diff --git a/Cargo.lock b/Cargo.lock
index c5b4e38a..abff5ffb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,6 +2,16 @@
# It is not intended for manual editing.
version = 3
+[[package]]
+name = "Inflector"
+version = "0.11.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"
+dependencies = [
+ "lazy_static",
+ "regex",
+]
+
[[package]]
name = "addr2line"
version = "0.21.0"
@@ -38,6 +48,17 @@ dependencies = [
"cpufeatures",
]
+[[package]]
+name = "ahash"
+version = "0.7.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9"
+dependencies = [
+ "getrandom",
+ "once_cell",
+ "version_check",
+]
+
[[package]]
name = "ahash"
version = "0.8.11"
@@ -154,140 +175,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457"
[[package]]
-name = "async-channel"
-version = "1.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35"
-dependencies = [
- "concurrent-queue",
- "event-listener 2.5.3",
- "futures-core",
-]
-
-[[package]]
-name = "async-channel"
-version = "2.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "136d4d23bcc79e27423727b36823d86233aad06dfea531837b038394d11e9928"
-dependencies = [
- "concurrent-queue",
- "event-listener 5.3.0",
- "event-listener-strategy 0.5.1",
- "futures-core",
- "pin-project-lite",
-]
-
-[[package]]
-name = "async-executor"
-version = "1.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b10202063978b3351199d68f8b22c4e47e4b1b822f8d43fd862d5ea8c006b29a"
-dependencies = [
- "async-task",
- "concurrent-queue",
- "fastrand 2.0.2",
- "futures-lite 2.3.0",
- "slab",
-]
-
-[[package]]
-name = "async-global-executor"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c"
-dependencies = [
- "async-channel 2.2.1",
- "async-executor",
- "async-io 2.3.2",
- "async-lock 3.3.0",
- "blocking",
- "futures-lite 2.3.0",
- "once_cell",
-]
-
-[[package]]
-name = "async-io"
-version = "1.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fc5b45d93ef0529756f812ca52e44c221b35341892d3dcc34132ac02f3dd2af"
-dependencies = [
- "async-lock 2.8.0",
- "autocfg",
- "cfg-if",
- "concurrent-queue",
- "futures-lite 1.13.0",
- "log",
- "parking",
- "polling 2.8.0",
- "rustix 0.37.27",
- "slab",
- "socket2 0.4.10",
- "waker-fn",
-]
-
-[[package]]
-name = "async-io"
-version = "2.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcccb0f599cfa2f8ace422d3555572f47424da5648a4382a9dd0310ff8210884"
-dependencies = [
- "async-lock 3.3.0",
- "cfg-if",
- "concurrent-queue",
- "futures-io",
- "futures-lite 2.3.0",
- "parking",
- "polling 3.6.0",
- "rustix 0.38.32",
- "slab",
- "tracing",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "async-lock"
-version = "2.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b"
-dependencies = [
- "event-listener 2.5.3",
-]
-
-[[package]]
-name = "async-lock"
-version = "3.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d034b430882f8381900d3fe6f0aaa3ad94f2cb4ac519b429692a1bc2dda4ae7b"
-dependencies = [
- "event-listener 4.0.3",
- "event-listener-strategy 0.4.0",
- "pin-project-lite",
-]
-
-[[package]]
-name = "async-std"
-version = "1.12.0"
+name = "async-recursion"
+version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62565bb4402e926b29953c785397c6dc0391b7b446e45008b0049eb43cec6f5d"
+checksum = "30c5ef0ede93efbf733c1a727f3b6b5a1060bbedd5600183e66f6e4be4af0ec5"
dependencies = [
- "async-channel 1.9.0",
- "async-global-executor",
- "async-io 1.13.0",
- "async-lock 2.8.0",
- "crossbeam-utils",
- "futures-channel",
- "futures-core",
- "futures-io",
- "futures-lite 1.13.0",
- "gloo-timers",
- "kv-log-macro",
- "log",
- "memchr",
- "once_cell",
- "pin-project-lite",
- "pin-utils",
- "slab",
- "wasm-bindgen-futures",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.59",
]
[[package]]
@@ -312,12 +207,6 @@ dependencies = [
"syn 2.0.59",
]
-[[package]]
-name = "async-task"
-version = "4.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799"
-
[[package]]
name = "async-trait"
version = "0.1.80"
@@ -329,12 +218,6 @@ dependencies = [
"syn 2.0.59",
]
-[[package]]
-name = "atomic-waker"
-version = "1.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
-
[[package]]
name = "autocfg"
version = "1.2.0"
@@ -470,7 +353,7 @@ dependencies = [
"hyper-util",
"pin-project-lite",
"rustls 0.21.10",
- "rustls-pemfile 2.1.2",
+ "rustls-pemfile",
"tokio",
"tokio-rustls 0.24.1",
"tower",
@@ -572,22 +455,6 @@ dependencies = [
"generic-array",
]
-[[package]]
-name = "blocking"
-version = "1.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118"
-dependencies = [
- "async-channel 2.2.1",
- "async-lock 3.3.0",
- "async-task",
- "fastrand 2.0.2",
- "futures-io",
- "futures-lite 2.3.0",
- "piper",
- "tracing",
-]
-
[[package]]
name = "bstr"
version = "1.9.1"
@@ -607,14 +474,14 @@ checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
[[package]]
name = "burrego"
version = "0.3.4"
-source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.16.4#c49018ee2aa5ab106adbfe19ba728fbe090da663"
+source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.17.0#52fa632e2b882328aa0376d506a6cb99e8ac67d8"
dependencies = [
"base64 0.22.0",
"chrono",
"chrono-tz",
"gtmpl",
"gtmpl_value",
- "itertools 0.12.1",
+ "itertools",
"json-patch",
"lazy_static",
"regex",
@@ -640,32 +507,15 @@ version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9"
-[[package]]
-name = "cached"
-version = "0.44.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b195e4fbc4b6862bbd065b991a34750399c119797efff72492f28a5864de8700"
-dependencies = [
- "async-trait",
- "cached_proc_macro 0.17.0",
- "cached_proc_macro_types",
- "futures",
- "hashbrown 0.13.2",
- "instant",
- "once_cell",
- "thiserror",
- "tokio",
-]
-
[[package]]
name = "cached"
version = "0.49.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e8e463fceca5674287f32d252fb1d94083758b8709c160efae66d263e5f4eba"
dependencies = [
- "ahash",
+ "ahash 0.8.11",
"async-trait",
- "cached_proc_macro 0.20.0",
+ "cached_proc_macro",
"cached_proc_macro_types",
"futures",
"hashbrown 0.14.3",
@@ -675,19 +525,6 @@ dependencies = [
"tokio",
]
-[[package]]
-name = "cached_proc_macro"
