From a2026dd5a19717768a9f7e65d858182e1c0c867b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arpad=20M=C3=BCller?= Date: Sat, 25 May 2024 00:25:33 +0200 Subject: [PATCH 1/3] Drop postgres-native-tls in favour of tokio-postgres-rustls --- Cargo.lock | 25 ++----- Cargo.toml | 7 +- proxy/Cargo.toml | 2 +- proxy/src/compute.rs | 76 ++++++++++++++++++--- s3_scrubber/Cargo.toml | 4 +- s3_scrubber/src/scan_safekeeper_metadata.rs | 9 ++- 6 files changed, 88 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d8f9021eb8..39bf74047a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4105,17 +4105,6 @@ dependencies = [ "tokio-postgres", ] -[[package]] -name = "postgres-native-tls" -version = "0.5.0" -source = "git+https://github.com/neondatabase/rust-postgres.git?branch=neon#20031d7a9ee1addeae6e0968e3899ae6bf01cee2" -dependencies = [ - "native-tls", - "tokio", - "tokio-native-tls", - "tokio-postgres", -] - [[package]] name = "postgres-protocol" version = "0.6.4" @@ -4431,7 +4420,6 @@ dependencies = [ "parquet_derive", "pbkdf2", "pin-project-lite", - "postgres-native-tls", "postgres-protocol", "postgres_backend", "pq_proto", @@ -4479,7 +4467,7 @@ dependencies = [ "utils", "uuid", "walkdir", - "webpki-roots 0.25.2", + "webpki-roots 0.26.1", "workspace_hack", "x509-parser", ] @@ -5235,17 +5223,18 @@ dependencies = [ "native-tls", "pageserver", "pageserver_api", - "postgres-native-tls", "postgres_ffi", "rand 0.8.5", "remote_storage", "reqwest 0.12.4", + "rustls 0.22.4", "serde", "serde_json", "serde_with", "thiserror", "tokio", "tokio-postgres", + "tokio-postgres-rustls", "tokio-rustls 0.25.0", "tokio-stream", "tokio-util", @@ -5253,6 +5242,7 @@ dependencies = [ "tracing-appender", "tracing-subscriber", "utils", + "webpki-roots 0.26.1", "workspace_hack", ] @@ -6336,10 +6326,7 @@ dependencies = [ [[package]] name = "tokio-postgres-rustls" version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea13f22eda7127c827983bdaf0d7fff9df21c8817bab02815ac277a21143677" dependencies = [ - "futures", "ring 0.17.6", "rustls 0.22.4", "tokio", @@ -7629,9 +7616,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" dependencies = [ "zeroize_derive", ] diff --git a/Cargo.toml b/Cargo.toml index 0887c039f8..47d8ac2f1e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -173,7 +173,7 @@ tikv-jemalloc-ctl = "0.5" tokio = { version = "1.17", features = ["macros"] } tokio-epoll-uring = { git = "https://github.com/neondatabase/tokio-epoll-uring.git" , branch = "main" } tokio-io-timeout = "1.2.0" -tokio-postgres-rustls = "0.11.0" +#tokio-postgres-rustls = "0.11.0" tokio-rustls = "0.25" tokio-stream = "0.1" tokio-tar = "0.3" @@ -191,7 +191,7 @@ url = "2.2" urlencoding = "2.1" uuid = { version = "1.6.1", features = ["v4", "v7", "serde"] } walkdir = "2.3.2" -webpki-roots = "0.25" +webpki-roots = "0.26" x509-parser = "0.15" ## TODO replace this with tracing @@ -200,7 +200,8 @@ log = "0.4" ## Libraries from neondatabase/ git forks, ideally with changes to be upstreamed postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } -postgres-native-tls = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } +#postgres-native-tls = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } +tokio-postgres-rustls = {path = "../tokio-postgres-rustls"} postgres-protocol = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } postgres-types = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } tokio-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml index 7da0763bc1..852ccd688a 100644 --- a/proxy/Cargo.toml +++ b/proxy/Cargo.toml @@ -82,6 +82,7 @@ thiserror.workspace = true tikv-jemallocator.workspace = true tikv-jemalloc-ctl = { workspace = true, features = ["use_std"] } tokio-postgres.workspace = true +tokio-postgres-rustls.workspace = true tokio-rustls.workspace = true tokio-util.workspace = true tokio = { workspace = true, features = ["signal"] } @@ -97,7 +98,6 @@ uuid.workspace = true webpki-roots.workspace = true x509-parser.workspace = true native-tls.workspace = true -postgres-native-tls.workspace = true postgres-protocol.workspace = true redis.workspace = true diff --git a/proxy/src/compute.rs b/proxy/src/compute.rs index 4433b3c1c2..c7e2b99c15 100644 --- a/proxy/src/compute.rs +++ b/proxy/src/compute.rs @@ -11,10 +11,12 @@ use crate::{ use futures::{FutureExt, TryFutureExt}; use itertools::Itertools; use pq_proto::StartupMessageParams; -use std::{io, net::SocketAddr, time::Duration}; +use rustls::{client::danger::ServerCertVerifier, pki_types::InvalidDnsNameError}; +use std::{io, net::SocketAddr, sync::Arc, time::Duration}; use thiserror::Error; use tokio::net::TcpStream; use tokio_postgres::tls::MakeTlsConnect; +use tokio_postgres_rustls::MakeRustlsConnect; use tracing::{error, info, warn}; const COULD_NOT_CONNECT: &str = "Couldn't connect to compute node"; @@ -30,7 +32,7 @@ pub enum ConnectionError { CouldNotConnect(#[from] io::Error), #[error("{COULD_NOT_CONNECT}: {0}")] - TlsError(#[from] native_tls::Error), + TlsError(#[from] InvalidDnsNameError), #[error("{COULD_NOT_CONNECT}: {0}")] WakeComputeError(#[from] WakeComputeError), @@ -257,7 +259,7 @@ pub struct PostgresConnection { /// Socket connected to a compute node. pub stream: tokio_postgres::maybe_tls_stream::MaybeTlsStream< tokio::net::TcpStream, - postgres_native_tls::TlsStream, + tokio_postgres_rustls::RustlsStream, >, /// PostgreSQL connection parameters. pub params: std::collections::HashMap, @@ -282,12 +284,24 @@ impl ConnCfg { let (socket_addr, stream, host) = self.connect_raw(timeout).await?; drop(pause); - let tls_connector = native_tls::TlsConnector::builder() - .danger_accept_invalid_certs(allow_self_signed_compute) - .build() - .unwrap(); - let mut mk_tls = postgres_native_tls::MakeTlsConnector::new(tls_connector); - let tls = MakeTlsConnect::::make_tls_connect(&mut mk_tls, host)?; + let client_config = if allow_self_signed_compute { + let verifier = Arc::new(AcceptEverythingVerifier) as Arc; + rustls::ClientConfig::builder() + .dangerous() + .with_custom_certificate_verifier(verifier) + } else { + let root_store = rustls::RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(), + }; + rustls::ClientConfig::builder().with_root_certificates(root_store) + }; + let client_config = client_config.with_no_client_auth(); + + let mut mk_tls = tokio_postgres_rustls::MakeRustlsConnect::new(client_config); + let tls = >::make_tls_connect( + &mut mk_tls, + host, + )?; // connect_raw() will not use TLS if sslmode is "disable" let pause = ctx.latency_timer.pause(crate::metrics::Waiting::Compute); @@ -340,6 +354,50 @@ fn filtered_options(params: &StartupMessageParams) -> Option { Some(options) } +#[derive(Debug)] +struct AcceptEverythingVerifier; +impl ServerCertVerifier for AcceptEverythingVerifier { + fn supported_verify_schemes(&self) -> Vec { + use rustls::SignatureScheme::*; + // The schemes for which `SignatureScheme::supported_in_tls13` returns true. + vec![ + ECDSA_NISTP521_SHA512, + ECDSA_NISTP384_SHA384, + ECDSA_NISTP256_SHA256, + RSA_PSS_SHA512, + RSA_PSS_SHA384, + RSA_PSS_SHA256, + ED25519, + ] + } + fn verify_server_cert( + &self, + _end_entity: &rustls::pki_types::CertificateDer<'_>, + _intermediates: &[rustls::pki_types::CertificateDer<'_>], + _server_name: &rustls::pki_types::ServerName<'_>, + _ocsp_response: &[u8], + _now: rustls::pki_types::UnixTime, + ) -> Result { + Ok(rustls::client::danger::ServerCertVerified::assertion()) + } + fn verify_tls12_signature( + &self, + _message: &[u8], + _cert: &rustls::pki_types::CertificateDer<'_>, + _dss: &rustls::DigitallySignedStruct, + ) -> Result { + Ok(rustls::client::danger::HandshakeSignatureValid::assertion()) + } + fn verify_tls13_signature( + &self, + _message: &[u8], + _cert: &rustls::pki_types::CertificateDer<'_>, + _dss: &rustls::DigitallySignedStruct, + ) -> Result { + Ok(rustls::client::danger::HandshakeSignatureValid::assertion()) + } +} + #[cfg(test)] mod tests { use super::*; diff --git a/s3_scrubber/Cargo.toml b/s3_scrubber/Cargo.toml index dd5d453a2b..9a578bc20f 100644 --- a/s3_scrubber/Cargo.toml +++ b/s3_scrubber/Cargo.toml @@ -23,7 +23,7 @@ workspace_hack.workspace = true utils.workspace = true async-stream.workspace = true native-tls.workspace = true -postgres-native-tls.workspace = true +tokio-postgres-rustls.workspace = true postgres_ffi.workspace = true tokio-stream.workspace = true tokio-postgres.workspace = true @@ -31,6 +31,8 @@ tokio-util = { workspace = true } futures-util.workspace = true itertools.workspace = true camino.workspace = true +rustls.workspace = true +webpki-roots.workspace = true tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } chrono = { workspace = true, default-features = false, features = ["clock", "serde"] } diff --git a/s3_scrubber/src/scan_safekeeper_metadata.rs b/s3_scrubber/src/scan_safekeeper_metadata.rs index 73dd49ceb5..491044974e 100644 --- a/s3_scrubber/src/scan_safekeeper_metadata.rs +++ b/s3_scrubber/src/scan_safekeeper_metadata.rs @@ -71,8 +71,13 @@ pub async fn scan_safekeeper_metadata( bucket_config.bucket, bucket_config.region, dump_db_table ); // Use the native TLS implementation (Neon requires TLS) - let tls_connector = - postgres_native_tls::MakeTlsConnector::new(native_tls::TlsConnector::new().unwrap()); + let root_store = rustls::RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(), + }; + let client_config = rustls::ClientConfig::builder() + .with_root_certificates(root_store) + .with_no_client_auth(); + let tls_connector = tokio_postgres_rustls::MakeRustlsConnect::new(client_config); let (client, connection) = tokio_postgres::connect(&dump_db_connstr, tls_connector).await?; // The connection object performs the actual communication with the database, // so spawn it off to run on its own. From 4eb9c4eff31480a02b7ad6262a6cbe905a4b7d13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arpad=20M=C3=BCller?= Date: Sat, 25 May 2024 00:29:02 +0200 Subject: [PATCH 2/3] Remove all direct dependencies of native-tls --- Cargo.lock | 2 -- Cargo.toml | 1 - proxy/Cargo.toml | 1 - s3_scrubber/Cargo.toml | 1 - 4 files changed, 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39bf74047a..7aecab2ea6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4412,7 +4412,6 @@ dependencies = [ "md5", "measured", "metrics", - "native-tls", "once_cell", "opentelemetry", "parking_lot 0.12.1", @@ -5220,7 +5219,6 @@ dependencies = [ "hex", "histogram", "itertools", - "native-tls", "pageserver", "pageserver_api", "postgres_ffi", diff --git a/Cargo.toml b/Cargo.toml index 47d8ac2f1e..8c8bb73913 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -200,7 +200,6 @@ log = "0.4" ## Libraries from neondatabase/ git forks, ideally with changes to be upstreamed postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } -#postgres-native-tls = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } tokio-postgres-rustls = {path = "../tokio-postgres-rustls"} postgres-protocol = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } postgres-types = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml index 852ccd688a..b62d3bacad 100644 --- a/proxy/Cargo.toml +++ b/proxy/Cargo.toml @@ -97,7 +97,6 @@ utils.workspace = true uuid.workspace = true webpki-roots.workspace = true x509-parser.workspace = true -native-tls.workspace = true postgres-protocol.workspace = true redis.workspace = true diff --git a/s3_scrubber/Cargo.toml b/s3_scrubber/Cargo.toml index 9a578bc20f..ce2e6c8b71 100644 --- a/s3_scrubber/Cargo.toml +++ b/s3_scrubber/Cargo.toml @@ -22,7 +22,6 @@ serde_with.workspace = true workspace_hack.workspace = true utils.workspace = true async-stream.workspace = true -native-tls.workspace = true tokio-postgres-rustls.workspace = true postgres_ffi.workspace = true tokio-stream.workspace = true From a356cf2a56ca99575a6ce77ea974b0f37caba06d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arpad=20M=C3=BCller?