Merge branch 'main' into RUST-1529-aws-sdk-signature

Author: JamieTsai1024

.evergreen/check-clippy.sh

@@ -5,7 +5,7 @@ set -o errexit
 source ./.evergreen/env.sh
 
 # Pin clippy to the latest version. This should be updated when new versions of Rust are released.
-CLIPPY_VERSION=1.85.0
+CLIPPY_VERSION=1.88.0
 
 rustup install $CLIPPY_VERSION
 

Cargo.lock

@@ -55,6 +55,8 @@ features = ["sync"]
 | `in-use-encryption`  | Enable support for client-side field level encryption and queryable encryption. Note that re-exports from the `mongocrypt` crate may change in backwards-incompatible ways while that crate is below version 1.0. |
 | `tracing-unstable`   | Enable support for emitting [`tracing`](https://docs.rs/tracing/latest/tracing/) events. This API is unstable and may be subject to breaking changes in minor releases.                                           |
 | `compat-3-0-0`       | Required for future compatibility if default features are disabled.                                                                                                                                               |
+| `azure-oidc`         | Enable support for Azure OIDC environment authentication. |
+| `gcp-oidc`           | Enable support for GCP OIDC environment authentication. |
 
 ## Web Framework Examples
 

README.md

@@ -60,7 +60,7 @@ impl<T: Serialize + Send + Sync> crate::sync::Collection<T> {
     }
 }
 
-/// Inserts a document into a collection.  Construct with ['Collection::insert_one`].
+/// Inserts a document into a collection.  Construct with [`Collection::insert_one`].
 #[must_use]
 pub struct InsertOne<'a> {
     coll: CollRef<'a>,

src/action/insert_one.rs

@@ -204,7 +204,7 @@ impl<'a> Action for CreateSearchIndex<'a, Single> {
             .await?;
         match names.len() {
             1 => Ok(names.pop().unwrap()),
-            n => Err(Error::internal(format!("expected 1 index name, got {}", n))),
+            n => Err(Error::internal(format!("expected 1 index name, got {n}"))),
         }
     }
 }

src/action/search_index.rs

@@ -196,10 +196,7 @@ pub(crate) fn extend_raw_document_buf(
     for result in other.iter() {
         let (k, v) = result?;
         if keys.contains(k) {
-            return Err(Error::internal(format!(
-                "duplicate raw document key {:?}",
-                k
-            )));
+            return Err(Error::internal(format!("duplicate raw document key {k:?}")));
         }
         this.append(k, v.to_raw_bson());
     }

src/bson_util.rs

@@ -43,7 +43,7 @@ impl<T> Checked<T> {
         value
             .try_into()
             .map(|v| Self(Some(v)))
-            .map_err(|e| crate::error::Error::invalid_argument(format! {"{}", e}))
+            .map_err(|e| crate::error::Error::invalid_argument(format! {"{e}"}))
     }
 
     pub fn get(self) -> crate::error::Result<T> {
@@ -58,7 +58,7 @@ impl<T> Checked<T> {
     {
         self.get().and_then(|v| {
             v.try_into()
-                .map_err(|e| crate::error::Error::invalid_argument(format!("{}", e)))
+                .map_err(|e| crate::error::Error::invalid_argument(format!("{e}")))
         })
     }
 }

src/checked.rs

@@ -556,7 +556,7 @@ impl Client {
         state
             .servers()
             .keys()
-            .map(|stream_address| format!("{}", stream_address))
+            .map(|stream_address| format!("{stream_address}"))
             .collect()
     }
 

src/client.rs

@@ -5,7 +5,6 @@
 pub(crate) mod aws;
 #[cfg(feature = "gssapi-auth")]
 mod gssapi;
-/// Contains the functionality for [`OIDC`](https://openid.net/developers/how-connect-works/) authorization and authentication.
 pub mod oidc;
 mod plain;
 mod sasl;
@@ -350,24 +349,21 @@ impl AuthMechanism {
             | AuthMechanism::Plain
             | AuthMechanism::MongoDbCr => Err(ErrorKind::Authentication {
                 message: format!(
-                    "Reauthentication for authentication mechanism {:?} is not supported.",
-                    self
+                    "Reauthentication for authentication mechanism {self:?} is not supported."
                 ),
             }
             .into()),
             #[cfg(feature = "gssapi-auth")]
             AuthMechanism::Gssapi => Err(ErrorKind::Authentication {
                 message: format!(
-                    "Reauthentication for authentication mechanism {:?} is not supported.",
-                    self
+                    "Reauthentication for authentication mechanism {self:?} is not supported."
                 ),
             }
             .into()),
             #[cfg(feature = "aws-auth")]
             AuthMechanism::MongoDbAws => Err(ErrorKind::Authentication {
                 message: format!(
-                    "Reauthentication for authentication mechanism {:?} is not supported.",
-                    self
+                    "Reauthentication for authentication mechanism {self:?} is not supported."
                 ),
             }
             .into()),
@@ -407,7 +403,7 @@ impl FromStr for AuthMechanism {
             .into()),
 
