diff --git a/.evergreen/config.yml b/.evergreen/config.yml index df014fe12..69404fde0 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -222,7 +222,7 @@ buildvariants: - name: aws-auth display_name: "AWS Authentication" - patchable: false + # patchable: false run_on: - ubuntu2004-small expansions: @@ -892,16 +892,16 @@ tasks: - func: "add aws auth variables to file" - func: "run aws auth test with regular aws credentials" - - name: test-aws-auth-assume-role-credentials - tags: [aws-auth] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: auth-aws.json - MONGODB_VERSION: rapid - TOPOLOGY: server - - func: "add aws auth variables to file" - - func: "run aws auth test with assume role credentials" + # - name: test-aws-auth-assume-role-credentials + # tags: [aws-auth] + # commands: + # - func: "bootstrap mongo-orchestration" + # vars: + # ORCHESTRATION_FILE: auth-aws.json + # MONGODB_VERSION: rapid + # TOPOLOGY: server + # - func: "add aws auth variables to file" + # - func: "run aws auth test with assume role credentials" - name: test-aws-auth-environment-variables tags: [aws-auth] @@ -914,62 +914,62 @@ tasks: - func: "add aws auth variables to file" - func: "run aws auth test with aws credentials as environment variables" - - name: test-aws-auth-environment-variables-session-token - tags: [aws-auth] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: auth-aws.json - MONGODB_VERSION: rapid - TOPOLOGY: server - - func: "add aws auth variables to file" - - func: "run aws auth test with aws credentials and session token as environment variables" - - - name: test-aws-auth-ec2 - tags: [aws-auth] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: auth-aws.json - MONGODB_VERSION: rapid - TOPOLOGY: server - - func: "add aws auth variables to file" - - func: "run aws auth test with aws EC2 credentials" - - - name: test-aws-auth-ecs - tags: [aws-auth] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: auth-aws.json - MONGODB_VERSION: rapid - TOPOLOGY: server - - func: "add aws auth variables to file" - - func: "run aws ecs auth test" - - - name: test-aws-auth-assume-role-with-web-identity - tags: [aws-auth] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: auth-aws.json - MONGODB_VERSION: rapid - TOPOLOGY: server - - func: "add aws auth variables to file" - - func: "run aws assume role with web identity test" - - - name: test-aws-auth-assume-role-with-web-identity-session-name - tags: [aws-auth] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: auth-aws.json - MONGODB_VERSION: rapid - TOPOLOGY: server - - func: "add aws auth variables to file" - - func: "run aws assume role with web identity test" - vars: - AWS_ROLE_SESSION_NAME: test + # - name: test-aws-auth-environment-variables-session-token + # tags: [aws-auth] + # commands: + # - func: "bootstrap mongo-orchestration" + # vars: + # ORCHESTRATION_FILE: auth-aws.json + # MONGODB_VERSION: rapid + # TOPOLOGY: server + # - func: "add aws auth variables to file" + # - func: "run aws auth test with aws credentials and session token as environment variables" + + # - name: test-aws-auth-ec2 + # tags: [aws-auth] + # commands: + # - func: "bootstrap mongo-orchestration" + # vars: + # ORCHESTRATION_FILE: auth-aws.json + # MONGODB_VERSION: rapid + # TOPOLOGY: server + # - func: "add aws auth variables to file" + # - func: "run aws auth test with aws EC2 credentials" + + # - name: test-aws-auth-ecs + # tags: [aws-auth] + # commands: + # - func: "bootstrap mongo-orchestration" + # vars: + # ORCHESTRATION_FILE: auth-aws.json + # MONGODB_VERSION: rapid + # TOPOLOGY: server + # - func: "add aws auth variables to file" + # - func: "run aws ecs auth test" + + # - name: test-aws-auth-assume-role-with-web-identity + # tags: [aws-auth] + # commands: + # - func: "bootstrap mongo-orchestration" + # vars: + # ORCHESTRATION_FILE: auth-aws.json + # MONGODB_VERSION: rapid + # TOPOLOGY: server + # - func: "add aws auth variables to file" + # - func: "run aws assume role with web identity test" + + # - name: test-aws-auth-assume-role-with-web-identity-session-name + # tags: [aws-auth] + # commands: + # - func: "bootstrap mongo-orchestration" + # vars: + # ORCHESTRATION_FILE: auth-aws.json + # MONGODB_VERSION: rapid + # TOPOLOGY: server + # - func: "add aws auth variables to file" + # - func: "run aws assume role with web identity test" + # vars: + # AWS_ROLE_SESSION_NAME: test - name: test-atlas-connectivity commands: diff --git a/Cargo.lock b/Cargo.lock index 0c5539fda..f217f1ede 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -137,6 +137,353 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" +[[package]] +name = "aws-config" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebd9b83179adf8998576317ce47785948bcff399ec5b15f4dfbdedd44ddf5b92" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-sdk-sso", + "aws-sdk-ssooidc", + "aws-sdk-sts", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "hex", + "http 1.3.1", + "ring", + "time", + "tokio", + "tracing", + "url", + "zeroize", +] + +[[package]] +name = "aws-credential-types" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b68c2194a190e1efc999612792e25b1ab3abfefe4306494efaaabc25933c0cbe" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "zeroize", +] + +[[package]] +name = "aws-lc-rs" +version = "1.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.30.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", +] + +[[package]] +name = "aws-runtime" +version = "1.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2090e664216c78e766b6bac10fe74d2f451c02441d43484cd76ac9a295075f7" +dependencies = [ + "aws-credential-types", + "aws-sigv4", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http-body 0.4.6", + "percent-encoding", + "pin-project-lite", + "tracing", + "uuid", +] + +[[package]] +name = "aws-sdk-sso" +version = "1.75.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "36d2a4d2753a2304cc0a86cff15581179c420c7b3054c0cbc884a2e497e79ae5" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-ssooidc" +version = "1.76.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "719f007d6914388e2f14943c663447cfc44bb9d0478bb96df891258ba5145f82" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-sts" +version = "1.77.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2efcc3dbb630f3e0d16a4f79fcd4b3fb1c59cb89f1031c46e44976f640b5de27" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-query", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", + "fastrand", + "http 0.2.12", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sigv4" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddfb9021f581b71870a17eac25b52335b82211cdc092e02b6876b2bcefa61666" +dependencies = [ + "aws-credential-types", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "form_urlencoded", + "hex", + "hmac", + "http 0.2.12", + "http 1.3.1", + "percent-encoding", + "sha2", + "time", + "tracing", +] + +[[package]] +name = "aws-smithy-async" +version = "1.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e190749ea56f8c42bf15dd76c65e14f8f765233e6df9b0506d9d934ebef867c" +dependencies = [ + "futures-util", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "aws-smithy-http" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43c82ba4cab184ea61f6edaafc1072aad3c2a17dcf4c0fce19ac5694b90d8b5f" +dependencies = [ + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "bytes-utils", + "futures-core", + "http 0.2.12", + "http 1.3.1", + "http-body 0.4.6", + "percent-encoding", + "pin-project-lite", + "pin-utils", + "tracing", +] + +[[package]] +name = "aws-smithy-http-client" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f108f1ca850f3feef3009bdcc977be201bca9a91058864d9de0684e64514bee0" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "h2", + "http 1.3.1", + "hyper 1.6.0", + "hyper-rustls", + "hyper-util", + "pin-project-lite", + "rustls", + "rustls-native-certs", + "rustls-pki-types", + "tokio", + "tower 0.5.2", + "tracing", +] + +[[package]] +name = "aws-smithy-json" +version = "0.61.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a16e040799d29c17412943bdbf488fd75db04112d0c0d4b9290bacf5ae0014b9" +dependencies = [ + "aws-smithy-types", +] + +[[package]] +name = "aws-smithy-observability" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9364d5989ac4dd918e5cc4c4bdcc61c9be17dcd2586ea7f69e348fc7c6cab393" +dependencies = [ + "aws-smithy-runtime-api", +] + +[[package]] +name = "aws-smithy-query" +version = "0.60.