-version = "0.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b48814962d2fd604c50d2b9433c2a41a0ab567779ee2c02f7fba6eca1221f082"
-dependencies = [
- "cached_proc_macro_types",
- "darling 0.14.4",
- "proc-macro2",
- "quote",
- "syn 1.0.109",
-]
-
[[package]]
name = "cached_proc_macro"
version = "0.20.0"
@@ -714,7 +551,7 @@ checksum = "769f8cd02eb04d57f14e2e371ebb533f96817f9b2525d73a5c72b61ca7973747"
dependencies = [
"cap-primitives",
"cap-std",
- "io-lifetimes 2.0.3",
+ "io-lifetimes",
"windows-sys 0.52.0",
]
@@ -726,7 +563,7 @@ checksum = "59ff6d3fb274292a9af283417e383afe6ded1fe66f6472d2c781216d3d80c218"
dependencies = [
"cap-primitives",
"cap-std",
- "rustix 0.38.32",
+ "rustix",
"smallvec",
]
@@ -739,10 +576,10 @@ dependencies = [
"ambient-authority",
"fs-set-times",
"io-extras",
- "io-lifetimes 2.0.3",
+ "io-lifetimes",
"ipnet",
"maybe-owned",
- "rustix 0.38.32",
+ "rustix",
"windows-sys 0.52.0",
"winx",
]
@@ -765,8 +602,8 @@ checksum = "266626ce180cf9709f317d0bf9754e3a5006359d87f4bf792f06c9c5f1b63c0f"
dependencies = [
"cap-primitives",
"io-extras",
- "io-lifetimes 2.0.3",
- "rustix 0.38.32",
+ "io-lifetimes",
+ "rustix",
]
[[package]]
@@ -779,7 +616,7 @@ dependencies = [
"cap-primitives",
"iana-time-zone",
"once_cell",
- "rustix 0.38.32",
+ "rustix",
"winx",
]
@@ -816,9 +653,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "chrono"
-version = "0.4.37"
+version = "0.4.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a0d04d43504c61aa6c7531f1871dd0d418d91130162063b789da00fd7057a5e"
+checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
dependencies = [
"android-tzdata",
"iana-time-zone",
@@ -905,15 +742,6 @@ dependencies = [
"memchr",
]
-[[package]]
-name = "concurrent-queue"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d16048cd947b08fa32c24458a22f5dc5e835264f689f4f5653210c69fd107363"
-dependencies = [
- "crossbeam-utils",
-]
-
[[package]]
name = "const-oid"
version = "0.9.6"
@@ -1056,7 +884,7 @@ dependencies = [
"cranelift-codegen",
"cranelift-entity",
"cranelift-frontend",
- "itertools 0.12.1",
+ "itertools",
"log",
"smallvec",
"wasmparser 0.201.0",
@@ -1260,6 +1088,12 @@ dependencies = [
"uuid",
]
+[[package]]
+name = "decoded-char"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5440d1dc8ea7cae44cda3c64568db29bfa2434aba51ae66a50c00488841a65a3"
+
[[package]]
name = "der"
version = "0.7.9"
@@ -1418,16 +1252,10 @@ checksum = "e5766087c2235fec47fafa4cfecc81e494ee679d0fd4a59887ea0919bfb0e4fc"
dependencies = [
"cfg-if",
"libc",
- "socket2 0.5.6",
+ "socket2",
"windows-sys 0.48.0",
]
-[[package]]
-name = "doc-comment"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
-
[[package]]
name = "docker_credential"
version = "1.3.1"
@@ -1551,69 +1379,12 @@ dependencies = [
"windows-sys 0.52.0",
]
-[[package]]
-name = "event-listener"
-version = "2.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
-
-[[package]]
-name = "event-listener"
-version = "4.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67b215c49b2b248c855fb73579eb1f4f26c38ffdc12973e20e07b91d78d5646e"
-dependencies = [
- "concurrent-queue",
- "parking",
- "pin-project-lite",
-]
-
-[[package]]
-name = "event-listener"
-version = "5.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d9944b8ca13534cdfb2800775f8dd4902ff3fc75a50101466decadfdf322a24"
-dependencies = [
- "concurrent-queue",
- "parking",
- "pin-project-lite",
-]
-
-[[package]]
-name = "event-listener-strategy"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3"
-dependencies = [
- "event-listener 4.0.3",
- "pin-project-lite",
-]
-
-[[package]]
-name = "event-listener-strategy"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "332f51cb23d20b0de8458b86580878211da09bcd4503cb579c225b3d124cabb3"
-dependencies = [
- "event-listener 5.3.0",
- "pin-project-lite",
-]
-
[[package]]
name = "fallible-iterator"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649"
-[[package]]
-name = "fastrand"
-version = "1.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be"
-dependencies = [
- "instant",
-]
-
[[package]]
name = "fastrand"
version = "2.0.2"
@@ -1627,7 +1398,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e5768da2206272c81ef0b5e951a41862938a6070da63bcea197899942d3b947"
dependencies = [
"cfg-if",
- "rustix 0.38.32",
+ "rustix",
"windows-sys 0.52.0",
]
@@ -1677,6 +1448,21 @@ version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
[[package]]
name = "form_urlencoded"
version = "1.2.1"
@@ -1698,8 +1484,8 @@ version = "0.20.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "033b337d725b97690d86893f9de22b67b80dcc4e9ad815f348254c38119db8fb"
dependencies = [
- "io-lifetimes 2.0.3",
- "rustix 0.38.32",
+ "io-lifetimes",
+ "rustix",
"windows-sys 0.52.0",
]
@@ -1751,34 +1537,6 @@ version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1"
-[[package]]
-name = "futures-lite"
-version = "1.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49a9d51ce47660b1e808d3c990b4709f2f415d928835a17dfd16991515c46bce"
-dependencies = [
- "fastrand 1.9.0",
- "futures-core",
- "futures-io",
- "memchr",
- "parking",
- "pin-project-lite",
- "waker-fn",
-]
-
-[[package]]
-name = "futures-lite"
-version = "2.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52527eb5074e35e9339c6b4e8d12600c7128b68fb25dcb9fa9dec18f7c25f3a5"
-dependencies = [
- "fastrand 2.0.2",
- "futures-core",
- "futures-io",
- "parking",
- "pin-project-lite",
-]
-
[[package]]
name = "futures-macro"
version = "0.3.30"
@@ -1866,10 +1624,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c"
dependencies = [
"cfg-if",
- "js-sys",
"libc",
"wasi",
- "wasm-bindgen",
]
[[package]]
@@ -1914,18 +1670,6 @@ dependencies = [
"regex-syntax 0.8.3",
]
-[[package]]
-name = "gloo-timers"
-version = "0.2.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b995a66bb87bebce9a0f4a95aed01daca4872c050bfcb21653361c03bc35e5c"
-dependencies = [
- "futures-channel",
- "futures-core",
- "js-sys",
- "wasm-bindgen",
-]
-
[[package]]
name = "group"
version = "0.13.0"
@@ -2003,6 +1747,9 @@ name = "hashbrown"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+dependencies = [
+ "ahash 0.7.8",
+]
[[package]]
name = "hashbrown"
