Deuxfleurs/garage
47
55
Fork 71
Code Issues 98 Pull requests 14 Releases 30 Wiki Activity

k2v-client: Add support for native TLS library #560

Closed
jirutka wants to merge 2 commits from jirutka/garage:k2v-native-tls into main
pull from: jirutka/garage:k2v-native-tls
merge into: Deuxfleurs:main
Conversation 2 Commits 2 Files changed 5 +116 -6
4 changed files with 116 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 92a86e3cd1 - Show all commits

96
Cargo.lock generated
View file

@ -956,6 +956,21 @@ version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]] [[package]]
name = "form_urlencoded" name = "form_urlencoded"
version = "1.1.0" version = "1.1.0"
@ -1661,6 +1676,19 @@ dependencies = [
"tokio-io-timeout", "tokio-io-timeout",
] ]
[[package]]
name = "hyper-tls"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
dependencies = [
"bytes",
"hyper",
"native-tls",
"tokio",
"tokio-native-tls",
]
[[package]] [[package]]
name = "iana-time-zone" name = "iana-time-zone"
version = "0.1.53" version = "0.1.53"
@ -1836,6 +1864,7 @@ dependencies = [
"garage_util", "garage_util",
"http", "http",
"hyper-rustls 0.23.2", "hyper-rustls 0.23.2",
"hyper-tls",
"log", "log",
"rusoto_core", "rusoto_core",
"rusoto_credential", "rusoto_credential",
@ -2187,6 +2216,24 @@ version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"
[[package]]
name = "native-tls"
version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
dependencies = [
"lazy_static",
"libc",
"log",
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
]
[[package]] [[package]]
name = "netapp" name = "netapp"
version = "0.5.2" version = "0.5.2"
@ -2357,12 +2404,50 @@ version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "openssl"
version = "0.10.52"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56"
dependencies = [
"bitflags",
"cfg-if",
"foreign-types",
"libc",
"once_cell",
"openssl-macros",
"openssl-sys",
]
[[package]]
name = "openssl-macros"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "openssl-probe" name = "openssl-probe"
version = "0.1.5" version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-sys"
version = "0.9.87"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]] [[package]]
name = "opentelemetry" name = "opentelemetry"
version = "0.17.0" version = "0.17.0"
@ -2971,6 +3056,7 @@ dependencies = [
"http", "http",
"hyper", "hyper",
"hyper-rustls 0.23.2", "hyper-rustls 0.23.2",
"hyper-tls",
"lazy_static", "lazy_static",
"log", "log",
"rusoto_credential", "rusoto_credential",
@ -3739,6 +3825,16 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "tokio-native-tls"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
dependencies = [
"native-tls",
"tokio",
]
[[package]] [[package]]
name = "tokio-rustls" name = "tokio-rustls"
version = "0.22.0" version = "0.22.0"

8
doc/book/reference-manual/k2v.md
View file

@ -37,19 +37,19 @@ api_bind_addr = "<ip>:<port>"
Please select a port number that is not already in use by another API Please select a port number that is not already in use by another API
endpoint (S3 api, admin API) or by the RPC server. endpoint (S3 api, admin API) or by the RPC server.
We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file: We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file (enable either `tls-native` or `tls-rustls`):
```toml ```toml
k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git" } k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git", features = ["tls-rustls"] }
``` ```
There is also a simple CLI utility which can be built from source in the There is also a simple CLI utility which can be built from source in the
following way: following way (enable either `tls-native` or `tls-rustls`):
```sh ```sh
git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
cd garage/src/k2v-client cd garage/src/k2v-client
cargo build --features cli --bin k2v-cli cargo build --features cli,tls-rustls --bin k2v-cli
``` ```
The CLI utility is self-documented, run `k2v-cli --help` to learn how to use The CLI utility is self-documented, run `k2v-cli --help` to learn how to use

8
src/k2v-client/Cargo.toml
View file

@ -12,10 +12,11 @@ readme = "../../README.md"
base64 = "0.21" base64 = "0.21"
http = "0.2" http = "0.2"
log = "0.4" log = "0.4"
rusoto_core = { version = "0.48.0", default-features = false, features = ["rustls"] } rusoto_core = { version = "0.48.0", default-features = false }
rusoto_credential = "0.48.0" rusoto_credential = "0.48.0"
rusoto_signature = "0.48.0" rusoto_signature = "0.48.0"
hyper-rustls = { version = "0.23", default-features = false, features = [ "http1", "http2", "tls12" ] } hyper-rustls = { version = "0.23", default-features = false, features = [ "http1", "http2", "tls12" ], optional = true }
hyper-tls = { version = "0.5.0", optional = true }
serde = "1.0" serde = "1.0"
serde_json = "1.0" serde_json = "1.0"
thiserror = "1.0" thiserror = "1.0"
@ -28,6 +29,9 @@ garage_util = { version = "0.8.2", path = "../util", optional = true }
[features] [features]
cli = ["clap", "tokio/fs", "tokio/io-std", "garage_util"] cli = ["clap", "tokio/fs", "tokio/io-std", "garage_util"]
# tls-native and tls-rustls are mutually exclusive.
tls-native = ["rusoto_core/native-tls", "hyper-tls"]
tls-rustls = ["rusoto_core/rustls", "hyper-rustls"]
[lib] [lib]
path = "lib.rs" path = "lib.rs"

10
src/k2v-client/lib.rs
View file

@ -19,6 +19,12 @@ mod error;
pub use error::Error; pub use error::Error;
#[cfg(all(feature = "tls-native", feature = "tls-rustls"))]
compile_error!("Features \"tls-native\" and \"tls-rustls\" are mutually exclusive.");
#[cfg(not(any(feature = "tls-native", feature = "tls-rustls")))]
compile_error!("Either feature \"tls-native\" or \"tls-rustls\" must be enabled for this crate.");
const DEFAULT_TIMEOUT: Duration = Duration::from_secs(5); const DEFAULT_TIMEOUT: Duration = Duration::from_secs(5);
const DEFAULT_POLL_TIMEOUT: Duration = Duration::from_secs(300); const DEFAULT_POLL_TIMEOUT: Duration = Duration::from_secs(300);
const SERVICE: &str = "k2v"; const SERVICE: &str = "k2v";
@ -40,12 +46,16 @@ impl K2vClient {
creds: AwsCredentials, creds: AwsCredentials,
user_agent: Option<String>, user_agent: Option<String>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
#[cfg(feature = "tls-rustls")]
let connector = hyper_rustls::HttpsConnectorBuilder::new() let connector = hyper_rustls::HttpsConnectorBuilder::new()
.with_native_roots() .with_native_roots()
.https_or_http() .https_or_http()
.enable_http1() .enable_http1()
.enable_http2() .enable_http2()
.build(); .build();
#[cfg(feature = "tls-native")]
let connector = hyper_tls::HttpsConnector::new();
let mut client = HttpClient::from_connector(connector); let mut client = HttpClient::from_connector(connector);
if let Some(ua) = user_agent { if let Some(ua) = user_agent {
client.local_agent_prepend(ua); client.local_agent_prepend(ua);