diff --git a/Cargo.lock b/Cargo.lock index f6f9116d..798c8ecf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -117,7 +117,7 @@ checksum = "3f934833b4b7233644e5848f235df3f57ed8c80f1528a26c3dfa13d2147fa056" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -137,39 +137,367 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +[[package]] +name = "aws-config" +version = "1.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48730d0b4c3d91c43d0d37168831d9fd0e065ad4a889a2ee9faf8d34c3d2804d" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-sdk-sso", + "aws-sdk-ssooidc", + "aws-sdk-sts", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "hex", + "http 0.2.12", + "hyper 0.14.32", + "ring", + "time", + "tokio", + "tracing", + "url", + "zeroize", +] + +[[package]] +name = "aws-credential-types" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60e8f6b615cb5fc60a98132268508ad104310f0cfb25a1c22eee76efdf9154da" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "zeroize", +] + [[package]] name = "aws-nitro-enclaves-cose" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8a94047bd9c3717c6ca3a145504c0e26b64a5e2d9eb9559b187748433fbc382" dependencies = [ + "aws-sdk-kms", "openssl", "serde", "serde_bytes", "serde_cbor", "serde_repr", "serde_with", + "tokio", ] [[package]] name = "aws-nitro-enclaves-image-format" -version = "0.2.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c24e2101441ce8f8dd0799ce7e36c68571ecf5e3731190b277c63765aaed8c1c" +checksum = "d6d27871fc99882b0af93d9adc405158073f48693a0eaeb31b5d083e61476717" dependencies = [ + "aws-config", "aws-nitro-enclaves-cose", + "aws-sdk-kms", + "aws-smithy-runtime", + "aws-types", "byteorder", "chrono", "clap 3.2.25", "crc", "hex", - "num-derive 0.3.3", + "num-derive", "num-traits", "openssl", "serde", "serde_cbor", "serde_json", - "sha2", + "sha2 0.9.9", + "tokio", +] + +[[package]] +name = "aws-runtime" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4ee6903f9d0197510eb6b44c4d86b493011d08b4992938f7b9be0333b6685aa" +dependencies = [ + "aws-credential-types", + "aws-sigv4", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http-body 0.4.6", + "percent-encoding", + "pin-project-lite", + "tracing", + "uuid", +] + +[[package]] +name = "aws-sdk-kms" +version = "1.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cfadd284d25d59c715bec5d1b6a20724eea3f85332a632f56056ce3fc6ea934" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-sso" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2be5ba83b077b67a6f7a1927eb6b212bf556e33bd74b5eaa5aa6e421910803a" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-ssooidc" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "022ca669825f841aef17b12d4354ef2b8651e4664be49f2d9ea13e4062a80c9f" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-sts" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e4a5f5cb007347c1ab34a6d56456301dfada921fc9e57d687ecb08baddd11ff" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-query", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", + "http 0.2.12", + "once_cell", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sigv4" +version = "1.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "690118821e46967b3c4501d67d7d52dd75106a9c54cf36cefa1985cedbe94e05" +dependencies = [ + "aws-credential-types", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "form_urlencoded", + "hex", + "hmac", + "http 0.2.12", + "http 1.2.0", + "once_cell", + "percent-encoding", + "sha2 0.10.8", + "time", + "tracing", +] + +[[package]] +name = "aws-smithy-async" +version = "1.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa59d1327d8b5053c54bf2eaae63bf629ba9e904434d0835a28ed3c0ed0a614e" +dependencies = [ + "futures-util", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "aws-smithy-http" +version = "0.60.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7809c27ad8da6a6a68c454e651d4962479e81472aa19ae99e59f9aba1f9713cc" +dependencies = [ + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "bytes-utils", + "futures-core", + "http 0.2.12", + "http-body 0.4.6", + "once_cell", + "percent-encoding", + "pin-project-lite", + "pin-utils", + "tracing", +] + +[[package]] +name = "aws-smithy-json" +version = "0.60.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4683df9469ef09468dad3473d129960119a0d3593617542b7d52086c8486f2d6" +dependencies = [ + "aws-smithy-types", +] + +[[package]] +name = "aws-smithy-query" +version = "0.60.