@@ -2010,7 +1757,7 @@ version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e"
dependencies = [
- "ahash",
+ "ahash 0.8.11",
]
[[package]]
@@ -2019,7 +1766,7 @@ version = "0.14.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"
dependencies = [
- "ahash",
+ "ahash 0.8.11",
"allocator-api2",
]
@@ -2168,7 +1915,7 @@ dependencies = [
"httpdate",
"itoa",
"pin-project-lite",
- "socket2 0.5.6",
+ "socket2",
"tokio",
"tower-service",
"tracing",
@@ -2198,16 +1945,19 @@ dependencies = [
[[package]]
name = "hyper-rustls"
-version = "0.24.2"
+version = "0.26.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
+checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c"
dependencies = [
"futures-util",
- "http 0.2.12",
- "hyper 0.14.28",
- "rustls 0.21.10",
+ "http 1.1.0",
+ "hyper 1.2.0",
+ "hyper-util",
+ "rustls 0.22.3",
+ "rustls-pki-types",
"tokio",
- "tokio-rustls 0.24.1",
+ "tokio-rustls 0.25.0",
+ "tower-service",
]
[[package]]
@@ -2254,6 +2004,22 @@ dependencies = [
"tower-service",
]
+[[package]]
+name = "hyper-tls"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
+dependencies = [
+ "bytes",
+ "http-body-util",
+ "hyper 1.2.0",
+ "hyper-util",
+ "native-tls",
+ "tokio",
+ "tokio-native-tls",
+ "tower-service",
+]
+
[[package]]
name = "hyper-util"
version = "0.1.3"
@@ -2267,7 +2033,7 @@ dependencies = [
"http-body 1.0.0",
"hyper 1.2.0",
"pin-project-lite",
- "socket2 0.5.6",
+ "socket2",
"tokio",
"tower",
"tower-service",
@@ -2366,21 +2132,10 @@ version = "0.18.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9f046b9af244f13b3bd939f55d16830ac3a201e8a9ba9661bfcb03e2be72b9b"
dependencies = [
- "io-lifetimes 2.0.3",
+ "io-lifetimes",
"windows-sys 0.52.0",
]
-[[package]]
-name = "io-lifetimes"
-version = "1.0.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
-dependencies = [
- "hermit-abi",
- "libc",
- "windows-sys 0.48.0",
-]
-
[[package]]
name = "io-lifetimes"
version = "2.0.3"
@@ -2393,15 +2148,6 @@ version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3"
-[[package]]
-name = "itertools"
-version = "0.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
-dependencies = [
- "either",
-]
-
[[package]]
name = "itertools"
version = "0.12.1"
@@ -2477,6 +2223,18 @@ dependencies = [
"wasm-bindgen",
]
+[[package]]
+name = "json-number"
+version = "0.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c54d19ae7e6fc83aafa649707655a9a0ac956a0f62793bde4cfd193b0693fdf"
+dependencies = [
+ "lexical",
+ "ryu-js",
+ "serde",
+ "smallvec",
+]
+
[[package]]
name = "json-patch"
version = "1.2.0"
@@ -2489,6 +2247,25 @@ dependencies = [
"treediff",
]
+[[package]]
+name = "json-syntax"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbe45447363747ecc18deb478f945df8482edafbae21e51bdc73eab76883c6a5"
+dependencies = [
+ "decoded-char",
+ "hashbrown 0.12.3",
+ "indexmap 1.9.3",
+ "json-number",
+ "locspan",
+ "locspan-derive",
+ "ryu-js",
+ "serde",
+ "smallstr",
+ "smallvec",
+ "utf8-decode",
+]
+
[[package]]
name = "jsonpath-rust"
version = "0.5.0"
@@ -2575,9 +2352,9 @@ dependencies = [
"jsonpath-rust",
"k8s-openapi",
"kube-core",
- "pem 3.0.4",
+ "pem",
"rustls 0.23.4",
- "rustls-pemfile 2.1.2",
+ "rustls-pemfile",
"secrecy",
"serde",
"serde_json",
@@ -2612,7 +2389,7 @@ version = "0.90.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4560e2c5c71366f6dceb6500ce33cf72299aede92381bb875dc2d4ba4f102c21"
dependencies = [
- "ahash",
+ "ahash 0.8.11",
"async-trait",
"backoff",
"derivative",
@@ -2654,15 +2431,6 @@ dependencies = [
"wapc-guest",
]
-[[package]]
-name = "kv-log-macro"
-version = "1.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f"
-dependencies = [
- "log",
-]
-
[[package]]
name = "lazy_static"
version = "1.4.0"
@@ -2678,6 +2446,79 @@ version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67"
+[[package]]
+name = "lexical"
+version = "6.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7aefb36fd43fef7003334742cbf77b243fcd36418a1d1bdd480d613a67968f6"
+dependencies = [
+ "lexical-core",
+]
+
+[[package]]
+name = "lexical-core"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2cde5de06e8d4c2faabc400238f9ae1c74d5412d03a7bd067645ccbc47070e46"
+dependencies = [
+ "lexical-parse-float",
+ "lexical-parse-integer",
+ "lexical-util",
+ "lexical-write-float",
+ "lexical-write-integer",
+]
+
+[[package]]
+name = "lexical-parse-float"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "683b3a5ebd0130b8fb52ba0bdc718cc56815b6a097e28ae5a6997d0ad17dc05f"
+dependencies = [
+ "lexical-parse-integer",
+ "lexical-util",
+ "static_assertions",
+]
+
+[[package]]
+name = "lexical-parse-integer"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d0994485ed0c312f6d965766754ea177d07f9c00c9b82a5ee62ed5b47945ee9"
+dependencies = [
+ "lexical-util",
+ "static_assertions",
+]
+
+[[package]]
+name = "lexical-util"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5255b9ff16ff898710eb9eb63cb39248ea8a5bb036bea8085b1a767ff6c4e3fc"
+dependencies = [
+ "static_assertions",
+]
+
+[[package]]
+name = "lexical-write-float"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accabaa1c4581f05a3923d1b4cfd124c329352288b7b9da09e766b0668116862"
+dependencies = [
+ "lexical-util",
+ "lexical-write-integer",
+ "static_assertions",
+]
+
+[[package]]
+name = "lexical-write-integer"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e1b6f3d1f4422866b68192d62f77bc5c700bee84f3069f2469d7bc8c77852446"
+dependencies = [
+ "lexical-util",
+ "static_assertions",
+]
+
[[package]]
name = "libc"
version = "0.2.153"
@@ -2700,12 +2541,6 @@ dependencies = [
"libc",
]
-[[package]]
-name = "linux-raw-sys"
-version = "0.3.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
-
[[package]]
name = "linux-raw-sys"
version = "0.4.13"
@@ -2722,14 +2557,29 @@ dependencies = [
"scopeguard",
]
+[[package]]
+name = "locspan"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33890449fcfac88e94352092944bf321f55e5deb4e289a6f51c87c55731200a0"
+
+[[package]]
+name = "locspan-derive"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e88991223b049a3d29ca1f60c05639581336a0f3ee4bf8a659dddecc11c4961a"
+dependencies = [
