oxidecomputer
diff --git a/‎dropshot-authorization-header/src/basic.rs‎
Lines changed: 6 additions & 8 deletions b/‎dropshot-authorization-header/src/basic.rs‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎dropshot-authorization-header/src/bearer.rs‎
Lines changed: 3 additions & 4 deletions b/‎dropshot-authorization-header/src/bearer.rs‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎v-api-installer/src/lib.rs‎
Lines changed: 1 addition & 1 deletion b/‎v-api-installer/src/lib.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎v-api-permission-derive/src/lib.rs‎
Lines changed: 8 additions & 11 deletions b/‎v-api-permission-derive/src/lib.rs‎
Lines changed: 8 additions & 11 deletions
diff --git a/‎v-api/src/authn/jwt.rs‎
Lines changed: 3 additions & 3 deletions b/‎v-api/src/authn/jwt.rs‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎v-api/src/authn/key.rs‎
Lines changed: 2 additions & 2 deletions b/‎v-api/src/authn/key.rs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎v-api/src/authn/mod.rs‎
Lines changed: 20 additions & 14 deletions b/‎v-api/src/authn/mod.rs‎
Lines changed: 20 additions & 14 deletions
diff --git a/‎v-api/src/context/auth.rs‎
Lines changed: 18 additions & 18 deletions b/‎v-api/src/context/auth.rs‎
Lines changed: 18 additions & 18 deletions
diff --git a/‎v-api/src/context/link.rs‎
Lines changed: 1 addition & 1 deletion b/‎v-api/src/context/link.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎v-api/src/context/magic_link.rs‎
Lines changed: 5 additions & 2 deletions b/‎v-api/src/context/magic_link.rs‎
Lines changed: 5 additions & 2 deletions
@@ -50,9 +50,8 @@ impl SharedExtractor for BasicAuth {
                 header
                     .to_str()
                     .map(|s| s.to_string())
-                    .map_err(|err| {
-                        tracing::info!("Failed to turn Authorization header into string");
-                        err
+                    .inspect_err(|err| {
+                        tracing::info!(?err, "Failed to turn Authorization header into string");
                     })
                     .ok()
             });
@@ -64,18 +63,17 @@ impl SharedExtractor for BasicAuth {
             match parts {
                 Some(("Basic", token)) => BASE64_STANDARD
                     .decode(token)
-                    .map_err(|err| {
-                        tracing::info!("Failed to decode basic auth header");
-                        err
+                    .inspect_err(|err| {
+                        tracing::info!(?err, "Failed to decode basic auth header");
                     })
                     .ok()
                     .and_then(|decoded| {
                         String::from_utf8(decoded)
-                            .map_err(|err| {
+                            .inspect_err(|err| {
                                 tracing::info!(
+                                    ?err,
                                     "Failed to interpret decoded bytes from authorization header"
                                 );
-                                err
                             })
                             .ok()
                     })
 
@@ -17,7 +17,7 @@ impl BearerAuth {
     }
 
     pub fn key(&self) -> Option<&str> {
-        self.0.as_ref().map(|s| s.as_str())
+        self.0.as_deref()
     }
 
     pub fn consume(self) -> Option<String> {
@@ -43,9 +43,8 @@ impl SharedExtractor for BearerAuth {
                 header
                     .to_str()
                     .map(|s| s.to_string())
-                    .map_err(|err| {
-                        tracing::info!("Failed to turn Authorization header into string");
-                        err
+                    .inspect_err(|err| {
+                        tracing::info!(?err, "Failed to turn Authorization header into string");
                     })
                     .ok()
             });
 
@@ -17,7 +17,7 @@ pub fn migrations() -> Vec<Box<dyn Migration<Pg>>> {
 }
 
 pub fn run_migrations(url: &str) {
-    let mut conn = db_conn(&url);
+    let mut conn = db_conn(url);
     run_migrations_on_conn(&mut conn);
 }
 
 
@@ -168,8 +168,8 @@ impl Parse for ContractSettings {
 
         let kind = settings
             .iter()
+            .find(|&s| s.name == "kind")
             .cloned()
-            .find(|s| s.name == "kind")
             .ok_or_else(|| Error::new(span, "Expand must contain a \"kind\" setting"))?;
 
         Ok(ContractSettings {
@@ -201,8 +201,8 @@ impl Parse for ExpandSettings {
 
         let kind = settings
             .iter()
+            .find(|&s| s.name == "kind")
             .cloned()
-            .find(|s| s.name == "kind")
             .ok_or_else(|| Error::new(span, "Expand must contain a \"kind\" setting"))?;
 