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2fbd61ceb3fe8a1cb7352e42689cec5335833cd9f94103a61e98f9bb61c64bb" +dependencies = [ + "aws-smithy-types", + "urlencoding", +] + +[[package]] +name = "aws-smithy-runtime" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c53572b4cd934ee5e8461ad53caa36e9d246aaef42166e3ac539e206a925d330" +dependencies = [ + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "fastrand", + "h2", + "http 0.2.12", + "http-body 0.4.6", + "http-body 1.0.1", + "hyper 0.14.32", + "hyper-rustls", + "once_cell", + "pin-project-lite", + "pin-utils", + "rustls", + "tokio", + "tracing", +] + +[[package]] +name = "aws-smithy-runtime-api" +version = "1.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92165296a47a812b267b4f41032ff8069ab7ff783696d217f0994a0d7ab585cd" +dependencies = [ + "aws-smithy-async", + "aws-smithy-types", + "bytes", + "http 0.2.12", + "http 1.2.0", + "pin-project-lite", + "tokio", + "tracing", + "zeroize", +] + +[[package]] +name = "aws-smithy-types" +version = "1.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28f6feb647fb5e0d5b50f0472c19a7db9462b74e2fec01bb0b44eedcc834e97" +dependencies = [ + "base64-simd", + "bytes", + "bytes-utils", + "futures-core", + "http 0.2.12", + "http 1.2.0", + "http-body 0.4.6", + "http-body 1.0.1", + "http-body-util", + "itoa", + "num-integer", + "pin-project-lite", + "pin-utils", + "ryu", + "serde", + "time", + "tokio", + "tokio-util", +] + +[[package]] +name = "aws-smithy-xml" +version = "0.60.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab0b0166827aa700d3dc519f72f8b3a91c35d0b8d042dc5d643a91e6f80648fc" +dependencies = [ + "xmlparser", +] + +[[package]] +name = "aws-types" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afb278e322f16f59630a83b6b2dc992a0b48aa74ed47b4130f193fae0053d713" +dependencies = [ + "aws-credential-types", + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "http 0.2.12", + "rustc_version", + "tracing", ] [[package]] @@ -187,12 +515,28 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "base64" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" + [[package]] name = "base64" version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "base64-simd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195" +dependencies = [ + "outref", + "vsimd", +] + [[package]] name = "bindgen" version = "0.71.1" @@ -210,7 +554,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.96", + "syn", ] [[package]] @@ -234,21 +578,30 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + [[package]] name = "bollard" version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0aed08d3adb6ebe0eff737115056652670ae290f177759aac19c30456135f94c" dependencies = [ - "base64", + "base64 0.22.1", "bollard-stubs", "bytes", "futures-core", "futures-util", "hex", - "http", + "http 1.2.0", "http-body-util", - "hyper", + "hyper 1.5.2", "hyper-named-pipe", "hyper-util", "hyperlocal-next", @@ -278,12 +631,6 @@ dependencies = [ "serde_with", ] -[[package]] -name = "build_const" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4ae4235e6dac0694637c763029ecea1a2ec9e4e06ec2729bd21ba4d9c863eb7" - [[package]] name = "bumpalo" version = "3.16.0" @@ -302,6 +649,16 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b" +[[package]] +name = "bytes-utils" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35" +dependencies = [ + "bytes", + "either", +] + [[package]] name = "cc" version = "1.2.9" @@ -445,12 +802,22 @@ dependencies = [ "log", "nix 0.26.4", "num", - "num-derive 0.4.2", + "num-derive", "num-traits", "serde", "serde_json", ] +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -468,13 +835,19 @@ dependencies = [ [[package]] name = "crc" -version = "1.8.1" +version = "3.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d663548de7f5cca343f1e0a48d14dcfb0e9eb4e079ec58883b7251539fa10aeb" +checksum = "69e6e4d7b33a94f0991c26729976b10ebde1d34c3ee82408fb536164fa10d636" dependencies = [ - "build_const", + "crc-catalog", ] +[[package]] +name = "crc-catalog" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5" + [[package]] name = "crc32fast" version = "1.4.2" @@ -490,6 +863,16 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + [[package]] name = "ctor" version = "0.2.9" @@ -497,7 +880,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32a2785755761f3ddc1492979ce1e48d2c00d09311c39e4466429188f3dd6501" dependencies = [ "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -521,7 +904,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.11.1", - "syn 2.0.96", + "syn", ] [[package]] @@ -532,7 +915,7 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" dependencies = [ "darling_core", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -560,6 +943,17 @@ dependencies = [ "generic-array", ] +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer 0.10.4", + "crypto-common", + "subtle", +] + [[package]] name = "displaydoc" version = "0.2.5" @@ -568,7 +962,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -582,7 +976,7 @@ dependencies = [ "aws-nitro-enclaves-image-format", "libc", "nix 0.26.4", - "sha2", + "sha2 0.9.9", "tempfile", "vsock", ] @@ -598,7 +992,7 @@ name = "enclave_build" version = "0.1.0" dependencies = [ "aws-nitro-enclaves-image-format", - "base64", + "base64 0.22.1", "bollard", "clap 4.4.18", "flate2", @@ -607,7 +1001,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "sha2", + "sha2 0.9.9", "tar", "tempfile", "tokio", @@ -632,7 +1026,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -794,7 +1188,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -860,6 +1254,25 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" +[[package]] +name = "h2" +version = "0.3.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "futures-sink", + "futures-util", + "http 0.2.12", + "indexmap 2.7.0", + "slab", + "tokio", + "tokio-util", + "tracing", +] + [[package]] name = "half" version = "1.8.3" @@ -984,6 +1397,15 @@ dependencies = [ "tracing", ] +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + [[package]] name = "hostname" version = "0.3.1" @@ -995,6 +1417,17 @@ dependencies = [ "winapi", ] +[[package]] +name = "http" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + [[package]] name = "http" version = "1.2.0" @@ -1006,6 +1439,17 @@ dependencies = [ "itoa", ] +[[package]] +name = "http-body" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +dependencies = [ + "bytes", + "http 0.2.12", + "pin-project-lite", +] + [[package]] name = "http-body" version = "1.0.1" @@ -1013,7 +1457,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", - "http", + "http 1.2.0", ] [[package]] @@ -1024,8 +1468,8 @@ checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" dependencies = [ "bytes", "futures-util", - "http", - "http-body", + "http 1.2.0", + "http-body 1.0.1", "pin-project-lite", ] @@ -1035,12 +1479,42 @@ version = "1.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d71d3574edd2771538b901e6549113b4006ece66150fb69c0fb6d9a2adae946" +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + [[package]] name = "humantime" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "hyper" +version = "0.14.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7" +dependencies = [ + "bytes", + "futures-channel", + "futures-core", + "futures-util", + "h2", + "http 0.2.12", + "http-body 0.4.6", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "socket2", + "tokio", + "tower-service", + "tracing", + "want", +] + [[package]] name = "hyper" version = "1.5.2" @@ -1050,8 +1524,8 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "http", - "http-body", + "http 1.2.0", + "http-body 1.0.1", "httparse", "itoa", "pin-project-lite", @@ -1067,7 +1541,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73b7d8abf35697b81a825e386fc151e0d503e8cb5fcb93cc8669c376dfd6f278" dependencies = [ "hex", - "hyper", + "hyper 1.5.2", "hyper-util", "pin-project-lite", "tokio", @@ -1075,6 +1549,22 @@ dependencies = [ "winapi", ] +[[package]] +name = "hyper-rustls" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +dependencies = [ + "futures-util", + "http 0.2.12", + "hyper 0.14.32", + "log", + "rustls", + "rustls-native-certs", + "tokio", + "tokio-rustls", +] + [[package]] name = "hyper-util" version = "0.1.10" @@ -1084,9 +1574,9 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "http", - "http-body", - "hyper", + "http 1.2.0", + "http-body 1.0.1", + "hyper 1.5.2", "pin-project-lite", "socket2", "tokio", @@ -1102,7 +1592,7 @@ checksum = "acf569d43fa9848e510358c07b80f4adf34084ddc28c6a4a651ee8474c070dcc" dependencies = [ "hex", "http-body-util", - "hyper", + "hyper 1.5.2", "hyper-util", "pin-project-lite", "tokio", @@ -1247,7 +1737,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -1532,13 +2022,13 @@ dependencies = [ "libc", "log", "nix 0.26.4", - "num-derive 0.4.2", + "num-derive", "num-traits", "openssl", "page_size", "serde", "serde_json", - "sha2", + "sha2 0.9.9", "signal-hook", "tempfile", "vmm-sys-util", @@ -1630,17 +2120,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" -[[package]] -name = "num-derive" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d" -dependencies = [ - "proc-macro2", - "quote", - "syn 1.0.109", -] - [[package]] name = "num-derive" version = "0.4.2" @@ -1649,7 +2128,7 @@ checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -1747,9 +2226,15 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] +[[package]] +name = "openssl-probe" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + [[package]] name = "openssl-sys" version = "0.9.104" @@ -1768,6 +2253,12 @@ version = "6.