+ "proc-macro-error",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
[[package]]
name = "log"
version = "0.4.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c"
-dependencies = [
- "value-bag",
-]
[[package]]
name = "mach"
@@ -2802,7 +2652,7 @@ version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b2cffa4ad52c6f791f4f8b15f0c05f9824b2ced1160e88cc393d64fff9a8ac64"
dependencies = [
- "rustix 0.38.32",
+ "rustix",
]
[[package]]
@@ -2829,16 +2679,6 @@ version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
-[[package]]
-name = "mime_guess"
-version = "2.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4192263c238a5f0d0c6bfd21f336a313a4ce1c450542449ca191bb657b4642ef"
-dependencies = [
- "mime",
- "unicase",
-]
-
[[package]]
name = "miniz_oxide"
version = "0.7.2"
@@ -2904,6 +2744,24 @@ version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03"
+[[package]]
+name = "native-tls"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
+dependencies = [
+ "lazy_static",
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
[[package]]
name = "ndk-context"
version = "0.1.1"
@@ -3052,26 +2910,6 @@ dependencies = [
"libc",
]
-[[package]]
-name = "oauth2"
-version = "4.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c38841cdd844847e3e7c8d29cef9dcfed8877f8f56f9071f77843ecf3baf937f"
-dependencies = [
- "base64 0.13.1",
- "chrono",
- "getrandom",
- "http 0.2.12",
- "rand",
- "reqwest",
- "serde",
- "serde_json",
- "serde_path_to_error",
- "sha2",
- "thiserror",
- "url",
-]
-
[[package]]
name = "objc"
version = "0.2.7"
@@ -3095,43 +2933,18 @@ dependencies = [
[[package]]
name = "oci-distribution"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2ac5b780ce1bd6c3c2ff72a3013f4b2d56d53ae03b20d424e99d2f6556125138"
-dependencies = [
- "futures",
- "futures-util",
- "http 0.2.12",
- "http-auth",
- "jwt",
- "lazy_static",
- "olpc-cjson",
- "regex",
- "reqwest",
- "serde",
- "serde_json",
- "sha2",
- "thiserror",
- "tokio",
- "tokio-util",
- "tracing",
- "unicase",
-]
-
-[[package]]
-name = "oci-distribution"
-version = "0.10.0"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a635cabf7a6eb4e5f13e9e82bd9503b7c2461bf277132e38638a935ebd684b4"
+checksum = "b95a2c51531af0cb93761f66094044ca6ea879320bccd35ab747ff3fcab3f422"
dependencies = [
"bytes",
"chrono",
"futures-util",
- "http 0.2.12",
+ "http 1.1.0",
"http-auth",
"jwt",
"lazy_static",
- "olpc-cjson",
+ "olpc-cjson 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
"regex",
"reqwest",
"serde",
@@ -3176,6 +2989,16 @@ dependencies = [
"unicode-normalization",
]
+[[package]]
+name = "olpc-cjson"
+version = "0.1.3"
+source = "git+https://github.com/flavio/tough.git?branch=update-reqwest#ad9cb20c1bc871111e2de7f799e1e43e30e2eec3"
+dependencies = [
+ "serde",
+ "serde_json",
+ "unicode-normalization",
+]
+
[[package]]
name = "once_cell"
version = "1.19.0"
@@ -3189,35 +3012,29 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
[[package]]
-name = "openidconnect"
-version = "3.5.0"
+name = "openssl"
+version = "0.10.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f47e80a9cfae4462dd29c41e987edd228971d6565553fbc14b8a11e666d91590"
+checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f"
dependencies = [
- "base64 0.13.1",
- "chrono",
- "dyn-clone",
- "ed25519-dalek",
- "hmac",
- "http 0.2.12",
- "itertools 0.10.5",
- "log",
- "oauth2",
- "p256",
- "p384",
- "rand",
- "rsa",
- "serde",
- "serde-value",
- "serde_derive",
- "serde_json",
- "serde_path_to_error",
- "serde_plain",
- "serde_with",
- "sha2",
- "subtle",
- "thiserror",
- "url",
+ "bitflags 2.5.0",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.59",
]
[[package]]
@@ -3226,6 +3043,18 @@ version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+[[package]]
+name = "openssl-sys"
+version = "0.9.102"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
[[package]]
name = "opentelemetry"
version = "0.22.0"
@@ -3354,12 +3183,6 @@ dependencies = [
"sha2",
]
-[[package]]
-name = "parking"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae"
-
[[package]]
name = "parking_lot"
version = "0.12.1"
@@ -3409,24 +3232,6 @@ version = "1.0.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c"
-[[package]]
-name = "path-absolutize"
-version = "3.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e4af381fe79fa195b4909485d99f73a80792331df0625188e707854f0b3383f5"
-dependencies = [
- "path-dedot",
-]
-
-[[package]]
-name = "path-dedot"
-version = "3.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07ba0ad7e047712414213ff67533e6dd477af0a4e1d14fb52343e53d30ea9397"
-dependencies = [
- "once_cell",
-]
-
[[package]]
name = "path-slash"
version = "0.2.1"
@@ -3434,32 +3239,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e91099d4268b0e11973f036e885d652fb0b21fedcf69738c627f94db6a44f42"
[[package]]
-name = "pbkdf2"
-version = "0.12.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
-dependencies = [
- "digest",
- "hmac",
-]
-
-[[package]]
-name = "pem"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
-dependencies = [
- "base64 0.13.1",
-]
-
-[[package]]
-name = "pem"
-version = "2.0.1"
+name = "pbkdf2"
+version = "0.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a"
+checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
dependencies = [
- "base64 0.21.7",
- "serde",
+ "digest",
+ "hmac",
]
[[package]]
@@ -3680,17 +3466,6 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-[[package]]
-name = "piper"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4"
-dependencies = [
- "atomic-waker",
- "fastrand 2.0.2",
- "futures-io",
-]
-
[[package]]
name = "pkcs1"
version = "0.7.5"
@@ -3743,18 +3518,18 @@ checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7"
[[package]]
name = "policy-evaluator"
-version = "0.16.4"
-source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.16.4#c49018ee2aa5ab106adbfe19ba728fbe090da663"
+version = "0.17.0"
+source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.17.0#52fa632e2b882328aa0376d506a6cb99e8ac67d8"
dependencies = [
"anyhow",
"base64 0.22.0",
"burrego",
- "cached 0.49.3",
+ "cached",
"chrono",
"dns-lookup",
"email_address",
