Upgrade dino-park-*, actix, chrono, config, etc

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "dino-park-fossil"
-version = "0.1.12"
+version = "0.1.13"
 authors = ["Florian Merz <me@fiji-flo.de>"]
 edition = "2018"
 
@@ -10,22 +10,22 @@ localuserscope = ["dino_park_gate/localuserscope"]
 local-fs = ["async-std"]
 
 [dependencies]
-cis_client = { git = "https://github.com/mozilla-iam/cis_client-rust", tag = "0.7.2", version = "0.7.2", features = ["sync"] }
-cis_profile = { git = "https://github.com/mozilla-iam/cis_profile-rust", tag = "0.4.5", version = "0.4.5", features = ["aws", "vendored"] }
-dino_park_gate = { git = "https://github.com/mozilla-iam/dino-park-gate", tag = "0.8.7", version = "0.8.7" }
-dino_park_trust = { git = "https://github.com/mozilla-iam/dino-park-trust", tag = "0.0.8", version = "0.0.8" }
-dino_park_guard = { git = "https://github.com/mozilla-iam/dino-park-guard", tag = "0.3.5", version = "0.3.5" }
-actix-web = "3"
-actix-multipart = "0.3"
+cis_client = { git = "https://github.com/mozilla-iam/cis_client-rust", tag = "0.9.1", version = "0.9.1", features = ["sync"] }
+cis_profile = { git = "https://github.com/mozilla-iam/cis_profile-rust", tag = "0.6.2", version = "0.6.2", features = ["aws", "vendored"] }
+dino_park_gate = { git = "https://github.com/mozilla-iam/dino-park-gate", tag = "0.10.8", version = "0.10.8" }
+dino_park_trust = { git = "https://github.com/mozilla-iam/dino-park-trust", tag = "0.1.1", version = "0.1.1" }
+dino_park_guard = { git = "https://github.com/mozilla-iam/dino-park-guard", tag = "0.5.7", version = "0.5.7" }
+actix-web = "4.10.2"
+actix-multipart = "0.7"
 bytes = "0.5"
 futures = "0.3"
 log = "0.4"
 env_logger = "0.7"
 serde = "1.0.80"
 serde_json = "1.0.32"
 serde_derive = "1.0.80"
-chrono = "0.4.6"
-config = "0.10"
+chrono = "0.4.38"
+config = "0.12"
 rusoto_core = { version = "0.45", optional = true }
 rusoto_s3 = { version = "0.45", optional = true }
 image = "0.23"
@@ -40,5 +40,5 @@ lodepng = "3"
 byteorder = "1"
 
 [dev-dependencies]
-tokio = "0.2"
-actix-rt = "1"
+tokio = "1"
+actix-rt = "2.10.0"

Dockerfile

@@ -2,14 +2,14 @@ FROM rust:latest
 
 WORKDIR /usr/src/app
 COPY . .
-RUN cargo build --release --target x86_64-unknown-linux-gnu
+RUN cargo build --release
 
-FROM debian:10-slim
+FROM debian:13-slim
 
 RUN apt-get update && apt-get install -y \
     ca-certificates \
  && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /root/
-COPY --from=0 /usr/src/app/target/x86_64-unknown-linux-gnu/release/dino-park-fossil .
-CMD ["./dino-park-fossil"]  
+COPY --from=0 /usr/src/app/target/release/dino-park-fossil .
+CMD ["./dino-park-fossil"]

Dockerfile.local

@@ -1,9 +1,21 @@
-FROM debian:10-slim
+# This is mostly the same as the regular Dockerfile build, except we cache
+# locally.
+FROM rust:latest
+
+WORKDIR /usr/src/app
+COPY . .
+RUN --mount=type=cache,target=/usr/src/app/target/release/build \
+    --mount=type=cache,target=/usr/src/app/target/release/deps \
+    --mount=type=cache,target=/usr/src/app/target/release/incremental \
+    --mount=type=cache,target=/usr/local/cargo/registry \
+    cargo build --release
+
+FROM debian:13-slim
 
