From dd0c321f4302b6b9042276991dc3305cdfb0c843 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Fri, 22 Aug 2025 09:45:00 +0200 Subject: [PATCH 01/19] feat: Introduce CRD versioning --- Cargo.lock | 436 ++++- Cargo.nix | 1702 ++++++++++++++++- Cargo.toml | 2 +- Makefile | 6 +- Tiltfile | 27 +- _test.yaml | 58 + crate-hashes.json | 2 + deploy/helm/secret-operator/crds/crds.yaml | 407 ---- .../helm/secret-operator/templates/roles.yaml | 7 + rust/operator-binary/Cargo.toml | 1 + rust/operator-binary/src/main.rs | 99 +- .../src/webhooks/conversion.rs | 129 ++ rust/operator-binary/src/webhooks/mod.rs | 1 + 13 files changed, 2327 insertions(+), 550 deletions(-) create mode 100644 _test.yaml delete mode 100644 deploy/helm/secret-operator/crds/crds.yaml create mode 100644 rust/operator-binary/src/webhooks/conversion.rs create mode 100644 rust/operator-binary/src/webhooks/mod.rs diff --git a/Cargo.lock b/Cargo.lock index ae0d6fdc..be2f6647 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -116,6 +116,12 @@ version = "1.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" +[[package]] +name = "arc-swap" +version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" + [[package]] name = "async-broadcast" version = "0.7.2" @@ -253,12 +259,24 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64" version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" +[[package]] +name = "base64ct" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" + [[package]] name = "bindgen" version = "0.71.1" @@ -470,6 +488,12 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + [[package]] name = "const_format" version = "0.2.34" @@ -571,6 +595,18 @@ version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -662,6 +698,30 @@ dependencies = [ "syn 2.0.106", ] +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.106", +] + [[package]] name = "deranged" version = "0.4.0" @@ -707,6 +767,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", + "const-oid", "crypto-common", "subtle", ] @@ -748,6 +809,20 @@ version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + [[package]] name = "educe" version = "0.6.0" @@ -766,6 +841,26 @@ version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "pem-rfc7468", + "pkcs8", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "encoding_rs" version = "0.8.35" @@ -858,12 +953,28 @@ version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "fixedbitset" version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + [[package]] name = "flate2" version = "1.1.2" @@ -1014,6 +1125,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -1076,6 +1188,17 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "h2" version = "0.4.12" @@ -1757,6 +1880,9 @@ name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] [[package]] name = "lber" @@ -1856,6 +1982,12 @@ dependencies = [ "windows-targets 0.53.3", ] +[[package]] +name = "libm" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de" + [[package]] name = "libz-sys" version = "1.1.22" @@ -1992,12 +2124,49 @@ dependencies = [ "winapi", ] +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.5", + "smallvec", + "zeroize", +] + [[package]] name = "num-conv" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + [[package]] name = "num-traits" version = "0.2.19" @@ -2005,6 +2174,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", + "libm", ] [[package]] @@ -2159,7 +2329,7 @@ dependencies = [ "futures-util", "opentelemetry", "percent-encoding", - "rand", + "rand 0.9.2", "serde_json", "thiserror 2.0.16", "tokio", @@ -2197,6 +2367,18 @@ dependencies = [ "yasna", ] +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + [[package]] name = "parking" version = "2.2.1" @@ -2236,6 +2418,15 @@ dependencies = [ "serde", ] +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.1" @@ -2328,6 +2519,27 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.32" @@ -2368,6 +2580,15 @@ dependencies = [ "syn 2.0.106", ] +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro2" version = "1.0.101" @@ -2505,14 +2726,34 @@ version = "5.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + [[package]] name = "rand" version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ - "rand_chacha", - "rand_core", + "rand_chacha 0.9.0", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", ] [[package]] @@ -2522,7 +2763,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.16", ] [[package]] @@ -2630,6 +2880,16 @@ dependencies = [ "web-sys", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "ring" version = "0.17.14" @@ -2644,6 +2904,27 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rsa" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core 0.6.4", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + [[package]] name = "rustc-demangle" version = "0.1.26" @@ -2799,6 +3080,20 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "secrecy" version = "0.10.3" @@ -2984,6 +3279,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core 0.6.4", +] + [[package]] name = "slab" version = "0.4.11" @@ -3059,12 +3364,52 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "stable_deref_trait" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" +[[package]] +name = "stackable-certs" +version = "0.4.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#20659fe864c643fe48c7ff70ed417f0ed05ccf45" +dependencies = [ + "const-oid", + "ecdsa", + "k8s-openapi", + "kube", + "p256", + "rand 0.9.2", + "rand_core 0.6.4", + "rsa", + "sha2", + "signature", + "snafu 0.8.7", + "stackable-shared", + "tokio", + "tokio-rustls", + "tracing", + "x509-cert", + "zeroize", +] + [[package]] name = "stackable-krb5-provision-keytab" version = "0.0.0-dev" @@ -3074,7 +3419,7 @@ dependencies = [ "krb5", "ldap3", "native-tls", - "rand", + "rand 0.9.2", "serde", "serde_json", "snafu 0.8.7", @@ -3115,6 +3460,7 @@ dependencies = [ "stackable-shared", "stackable-telemetry", "stackable-versioned", + "stackable-webhook", "strum", "tokio", "tracing", @@ -3152,7 +3498,7 @@ dependencies = [ "pin-project", "prost 0.14.1", "prost-types", - "rand", + "rand 0.9.2", "serde", "serde_json", "serde_yaml", @@ -3270,6 +3616,35 @@ dependencies = [ "syn 2.0.106", ] +[[package]] +name = "stackable-webhook" +version = "0.5.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#20659fe864c643fe48c7ff70ed417f0ed05ccf45" +dependencies = [ + "arc-swap", + "axum", + "futures-util", + "hyper", + "hyper-util", + "k8s-openapi", + "kube", + "opentelemetry", + "opentelemetry-semantic-conventions", + "rand 0.9.2", + "serde_json", + "snafu 0.8.7", + "stackable-certs", + "stackable-shared", + "stackable-telemetry", + "tokio", + "tokio-rustls", + "tower", + "tower-http", + "tracing", + "tracing-opentelemetry", + "x509-cert", +] + [[package]] name = "strsim" version = "0.11.1" @@ -3461,6 +3836,27 @@ dependencies = [ "zerovec", ] +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.106", +] + [[package]] name = "tokio" version = "1.47.1" @@ -4348,6 +4744,20 @@ version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea2f10b9bb0928dfb1b42b65e1f9e36f7f54dbdf08457afefb38afcdec4fa2bb" +[[package]] +name = "x509-cert" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" +dependencies = [ + "const-oid", + "der", + "sha1", + "signature", + "spki", + "tls_codec", +] + [[package]] name = "xml-rs" version = "0.8.27" @@ -4430,6 +4840,20 @@ name = "zeroize" version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.106", +] [[package]] name = "zerotrie" diff --git a/Cargo.nix b/Cargo.nix index 3483c16a..1a2185a2 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -408,6 +408,19 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "arc-swap" = rec { + crateName = "arc-swap"; + version = "1.7.1"; + edition = "2018"; + sha256 = "0mrl9a9r9p9bln74q6aszvf22q1ijiw089jkrmabfqkbj31zixv9"; + libName = "arc_swap"; + authors = [ + "Michal 'vorner' Vaner " + ]; + features = { + "serde" = [ "dep:serde" ]; + }; + }; "async-broadcast" = rec { crateName = "async-broadcast"; version = "0.7.2"; @@ -896,6 +909,19 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "base16ct" = rec { + crateName = "base16ct"; + version = "0.2.0"; + edition = "2021"; + sha256 = "1kylrjhdzk7qpknrvlphw8ywdnvvg39dizw9622w3wk5xba04zsc"; + authors = [ + "RustCrypto Developers" + ]; + features = { + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "base64" = rec { crateName = "base64"; version = "0.22.1"; @@ -910,6 +936,19 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "std" ]; }; + "base64ct" = rec { + crateName = "base64ct"; + version = "1.8.0"; + edition = "2024"; + sha256 = "1fj4vc6ghy3j1120r7dwn4xw90crfy46b448g5pm9w6an13qn92m"; + authors = [ + "RustCrypto Developers" + ]; + features = { + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "bindgen" = rec { crateName = "bindgen"; version = "0.71.1"; @@ -1555,6 +1594,20 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; + "const-oid" = rec { + crateName = "const-oid"; + version = "0.9.6"; + edition = "2021"; + sha256 = "1y0jnqaq7p2wvspnx7qj76m7hjcqpz73qzvr9l2p9n2s51vr6if2"; + libName = "const_oid"; + authors = [ + "RustCrypto Developers" + ]; + features = { + "arbitrary" = [ "dep:arbitrary" ]; + }; + resolvedDefaultFeatures = [ "db" "std" ]; + }; "const_format" = rec { crateName = "const_format"; version = "0.2.34"; @@ -1842,6 +1895,58 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; + "crypto-bigint" = rec { + crateName = "crypto-bigint"; + version = "0.5.5"; + edition = "2021"; + sha256 = "0xmbdff3g6ii5sbxjxc31xfkv9lrmyril4arh3dzckd4gjsjzj8d"; + libName = "crypto_bigint"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "generic-array"; + packageId = "generic-array"; + optional = true; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + optional = true; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + features = [ "std" ]; + } + ]; + features = { + "alloc" = [ "serdect?/alloc" ]; + "default" = [ "rand" ]; + "der" = [ "dep:der" ]; + "generic-array" = [ "dep:generic-array" ]; + "rand" = [ "rand_core/std" ]; + "rand_core" = [ "dep:rand_core" ]; + "rlp" = [ "dep:rlp" ]; + "serde" = [ "dep:serdect" ]; + "zeroize" = [ "dep:zeroize" ]; + }; + resolvedDefaultFeatures = [ "generic-array" "rand_core" "zeroize" ]; + }; "crypto-common" = rec { crateName = "crypto-common"; version = "0.1.6"; @@ -2080,6 +2185,83 @@ rec { } ]; + }; + "der" = rec { + crateName = "der"; + version = "0.7.10"; + edition = "2021"; + sha256 = "1jyxacyxdx6mxbkfw99jz59dzvcd9k17rq01a7xvn1dr6wl87hg7"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + optional = true; + } + { + name = "der_derive"; + packageId = "der_derive"; + optional = true; + } + { + name = "flagset"; + packageId = "flagset"; + optional = true; + } + { + name = "pem-rfc7468"; + packageId = "pem-rfc7468"; + optional = true; + features = [ "alloc" ]; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "zeroize?/alloc" ]; + "arbitrary" = [ "dep:arbitrary" "const-oid?/arbitrary" "std" ]; + "bytes" = [ "dep:bytes" "alloc" ]; + "derive" = [ "dep:der_derive" ]; + "flagset" = [ "dep:flagset" ]; + "oid" = [ "dep:const-oid" ]; + "pem" = [ "dep:pem-rfc7468" "alloc" "zeroize" ]; + "std" = [ "alloc" ]; + "time" = [ "dep:time" ]; + "zeroize" = [ "dep:zeroize" ]; + }; + resolvedDefaultFeatures = [ "alloc" "derive" "flagset" "oid" "pem" "std" "zeroize" ]; + }; + "der_derive" = rec { + crateName = "der_derive"; + version = "0.7.3"; + edition = "2021"; + sha256 = "065d2wy7zd0dank99hh58l5x7lv50hxnr7j6f3sphlb7i4ihjd40"; + procMacro = true; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "proc-macro2"; + packageId = "proc-macro2"; + } + { + name = "quote"; + packageId = "quote"; + } + { + name = "syn"; + packageId = "syn 2.0.106"; + features = [ "extra-traits" ]; + } + ]; + }; "deranged" = rec { crateName = "deranged"; @@ -2238,6 +2420,11 @@ rec { packageId = "block-buffer"; optional = true; } + { + name = "const-oid"; + packageId = "const-oid"; + optional = true; + } { name = "crypto-common"; packageId = "crypto-common"; @@ -2262,7 +2449,7 @@ rec { "std" = [ "alloc" "crypto-common/std" ]; "subtle" = [ "dep:subtle" ]; }; - resolvedDefaultFeatures = [ "alloc" "block-buffer" "core-api" "default" "mac" "std" "subtle" ]; + resolvedDefaultFeatures = [ "alloc" "block-buffer" "const-oid" "core-api" "default" "mac" "oid" "std" "subtle" ]; }; "displaydoc" = rec { crateName = "displaydoc"; @@ -2351,6 +2538,79 @@ rec { ]; }; + "ecdsa" = rec { + crateName = "ecdsa"; + version = "0.16.9"; + edition = "2021"; + sha256 = "1jhb0bcbkaz4001sdmfyv8ajrv8a1cg7z7aa5myrd4jjbhmz69zf"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "der"; + packageId = "der"; + optional = true; + } + { + name = "digest"; + packageId = "digest"; + optional = true; + usesDefaultFeatures = false; + features = [ "oid" ]; + } + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "digest" "sec1" ]; + } + { + name = "rfc6979"; + packageId = "rfc6979"; + optional = true; + } + { + name = "signature"; + packageId = "signature"; + usesDefaultFeatures = false; + features = [ "rand_core" ]; + } + { + name = "spki"; + packageId = "spki"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "dev" ]; + } + ]; + features = { + "alloc" = [ "elliptic-curve/alloc" "signature/alloc" "spki/alloc" ]; + "arithmetic" = [ "elliptic-curve/arithmetic" ]; + "default" = [ "digest" ]; + "der" = [ "dep:der" ]; + "dev" = [ "arithmetic" "digest" "elliptic-curve/dev" "hazmat" ]; + "digest" = [ "dep:digest" "signature/digest" ]; + "pem" = [ "elliptic-curve/pem" "pkcs8" ]; + "pkcs8" = [ "digest" "elliptic-curve/pkcs8" "der" ]; + "rfc6979" = [ "dep:rfc6979" ]; + "serde" = [ "elliptic-curve/serde" "serdect" ]; + "serdect" = [ "dep:serdect" ]; + "sha2" = [ "dep:sha2" ]; + "signing" = [ "arithmetic" "digest" "hazmat" "rfc6979" ]; + "spki" = [ "dep:spki" ]; + "std" = [ "alloc" "elliptic-curve/std" "signature/std" ]; + "verifying" = [ "arithmetic" "digest" "hazmat" ]; + }; + resolvedDefaultFeatures = [ "alloc" "arithmetic" "default" "der" "digest" "hazmat" "pem" "pkcs8" "rfc6979" "signing" "spki" "std" "verifying" ]; + }; "educe" = rec { crateName = "educe"; version = "0.6.0"; @@ -2408,6 +2668,104 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" "use_std" ]; }; + "elliptic-curve" = rec { + crateName = "elliptic-curve"; + version = "0.13.8"; + edition = "2021"; + sha256 = "0ixx4brgnzi61z29r3g1606nh2za88hzyz8c5r3p6ydzhqq09rmm"; + libName = "elliptic_curve"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base16ct"; + packageId = "base16ct"; + } + { + name = "crypto-bigint"; + packageId = "crypto-bigint"; + usesDefaultFeatures = false; + features = [ "rand_core" "generic-array" "zeroize" ]; + } + { + name = "digest"; + packageId = "digest"; + optional = true; + } + { + name = "ff"; + packageId = "ff"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "generic-array"; + packageId = "generic-array"; + usesDefaultFeatures = false; + features = [ "zeroize" ]; + } + { + name = "group"; + packageId = "group"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "pem-rfc7468"; + packageId = "pem-rfc7468"; + optional = true; + features = [ "alloc" ]; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "sec1"; + packageId = "sec1"; + optional = true; + features = [ "subtle" "zeroize" ]; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "base16ct/alloc" "ff?/alloc" "group?/alloc" "pkcs8?/alloc" "sec1?/alloc" "zeroize/alloc" ]; + "arithmetic" = [ "group" ]; + "bits" = [ "arithmetic" "ff/bits" "dep:tap" ]; + "default" = [ "arithmetic" ]; + "dev" = [ "arithmetic" "dep:hex-literal" "pem" "pkcs8" ]; + "digest" = [ "dep:digest" ]; + "ecdh" = [ "arithmetic" "digest" "dep:hkdf" ]; + "ff" = [ "dep:ff" ]; + "group" = [ "dep:group" "ff" ]; + "hash2curve" = [ "arithmetic" "digest" ]; + "jwk" = [ "dep:base64ct" "dep:serde_json" "alloc" "serde" "zeroize/alloc" ]; + "pem" = [ "dep:pem-rfc7468" "alloc" "arithmetic" "pkcs8" "sec1/pem" ]; + "pkcs8" = [ "dep:pkcs8" "sec1" ]; + "sec1" = [ "dep:sec1" ]; + "serde" = [ "dep:serdect" "alloc" "pkcs8" "sec1/serde" ]; + "std" = [ "alloc" "rand_core/std" "pkcs8?/std" "sec1?/std" ]; + "voprf" = [ "digest" ]; + }; + resolvedDefaultFeatures = [ "alloc" "arithmetic" "digest" "ff" "group" "hazmat" "pem" "pkcs8" "sec1" "std" ]; + }; "encoding_rs" = rec { crateName = "encoding_rs"; version = "0.8.35"; @@ -2659,6 +3017,40 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "std" ]; }; + "ff" = rec { + crateName = "ff"; + version = "0.13.1"; + edition = "2021"; + sha256 = "14v3bc6q24gbcjnxjfbq2dddgf4as2z2gd4mj35gjlrncpxhpdf0"; + authors = [ + "Sean Bowe " + "Jack Grigg " + ]; + dependencies = [ + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + ]; + features = { + "bits" = [ "bitvec" ]; + "bitvec" = [ "dep:bitvec" ]; + "byteorder" = [ "dep:byteorder" ]; + "default" = [ "bits" "std" ]; + "derive" = [ "byteorder" "ff_derive" ]; + "derive_bits" = [ "bits" "ff_derive/bits" ]; + "ff_derive" = [ "dep:ff_derive" ]; + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "fixedbitset" = rec { crateName = "fixedbitset"; version = "0.5.7"; @@ -2672,6 +3064,18 @@ rec { "serde" = [ "dep:serde" ]; }; }; + "flagset" = rec { + crateName = "flagset"; + version = "0.4.7"; + edition = "2021"; + sha256 = "1zplx30g76kl5la3ayl9ns5p3diqd9zphbcggqcm4nm7411q5b5p"; + authors = [ + "Nathaniel McCallum " + ]; + features = { + "serde" = [ "dep:serde" ]; + }; + }; "flate2" = rec { crateName = "flate2"; version = "1.1.2"; @@ -3108,6 +3512,12 @@ rec { name = "typenum"; packageId = "typenum"; } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } ]; buildDependencies = [ { @@ -3119,7 +3529,7 @@ rec { "serde" = [ "dep:serde" ]; "zeroize" = [ "dep:zeroize" ]; }; - resolvedDefaultFeatures = [ "more_lengths" ]; + resolvedDefaultFeatures = [ "more_lengths" "zeroize" ]; }; "getrandom 0.2.16" = rec { crateName = "getrandom"; @@ -3155,6 +3565,7 @@ rec { "rustc-dep-of-std" = [ "compiler_builtins" "core" "libc/rustc-dep-of-std" "wasi/rustc-dep-of-std" ]; "wasm-bindgen" = [ "dep:wasm-bindgen" ]; }; + resolvedDefaultFeatures = [ "std" ]; }; "getrandom 0.3.3" = rec { crateName = "getrandom"; @@ -3341,6 +3752,42 @@ rec { }; resolvedDefaultFeatures = [ "default" "futures" "futures-channel" "futures-core" ]; }; + "group" = rec { + crateName = "group"; + version = "0.13.0"; + edition = "2021"; + sha256 = "0qqs2p5vqnv3zvq9mfjkmw3qlvgqb0c3cm6p33srkh7pc9sfzygh"; + authors = [ + "Sean Bowe " + "Jack Grigg " + ]; + dependencies = [ + { + name = "ff"; + packageId = "ff"; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + ]; + features = { + "default" = [ "alloc" ]; + "memuse" = [ "dep:memuse" ]; + "rand" = [ "dep:rand" ]; + "rand_xorshift" = [ "dep:rand_xorshift" ]; + "tests" = [ "alloc" "rand" "rand_xorshift" ]; + "wnaf-memuse" = [ "alloc" "memuse" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "h2" = rec { crateName = "h2"; version = "0.4.12"; @@ -3558,6 +4005,7 @@ rec { features = { "std" = [ "digest/std" ]; }; + resolvedDefaultFeatures = [ "reset" ]; }; "home" = rec { crateName = "home"; @@ -3825,7 +4273,7 @@ rec { "server" = [ "dep:httpdate" "dep:pin-project-lite" "dep:smallvec" ]; "tracing" = [ "dep:tracing" ]; }; - resolvedDefaultFeatures = [ "client" "default" "http1" "http2" "server" ]; + resolvedDefaultFeatures = [ "client" "default" "full" "http1" "http2" "server" ]; }; "hyper-http-proxy" = rec { crateName = "hyper-http-proxy"; @@ -5739,10 +6187,20 @@ rec { authors = [ "Marvin Löbel " ]; + dependencies = [ + { + name = "spin"; + packageId = "spin"; + optional = true; + usesDefaultFeatures = false; + features = [ "once" ]; + } + ]; features = { "spin" = [ "dep:spin" ]; "spin_no_std" = [ "spin" ]; }; + resolvedDefaultFeatures = [ "spin" "spin_no_std" ]; }; "lber" = rec { crateName = "lber"; @@ -6045,6 +6503,20 @@ rec { ]; }; + "libm" = rec { + crateName = "libm"; + version = "0.2.15"; + edition = "2021"; + sha256 = "1plpzf0p829viazdj57yw5dhmlr8ywf3apayxc2f2bq5a6mvryzr"; + authors = [ + "Jorge Aparicio " + ]; + features = { + "default" = [ "arch" ]; + "unstable" = [ "unstable-intrinsics" "unstable-float" ]; + }; + resolvedDefaultFeatures = [ "arch" "default" ]; + }; "libz-sys" = rec { crateName = "libz-sys"; version = "1.1.22"; @@ -6452,6 +6924,86 @@ rec { "serde" = [ "dep:serde" ]; }; }; + "num-bigint-dig" = rec { + crateName = "num-bigint-dig"; + version = "0.8.4"; + edition = "2021"; + sha256 = "0lb12df24wgxxbspz4gw1sf1kdqwvpdcpwq4fdlwg4gj41c1k16w"; + libName = "num_bigint_dig"; + authors = [ + "dignifiedquire " + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "byteorder"; + packageId = "byteorder"; + usesDefaultFeatures = false; + } + { + name = "lazy_static"; + packageId = "lazy_static"; + usesDefaultFeatures = false; + features = [ "spin_no_std" ]; + } + { + name = "libm"; + packageId = "libm"; + } + { + name = "num-integer"; + packageId = "num-integer"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + { + name = "num-iter"; + packageId = "num-iter"; + usesDefaultFeatures = false; + } + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + { + name = "rand"; + packageId = "rand 0.8.5"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "smallvec"; + packageId = "smallvec"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "rand"; + packageId = "rand 0.8.5"; + features = [ "small_rng" ]; + } + ]; + features = { + "arbitrary" = [ "dep:arbitrary" ]; + "default" = [ "std" "u64_digit" ]; + "fuzz" = [ "arbitrary" "smallvec/arbitrary" ]; + "prime" = [ "rand/std_rng" ]; + "rand" = [ "dep:rand" ]; + "serde" = [ "dep:serde" ]; + "std" = [ "num-integer/std" "num-traits/std" "smallvec/write" "rand/std" "serde/std" ]; + "zeroize" = [ "dep:zeroize" ]; + }; + resolvedDefaultFeatures = [ "i128" "prime" "rand" "u64_digit" "zeroize" ]; + }; "num-conv" = rec { crateName = "num-conv"; version = "0.1.0"; @@ -6463,6 +7015,63 @@ rec { ]; }; + "num-integer" = rec { + crateName = "num-integer"; + version = "0.1.46"; + edition = "2018"; + sha256 = "13w5g54a9184cqlbsq80rnxw4jj4s0d8wv75jsq5r2lms8gncsbr"; + libName = "num_integer"; + authors = [ + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + ]; + features = { + "default" = [ "std" ]; + "std" = [ "num-traits/std" ]; + }; + resolvedDefaultFeatures = [ "i128" ]; + }; + "num-iter" = rec { + crateName = "num-iter"; + version = "0.1.45"; + edition = "2018"; + sha256 = "1gzm7vc5g9qsjjl3bqk9rz1h6raxhygbrcpbfl04swlh0i506a8l"; + libName = "num_iter"; + authors = [ + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "num-integer"; + packageId = "num-integer"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "i128" ]; + } + ]; + buildDependencies = [ + { + name = "autocfg"; + packageId = "autocfg"; + } + ]; + features = { + "default" = [ "std" ]; + "std" = [ "num-integer/std" "num-traits/std" ]; + }; + }; "num-traits" = rec { crateName = "num-traits"; version = "0.2.19"; @@ -6472,6 +7081,13 @@ rec { authors = [ "The Rust Project Developers" ]; + dependencies = [ + { + name = "libm"; + packageId = "libm"; + optional = true; + } + ]; buildDependencies = [ { name = "autocfg"; @@ -6482,7 +7098,7 @@ rec { "default" = [ "std" ]; "libm" = [ "dep:libm" ]; }; - resolvedDefaultFeatures = [ "std" ]; + resolvedDefaultFeatures = [ "i128" "libm" "std" ]; }; "object" = rec { crateName = "object"; @@ -7030,7 +7646,7 @@ rec { } { name = "rand"; - packageId = "rand"; + packageId = "rand 0.9.2"; optional = true; usesDefaultFeatures = false; features = [ "std" "std_rng" "small_rng" "os_rng" "thread_rng" ]; @@ -7186,6 +7802,79 @@ rec { ]; }; + "p256" = rec { + crateName = "p256"; + version = "0.13.2"; + edition = "2021"; + sha256 = "0jyd3c3k239ybs59ixpnl7dqkmm072fr1js8kh7ldx58bzc3m1n9"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "ecdsa"; + packageId = "ecdsa"; + rename = "ecdsa-core"; + optional = true; + usesDefaultFeatures = false; + features = [ "der" ]; + } + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "hazmat" "sec1" ]; + } + { + name = "primeorder"; + packageId = "primeorder"; + optional = true; + } + { + name = "sha2"; + packageId = "sha2"; + optional = true; + usesDefaultFeatures = false; + } + ]; + devDependencies = [ + { + name = "ecdsa"; + packageId = "ecdsa"; + rename = "ecdsa-core"; + usesDefaultFeatures = false; + features = [ "dev" ]; + } + { + name = "primeorder"; + packageId = "primeorder"; + features = [ "dev" ]; + } + ]; + features = { + "alloc" = [ "ecdsa-core?/alloc" "elliptic-curve/alloc" ]; + "arithmetic" = [ "dep:primeorder" "elliptic-curve/arithmetic" ]; + "bits" = [ "arithmetic" "elliptic-curve/bits" ]; + "default" = [ "arithmetic" "ecdsa" "pem" "std" ]; + "digest" = [ "ecdsa-core/digest" "ecdsa-core/hazmat" ]; + "ecdh" = [ "arithmetic" "elliptic-curve/ecdh" ]; + "ecdsa" = [ "arithmetic" "ecdsa-core/signing" "ecdsa-core/verifying" "sha256" ]; + "ecdsa-core" = [ "dep:ecdsa-core" ]; + "expose-field" = [ "arithmetic" ]; + "hash2curve" = [ "arithmetic" "elliptic-curve/hash2curve" ]; + "jwk" = [ "elliptic-curve/jwk" ]; + "pem" = [ "elliptic-curve/pem" "ecdsa-core/pem" "pkcs8" ]; + "pkcs8" = [ "ecdsa-core?/pkcs8" "elliptic-curve/pkcs8" ]; + "serde" = [ "ecdsa-core?/serde" "elliptic-curve/serde" "primeorder?/serde" "serdect" ]; + "serdect" = [ "dep:serdect" ]; + "sha2" = [ "dep:sha2" ]; + "sha256" = [ "digest" "sha2" ]; + "std" = [ "alloc" "ecdsa-core?/std" "elliptic-curve/std" ]; + "test-vectors" = [ "dep:hex-literal" ]; + "voprf" = [ "elliptic-curve/voprf" "sha2" ]; + }; + resolvedDefaultFeatures = [ "alloc" "arithmetic" "default" "digest" "ecdsa" "ecdsa-core" "pem" "pkcs8" "sha2" "sha256" "std" ]; + }; "parking" = rec { crateName = "parking"; version = "2.2.1"; @@ -7295,6 +7984,27 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; + "pem-rfc7468" = rec { + crateName = "pem-rfc7468"; + version = "0.7.0"; + edition = "2021"; + sha256 = "04l4852scl4zdva31c1z6jafbak0ni5pi0j38ml108zwzjdrrcw8"; + libName = "pem_rfc7468"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base64ct"; + packageId = "base64ct"; + } + ]; + features = { + "alloc" = [ "base64ct/alloc" ]; + "std" = [ "alloc" "base64ct/std" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; "percent-encoding" = rec { crateName = "percent-encoding"; version = "2.3.1"; @@ -7527,6 +8237,74 @@ rec { ]; }; + "pkcs1" = rec { + crateName = "pkcs1"; + version = "0.7.5"; + edition = "2021"; + sha256 = "0zz4mil3nchnxljdfs2k5ab1cjqn7kq5lqp62n9qfix01zqvkzy8"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "der"; + packageId = "der"; + features = [ "oid" ]; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "spki"; + packageId = "spki"; + } + ]; + features = { + "alloc" = [ "der/alloc" "zeroize" "pkcs8?/alloc" ]; + "pem" = [ "alloc" "der/pem" "pkcs8?/pem" ]; + "pkcs8" = [ "dep:pkcs8" ]; + "std" = [ "der/std" "alloc" ]; + "zeroize" = [ "der/zeroize" ]; + }; + resolvedDefaultFeatures = [ "alloc" "pem" "pkcs8" "std" "zeroize" ]; + }; + "pkcs8" = rec { + crateName = "pkcs8"; + version = "0.10.2"; + edition = "2021"; + sha256 = "1dx7w21gvn07azszgqd3ryjhyphsrjrmq5mmz1fbxkj5g0vv4l7r"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "der"; + packageId = "der"; + features = [ "oid" ]; + } + { + name = "spki"; + packageId = "spki"; + } + ]; + features = { + "3des" = [ "encryption" "pkcs5/3des" ]; + "alloc" = [ "der/alloc" "der/zeroize" "spki/alloc" ]; + "des-insecure" = [ "encryption" "pkcs5/des-insecure" ]; + "encryption" = [ "alloc" "pkcs5/alloc" "pkcs5/pbes2" "rand_core" ]; + "getrandom" = [ "rand_core/getrandom" ]; + "pem" = [ "alloc" "der/pem" "spki/pem" ]; + "pkcs5" = [ "dep:pkcs5" ]; + "rand_core" = [ "dep:rand_core" ]; + "sha1-insecure" = [ "encryption" "pkcs5/sha1-insecure" ]; + "std" = [ "alloc" "der/std" "spki/std" ]; + "subtle" = [ "dep:subtle" ]; + }; + resolvedDefaultFeatures = [ "alloc" "pem" "std" ]; + }; "pkg-config" = rec { crateName = "pkg-config"; version = "0.3.32"; @@ -7638,6 +8416,29 @@ rec { }; resolvedDefaultFeatures = [ "verbatim" ]; }; + "primeorder" = rec { + crateName = "primeorder"; + version = "0.13.6"; + edition = "2021"; + sha256 = "1rp16710mxksagcjnxqjjq9r9wf5vf72fs8wxffnvhb6i6hiqgim"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "elliptic-curve"; + packageId = "elliptic-curve"; + usesDefaultFeatures = false; + features = [ "arithmetic" "sec1" ]; + } + ]; + features = { + "alloc" = [ "elliptic-curve/alloc" ]; + "serde" = [ "elliptic-curve/serde" "serdect" ]; + "serdect" = [ "dep:serdect" ]; + "std" = [ "alloc" "elliptic-curve/std" ]; + }; + }; "proc-macro2" = rec { crateName = "proc-macro2"; version = "1.0.101"; @@ -8057,11 +8858,11 @@ rec { "rustc-dep-of-std" = [ "core" ]; }; }; - "rand" = rec { + "rand 0.8.5" = rec { crateName = "rand"; - version = "0.9.2"; - edition = "2021"; - sha256 = "1lah73ainvrgl7brcxx0pwhpnqa3sm3qaj672034jz8i0q7pgckd"; + version = "0.8.5"; + edition = "2018"; + sha256 = "013l6931nn7gkc23jz5mm3qdhf93jjf0fg64nz2lp4i51qd8vbrl"; authors = [ "The Rand Project Developers" "The Rust Project Developers" @@ -8069,32 +8870,69 @@ rec { dependencies = [ { name = "rand_chacha"; - packageId = "rand_chacha"; + packageId = "rand_chacha 0.3.1"; optional = true; usesDefaultFeatures = false; } { name = "rand_core"; - packageId = "rand_core"; - usesDefaultFeatures = false; + packageId = "rand_core 0.6.4"; } ]; features = { - "default" = [ "std" "std_rng" "os_rng" "small_rng" "thread_rng" ]; + "alloc" = [ "rand_core/alloc" ]; + "default" = [ "std" "std_rng" ]; + "getrandom" = [ "rand_core/getrandom" ]; + "libc" = [ "dep:libc" ]; "log" = [ "dep:log" ]; - "os_rng" = [ "rand_core/os_rng" ]; - "serde" = [ "dep:serde" "rand_core/serde" ]; - "std" = [ "rand_core/std" "rand_chacha?/std" "alloc" ]; - "std_rng" = [ "dep:rand_chacha" ]; - "thread_rng" = [ "std" "std_rng" "os_rng" ]; + "packed_simd" = [ "dep:packed_simd" ]; + "rand_chacha" = [ "dep:rand_chacha" ]; + "serde" = [ "dep:serde" ]; + "serde1" = [ "serde" "rand_core/serde1" ]; + "simd_support" = [ "packed_simd" ]; + "std" = [ "rand_core/std" "rand_chacha/std" "alloc" "getrandom" "libc" ]; + "std_rng" = [ "rand_chacha" ]; }; - resolvedDefaultFeatures = [ "alloc" "default" "os_rng" "small_rng" "std" "std_rng" "thread_rng" ]; + resolvedDefaultFeatures = [ "rand_chacha" "std_rng" ]; }; - "rand_chacha" = rec { - crateName = "rand_chacha"; - version = "0.9.0"; + "rand 0.9.2" = rec { + crateName = "rand"; + version = "0.9.2"; edition = "2021"; - sha256 = "1jr5ygix7r60pz0s1cv3ms1f6pd1i9pcdmnxzzhjc3zn3mgjn0nk"; + sha256 = "1lah73ainvrgl7brcxx0pwhpnqa3sm3qaj672034jz8i0q7pgckd"; + authors = [ + "The Rand Project Developers" + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "rand_chacha"; + packageId = "rand_chacha 0.9.0"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.9.3"; + usesDefaultFeatures = false; + } + ]; + features = { + "default" = [ "std" "std_rng" "os_rng" "small_rng" "thread_rng" ]; + "log" = [ "dep:log" ]; + "os_rng" = [ "rand_core/os_rng" ]; + "serde" = [ "dep:serde" "rand_core/serde" ]; + "std" = [ "rand_core/std" "rand_chacha?/std" "alloc" ]; + "std_rng" = [ "dep:rand_chacha" ]; + "thread_rng" = [ "std" "std_rng" "os_rng" ]; + }; + resolvedDefaultFeatures = [ "alloc" "default" "os_rng" "small_rng" "std" "std_rng" "thread_rng" ]; + }; + "rand_chacha 0.3.1" = rec { + crateName = "rand_chacha"; + version = "0.3.1"; + edition = "2018"; + sha256 = "123x2adin558xbhvqb8w4f6syjsdkmqff8cxwhmjacpsl1ihmhg6"; authors = [ "The Rand Project Developers" "The Rust Project Developers" @@ -8109,13 +8947,42 @@ rec { } { name = "rand_core"; - packageId = "rand_core"; + packageId = "rand_core 0.6.4"; + } + ]; + features = { + "default" = [ "std" ]; + "serde" = [ "dep:serde" ]; + "serde1" = [ "serde" ]; + "std" = [ "ppv-lite86/std" ]; + }; + }; + "rand_chacha 0.9.0" = rec { + crateName = "rand_chacha"; + version = "0.9.0"; + edition = "2021"; + sha256 = "1jr5ygix7r60pz0s1cv3ms1f6pd1i9pcdmnxzzhjc3zn3mgjn0nk"; + authors = [ + "The Rand Project Developers" + "The Rust Project Developers" + "The CryptoCorrosion Contributors" + ]; + dependencies = [ + { + name = "ppv-lite86"; + packageId = "ppv-lite86"; + usesDefaultFeatures = false; + features = [ "simd" ]; + } + { + name = "rand_core"; + packageId = "rand_core 0.9.3"; } ]; devDependencies = [ { name = "rand_core"; - packageId = "rand_core"; + packageId = "rand_core 0.9.3"; features = [ "os_rng" ]; } ]; @@ -8127,7 +8994,31 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; - "rand_core" = rec { + "rand_core 0.6.4" = rec { + crateName = "rand_core"; + version = "0.6.4"; + edition = "2018"; + sha256 = "0b4j2v4cb5krak1pv6kakv4sz6xcwbrmy2zckc32hsigbrwy82zc"; + authors = [ + "The Rand Project Developers" + "The Rust Project Developers" + ]; + dependencies = [ + { + name = "getrandom"; + packageId = "getrandom 0.2.16"; + optional = true; + } + ]; + features = { + "getrandom" = [ "dep:getrandom" ]; + "serde" = [ "dep:serde" ]; + "serde1" = [ "serde" ]; + "std" = [ "alloc" "getrandom" "getrandom/std" ]; + }; + resolvedDefaultFeatures = [ "alloc" "getrandom" "std" ]; + }; + "rand_core 0.9.3" = rec { crateName = "rand_core"; version = "0.9.3"; edition = "2021"; @@ -8605,6 +9496,29 @@ rec { }; resolvedDefaultFeatures = [ "blocking" ]; }; + "rfc6979" = rec { + crateName = "rfc6979"; + version = "0.4.0"; + edition = "2021"; + sha256 = "1chw95jgcfrysyzsq6a10b1j5qb7bagkx8h0wda4lv25in02mpgq"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "hmac"; + packageId = "hmac"; + usesDefaultFeatures = false; + features = [ "reset" ]; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + ]; + + }; "ring" = rec { crateName = "ring"; version = "0.17.14"; @@ -8666,6 +9580,119 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "default" "dev_urandom_fallback" ]; }; + "rsa" = rec { + crateName = "rsa"; + version = "0.9.8"; + edition = "2021"; + sha256 = "06v9zl604jsqjajm647l9jjirn7k4lc8lmvys6hmqshpxp0qm4kq"; + authors = [ + "RustCrypto Developers" + "dignifiedquire " + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + usesDefaultFeatures = false; + } + { + name = "digest"; + packageId = "digest"; + usesDefaultFeatures = false; + features = [ "alloc" "oid" ]; + } + { + name = "num-bigint-dig"; + packageId = "num-bigint-dig"; + rename = "num-bigint"; + usesDefaultFeatures = false; + features = [ "i128" "prime" "zeroize" ]; + } + { + name = "num-integer"; + packageId = "num-integer"; + usesDefaultFeatures = false; + } + { + name = "num-traits"; + packageId = "num-traits"; + usesDefaultFeatures = false; + features = [ "libm" ]; + } + { + name = "pkcs1"; + packageId = "pkcs1"; + usesDefaultFeatures = false; + features = [ "alloc" "pkcs8" ]; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + usesDefaultFeatures = false; + features = [ "alloc" ]; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "sha2"; + packageId = "sha2"; + optional = true; + usesDefaultFeatures = false; + features = [ "oid" ]; + } + { + name = "signature"; + packageId = "signature"; + usesDefaultFeatures = false; + features = [ "alloc" "digest" "rand_core" ]; + } + { + name = "spki"; + packageId = "spki"; + usesDefaultFeatures = false; + features = [ "alloc" ]; + } + { + name = "subtle"; + packageId = "subtle"; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + features = [ "alloc" ]; + } + ]; + devDependencies = [ + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + usesDefaultFeatures = false; + } + { + name = "sha2"; + packageId = "sha2"; + usesDefaultFeatures = false; + features = [ "oid" ]; + } + ]; + features = { + "default" = [ "std" "pem" "u64_digit" ]; + "getrandom" = [ "rand_core/getrandom" ]; + "nightly" = [ "num-bigint/nightly" ]; + "pem" = [ "pkcs1/pem" "pkcs8/pem" ]; + "pkcs5" = [ "pkcs8/encryption" ]; + "serde" = [ "dep:serde" "num-bigint/serde" ]; + "sha1" = [ "dep:sha1" ]; + "sha2" = [ "dep:sha2" ]; + "std" = [ "digest/std" "pkcs1/std" "pkcs8/std" "rand_core/std" "signature/std" ]; + "u64_digit" = [ "num-bigint/u64_digit" ]; + }; + resolvedDefaultFeatures = [ "default" "pem" "sha2" "std" "u64_digit" ]; + }; "rustc-demangle" = rec { crateName = "rustc-demangle"; version = "0.1.26"; @@ -9187,6 +10214,66 @@ rec { "default" = [ "use_std" ]; }; }; + "sec1" = rec { + crateName = "sec1"; + version = "0.7.3"; + edition = "2021"; + sha256 = "1p273j8c87pid6a1iyyc7vxbvifrw55wbxgr0dh3l8vnbxb7msfk"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base16ct"; + packageId = "base16ct"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "der"; + packageId = "der"; + optional = true; + features = [ "oid" ]; + } + { + name = "generic-array"; + packageId = "generic-array"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "pkcs8"; + packageId = "pkcs8"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "subtle"; + packageId = "subtle"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "zeroize"; + packageId = "zeroize"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "alloc" = [ "der?/alloc" "pkcs8?/alloc" "zeroize?/alloc" ]; + "default" = [ "der" "point" ]; + "der" = [ "dep:der" "zeroize" ]; + "pem" = [ "alloc" "der/pem" "pkcs8/pem" ]; + "pkcs8" = [ "dep:pkcs8" ]; + "point" = [ "dep:base16ct" "dep:generic-array" ]; + "serde" = [ "dep:serdect" ]; + "std" = [ "alloc" "der?/std" ]; + "subtle" = [ "dep:subtle" ]; + "zeroize" = [ "dep:zeroize" "der?/zeroize" ]; + }; + resolvedDefaultFeatures = [ "alloc" "default" "der" "pem" "pkcs8" "point" "std" "subtle" "zeroize" ]; + }; "secrecy" = rec { crateName = "secrecy"; version = "0.10.3"; @@ -9664,6 +10751,7 @@ rec { "sha2-asm" = [ "dep:sha2-asm" ]; "std" = [ "digest/std" ]; }; + resolvedDefaultFeatures = [ "default" "oid" "std" ]; }; "sharded-slab" = rec { crateName = "sharded-slab"; @@ -9720,6 +10808,36 @@ rec { ]; }; + "signature" = rec { + crateName = "signature"; + version = "2.2.0"; + edition = "2021"; + sha256 = "1pi9hd5vqfr3q3k49k37z06p7gs5si0in32qia4mmr1dancr6m3p"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "digest"; + packageId = "digest"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + optional = true; + usesDefaultFeatures = false; + } + ]; + features = { + "derive" = [ "dep:derive" ]; + "digest" = [ "dep:digest" ]; + "rand_core" = [ "dep:rand_core" ]; + "std" = [ "alloc" "rand_core?