"futures",
- "itertools 0.12.1",
+ "itertools",
"json-patch",
"k8s-openapi",
"kube",
@@ -3784,23 +3559,23 @@ dependencies = [
[[package]]
name = "policy-fetcher"
-version = "0.8.3"
-source = "git+https://github.com/kubewarden/policy-fetcher?tag=v0.8.3#84ce045177eb672b25e17f614a0511c2993b7ec6"
+version = "0.8.4"
+source = "git+https://github.com/kubewarden/policy-fetcher?tag=v0.8.4#3735fecb1d6f394d0133bf8f807fdca0b7430d79"
dependencies = [
- "async-std",
- "async-stream",
"async-trait",
"base64 0.22.0",
"cfg-if",
"directories",
"docker_credential",
"lazy_static",
- "oci-distribution 0.10.0",
+ "oci-distribution",
"path-slash",
+ "pem",
"rayon",
"regex",
"reqwest",
"rustls 0.23.4",
+ "rustls-pki-types",
"serde",
"serde_json",
"serde_yaml",
@@ -3824,7 +3599,7 @@ dependencies = [
"daemonize",
"futures",
"http-body-util",
- "itertools 0.12.1",
+ "itertools",
"k8s-openapi",
"lazy_static",
"mime",
@@ -3839,6 +3614,7 @@ dependencies = [
"rayon",
"regex",
"rstest",
+ "rustls-pki-types",
"semver",
"serde",
"serde_json",
@@ -3854,37 +3630,6 @@ dependencies = [
"tracing-subscriber",
]
-[[package]]
-name = "polling"
-version = "2.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b2d323e8ca7996b3e23126511a523f7e62924d93ecd5ae73b333815b0eb3dce"
-dependencies = [
- "autocfg",
- "bitflags 1.3.2",
- "cfg-if",
- "concurrent-queue",
- "libc",
- "log",
- "pin-project-lite",
- "windows-sys 0.48.0",
-]
-
-[[package]]
-name = "polling"
-version = "3.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0c976a60b2d7e99d6f229e414670a9b85d13ac305cc6d1e9c134de58c5aaaf6"
-dependencies = [
- "cfg-if",
- "concurrent-queue",
- "hermit-abi",
- "pin-project-lite",
- "rustix 0.38.32",
- "tracing",
- "windows-sys 0.52.0",
-]
-
[[package]]
name = "poly1305"
version = "0.8.0"
@@ -3960,9 +3705,9 @@ dependencies = [
[[package]]
name = "prettyplease"
-version = "0.2.18"
+version = "0.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43691bed4607592afec0d97723e6820211ce6b84089e082f04dbc882ea9379b8"
+checksum = "5ac2cf0f2e4f42b49f5ffd07dae8d746508ef7526c13940e5f524012ae6c6550"
dependencies = [
"proc-macro2",
"syn 2.0.59",
@@ -4028,7 +3773,7 @@ checksum = "80b776a1b2dc779f5ee0641f8ade0125bc1298dd41a9a0c16d8bd57b42d222b1"
dependencies = [
"bytes",
"heck 0.5.0",
- "itertools 0.12.1",
+ "itertools",
"log",
"multimap",
"once_cell",
@@ -4048,7 +3793,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19de2de2a00075bf566bee3bd4db014b11587e84184d3f7a791bc17f1a8e9e48"
dependencies = [
"anyhow",
- "itertools 0.12.1",
+ "itertools",
"proc-macro2",
"quote",
"syn 2.0.59",
@@ -4222,37 +3967,39 @@ checksum = "e898588f33fdd5b9420719948f9f2a32c922a246964576f71ba7f24f80610fbc"
[[package]]
name = "reqwest"
-version = "0.11.27"
+version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62"
+checksum = "3e6cc1e89e689536eb5aeede61520e874df5a4707df811cd5da4aa5fbb2aae19"
dependencies = [
- "base64 0.21.7",
+ "base64 0.22.0",
"bytes",
- "encoding_rs",
"futures-core",
"futures-util",
- "h2 0.3.26",
- "http 0.2.12",
- "http-body 0.4.6",
- "hyper 0.14.28",
- "hyper-rustls 0.24.2",
+ "http 1.1.0",
+ "http-body 1.0.0",
+ "http-body-util",
+ "hyper 1.2.0",
+ "hyper-rustls 0.26.0",
+ "hyper-tls",
+ "hyper-util",
"ipnet",
"js-sys",
"log",
"mime",
- "mime_guess",
+ "native-tls",
"once_cell",
"percent-encoding",
"pin-project-lite",
- "rustls 0.21.10",
- "rustls-pemfile 1.0.4",
+ "rustls 0.22.3",
+ "rustls-pemfile",
+ "rustls-pki-types",
"serde",
"serde_json",
"serde_urlencoded",
"sync_wrapper 0.1.2",
- "system-configuration",
"tokio",
- "tokio-rustls 0.24.1",
+ "tokio-native-tls",
+ "tokio-rustls 0.25.0",
"tokio-util",
"tower-service",
"url",
@@ -4274,21 +4021,6 @@ dependencies = [
"subtle",
]
-[[package]]
-name = "ring"
-version = "0.16.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
-dependencies = [
- "cc",
- "libc",
- "once_cell",
- "spin 0.5.2",
- "untrusted 0.7.1",
- "web-sys",
- "winapi",
-]
-
[[package]]
name = "ring"
version = "0.17.8"
@@ -4300,7 +4032,7 @@ dependencies = [
"getrandom",
"libc",
"spin 0.9.8",
- "untrusted 0.9.0",
+ "untrusted",
"windows-sys 0.52.0",
]
@@ -4374,20 +4106,6 @@ dependencies = [
"semver",
]
-[[package]]
-name = "rustix"
-version = "0.37.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fea8ca367a3a01fe35e6943c400addf443c0f57670e6ec51196f71a4b8762dd2"
-dependencies = [
- "bitflags 1.3.2",
- "errno",
- "io-lifetimes 1.0.11",
- "libc",
- "linux-raw-sys 0.3.8",
- "windows-sys 0.48.0",
-]
-
[[package]]
name = "rustix"
version = "0.38.32"
@@ -4398,7 +4116,7 @@ dependencies = [
"errno",
"itoa",
"libc",
- "linux-raw-sys 0.4.13",
+ "linux-raw-sys",
"once_cell",
"windows-sys 0.52.0",
]
@@ -4410,11 +4128,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
dependencies = [
"log",
- "ring 0.17.8",
+ "ring",
"rustls-webpki 0.101.7",
"sct",
]
+[[package]]
+name = "rustls"
+version = "0.22.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "99008d7ad0bbbea527ec27bddbc0e432c5b87d8175178cee68d2eec9c4a1813c"
+dependencies = [
+ "log",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki 0.102.2",
+ "subtle",
+ "zeroize",
+]
+
[[package]]
name = "rustls"
version = "0.23.4"
@@ -4423,7 +4155,7 @@ checksum = "8c4d6d8ad9f2492485e13453acbb291dd08f64441b6609c491f1c2cd2c6b4fe1"
dependencies = [
"log",
"once_cell",
- "ring 0.17.8",
+ "ring",
"rustls-pki-types",
"rustls-webpki 0.102.2",
"subtle",
@@ -4437,21 +4169,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
dependencies = [
"openssl-probe",
- "rustls-pemfile 2.1.2",
+ "rustls-pemfile",
"rustls-pki-types",
"schannel",
"security-framework",
]
-[[package]]
-name = "rustls-pemfile"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
-dependencies = [
- "base64 0.21.7",
-]
-
[[package]]
name = "rustls-pemfile"
version = "2.1.2"
@@ -4474,8 +4197,8 @@ version = "0.101.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
dependencies = [
- "ring 0.17.8",
- "untrusted 0.9.0",
+ "ring",
+ "untrusted",
]
[[package]]
@@ -4484,9 +4207,9 @@ version = "0.102.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610"
dependencies = [
- "ring 0.17.8",
+ "ring",
"rustls-pki-types",