 RUN apt-get update && apt-get install -y \
     ca-certificates \
  && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /root/
-COPY target/release/dino-park-fossil .
+COPY --from=0 /usr/src/app/target/release/dino-park-fossil .
 CMD ["./dino-park-fossil"]

buildspec.yml

@@ -8,19 +8,20 @@ phases:
     commands:
       - export COMMIT_SHA=$CODEBUILD_RESOLVED_SOURCE_VERSION
       - export REV=$COMMIT_SHA
-      - export CODEBUILD_WEBHOOK_TRIGGER=${CODEBUILD_WEBHOOK_TRIGGER:-branch/master}
+      - export CODEBUILD_WEBHOOK_TRIGGER=${CODEBUILD_WEBHOOK_TRIGGER:-${MANUAL_DEPLOY_TRIGGER:-branch/master}}
       - export DEPLOY_ENV=$(echo $CODEBUILD_WEBHOOK_TRIGGER | sed -e 's/tag\/.*-\(.*\)/\1/' | sed -e 's/branch\/master/dev/')
       - export PR=$(if case $CODEBUILD_WEBHOOK_TRIGGER in pr/*) ;; *) false;; esac; then echo 1; fi)
       - export MASTER=$(if [ "$CODEBUILD_WEBHOOK_TRIGGER" = "branch/master" ]; then echo 1; fi)
       - export CLUSTER=$(if [ "$DEPLOY_ENV" = "dev" ]; then echo "kubernetes-stage-us-west-2"; else echo "kubernetes-prod-us-west-2"; fi)
+      - export AWS_ACCOUNT_ID="$(aws sts get-caller-identity --query Account --output text)"
+      - export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-west-2}
       - echo "running for ${COMMIT_SHA} in ${DEPLOY_ENV}"
       - aws eks update-kubeconfig --name $CLUSTER
-      - aws ecr get-login --region us-west-2 --no-include-email | bash
+      - aws ecr get-login-password --region "$AWS_DEFAULT_REGION" | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com"
       - echo $DOCKERHUB_PASSWORD | docker login -u $DOCKERHUB_USERNAME --password-stdin 
   build:
     commands:
-      - if [ "$PR" = 1 ]; then ./do.sh package_local; fi
-      - if [ "$MASTER" = 1 ]; then ./do.sh package_local && ./do.sh push_image; fi
+      - if [ "$MASTER" = 1 ]; then ./do.sh docker_build && ./do.sh push_image; fi
   post_build:
     commands:
       - echo "Environment is ${DEPLOY_ENV}"

ci/install_deps.sh

@@ -1,29 +1,4 @@
-export RUSTUP_HOME=/usr/local/rustup
-export CARGO_HOME=/usr/local/cargo
-export PATH=/usr/local/cargo/bin:$PATH
-export RUST_VERSION=1.60.0
 export DESIRED_VERSION="v3.5.4"
-
 set -eux
-dpkgArch="$(dpkg --print-architecture)"
-case "${dpkgArch##*-}" in
-    amd64) rustArch='x86_64-unknown-linux-gnu'; rustupSha256='49c96f3f74be82f4752b8bffcf81961dea5e6e94ce1ccba94435f12e871c3bdb' ;;
-    armhf) rustArch='armv7-unknown-linux-gnueabihf'; rustupSha256='5a2be2919319e8778698fa9998002d1ec720efe7cb4f6ee4affb006b5e73f1be' ;;
-    arm64) rustArch='aarch64-unknown-linux-gnu'; rustupSha256='d93ef6f91dab8299f46eef26a56c2d97c66271cea60bf004f2f088a86a697078' ;;
-    i386) rustArch='i686-unknown-linux-gnu'; rustupSha256='e3d0ae3cfce5c6941f74fed61ca83e53d4cd2deb431b906cbd0687f246efede4' ;;
-    *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;;
-esac;
-url="https://static.rust-lang.org/rustup/archive/1.22.1/${rustArch}/rustup-init";
-wget --no-verbose "$url"
-echo "${rustupSha256} *rustup-init" | sha256sum -c -
-chmod +x rustup-init
-./rustup-init -y --no-modify-path --default-toolchain $RUST_VERSION
-rm rustup-init
-chmod -R a+w $RUSTUP_HOME $CARGO_HOME
-rustup --version
-cargo --version
-rustc --version
-
-rustup target add x86_64-unknown-linux-gnu
 HELM_INSTALL_DIR=/bin
 curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash

dev/docker-compose.yml

@@ -0,0 +1,14 @@
+# This is used for local development only.
+
+services:
+  fossil:
+    image: dino-park-fossil:development
+    build:
+      context: ../
+      dockerfile: Dockerfile.local
+    environment:
+      DPF_SETTINGS: /root/.settings.json
+    volumes:
+    - ../dev/settings.json:/root/.settings.json
+    ports:
+    - 127.0.0.1:8083:8083