         Ok(ExpandSettings {
@@ -214,8 +214,8 @@ impl Parse for ExpandSettings {
             },
             variant: settings
                 .iter()
+                .find(|&s| s.name == "variant")
                 .cloned()
-                .find(|s| s.name == "variant")
                 .expect("Expand must contain a \"variant\" setting")
                 .value,
             source: settings.iter().find(|s| s.name == "source").map(|s| {
@@ -253,13 +253,13 @@ impl Parse for ScopeSettings {
         Ok(ScopeSettings {
             from: settings
                 .iter()
+                .find(|&v| v.name == "from")
                 .cloned()
-                .find(|v| v.name == "from")
                 .map(|v| v.value),
             to: settings
                 .iter()
+                .find(|&v| v.name == "to")
                 .cloned()
-                .find(|v| v.name == "to")
                 .map(|v| v.value),
         })
     }
@@ -313,12 +313,10 @@ pub fn v_api(attr: TokenStream, input: TokenStream) -> TokenStream {
                 #as_scope_out
                 #permission_storage_out
             }
-            .into()
         }
         _ => quote_spanned! {
                 input_span => compile_error!("v_api may only be applied to enums");
-        }
-        .into(),
+        },
     };
 
     let from = from_system_permission_tokens(&attr.source, &input.ident);
@@ -734,7 +732,7 @@ fn as_scope_trait_tokens(
 ) -> proc_macro2::TokenStream {
     let as_scope_mapping = scope_settings.iter().filter_map(|(variant, settings)| {
         settings.to.as_ref().map(|to| {
-            let fields = if variant.fields.len() > 0 {
+            let fields = if !variant.fields.is_empty() {
                 let mut fields = quote! {};
                 variant
                     .fields
@@ -802,7 +800,6 @@ fn as_scope_trait_tokens(
             }
         }
     }
-    .into()
 }
 
 fn permission_storage_trait_tokens(
@@ -844,7 +841,7 @@ fn permission_storage_contract_tokens(
                 .then(|| set_name.clone()),
         );
 
-        let fields = if variant.fields.len() > 0 && setting.kind != ContractKind::Drop {
+        let fields = if !variant.fields.is_empty() && setting.kind != ContractKind::Drop {
             let mut fields = quote! {};
             variant
                 .fields
 
@@ -79,7 +79,7 @@ impl Claims {
             scp: scope,
             exp: expires_at.timestamp(),
             nbf: Utc::now().timestamp(),
-            jti: id.unwrap_or_else(|| TypedUuid::new_v4()),
+            jti: id.unwrap_or_else(TypedUuid::new_v4),
         }
     }
 }
@@ -106,8 +106,8 @@ impl Jwt {
 
         // The only JWKs supported are those that are available in the server context
         let jwk = ctx.jwks().await.find(&kid).ok_or(JwtError::NoMatchingKey)?;
-        let (key, algorithm) = DecodingKey::from_jwk(&jwk)
-            .map(|key| (key, Jwt::algo(&jwk)))
+        let (key, algorithm) = DecodingKey::from_jwk(jwk)
+            .map(|key| (key, Jwt::algo(jwk)))
             .map_err(JwtError::InvalidJwk)?;
 
         tracing::trace!(?jwk, ?algorithm, "Kid matched known decoding key");
 
@@ -52,7 +52,7 @@ impl RawKey {
     pub async fn sign(self, signer: &dyn Signer) -> Result<SignedKey, ApiKeyError> {
         let signature = hex::encode(
             signer
-                .sign(&self.clear.expose_secret())
+                .sign(self.clear.expose_secret())
                 .await
                 .map_err(ApiKeyError::Signing)?,
         );
@@ -68,7 +68,7 @@ impl RawKey {
     {
         let signature = hex::decode(signature)?;
         if verifier
-            .verify(&self.clear.expose_secret(), &signature)
+            .verify(self.clear.expose_secret(), &signature)
             .verified
         {
             return Ok(());
 