- "untrusted 0.9.0",
+ "untrusted",
]
[[package]]
@@ -4501,6 +4224,12 @@ version = "1.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1"
+[[package]]
+name = "ryu-js"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6518fc26bced4d53678a22d6e423e9d8716377def84545fe328236e3af070e7f"
+
[[package]]
name = "salsa20"
version = "0.10.2"
@@ -4528,6 +4257,49 @@ dependencies = [
"windows-sys 0.52.0",
]
+[[package]]
+name = "schemafy"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9725c16a64e85972fcb3630677be83fef699a1cd8e4bfbdcf3b3c6675f838a19"
+dependencies = [
+ "Inflector",
+ "schemafy_core",
+ "schemafy_lib",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "serde_repr",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "schemafy_core"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2bec29dddcfe60f92f3c0d422707b8b56473983ef0481df8d5236ed3ab8fdf24"
+dependencies = [
+ "serde",
+ "serde_json",
+]
+
+[[package]]
+name = "schemafy_lib"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af3d87f1df246a9b7e2bfd1f4ee5f88e48b11ef9cfc62e63f0dead255b1a6f5f"
+dependencies = [
+ "Inflector",
+ "proc-macro2",
+ "quote",
+ "schemafy_core",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "syn 1.0.109",
+ "uriparse",
+]
+
[[package]]
name = "scopeguard"
version = "1.2.0"
@@ -4552,8 +4324,8 @@ version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
dependencies = [
- "ring 0.17.8",
- "untrusted 0.9.0",
+ "ring",
+ "untrusted",
]
[[package]]
@@ -4681,6 +4453,17 @@ dependencies = [
"serde",
]
+[[package]]
+name = "serde_repr"
+version = "0.1.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.59",
+]
+
[[package]]
name = "serde_spanned"
version = "0.6.5"
@@ -4816,44 +4599,50 @@ dependencies = [
[[package]]
name = "sigstore"
-version = "0.7.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a306742205ee5e287f0c0cbb8f8361f6eda60a67232860c9e285778f001680fa"
+version = "0.9.0"
+source = "git+https://github.com/flavio/sigstore-rs.git?rev=46b1cb63b193ab3402beeae5b4999c42cfc65e43#46b1cb63b193ab3402beeae5b4999c42cfc65e43"
dependencies = [
"async-trait",
- "base64 0.21.7",
- "cached 0.44.0",
+ "base64 0.22.0",
+ "cached",
"cfg-if",
"chrono",
"const-oid",
"crypto_secretbox",
"digest",
+ "dyn-clone",
"ecdsa",
"ed25519",
"ed25519-dalek",
"elliptic-curve",
+ "futures",
+ "futures-util",
"getrandom",
+ "hex",
+ "json-syntax",
"lazy_static",
- "oci-distribution 0.9.4",
- "olpc-cjson",
- "openidconnect",
+ "oci-distribution",
+ "olpc-cjson 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
"p256",
"p384",
- "pem 2.0.1",
- "picky",
+ "pem",
"pkcs1",
"pkcs8",
"rand",
"regex",
- "reqwest",
"rsa",
+ "rustls-webpki 0.102.2",
"scrypt",
"serde",
"serde_json",
+ "serde_repr",
+ "serde_with",
"sha2",
"signature",
+ "sigstore_protobuf_specs",
"thiserror",
"tokio",
+ "tokio-util",
"tough",
"tracing",
"url",
@@ -4862,6 +4651,18 @@ dependencies = [
"zeroize",
]
+[[package]]
+name = "sigstore_protobuf_specs"
+version = "0.1.0-rc.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c54c3284a3ed53bd585dfbbe80b81142ad35128d7cba817623c4e066a4a95a2b"
+dependencies = [
+ "schemafy",
+ "schemafy_core",
+ "serde",
+ "serde_json",
+]
+
[[package]]
name = "siphasher"
version = "0.3.11"
@@ -4889,6 +4690,16 @@ version = "2.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8347046d4ebd943127157b94d63abb990fcf729dc4e9978927fdf4ac3c998d06"
+[[package]]
+name = "smallstr"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "63b1aefdf380735ff8ded0b15f31aab05daf1f70216c01c02a12926badd1df9d"
+dependencies = [
+ "serde",
+ "smallvec",
+]
+
[[package]]
name = "smallvec"
version = "1.13.2"
@@ -4897,34 +4708,25 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
[[package]]
name = "snafu"
-version = "0.7.5"
+version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e4de37ad025c587a29e8f3f5605c00f70b98715ef90b9061a815b9e59e9042d6"
+checksum = "75976f4748ab44f6e5332102be424e7c2dc18daeaf7e725f2040c3ebb133512e"
dependencies = [
- "doc-comment",
+ "futures-core",
+ "pin-project",
"snafu-derive",
]
[[package]]
name = "snafu-derive"
-version = "0.7.5"
+version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "990079665f075b699031e9c08fd3ab99be5029b96f3b78dc0709e8f77e4efebf"
+checksum = "b4b19911debfb8c2fb1107bc6cb2d61868aaf53a988449213959bb1b5b1ed95f"
dependencies = [
"heck 0.4.1",
"proc-macro2",
"quote",
- "syn 1.0.109",
-]
-
-[[package]]
-name = "socket2"
-version = "0.4.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d"
-dependencies = [
- "libc",
- "winapi",
+ "syn 2.0.59",
]
[[package]]
@@ -4971,6 +4773,12 @@ version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
[[package]]
name = "strsim"
version = "0.10.0"
@@ -5046,27 +4854,6 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394"
-[[package]]
-name = "system-configuration"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7"
-dependencies = [
- "bitflags 1.3.2",
- "core-foundation",
- "system-configuration-sys",
-]
-
-[[package]]
-name = "system-configuration-sys"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
[[package]]
name = "system-interface"
version = "0.27.2"
@@ -5077,8 +4864,8 @@ dependencies = [
"cap-fs-ext",
"cap-std",
"fd-lock",
- "io-lifetimes 2.0.3",
- "rustix 0.38.32",
+ "io-lifetimes",
+ "rustix",
"windows-sys 0.52.0",
"winx",
]
@@ -5096,8 +4883,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1"
dependencies = [
"cfg-if",
- "fastrand 2.0.2",
- "rustix 0.38.32",
+ "fastrand",
+ "rustix",
"windows-sys 0.52.0",
]
@@ -5218,7 +5005,7 @@ dependencies = [
"parking_lot",
"pin-project-lite",
"signal-hook-registry",
- "socket2 0.5.6",
+ "socket2",
"tokio-macros",
"windows-sys 0.48.0",
]
@@ -5244,6 +5031,16 @@ dependencies = [
"syn 2.0.59",
]
+[[package]]
+name = "tokio-native-tls"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
+dependencies = [
+ "native-tls",
+ "tokio",
+]
+
[[package]]
name = "tokio-rustls"
version = "0.24.1"
@@ -5254,6 +5051,17 @@ dependencies = [
"tokio",
]
+[[package]]
+name = "tokio-rustls"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
+dependencies = [
+ "rustls 0.22.3",