dev/settings.json

@@ -0,0 +1,35 @@
+{
+  "comment": [
+    "DEBT: The config parser expects all keys to be defined. It does not use",
+    "the fallback to using the default values on `None`. This comment section",
+    "is also a hack.",
+    "See also:",
+    "* src/settings.rs;",
+    "* the `config` dependency."
+  ],
+  "auth": "https://dev.mozilla-dev.auth0.com",
+  "cis": {
+    "client_config": {
+      "client_id": "",
+      "client_secret": "",
+      "audience": "",
+      "token_endpoint": "https://idp",
+      "scopes": ""
+    },
+    "sign_keys": {
+      "source": "none"
+    },
+    "verify_keys": {
+      "source": "none"
+    },
+    "person_api_user_endpoint": "https://person-api.cis",
+    "person_api_users_endpoint": "https://person-api.cis",
+    "change_api_user_endpoint": "https://change-api.cis",
+    "change_api_users_endpoint": "https://change-api.cis"
+  },
+  "avatar": {
+    "s3_bucket": "cis-testing-avatars",
+    "retrieve_by_id_path": "/avatar/get/id/",
+    "picture_api_url": "https://picture.api.dev.sso.allizom.org"
+  }
+}

do.sh

@@ -6,23 +6,10 @@ NAME=dino-park-fossil
 DOCKER_REGISTRY=320464205386.dkr.ecr.us-west-2.amazonaws.com
 REV=${REV:-latest}
 
-compile_release() {
-  cargo build --release
-}
-
-docker_build_local() {
-  docker build -t ${DOCKER_REGISTRY}/${NAME}:${REV} -f Dockerfile.local .
-}
-
 docker_build() {
   docker build -t ${DOCKER_REGISTRY}/${NAME}:${REV} -f Dockerfile .
 }
 
-package_local() {
-  compile_release
-  docker_build_local
-}
-
 push_image() {
   docker push ${DOCKER_REGISTRY}/${NAME}:${REV}
 }

src/error.rs

@@ -1,3 +1,8 @@
+// DEBT: Quoting the lint:
+//     non-local `impl` definition, `impl` blocks should be written at the same
+//     level as their item
+#![allow(non_local_definitions)]
+
 use actix_web::error::ResponseError;
 use actix_web::HttpResponse;
 use dino_park_trust::GroupsTrustError;

src/main.rs

@@ -24,11 +24,10 @@ use retrieve::app::retrieve_app;
 use send::app::internal_send_app;
 use send::app::send_app;
 use std::io::Error;
-use std::io::ErrorKind;
 use std::sync::Mutex;
 
 fn map_io_err(e: impl Into<failure::Error>) -> Error {
-    Error::new(ErrorKind::Other, e.into())
+    Error::other(e.into())
 }
 
 #[actix_web::main]

src/retrieve/app.rs

@@ -2,10 +2,9 @@ use crate::retrieve::retriever::retrieve_avatar_from_store;
 use crate::retrieve::uuid::get_uuid;
 use crate::settings::AvatarSettings;
 use crate::storage::loader::Loader;
-use actix_web::dev::BodyEncoding;
 use actix_web::dev::HttpServiceFactory;
 use actix_web::error;
-use actix_web::http::ContentEncoding;
+use actix_web::http::header::{ContentEncoding, ContentType};
 use actix_web::web;
 use actix_web::web::Data;
 use actix_web::web::Path;
@@ -65,8 +64,8 @@ async fn retrieve_avatar<T: AsyncCisClientTrait + Clone, L: Loader>(
     .await
     .map_err(error::ErrorNotFound)?;
     Ok(HttpResponse::Ok()
-        .encoding(ContentEncoding::Identity)
-        .header("content-type", "image/png")
+        .insert_header(ContentEncoding::Identity)
+        .insert_header(ContentType::png())
         .body(b))
 }
 

src/retrieve/retriever.rs

@@ -1,3 +1,8 @@
+// DEBT: Quoting the lint:
+//     non-local `impl` definition, `impl` blocks should be written at the same
+//     level as their item
+#![allow(non_local_definitions)]
+
 use crate::settings::AvatarSettings;
 use crate::storage::loader::Loader;
 use crate::storage::name::uuid_hash;
@@ -63,7 +68,7 @@ mod test {
     }
 
     impl Loader for DummyLoader {
-        fn load(&self, name: &str, size: &str, _: &str) -> BoxFuture<Result<Vec<u8>, Error>> {
+        fn load(&self, name: &str, size: &str, _: &str) -> BoxFuture<'_, Result<Vec<u8>, Error>> {
             let ret = if name != self.name {
                 Err(format_err!("404"))
             } else {

src/retrieve/uuid.rs

@@ -19,11 +19,7 @@ pub async fn get_uuid<T: AsyncCisClientTrait>(
     let user_id_f = user_id.to_owned();
     let cache_f = Arc::clone(cache);
 
