bottlerocket-os · rpkelly · Jul 26, 2022 · Jun 22, 2022 · etungsten · Jul 26, 2022
diff --git a/sources/Cargo.lock b/sources/Cargo.lock
diff --git a/sources/api/pluto/Cargo.toml b/sources/api/pluto/Cargo.toml
@@ -14,11 +14,13 @@ apiclient = { path = "../apiclient", version = "0.1.0" }
 constants = { path = "../../constants", version = "0.1.0" }
 hyper = "0.14.2"
 hyper-proxy = {  version = "0.9", default-features = false, features = ["rustls"] }
-hyper-rustls = "0.23"
+hyper-rustls = { version = "0.23", default-features = false, features = ["http2", "native-tokio", "tls12", "logging"] }
 imdsclient = { path = "../../imdsclient", version = "0.1.0" }
 models = { path = "../../models", version = "0.1.0" }
-rusoto_core = { version = "0.48.0", default-features = false, features = ["rustls"] }
-rusoto_eks = { version = "0.48.0", default-features = false, features = ["rustls"] }
+aws-config = "0.46.0"
+aws-sdk-eks = "0.16.0"
+aws-types = "0.46.0"
+aws-smithy-client = { version = "0.46.0", default-features = false, features = ["rustls"] }
 serde_json = "1"
 snafu = "0.7"
 tokio = { version = "~1.14", default-features = false, features = ["macros", "rt-multi-thread"] }  # LTS

diff --git a/sources/api/pluto/src/eks.rs b/sources/api/pluto/src/eks.rs
@@ -1,33 +1,24 @@
+use aws_sdk_eks::model::KubernetesNetworkConfigResponse;
+use aws_types::region::Region;
 use hyper::http::uri::InvalidUri;
 use hyper::Uri;
 use hyper_proxy::{Proxy, ProxyConnector};
 use hyper_rustls::HttpsConnectorBuilder;
-use rusoto_core::credential::ChainProvider;
-use rusoto_core::region::ParseRegionError;
-use rusoto_core::{Region, RusotoError};
-use rusoto_eks::{DescribeClusterError, Eks, EksClient, KubernetesNetworkConfigResponse};
 use snafu::{OptionExt, ResultExt, Snafu};
 use std::env;
-use std::str::FromStr;
 
 pub(crate) type ClusterNetworkConfig = KubernetesNetworkConfigResponse;
 
 #[derive(Debug, Snafu)]
 pub(super) enum Error {
     #[snafu(display("Error describing cluster: {}", source))]
     DescribeCluster {
-        source: RusotoError<DescribeClusterError>,
+        source: aws_sdk_eks::types::SdkError<aws_sdk_eks::error::DescribeClusterError>,
     },
 
     #[snafu(display("Missing field '{}' EKS response", field))]
     Missing { field: &'static str },
 
-    #[snafu(display("Unable to parse '{}' as a region: {}", region, source))]
-    RegionParse {
-        region: String,
-        source: ParseRegionError,
-    },
-
     #[snafu(display("Unable to parse '{}' as URI: {}", input, source))]
     UriParse { input: String, source: InvalidUri },
 
@@ -43,8 +34,6 @@ pub(super) async fn get_cluster_network_config(
     region: &str,
     cluster: &str,
 ) -> Result<ClusterNetworkConfig> {
-    let parsed_region = Region::from_str(region).context(RegionParseSnafu { region })?;
-
     // Respect proxy environment variables when making AWS EKS API requests
     let https_proxy = ["https_proxy", "HTTPS_PROXY"]
         .iter()
@@ -57,6 +46,11 @@ pub(super) async fn get_cluster_network_config(
         .find(|env_var| *env_var != Err(env::VarError::NotPresent))
         .and_then(|s| s.ok());
 
+    let config = aws_config::from_env()
+        .region(Region::new(region.to_owned()))
+        .load()
+        .await;
+
     let client = if let Some(https_proxy) = https_proxy {
         // Determines whether a request of a given scheme, host and port should be proxied
         // according to `https_proxy` and `no_proxy`.
@@ -104,17 +98,17 @@ pub(super) async fn get_cluster_network_config(
             .build();
         let proxy_connector =
             ProxyConnector::from_proxy(https_connector, proxy).context(ProxyConnectorSnafu)?;
-        let http_client = rusoto_core::request::HttpClient::from_connector(proxy_connector);
-        EksClient::new_with(http_client, ChainProvider::new(), parsed_region)
+        let http_client = aws_smithy_client::hyper_ext::Adapter::builder().build(proxy_connector);
+        let eks_config = aws_sdk_eks::config::Builder::from(&config).build();
+        aws_sdk_eks::Client::from_conf_conn(eks_config, http_client)
     } else {
-        EksClient::new(parsed_region)
-    };
-    let describe_cluster = rusoto_eks::DescribeClusterRequest {
-        name: cluster.to_owned(),
+        aws_sdk_eks::Client::new(&config)
     };
 
     client
-        .describe_cluster(describe_cluster)
+        .describe_cluster()
+        .name(cluster.to_owned())
+        .send()
         .await
         .context(DescribeClusterSnafu)?
         .cluster