/std" ]; + }; + resolvedDefaultFeatures = [ "alloc" "digest" "rand_core" "std" ]; + }; "slab" = rec { crateName = "slab"; version = "0.4.11"; @@ -9903,50 +11021,210 @@ rec { packageId = "syn 2.0.106"; features = [ "full" ]; } - ]; - features = { - }; - resolvedDefaultFeatures = [ "rust_1_61" ]; - }; - "socket2" = rec { - crateName = "socket2"; - version = "0.6.0"; - edition = "2021"; - sha256 = "01qqdzfnr0bvdwq6wl56c9c4m2cvbxn43dfpcv8gjx208sph8d93"; - authors = [ - "Alex Crichton " - "Thomas de Zeeuw " - ]; - dependencies = [ + ]; + features = { + }; + resolvedDefaultFeatures = [ "rust_1_61" ]; + }; + "socket2" = rec { + crateName = "socket2"; + version = "0.6.0"; + edition = "2021"; + sha256 = "01qqdzfnr0bvdwq6wl56c9c4m2cvbxn43dfpcv8gjx208sph8d93"; + authors = [ + "Alex Crichton " + "Thomas de Zeeuw " + ]; + dependencies = [ + { + name = "libc"; + packageId = "libc"; + target = { target, features }: (target."unix" or false); + } + { + name = "windows-sys"; + packageId = "windows-sys 0.59.0"; + target = { target, features }: (target."windows" or false); + features = [ "Win32_Foundation" "Win32_Networking_WinSock" "Win32_System_IO" "Win32_System_Threading" "Win32_System_WindowsProgramming" ]; + } + ]; + features = { + }; + resolvedDefaultFeatures = [ "all" ]; + }; + "spin" = rec { + crateName = "spin"; + version = "0.9.8"; + edition = "2015"; + sha256 = "0rvam5r0p3a6qhc18scqpvpgb3ckzyqxpgdfyjnghh8ja7byi039"; + authors = [ + "Mathijs van de Nes " + "John Ericson " + "Joshua Barretto " + ]; + features = { + "barrier" = [ "mutex" ]; + "default" = [ "lock_api" "mutex" "spin_mutex" "rwlock" "once" "lazy" "barrier" ]; + "fair_mutex" = [ "mutex" ]; + "lazy" = [ "once" ]; + "lock_api" = [ "lock_api_crate" ]; + "lock_api_crate" = [ "dep:lock_api_crate" ]; + "portable-atomic" = [ "dep:portable-atomic" ]; + "portable_atomic" = [ "portable-atomic" ]; + "spin_mutex" = [ "mutex" ]; + "ticket_mutex" = [ "mutex" ]; + "use_ticket_mutex" = [ "mutex" "ticket_mutex" ]; + }; + resolvedDefaultFeatures = [ "once" ]; + }; + "spki" = rec { + crateName = "spki"; + version = "0.7.3"; + edition = "2021"; + sha256 = "17fj8k5fmx4w9mp27l970clrh5qa7r5sjdvbsln987xhb34dc7nr"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "base64ct"; + packageId = "base64ct"; + optional = true; + usesDefaultFeatures = false; + } + { + name = "der"; + packageId = "der"; + features = [ "oid" ]; + } + ]; + features = { + "alloc" = [ "base64ct?/alloc" "der/alloc" ]; + "arbitrary" = [ "std" "dep:arbitrary" "der/arbitrary" ]; + "base64" = [ "dep:base64ct" ]; + "fingerprint" = [ "sha2" ]; + "pem" = [ "alloc" "der/pem" ]; + "sha2" = [ "dep:sha2" ]; + "std" = [ "der/std" "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" "pem" "std" ]; + }; + "stable_deref_trait" = rec { + crateName = "stable_deref_trait"; + version = "1.2.0"; + edition = "2015"; + sha256 = "1lxjr8q2n534b2lhkxd6l6wcddzjvnksi58zv11f9y0jjmr15wd8"; + authors = [ + "Robert Grosse " + ]; + features = { + "default" = [ "std" ]; + "std" = [ "alloc" ]; + }; + resolvedDefaultFeatures = [ "alloc" ]; + }; + "stackable-certs" = rec { + crateName = "stackable-certs"; + version = "0.4.0"; + edition = "2024"; + workspace_member = null; + src = pkgs.fetchgit { + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "20659fe864c643fe48c7ff70ed417f0ed05ccf45"; + sha256 = "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0"; + }; + libName = "stackable_certs"; + authors = [ + "Stackable GmbH " + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + features = [ "db" ]; + } + { + name = "ecdsa"; + packageId = "ecdsa"; + features = [ "digest" "pem" ]; + } + { + name = "k8s-openapi"; + packageId = "k8s-openapi"; + usesDefaultFeatures = false; + features = [ "schemars" "v1_33" ]; + } + { + name = "kube"; + packageId = "kube"; + usesDefaultFeatures = false; + features = [ "client" "jsonpatch" "runtime" "derive" "rustls-tls" "ring" ]; + } + { + name = "p256"; + packageId = "p256"; + features = [ "ecdsa" ]; + } + { + name = "rand"; + packageId = "rand 0.9.2"; + } + { + name = "rand_core"; + packageId = "rand_core 0.6.4"; + } + { + name = "rsa"; + packageId = "rsa"; + features = [ "sha2" ]; + } + { + name = "sha2"; + packageId = "sha2"; + features = [ "oid" ]; + } + { + name = "signature"; + packageId = "signature"; + } + { + name = "snafu"; + packageId = "snafu 0.8.7"; + } + { + name = "stackable-shared"; + packageId = "stackable-shared"; + } + { + name = "tokio"; + packageId = "tokio"; + features = [ "macros" "rt-multi-thread" "fs" ]; + } + { + name = "tokio-rustls"; + packageId = "tokio-rustls"; + optional = true; + usesDefaultFeatures = false; + features = [ "ring" "logging" "tls12" ]; + } + { + name = "tracing"; + packageId = "tracing"; + } { - name = "libc"; - packageId = "libc"; - target = { target, features }: (target."unix" or false); + name = "x509-cert"; + packageId = "x509-cert"; + features = [ "builder" ]; } { - name = "windows-sys"; - packageId = "windows-sys 0.59.0"; - target = { target, features }: (target."windows" or false); - features = [ "Win32_Foundation" "Win32_Networking_WinSock" "Win32_System_IO" "Win32_System_Threading" "Win32_System_WindowsProgramming" ]; + name = "zeroize"; + packageId = "zeroize"; } ]; features = { + "rustls" = [ "dep:tokio-rustls" ]; }; - resolvedDefaultFeatures = [ "all" ]; - }; - "stable_deref_trait" = rec { - crateName = "stable_deref_trait"; - version = "1.2.0"; - edition = "2015"; - sha256 = "1lxjr8q2n534b2lhkxd6l6wcddzjvnksi58zv11f9y0jjmr15wd8"; - authors = [ - "Robert Grosse " - ]; - features = { - "default" = [ "std" ]; - "std" = [ "alloc" ]; - }; - resolvedDefaultFeatures = [ "alloc" ]; + resolvedDefaultFeatures = [ "default" "rustls" ]; }; "stackable-krb5-provision-keytab" = rec { crateName = "stackable-krb5-provision-keytab"; @@ -9990,7 +11268,7 @@ rec { } { name = "rand"; - packageId = "rand"; + packageId = "rand 0.9.2"; } { name = "serde"; @@ -10008,7 +11286,7 @@ rec { { name = "stackable-operator"; packageId = "stackable-operator"; - features = [ "time" "telemetry" ]; + features = [ "time" "telemetry" "versioned" "webhook" ]; } { name = "stackable-secret-operator-crd-utils"; @@ -10158,6 +11436,11 @@ rec { packageId = "stackable-versioned"; optional = true; } + { + name = "stackable-webhook"; + packageId = "stackable-webhook"; + optional = true; + } { name = "strum"; packageId = "strum"; @@ -10196,7 +11479,7 @@ rec { "versioned" = [ "dep:stackable-versioned" ]; "webhook" = [ "dep:stackable-webhook" ]; }; - resolvedDefaultFeatures = [ "default" "telemetry" "time" "versioned" ]; + resolvedDefaultFeatures = [ "default" "telemetry" "time" "versioned" "webhook" ]; }; "stackable-operator-derive" = rec { crateName = "stackable-operator-derive"; @@ -10305,7 +11588,7 @@ rec { } { name = "rand"; - packageId = "rand"; + packageId = "rand 0.9.2"; } { name = "serde"; @@ -10316,6 +11599,10 @@ rec { name = "serde_json"; packageId = "serde_json"; } + { + name = "serde_yaml"; + packageId = "serde_yaml"; + } { name = "snafu"; packageId = "snafu 0.8.7"; @@ -10332,7 +11619,7 @@ rec { { name = "stackable-operator"; packageId = "stackable-operator"; - features = [ "time" "telemetry" ]; + features = [ "time" "telemetry" "versioned" "webhook" ]; } { name = "stackable-secret-operator-crd-utils"; @@ -10430,7 +11717,7 @@ rec { { name = "stackable-operator"; packageId = "stackable-operator"; - features = [ "time" "telemetry" ]; + features = [ "time" "telemetry" "versioned" "webhook" ]; } ]; @@ -10475,7 +11762,7 @@ rec { { name = "stackable-operator"; packageId = "stackable-operator"; - features = [ "time" "telemetry" ]; + features = [ "time" "telemetry" "versioned" "webhook" ]; } { name = "tokio"; @@ -10792,6 +12079,125 @@ rec { } ]; + }; + "stackable-webhook" = rec { + crateName = "stackable-webhook"; + version = "0.5.0"; + edition = "2024"; + workspace_member = null; + src = pkgs.fetchgit { + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "20659fe864c643fe48c7ff70ed417f0ed05ccf45"; + sha256 = "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0"; + }; + libName = "stackable_webhook"; + authors = [ + "Stackable GmbH " + ]; + dependencies = [ + { + name = "arc-swap"; + packageId = "arc-swap"; + } + { + name = "axum"; + packageId = "axum"; + features = [ "http2" ]; + } + { + name = "futures-util"; + packageId = "futures-util"; + } + { + name = "hyper"; + packageId = "hyper"; + features = [ "full" ]; + } + { + name = "hyper-util"; + packageId = "hyper-util"; + } + { + name = "k8s-openapi"; + packageId = "k8s-openapi"; + usesDefaultFeatures = false; + features = [ "schemars" "v1_33" ]; + } + { + name = "kube"; + packageId = "kube"; + usesDefaultFeatures = false; + features = [ "client" "jsonpatch" "runtime" "derive" "rustls-tls" "ring" ]; + } + { + name = "opentelemetry"; + packageId = "opentelemetry"; + } + { + name = "opentelemetry-semantic-conventions"; + packageId = "opentelemetry-semantic-conventions"; + } + { + name = "rand"; + packageId = "rand 0.9.2"; + } + { + name = "serde_json"; + packageId = "serde_json"; + } + { + name = "snafu"; + packageId = "snafu 0.8.7"; + } + { + name = "stackable-certs"; + packageId = "stackable-certs"; + features = [ "rustls" ]; + } + { + name = "stackable-shared"; + packageId = "stackable-shared"; + } + { + name = "stackable-telemetry"; + packageId = "stackable-telemetry"; + } + { + name = "tokio"; + packageId = "tokio"; + features = [ "macros" "rt-multi-thread" "fs" ]; + } + { + name = "tokio-rustls"; + packageId = "tokio-rustls"; + usesDefaultFeatures = false; + features = [ "ring" "logging" "tls12" ]; + } + { + name = "tower"; + packageId = "tower"; + features = [ "util" ]; + } + { + name = "tower-http"; + packageId = "tower-http"; + features = [ "trace" ]; + } + { + name = "tracing"; + packageId = "tracing"; + } + { + name = "tracing-opentelemetry"; + packageId = "tracing-opentelemetry"; + } + { + name = "x509-cert"; + packageId = "x509-cert"; + features = [ "builder" ]; + } + ]; + }; "strsim" = rec { crateName = "strsim"; @@ -10869,6 +12275,7 @@ rec { features = { "default" = [ "std" "i128" ]; }; + resolvedDefaultFeatures = [ "i128" ]; }; "syn 1.0.109" = rec { crateName = "syn"; @@ -11327,6 +12734,68 @@ rec { }; resolvedDefaultFeatures = [ "alloc" "zerovec" ]; }; + "tls_codec" = rec { + crateName = "tls_codec"; + version = "0.4.2"; + edition = "2021"; + sha256 = "0sxzj0pdinn7fsc8aihqgfylsqi7z9jca0aqy3b8kfz28l9f1qhd"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "tls_codec_derive"; + packageId = "tls_codec_derive"; + optional = true; + } + { + name = "zeroize"; + packageId = "zeroize"; + usesDefaultFeatures = false; + features = [ "alloc" "zeroize_derive" ]; + } + ]; + features = { + "arbitrary" = [ "std" "dep:arbitrary" ]; + "conditional_deserialization" = [ "derive" "tls_codec_derive/conditional_deserialization" ]; + "default" = [ "std" ]; + "derive" = [ "tls_codec_derive" ]; + "serde" = [ "std" "dep:serde" ]; + "std" = [ "tls_codec_derive?/std" ]; + "tls_codec_derive" = [ "dep:tls_codec_derive" ]; + }; + resolvedDefaultFeatures = [ "derive" "std" "tls_codec_derive" ]; + }; + "tls_codec_derive" = rec { + crateName = "tls_codec_derive"; + version = "0.4.2"; + edition = "2021"; + sha256 = "1gglj5cxkpv7i3jazffksrfy5h5242kdvsqawjm2yh1915lpcbid"; + procMacro = true; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "proc-macro2"; + packageId = "proc-macro2"; + } + { + name = "quote"; + packageId = "quote"; + } + { + name = "syn"; + packageId = "syn 2.0.106"; + features = [ "parsing" ]; + } + ]; + features = { + "conditional_deserialization" = [ "syn/full" ]; + "default" = [ "std" ]; + }; + resolvedDefaultFeatures = [ "default" "std" ]; + }; "tokio" = rec { crateName = "tokio"; version = "1.47.1"; @@ -11545,7 +13014,7 @@ rec { "ring" = [ "rustls/ring" ]; "tls12" = [ "rustls/tls12" ]; }; - resolvedDefaultFeatures = [ "logging" "tls12" ]; + resolvedDefaultFeatures = [ "logging" "ring" "tls12" ]; }; "tokio-stream" = rec { crateName = "tokio-stream"; @@ -15986,6 +17455,62 @@ rec { "either" = [ "dep:either" ]; }; }; + "x509-cert" = rec { + crateName = "x509-cert"; + version = "0.2.5"; + edition = "2021"; + sha256 = "155f42vm6m7phn8w7s2wmk9vli3ws45dqpk5z3jilw0a04syj08k"; + libName = "x509_cert"; + authors = [ + "RustCrypto Developers" + ]; + dependencies = [ + { + name = "const-oid"; + packageId = "const-oid"; + features = [ "db" ]; + } + { + name = "der"; + packageId = "der"; + features = [ "alloc" "derive" "flagset" "oid" ]; + } + { + name = "sha1"; + packageId = "sha1"; + optional = true; + } + { + name = "signature"; + packageId = "signature"; + optional = true; + features = [ "rand_core" ]; + } + { + name = "spki"; + packageId = "spki"; + features = [ "alloc" ]; + } + { + name = "tls_codec"; + packageId = "tls_codec"; + optional = true; + usesDefaultFeatures = false; + features = [ "derive" ]; + } + ]; + features = { + "arbitrary" = [ "dep:arbitrary" "std" "der/arbitrary" "spki/arbitrary" ]; + "builder" = [ "std" "sha1/default" "signature" ]; + "default" = [ "pem" "std" ]; + "pem" = [ "der/pem" "spki/pem" ]; + "sct" = [ "dep:tls_codec" ]; + "sha1" = [ "dep:sha1" ]; + "signature" = [ "dep:signature" ]; + "std" = [ "const-oid/std" "der/std" "spki/std" "tls_codec?/std" ]; + }; + resolvedDefaultFeatures = [ "builder" "default" "pem" "sha1" "signature" "std" ]; + }; "xml-rs" = rec { crateName = "xml-rs"; version = "0.8.27"; @@ -16218,6 +17743,13 @@ rec { authors = [ "The RustCrypto Project Developers" ]; + dependencies = [ + { + name = "zeroize_derive"; + packageId = "zeroize_derive"; + optional = true; + } + ]; features = { "default" = [ "alloc" ]; "derive" = [ "zeroize_derive" ]; @@ -16225,7 +17757,33 @@ rec { "std" = [ "alloc" ]; "zeroize_derive" = [ "dep:zeroize_derive" ]; }; - resolvedDefaultFeatures = [ "alloc" "default" ]; + resolvedDefaultFeatures = [ "alloc" "default" "zeroize_derive" ]; + }; + "zeroize_derive" = rec { + crateName = "zeroize_derive"; + version = "1.4.2"; + edition = "2021"; + sha256 = "0sczjlqjdmrp3wn62g7mw6p438c9j4jgp2f9zamd56991mdycdnf"; + procMacro = true; + authors = [ + "The RustCrypto Project Developers" + ]; + dependencies = [ + { + name = "proc-macro2"; + packageId = "proc-macro2"; + } + { + name = "quote"; + packageId = "quote"; + } + { + name = "syn"; + packageId = "syn 2.0.106"; + features = [ "full" "extra-traits" "visit" ]; + } + ]; + }; "zerotrie" = rec { crateName = "zerotrie"; diff --git a/Cargo.toml b/Cargo.toml index 4bc8ff6f..0423c89d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ edition = "2021" repository = "https://github.com/stackabletech/secret-operator" [workspace.dependencies] -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["time", "telemetry"], tag = "stackable-operator-0.95.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["time", "telemetry", "versioned", "webhook"], tag = "stackable-operator-0.95.0" } krb5 = { git = "https://github.com/stackabletech/krb5-rs.git", tag = "v0.1.0" } anyhow = "1.0" diff --git a/Makefile b/Makefile index 96e1030d..7f5aadb5 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,6 @@ compile-chart: version crds config chart-clean: rm -rf "deploy/helm/${OPERATOR_NAME}/configs" - rm -rf "deploy/helm/${OPERATOR_NAME}/crds" version: cat "deploy/helm/${OPERATOR_NAME}/Chart.yaml" | yq ".version = \"${VERSION}\" | .appVersion = \"${VERSION}\"" > "deploy/helm/${OPERATOR_NAME}/Chart.yaml.new" @@ -117,9 +116,10 @@ config: cp -r deploy/config-spec/* "deploy/helm/${OPERATOR_NAME}/configs";\ fi +# We generate a crds.yaml, so that the effect of code changes are visible. +# The operator will take care of the CRD rollout itself. crds: - mkdir -p deploy/helm/"${OPERATOR_NAME}"/crds - cargo run --bin stackable-"${OPERATOR_NAME}" -- crd | yq eval '.metadata.annotations["helm.sh/resource-policy"]="keep"' - > "deploy/helm/${OPERATOR_NAME}/crds/crds.yaml" + cargo run --bin stackable-"${OPERATOR_NAME}" -- crd > crds.yaml chart-lint: compile-chart docker run -it -v $(shell pwd):/build/helm-charts -w /build/helm-charts quay.io/helmpack/chart-testing:v3.5.0 ct lint --config deploy/helm/ct.yaml diff --git a/Tiltfile b/Tiltfile index fb84bcc0..9f2eacc9 100644 --- a/Tiltfile +++ b/Tiltfile @@ -17,27 +17,16 @@ custom_build( outputs_image_ref_to='result/ref', ) -# Load the latest CRDs from Nix -watch_file('result') -if os.path.exists('result'): - k8s_yaml('result/crds.yaml') - # We need to set the correct image annotation on the operator Deployment to use e.g. # oci.stackable.tech/sandbox/opa-operator:7y19m3d8clwxlv34v5q2x4p7v536s00g instead of # oci.stackable.tech/sandbox/opa-operator:0.0.0-dev (which does not exist) k8s_kind('Deployment', image_json_path='{.spec.template.metadata.annotations.internal\\.stackable\\.tech/image}') -# Exclude stale CRDs from Helm chart, and apply the rest -helm_crds, helm_non_crds = filter_yaml( - helm( - 'deploy/helm/' + operator_name, - name=operator_name, - namespace="stackable-operators", - set=[ - 'image.repository=' + registry + '/' + operator_name, - ], - ), - api_version = "^apiextensions\\.k8s\\.io/.*$", - kind = "^CustomResourceDefinition$", -) -k8s_yaml(helm_non_crds) +k8s_yaml(helm( + 'deploy/helm/' + operator_name, + name=operator_name, + namespace="stackable-operators", + set=[ + 'image.repository=' + registry + '/' + operator_name, + ], +)) diff --git a/_test.yaml b/_test.yaml new file mode 100644 index 00000000..c4121c28 --- /dev/null +++ b/_test.