diff --git a/.evergreen/compile-only.sh b/.evergreen/compile-only.sh index 3742566da..3f4b6ab9b 100755 --- a/.evergreen/compile-only.sh +++ b/.evergreen/compile-only.sh @@ -9,6 +9,11 @@ source ./.evergreen/env.sh if [ "$RUST_VERSION" != "" ]; then rustup toolchain install $RUST_VERSION TOOLCHAIN="+${RUST_VERSION}" + + # The MSRV resolver does not properly select an MSRV-compliant version + # for this transient dependency. + cargo add aws-sdk-sts@1.73 + CARGO_RESOLVER_INCOMPATIBLE_RUST_VERSIONS=fallback cargo +nightly -Zmsrv-policy generate-lockfile fi diff --git a/Cargo.lock b/Cargo.lock index 5c8de4192..d9816bbec 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -137,6 +137,304 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" +[[package]] +name = "aws-config" +version = "1.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02a18fd934af6ae7ca52410d4548b98eb895aab0f1ea417d168d85db1434a141" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-sdk-sts", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 1.3.1", + "time", + "tokio", + "tracing", + "url", +] + +[[package]] +name = "aws-credential-types" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b68c2194a190e1efc999612792e25b1ab3abfefe4306494efaaabc25933c0cbe" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "zeroize", +] + +[[package]] +name = "aws-lc-rs" +version = "1.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.30.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" +dependencies = [ + "bindgen 0.69.5", + "cc", + "cmake", + "dunce", + "fs_extra", +] + +[[package]] +name = "aws-runtime" +version = "1.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2090e664216c78e766b6bac10fe74d2f451c02441d43484cd76ac9a295075f7" +dependencies = [ + "aws-credential-types", + "aws-sigv4", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http-body 0.4.6", + "percent-encoding", + "pin-project-lite", + "tracing", + "uuid", +] + +[[package]] +name = "aws-sdk-sts" +version = "1.73.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1e9c3c24e36183e2f698235ed38dcfbbdff1d09b9232dc866c4be3011e0b47e" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-query", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", + "fastrand", + "http 0.2.12", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sigv4" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddfb9021f581b71870a17eac25b52335b82211cdc092e02b6876b2bcefa61666" +dependencies = [ + "aws-credential-types", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "form_urlencoded", + "hex", + "hmac", + "http 0.2.12", + "http 1.3.1", + "percent-encoding", + "sha2", + "time", + "tracing", +] + +[[package]] +name = "aws-smithy-async" +version = "1.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e190749ea56f8c42bf15dd76c65e14f8f765233e6df9b0506d9d934ebef867c" +dependencies = [ + "futures-util", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "aws-smithy-http" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43c82ba4cab184ea61f6edaafc1072aad3c2a17dcf4c0fce19ac5694b90d8b5f" +dependencies = [ + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "bytes-utils", + "futures-core", + "http 0.2.12", + "http 1.3.1", + "http-body 0.4.6", + "percent-encoding", + "pin-project-lite", + "pin-utils", + "tracing", +] + +[[package]] +name = "aws-smithy-http-client" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f108f1ca850f3feef3009bdcc977be201bca9a91058864d9de0684e64514bee0" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "h2", + "http 1.3.1", + "hyper 1.6.0", + "hyper-rustls", + "hyper-util", + "pin-project-lite", + "rustls", + "rustls-native-certs", + "rustls-pki-types", + "tokio", + "tower 0.5.2", + "tracing", +] + +[[package]] +name = "aws-smithy-json" +version = "0.61.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a16e040799d29c17412943bdbf488fd75db04112d0c0d4b9290bacf5ae0014b9" +dependencies = [ + "aws-smithy-types", +] + +[[package]] +name = "aws-smithy-observability" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9364d5989ac4dd918e5cc4c4bdcc61c9be17dcd2586ea7f69e348fc7c6cab393" +dependencies = [ + "aws-smithy-runtime-api", +] + +[[package]] +name = "aws-smithy-query" +version = "0.60.