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1" +[[package]] +name = "outref" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e" + [[package]] name = "page_size" version = "0.6.0" @@ -1847,7 +2338,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6924ced06e1f7dfe3fa48d57b9f74f55d8915f5036121bef647ef4b204895fac" dependencies = [ "proc-macro2", - "syn 2.0.96", + "syn", ] [[package]] @@ -1936,6 +2427,12 @@ dependencies = [ "regex-syntax", ] +[[package]] +name = "regex-lite" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a" + [[package]] name = "regex-syntax" version = "0.8.5" @@ -1952,6 +2449,21 @@ dependencies = [ "quick-error", ] +[[package]] +name = "ring" +version = "0.17.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" +dependencies = [ + "cc", + "cfg-if", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys 0.52.0", +] + [[package]] name = "rustc-demangle" version = "0.1.24" @@ -1964,6 +2476,15 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497" +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + [[package]] name = "rustix" version = "0.38.43" @@ -1977,6 +2498,49 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "rustls" +version = "0.21.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" +dependencies = [ + "log", + "ring", + "rustls-webpki", + "sct", +] + +[[package]] +name = "rustls-native-certs" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" +dependencies = [ + "openssl-probe", + "rustls-pemfile", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +dependencies = [ + "base64 0.21.7", +] + +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.19" @@ -1989,12 +2553,60 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +[[package]] +name = "schannel" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "scopeguard" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +name = "security-framework" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" +dependencies = [ + "bitflags 2.7.0", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "semver" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba" + [[package]] name = "serde" version = "1.0.217" @@ -2031,7 +2643,7 @@ checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2054,7 +2666,7 @@ checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2075,7 +2687,7 @@ version = "3.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa" dependencies = [ - "base64", + "base64 0.22.1", "chrono", "hex", "indexmap 1.9.3", @@ -2096,7 +2708,7 @@ dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2117,13 +2729,24 @@ version = "0.9.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" dependencies = [ - "block-buffer", + "block-buffer 0.9.0", "cfg-if", "cpufeatures", - "digest", + "digest 0.9.0", "opaque-debug", ] +[[package]] +name = "sha2" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.7", +] + [[package]] name = "shlex" version = "1.3.0" @@ -2174,6 +2797,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -2193,15 +2822,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] -name = "syn" -version = "1.0.109" +name = "subtle" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -2222,7 +2846,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2282,7 +2906,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2361,10 +2985,33 @@ dependencies = [ "libc", "mio", "pin-project-lite", + "signal-hook-registry", "socket2", + "tokio-macros", "windows-sys 0.52.0", ] +[[package]] +name = "tokio-macros" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls", + "tokio", +] + [[package]] name = "tokio-util" version = "0.7.13" @@ -2403,7 +3050,7 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2433,6 +3080,12 @@ version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "url" version = "2.5.4" @@ -2444,6 +3097,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "urlencoding" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" + [[package]] name = "utf16_iter" version = "1.0.5" @@ -2462,6 +3121,12 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" +[[package]] +name = "uuid" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "744018581f9a3454a9e15beb8a33b017183f1e7c0cd170232a2d1453b23a51c4" + [[package]] name = "vcpkg" version = "0.2.15" @@ -2484,6 +3149,12 @@ dependencies = [ "libc", ] +[[package]] +name = "vsimd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64" + [[package]] name = "vsock" version = "0.3.0" @@ -2550,7 +3221,7 @@ dependencies = [ "log", "proc-macro2", "quote", - "syn 