diff --git a/sources/api/pluto/src/main.rs b/sources/api/pluto/src/main.rs
@@ -179,7 +179,7 @@ async fn get_cluster_dns_ip(client: &mut ImdsClient) -> Result<String> {
                 .context(error::EksSnafu)
             {
                 // Derive cluster-dns-ip from the service IPv4 CIDR
-                if let Some(ipv4_cidr) = config.service_ipv_4_cidr {
+                if let Some(ipv4_cidr) = config.service_ipv4_cidr {
                     if let Ok(dns_ip) = get_dns_from_ipv4_cidr(&ipv4_cidr) {
                         return Ok(dns_ip);
                     }

diff --git a/sources/cfsignal/Cargo.toml b/sources/cfsignal/Cargo.toml
@@ -14,8 +14,9 @@ simplelog = "0.12"
 snafu = { version = "0.7" }
 toml = "0.5.1"
 tokio = { version = "~1.14", default-features = false, features = ["macros", "rt-multi-thread"] }
-rusoto_core = { version = "0.48.0", default-features = false, features = ["rustls"] }
-rusoto_cloudformation = { version = "0.48.0", default-features = false, features = ["rustls"] }
+aws-config = "0.46.0"
+aws-sdk-cloudformation = "0.16.0"
+aws-types = "0.46.0"
 imdsclient = { path = "../imdsclient", version = "0.1.0" }
 hyper = "0.14.2"
 

diff --git a/sources/cfsignal/src/cloudformation.rs b/sources/cfsignal/src/cloudformation.rs
@@ -1,10 +1,10 @@
+use std::str::FromStr;
+
 use crate::error::{self, Result};
+use aws_types::region::Region;
 use imdsclient::ImdsClient;
 use log::info;
-use rusoto_cloudformation::{CloudFormation, CloudFormationClient, SignalResourceInput};
-use rusoto_core::Region;
 use snafu::{OptionExt, ResultExt};
-use std::str::FromStr;
 
 /// Signals Cloudformation stack resource
 pub async fn signal_resource(
@@ -21,19 +21,22 @@ pub async fn signal_resource(
         "Region: {:?} - InstanceID: {:?} - Signal: {:?}",
         region, instance_id, status
     );
-
-    let client = CloudFormationClient::new(
-        Region::from_str(&region).context(error::RegionParseSnafu { region })?,
-    );
-    let signal_resource_input = SignalResourceInput {
-        stack_name,
-        logical_resource_id,
-        status,
-        unique_id: instance_id,
-    };
+    let config = aws_config::from_env()
+        .region(Region::new(region.to_owned()))
+        .load()
+        .await;
+    let client = aws_sdk_cloudformation::Client::new(&config);
 
     client
-        .signal_resource(signal_resource_input)
+        .signal_resource()
+        .stack_name(stack_name)
+        .logical_resource_id(logical_resource_id)
+        .status(
+            aws_sdk_cloudformation::model::ResourceSignalStatus::from_str(&status)
+                .context(error::ParseStatusSnafu)?,
+        )
+        .unique_id(instance_id)
+        .send()
         .await
         .context(error::SignalResourceSnafu)?;
 

diff --git a/sources/cfsignal/src/error.rs b/sources/cfsignal/src/error.rs
@@ -35,12 +35,11 @@ pub enum Error {
 
     #[snafu(display("SignalResource request failed: {}", source))]
     SignalResource {
-        source: rusoto_core::RusotoError<rusoto_cloudformation::SignalResourceError>,
+        source: aws_sdk_cloudformation::types::SdkError<
+            aws_sdk_cloudformation::error::SignalResourceError,
+        >,
     },
 
-    #[snafu(display("Unable to parse '{}' as a region: {}", region, source))]
-    RegionParse {
-        region: String,
-        source: rusoto_core::region::ParseRegionError,
-    },
+    #[snafu(display("Failed to parse status: {}", source))]
+    ParseStatus { source: core::convert::Infallible },
 }
diff --git a/sources/clarify.toml b/sources/clarify.toml
@@ -150,6 +150,14 @@ license-files = [
     { path = "LICENSE", hash = 0xfa2cf349 },
 ]
 
+[clarify.unicode-ident]
+expression = "(MIT OR Apache-2.0) AND Unicode-DFS-2016"
+license-files = [
+    { path = "LICENSE-APACHE", hash = 0x24b54f4b },
+    { path = "LICENSE-MIT", hash = 0x386ca1bc },
+    { path = "LICENSE-UNICODE", hash = 0x9698cbbe },
+]
+
 [clarify.vmw_backdoor]
 expression = "MIT OR Apache-2.0"
 license-files = [

diff --git a/sources/deny.toml b/sources/deny.toml
@@ -21,6 +21,9 @@ allow = [
     "Unlicense",
     "Zlib"
 ]
+exceptions = [
+    { name = "unicode-ident", version = "1.0.2", allow = ["MIT", "Apache-2.0", "Unicode-DFS-2016"] },
+]
 
 # https://github.com/hsivonen/encoding_rs The non-test code that isn't generated from the WHATWG data in this crate is
 # under Apache-2.0 OR MIT. Test code is under CC0.
@@ -56,6 +59,10 @@ skip = [
     # older version used by argh_derive and structopt-derive
     { name = "heck", version = "0.3.3" },
 
+    # newer version used by headers
+    # older version used by tungstenite
+    { name = "sha-1", version = "0.9.8" },
+
     # newer version used by model-derive and darling
     # older version used by clap 2.34.0, via cargo-readme
     { name = "strsim", version = "0.8.0" },