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2fbd61ceb3fe8a1cb7352e42689cec5335833cd9f94103a61e98f9bb61c64bb" +dependencies = [ + "aws-smithy-types", + "urlencoding", +] + +[[package]] +name = "aws-smithy-runtime" +version = "1.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "660f70d9d8af6876b4c9aa8dcb0dbaf0f89b04ee9a4455bea1b4ba03b15f26f6" +dependencies = [ + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-http-client", + "aws-smithy-observability", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "fastrand", + "http 0.2.12", + "http 1.3.1", + "http-body 0.4.6", + "http-body 1.0.1", + "pin-project-lite", + "pin-utils", + "tokio", + "tracing", +] + +[[package]] +name = "aws-smithy-runtime-api" +version = "1.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "937a49ecf061895fca4a6dd8e864208ed9be7546c0527d04bc07d502ec5fba1c" +dependencies = [ + "aws-smithy-async", + "aws-smithy-types", + "bytes", + "http 0.2.12", + "http 1.3.1", + "pin-project-lite", + "tokio", + "tracing", + "zeroize", +] + +[[package]] +name = "aws-smithy-types" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d498595448e43de7f4296b7b7a18a8a02c61ec9349128c80a368f7c3b4ab11a8" +dependencies = [ + "base64-simd", + "bytes", + "bytes-utils", + "http 0.2.12", + "http 1.3.1", + "http-body 0.4.6", + "http-body 1.0.1", + "http-body-util", + "itoa", + "num-integer", + "pin-project-lite", + "pin-utils", + "ryu", + "serde", + "time", +] + +[[package]] +name = "aws-smithy-xml" +version = "0.60.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3db87b96cb1b16c024980f133968d52882ca0daaee3a086c6decc500f6c99728" +dependencies = [ + "xmlparser", +] + +[[package]] +name = "aws-types" +version = "1.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b069d19bf01e46298eaedd7c6f283fe565a59263e53eebec945f3e6398f42390" +dependencies = [ + "aws-credential-types", + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "rustc_version", + "tracing", +] + [[package]] name = "backtrace" version = "0.3.75" @@ -164,12 +462,45 @@ version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "base64-simd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195" +dependencies = [ + "outref", + "vsimd", +] + [[package]] name = "base64ct" version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.9.0", + "cexpr", + "clang-sys", + "itertools 0.12.1", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.101", + "which", +] + [[package]] name = "bindgen" version = "0.71.1" @@ -179,13 +510,13 @@ dependencies = [ "bitflags 2.9.0", "cexpr", "clang-sys", - "itertools", + "itertools 0.13.0", "log", "prettyplease", "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 2.1.1", "shlex", "syn 2.0.101", ] @@ -290,6 +621,16 @@ version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" +[[package]] +name = "bytes-utils" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35" +dependencies = [ + "bytes", + "either", +] + [[package]] name = "cbc" version = "0.1.2" @@ -365,6 +706,15 @@ dependencies = [ "libloading", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "const-oid" version = "0.9.6" @@ -407,6 +757,16 @@ dependencies = [ "libc", ] +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -628,6 +988,12 @@ dependencies = [ "syn 2.0.101", ] +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "dyn-clone" version = "1.0.20" @@ -723,6 +1089,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "function_name" version = "0.2.3" @@ -1120,6 +1492,7 @@ dependencies = [ "hyper 1.6.0", "hyper-util", "rustls", + "rustls-native-certs", "rustls-pki-types", "tokio", "tokio-rustls", @@ -1377,6 +1750,15 @@ dependencies = [ "serde", ] +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + [[package]] name = "itertools" version = "0.13.0" @@ -1450,6 +1832,12 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.174" @@ -1474,7 +1862,7 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7518e6902e94f92e7c7271232684b60988b4bd813529b4ef9d97aead96956ae8" dependencies = [ - "bindgen", + "bindgen 0.71.1", "pkg-config", ] @@ -1485,7 +1873,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" dependencies = [ "cfg-if", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -1494,6 +1882,12 @@ version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" +[[package]] +name = "linux-raw-sys" +version = "0.4.