@@ -117,7 +117,7 @@ impl From<AuthError> for HttpError {
 #[derive(Debug, Error)]
 pub enum SigningKeyError {
     #[error("Cloud signing failed: {0}")]
-    CloudKmsError(#[from] CloudKmsError),
+    CloudKmsError(#[from] Box<CloudKmsError>),
     #[error("Failed to immediately verify generated signature")]
     GeneratedInvalidSignature,
     #[error("Failed to parse public key: {0}")]
@@ -288,16 +288,20 @@ impl Signer for CloudKmsSigningKey {
         let signature = match response {
             Ok((_, response)) => {
                 tracing::info!("Library deserialization succeeded");
-                response.signature.ok_or(CloudKmsError::MissingSignature)
+                response
+                    .signature
+                    .ok_or_else(|| Box::new(CloudKmsError::MissingSignature))
             }
             Err(google_cloudkms1::Error::JsonDecodeError(body, _)) => {
                 tracing::info!("Using fallback deserialization");
                 serde_json::from_str::<CloudKmsSignatureResponse>(&body)
-                    .map_err(|err| CloudKmsError::FailedToDeserialize(err))
+                    .map_err(CloudKmsError::FailedToDeserialize)
+                    .map_err(Box::new)
                     .and_then(|resp| {
-                        let decoded = BASE64_STANDARD
+                        BASE64_STANDARD
                             .decode(&resp.signature)
                             .map_err(CloudKmsError::FailedToDecodeSignature)
+                            .map_err(Box::new)
                             .and_then(|decoded| {
                                 let check = crc32c(&decoded);
                                 let check_valid = resp
@@ -309,14 +313,12 @@ impl Signer for CloudKmsSigningKey {
                                 if check_valid {
                                     Ok(decoded)
                                 } else {
-                                    Err(CloudKmsError::CorruptedSignature)
+                                    Err(Box::new(CloudKmsError::CorruptedSignature))
                                 }
-                            });
-
-                        decoded
+                            })
                     })
             }
-            Err(err) => Err(CloudKmsError::from(err)),
+            Err(err) => Err(Box::new(CloudKmsError::from(err))),
         }?;
 
         Ok(signature)
@@ -381,7 +383,7 @@ impl AsymmetricKey {
     pub async fn private_key(&self) -> Result<RsaPrivateKey, SigningKeyError> {
         Ok(match self {
             AsymmetricKey::LocalSigner { private, .. } => {
-                RsaPrivateKey::from_pkcs8_pem(&private).unwrap()
+                RsaPrivateKey::from_pkcs8_pem(private).unwrap()
             }
             _ => unimplemented!(),
         })
@@ -390,7 +392,7 @@ impl AsymmetricKey {
     pub fn public_key(&self) -> Result<RsaPublicKey, SigningKeyError> {
         Ok(match self {
             AsymmetricKey::LocalVerifier { public, .. } => {
-                RsaPublicKey::from_public_key_pem(&public)?
+                RsaPublicKey::from_public_key_pem(public)?
             }
             AsymmetricKey::LocalSigner { .. } => Err(SigningKeyError::KeyDoesNotSupportFunction)?,
             AsymmetricKey::CkmsVerifier { .. } => {
@@ -405,12 +407,16 @@ impl AsymmetricKey {
                             )
                             .doit()
                             .await
-                            .map_err(|err| CloudKmsError::from(err))?
+                            .map_err(CloudKmsError::from)
+                            .map_err(Box::new)?
                             .1,
                     )
                 })?;
 
-                let pem = public_key.pem.ok_or(CloudKmsError::MissingPem)?;
+                let pem = public_key
+                    .pem
+                    .ok_or(CloudKmsError::MissingPem)
+                    .map_err(Box::new)?;
                 RsaPublicKey::from_public_key_pem(&pem)?
             }
             AsymmetricKey::CkmsSigner { .. } => Err(SigningKeyError::KeyDoesNotSupportFunction)?,
@@ -420,7 +426,7 @@ impl AsymmetricKey {
     pub fn as_signer(&self) -> Result<Arc<dyn Signer>, SigningKeyError> {
         Ok(match self {
             AsymmetricKey::LocalSigner { private, .. } => {
-                let private_key = RsaPrivateKey::from_pkcs8_pem(&private).unwrap();
+                let private_key = RsaPrivateKey::from_pkcs8_pem(private).unwrap();
                 let signing_key = SigningKey::new(private_key);
 
                 Arc::new(LocalSigningKey { signing_key })
 