-    if let Some(Some(uuid)) = cache
-        .try_lock()
-        .ok()
-        .map(|mut c| c.get(user_id).map(Clone::clone))
-    {
+    if let Some(Some(uuid)) = cache.try_lock().ok().map(|mut c| c.get(user_id).cloned()) {
         Ok(Some(uuid))
     } else {
         let p = cis_client

src/send/app.rs

@@ -33,6 +33,8 @@ pub struct Save {
     pub old_url: Option<String>,
 }
 
+// DEBT: Remove allow `dead_code` after IAM-1908.
+#[allow(dead_code)]
 #[derive(Deserialize)]
 pub struct Avatar {
     pub data_uri: String,

src/send/sender.rs

@@ -1,3 +1,8 @@
+// DEBT: Quoting the lint:
+//     non-local `impl` definition, `impl` blocks should be written at the same
+//     level as their item
+#![allow(non_local_definitions)]
+
 use crate::send::app::ChangeDisplay;
 use crate::send::app::Save;
 use crate::send::operations::delete;
@@ -146,28 +151,28 @@ mod test {
         save: bool,
     }
     impl Saver for DummySaver {
-        fn save(&self, _: &str, _: &str, _: &str, _: Vec<u8>) -> BoxFuture<Result<(), Error>> {
+        fn save(&self, _: &str, _: &str, _: &str, _: Vec<u8>) -> BoxFuture<'_, Result<(), Error>> {
             let ret = match self.save {
                 true => Ok(()),
                 false => Err(format_err!("doom")),
             };
             Box::pin(async move { ret })
         }
-        fn delete(&self, _: &str, _: &str, _: &str) -> BoxFuture<Result<(), Error>> {
+        fn delete(&self, _: &str, _: &str, _: &str) -> BoxFuture<'_, Result<(), Error>> {
             let ret = match self.delete {
                 true => Ok(()),
                 false => Err(format_err!("doom")),
             };
             Box::pin(async move { ret })
         }
-        fn delete_many(&self, _: &[String], _: &str, _: &str) -> BoxFuture<Result<(), Error>> {
+        fn delete_many(&self, _: &[String], _: &str, _: &str) -> BoxFuture<'_, Result<(), Error>> {
             let ret = match self.delete {
                 true => Ok(()),
                 false => Err(format_err!("doom")),
             };
             Box::pin(async move { ret })
         }
-        fn save_tmp(&self, _: &str, _: Vec<u8>) -> BoxFuture<Result<String, Error>> {
+        fn save_tmp(&self, _: &str, _: Vec<u8>) -> BoxFuture<'_, Result<String, Error>> {
             Box::pin(async { Ok(String::from("936DA01F9ABD4d9d80C702AF85C822A8")) })
         }
     }

src/settings.rs

@@ -20,9 +20,10 @@ pub struct Settings {
 impl Settings {
     pub fn new() -> Result<Self, ConfigError> {
         let file = env::var("DPF_SETTINGS").unwrap_or_else(|_| String::from(".settings.json"));
-        let mut s = Config::new();
-        s.merge(File::with_name(&file))?;
-        s.merge(Environment::new().separator("__").prefix("dp"))?;
-        s.try_into()
+        Config::builder()
+            .add_source(File::with_name(&file))
+            .add_source(Environment::with_prefix("DP").separator("__"))
+            .build()?
+            .try_deserialize::<Settings>()
     }
 }

src/storage/loader/filesystem.rs

@@ -11,7 +11,12 @@ pub struct FilesystemLoader {
 }
 
 impl Loader for FilesystemLoader {
-    fn load(&self, name: &str, prefix: &str, bucket: &str) -> BoxFuture<Result<Vec<u8>, Error>> {
+    fn load(
+        &self,
+        name: &str,
+        prefix: &str,
+        bucket: &str,
+    ) -> BoxFuture<'_, Result<Vec<u8>, Error>> {
         info!("reading file in bucket '{}'", bucket);
 
         let path = self.path.join(bucket).join(format!("{prefix}-{name}"));

src/storage/loader/mod.rs

@@ -8,5 +8,6 @@ use failure::Error;
 use futures::future::BoxFuture;
 
 pub trait Loader: Sync + Send + Sized {
-    fn load(&self, name: &str, prefix: &str, bucket: &str) -> BoxFuture<Result<Vec<u8>, Error>>;
+    fn load(&self, name: &str, prefix: &str, bucket: &str)
+        -> BoxFuture<'_, Result<Vec<u8>, Error>>;
 }