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" + [[package]] name = "linux-raw-sys" version = "0.9.4" @@ -1663,6 +2057,9 @@ dependencies = [ "anyhow", "approx", "async-trait", + "aws-config", + "aws-credential-types", + "aws-types", "backtrace", "base64 0.13.1", "bitflags 1.3.2", @@ -1757,7 +2154,7 @@ dependencies = [ "openssl-probe", "openssl-sys", "schannel", - "security-framework", + "security-framework 2.11.1", "security-framework-sys", "tempfile", ] @@ -1806,6 +2203,15 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + [[package]] name = "num-traits" version = "0.2.19" @@ -1884,6 +2290,12 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "outref" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e" + [[package]] name = "overload" version = "0.1.1" @@ -2088,7 +2500,7 @@ dependencies = [ "pin-project-lite", "quinn-proto", "quinn-udp", - "rustc-hash", + "rustc-hash 2.1.1", "rustls", "socket2 0.5.10", "thiserror 2.0.12", @@ -2108,7 +2520,7 @@ dependencies = [ "lru-slab", "rand 0.9.1", "ring", - "rustc-hash", + "rustc-hash 2.1.1", "rustls", "rustls-pki-types", "slab", @@ -2284,6 +2696,12 @@ dependencies = [ "regex-syntax", ] +[[package]] +name = "regex-lite" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a" + [[package]] name = "regex-syntax" version = "0.8.5" @@ -2360,6 +2778,12 @@ version = "0.1.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rustc-hash" version = "2.1.1" @@ -2385,6 +2809,19 @@ dependencies = [ "semver", ] +[[package]] +name = "rustix" +version = "0.38.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" +dependencies = [ + "bitflags 2.9.0", + "errno", + "libc", + "linux-raw-sys 0.4.15", + "windows-sys 0.59.0", +] + [[package]] name = "rustix" version = "1.0.8" @@ -2394,7 +2831,7 @@ dependencies = [ "bitflags 2.9.0", "errno", "libc", - "linux-raw-sys", + "linux-raw-sys 0.9.4", "windows-sys 0.59.0", ] @@ -2404,6 +2841,7 @@ version = "0.23.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring", @@ -2413,6 +2851,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rustls-native-certs" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework 3.2.0", +] + [[package]] name = "rustls-pki-types" version = "1.12.0" @@ -2429,6 +2879,7 @@ version = "0.103.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -2512,7 +2963,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ "bitflags 2.9.0", - "core-foundation", + "core-foundation 0.9.4", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316" +dependencies = [ + "bitflags 2.9.0", + "core-foundation 0.10.1", "core-foundation-sys", "libc", "security-framework-sys", @@ -2828,7 +3292,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags 2.9.0", - "core-foundation", + "core-foundation 0.9.4", "system-configuration-sys", ] @@ -2863,7 +3327,7 @@ dependencies = [ "fastrand", "getrandom 0.3.2", "once_cell", - "rustix", + "rustix 1.0.8", "windows-sys 0.59.0", ] @@ -3271,6 +3735,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "urlencoding" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" + [[package]] name = "utf8_iter" version = "1.0.4" @@ -3307,6 +3777,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "vsimd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64" + [[package]] name = "want" version = "0.3.1" @@ -3440,6 +3916,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix 0.38.44", +] + [[package]] name = "widestring" version = "1.2.0" @@ -3772,6 +4260,12 @@ dependencies = [ "tap", ] +[[package]] +name = "xmlparser" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4" + [[package]] name = "yansi" version = "1.0.1" diff --git