2.0.96", + "syn", "wasm-bindgen-shared", ] @@ -2572,7 +3243,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2813,6 +3484,12 @@ dependencies = [ "rustix", ] +[[package]] +name = "xmlparser" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4" + [[package]] name = "yaml-rust" version = "0.4.5" @@ -2853,7 +3530,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", "synstructure", ] @@ -2875,7 +3552,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] [[package]] @@ -2895,10 +3572,16 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", "synstructure", ] +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" + [[package]] name = "zerovec" version = "0.10.4" @@ -2918,5 +3601,5 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.96", + "syn", ] diff --git a/Cargo.toml b/Cargo.toml index cb73debf..e1d1bb0e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ page_size = "0.6" signal-hook = "0.3" ciborium = "0.2" driver-bindings = { path = "./driver-bindings" } -aws-nitro-enclaves-image-format = "0.2" +aws-nitro-enclaves-image-format = "0.4" eif_loader = { path = "./eif_loader" } enclave_build = { path = "./enclave_build" } openssl = "0.10.66" diff --git a/eif_loader/Cargo.toml b/eif_loader/Cargo.toml index d4cde96d..14157634 100644 --- a/eif_loader/Cargo.toml +++ b/eif_loader/Cargo.toml @@ -8,7 +8,7 @@ rust-version = "1.68" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -aws-nitro-enclaves-image-format = "0.2" +aws-nitro-enclaves-image-format = "0.4" nix = "0.26" libc = "0.2" vsock = "0.3" diff --git a/enclave_build/Cargo.toml b/enclave_build/Cargo.toml index ecadafb6..f6745a2f 100644 --- a/enclave_build/Cargo.toml +++ b/enclave_build/Cargo.toml @@ -21,6 +21,6 @@ url = "2.4" sha2 = "0.9.5" futures = "0.3.28" -aws-nitro-enclaves-image-format = "0.2" +aws-nitro-enclaves-image-format = "0.4" tar = "0.4.40" flate2 = "1.0.28" diff --git a/enclave_build/src/lib.rs b/enclave_build/src/lib.rs index f61b3e6b..83e4fbd7 100644 --- a/enclave_build/src/lib.rs +++ b/enclave_build/src/lib.rs @@ -12,7 +12,9 @@ mod yaml_generator; use aws_nitro_enclaves_image_format::defs::{EifBuildInfo, EifIdentityInfo, EIF_HDR_ARCH_ARM64}; use aws_nitro_enclaves_image_format::utils::identity::parse_custom_metadata; -use aws_nitro_enclaves_image_format::utils::{EifBuilder, SignEnclaveInfo}; +use aws_nitro_enclaves_image_format::utils::{ + EifBuilder, SignKeyData, SignKeyDataInfo, SignKeyInfo, +}; use docker::DockerUtil; use serde_json::json; use sha2::Digest; @@ -31,7 +33,7 @@ pub struct Docker2Eif<'a> { linuxkit_path: String, artifacts_prefix: String, output: &'a mut File, - sign_info: Option, + sign_info: Option, img_name: Option, img_version: Option, metadata_path: Option, @@ -70,6 +72,8 @@ impl<'a> Docker2Eif<'a> { artifacts_prefix: String, certificate_path: &Option, key_path: &Option, + kms_key_id: &Option, + kms_key_region: &Option, img_name: Option, img_version: Option, metadata_path: Option, @@ -98,15 +102,31 @@ impl<'a> Docker2Eif<'a> { } } - let sign_info = match (certificate_path, key_path) { + let sign_key_info = match (kms_key_id, key_path) { (None, None) => None, - (Some(cert_path), Some(key_path)) => Some( - SignEnclaveInfo::new(cert_path, key_path) - .map_err(|err| Docker2EifError::SignImageError(format!("{err:?}")))?, - ), + (Some(kms_id), None) => Some(SignKeyInfo::KmsKeyInfo { + id: kms_id.into(), + region: kms_key_region.clone(), + }), + (None, Some(key_path)) => Some(SignKeyInfo::LocalPrivateKeyInfo { + path: key_path.into(), + }), _ => return Err(Docker2EifError::SignArgsError), }; + let sign_info = sign_key_info + .map(|key_info| { + SignKeyData::new(&SignKeyDataInfo { + cert_path: certificate_path + .as_ref() + .ok_or(Docker2EifError::SignArgsError)? + .into(), + key_info, + }) + .map_err(|_| Docker2EifError::SignArgsError) + }) + .transpose()?; + Ok(Docker2Eif { docker_image, docker, @@ -275,10 +295,15 @@ impl<'a> Docker2Eif<'a> { _ => return Err(Docker2EifError::UnsupportedArchError), }; + // We cannot clone `sign_info` because it might contain a KmsKey object + // which is not copyable. Since `create` is the last method called, we can + // move it out of the struct. + let sign_info = self.sign_info.take(); + let mut build = EifBuilder::new( Path::new(&self.kernel_img_path), self.cmdline.clone(), - self.sign_info.clone(), + sign_info, sha2::Sha384::new(), flags, self.generate_identity_info()?, diff --git a/enclave_build/src/main.rs b/enclave_build/src/main.rs index 06775d93..2ebd6677 100644 --- a/enclave_build/src/main.rs +++ b/enclave_build/src/main.rs @@ -1,7 +1,7 @@ // Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -use clap::{Arg, ArgAction, Command}; +use clap::{Arg, ArgAction, ArgGroup, Command}; use std::fs::OpenOptions; use aws_nitro_enclaves_image_format::generate_build_info; @@ -75,6 +75,23 @@ fn main() { .long("private-key") .help("Specify the path to the private-key"), ) + .arg( + Arg::new("kms-key-id") + .long("kms-key-id") + .help("Specify unique id of the KMS key") + ) + .arg( + Arg::new("kms-key-region") + .long("kms-key-region") + .help("Specify region in which the KMS key resides") + .requires("kms-key-id") + ) + .group( + ArgGroup::new("signing-key") + .args(&["kms-key-id", "private-key"]) + .multiple(false) + .requires("signing-certificate") + ) .arg( Arg::new("build") .short('b') @@ -122,6 +139,10 @@ fn main() { let img_name = matches.get_one::("image_name").map(String::from); let img_version = matches.get_one::("image_version").map(String::from); let metadata = matches.get_one::("metadata").map(String::from); + let kms_key_id = matches.get_one::("kms-key-id").map(String::from); + let kms_key_region = matches + .get_one::("kms-key-region") + .map(String::from); let mut output = OpenOptions::new() .read(true) @@ -142,6 +163,8 @@ fn main() { ".".to_string(), &signing_certificate, &private_key, + &kms_key_id, + &kms_key_region, img_name, img_version, metadata, diff --git a/src/common/commands_parser.rs b/src/common/commands_parser.rs index 913e75b1..c4370952 100644 --- a/src/common/commands_parser.rs +++ b/src/common/commands_parser.rs @@ -108,6 +108,10 @@ pub struct BuildEnclavesArgs { pub signing_certificate: Option, /// The path to the private key for signed enclaves. pub private_key: Option, + /// ID of the KMS key for signed enclaves. + pub kms_key_id: Option, + /// Region of the KMS key for signed enclaves. + pub kms_key_region: Option, /// The name of the enclave image. pub img_name: Option, /// The version of the enclave image. @@ -121,16 +125,18 @@ impl BuildEnclavesArgs { pub fn new_with(args: &ArgMatches) -> NitroCliResult { let signing_certificate = parse_signing_certificate(args); let private_key = parse_private_key(args); + let kms_key_id = parse_kms_key_id(args); + let kms_key_region = parse_kms_key_region(args); - match (&signing_certificate, &private_key) { - (Some(_), None) => { + match (&signing_certificate, &private_key, &kms_key_id) { + (_, Some(_), Some(_)) => { return Err(new_nitro_cli_failure!( - "`private-key` argument not found", - NitroCliErrorEnum::MissingArgument - ) - .add_info(vec!["private-key"])) + "Cannot use both `private-key` and `kms-key-id`", + NitroCliErrorEnum::ConflictingArgument + )) } - (None, Some(_)) => { + (None, None, None) => (), + (None, _, _) => { return Err(new_nitro_cli_failure!( "`signing-certificate` argument not found", NitroCliErrorEnum::MissingArgument @@ -158,6 +164,8 @@ impl BuildEnclavesArgs { })?, signing_certificate, private_key, + kms_key_id, + kms_key_region, img_name: parse_image_name(args), img_version: parse_image_version(args), metadata: parse_metadata(args), @@ -543,6 +551,14 @@ fn parse_private_key(args: &ArgMatches) -> Option { args.get_one::("private-key").map(String::from) } +fn parse_kms_key_id(args: &ArgMatches) -> Option { + args.get_one::("kms-key-id").map(String::from) +} + +fn parse_kms_key_region(args: &ArgMatches) -> Option { + args.get_one::("kms-key-region").map(String::from) +} + fn parse_image_name(args: &ArgMatches) -> Option { args.get_one::("image_name").map(String::from) } @@ -572,7 +588,7 @@ mod tests { use crate::common::construct_error_message; use crate::create_app; - use clap::{Arg, Command}; + use clap::{Arg, ArgGroup, Command}; /// Parse the path of the JSON config file fn parse_config_file(args: &ArgMatches) -> NitroCliResult { diff --git a/src/lib.rs b/src/lib.rs index c9b9a5ef..7c2a53ff 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -58,6 +58,8 @@ pub fn build_enclaves(args: BuildEnclavesArgs) -> NitroCliResult<()> { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -73,6 +75,8 @@ pub fn build_from_docker( output_path: &str, signing_certificate: &Option, private_key: &Option, + kms_key_id: &Option, + kms_key_region: &Option, img_name: &Option, img_version: &Option, metadata_path: &Option, @@ -136,6 +140,8 @@ pub fn build_from_docker( artifacts_path()?, signing_certificate, private_key, + kms_key_id, + kms_key_region, img_name.clone(), img_version.clone(), metadata_path.clone(), @@ -714,6 +720,23 @@ macro_rules! create_app { .long("private-key") .help("Local path to developer's Eliptic Curve private key."), ) + .arg( + Arg::new("kms-key-id") + .long("kms-key-id") + .help("Specify unique id of the KMS key") + ) + .arg( + Arg::new("kms-key-region") + .long("kms-key-region") + .help("Specify