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: test.stackable.tech/v1alpha1 +kind: Person +metadata: + name: sbernauer1 +spec: + username: sbernauer1 + socials: + email: sebastian.bernauer@stackable.tech +--- +apiVersion: test.stackable.tech/v1alpha2 +kind: Person +metadata: + name: sbernauer2 +spec: + username: sbernauer2 + firstName: Sebastian + lastName: Bernauer + socials: + email: sebastian.bernauer@stackable.tech +--- +apiVersion: test.stackable.tech/v1beta1 +kind: Person +metadata: + name: sbernauer3 +spec: + username: sbernauer3 + firstName: Sebastian + lastName: Bernauer + socials: + email: sebastian.bernauer@stackable.tech + mastodon: FOO +--- +apiVersion: test.stackable.tech/v2 +kind: Person +metadata: + name: sbernauer4 +spec: + username: sbernauer4 + firstName: Sebastian + lastName: Bernauer + gender: Male + socials: + email: sebastian.bernauer@stackable.tech + mastodon: FOO +--- +apiVersion: test.stackable.tech/v3 +kind: Person +metadata: + name: sbernauer5 +spec: + username: sbernauer5 + firstName: Sebastian + lastName: Bernauer + gender: Male + socials: + email: sebastian.bernauer@stackable.tech + mastodon: FOO diff --git a/crate-hashes.json b/crate-hashes.json index b6cd8c14..205dea52 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -2,11 +2,13 @@ "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5-sys@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#k8s-version@0.1.3": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-certs@0.4.0": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-operator-derive@0.3.1": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-operator@0.95.0": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-shared@0.0.2": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-telemetry@0.6.1": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-versioned-macros@0.8.1": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-versioned@0.8.1": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.95.0#stackable-webhook@0.5.0": "0db745j2nz5kz5mp8sh8af26gh9wx3cdad7ggl9f9jki1ms534z0", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file diff --git a/deploy/helm/secret-operator/crds/crds.yaml b/deploy/helm/secret-operator/crds/crds.yaml deleted file mode 100644 index f04a9b8f..00000000 --- a/deploy/helm/secret-operator/crds/crds.yaml +++ /dev/null @@ -1,407 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: secretclasses.secrets.stackable.tech - annotations: - helm.sh/resource-policy: keep -spec: - group: secrets.stackable.tech - names: - categories: [] - kind: SecretClass - plural: secretclasses - shortNames: [] - singular: secretclass - scope: Cluster - versions: - - additionalPrinterColumns: [] - name: v1alpha1 - schema: - openAPIV3Schema: - description: Auto-generated derived type for SecretClassSpec via `CustomResource` - properties: - spec: - description: A [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) is a cluster-global Kubernetes resource that defines a category of secrets that the Secret Operator knows how to provision. - properties: - backend: - description: Each SecretClass is associated with a single [backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend), which dictates the mechanism for issuing that kind of Secret. - oneOf: - - required: - - k8sSearch - - required: - - autoTls - - required: - - experimentalCertManager - - required: - - kerberosKeytab - properties: - autoTls: - description: |- - The [`autoTls` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-autotls) issues a TLS certificate signed by the Secret Operator. The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator. - - A new certificate and key pair will be generated and signed for each Pod, keys or certificates are never reused. - properties: - additionalTrustRoots: - default: [] - description: Additional trust roots which are added to the provided `ca.crt` file. - items: - oneOf: - - required: - - configMap - - required: - - secret - properties: - configMap: - description: 'Reference (name and namespace) to a Kubernetes ConfigMap object where additional certificates are stored. The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER certificate.' - properties: - name: - description: Name of the ConfigMap being referred to. - type: string - namespace: - description: Namespace of the ConfigMap being referred to. - type: string - required: - - name - - namespace - type: object - secret: - description: 'Reference (name and namespace) to a Kubernetes Secret object where additional certificates are stored. The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER certificate.' - properties: - name: - description: Name of the Secret being referred to. - type: string - namespace: - description: Namespace of the Secret being referred to. - type: string - required: - - name - - namespace - type: object - type: object - type: array - ca: - description: Configures the certificate authority used to issue Pod certificates. - properties: - autoGenerate: - default: false - description: Whether the certificate authority should be managed by Secret Operator, including being generated if it does not already exist. - type: boolean - caCertificateLifetime: - default: 365d - description: |- - The lifetime of each generated certificate authority. - - Should always be more than double `maxCertificateLifetime`. - - If `autoGenerate: true` then the Secret Operator will prepare a new CA certificate the old CA approaches expiration. If `autoGenerate: false` then the Secret Operator will log a warning instead. - type: string - keyGeneration: - default: - rsa: - length: 2048 - description: The algorithm used to generate a key pair and required configuration settings. Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. - oneOf: - - required: - - rsa - properties: - rsa: - properties: - length: - description: The amount of bits used for generating the RSA keypair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. - enum: - - 2048 - - 3072 - - 4096 - type: integer - required: - - length - type: object - type: object - secret: - description: Reference (name and namespace) to a Kubernetes Secret object where the CA certificate and key is stored in the keys `ca.crt` and `ca.key` respectively. - properties: - name: - description: Name of the Secret being referred to. - type: string - namespace: - description: Namespace of the Secret being referred to. - type: string - required: - - name - - namespace - type: object - required: - - secret - type: object - maxCertificateLifetime: - default: 15d - description: Maximum lifetime the created certificates are allowed to have. In case consumers request a longer lifetime than allowed by this setting, the lifetime will be the minimum of both, so this setting takes precedence. The default value is 15 days. - type: string - required: - - ca - type: object - experimentalCertManager: - description: |- - The [`experimentalCertManager` backend][1] injects a TLS certificate issued by [cert-manager](https://cert-manager.io/). - - A new certificate will be requested the first time it is used by a Pod, it will be reused after that (subject to cert-manager renewal rules). - - [1]: https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-certmanager - properties: - defaultCertificateLifetime: - default: 1d - description: |- - The default lifetime of certificates. - - Defaults to 1 day. This may need to be increased for external issuers that impose rate limits (such as Let's Encrypt). - type: string - issuer: - description: A reference to the cert-manager issuer that the certificates should be requested from. - properties: - kind: - description: |- - The kind of the issuer, Issuer or ClusterIssuer. - - If Issuer then it must be in the same namespace as the Pods using it. - enum: - - Issuer - - ClusterIssuer - type: string - name: - description: The name of the issuer. - type: string - required: - - kind - - name - type: object - keyGeneration: - default: - rsa: - length: 2048 - description: The algorithm used to generate a key pair and required configuration settings. Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. - oneOf: - - required: - - rsa - properties: - rsa: - properties: - length: - description: The amount of bits used for generating the RSA keypair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. - enum: - - 2048 - - 3072 - - 4096 - type: integer - required: - - length - type: object - type: object - required: - - issuer - type: object - k8sSearch: - description: The [`k8sSearch` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-k8ssearch) can be used to mount Secrets across namespaces into Pods. - properties: - searchNamespace: - description: Configures the namespace searched for Secret objects. - oneOf: - - required: - - pod - - required: - - name - properties: - name: - description: The Secret objects are located in a single global namespace. Should be used for secrets that are provisioned by the cluster administrator. - type: string - pod: - description: The Secret objects are located in the same namespace as the Pod object. Should be used for Secrets that are provisioned by the application administrator. - type: object - type: object - trustStoreConfigMapName: - description: |- - Name of a ConfigMap that contains the information required to validate against this SecretClass. - - Resolved relative to `search_namespace`. - - Required to request a TrustStore for this SecretClass. - nullable: true - type: string - required: - - searchNamespace - type: object - kerberosKeytab: - description: The [`kerberosKeytab` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-kerberoskeytab) creates a Kerberos keytab file for a selected realm. The Kerberos KDC and administrator credentials must be provided by the administrator. - properties: - admin: - description: Kerberos admin configuration settings. - oneOf: - - required: - - mit - - required: - - activeDirectory - properties: - activeDirectory: - description: Credentials should be provisioned in a Microsoft Active Directory domain. - properties: - experimentalGenerateSamAccountName: - description: Allows samAccountName generation for new accounts to be customized. Note that setting this field (even if empty) makes the Secret Operator take over the generation duty from the domain controller. - nullable: true - properties: - prefix: - default: '' - description: A prefix to be prepended to generated samAccountNames. - type: string - totalLength: - default: 20 - description: |- - The total length of generated samAccountNames, _including_ `prefix`. Must be larger than the length of `prefix`, but at most `20`. - - Note that this should be as large as possible, to minimize the risk of collisions. - format: uint8 - minimum: 0.0 - type: integer - type: object - ldapServer: - description: An AD LDAP server, such as the AD Domain Controller. This must match the server’s FQDN, or GSSAPI authentication will fail. - type: string - ldapTlsCaSecret: - description: Reference (name and namespace) to a Kubernetes Secret object containing the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. - properties: - name: - description: Name of the Secret being referred to. - type: string - namespace: - description: Namespace of the Secret being referred to. - type: string - required: - - name - - namespace - type: object - passwordCacheSecret: - description: Reference (name and namespace) to a Kubernetes Secret object where workload passwords will be stored. This must not be accessible to end users. - properties: - name: - description: Name of the Secret being referred to. - type: string - namespace: - description: Namespace of the Secret being referred to. - type: string - required: - - name - - namespace - type: object - schemaDistinguishedName: - description: The root Distinguished Name (DN) for AD-managed schemas, typically `CN=Schema,CN=Configuration,{domain_dn}`. - type: string - userDistinguishedName: - description: The root Distinguished Name (DN) where service accounts should be provisioned, typically `CN=Users,{domain_dn}`. - type: string - required: - - ldapServer - - ldapTlsCaSecret - - passwordCacheSecret - - schemaDistinguishedName - - userDistinguishedName - type: object - mit: - description: Credentials should be provisioned in a MIT Kerberos Admin Server. - properties: - kadminServer: - description: The hostname of the Kerberos Admin Server. This should be provided by the Kerberos administrator. - type: string - required: - - kadminServer - type: object - type: object - adminKeytabSecret: - description: Reference (`name` and `namespace`) to a K8s Secret object where a keytab with administrative privileges is stored in the key `keytab`. - properties: - name: - description: Name of the Secret being referred to. - type: string - namespace: - description: Namespace of the Secret being referred to. - type: string - required: - - name - - namespace - type: object - adminPrincipal: - description: The admin principal. - type: string - kdc: - description: The hostname of the Kerberos Key Distribution Center (KDC). This should be provided by the Kerberos administrator. - type: string - realmName: - description: The name of the Kerberos realm. This should be provided by the Kerberos administrator. - pattern: ^[-.a-zA-Z0-9]+$ - type: string - required: - - admin - - adminKeytabSecret - - adminPrincipal - - kdc - - realmName - type: object - type: object - required: - - backend - type: object - required: - - spec - title: SecretClass - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: truststores.secrets.stackable.tech - annotations: - helm.sh/resource-policy: keep -spec: - group: secrets.stackable.tech - names: - categories: [] - kind: TrustStore - plural: truststores - shortNames: [] - singular: truststore - scope: Namespaced - versions: - - additionalPrinterColumns: [] - name: v1alpha1 - schema: - openAPIV3Schema: - description: Auto-generated derived type for TrustStoreSpec via `CustomResource` - properties: - spec: - description: |- - A [TrustStore](https://docs.stackable.tech/home/nightly/secret-operator/truststore) requests information about how to validate secrets issued by a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass). - - The requested information is written to a ConfigMap with the same name as the TrustStore. - properties: - format: - description: The [format](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#format) that the data should be converted into. - enum: - - tls-pem - - tls-pkcs12 - - kerberos - nullable: true - type: string - secretClassName: - description: The name of the SecretClass that the request concerns. - type: string - required: - - secretClassName - type: object - required: - - spec - title: TrustStore - type: object - served: true - storage: true - subresources: {} diff --git a/deploy/helm/secret-operator/templates/roles.yaml b/deploy/helm/secret-operator/templates/roles.yaml index 630e9ab6..7145b2a7 100644 --- a/deploy/helm/secret-operator/templates/roles.yaml +++ b/deploy/helm/secret-operator/templates/roles.yaml @@ -43,6 +43,13 @@ metadata: labels: {{- include "operator.labels" . | nindent 4 }} rules: + # Required to maintain the CRD. The operator needs to do this, as it needs to enter e.g. it's + # generated certificate in the conversion webhook. + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: + - create + - patch - apiGroups: - "" resources: diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index f325c501..badcc684 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -25,6 +25,7 @@ pin-project.workspace = true prost-types.workspace = true prost.workspace = true serde_json.workspace = true +serde_yaml.workspace = true serde.workspace = true snafu.workspace = true socket2.workspace = true diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 109bfd1c..5b5d932c 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -2,23 +2,28 @@ // This will need changes in our and upstream error types. #![allow(clippy::result_large_err)] -use std::{os::unix::prelude::FileTypeExt, path::PathBuf, pin::pin}; +use std::{os::unix::prelude::FileTypeExt, path::PathBuf}; -use anyhow::Context; +use anyhow::{Context, anyhow}; use clap::Parser; -use csi_server::{ - controller::SecretProvisionerController, identity::SecretProvisionerIdentity, - node::SecretProvisionerNode, -}; -use futures::{FutureExt, TryStreamExt}; -use grpc::csi::v1::{ - controller_server::ControllerServer, identity_server::IdentityServer, node_server::NodeServer, -}; +use futures::{FutureExt, TryFutureExt, TryStreamExt, future::try_join}; use stackable_operator::{CustomResourceExt, cli::ProductOperatorRun, telemetry::Tracing}; use tokio::signal::unix::{SignalKind, signal}; use tokio_stream::wrappers::UnixListenerStream; use tonic::transport::Server; -use utils::{TonicUnixStream, uds_bind_private}; + +use crate::{ + csi_server::{ + controller::SecretProvisionerController, identity::SecretProvisionerIdentity, + node::SecretProvisionerNode, + }, + grpc::csi::v1::{ + controller_server::ControllerServer, identity_server::IdentityServer, + node_server::NodeServer, + }, + utils::{TonicUnixStream, uds_bind_private}, + webhooks::conversion::conversion_webhook, +}; mod backend; mod crd; @@ -28,6 +33,7 @@ mod format; mod grpc; mod truststore_controller; mod utils; +mod webhooks; pub const OPERATOR_NAME: &str = "secrets.stackable.tech"; @@ -75,7 +81,7 @@ async fn main() -> anyhow::Result<()> { ProductOperatorRun { product_config: _, watch_namespace, - operator_environment: _, + operator_environment, telemetry, cluster_info, }, @@ -108,38 +114,47 @@ async fn main() -> anyhow::Result<()> { let _ = std::fs::remove_file(&csi_endpoint); } let mut sigterm = signal(SignalKind::terminate())?; - let csi_server = pin!( - Server::builder() - .add_service( - tonic_reflection::server::Builder::configure() - .include_reflection_service(true) - .register_encoded_file_descriptor_set(grpc::FILE_DESCRIPTOR_SET_BYTES) - .build_v1()?, - ) - .add_service(IdentityServer::new(SecretProvisionerIdentity)) - .add_service(ControllerServer::new(SecretProvisionerController { - client: client.clone(), - })) - .add_service(NodeServer::new(SecretProvisionerNode { - client: client.clone(), - node_name: cluster_info.kubernetes_node_name.to_owned(), - privileged, - })) - .serve_with_incoming_shutdown( - UnixListenerStream::new( - uds_bind_private(csi_endpoint) - .context("failed to bind CSI listener")?, - ) - .map_ok(TonicUnixStream), - sigterm.recv().map(|_| ()), + let csi_server = Server::builder() + .add_service( + tonic_reflection::server::Builder::configure() + .include_reflection_service(true) + .register_encoded_file_descriptor_set(grpc::FILE_DESCRIPTOR_SET_BYTES) + .build_v1()?, + ) + .add_service(IdentityServer::new(SecretProvisionerIdentity)) + .add_service(ControllerServer::new(SecretProvisionerController { + client: client.clone(), + })) + .add_service(NodeServer::new(SecretProvisionerNode { + client: client.clone(), + node_name: cluster_info.kubernetes_node_name.to_owned(), + privileged, + })) + .serve_with_incoming_shutdown( + UnixListenerStream::new( + uds_bind_private(csi_endpoint).context("failed to bind CSI listener")?, ) - ); + .map_ok(TonicUnixStream), + sigterm.recv().map(|_| ()), + ) + .map_err(|err| anyhow!(err).context("failed to run csi server")); + let truststore_controller = - pin!(truststore_controller::start(&client, &watch_namespace).map(Ok)); - futures::future::select(csi_server, truststore_controller) - .await - .factor_first() - .0?; + truststore_controller::start(&client, &watch_namespace).map(anyhow::Ok); + + let conversion_webhook = + conversion_webhook(client.as_kube_client(), operator_environment) + .await + .context("failed to create conversion webhook")?; + let conversion_webhook = conversion_webhook + .run() + .map_err(|err| anyhow!(err).context("failed to run conversion webhook")); + + try_join( + csi_server, + try_join(truststore_controller, conversion_webhook), + ) + .await?; } } Ok(()) diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs new file mode 100644 index 00000000..0a758458 --- /dev/null +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -0,0 +1,129 @@ +use serde::{Deserialize, Serialize}; +use stackable_operator::{ + cli::OperatorEnvironmentOptions, + kube::{Client, CustomResource}, + schemars::{self, JsonSchema}, + versioned::versioned, + webhook::{ + constants::CONVERSION_WEBHOOK_HTTPS_PORT, + servers::{ConversionWebhookOptions, ConversionWebhookServer}, + }, +}; + +use crate::OPERATOR_NAME; + +pub async fn conversion_webhook( + client: Client, + operator_environment: OperatorEnvironmentOptions, +) -> anyhow::Result { + let crds_and_handlers = [ + // ( + // SecretClass::merged_crd(SecretClassVersion::V1Alpha1)?, + // SecretClass::try_convert as fn(_) -> _, + // ), + ( + Person::merged_crd(PersonVersion::V1Alpha1)?, + Person::try_convert as fn(_) -> _, + ), + ]; + + let options = ConversionWebhookOptions { + socket_addr: format!