a/Cargo.toml b/Cargo.toml index 263c7fc5e..1c69c1af2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,7 +41,7 @@ dns-resolver = ["dep:hickory-resolver", "dep:hickory-proto"] cert-key-password = ["dep:pem", "dep:pkcs8"] # Enable support for MONGODB-AWS authentication. -aws-auth = ["dep:reqwest"] +aws-auth = ["dep:reqwest", "dep:aws-config", "dep:aws-types", "dep:aws-credential-types"] # Enable support for on-demand Azure KMS credentials. azure-kms = ["dep:reqwest"] @@ -122,6 +122,22 @@ zstd = { version = "0.11.2", optional = true } macro_magic = "0.5.1" rustversion = "1.0.20" +[dependencies.aws-config] +version = "1" +optional = true +default-features = false +features = ["default-https-client", "rt-tokio"] + +[dependencies.aws-types] +version = "1.3.7" +optional = true +default-features = false + +[dependencies.aws-credential-types] +version = "1.2.4" +optional = true +default-features = false + [dependencies.bson2] git = "https://github.com/mongodb/bson-rust" branch = "2.15.x" diff --git a/src/client/auth/aws.rs b/src/client/auth/aws.rs index 1022290cd..685a9c772 100644 --- a/src/client/auth/aws.rs +++ b/src/client/auth/aws.rs @@ -25,6 +25,12 @@ use crate::{ serde_util, }; +#[cfg(feature = "aws-auth")] +use aws_config::BehaviorVersion; + +#[cfg(feature = "aws-auth")] +use aws_credential_types::{provider::ProvideCredentials, Credentials}; + const AWS_ECS_IP: &str = "169.254.170.2"; const AWS_EC2_IP: &str = "169.254.169.254"; const AWS_LONG_DATE_FMT: &str = "%Y%m%dT%H%M%SZ"; @@ -52,7 +58,8 @@ async fn authenticate_stream_inner( conn: &mut Connection, credential: &Credential, server_api: Option<&ServerApi>, - http_client: &HttpClient, + // RUST-1529 note: http_client is used in the non-AWS SDK implementation to get credentials + _http_client: &HttpClient, ) -> Result<()> { let source = match credential.source.as_deref() { Some("$external") | None => "$external", @@ -88,23 +95,29 @@ async fn authenticate_stream_inner( let server_first = ServerFirst::parse(server_first_response.auth_response_body(MECH_NAME)?)?; server_first.validate(&nonce)?; - let aws_credential = { - // Limit scope of this variable to avoid holding onto the lock for the duration of - // authenticate_stream. - let cached_credential = CACHED_CREDENTIAL.lock().await; - match *cached_credential { - Some(ref aws_credential) if !aws_credential.is_expired() => aws_credential.clone(), - _ => { - // From the spec: the driver MUST not place a lock on making a request. - drop(cached_credential); - let aws_credential = AwsCredential::get(credential, http_client).await?; - if aws_credential.expiration.is_some() { - *CACHED_CREDENTIAL.lock().await = Some(aws_credential.clone()); - } - aws_credential - } - } - }; + // Find credentials using original implementation without AWS SDK + // let aws_credential = { + // // Limit scope of this variable to avoid holding onto the lock for the duration of + // // authenticate_stream. + // let cached_credential = CACHED_CREDENTIAL.lock().await; + // match *cached_credential { + // Some(ref aws_credential) if !aws_credential.is_expired() => aws_credential.clone(), + // _ => { + // // From the spec: the driver MUST not place a lock on making a request. + // drop(cached_credential); + // let aws_credential = AwsCredential::get(credential, http_client).await?; + // if aws_credential.expiration.is_some() { + // *CACHED_CREDENTIAL.lock().await = Some(aws_credential.clone()); + // } + // aws_credential + // } + // } + // }; + + let creds = get_aws_credentials(credential).await.map_err(|e| { + Error::authentication_error(MECH_NAME, &format!