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2fbd61ceb3fe8a1cb7352e42689cec5335833cd9f94103a61e98f9bb61c64bb" +dependencies = [ + "aws-smithy-types", + "urlencoding", +] + +[[package]] +name = "aws-smithy-runtime" +version = "1.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "660f70d9d8af6876b4c9aa8dcb0dbaf0f89b04ee9a4455bea1b4ba03b15f26f6" +dependencies = [ + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-http-client", + "aws-smithy-observability", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "fastrand", + "http 0.2.12", + "http 1.3.1", + "http-body 0.4.6", + "http-body 1.0.1", + "pin-project-lite", + "pin-utils", + "tokio", + "tracing", +] + +[[package]] +name = "aws-smithy-runtime-api" +version = "1.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38280ac228bc479f347fcfccf4bf4d22d68f3bb4629685cb591cabd856567bbc" +dependencies = [ + "aws-smithy-async", + "aws-smithy-types", + "bytes", + "http 0.2.12", + "http 1.3.1", + "pin-project-lite", + "tokio", + "tracing", + "zeroize", +] + +[[package]] +name = "aws-smithy-types" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d498595448e43de7f4296b7b7a18a8a02c61ec9349128c80a368f7c3b4ab11a8" +dependencies = [ + "base64-simd", + "bytes", + "bytes-utils", + "http 0.2.12", + "http 1.3.1", + "http-body 0.4.6", + "http-body 1.0.1", + "http-body-util", + "itoa", + "num-integer", + "pin-project-lite", + "pin-utils", + "ryu", + "serde", + "time", +] + +[[package]] +name = "aws-smithy-xml" +version = "0.60.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3db87b96cb1b16c024980f133968d52882ca0daaee3a086c6decc500f6c99728" +dependencies = [ + "xmlparser", +] + +[[package]] +name = "aws-types" +version = "1.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a322fec39e4df22777ed3ad8ea868ac2f94cd15e1a55f6ee8d8d6305057689a" +dependencies = [ + "aws-credential-types", + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "rustc_version", + "tracing", +] + [[package]] name = "backtrace" version = "0.3.75" @@ -164,12 +511,45 @@ version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "base64-simd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195" +dependencies = [ + "outref", + "vsimd", +] + [[package]] name = "base64ct" version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.9.0", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.101", + "which", +] + [[package]] name = "bitflags" version = "1.3.2" @@ -270,6 +650,16 @@ version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" +[[package]] +name = "bytes-utils" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35" +dependencies = [ + "bytes", + "either", +] + [[package]] name = "cbc" version = "0.1.2" @@ -290,6 +680,15 @@ dependencies = [ "shlex", ] +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + [[package]] name = "cfg-if" version = "1.0.1" @@ -325,6 +724,26 @@ dependencies = [ "inout", ] +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "const-oid" version = "0.9.6" @@ -367,6 +786,16 @@ dependencies = [ "libc", ] +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -575,6 +1004,12 @@ dependencies = [ "syn 2.0.101", ] +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "dyn-clone" version = "1.0.19" @@ -670,6 +1105,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "function_name" version = "0.2.3" @@ -828,6 +1269,12 @@ version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +[[package]] +name = "glob" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" + [[package]] name = "h2" version = "0.4.10" @@ -1061,6 +1508,7 @@ dependencies = [ "hyper 1.6.0", "hyper-util", "rustls", + "rustls-native-certs", "rustls-pki-types", "tokio", "tokio-rustls", @@ -1307,6 +1755,15 @@ dependencies = [ "serde", ] +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + [[package]] name = "itoa" version = "1.0.15" @@ -1371,18 +1828,40 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.174" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" +[[package]] +name = "libloading" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" +dependencies = [ + "cfg-if", + "windows-targets 0.52.6", +] + [[package]] name = "linked-hash-map" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" +[[package]] +name = "linux-raw-sys" +version = "0.4.