mirror of
https://github.com/neondatabase/neon.git
synced 2026-05-19 06:00:38 +00:00
aws dns
This commit is contained in:
Conrad Ludgate
@@ -16,6 +16,7 @@ atomic-take.workspace = true
|
||||
aws-config.workspace = true
|
||||
aws-sdk-iam.workspace = true
|
||||
aws-sigv4.workspace = true
|
||||
aws-smithy-runtime.workspace = true
|
||||
aws-types.workspace = true
|
||||
base64.workspace = true
|
||||
bstr.workspace = true
|
||||
@@ -38,8 +39,14 @@ http.workspace = true
|
||||
humantime.workspace = true
|
||||
hyper-tungstenite.workspace = true
|
||||
hyper.workspace = true
|
||||
hyper-rustls = { version = "0.25.0", features = ["rustls-native-certs", "http1", "http2"] }
|
||||
hyper1 = { package = "hyper", version = "1.2", features = ["server"] }
|
||||
hyper-util = { version = "0.1", features = ["server", "http1", "http2", "tokio"] }
|
||||
hyper-util = { version = "0.1", features = [
|
||||
"server",
|
||||
"http1",
|
||||
"http2",
|
||||
"tokio",
|
||||
] }
|
||||
http-body-util = { version = "0.1" }
|
||||
ipnet.workspace = true
|
||||
itertools.workspace = true
|
||||
|
||||
@@ -5,7 +5,10 @@ use aws_config::meta::region::RegionProviderChain;
|
||||
use aws_config::profile::ProfileFileCredentialsProvider;
|
||||
use aws_config::provider_config::ProviderConfig;
|
||||
use aws_config::web_identity_token::WebIdentityTokenCredentialsProvider;
|
||||
use aws_smithy_runtime::client::http::hyper_014::HyperClientBuilder;
|
||||
use futures::future::Either;
|
||||
use hyper::client::HttpConnector;
|
||||
use hyper_rustls::ConfigBuilderExt;
|
||||
use proxy::auth;
|
||||
use proxy::auth::backend::AuthRateLimiter;
|
||||
use proxy::auth::backend::MaybeOwned;
|
||||
@@ -34,6 +37,7 @@ use proxy::usage_metrics;
|
||||
use anyhow::bail;
|
||||
use proxy::config::{self, ProxyConfig};
|
||||
use proxy::serverless;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use std::net::SocketAddr;
|
||||
use std::pin::pin;
|
||||
use std::sync::Arc;
|
||||
@@ -271,8 +275,40 @@ async fn main() -> anyhow::Result<()> {
|
||||
info!("Using region: {}", config.aws_region);
|
||||
|
||||
let region_provider = RegionProviderChain::default_provider().or_else(&*config.aws_region); // Replace with your Redis region if needed
|
||||
let provider_conf =
|
||||
ProviderConfig::without_region().with_region(region_provider.region().await);
|
||||
|
||||
let aws_tls_client_config =
|
||||
rustls::ClientConfig::builder_with_provider(Arc::new(CryptoProvider {
|
||||
cipher_suites: vec![
|
||||
// TLS1.3 suites
|
||||
rustls::crypto::ring::cipher_suite::TLS13_AES_256_GCM_SHA384,
|
||||
rustls::crypto::ring::cipher_suite::TLS13_AES_128_GCM_SHA256,
|
||||
// TLS1.2 suites
|
||||
rustls::crypto::ring::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
rustls::crypto::ring::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
rustls::crypto::ring::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
rustls::crypto::ring::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
rustls::crypto::ring::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
],
|
||||
..rustls::crypto::ring::default_provider()
|
||||
}))
|
||||
.with_safe_default_protocol_versions()
|
||||
.unwrap()
|
||||
.with_native_roots()?
|
||||
.with_no_client_auth();
|
||||
|
||||
let provider_conf = ProviderConfig::without_region()
|
||||
.with_region(region_provider.region().await)
|
||||
.with_http_client(
|
||||
HyperClientBuilder::new().build(
|
||||
hyper_rustls::HttpsConnectorBuilder::new()
|
||||
.with_tls_config(aws_tls_client_config)
|
||||
.https_or_http()
|
||||
.enable_http1()
|
||||
.enable_http2()
|
||||
.wrap_connector(HttpConnector::new_with_resolver(config.dns.clone())),
|
||||
),
|
||||
);
|
||||
|
||||
let aws_credentials_provider = {
|
||||
// uses "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"
|
||||
CredentialsProviderChain::first_try("env", EnvironmentVariableCredentialsProvider::new())
|
||||
|
||||
@@ -5,7 +5,10 @@ use std::{
|
||||
sync::Arc,
|
||||
};
|
||||
|
||||
use aws_sdk_iam::error::BoxError;
|
||||
use hickory_resolver::{error::ResolveError, proto::rr::RData};
|
||||
use hyper::client::connect::dns::Name;
|
||||
use reqwest::dns::Addrs;
|
||||
use tokio::time::Instant;
|
||||
use tracing::trace;
|
||||
|
||||
@@ -61,8 +64,25 @@ impl Dns {
|
||||
}
|
||||
}
|
||||
|
||||
impl hyper::service::Service<Name> for Dns {
|
||||
type Response = Addrs;
|
||||
type Error = BoxError;
|
||||
type Future = reqwest::dns::Resolving;
|
||||
|
||||
fn poll_ready(
|
||||
&mut self,
|
||||
_cx: &mut std::task::Context<'_>,
|
||||
) -> std::task::Poll<Result<(), Self::Error>> {
|
||||
std::task::Poll::Ready(Ok(()))
|
||||
}
|
||||
|
||||
fn call(&mut self, req: Name) -> Self::Future {
|
||||
reqwest::dns::Resolve::resolve(self, req)
|
||||
}
|
||||
}
|
||||
|
||||
impl reqwest::dns::Resolve for Dns {
|
||||
fn resolve(&self, name: hyper::client::connect::dns::Name) -> reqwest::dns::Resolving {
|
||||
fn resolve(&self, name: Name) -> reqwest::dns::Resolving {
|
||||
let this = self.clone();
|
||||
Box::pin(async move {
|
||||
match this.resolve(name.as_str()).await {
|
||||
|
||||
Reference in New Issue
Block a user