("failed to get creds: {e}")) + })?; + let aws_credential = AwsCredential::from_sdk_creds(creds); let date = Utc::now(); @@ -152,7 +165,41 @@ async fn authenticate_stream_inner( Ok(()) } +// Find credentials using MongoDB URI or AWS SDK +pub(crate) async fn get_aws_credentials(credential: &Credential) -> Result { + if let (Some(access_key), Some(secret_key)) = (&credential.username, &credential.password) { + // Look for credentials in the MongoDB URI + Ok(Credentials::new( + access_key.clone(), + secret_key.clone(), + credential + .mechanism_properties + .as_ref() + .and_then(|mp| mp.get_str("AWS_SESSION_TOKEN").ok()) + .map(str::to_owned), + None, + "MongoDB URI", + )) + } else { + // If credentials are not provided in the URI, use the AWS SDK to load + let config = aws_config::load_defaults(BehaviorVersion::latest()).await; + let creds = config + .credentials_provider() + .ok_or_else(|| { + Error::authentication_error(MECH_NAME, "no credential provider configured") + })? + .provide_credentials() + .await + .map_err(|e| { + Error::authentication_error(MECH_NAME, &format!("failed to get creds: {e}")) + })?; + Ok(creds) + } +} + /// Contains the credentials for MONGODB-AWS authentication. +// RUST-1529 note: dead_code tag added to avoid unused warnings on expiration field +#[allow(dead_code)] #[derive(Clone, Debug, Deserialize)] #[serde(rename_all = "PascalCase")] pub(crate) struct AwsCredential { @@ -170,6 +217,7 @@ pub(crate) struct AwsCredential { expiration: Option, } +#[allow(dead_code)] fn non_empty(s: Option) -> Option { match s { None => None, @@ -178,6 +226,7 @@ fn non_empty(s: Option) -> Option { } } +#[allow(dead_code)] impl AwsCredential { /// Derives the credentials for an authentication attempt given the set of credentials the user /// passed in. @@ -245,6 +294,16 @@ impl AwsCredential { } } + // Creates AwsCredential from keys. + fn from_sdk_creds(creds: Credentials) -> Self { + Self { + access_key_id: creds.access_key_id().to_string(), + secret_access_key: creds.secret_access_key().to_string(), + session_token: creds.session_token().map(|s| s.to_string()), + expiration: None, + } + } + async fn get_from_assume_role_with_web_identity_request( token_file: String, role_arn: String, diff --git a/src/client/csfle/state_machine.rs b/src/client/csfle/state_machine.rs index c90190e4d..3fba5254e 100644 --- a/src/client/csfle/state_machine.rs +++ b/src/client/csfle/state_machine.rs @@ -250,19 +250,17 @@ impl CryptExecutor { KmsProviderType::Aws => { #[cfg(feature = "aws-auth")] { - use crate::{ - client::auth::{aws::AwsCredential, Credential}, - runtime::HttpClient, + use crate::client::auth::{ + aws::get_aws_credentials, + Credential, }; - let aws_creds = AwsCredential::get( - &Credential::default(), - &HttpClient::default(), - ) - .await?; + let aws_creds = + get_aws_credentials(&Credential::default()).await?; + let mut creds = rawdoc! { - "accessKeyId": aws_creds.access_key(), - "secretAccessKey": aws_creds.secret_key(), + "accessKeyId": aws_creds.access_key_id().to_string(), + "secretAccessKey": aws_creds.secret_access_key().to_string(), }; if let Some(token) = aws_creds.session_token() { creds.append(cstr!("sessionToken"), token); diff --git a/src/test/auth/aws.rs b/src/test/auth/aws.rs index 4319dfe70..2a6b1218a 100644 --- a/src/test/auth/aws.rs +++ b/src/test/auth/aws.rs @@ -21,6 +21,11 @@ async fn get_client() -> Client { Client::with_uri_str(DEFAULT_URI.clone()).await.unwrap() } +// Ignored because the AWS SDK handles caching internally, making this manual caching test +// unnecessary. This test will be removed in a future PR as part of RUST-1529, +// depending on whether we fully switch to the SDK-based implementation, +// or gate it behind a feature flag and retain the original approach by default. +#[ignore] #[tokio::test] async fn credential_caching() { // This test should only be run when authenticating using AWS endpoints. @@ -61,6 +66,11 @@ async fn credential_caching() { assert!(cached_credential().await.is_some()); } +// Ignored because the AWS SDK handles caching internally, making this manual caching test +// unnecessary. This test will be removed in a future PR as part of RUST-1529, +// depending on whether we fully switch to the SDK-based implementation, +// or gate it behind a feature flag and retain the original approach by default. +#[ignore] #[tokio::test] async fn credential_caching_environment_vars() { // This test should only be run when authenticating using AWS endpoints.