

[dependencies]
anyhow = "1.0"
clap = { version = "4.0", features = ["derive"] }
clap = { version = "4.5", features = ["derive"] }
env_logger = "0.10"
futures = "0.3"
log = "0.4"
testsys-model = { path = "../model" }
testsys-model = { version = "0", path = "../model" }
serde_json = "1"
terminal_size = "0.2"
terminal_size = "0.3"
tokio = { version = "1", features = ["macros", "rt-multi-thread", "fs"] }

[dev-dependencies]
assert_cmd = "2"
selftest = { path = "../selftest" }
selftest = { version = "0", path = "../selftest" }

[features]
# The `integ` feature enables integration tests. These tests require docker and kind.
Expand Down
25 changes: 19 additions & 6 deletions deny.toml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
[licenses]
unlicensed = "deny"

# Deny licenses unless they are specifically listed here
copyleft = "deny"
allow-osi-fsf-free = "neither"
default = "deny"
version = 2

# We want really high confidence when inferring licenses from text
confidence-threshold = 0.93
Expand All @@ -26,6 +21,24 @@ allow = [

exceptions = [ { allow = [ "MPL-2.0" ], name = "webpki-roots" } ]

[bans]
multiple-versions = "deny"
wildcards = "deny"

skip = [
# many crates still use syn v1
"syn@1",

# tabled uses an older version of heck
"[email protected]",
]

skip-tree = [
{ crate = "windows-sys" },
# aws-smithy-runtime uses many older dependencies
{ crate = "[email protected]" },
]

# https://github.com/hsivonen/encoding_rs The non-test code that isn't generated from the WHATWG data in this crate is
# under Apache-2.0 OR MIT. Test code is under CC0.
[[licenses.clarify]]
Expand Down
Loading

0 comments on commit e032c24

Please sign in to comment.