= Date: Sat, 25 May 2024 01:40:50 +0200 Subject: [PATCH 3/3] wip --- Cargo.lock | 126 ++------------------------- Cargo.toml | 16 ++-- compute_tools/Cargo.toml | 2 +- control_plane/Cargo.toml | 2 +- control_plane/storcon_cli/Cargo.toml | 2 +- pageserver/Cargo.toml | 2 +- pageserver/client/Cargo.toml | 2 +- safekeeper/Cargo.toml | 2 +- storage_controller/Cargo.toml | 2 +- workspace_hack/Cargo.toml | 2 +- 10 files changed, 23 insertions(+), 135 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7aecab2ea6..0e568ebec0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -734,8 +734,6 @@ dependencies = [ [[package]] name = "azure_core" version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70fd680c0d0424a518229b1150922f92653ba2ac933aa000abc8bf1ca08105f7" dependencies = [ "async-trait", "base64 0.21.1", @@ -764,8 +762,6 @@ dependencies = [ [[package]] name = "azure_identity" version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6d2060f5b2e1c664026ca4edd561306c473be887c1f7a81f10bf06f9b71c63f" dependencies = [ "async-lock", "async-trait", @@ -784,8 +780,6 @@ dependencies = [ [[package]] name = "azure_storage" version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15d3da73bfa09350e1bd6ae2a260806fcf90048c7e78cd2d8f88be60b19a7266" dependencies = [ "RustyXML", "async-lock", @@ -803,8 +797,6 @@ dependencies = [ [[package]] name = "azure_storage_blobs" version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "149c21834a4105d761e3dd33d91c2a3064acc05a3c978848ea8089102ae45c94" dependencies = [ "RustyXML", "azure_core", @@ -824,8 +816,6 @@ dependencies = [ [[package]] name = "azure_svc_blobstorage" version = "0.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88c888b7bf522d5405218b8613bf0fae7ddaae6ef3bf4ad42ae005993c96ab8b" dependencies = [ "azure_core", "bytes", @@ -1976,21 +1966,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "form_urlencoded" version = "1.1.0" @@ -2620,19 +2595,6 @@ dependencies = [ "tokio-io-timeout", ] -[[package]] -name = "hyper-tls" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" -dependencies = [ - "bytes", - "hyper 0.14.26", - "native-tls", - "tokio", - "tokio-native-tls", -] - [[package]] name = "hyper-util" version = "0.1.3" @@ -3168,24 +3130,6 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" -[[package]] -name = "native-tls" -version = "0.2.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" -dependencies = [ - "lazy_static", - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - [[package]] name = "nix" version = "0.25.1" @@ -3414,55 +3358,15 @@ version = "11.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" -[[package]] -name = "openssl" -version = "0.10.60" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79a4c6c3a2b158f7f8f2a2fc5a969fa3a068df6fc9dbb4a43845436e3af7c800" -dependencies = [ - "bitflags 2.4.1", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.52", -] - [[package]] name = "openssl-probe" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" -[[package]] -name = "openssl-sys" -version = "0.9.96" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3812c071ba60da8b5677cc12bcb1d42989a65553772897a7e0355545a819838f" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "opentelemetry" version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54" dependencies = [ "opentelemetry_api", "opentelemetry_sdk", @@ -3471,8 +3375,6 @@ dependencies = [ [[package]] name = "opentelemetry-http" version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7594ec0e11d8e33faf03530a4c49af7064ebba81c1480e01be67d90b356508b" dependencies = [ "async-trait", "bytes", @@ -3484,8 +3386,6 @@ dependencies = [ [[package]] name = "opentelemetry-otlp" version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e5e5a5c4135864099f3faafbe939eb4d7f9b80ebf68a8448da961b32a7c1275" dependencies = [ "async-trait", "futures-core", @@ -3505,8 +3405,6 @@ dependencies = [ [[package]] name = "opentelemetry-proto" version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1e3f814aa9f8c905d0ee4bde026afd3b2577a97c10e1699912e3e44f0c4cbeb" dependencies = [ "opentelemetry_api", "opentelemetry_sdk", @@ -3517,8 +3415,6 @@ dependencies = [ [[package]] name = "opentelemetry-semantic-conventions" version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73c9f9340ad135068800e7f1b24e9e09ed9e7143f5bf8518ded3d3ec69789269" dependencies = [ "opentelemetry", ] @@ -3526,8 +3422,6 @@ dependencies = [ [[package]] name = "opentelemetry_api" version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a81f725323db1b1206ca3da8bb19874bbd3f57c3bcd59471bfb04525b265b9b" dependencies = [ "futures-channel", "futures-util", @@ -3542,8 +3436,6 @@ dependencies = [ [[package]] name = "opentelemetry_sdk" version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa8e705a0612d48139799fcbaba0d4a90f06277153e43dd2bdc16c6f0edd8026" dependencies = [ "async-trait", "crossbeam-channel", @@ -4773,20 +4665,21 @@ dependencies = [ "http 0.2.9", "http-body 0.4.5", "hyper 0.14.26", - "hyper-tls", + "hyper-rustls 0.24.0", "ipnet", "js-sys", "log", "mime", - "native-tls", "once_cell", "percent-encoding", "pin-project-lite", + "rustls 0.21.11", + "rustls-pemfile 1.0.2", "serde", "serde_json", "serde_urlencoded", "tokio", - "tokio-native-tls", + "tokio-rustls 0.24.0", "tokio-util", "tower-service", "url", @@ -4794,6 +4687,7 @@ dependencies = [ "wasm-bindgen-futures", "wasm-streams 0.3.0", "web-sys", + "webpki-roots 0.25.2", "winreg 0.50.0", ] @@ -6288,16 +6182,6 @@ dependencies = [ "syn 2.0.52", ] -[[package]] -name = "tokio-native-tls" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" -dependencies = [ - "native-tls", - "tokio", -] - [[package]] name = "tokio-postgres" version = "0.7.7" diff --git a/Cargo.toml b/Cargo.toml index 8c8bb73913..c980b03296 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -46,10 +46,10 @@ anyhow = { version = "1.0", features = ["backtrace"] } arc-swap = "1.6" async-compression = { version = "0.4.0", features = ["tokio", "gzip", "zstd"] } atomic-take = "1.1.0" -azure_core = "0.19" -azure_identity = "0.19" -azure_storage = "0.19" -azure_storage_blobs = "0.19" +azure_core = { path = "../azure-sdk-for-rust/sdk/core" } # "0.19" +azure_identity = { path = "../azure-sdk-for-rust/sdk/identity" } # "0.19" +azure_storage = { path = "../azure-sdk-for-rust/sdk/storage" } # "0.19" +azure_storage_blobs = { path = "../azure-sdk-for-rust/sdk/storage_blobs" } # "0.19" flate2 = "1.0.26" async-stream = "0.3" async-trait = "0.1" @@ -114,14 +114,13 @@ md5 = "0.7.0" measured = { version = "0.0.21", features=["lasso"] } measured-process = { version = "0.0.21" } memoffset = "0.8" -native-tls = "0.2" nix = { version = "0.27", features = ["fs", "process", "socket", "signal", "poll"] } notify = "6.0.0" num_cpus = "1.15" num-traits = "0.2.15" once_cell = "1.13" opentelemetry = "0.20.0" -opentelemetry-otlp = { version = "0.13.0", default_features=false, features = ["http-proto", "trace", "http", "reqwest-client"] } +opentelemetry-otlp = { path="../opentelemetry-rust/opentelemetry-otlp", default_features=false, features = ["http-proto", "trace", "http", "reqwest-client"] } opentelemetry-semantic-conventions = "0.12.0" parking_lot = "0.12" parquet = { version = "51.0.0", default-features = false, features = ["zstd"] } @@ -241,6 +240,11 @@ tonic-build = "0.9" [patch.crates-io] +opentelemetry_api = { path = "../opentelemetry-rust/opentelemetry-api" } +opentelemetry_sdk = { path = "../opentelemetry-rust/opentelemetry-sdk" } +opentelemetry-semantic-conventions = { path = "../opentelemetry-rust/opentelemetry-semantic-conventions" } +opentelemetry = { path = "../opentelemetry-rust/opentelemetry" } + # This is only needed for proxy's tests. # TODO: we should probably fork `tokio-postgres-rustls` instead. tokio-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch="neon" } diff --git a/compute_tools/Cargo.toml b/compute_tools/Cargo.toml index 8f96530a9d..9d1f6585e9 100644 --- a/compute_tools/Cargo.toml +++ b/compute_tools/Cargo.toml @@ -23,7 +23,7 @@ serde.workspace = true serde_json.workspace = true signal-hook.workspace = true tar.workspace = true -reqwest = { workspace = true, features = ["json"] } +reqwest = { workspace = true, features = ["json", "rustls-tls"] } tokio = { workspace = true, features = ["rt", "rt-multi-thread"] } tokio-postgres.workspace = true tokio-util.workspace = true diff --git a/control_plane/Cargo.toml b/control_plane/Cargo.toml index e62f3b8a47..1647eaba23 100644 --- a/control_plane/Cargo.toml +++ b/control_plane/Cargo.toml @@ -20,7 +20,7 @@ hex.workspace = true humantime-serde.workspace = true hyper.workspace = true regex.workspace = true -reqwest = { workspace = true, features = ["blocking", "json"] } +reqwest = { workspace = true, features = ["blocking", "json", "rustls-tls"] } scopeguard.workspace = true serde.workspace = true serde_json.workspace = true diff --git a/control_plane/storcon_cli/Cargo.toml b/control_plane/storcon_cli/Cargo.toml index 61eb7fa4e4..33dc591860 100644 --- a/control_plane/storcon_cli/Cargo.toml +++ b/control_plane/storcon_cli/Cargo.toml @@ -12,7 +12,7 @@ comfy-table.workspace = true hyper.workspace = true pageserver_api.workspace = true pageserver_client.workspace = true -reqwest.workspace = true +reqwest = { workspace = true } serde.workspace = true serde_json = { workspace = true, features = ["raw_value"] } thiserror.workspace = true diff --git a/pageserver/Cargo.toml b/pageserver/Cargo.toml index 4335f38f1e..508560140e 100644 --- a/pageserver/Cargo.toml +++ b/pageserver/Cargo.toml @@ -84,7 +84,7 @@ storage_broker.workspace = true tenant_size_model.workspace = true utils.workspace = true workspace_hack.workspace = true -reqwest.workspace = true +reqwest = { workspace = true } rpds.workspace = true enum-map.workspace = true enumset = { workspace = true, features = ["serde"]} diff --git a/pageserver/client/Cargo.toml b/pageserver/client/Cargo.toml index 0ed27602cd..fca3f1df2d 100644 --- a/pageserver/client/Cargo.toml +++ b/pageserver/client/Cargo.toml @@ -8,7 +8,7 @@ license.workspace = true pageserver_api.workspace = true thiserror.workspace = true async-trait.workspace = true -reqwest.workspace = true +reqwest = { workspace = true } utils.workspace = true serde.workspace = true workspace_hack = { version = "0.1", path = "../../workspace_hack" } diff --git a/safekeeper/Cargo.toml b/safekeeper/Cargo.toml index c8b732fee1..6cf441c1d7 100644 --- a/safekeeper/Cargo.toml +++ b/safekeeper/Cargo.toml @@ -36,7 +36,7 @@ postgres-protocol.workspace = true rand.workspace = true regex.workspace = true scopeguard.workspace = true -reqwest = { workspace = true, features = ["json"] } +reqwest = { workspace = true, features = ["rustls-tls", "json"] } serde.workspace = true serde_json.workspace = true serde_with.workspace = true diff --git a/storage_controller/Cargo.toml b/storage_controller/Cargo.toml index 194619a496..7485209ec1 100644 --- a/storage_controller/Cargo.toml +++ b/storage_controller/Cargo.toml @@ -31,7 +31,7 @@ once_cell.workspace = true pageserver_api.workspace = true pageserver_client.workspace = true postgres_connection.workspace = true -reqwest = { workspace = true, features = ["stream"] } +reqwest = { workspace = true, features = ["rustls-tls", "stream"] } routerify.workspace = true serde.workspace = true serde_json.workspace = true diff --git a/workspace_hack/Cargo.toml b/workspace_hack/Cargo.toml index f364a6c2e0..71c6030b26 100644 --- a/workspace_hack/Cargo.toml +++ b/workspace_hack/Cargo.toml @@ -59,7 +59,7 @@ regex = { version = "1" } regex-automata = { version = "0.4", default-features = false, features = ["dfa-onepass", "hybrid", "meta", "nfa-backtrack", "perf-inline", "perf-literal", "unicode"] } regex-syntax = { version = "0.8" } reqwest-5ef9efb8ec2df382 = { package = "reqwest", version = "0.12", default-features = false, features = ["blocking", "json", "rustls-tls", "stream"] } -reqwest-a6292c17cd707f01 = { package = "reqwest", version = "0.11", default-features = false, features = ["blocking", "default-tls", "stream"] } +reqwest-a6292c17cd707f01 = { package = "reqwest", version = "0.11", default-features = false, features = ["blocking", "rustls-tls", "stream"] } rustls = { version = "0.21", features = ["dangerous_configuration"] } scopeguard = { version = "1" } serde = { version = "1", features = ["alloc", "derive"] }