("0.0.0.0:{CONVERSION_WEBHOOK_HTTPS_PORT}") + .parse() + .expect("static address is always valid"), + field_manager: OPERATOR_NAME.to_owned(), + namespace: operator_environment.operator_namespace, + service_name: operator_environment.operator_service_name, + }; + + Ok(ConversionWebhookServer::new(crds_and_handlers, options, client).await?) +} + +// !!! TESTING struct!!! +// !!! Will be removed later!!! +#[versioned( + version(name = "v1alpha1"), + version(name = "v1alpha2"), + version(name = "v1beta1"), + version(name = "v2"), + version(name = "v3"), + options(k8s(experimental_conversion_tracking)), + crates( + kube_core = "stackable_operator::kube::core", + kube_client = "stackable_operator::kube::client", + k8s_openapi = "stackable_operator::k8s_openapi", + schemars = "stackable_operator::schemars", + versioned = "stackable_operator::versioned", + ) +)] +pub mod versioned { + #[versioned(crd(group = "test.stackable.tech", status = "PersonStatus",))] + #[derive(Clone, Debug, CustomResource, Deserialize, JsonSchema, Serialize)] + #[serde(rename_all = "camelCase")] + pub struct PersonSpec { + username: String, + + // In v1alpha2 first and last name have been added + #[versioned(added(since = "v1alpha2"))] + first_name: String, + + #[versioned(added(since = "v1alpha2"))] + last_name: String, + + // We started out with a enum. As we *need* to provide a default, we have a Unknown variant. + // Afterwards we figured let's be more flexible and accept any arbitrary String. + #[versioned(added(since = "v2"), changed(since = "v3", from_type = "Gender"))] + gender: String, + + #[versioned(nested)] + socials: Socials, + } + + #[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] + pub struct Socials { + email: String, + + #[versioned(added(since = "v1beta1"))] + mastodon: String, + } +} + +#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] +pub struct PersonStatus { + pub alive: bool, +} + +impl Default for PersonStatus { + fn default() -> Self { + Self { alive: true } + } +} + +#[derive(Clone, Debug, Default, Deserialize, Serialize, JsonSchema)] +#[serde(rename_all = "PascalCase")] +pub enum Gender { + #[default] + Unknown, + Male, + Female, +} + +impl From for String { + fn from(value: Gender) -> Self { + match value { + Gender::Unknown => "Unknown".to_owned(), + Gender::Male => "Male".to_owned(), + Gender::Female => "Female".to_owned(), + } + } +} + +impl From for Gender { + fn from(value: String) -> Self { + match value.as_str() { + "Male" => Self::Male, + "Female" => Self::Female, + _ => Self::Unknown, + } + } +} diff --git a/rust/operator-binary/src/webhooks/mod.rs b/rust/operator-binary/src/webhooks/mod.rs new file mode 100644 index 00000000..11eb2fc0 --- /dev/null +++ b/rust/operator-binary/src/webhooks/mod.rs @@ -0,0 +1 @@ +pub mod conversion; From 3bc05631829cabacbd9c17c5c6ea02b9b4f4c9d0 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Tue, 2 Sep 2025 09:13:10 +0200 Subject: [PATCH 02/19] Add SecretClass and TrustStore to conversion webhook --- rust/operator-binary/src/webhooks/conversion.rs | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs index 0a758458..eb1b82c7 100644 --- a/rust/operator-binary/src/webhooks/conversion.rs +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -10,17 +10,24 @@ use stackable_operator::{ }, }; -use crate::OPERATOR_NAME; +use crate::{ + OPERATOR_NAME, + crd::{SecretClass, SecretClassVersion, TrustStore, TrustStoreVersion}, +}; pub async fn conversion_webhook( client: Client, operator_environment: OperatorEnvironmentOptions, ) -> anyhow::Result { let crds_and_handlers = [ - // ( - // SecretClass::merged_crd(SecretClassVersion::V1Alpha1)?, - // SecretClass::try_convert as fn(_) -> _, - // ), + ( + SecretClass::merged_crd(SecretClassVersion::V1Alpha1)?, + SecretClass::try_convert as fn(_) -> _, + ), + ( + TrustStore::merged_crd(TrustStoreVersion::V1Alpha1)?, + TrustStore::try_convert as fn(_) -> _, + ), ( Person::merged_crd(PersonVersion::V1Alpha1)?, Person::try_convert as fn(_) -> _, From ffcc13d8bf3e6616e3ddbc71dbf2b902e66df459 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Tue, 2 Sep 2025 09:38:28 +0200 Subject: [PATCH 03/19] Remove testing Person struct --- _test.yaml | 58 ----------- .../src/webhooks/conversion.rs | 98 +------------------ 2 files changed, 1 insertion(+), 155 deletions(-) delete mode 100644 _test.yaml diff --git a/_test.yaml b/_test.yaml deleted file mode 100644 index c4121c28..00000000 --- a/_test.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -apiVersion: test.stackable.tech/v1alpha1 -kind: Person -metadata: - name: sbernauer1 -spec: - username: sbernauer1 - socials: - email: sebastian.bernauer@stackable.tech ---- -apiVersion: test.stackable.tech/v1alpha2 -kind: Person -metadata: - name: sbernauer2 -spec: - username: sbernauer2 - firstName: Sebastian - lastName: Bernauer - socials: - email: sebastian.bernauer@stackable.tech ---- -apiVersion: test.stackable.tech/v1beta1 -kind: Person -metadata: - name: sbernauer3 -spec: - username: sbernauer3 - firstName: Sebastian - lastName: Bernauer - socials: - email: sebastian.bernauer@stackable.tech - mastodon: FOO ---- -apiVersion: test.stackable.tech/v2 -kind: Person -metadata: - name: sbernauer4 -spec: - username: sbernauer4 - firstName: Sebastian - lastName: Bernauer - gender: Male - socials: - email: sebastian.bernauer@stackable.tech - mastodon: FOO ---- -apiVersion: test.stackable.tech/v3 -kind: Person -metadata: - name: sbernauer5 -spec: - username: sbernauer5 - firstName: Sebastian - lastName: Bernauer - gender: Male - socials: - email: sebastian.bernauer@stackable.tech - mastodon: FOO diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs index eb1b82c7..965a1e86 100644 --- a/rust/operator-binary/src/webhooks/conversion.rs +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -1,9 +1,6 @@ -use serde::{Deserialize, Serialize}; use stackable_operator::{ cli::OperatorEnvironmentOptions, - kube::{Client, CustomResource}, - schemars::{self, JsonSchema}, - versioned::versioned, + kube::Client, webhook::{ constants::CONVERSION_WEBHOOK_HTTPS_PORT, servers::{ConversionWebhookOptions, ConversionWebhookServer}, @@ -28,10 +25,6 @@ pub async fn conversion_webhook( TrustStore::merged_crd(TrustStoreVersion::V1Alpha1)?, TrustStore::try_convert as fn(_) -> _, ), - ( - Person::merged_crd(PersonVersion::V1Alpha1)?, - Person::try_convert as fn(_) -> _, - ), ]; let options = ConversionWebhookOptions { @@ -45,92 +38,3 @@ pub async fn conversion_webhook( Ok(ConversionWebhookServer::new(crds_and_handlers, options, client).await?) } - -// !!! TESTING struct!!! -// !!! Will be removed later!!! -#[versioned( - version(name = "v1alpha1"), - version(name = "v1alpha2"), - version(name = "v1beta1"), - version(name = "v2"), - version(name = "v3"), - options(k8s(experimental_conversion_tracking)), - crates( - kube_core = "stackable_operator::kube::core", - kube_client = "stackable_operator::kube::client", - k8s_openapi = "stackable_operator::k8s_openapi", - schemars = "stackable_operator::schemars", - versioned = "stackable_operator::versioned", - ) -)] -pub mod versioned { - #[versioned(crd(group = "test.stackable.tech", status = "PersonStatus",))] - #[derive(Clone, Debug, CustomResource, Deserialize, JsonSchema, Serialize)] - #[serde(rename_all = "camelCase")] - pub struct PersonSpec { - username: String, - - // In v1alpha2 first and last name have been added - #[versioned(added(since = "v1alpha2"))] - first_name: String, - - #[versioned(added(since = "v1alpha2"))] - last_name: String, - - // We started out with a enum. As we *need* to provide a default, we have a Unknown variant. - // Afterwards we figured let's be more flexible and accept any arbitrary String. - #[versioned(added(since = "v2"), changed(since = "v3", from_type = "Gender"))] - gender: String, - - #[versioned(nested)] - socials: Socials, - } - - #[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] - pub struct Socials { - email: String, - - #[versioned(added(since = "v1beta1"))] - mastodon: String, - } -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] -pub struct PersonStatus { - pub alive: bool, -} - -impl Default for PersonStatus { - fn default() -> Self { - Self { alive: true } - } -} - -#[derive(Clone, Debug, Default, Deserialize, Serialize, JsonSchema)] -#[serde(rename_all = "PascalCase")] -pub enum Gender { - #[default] - Unknown, - Male, - Female, -} - -impl From for String { - fn from(value: Gender) -> Self { - match value { - Gender::Unknown => "Unknown".to_owned(), - Gender::Male => "Male".to_owned(), - Gender::Female => "Female".to_owned(), - } - } -} - -impl From for Gender { - fn from(value: String) -> Self { - match value.as_str() { - "Male" => Self::Male, - "Female" => Self::Female, - _ => Self::Unknown, - } - } -} From 82138a5dd2004c8378c955e2a88d77b3e4ec6095 Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 12:41:22 +0200 Subject: [PATCH 04/19] temp: Temporarily patch stackable-operator --- Cargo.lock | 18 ++++++++-------- Cargo.nix | 54 +++++++++++++++++++++++------------------------ Cargo.toml | 2 +- crate-hashes.json | 18 ++++++++-------- 4 files changed, 46 insertions(+), 46 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4033bfd7..52ae95bd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1740,7 +1740,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "darling 0.21.3", "regex", @@ -3389,7 +3389,7 @@ checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "const-oid", "ecdsa", @@ -3433,7 +3433,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.96.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "chrono", "clap", @@ -3472,7 +3472,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "darling 0.21.3", "proc-macro2", @@ -3549,7 +3549,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.2" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "k8s-openapi", "kube", @@ -3565,7 +3565,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "axum", "clap", @@ -3589,7 +3589,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.8.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "schemars", "serde", @@ -3602,7 +3602,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.8.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "convert_case", "darling 0.21.3", @@ -3619,7 +3619,7 @@ dependencies = [ [[package]] name = "stackable-webhook" version = "0.5.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#89f484ca4e86b565e083e9ad7573e21dbe29a3af" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" dependencies = [ "arc-swap", "axum", diff --git a/Cargo.nix b/Cargo.nix index d392647c..aa7c3037 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -5535,9 +5535,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "k8s_version"; authors = [ @@ -11130,9 +11130,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "stackable_certs"; authors = [ @@ -11315,9 +11315,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "stackable_operator"; authors = [ @@ -11488,9 +11488,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -11794,9 +11794,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "stackable_shared"; authors = [ @@ -11869,9 +11869,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "stackable_telemetry"; authors = [ @@ -11979,9 +11979,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "stackable_versioned"; authors = [ @@ -12023,9 +12023,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -12087,9 +12087,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "89f484ca4e86b565e083e9ad7573e21dbe29a3af"; - sha256 = "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "95385414f756251e10d81cf018fe241e9182ce84"; + sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; }; libName = "stackable_webhook"; authors = [ diff --git a/Cargo.toml b/Cargo.toml index 9fa55caf..9c220afd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -54,4 +54,4 @@ yasna = "0.5" [patch."https://github.com/stackabletech/operator-rs.git"] # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } -# stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feat/stackable-versioned-hint-wrapped" } diff --git a/crate-hashes.json b/crate-hashes.json index dc45de3b..63a6b4a0 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,14 +1,14 @@ { + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#k8s-version@0.1.3": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-certs@0.4.0": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-operator-derive@0.3.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-operator@0.96.0": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-shared@0.0.2": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-telemetry@0.6.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-versioned-macros@0.8.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-versioned@0.8.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-webhook@0.5.0": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5-sys@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#k8s-version@0.1.3": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-certs@0.4.0": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-operator-derive@0.3.1": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-operator@0.96.0": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-shared@0.0.2": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-telemetry@0.6.1": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-versioned-macros@0.8.1": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-versioned@0.8.1": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.96.0#stackable-webhook@0.5.0": "05xhfz0bd09095ljkaj950r80bchdb202d8nka95cq356y4wha4c", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file From 781bdb545db72d3973b29a5146719825d1d29c8c Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 12:51:03 +0200 Subject: [PATCH 05/19] chore: Handle CRD management CLI flag --- rust/operator-binary/src/main.rs | 12 ++++++++---- rust/operator-binary/src/webhooks/conversion.rs | 2 ++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index c09b65ac..a5d39422 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -92,6 +92,7 @@ async fn main() -> anyhow::Result<()> { product_config: _, watch_namespace, operator_environment, + disable_crd_maintenance, }, }) => { // NOTE (@NickLarsenNZ): Before stackable-telemetry was used: @@ -150,10 +151,13 @@ async fn main() -> anyhow::Result<()> { let truststore_controller = truststore_controller::start(&client, &watch_namespace).map(anyhow::Ok); - let conversion_webhook = - conversion_webhook(client.as_kube_client(), operator_environment) - .await - .context("failed to create conversion webhook")?; + let conversion_webhook = conversion_webhook( + client.as_kube_client(), + operator_environment, + disable_crd_maintenance, + ) + .await + .context("failed to create conversion webhook")?; let conversion_webhook = conversion_webhook .run() .map_err(|err| anyhow!(err).context("failed to run conversion webhook")); diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs index 965a1e86..16109a62 100644 --- a/rust/operator-binary/src/webhooks/conversion.rs +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -15,6 +15,7 @@ use crate::{ pub async fn conversion_webhook( client: Client, operator_environment: OperatorEnvironmentOptions, + disable_crd_management: bool, ) -> anyhow::Result { let crds_and_handlers = [ ( @@ -34,6 +35,7 @@ pub async fn conversion_webhook( field_manager: OPERATOR_NAME.to_owned(), namespace: operator_environment.operator_namespace, service_name: operator_environment.operator_service_name, + maintain_crds: !disable_crd_management, }; Ok(ConversionWebhookServer::new(crds_and_handlers, options, client).await?) From bb3f33168fcb33adebf8aecdbc40e91b35deef1e Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 12:55:44 +0200 Subject: [PATCH 06/19] feat: Add v1alpha2, rename experimentalGenerateSamAccountName --- .../src/backend/cert_manager.rs | 6 +- rust/operator-binary/src/backend/dynamic.rs | 18 +- .../operator-binary/src/backend/k8s_search.rs | 4 +- .../src/backend/kerberos_keytab.rs | 34 ++-- rust/operator-binary/src/backend/tls/ca.rs | 12 +- rust/operator-binary/src/backend/tls/mod.rs | 12 +- rust/operator-binary/src/crd/mod.rs | 167 +++++++++++++----- rust/operator-binary/src/crd/v1alpha1_impl.rs | 94 +--------- rust/operator-binary/src/crd/v1alpha2_impl.rs | 166 +++++++++++++++++ rust/operator-binary/src/main.rs | 4 +- .../src/truststore_controller.rs | 40 ++--- .../src/webhooks/conversion.rs | 4 +- 12 files changed, 355 insertions(+), 206 deletions(-) create mode 100644 rust/operator-binary/src/crd/v1alpha2_impl.rs diff --git a/rust/operator-binary/src/backend/cert_manager.rs b/rust/operator-binary/src/backend/cert_manager.rs index 80e38fed..7768379e 100644 --- a/rust/operator-binary/src/backend/cert_manager.rs +++ b/rust/operator-binary/src/backend/cert_manager.rs @@ -20,7 +20,7 @@ use super::{ scope::SecretScope, }; use crate::{ - crd::v1alpha1, + crd::v1alpha2, external_crd::{self, cert_manager::CertificatePrivateKey}, format::SecretData, utils::Unloggable, @@ -99,7 +99,7 @@ impl SecretBackendError for Error { pub struct CertManager { // Not secret per se, but Client isn't Debug: https://github.com/stackabletech/secret-operator/issues/411 pub client: Unloggable, - pub config: v1alpha1::CertManagerBackend, + pub config: v1alpha2::CertManagerBackend, } #[async_trait] @@ -160,7 +160,7 @@ impl SecretBackend for CertManager { kind: Some(self.config.issuer.kind.to_string()), }, private_key: match self.config.key_generation { - v1alpha1::CertificateKeyGeneration::Rsa { length } => CertificatePrivateKey { + v1alpha2::CertificateKeyGeneration::Rsa { length } => CertificatePrivateKey { algorithm: "RSA".to_string(), size: length, }, diff --git a/rust/operator-binary/src/backend/dynamic.rs b/rust/operator-binary/src/backend/dynamic.rs index 56464d0a..5cf3b0e2 100644 --- a/rust/operator-binary/src/backend/dynamic.rs +++ b/rust/operator-binary/src/backend/dynamic.rs @@ -15,7 +15,7 @@ use super::{ pod_info::{PodInfo, SchedulingPodInfo}, tls, }; -use crate::{crd::v1alpha1, utils::Unloggable}; +use crate::{crd::v1alpha2, utils::Unloggable}; pub struct DynError(Box); @@ -126,10 +126,10 @@ impl SecretBackendError for FromClassError { pub async fn from_class( client: &stackable_operator::client::Client, - class: v1alpha1::SecretClass, + class: v1alpha2::SecretClass, ) -> Result, FromClassError> { Ok(match class.spec.backend { - v1alpha1::SecretClassBackend::K8sSearch(v1alpha1::K8sSearchBackend { + v1alpha2::SecretClassBackend::K8sSearch(v1alpha2::K8sSearchBackend { search_namespace, trust_store_config_map_name, }) => from(super::K8sSearch { @@ -137,7 +137,7 @@ pub async fn from_class( search_namespace, trust_store_config_map_name, }), - v1alpha1::SecretClassBackend::AutoTls(v1alpha1::AutoTlsBackend { + v1alpha2::SecretClassBackend::AutoTls(v1alpha2::AutoTlsBackend { ca, additional_trust_roots, max_certificate_lifetime, @@ -150,11 +150,11 @@ pub async fn from_class( ) .await?, ), - v1alpha1::SecretClassBackend::CertManager(config) => from(super::CertManager { + v1alpha2::SecretClassBackend::CertManager(config) => from(super::CertManager { client: Unloggable(client.clone()), config, }), - v1alpha1::SecretClassBackend::KerberosKeytab(v1alpha1::KerberosKeytabBackend { + v1alpha2::SecretClassBackend::KerberosKeytab(v1alpha2::KerberosKeytabBackend { realm_name, kdc, admin, @@ -182,14 +182,14 @@ pub enum FromSelectorError { #[snafu(display("failed to get {class}"))] GetSecretClass { source: stackable_operator::client::Error, - class: ObjectRef, + class: ObjectRef, }, #[snafu(display("failed to initialize backend for {class}"))] FromClass { #[snafu(source(from(FromClassError, Box::new)))] source: Box, - class: ObjectRef, + class: ObjectRef, }, } @@ -217,7 +217,7 @@ pub async fn from_selector( ) -> Result, FromSelectorError> { let class_ref = || ObjectRef::new(&selector.class); let class = client - .get::(&selector.class, &()) + .get::(&selector.class, &()) .await .with_context(|_| from_selector_error::GetSecretClassSnafu { class: class_ref() })?; from_class(client, class) diff --git a/rust/operator-binary/src/backend/k8s_search.rs b/rust/operator-binary/src/backend/k8s_search.rs index 8ec03f63..1d77d1e1 100644 --- a/rust/operator-binary/src/backend/k8s_search.rs +++ b/rust/operator-binary/src/backend/k8s_search.rs @@ -20,7 +20,7 @@ use super::{ pod_info::{PodInfo, SchedulingPodInfo}, scope::SecretScope, }; -use crate::{crd::v1alpha1, format::SecretData, utils::Unloggable}; +use crate::{crd::v1alpha2, format::SecretData, utils::Unloggable}; const LABEL_CLASS: &str = "secrets.stackable.tech/class"; pub(super) const LABEL_SCOPE_NODE: &str = "secrets.stackable.tech/node"; @@ -89,7 +89,7 @@ impl SecretBackendError for Error { pub struct K8sSearch { // Not secret per se, but isn't Debug: https://github.com/stackabletech/secret-operator/issues/411 pub client: Unloggable, - pub search_namespace: v1alpha1::SearchNamespace, + pub search_namespace: v1alpha2::SearchNamespace, pub trust_store_config_map_name: Option, } diff --git a/rust/operator-binary/src/backend/kerberos_keytab.rs b/rust/operator-binary/src/backend/kerberos_keytab.rs index 0efe4da4..3b2f5917 100644 --- a/rust/operator-binary/src/backend/kerberos_keytab.rs +++ b/rust/operator-binary/src/backend/kerberos_keytab.rs @@ -22,7 +22,7 @@ use super::{ scope::SecretScope, }; use crate::{ - crd::{KerberosPrincipal, v1alpha1}, + crd::{self, KerberosPrincipal, v1alpha2}, format::{SecretData, WellKnownSecretData, well_known}, utils::Unloggable, }; @@ -60,7 +60,7 @@ pub enum Error { #[snafu(display("generated invalid Kerberos principal for pod"))] PodPrincipal { - source: v1alpha1::InvalidKerberosPrincipal, + source: crd::InvalidKerberosPrincipal, }, #[snafu(display("failed to read the provisioned keytab"))] @@ -105,7 +105,7 @@ impl SecretBackendError for Error { pub struct KerberosProfile { pub realm_name: KerberosRealmName, pub kdc: HostName, - pub admin: v1alpha1::KerberosKeytabBackendAdmin, + pub admin: v1alpha2::KerberosKeytabBackendAdmin, } #[derive(Debug)] @@ -168,10 +168,12 @@ impl SecretBackend for KerberosKeytab { } = self; let admin_server_clause = match admin { - v1alpha1::KerberosKeytabBackendAdmin::Mit { kadmin_server } => { + v1alpha2::KerberosKeytabBackendAdmin::Mit(v1alpha2::KerberosKeytabBackendMit { + kadmin_server, + }) => { format!