@@ -58,16 +58,16 @@ where
             registration_caller: Caller {
                 id: "00000000-0000-4000-8000-000000000001".parse().unwrap(),
                 permissions: vec![
-                    VPermission::CreateApiUser.into(),
-                    VPermission::GetApiUsersAll.into(),
-                    VPermission::ManageApiUsersAll.into(),
-                    VPermission::GetApiKeysAll.into(),
-                    VPermission::CreateGroup.into(),
-                    VPermission::GetGroupsAll.into(),
-                    VPermission::CreateMapper.into(),
-                    VPermission::GetMappersAll.into(),
-                    VPermission::GetOAuthClientsAll.into(),
-                    VPermission::CreateAccessToken.into(),
+                    VPermission::CreateApiUser,
+                    VPermission::GetApiUsersAll,
+                    VPermission::ManageApiUsersAll,
+                    VPermission::GetApiKeysAll,
+                    VPermission::CreateGroup,
+                    VPermission::GetGroupsAll,
+                    VPermission::CreateMapper,
+                    VPermission::GetMappersAll,
+                    VPermission::GetOAuthClientsAll,
+                    VPermission::CreateAccessToken,
                 ]
                 .into(),
                 extensions: HashMap::default(),
@@ -78,26 +78,26 @@ where
                     keys: verifiers
                         .iter()
                         .map(|k| k.as_jwk())
-                        .into_iter()
-                        .collect::<Result<Vec<_>, _>>()?,
+                        .collect::<Result<Vec<_>, _>>()
+                        .map_err(Box::new)?,
                 },
                 signers: signers
                     .iter()
                     .map(|k| JwtSigner::new(k))
-                    .into_iter()
-                    .collect::<Result<Vec<_>, _>>()?,
+                    .collect::<Result<Vec<_>, _>>()
+                    .map_err(Box::new)?,
             },
             secrets: SecretContext {
                 signers: signers
                     .iter()
                     .map(|k| k.as_signer())
-                    .into_iter()
-                    .collect::<Result<Vec<_>, _>>()?,
+                    .collect::<Result<Vec<_>, _>>()
+                    .map_err(Box::new)?,
                 verifiers: verifiers
                     .iter()
                     .map(|k| k.as_verifier())
-                    .into_iter()
-                    .collect::<Result<Vec<_>, _>>()?,
+                    .collect::<Result<Vec<_>, _>>()
+                    .map_err(Box::new)?,
             },
             oauth_providers: HashMap::new(),
         })
 
@@ -43,7 +43,7 @@ where
         &self,
         id: &TypedUuid<LinkRequestId>,
     ) -> Result<Option<LinkRequest>, StoreError> {
-        Ok(LinkRequestStore::get(&*self.storage, id, false, false).await?)
+        LinkRequestStore::get(&*self.storage, id, false, false).await
     }
 
     pub async fn create_link_request_token(
 
@@ -295,14 +295,17 @@ where
         &self,
         signature: &str,
     ) -> ResourceResult<MagicLinkAttempt, StoreError> {
-        let mut filter = MagicLinkAttemptFilter::default();
-        filter.signature = Some(vec![signature.to_string()]);
+        let filter = MagicLinkAttemptFilter {
+            signature: Some(vec![signature.to_string()]),
+            ..Default::default()
+        };
         MagicLinkAttemptStore::list(&*self.storage, filter, &ListPagination::latest())
             .await
             .map(|mut results| results.pop())
             .optional()
     }
 
+    #[allow(clippy::too_many_arguments)]
     #[instrument(skip(self, key, signer, redirect_uri, recipient), err(Debug))]
     pub async fn send_login_attempt(
         &self,
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ pub fn migrations() -> Vec<Box<dyn Migration<Pg>>> {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`pub fn run_migrations(url: &str) {`
`20`		`- let mut conn = db_conn(&url);`
	`20`	`+ let mut conn = db_conn(url);`
`21`	`21`	`run_migrations_on_conn(&mut conn);`
`22`	`22`	`}`
`23`	`23`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ impl Claims {`
`79`	`79`	`scp: scope,`
`80`	`80`	`exp: expires_at.timestamp(),`
`81`	`81`	`nbf: Utc::now().timestamp(),`
`82`		`- jti: id.unwrap_or_else(\|\| TypedUuid::new_v4()),`
	`82`	`+ jti: id.unwrap_or_else(TypedUuid::new_v4),`
`83`	`83`	`}`
`84`	`84`	`}`
`85`	`85`	`}`
`@@ -106,8 +106,8 @@ impl Jwt {`
`106`	`106`
`107`	`107`	`// The only JWKs supported are those that are available in the server context`
`108`	`108`	`let jwk = ctx.jwks().await.find(&kid).ok_or(JwtError::NoMatchingKey)?;`
`109`		`- let (key, algorithm) = DecodingKey::from_jwk(&jwk)`
`110`		`- .map(\|key\| (key, Jwt::algo(&jwk)))`
	`109`	`+ let (key, algorithm) = DecodingKey::from_jwk(jwk)`
	`110`	`+ .map(\|key\| (key, Jwt::algo(jwk)))`
`111`	`111`	`.map_err(JwtError::InvalidJwk)?;`
`112`	`112`
`113`	`113`	`tracing::trace!(?jwk, ?algorithm, "Kid matched known decoding key");`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ where`
`43`	`43`	`&self,`
`44`	`44`	`id: &TypedUuid<LinkRequestId>,`
`45`	`45`	`) -> Result<Option<LinkRequest>, StoreError> {`
`46`		`- Ok(LinkRequestStore::get(&*self.storage, id, false, false).await?)`
	`46`	`+ LinkRequestStore::get(&*self.storage, id, false, false).await`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`pub async fn create_link_request_token(`