             _ => Err(ErrorKind::InvalidArgument {
-                message: format!("invalid mechanism string: {}", str),
+                message: format!("invalid mechanism string: {str}"),
             }
             .into()),
         }

src/client/auth.rs

@@ -482,7 +482,7 @@ impl AwsCredential {
     /// Obtains credentials from the ECS endpoint.
     async fn get_from_ecs(relative_uri: String, http_client: &HttpClient) -> Result<Self> {
         // Use the local IP address that AWS uses for ECS agents.
-        let uri = format!("http://{}/{}", AWS_ECS_IP, relative_uri);
+        let uri = format!("http://{AWS_ECS_IP}/{relative_uri}");
 
         http_client
             .get(&uri)
@@ -494,16 +494,14 @@ impl AwsCredential {
     /// Obtains temporary credentials for an EC2 instance to use for authentication.
     async fn get_from_ec2(http_client: &HttpClient) -> Result<Self> {
         let temporary_token = http_client
-            .put(format!("http://{}/latest/api/token", AWS_EC2_IP))
+            .put(format!("http://{AWS_EC2_IP}/latest/api/token"))
             .headers(&[("X-aws-ec2-metadata-token-ttl-seconds", "30")])
             .send_and_get_string()
             .await
             .map_err(|_| Error::unknown_authentication_error(MECH_NAME))?;
 
-        let role_name_uri = format!(
-            "http://{}/latest/meta-data/iam/security-credentials/",
-            AWS_EC2_IP
-        );
+        let role_name_uri =
+            format!("http://{AWS_EC2_IP}/latest/meta-data/iam/security-credentials/");
 
         let role_name = http_client
             .get(&role_name_uri)
@@ -512,7 +510,7 @@ impl AwsCredential {
             .await
             .map_err(|_| Error::unknown_authentication_error(MECH_NAME))?;
 
-        let credential_uri = format!("{}/{}", role_name_uri, role_name);
+        let credential_uri = format!("{role_name_uri}/{role_name}");
 
         http_client
             .get(&credential_uri)
@@ -537,7 +535,7 @@ impl AwsCredential {
         let token = self
             .session_token
             .as_ref()
-            .map(|s| format!("x-amz-security-token:{}\n", s))
+            .map(|s| format!("x-amz-security-token:{s}\n"))
             .unwrap_or_default();
 
         // Similarly, we need to put "x-amz-security-token" into the list of signed headers if the
@@ -560,7 +558,6 @@ impl AwsCredential {
               x-mongodb-gs2-cb-flag;\
               x-mongodb-server-nonce\
             ",
-            token_signed_header = token_signed_header,
         );
 
         let body = "Action=GetCallerIdentity&Version=2011-06-15";
@@ -576,19 +573,13 @@ impl AwsCredential {
              content-length:43\n\
              content-type:application/x-www-form-urlencoded\n\
              host:{host}\n\
-             x-amz-date:{date}\n\
+             x-amz-date:{date_str}\n\
              {token}\
              x-mongodb-gs2-cb-flag:n\n\
              x-mongodb-server-nonce:{nonce}\n\n\
              {signed_headers}\n\
              {hashed_body}\
              ",
-            host = host,
-            date = date_str,
-            token = token,
-            nonce = nonce,
-            signed_headers = signed_headers,
-            hashed_body = hashed_body,
         );
 
         let hashed_request = hex::encode(Sha256::digest(request.as_bytes()));
@@ -606,14 +597,10 @@ impl AwsCredential {
         let string_to_sign = format!(
             "\
              AWS4-HMAC-SHA256\n\
-             {full_date}\n\
+             {date_str}\n\
              {small_date}/{region}/sts/aws4_request\n\
              {hashed_request}\
             ",
-            full_date = date_str,
-            small_date = small_date,
-            region = region,
-            hashed_request = hashed_request,
         );
 
         let first_hmac_key = format!("AWS4{}", self.secret_access_key);