+ "rustls-pki-types",
+ "tokio",
+]
+
[[package]]
name = "tokio-rustls"
version = "0.26.0"
@@ -5284,7 +5092,6 @@ checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15"
dependencies = [
"bytes",
"futures-core",
- "futures-io",
"futures-sink",
"pin-project-lite",
"slab",
@@ -5355,27 +5162,33 @@ dependencies = [
[[package]]
name = "tough"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c259b2bd13fdff3305a5a92b45befb1adb315d664612c8991be57fb6a83dc126"
+version = "0.17.1"
+source = "git+https://github.com/flavio/tough.git?branch=update-reqwest#ad9cb20c1bc871111e2de7f799e1e43e30e2eec3"
dependencies = [
+ "async-recursion",
+ "async-trait",
+ "bytes",
"chrono",
"dyn-clone",
+ "futures",
+ "futures-core",
"globset",
"hex",
"log",
- "olpc-cjson",
- "path-absolutize",
- "pem 1.1.1",
+ "olpc-cjson 0.1.3 (git+https://github.com/flavio/tough.git?branch=update-reqwest)",
+ "pem",
"percent-encoding",
"reqwest",
- "ring 0.16.20",
+ "ring",
"serde",
"serde_json",
"serde_plain",
"snafu",
"tempfile",
- "untrusted 0.7.1",
+ "tokio",
+ "tokio-util",
+ "typed-path",
+ "untrusted",
"url",
"walkdir",
]
@@ -5539,6 +5352,12 @@ version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
+[[package]]
+name = "typed-path"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "668404597c2c687647f6f8934f97c280fd500db28557f52b07c56b92d3dc500a"
+
[[package]]
name = "typenum"
version = "1.17.0"
@@ -5611,15 +5430,19 @@ checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861"
[[package]]
name = "untrusted"
-version = "0.7.1"
+version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
[[package]]
-name = "untrusted"
-version = "0.9.0"
+name = "uriparse"
+version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+checksum = "0200d0fc04d809396c2ad43f3c95da3582a2556eba8d453c1087f4120ee352ff"
+dependencies = [
+ "fnv",
+ "lazy_static",
+]
[[package]]
name = "url"
@@ -5639,6 +5462,12 @@ version = "2.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
+[[package]]
+name = "utf8-decode"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca61eb27fa339aa08826a29f03e87b99b4d8f0fc2255306fd266bb1b6a9de498"
+
[[package]]
name = "utf8parse"
version = "0.2.1"
@@ -5688,10 +5517,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
[[package]]
-name = "value-bag"
-version = "1.8.1"
+name = "vcpkg"
+version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74797339c3b98616c009c7c3eb53a0ce41e85c8ec66bd3db96ed132d20cfdee8"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]]
name = "version_check"
@@ -5699,12 +5528,6 @@ version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
-[[package]]
-name = "waker-fn"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690"
-
[[package]]
name = "walkdir"
version = "2.5.0"
@@ -5765,10 +5588,10 @@ dependencies = [
"cap-time-ext",
"fs-set-times",
"io-extras",
- "io-lifetimes 2.0.3",
+ "io-lifetimes",
"log",
"once_cell",
- "rustix 0.38.32",
+ "rustix",
"system-interface",
"thiserror",
"tracing",
@@ -5929,7 +5752,7 @@ dependencies = [
"once_cell",
"paste",
"rayon",
- "rustix 0.38.32",
+ "rustix",
"semver",
"serde",
"serde_derive",
@@ -5972,7 +5795,7 @@ dependencies = [
"bincode",
"directories-next",
"log",
- "rustix 0.38.32",
+ "rustix",
"serde",
"serde_derive",
"sha2",
@@ -6078,7 +5901,7 @@ dependencies = [
"anyhow",
"cc",
"cfg-if",
- "rustix 0.38.32",
+ "rustix",
"wasmtime-asm-macros",
"wasmtime-versioned-export-macros",
"windows-sys 0.52.0",
@@ -6092,7 +5915,7 @@ checksum = "92de34217bf7f0464262adf391a9950eba440f9dfc7d3b0e3209302875c6f65f"
dependencies = [
"object",
"once_cell",
- "rustix 0.38.32",
+ "rustix",
"wasmtime-versioned-export-macros",
]
@@ -6143,7 +5966,7 @@ dependencies = [
"memoffset",
"paste",
"psm",
- "rustix 0.38.32",
+ "rustix",
"sptr",
"wasm-encoder 0.201.0",
"wasmtime-asm-macros",
@@ -6203,9 +6026,9 @@ dependencies = [
"fs-set-times",
"futures",
"io-extras",
- "io-lifetimes 2.0.3",
+ "io-lifetimes",
"once_cell",
- "rustix 0.38.32",
+ "rustix",
"system-interface",
"thiserror",
"tokio",
@@ -6321,9 +6144,12 @@ dependencies = [
[[package]]
name = "webpki-roots"
-version = "0.25.4"
+version = "0.26.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
+checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009"
+dependencies = [
+ "rustls-pki-types",
+]
[[package]]
name = "wiggle"
@@ -6639,9 +6465,9 @@ dependencies = [
[[package]]
name = "winreg"
-version = "0.50.0"
+version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1"
+checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5"
dependencies = [
"cfg-if",
"windows-sys 0.48.0",
@@ -6707,6 +6533,8 @@ checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94"
dependencies = [
"const-oid",
"der",
+ "sha1",
+ "signature",
"spki",
"tls_codec",
]
diff --git a/Cargo.toml b/Cargo.toml
index a3c9b7e1..f916c9bc 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,7 +29,8 @@ opentelemetry = { version = "0.22.0", default-features = false, features = [
] }
opentelemetry_sdk = { version = "0.22.1", features = ["rt-tokio"] }
pprof = { version = "0.13", features = ["prost-codec"] }
-policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.16.4" }
+policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.17.0" }
+rustls-pki-types = { version = "1", features = ["alloc"] }
rayon = "1.10"
regex = "1.10"
serde_json = "1.0"
diff --git a/src/lib.rs b/src/lib.rs
index e649e05a..7416ccf6 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -13,22 +13,28 @@ pub mod metrics;
pub mod profiling;
pub mod tracing;
-use ::tracing::{debug, error, info, Level};
+use ::tracing::{debug, info, Level};
use anyhow::{anyhow, Result};
-use axum::routing::{get, post};
-use axum::Router;
+use axum::{
+ routing::{get, post},
+ Router,
+};
use axum_server::tls_rustls::RustlsConfig;
-use policy_evaluator::callback_handler::CallbackHandler;
-use policy_evaluator::policy_fetcher::sigstore;
-use policy_evaluator::policy_fetcher::verify::FulcioAndRekorData;
-use policy_evaluator::wasmtime;
-use policy_evaluator::{callback_handler::CallbackHandlerBuilder, kube};
+use policy_evaluator::{
+ callback_handler::{CallbackHandler, CallbackHandlerBuilder},