region in which the KMS key resides") + .requires("kms-key-id") + ) + .group( + ArgGroup::new("signing-key") + .args(&["kms-key-id", "private-key"]) + .multiple(false) + .requires("signing-certificate") + ) .arg( Arg::new("image_name") .long("name") diff --git a/src/main.rs b/src/main.rs index f4c8cfc8..6adb7972 100644 --- a/src/main.rs +++ b/src/main.rs @@ -8,7 +8,7 @@ extern crate lazy_static; -use clap::{Arg, Command}; +use clap::{Arg, ArgGroup, Command}; use log::info; use std::os::unix::net::UnixStream; diff --git a/tests/test_nitro_cli_args.rs b/tests/test_nitro_cli_args.rs index 023bd1c3..83eabbbd 100644 --- a/tests/test_nitro_cli_args.rs +++ b/tests/test_nitro_cli_args.rs @@ -4,7 +4,7 @@ #[cfg(test)] mod test_nitro_cli_args { - use clap::{Arg, Command}; + use clap::{Arg, ArgGroup, Command}; use nitro_cli::create_app; #[test] diff --git a/tests/tests.rs b/tests/tests.rs index 380ea20d..0d904596 100644 --- a/tests/tests.rs +++ b/tests/tests.rs @@ -81,6 +81,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -100,6 +102,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -111,6 +115,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -142,6 +148,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -153,6 +161,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -171,6 +181,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -182,6 +194,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -246,6 +260,8 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path), private_key: Some(key_path), + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -257,6 +273,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -289,6 +307,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -300,6 +320,8 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.kms_key_id, + &build_args.kms_key_region, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -335,6 +357,8 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path), private_key: Some(key_path), + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -346,6 +370,8 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.kms_key_id, + &build_args.kms_key_region, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -376,6 +402,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -387,6 +415,8 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.kms_key_id, + &build_args.kms_key_region, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -483,6 +513,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -494,6 +526,8 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.kms_key_id, + &build_args.kms_key_region, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -525,6 +559,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -536,6 +572,8 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.kms_key_id, + &build_args.kms_key_region, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -587,6 +625,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -598,6 +638,8 @@ mod tests { &build_args.output, &build_args.signing_certificate, &build_args.private_key, + &build_args.kms_key_id, + &build_args.kms_key_region, &build_args.img_name, &build_args.img_version, &build_args.metadata, @@ -677,6 +719,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -688,6 +732,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -768,6 +814,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: Some("TestName".to_string()), img_version: Some("1.0".to_string()), metadata: Some(meta_path.to_str().unwrap().to_string()), @@ -779,6 +827,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -862,6 +912,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -873,6 +925,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -961,6 +1015,8 @@ mod tests { output: eif_path.to_str().unwrap().to_string(), signing_certificate: None, private_key: None, + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -972,6 +1028,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -1003,6 +1061,8 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path), private_key: Some(key_path), + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -1014,6 +1074,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata, @@ -1045,6 +1107,8 @@ mod tests { output: eif_path, signing_certificate: Some(cert_path.clone()), private_key: Some(key_path), + kms_key_id: None, + kms_key_region: None, img_name: None, img_version: None, metadata: None, @@ -1056,6 +1120,8 @@ mod tests { &args.output, &args.signing_certificate, &args.private_key, + &args.kms_key_id, + &args.kms_key_region, &args.img_name, &args.img_version, &args.metadata,