Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

optional rustls #168

Open
cataggar opened this issue Feb 18, 2022 · 3 comments
Open

optional rustls #168

cataggar opened this issue Feb 18, 2022 · 3 comments

Comments

@cataggar
Copy link
Contributor

cataggar commented Feb 18, 2022
edited

Would it be possible to make rustls an optional dependency? I'm not sure how to get around a couple of security warnings for ring briansmith/ring#1463, which is used by rustls.

It looks like the only direct dependency is in service_account.rs:

yup-oauth2/src/service_account.rs

Lines 20 to 25 in ac0e5f6

use rustls::{
self,
internal::pemfile,
sign::{self, SigningKey},
PrivateKey,
};

That was written long before pks8 library started. May be it can be used instead of rustls directly.
https://docs.rs/pkcs8/

Does that conceptually make sense?
dermesser added a commit that referenced this issue Feb 22, 2022
@dermesser
Make rustls dependency optional by introducing "service_account" feature
9b81a71 
Now, service_account code must be (implicitly) enabled.

Asked for in feature #168
@dermesser
Copy link
Owner

dermesser commented Feb 22, 2022
edited

Sorry that I hadn't responded yet -- I have gated the service account code and rustls dependency (that, as you helpfully noticed, is only used by the former) behind the "service_account" feature. Would you please try if this helps your situation? If it does, I will publish this as a minor update (as the default behavior will not change).

dermesser added a commit that referenced this issue Feb 22, 2022
@dermesser
Update feature matrix for github test action configuration for #168
43e31e3
dermesser added a commit that referenced this issue Feb 22, 2022
@dermesser
Fix typo in github actions configuration for #168
4095db3
@cataggar
Copy link
Contributor Author

Thanks @dermesser. Unfortunately, it does not compile.

cargo check --no-default-features --features hyper-tls


error[E0412]: cannot find type `ServiceAccountFlowOpts` in this scope
   --> src\authenticator.rs:303:47
    |
301 | impl ApplicationDefaultCredentialsAuthenticator {
    |     - help: you might be missing a type parameter: `<ServiceAccountFlowOpts>`
302 |     /// Try to build ServiceAccountFlowOpts from the environment
303 |     pub async fn from_environment() -> Result<ServiceAccountFlowOpts, std::env::VarError> {
    |                                               ^^^^^^^^^^^^^^^^^^^^^^ not found in this scope

error[E0425]: cannot find function `read_service_account_key` in the crate root
   --> src\authenticator.rs:305:20
    |
305 |             crate::read_service_account_key(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)
    |                    ^^^^^^^^^^^^^^^^^^^^^^^^ help: a function with a similar name exists: `parse_service_account_key`
    |
   ::: src\helper.rs:50:1
    |
50  | pub fn parse_service_account_key<S: AsRef<[u8]>>(key: S) -> io::Result<ServiceAccountKey> {
    | ----------------------------------------------------------------------------------------- similarly named function `parse_service_account_key` defined here

error[E0422]: cannot find struct, variant or union type `ServiceAccountFlowOpts` in this scope
   --> src\authenticator.rs:309:12
    |
309 |         Ok(ServiceAccountFlowOpts {
    |            ^^^^^^^^^^^^^^^^^^^^^^ not found in this scope

error[E0412]: cannot find type `ServiceAccountFlowOpts` in this scope
   --> src\authenticator.rs:354:44
    |
349 | pub enum ApplicationDefaultCredentialsTypes<C>
    |                                              - help: you might be missing a type parameter: `, ServiceAccountFlowOpts`
...
354 |     ServiceAccount(AuthenticatorBuilder<C, ServiceAccountFlowOpts>),
    |                                            ^^^^^^^^^^^^^^^^^^^^^^ not found in this scope

error[E0412]: cannot find type `ServiceAccountKey` in this scope
  --> src\helper.rs:50:72
   |
50 | pub fn parse_service_account_key<S: AsRef<[u8]>>(key: S) -> io::Result<ServiceAccountKey> {
   |                                                -                       ^^^^^^^^^^^^^^^^^ not found in this scope
   |                                                |
   |                                                help: you might be missing a type parameter: `, ServiceAccountKey`

error[E0282]: type annotations needed for `AuthenticatorBuilder<C, F>`
   --> src\authenticator.rs:337:16
    |
337 |             Ok(flow_opts) => {
    |                ^^^^^^^^^ cannot infer type
338 |                 let builder = AuthenticatorBuilder::new(flow_opts, client);
    |                     ------- consider giving `builder` the explicit type `AuthenticatorBuilder<C, F>`, with the type parameters specified

Some errors have detailed explanations: E0282, E0412, E0422, E0425.
For more information about an error, try `rustc --explain E0282`.
error: could not compile `yup-oauth2` due to 6 previous errors

@cataggar cataggar mentioned this issue Feb 24, 2022
Merged
@dermesser
Copy link
Owner

yes, I already merged your PR. I apparently didn't even correctly test it with the disabled service_account feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dermesser @cataggar