+ kube,
+ policy_fetcher::sigstore::trust::{
+ sigstore::{ManualTrustRoot, SigstoreTrustRoot},
+ TrustRoot,
+ },
+ wasmtime,
+};
use rayon::prelude::*;
-use std::net::SocketAddr;
-use std::sync::Arc;
-use tokio::sync::oneshot;
-use tokio::sync::Semaphore;
-use tokio::time;
+use std::{net::SocketAddr, sync::Arc};
+use tokio::{
+ sync::{oneshot, Semaphore},
+ time,
+};
use tower_http::trace::{self, TraceLayer};
use crate::api::handlers::{
@@ -57,30 +63,28 @@ impl PolicyServer {
let (callback_handler_shutdown_channel_tx, callback_handler_shutdown_channel_rx) =
oneshot::channel();
- // TODO: remove the spawn blocking once the Sigstore client is async
- // see: https://github.com/sigstore/sigstore-rs/pull/320
- let fulcio_and_rekor_data = match tokio::task::spawn_blocking(|| {
- sigstore::tuf::SigstoreRepository::fetch(None)
- })
- .await
- .unwrap()
- {
- Ok(repo) => Some(FulcioAndRekorData::FromTufRepository { repo }),
- Err(e) => {
- error!("Cannot fetch TUF repository: {e:?}");
- error!("Sigstore Verifier created without Fulcio data: keyless signatures are going to be discarded because they cannot be verified");
- error!(
- "Sigstore Verifier created without Rekor data: transparency log data won't be used"
- );
- error!("Sigstore capabilities are going to be limited");
- None
- }
+ let repo = SigstoreTrustRoot::new(Some(config.sigstore_cache_dir.as_path())).await?;
+ let fulcio_certs: Vec<rustls_pki_types::CertificateDer> = repo
+ .fulcio_certs()
+ .expect("Cannot fetch Fulcio certificates from TUF repository")
+ .into_iter()
+ .map(|c| c.into_owned())
+ .collect();
+ let manual_root = ManualTrustRoot {
+ fulcio_certs: Some(fulcio_certs),
+ rekor_keys: Some(
+ repo.rekor_keys()
+ .expect("Cannot fetch Rekor keys from TUF repository")
+ .iter()
+ .map(|k| k.to_vec())
+ .collect(),
+ ),
};
let mut callback_handler_builder =
CallbackHandlerBuilder::new(callback_handler_shutdown_channel_rx)
.registry_config(config.sources.clone())
- .fulcio_and_rekor_data(fulcio_and_rekor_data.as_ref());
+ .trust_root(Some(Arc::new(manual_root)));
let kube_client: Option<kube::Client> = match kube::Client::try_default().await {
Ok(client) => Some(client),
@@ -111,7 +115,7 @@ impl PolicyServer {
}
};
- let callback_handler = callback_handler_builder.build()?;
+ let callback_handler = callback_handler_builder.build().await?;
let callback_sender_channel = callback_handler.sender_channel();
// Download policies
diff --git a/src/policy_downloader.rs b/src/policy_downloader.rs
index 6e01cdfc..09b351e7 100644
--- a/src/policy_downloader.rs
+++ b/src/policy_downloader.rs
@@ -1,20 +1,20 @@
use anyhow::{anyhow, Result};
-use policy_evaluator::policy_metadata::Metadata;
use policy_evaluator::{
policy_fetcher,
policy_fetcher::{
sigstore,
sources::Sources,
- verify::{config::LatestVerificationConfig, FulcioAndRekorData, Verifier},
+ verify::{config::LatestVerificationConfig, Verifier},
},
+ policy_metadata::Metadata,
};
-use std::path::Path;
+use sigstore::trust::{ManualTrustRoot, TrustRoot};
use std::{
collections::{HashMap, HashSet},
fs,
- path::PathBuf,
+ path::{Path, PathBuf},
+ sync::Arc,
};
-use tokio::task::spawn_blocking;
use tracing::{debug, error, info};
use crate::config::Policy;
@@ -25,22 +25,17 @@ use crate::config::Policy;
pub(crate) type FetchedPolicies = HashMap<String, Result<PathBuf>>;
/// Handles download and verification of policies
-pub(crate) struct Downloader {
- verifier: Option<Verifier>,
+pub(crate) struct Downloader<'v> {
+ verifier: Option<Verifier<'v>>,
sources: Option<Sources>,
}
-impl Downloader {
+impl<'v> Downloader<'v> {
/// Create a new instance of Downloader
///
/// **Warning:** this needs network connectivity because the constructor
/// fetches Fulcio and Rekor data from the official TUF repository of
- /// sigstore. This network operations are going to be blocking, that's
- /// caused by the libraries used by sigstore-rs to interact with TUF.
- ///
- /// Being a blocking operation, the other tokio operations are going to be
- /// put on hold until this method is done. This should not be done too often,
- /// otherwise there will be performance consequences.
+ /// sigstore.
pub async fn new(
sources: Option<Sources>,
enable_verification: bool,
@@ -225,10 +220,10 @@ impl Downloader {
/// Creates a new Verifier that fetches Fulcio and Rekor data from the official
/// TUF repository of the sigstore project
-async fn create_verifier(
+async fn create_verifier<'v>(
sources: Option<Sources>,
sigstore_cache_dir: Option<PathBuf>,
-) -> Result<Verifier> {
+) -> Result<Verifier<'v>> {
if let Some(cache_dir) = sigstore_cache_dir.clone() {
if !cache_dir.exists() {
fs::create_dir_all(cache_dir)
@@ -236,26 +231,27 @@ async fn create_verifier(
}
}
- let repo = spawn_blocking(move || match sigstore_cache_dir {
- Some(d) => sigstore::tuf::SigstoreRepository::fetch(Some(d.as_path())),
- None => sigstore::tuf::SigstoreRepository::fetch(None),
- })
- .await
- .map_err(|e| anyhow!("Cannot spawn blocking task: {}", e))?;
-
- let fulcio_and_rekor_data = match repo {
- Ok(repo) => Some(FulcioAndRekorData::FromTufRepository { repo }),
- Err(e) => {
- error!("Cannot fetch TUF repository: {e:?}");
- error!("Sigstore Verifier created without Fulcio data: keyless signatures are going to be discarded because they cannot be verified");
- error!(
- "Sigstore Verifier created without Rekor data: transparency log data won't be used"
- );
- error!("Sigstore capabilities are going to be limited");
- None
- }
+ let repo =
+ sigstore::trust::sigstore::SigstoreTrustRoot::new(sigstore_cache_dir.as_deref()).await?;
+ let fulcio_certs: Vec<rustls_pki_types::CertificateDer> = repo
+ .fulcio_certs()
+ .unwrap()
+ .into_iter()
+ .map(|c| c.into_owned())
+ .collect();
+ let manual_root = ManualTrustRoot {
+ fulcio_certs: Some(fulcio_certs),
+ rekor_keys: Some(
+ repo.rekor_keys()
+ .unwrap()
+ .iter()
+ .map(|k| k.to_vec())
+ .collect(),
+ ),
};
- Ok(Verifier::new(sources, fulcio_and_rekor_data.as_ref())?)
+ let verifier = Verifier::new(sources, Some(Arc::new(manual_root))).await?;
+
+ Ok(verifier)
}
#[cfg(test)]