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" + [[package]] name = "linux-raw-sys" version = "0.9.4" @@ -1502,6 +1981,12 @@ version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + [[package]] name = "miniz_oxide" version = "0.8.9" @@ -1546,6 +2031,12 @@ dependencies = [ "anyhow", "approx", "async-trait", + "aws-config", + "aws-credential-types", + "aws-sdk-sso", + "aws-sdk-ssooidc", + "aws-sdk-sts", + "aws-types", "backtrace", "base64 0.13.1", "bitflags 1.3.2", @@ -1639,7 +2130,7 @@ dependencies = [ "openssl-probe", "openssl-sys", "schannel", - "security-framework", + "security-framework 2.11.1", "security-framework-sys", "tempfile", ] @@ -1662,6 +2153,16 @@ version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72ef4a56884ca558e5ddb05a1d1e7e1bfd9a68d9ed024c21704cc98872dae1bb" +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -1678,6 +2179,15 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + [[package]] name = "num-traits" version = "0.2.19" @@ -1756,6 +2266,12 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "outref" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e" + [[package]] name = "overload" version = "0.1.1" @@ -1921,6 +2437,16 @@ dependencies = [ "yansi", ] +[[package]] +name = "prettyplease" +version = "0.2.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6837b9e10d61f45f987d50808f83d1ee3d206c66acf650c3e4ae2e1f6ddedf55" +dependencies = [ + "proc-macro2", + "syn 2.0.101", +] + [[package]] name = "proc-macro-crate" version = "0.1.5" @@ -1950,7 +2476,7 @@ dependencies = [ "pin-project-lite", "quinn-proto", "quinn-udp", - "rustc-hash", + "rustc-hash 2.1.1", "rustls", "socket2", "thiserror 2.0.12", @@ -1970,7 +2496,7 @@ dependencies = [ "lru-slab", "rand 0.9.1", "ring", - "rustc-hash", + "rustc-hash 2.1.1", "rustls", "rustls-pki-types", "slab", @@ -2146,6 +2672,12 @@ dependencies = [ "regex-syntax", ] +[[package]] +name = "regex-lite" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a" + [[package]] name = "regex-syntax" version = "0.8.5" @@ -2222,6 +2754,12 @@ version = "0.1.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "989e6739f80c4ad5b13e0fd7fe89531180375b18520cc8c82080e4dc4035b84f" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rustc-hash" version = "2.1.1" @@ -2247,6 +2785,19 @@ dependencies = [ "semver", ] +[[package]] +name = "rustix" +version = "0.38.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" +dependencies = [ + "bitflags 2.9.0", + "errno", + "libc", + "linux-raw-sys 0.4.15", + "windows-sys 0.59.0", +] + [[package]] name = "rustix" version = "1.0.7" @@ -2256,7 +2807,7 @@ dependencies = [ "bitflags 2.9.0", "errno", "libc", - "linux-raw-sys", + "linux-raw-sys 0.9.4", "windows-sys 0.59.0", ] @@ -2266,6 +2817,7 @@ version = "0.23.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7160e3e10bf4535308537f3c4e1641468cd0e485175d6163087c0393c7d46643" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring", @@ -2275,6 +2827,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rustls-native-certs" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework 3.2.0", +] + [[package]] name = "rustls-pki-types" version = "1.12.0" @@ -2291,6 +2855,7 @@ version = "0.103.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e4a72fe2bcf7a6ac6fd7d0b9e5cb68aeb7d4c0a0271730218b3e92d43b4eb435" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -2362,7 +2927,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ "bitflags 2.9.0", - "core-foundation", + "core-foundation 0.9.4", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316" +dependencies = [ + "bitflags 2.9.0", + "core-foundation 0.10.1", "core-foundation-sys", "libc", "security-framework-sys", @@ -2667,7 +3245,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags 2.9.0", - "core-foundation", + "core-foundation 0.9.4", "system-configuration-sys", ] @@ -2702,7 +3280,7 @@ dependencies = [ "fastrand", "getrandom 0.3.2", "once_cell", - "rustix", + "rustix 1.0.7", "windows-sys 0.59.0", ] @@ -3108,6 +3686,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "urlencoding" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" + [[package]] name = "utf8_iter" version = "1.0.4" @@ -3144,6 +3728,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "vsimd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64" + [[package]] name = "want" version = "0.3.1" @@ -3277,6 +3867,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix 0.38.44", +] + [[package]] name = "widestring" version = "1.2.0" @@ -3557,6 +4159,12 @@ dependencies = [ "tap", ] +[[package]] +name = "xmlparser" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4" + [[package]] name = "yansi" version = "1.0.1" diff --git a/Cargo.toml b/Cargo.toml index c8e8d8733..7f7598fb5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -44,6 +44,10 @@ cert-key-password = ["dep:pem", "dep:pkcs8"] # This can only be used with the tokio-runtime feature flag. aws-auth = ["dep:reqwest"] +# Enable support AWS SDK for authentication. +# This can only be used with the tokio-runtime and aws-auth feature flags. +aws-sdk-auth = ["dep:reqwest", "aws-config"] + # Enable support for on-demand Azure KMS credentials. # This can only be used with the tokio-runtime feature flag. azure-kms = ["dep:reqwest"] @@ -120,6 +124,34 @@ webpki-roots = "0.26" zstd = { version = "0.11.2", optional = true } macro_magic = "0.5.1" rustversion = "1.0.20" +aws-credential-types = "1.2.4" +aws-types = "1.3.7" + +[dependencies.aws-config] +version = "1.8.2" +optional = true +default-features = false +features = [ + "behavior-version-latest", + "sso", + "default-https-client", + "rt-tokio" +] + +[dependencies.aws-sdk-sso] +version = "=1.75.0" +optional = true +default-features = false + +[dependencies.aws-sdk-ssooidc] +version = "=1.76.0" +optional = true +default-features = false + +[dependencies.aws-sdk-sts] +version = "=1.77.0" +optional = true +default-features = false [dependencies.bson2] git = "https://github.com/mongodb/bson-rust" diff --git a/src/client/auth/aws.rs b/src/client/auth/aws.rs index cb9a938b5..006d5615f 100644 --- a/src/client/auth/aws.rs +++ b/src/client/auth/aws.rs @@ -1,4 +1,9 @@ -use std::{fs::File, io::Read, time::Duration}; +#[cfg(feature = "aws-sdk-auth")] +use aws_config::BehaviorVersion; +#[cfg(feature = "aws-sdk-auth")] +use aws_credential_types::provider::ProvideCredentials; +#[cfg(feature = "aws-sdk-auth")] +use aws_types::sdk_config::SharedCredentialsProvider; use chrono::{offset::Utc, DateTime}; use hmac::Hmac; @@ -6,6 +11,7 @@ use once_cell::sync::Lazy; use rand::distributions::{Alphanumeric, DistString}; use serde::Deserialize; use sha2::{Digest, Sha256}; +use std::{fs::File, io::Read, time::Duration}; use tokio::sync::Mutex; use crate::{ @@ -90,6 +96,40 @@ async fn authenticate_stream_inner( let server_first = ServerFirst::parse(server_first_response.auth_response_body(MECH_NAME)?)?; server_first.validate(&nonce)?; + #[cfg(feature = "aws-sdk-auth")] + let aws_credential = if let (Some(access_key), Some(secret_key)) = + (&credential.username, &credential.password) + { + // Look for credentials in the MongoDB URI + AwsCredential::from_sdk_creds( + access_key.clone(), + secret_key.clone(), + credential + .mechanism_properties + .as_ref() + .and_then(|mp| mp.get_str("AWS_SESSION_TOKEN").ok()) + .map(str::to_owned), + None, + ) + } else { + // If credentials are not provided in the URI, use the AWS SDK to load + let creds = aws_config::load_defaults(BehaviorVersion::latest()) + .await + .credentials_provider() + .expect("no credential provider configured") + .provide_credentials() + .await + .map_err(|e| { + Error::authentication_error(MECH_NAME, &format!("failed to get creds: {e}")) + })?; + AwsCredential::from_sdk_creds( + creds.access_key_id().to_string(), + creds.secret_access_key().to_string(), + creds.session_token().map(|s| s.to_string()), + None, + ) + }; + #[cfg(not(feature = "aws-sdk-auth"))] let aws_credential = { // Limit scope of this variable to avoid holding onto the lock for the duration of // authenticate_stream. @@ -246,6 +286,20 @@ impl AwsCredential { } } + fn from_sdk_creds( + access_key_id: String, + secret_access_key: String, + session_token: Option, + expiration: Option, + ) -> Self { + Self { + access_key_id, + secret_access_key, + session_token, + expiration, + } + } + async fn get_from_assume_role_with_web_identity_request( token_file: String, role_arn: String,