(" admin_server = {kadmin_server}") } - v1alpha1::KerberosKeytabBackendAdmin::ActiveDirectory { .. } => String::new(), + v1alpha2::KerberosKeytabBackendAdmin::ActiveDirectory { .. } => String::new(), }; let tmp = tempdir().context(TempSetupSnafu)?; @@ -253,24 +255,26 @@ cluster.local = {realm_name} }) .collect(), admin_backend: match admin { - v1alpha1::KerberosKeytabBackendAdmin::Mit { .. } => { + v1alpha2::KerberosKeytabBackendAdmin::Mit { .. } => { stackable_krb5_provision_keytab::AdminBackend::Mit } - v1alpha1::KerberosKeytabBackendAdmin::ActiveDirectory { - ldap_server, - ldap_tls_ca_secret, - password_cache_secret, - user_distinguished_name, - schema_distinguished_name, - generate_sam_account_name, - } => stackable_krb5_provision_keytab::AdminBackend::ActiveDirectory { + v1alpha2::KerberosKeytabBackendAdmin::ActiveDirectory( + v1alpha2::KerberosKeytabBackendActiveDirectory { + ldap_server, + ldap_tls_ca_secret, + password_cache_secret, + user_distinguished_name, + schema_distinguished_name, + generate_sam_account_name, + }, + ) => stackable_krb5_provision_keytab::AdminBackend::ActiveDirectory { ldap_server: ldap_server.to_string(), ldap_tls_ca_secret: ldap_tls_ca_secret.clone(), password_cache_secret: password_cache_secret.clone(), user_distinguished_name: user_distinguished_name.clone(), schema_distinguished_name: schema_distinguished_name.clone(), generate_sam_account_name: generate_sam_account_name.clone().map( - |v1alpha1::ActiveDirectorySamAccountNameRules { + |v1alpha2::ActiveDirectorySamAccountNameRules { prefix, total_length, }| { diff --git a/rust/operator-binary/src/backend/tls/ca.rs b/rust/operator-binary/src/backend/tls/ca.rs index 1ee1d0d2..4b4cf57b 100644 --- a/rust/operator-binary/src/backend/tls/ca.rs +++ b/rust/operator-binary/src/backend/tls/ca.rs @@ -38,7 +38,7 @@ use tracing::{info, info_span, warn}; use crate::{ backend::SecretBackendError, - crd::v1alpha1, + crd::v1alpha2, utils::{Asn1TimeParseError, Unloggable, asn1time_to_offsetdatetime}, }; @@ -202,7 +202,7 @@ pub struct Config { pub rotate_if_ca_expires_before: Option, /// Configuration how TLS private keys should be created. - pub key_generation: v1alpha1::CertificateKeyGeneration, + pub key_generation: v1alpha2::CertificateKeyGeneration, } /// A single certificate authority certificate. @@ -241,7 +241,7 @@ impl CertificateAuthority { Conf::new(ConfMethod::default()).expect("failed to initialize OpenSSL configuration"); let private_key_length = match config.key_generation { - v1alpha1::CertificateKeyGeneration::Rsa { length } => length, + v1alpha2::CertificateKeyGeneration::Rsa { length } => length, }; let private_key = Rsa::generate(private_key_length) @@ -348,7 +348,7 @@ impl Manager { pub async fn load_or_create( client: &stackable_operator::client::Client, secret_ref: &SecretReference, - additional_trust_roots: &[v1alpha1::AdditionalTrustRoot], + additional_trust_roots: &[v1alpha2::AdditionalTrustRoot], config: &Config, ) -> Result { // Use entry API rather than apply so that we crash and retry on conflicts (to avoid creating spurious certs that we throw away immediately) @@ -496,10 +496,10 @@ impl Manager { let mut additional_trusted_certificates = vec![]; for entry in additional_trust_roots { let certs = match entry { - v1alpha1::AdditionalTrustRoot::ConfigMap(config_map) => { + v1alpha2::AdditionalTrustRoot::ConfigMap(config_map) => { Self::read_extra_trust_roots_from_config_map(client, config_map).await? } - v1alpha1::AdditionalTrustRoot::Secret(secret) => { + v1alpha2::AdditionalTrustRoot::Secret(secret) => { Self::read_extra_trust_roots_from_secret(client, secret).await? } }; diff --git a/rust/operator-binary/src/backend/tls/mod.rs b/rust/operator-binary/src/backend/tls/mod.rs index 3713935c..0cca87db 100644 --- a/rust/operator-binary/src/backend/tls/mod.rs +++ b/rust/operator-binary/src/backend/tls/mod.rs @@ -33,7 +33,7 @@ use super::{ scope::SecretScope, }; use crate::{ - crd::v1alpha1, + crd::v1alpha2, format::{SecretData, WellKnownSecretData, well_known}, utils::iterator_try_concat_bytes, }; @@ -150,7 +150,7 @@ impl SecretBackendError for Error { pub struct TlsGenerate { ca_manager: ca::Manager, max_cert_lifetime: Duration, - key_generation: v1alpha1::CertificateKeyGeneration, + key_generation: v1alpha2::CertificateKeyGeneration, } impl TlsGenerate { @@ -162,13 +162,13 @@ impl TlsGenerate { /// an independent self-signed CA. pub async fn get_or_create_k8s_certificate( client: &stackable_operator::client::Client, - v1alpha1::AutoTlsCa { + v1alpha2::AutoTlsCa { secret: ca_secret, auto_generate: auto_generate_ca, ca_certificate_lifetime, key_generation, - }: &v1alpha1::AutoTlsCa, - additional_trust_roots: &[v1alpha1::AdditionalTrustRoot], + }: &v1alpha2::AutoTlsCa, + additional_trust_roots: &[v1alpha2::AdditionalTrustRoot], max_cert_lifetime: Duration, ) -> Result { Ok(Self { @@ -260,7 +260,7 @@ impl SecretBackend for TlsGenerate { Conf::new(ConfMethod::default()).expect("failed to initialize OpenSSL configuration"); let pod_key_length = match self.key_generation { - v1alpha1::CertificateKeyGeneration::Rsa { length } => length, + v1alpha2::CertificateKeyGeneration::Rsa { length } => length, }; let pod_key = Rsa::generate(pod_key_length) diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index db49af6f..3fa6bf14 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -1,4 +1,7 @@ +use std::{fmt::Display, ops::Deref}; + use serde::{Deserialize, Serialize}; +use snafu::Snafu; use stackable_operator::{ commons::networking::{HostName, KerberosRealmName}, kube::CustomResource, @@ -11,26 +14,21 @@ use stackable_secret_operator_crd_utils::{ConfigMapReference, SecretReference}; use crate::format::SecretFormat; mod v1alpha1_impl; - -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] -#[serde(try_from = "String", into = "String")] -pub struct KerberosPrincipal(String); +mod v1alpha2_impl; #[versioned( version(name = "v1alpha1"), + version(name = "v1alpha2"), crates( kube_core = "stackable_operator::kube::core", kube_client = "stackable_operator::kube::client", k8s_openapi = "stackable_operator::k8s_openapi", schemars = "stackable_operator::schemars", versioned = "stackable_operator::versioned" - ) + ), + options(k8s(enable_tracing)) )] pub mod versioned { - pub mod v1alpha1 { - pub use v1alpha1_impl::*; - } - /// A [SecretClass](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass) is a cluster-global Kubernetes resource /// that defines a category of secrets that the Secret Operator knows how to provision. #[versioned(crd(group = "secrets.stackable.tech"))] @@ -112,6 +110,7 @@ pub mod versioned { IfPodIsInNamespace { namespace: String }, } + // #[versioned(skip(from))] #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct AutoTlsBackend { @@ -119,6 +118,7 @@ pub mod versioned { pub ca: AutoTlsCa, /// Additional trust roots which are added to the provided `ca.crt` file. + #[versioned(hint(vec))] #[serde(default)] pub additional_trust_roots: Vec, @@ -126,7 +126,7 @@ pub mod versioned { /// In case consumers request a longer lifetime than allowed by this setting, /// the lifetime will be the minimum of both, so this setting takes precedence. /// The default value is 15 days. - #[serde(default = "AutoTlsBackend::default_max_certificate_lifetime")] + #[serde(default = "v1alpha2::AutoTlsBackend::default_max_certificate_lifetime")] pub max_certificate_lifetime: Duration, } @@ -149,7 +149,7 @@ pub mod versioned { /// /// If `autoGenerate: true` then the Secret Operator will prepare a new CA certificate the old CA approaches expiration. /// If `autoGenerate: false` then the Secret Operator will log a warning instead. - #[serde(default = "AutoTlsCa::default_ca_certificate_lifetime")] + #[serde(default = "v1alpha2::AutoTlsCa::default_ca_certificate_lifetime")] pub ca_certificate_lifetime: Duration, /// The algorithm used to generate a key pair and required configuration settings. @@ -182,7 +182,7 @@ pub mod versioned { Rsa { /// The amount of bits used for generating the RSA keypair. /// Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. - #[schemars(schema_with = "CertificateKeyGeneration::tls_key_length_schema")] + #[schemars(schema_with = "v1alpha2::CertificateKeyGeneration::tls_key_length_schema")] length: u32, }, } @@ -196,7 +196,7 @@ pub mod versioned { /// The default lifetime of certificates. /// /// Defaults to 1 day. This may need to be increased for external issuers that impose rate limits (such as Let's Encrypt). - #[serde(default = "CertManagerBackend::default_certificate_lifetime")] + #[serde(default = "v1alpha2::CertManagerBackend::default_certificate_lifetime")] pub default_certificate_lifetime: Duration, /// The algorithm used to generate a key pair and required configuration settings. @@ -251,42 +251,54 @@ pub mod versioned { #[serde(rename_all = "camelCase")] pub enum KerberosKeytabBackendAdmin { /// Credentials should be provisioned in a MIT Kerberos Admin Server. - #[serde(rename_all = "camelCase")] - Mit { - /// The hostname of the Kerberos Admin Server. - /// This should be provided by the Kerberos administrator. - kadmin_server: HostName, - }, + Mit(KerberosKeytabBackendMit), /// Credentials should be provisioned in a Microsoft Active Directory domain. - #[serde(rename_all = "camelCase")] - ActiveDirectory { - /// An AD LDAP server, such as the AD Domain Controller. - /// This must match the server’s FQDN, or GSSAPI authentication will fail. - ldap_server: HostName, - - /// Reference (name and namespace) to a Kubernetes Secret object containing - /// the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. - ldap_tls_ca_secret: SecretReference, - - /// Reference (name and namespace) to a Kubernetes Secret object where workload - /// passwords will be stored. This must not be accessible to end users. - password_cache_secret: SecretReference, - - /// The root Distinguished Name (DN) where service accounts should be provisioned, - /// typically `CN=Users,{domain_dn}`. - user_distinguished_name: String, - - /// The root Distinguished Name (DN) for AD-managed schemas, - /// typically `CN=Schema,CN=Configuration,{domain_dn}`. - schema_distinguished_name: String, - - /// Allows samAccountName generation for new accounts to be customized. - /// Note that setting this field (even if empty) makes the Secret Operator take - /// over the generation duty from the domain controller. - #[serde(rename = "experimentalGenerateSamAccountName")] - generate_sam_account_name: Option, - }, + ActiveDirectory(KerberosKeytabBackendActiveDirectory), + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct KerberosKeytabBackendMit { + /// The hostname of the Kerberos Admin Server. + /// This should be provided by the Kerberos administrator. + kadmin_server: HostName, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct KerberosKeytabBackendActiveDirectory { + /// An AD LDAP server, such as the AD Domain Controller. + /// This must match the server’s FQDN, or GSSAPI authentication will fail. + ldap_server: HostName, + + /// Reference (name and namespace) to a Kubernetes Secret object containing + /// the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. + ldap_tls_ca_secret: SecretReference, + + /// Reference (name and namespace) to a Kubernetes Secret object where workload + /// passwords will be stored. This must not be accessible to end users. + password_cache_secret: SecretReference, + + /// The root Distinguished Name (DN) where service accounts should be provisioned, + /// typically `CN=Users,{domain_dn}`. + user_distinguished_name: String, + + /// The root Distinguished Name (DN) for AD-managed schemas, + /// typically `CN=Schema,CN=Configuration,{domain_dn}`. + schema_distinguished_name: String, + + /// Allows samAccountName generation for new accounts to be customized. + /// Note that setting this field (even if empty) makes the Secret Operator take + /// over the generation duty from the domain controller. + #[versioned( + changed( + since = "v1alpha2", + from_name = "experimental_generate_sam_account_name" + ), + hint(option) + )] + generate_sam_account_name: Option, } #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] @@ -299,7 +311,7 @@ pub mod versioned { /// Must be larger than the length of `prefix`, but at most `20`. /// /// Note that this should be as large as possible, to minimize the risk of collisions. - #[serde(default = "ActiveDirectorySamAccountNameRules::default_total_length")] + #[serde(default = "v1alpha2::ActiveDirectorySamAccountNameRules::default_total_length")] pub total_length: u8, } @@ -319,12 +331,69 @@ pub mod versioned { } } +#[derive(Debug, Snafu)] +#[snafu(module)] +pub enum InvalidKerberosPrincipal { + #[snafu(display( + "principal contains illegal characters (allowed: alphanumeric, /, @, -, _, and .)" + ))] + IllegalCharacter, + + #[snafu(display("principal may not start with a dash"))] + StartWithDash, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] +#[serde(try_from = "String", into = "String")] +pub struct KerberosPrincipal(String); + +impl TryFrom for KerberosPrincipal { + type Error = InvalidKerberosPrincipal; + + fn try_from(value: String) -> Result { + if value.starts_with('-') { + invalid_kerberos_principal::StartWithDashSnafu.fail() + } else if value.contains(|chr: char| { + !chr.is_alphanumeric() + && chr != '/' + && chr != '@' + && chr != '.' + && chr != '-' + && chr != '_' + }) { + invalid_kerberos_principal::IllegalCharacterSnafu.fail() + } else { + Ok(KerberosPrincipal(value)) + } + } +} + +impl From for String { + fn from(value: KerberosPrincipal) -> Self { + value.0 + } +} + +impl Display for KerberosPrincipal { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + f.write_str(&self.0) + } +} + +impl Deref for KerberosPrincipal { + type Target = str; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + #[cfg(test)] mod test { use super::*; use crate::{ backend::tls::{DEFAULT_CA_CERT_LIFETIME, DEFAULT_MAX_CERT_LIFETIME}, - crd::v1alpha1::{ + crd::v1alpha2::{ AdditionalTrustRoot, AutoTlsBackend, AutoTlsCa, CertificateKeyGeneration, SecretClass, SecretClassBackend, SecretClassSpec, }, diff --git a/rust/operator-binary/src/crd/v1alpha1_impl.rs b/rust/operator-binary/src/crd/v1alpha1_impl.rs index e3010ef8..199c75fe 100644 --- a/rust/operator-binary/src/crd/v1alpha1_impl.rs +++ b/rust/operator-binary/src/crd/v1alpha1_impl.rs @@ -1,37 +1,13 @@ -use std::{fmt::Display, ops::Deref}; - -use snafu::Snafu; use stackable_operator::{ k8s_openapi::api::core::v1::{ConfigMap, Secret}, kube::api::PartialObjectMeta, schemars::{self, schema::Schema}, - shared::time::Duration, }; -use crate::{ - backend, - crd::{ - KerberosPrincipal, - v1alpha1::{ - ActiveDirectorySamAccountNameRules, AutoTlsBackend, AutoTlsCa, CertManagerBackend, - CertificateKeyGeneration, SearchNamespace, SearchNamespaceMatchCondition, - SecretClassBackend, - }, - }, +use crate::crd::v1alpha1::{ + CertificateKeyGeneration, SearchNamespace, SearchNamespaceMatchCondition, SecretClassBackend, }; -#[derive(Debug, Snafu)] -#[snafu(module)] -pub enum InvalidKerberosPrincipal { - #[snafu(display( - "principal contains illegal characters (allowed: alphanumeric, /, @, -, _, and .)" - ))] - IllegalCharacter, - - #[snafu(display("principal may not start with a dash"))] - StartWithDash, -} - impl SecretClassBackend { // Currently no `refers_to_*` method actually returns more than one element, // but returning `Iterator` instead of `Option` to ensure that all consumers are ready @@ -114,18 +90,6 @@ impl SearchNamespaceMatchCondition { } } -impl AutoTlsBackend { - pub(crate) fn default_max_certificate_lifetime() -> Duration { - backend::tls::DEFAULT_MAX_CERT_LIFETIME - } -} - -impl AutoTlsCa { - pub(crate) fn default_ca_certificate_lifetime() -> Duration { - backend::tls::DEFAULT_CA_CERT_LIFETIME - } -} - impl CertificateKeyGeneration { pub const RSA_KEY_LENGTH_2048: u32 = 2048; pub const RSA_KEY_LENGTH_3072: u32 = 3072; @@ -169,57 +133,3 @@ impl Default for CertificateKeyGeneration { } } } - -impl CertManagerBackend { - pub(crate) fn default_certificate_lifetime() -> Duration { - backend::cert_manager::DEFAULT_CERT_LIFETIME - } -} - -impl ActiveDirectorySamAccountNameRules { - pub(crate) fn default_total_length() -> u8 { - // Default AD samAccountName length limit - 20 - } -} - -impl TryFrom for KerberosPrincipal { - type Error = InvalidKerberosPrincipal; - - fn try_from(value: String) -> Result { - if value.starts_with('-') { - invalid_kerberos_principal::StartWithDashSnafu.fail() - } else if value.contains(|chr: char| { - !chr.is_alphanumeric() - && chr != '/' - && chr != '@' - && chr != '.' - && chr != '-' - && chr != '_' - }) { - invalid_kerberos_principal::IllegalCharacterSnafu.fail() - } else { - Ok(KerberosPrincipal(value)) - } - } -} - -impl From for String { - fn from(value: KerberosPrincipal) -> Self { - value.0 - } -} - -impl Display for KerberosPrincipal { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - f.write_str(&self.0) - } -} - -impl Deref for KerberosPrincipal { - type Target = str; - - fn deref(&self) -> &Self::Target { - &self.0 - } -} diff --git a/rust/operator-binary/src/crd/v1alpha2_impl.rs b/rust/operator-binary/src/crd/v1alpha2_impl.rs new file mode 100644 index 00000000..acd61394 --- /dev/null +++ b/rust/operator-binary/src/crd/v1alpha2_impl.rs @@ -0,0 +1,166 @@ +use stackable_operator::{ + k8s_openapi::api::core::v1::{ConfigMap, Secret}, + kube::api::PartialObjectMeta, + schemars::{self, schema::Schema}, + shared::time::Duration, +}; + +use crate::{ + backend, + crd::v1alpha2::{ + ActiveDirectorySamAccountNameRules, AutoTlsBackend, AutoTlsCa, CertManagerBackend, + CertificateKeyGeneration, SearchNamespace, SearchNamespaceMatchCondition, + SecretClassBackend, + }, +}; + +impl SecretClassBackend { + // Currently no `refers_to_*` method actually returns more than one element, + // but returning `Iterator` instead of `Option` to ensure that all consumers are ready + // for adding more conditions. + + // The matcher methods are on the CRD type rather than the initialized `Backend` impls + // to avoid having to initialize the backend for each watch event. + + /// Returns the conditions where the backend refers to `config_map`. + pub fn refers_to_config_map( + &self, + config_map: &PartialObjectMeta, + ) -> impl Iterator { + let cm_namespace = config_map.metadata.namespace.as_deref(); + match self { + Self::K8sSearch(backend) => { + let name_matches = backend.trust_store_config_map_name == config_map.metadata.name; + cm_namespace + .filter(|_| name_matches) + .and_then(|cm_ns| backend.search_namespace.matches_namespace(cm_ns)) + } + Self::AutoTls(_) => None, + Self::CertManager(_) => None, + Self::KerberosKeytab(_) => None, + } + .into_iter() + } + + /// Returns the conditions where the backend refers to `secret`. + pub fn refers_to_secret( + &self, + secret: &PartialObjectMeta, + ) -> impl Iterator { + match self { + Self::AutoTls(backend) => { + (backend.ca.secret == *secret).then_some(SearchNamespaceMatchCondition::True) + } + Self::K8sSearch(_) => None, + Self::CertManager(_) => None, + Self::KerberosKeytab(_) => None, + } + .into_iter() + } +} + +impl SearchNamespace { + pub fn resolve<'a>(&'a self, pod_namespace: &'a str) -> &'a str { + match self { + SearchNamespace::Pod {} => pod_namespace, + SearchNamespace::Name(ns) => ns, + } + } + + /// Returns [`Some`] if this `SearchNamespace` could possibly match an object in the namespace + /// `object_namespace`, otherwise [`None`]. + /// + /// This is optimistic, you then need to call [`SearchNamespaceMatchCondition::matches_pod_namespace`] + /// to evaluate the match for a specific pod's namespace. + pub fn matches_namespace( + &self, + object_namespace: &str, + ) -> Option { + match self { + SearchNamespace::Pod {} => Some(SearchNamespaceMatchCondition::IfPodIsInNamespace { + namespace: object_namespace.to_string(), + }), + SearchNamespace::Name(ns) => { + (ns == object_namespace).then_some(SearchNamespaceMatchCondition::True) + } + } + } +} + +impl SearchNamespaceMatchCondition { + pub fn matches_pod_namespace(&self, pod_ns: &str) -> bool { + match self { + Self::True => true, + Self::IfPodIsInNamespace { namespace } => namespace == pod_ns, + } + } +} + +impl AutoTlsBackend { + pub(crate) fn default_max_certificate_lifetime() -> Duration { + backend::tls::DEFAULT_MAX_CERT_LIFETIME + } +} + +impl AutoTlsCa { + pub(crate) fn default_ca_certificate_lifetime() -> Duration { + backend::tls::DEFAULT_CA_CERT_LIFETIME + } +} + +impl CertificateKeyGeneration { + pub const RSA_KEY_LENGTH_2048: u32 = 2048; + pub const RSA_KEY_LENGTH_3072: u32 = 3072; + pub const RSA_KEY_LENGTH_4096: u32 = 4096; + + // Could not get a "standard" enum with assigned values/discriminants to work as integers in the schema + // The following was generated and requires the length to be provided as string (we want an integer) + // keyGeneration: + // default: + // rsa: + // length: '2048' + // oneOf: + // - required: + // - rsa + // properties: + // rsa: + // properties: + // length: + // enum: + // - '2048' + // - '3072' + // - '4096' + // type: string + pub fn tls_key_length_schema(_: &mut schemars::gen::SchemaGenerator) -> Schema { + serde_json::from_value(serde_json::json!({ + "type": "integer", + "enum": [ + Self::RSA_KEY_LENGTH_2048, + Self::RSA_KEY_LENGTH_3072, + Self::RSA_KEY_LENGTH_4096 + ] + })) + .expect("Failed to parse JSON of custom tls key length schema") + } +} + +impl Default for CertificateKeyGeneration { + fn default() -> Self { + Self::Rsa { + length: Self::RSA_KEY_LENGTH_2048, + } + } +} + +impl CertManagerBackend { + pub(crate) fn default_certificate_lifetime() -> Duration { + backend::cert_manager::DEFAULT_CERT_LIFETIME + } +} + +impl ActiveDirectorySamAccountNameRules { + pub(crate) fn default_total_length() -> u8 { + // Default AD samAccountName length limit + 20 + } +} diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index a5d39422..f61396ec 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -74,9 +74,9 @@ async fn main() -> anyhow::Result<()> { let opts = Opts::parse(); match opts.cmd { stackable_operator::cli::Command::Crd => { - SecretClass::merged_crd(crd::SecretClassVersion::V1Alpha1)? + SecretClass::merged_crd(crd::SecretClassVersion::V1Alpha2)? .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; - TrustStore::merged_crd(crd::TrustStoreVersion::V1Alpha1)? + TrustStore::merged_crd(crd::TrustStoreVersion::V1Alpha2)? .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; } stackable_operator::cli::Command::Run(SecretOperatorRun { diff --git a/rust/operator-binary/src/truststore_controller.rs b/rust/operator-binary/src/truststore_controller.rs index 3589a64a..96eed4c4 100644 --- a/rust/operator-binary/src/truststore_controller.rs +++ b/rust/operator-binary/src/truststore_controller.rs @@ -32,7 +32,7 @@ use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ OPERATOR_NAME, backend::{self, SecretBackendError, TrustSelector}, - crd::v1alpha1, + crd::v1alpha2, format::{ self, well_known::{CompatibilityOptions, NamingOptions}, @@ -46,7 +46,7 @@ const FULL_CONTROLLER_NAME: &str = concatcp!(CONTROLLER_NAME, ".", OPERATOR_NAME pub async fn start(client: &stackable_operator::client::Client, watch_namespace: &WatchNamespace) { let (secretclasses, secretclasses_writer) = reflector::store(); let controller = Controller::new( - watch_namespace.get_api::>(client), + watch_namespace.get_api::>(client), watcher::Config::default(), ); let truststores = controller.store(); @@ -60,7 +60,7 @@ pub async fn start(client: &stackable_operator::client::Client, watch_namespace: controller .watches_stream( watcher( - client.get_api::>(&()), + client.get_api::>(&()), watcher::Config::default(), ) .reflect(secretclasses_writer) @@ -119,15 +119,15 @@ pub async fn start(client: &stackable_operator::client::Client, watch_namespace: .await; } -/// Resolves modifications to dependencies of [`v1alpha1::SecretClass`] objects into -/// a list of affected [`v1alpha1::TrustStore`]s. +/// Resolves modifications to dependencies of [`v1alpha2::SecretClass`] objects into +/// a list of affected [`v1alpha2::TrustStore`]s. fn secretclass_dependency_watch_mapper( - truststores: reflector::Store>, - secretclasses: reflector::Store>, - reference_conditions: impl Copy + Fn(&v1alpha1::SecretClass, &Dep) -> Conds, -) -> impl Fn(Dep) -> Vec>> + truststores: reflector::Store>, + secretclasses: reflector::Store>, + reference_conditions: impl Copy + Fn(&v1alpha2::SecretClass, &Dep) -> Conds, +) -> impl Fn(Dep) -> Vec>> where - Conds: IntoIterator, + Conds: IntoIterator, { move |dep| { let potentially_matching_secretclasses = @@ -143,8 +143,8 @@ where }) }) .collect::, - Vec, + ObjectRef, + Vec, >>(); truststores .state() @@ -155,7 +155,7 @@ where return false; }; let secret_class_ref = - ObjectRef::::new(&ts.spec.secret_class_name); + ObjectRef::::new(&ts.spec.secret_class_name); potentially_matching_secretclasses .get(&secret_class_ref) .is_some_and(|conds| { @@ -181,13 +181,13 @@ pub enum Error { #[snafu(display("failed to get {secret_class} for TrustStore"))] GetSecretClass { source: stackable_operator::client::Error, - secret_class: ObjectRef, + secret_class: ObjectRef, }, #[snafu(display("failed to initialize SecretClass backend for {secret_class}"))] InitBackend { source: backend::dynamic::FromClassError, - secret_class: ObjectRef, + secret_class: ObjectRef, }, #[snafu(display("failed to get trust data from backend"))] @@ -199,7 +199,7 @@ pub enum Error { #[snafu(display("failed to convert trust data into desired format"))] FormatData { source: format::IntoFilesError, - secret_class: ObjectRef, + secret_class: ObjectRef, }, #[snafu(display("failed to build owner reference to the TrustStore"))] @@ -238,7 +238,7 @@ struct Ctx { } async fn reconcile( - truststore: Arc>, + truststore: Arc>, ctx: Arc, ) -> Result { let truststore = truststore @@ -249,10 +249,10 @@ async fn reconcile( let secret_class_name = &truststore.spec.secret_class_name; let secret_class = ctx .client - .get::(secret_class_name, &()) + .get::(secret_class_name, &()) .await .context(GetSecretClassSnafu { - secret_class: ObjectRef::::new(secret_class_name), + secret_class: ObjectRef::::new(secret_class_name), })?; let secret_class_ref = secret_class.to_object_ref(()); let backend = backend::dynamic::from_class(&ctx.client, secret_class) @@ -308,7 +308,7 @@ async fn reconcile( } fn error_policy( - _obj: Arc>, + _obj: Arc>, _error: &Error, _ctx: Arc, ) -> controller::Action { diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs index 16109a62..dee79f17 100644 --- a/rust/operator-binary/src/webhooks/conversion.rs +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -19,11 +19,11 @@ pub async fn conversion_webhook( ) -> anyhow::Result { let crds_and_handlers = [ ( - SecretClass::merged_crd(SecretClassVersion::V1Alpha1)?, + SecretClass::merged_crd(SecretClassVersion::V1Alpha2)?, SecretClass::try_convert as fn(_) -> _, ), ( - TrustStore::merged_crd(TrustStoreVersion::V1Alpha1)?, + TrustStore::merged_crd(TrustStoreVersion::V1Alpha2)?, TrustStore::try_convert as fn(_) -> _, ), ]; From f6088b73d964bd352f590785bc378b14a5c4f918 Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 12:56:19 +0200 Subject: [PATCH 07/19] chore: Add rendered CRD --- crds.yaml | 776 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 776 insertions(+) create mode 100644 crds.yaml diff --git a/crds.yaml b/crds.yaml new file mode 100644 index 00000000..9837829b --- /dev/null +++ b/crds.yaml @@ -0,0 +1,776 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: secretclasses.secrets.stackable.tech +spec: + group: secrets.stackable.tech + names: + categories: [] + kind: SecretClass + plural: secretclasses + shortNames: [] + singular: secretclass + scope: Cluster + versions: + - additionalPrinterColumns: [] + name: v1alpha2 + schema: + openAPIV3Schema: + description: Auto-generated derived type for SecretClassSpec via `CustomResource` + properties: + spec: + description: A [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) is a cluster-global Kubernetes resource that defines a category of secrets that the Secret Operator knows how to provision. + properties: + backend: + description: Each SecretClass is associated with a single [backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend), which dictates the mechanism for issuing that kind of Secret. + oneOf: + - required: + - k8sSearch + - required: + - autoTls + - required: + - experimentalCertManager + - required: + - kerberosKeytab + properties: + autoTls: + description: |- + The [`autoTls` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-autotls) issues a TLS certificate signed by the Secret Operator. The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator. + + A new certificate and key pair will be generated and signed for each Pod, keys or certificates are never reused. + properties: + additionalTrustRoots: + default: [] + description: Additional trust roots which are added to the provided `ca.crt` file. + items: + oneOf: + - required: + - configMap + - required: + - secret + properties: + configMap: + description: 'Reference (name and namespace) to a Kubernetes ConfigMap object where additional certificates are stored. The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER certificate.' + properties: + name: + description: Name of the ConfigMap being referred to. + type: string + namespace: + description: Namespace of the ConfigMap being referred to. + type: string + required: + - name + - namespace + type: object + secret: + description: 'Reference (name and namespace) to a Kubernetes Secret object where additional certificates are stored. The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER certificate.' + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + type: object + type: array + ca: + description: Configures the certificate authority used to issue Pod certificates. + properties: + autoGenerate: + default: false + description: Whether the certificate authority should be managed by Secret Operator, including being generated if it does not already exist. + type: boolean + caCertificateLifetime: + default: 365d + description: |- + The lifetime of each generated certificate authority. + + Should always be more than double `maxCertificateLifetime`. + + If `autoGenerate: true` then the Secret Operator will prepare a new CA certificate the old CA approaches expiration. If `autoGenerate: false` then the Secret Operator will log a warning instead. + type: string + keyGeneration: + default: + rsa: + length: 2048 + description: The algorithm used to generate a key pair and required configuration settings. Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. + oneOf: + - required: + - rsa + properties: + rsa: + properties: + length: + description: The amount of bits used for generating the RSA keypair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. + enum: + - 2048 + - 3072 + - 4096 + type: integer + required: + - length + type: object + type: object + secret: + description: Reference (name and namespace) to a Kubernetes Secret object where the CA certificate and key is stored in the keys `ca.crt` and `ca.key` respectively. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + required: + - secret + type: object + maxCertificateLifetime: + default: 15d + description: Maximum lifetime the created certificates are allowed to have. In case consumers request a longer lifetime than allowed by this setting, the lifetime will be the minimum of both, so this setting takes precedence. The default value is 15 days. + type: string + required: + - ca + type: object + experimentalCertManager: + description: |- + The [`experimentalCertManager` backend][1] injects a TLS certificate issued by [cert-manager](https://cert-manager.io/). + + A new certificate will be requested the first time it is used by a Pod, it will be reused after that (subject to cert-manager renewal rules). + + [1]: https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-certmanager + properties: + defaultCertificateLifetime: + default: 1d + description: |- + The default lifetime of certificates. + + Defaults to 1 day. This may need to be increased for external issuers that impose rate limits (such as Let's Encrypt). + type: string + issuer: + description: A reference to the cert-manager issuer that the certificates should be requested from. + properties: + kind: + description: |- + The kind of the issuer, Issuer or ClusterIssuer. + + If Issuer then it must be in the same namespace as the Pods using it. + enum: + - Issuer + - ClusterIssuer + type: string + name: + description: The name of the issuer. + type: string + required: + - kind + - name + type: object + keyGeneration: + default: + rsa: + length: 2048 + description: The algorithm used to generate a key pair and required configuration settings. Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. + oneOf: + - required: + - rsa + properties: + rsa: + properties: + length: + description: The amount of bits used for generating the RSA keypair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. + enum: + - 2048 + - 3072 + - 4096 + type: integer + required: + - length + type: object + type: object + required: + - issuer + type: object + k8sSearch: + description: The [`k8sSearch` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-k8ssearch) can be used to mount Secrets across namespaces into Pods. + properties: + searchNamespace: + description: Configures the namespace searched for Secret objects. + oneOf: + - required: + - pod + - required: + - name + properties: + name: + description: The Secret objects are located in a single global namespace. Should be used for secrets that are provisioned by the cluster administrator. + type: string + pod: + description: The Secret objects are located in the same namespace as the Pod object. Should be used for Secrets that are provisioned by the application administrator. + type: object + type: object + trustStoreConfigMapName: + description: |- + Name of a ConfigMap that contains the information required to validate against this SecretClass. + + Resolved relative to `search_namespace`. + + Required to request a TrustStore for this SecretClass. + nullable: true + type: string + required: + - searchNamespace + type: object + kerberosKeytab: + description: The [`kerberosKeytab` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-kerberoskeytab) creates a Kerberos keytab file for a selected realm. The Kerberos KDC and administrator credentials must be provided by the administrator. + properties: + admin: + description: Kerberos admin configuration settings. + oneOf: + - required: + - mit + - required: + - activeDirectory + properties: + activeDirectory: + description: Credentials should be provisioned in a Microsoft Active Directory domain. + properties: + generateSamAccountName: + description: Allows samAccountName generation for new accounts to be customized. Note that setting this field (even if empty) makes the Secret Operator take over the generation duty from the domain controller. + nullable: true + properties: + prefix: + default: '' + description: A prefix to be prepended to generated samAccountNames. + type: string + totalLength: + default: 20 + description: |- + The total length of generated samAccountNames, _including_ `prefix`. Must be larger than the length of `prefix`, but at most `20`. + + Note that this should be as large as possible, to minimize the risk of collisions. + format: uint8 + minimum: 0.0 + type: integer + type: object + ldapServer: + description: An AD LDAP server, such as the AD Domain Controller. This must match the server’s FQDN, or GSSAPI authentication will fail. + type: string + ldapTlsCaSecret: + description: Reference (name and namespace) to a Kubernetes Secret object containing the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + passwordCacheSecret: + description: Reference (name and namespace) to a Kubernetes Secret object where workload passwords will be stored. This must not be accessible to end users. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + schemaDistinguishedName: + description: The root Distinguished Name (DN) for AD-managed schemas, typically `CN=Schema,CN=Configuration,{domain_dn}`. + type: string + userDistinguishedName: + description: The root Distinguished Name (DN) where service accounts should be provisioned, typically `CN=Users,{domain_dn}`. + type: string + required: + - ldapServer + - ldapTlsCaSecret + - passwordCacheSecret + - schemaDistinguishedName + - userDistinguishedName + type: object + mit: + description: Credentials should be provisioned in a MIT Kerberos Admin Server. + properties: + kadminServer: + description: The hostname of the Kerberos Admin Server. This should be provided by the Kerberos administrator. + type: string + required: + - kadminServer + type: object + type: object + adminKeytabSecret: + description: Reference (`name` and `namespace`) to a K8s Secret object where a keytab with administrative privileges is stored in the key `keytab`. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + adminPrincipal: + description: The admin principal. + type: string + kdc: + description: The hostname of the Kerberos Key Distribution Center (KDC). This should be provided by the Kerberos administrator. + type: string + realmName: + description: The name of the Kerberos realm. This should be provided by the Kerberos administrator. + pattern: ^[-.a-zA-Z0-9]+$ + type: string + required: + - admin + - adminKeytabSecret + - adminPrincipal + - kdc + - realmName + type: object + type: object + required: + - backend + type: object + required: + - spec + title: SecretClass + type: object + served: true + storage: true + subresources: {} + - additionalPrinterColumns: [] + name: v1alpha1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for SecretClassSpec via `CustomResource` + properties: + spec: + description: A [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) is a cluster-global Kubernetes resource that defines a category of secrets that the Secret Operator knows how to provision. + properties: + backend: + description: Each SecretClass is associated with a single [backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend), which dictates the mechanism for issuing that kind of Secret. + oneOf: + - required: + - k8sSearch + - required: + - autoTls + - required: + - experimentalCertManager + - required: + - kerberosKeytab + properties: + autoTls: + description: |- + The [`autoTls` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-autotls) issues a TLS certificate signed by the Secret Operator. The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator. + + A new certificate and key pair will be generated and signed for each Pod, keys or certificates are never reused. + properties: + additionalTrustRoots: + default: [] + description: Additional trust roots which are added to the provided `ca.crt` file. + items: + oneOf: + - required: + - configMap + - required: + - secret + properties: + configMap: + description: 'Reference (name and namespace) to a Kubernetes ConfigMap object where additional certificates are stored. The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER certificate.' + properties: + name: + description: Name of the ConfigMap being referred to. + type: string + namespace: + description: Namespace of the ConfigMap being referred to. + type: string + required: + - name + - namespace + type: object + secret: + description: 'Reference (name and namespace) to a Kubernetes Secret object where additional certificates are stored. The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER certificate.' + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + type: object + type: array + ca: + description: Configures the certificate authority used to issue Pod certificates. + properties: + autoGenerate: + default: false + description: Whether the certificate authority should be managed by Secret Operator, including being generated if it does not already exist. + type: boolean + caCertificateLifetime: + default: 365d + description: |- + The lifetime of each generated certificate authority. + + Should always be more than double `maxCertificateLifetime`. + + If `autoGenerate: true` then the Secret Operator will prepare a new CA certificate the old CA approaches expiration. If `autoGenerate: false` then the Secret Operator will log a warning instead. + type: string + keyGeneration: + default: + rsa: + length: 2048 + description: The algorithm used to generate a key pair and required configuration settings. Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. + oneOf: + - required: + - rsa + properties: + rsa: + properties: + length: + description: The amount of bits used for generating the RSA keypair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. + enum: + - 2048 + - 3072 + - 4096 + type: integer + required: + - length + type: object + type: object + secret: + description: Reference (name and namespace) to a Kubernetes Secret object where the CA certificate and key is stored in the keys `ca.crt` and `ca.key` respectively. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + required: + - secret + type: object + maxCertificateLifetime: + default: 15d + description: Maximum lifetime the created certificates are allowed to have. In case consumers request a longer lifetime than allowed by this setting, the lifetime will be the minimum of both, so this setting takes precedence. The default value is 15 days. + type: string + required: + - ca + type: object + experimentalCertManager: + description: |- + The [`experimentalCertManager` backend][1] injects a TLS certificate issued by [cert-manager](https://cert-manager.io/). + + A new certificate will be requested the first time it is used by a Pod, it will be reused after that (subject to cert-manager renewal rules). + + [1]: https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-certmanager + properties: + defaultCertificateLifetime: + default: 1d + description: |- + The default lifetime of certificates. + + Defaults to 1 day. This may need to be increased for external issuers that impose rate limits (such as Let's Encrypt). + type: string + issuer: + description: A reference to the cert-manager issuer that the certificates should be requested from. + properties: + kind: + description: |- + The kind of the issuer, Issuer or ClusterIssuer. + + If Issuer then it must be in the same namespace as the Pods using it. + enum: + - Issuer + - ClusterIssuer + type: string + name: + description: The name of the issuer. + type: string + required: + - kind + - name + type: object + keyGeneration: + default: + rsa: + length: 2048 + description: The algorithm used to generate a key pair and required configuration settings. Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. + oneOf: + - required: + - rsa + properties: + rsa: + properties: + length: + description: The amount of bits used for generating the RSA keypair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. + enum: + - 2048 + - 3072 + - 4096 + type: integer + required: + - length + type: object + type: object + required: + - issuer + type: object + k8sSearch: + description: The [`k8sSearch` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-k8ssearch) can be used to mount Secrets across namespaces into Pods. + properties: + searchNamespace: + description: Configures the namespace searched for Secret objects. + oneOf: + - required: + - pod + - required: + - name + properties: + name: + description: The Secret objects are located in a single global namespace. Should be used for secrets that are provisioned by the cluster administrator. + type: string + pod: + description: The Secret objects are located in the same namespace as the Pod object. Should be used for Secrets that are provisioned by the application administrator. + type: object + type: object + trustStoreConfigMapName: + description: |- + Name of a ConfigMap that contains the information required to validate against this SecretClass. + + Resolved relative to `search_namespace`. + + Required to request a TrustStore for this SecretClass. + nullable: true + type: string + required: + - searchNamespace + type: object + kerberosKeytab: + description: The [`kerberosKeytab` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-kerberoskeytab) creates a Kerberos keytab file for a selected realm. The Kerberos KDC and administrator credentials must be provided by the administrator. + properties: + admin: + description: Kerberos admin configuration settings. + oneOf: + - required: + - mit + - required: + - activeDirectory + properties: + activeDirectory: + description: Credentials should be provisioned in a Microsoft Active Directory domain. + properties: + experimentalGenerateSamAccountName: + description: Allows samAccountName generation for new accounts to be customized. Note that setting this field (even if empty) makes the Secret Operator take over the generation duty from the domain controller. + nullable: true + properties: + prefix: + default: '' + description: A prefix to be prepended to generated samAccountNames. + type: string + totalLength: + default: 20 + description: |- + The total length of generated samAccountNames, _including_ `prefix`. Must be larger than the length of `prefix`, but at most `20`. + + Note that this should be as large as possible, to minimize the risk of collisions. + format: uint8 + minimum: 0.0 + type: integer + type: object + ldapServer: + description: An AD LDAP server, such as the AD Domain Controller. This must match the server’s FQDN, or GSSAPI authentication will fail. + type: string + ldapTlsCaSecret: + description: Reference (name and namespace) to a Kubernetes Secret object containing the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + passwordCacheSecret: + description: Reference (name and namespace) to a Kubernetes Secret object where workload passwords will be stored. This must not be accessible to end users. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + schemaDistinguishedName: + description: The root Distinguished Name (DN) for AD-managed schemas, typically `CN=Schema,CN=Configuration,{domain_dn}`. + type: string + userDistinguishedName: + description: The root Distinguished Name (DN) where service accounts should be provisioned, typically `CN=Users,{domain_dn}`. + type: string + required: + - ldapServer + - ldapTlsCaSecret + - passwordCacheSecret + - schemaDistinguishedName + - userDistinguishedName + type: object + mit: + description: Credentials should be provisioned in a MIT Kerberos Admin Server. + properties: + kadminServer: + description: The hostname of the Kerberos Admin Server. This should be provided by the Kerberos administrator. + type: string + required: + - kadminServer + type: object + type: object + adminKeytabSecret: + description: Reference (`name` and `namespace`) to a K8s Secret object where a keytab with administrative privileges is stored in the key `keytab`. + properties: + name: + description: Name of the Secret being referred to. + type: string + namespace: + description: Namespace of the Secret being referred to. + type: string + required: + - name + - namespace + type: object + adminPrincipal: + description: The admin principal. + type: string + kdc: + description: The hostname of the Kerberos Key Distribution Center (KDC). This should be provided by the Kerberos administrator. + type: string + realmName: + description: The name of the Kerberos realm. This should be provided by the Kerberos administrator. + pattern: ^[-.a-zA-Z0-9]+$ + type: string + required: + - admin + - adminKeytabSecret + - adminPrincipal + - kdc + - realmName + type: object + type: object + required: + - backend + type: object + required: + - spec + title: SecretClass + type: object + served: true + storage: false + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: truststores.secrets.stackable.tech +spec: + group: secrets.stackable.tech + names: + categories: [] + kind: TrustStore + plural: truststores + shortNames: [] + singular: truststore + scope: Namespaced + versions: + - additionalPrinterColumns: [] + name: v1alpha2 + schema: + openAPIV3Schema: + description: Auto-generated derived type for TrustStoreSpec via `CustomResource` + properties: + spec: + description: |- + A [TrustStore](https://docs.stackable.tech/home/nightly/secret-operator/truststore) requests information about how to validate secrets issued by a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass). + + The requested information is written to a ConfigMap with the same name as the TrustStore. + properties: + format: + description: The [format](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#format) that the data should be converted into. + enum: + - tls-pem + - tls-pkcs12 + - kerberos + nullable: true + type: string + secretClassName: + description: The name of the SecretClass that the request concerns. + type: string + required: + - secretClassName + type: object + required: + - spec + title: TrustStore + type: object + served: true + storage: true + subresources: {} + - additionalPrinterColumns: [] + name: v1alpha1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for TrustStoreSpec via `CustomResource` + properties: + spec: + description: |- + A [TrustStore](https://docs.stackable.tech/home/nightly/secret-operator/truststore) requests information about how to validate secrets issued by a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass). + + The requested information is written to a ConfigMap with the same name as the TrustStore. + properties: + format: + description: The [format](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#format) that the data should be converted into. + enum: + - tls-pem + - tls-pkcs12 + - kerberos + nullable: true + type: string + secretClassName: + description: The name of the SecretClass that the request concerns. + type: string + required: + - secretClassName + type: object + required: + - spec + title: TrustStore + type: object + served: true + storage: false + subresources: {} From 5b29a389b889c931f7ab348ad904dec8f625ad7b Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 12:56:47 +0200 Subject: [PATCH 08/19] chore: Enable trace console logging in Tiltfile --- Tiltfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Tiltfile b/Tiltfile index 9f2eacc9..110f26cc 100644 --- a/Tiltfile +++ b/Tiltfile @@ -28,5 +28,6 @@ k8s_yaml(helm( namespace="stackable-operators", set=[ 'image.repository=' + registry + '/' + operator_name, + 'telemetry.consoleLog.level=trace,h2=off', ], )) From b6ac8a1454fba78987f895786a36afba532cd689 Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 13:29:43 +0200 Subject: [PATCH 09/19] chore: Remove commented-out macro argument --- rust/operator-binary/src/crd/mod.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index 3fa6bf14..7178e76e 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -110,7 +110,6 @@ pub mod versioned { IfPodIsInNamespace { namespace: String }, } - // #[versioned(skip(from))] #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct AutoTlsBackend { From 5935ac1dbd9406b7d8510bca6702e93935ac33ec Mon Sep 17 00:00:00 2001 From: Techassi Date: Fri, 5 Sep 2025 14:44:17 +0200 Subject: [PATCH 10/19] chore: Separate SecretClass and TrustStore specs --- crds.yaml | 35 +- rust/operator-binary/src/crd/mod.rs | 443 +----------------- .../src/crd/secret_class/mod.rs | 424 +++++++++++++++++ .../crd/{ => secret_class}/v1alpha1_impl.rs | 2 +- .../crd/{ => secret_class}/v1alpha2_impl.rs | 0 .../src/crd/trust_store/mod.rs | 35 ++ rust/operator-binary/src/main.rs | 2 +- .../src/truststore_controller.rs | 12 +- .../src/webhooks/conversion.rs | 2 +- 9 files changed, 481 insertions(+), 474 deletions(-) create mode 100644 rust/operator-binary/src/crd/secret_class/mod.rs rename rust/operator-binary/src/crd/{ => secret_class}/v1alpha1_impl.rs (99%) rename rust/operator-binary/src/crd/{ => secret_class}/v1alpha2_impl.rs (100%) create mode 100644 rust/operator-binary/src/crd/trust_store/mod.rs diff --git a/crds.yaml b/crds.yaml index 9837829b..b4978210 100644 --- a/crds.yaml +++ b/crds.yaml @@ -708,39 +708,6 @@ spec: singular: truststore scope: Namespaced versions: - - additionalPrinterColumns: [] - name: v1alpha2 - schema: - openAPIV3Schema: - description: Auto-generated derived type for TrustStoreSpec via `CustomResource` - properties: - spec: - description: |- - A [TrustStore](https://docs.stackable.tech/home/nightly/secret-operator/truststore) requests information about how to validate secrets issued by a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass). - - The requested information is written to a ConfigMap with the same name as the TrustStore. - properties: - format: - description: The [format](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#format) that the data should be converted into. - enum: - - tls-pem - - tls-pkcs12 - - kerberos - nullable: true - type: string - secretClassName: - description: The name of the SecretClass that the request concerns. - type: string - required: - - secretClassName - type: object - required: - - spec - title: TrustStore - type: object - served: true - storage: true - subresources: {} - additionalPrinterColumns: [] name: v1alpha1 schema: @@ -772,5 +739,5 @@ spec: title: TrustStore type: object served: true - storage: false + storage: true subresources: {} diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index 7178e76e..27aa29ec 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -2,334 +2,24 @@ use std::{fmt::Display, ops::Deref}; use serde::{Deserialize, Serialize}; use snafu::Snafu; -use stackable_operator::{ - commons::networking::{HostName, KerberosRealmName}, - kube::CustomResource, - schemars::{self, JsonSchema}, - shared::time::Duration, - versioned::versioned, -}; -use stackable_secret_operator_crd_utils::{ConfigMapReference, SecretReference}; +use stackable_operator::schemars::{self, JsonSchema}; -use crate::format::SecretFormat; +mod secret_class; +mod trust_store; -mod v1alpha1_impl; -mod v1alpha2_impl; - -#[versioned( - version(name = "v1alpha1"), - version(name = "v1alpha2"), - crates( - kube_core = "stackable_operator::kube::core", - kube_client = "stackable_operator::kube::client", - k8s_openapi = "stackable_operator::k8s_openapi", - schemars = "stackable_operator::schemars", - versioned = "stackable_operator::versioned" - ), - options(k8s(enable_tracing)) -)] -pub mod versioned { - /// A [SecretClass](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass) is a cluster-global Kubernetes resource - /// that defines a category of secrets that the Secret Operator knows how to provision. - #[versioned(crd(group = "secrets.stackable.tech"))] - #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct SecretClassSpec { - /// Each SecretClass is associated with a single - /// [backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend), - /// which dictates the mechanism for issuing that kind of Secret. - pub backend: SecretClassBackend, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - #[allow(clippy::large_enum_variant)] - pub enum SecretClassBackend { - /// The [`k8sSearch` backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-k8ssearch) - /// can be used to mount Secrets across namespaces into Pods. - K8sSearch(K8sSearchBackend), - - /// The [`autoTls` backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-autotls) - /// issues a TLS certificate signed by the Secret Operator. - /// The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator. - /// - /// A new certificate and key pair will be generated and signed for each Pod, keys or certificates are never reused. - AutoTls(AutoTlsBackend), - - /// The [`experimentalCertManager` backend][1] injects a TLS certificate issued - /// by [cert-manager](https://cert-manager.io/). - /// - /// A new certificate will be requested the first time it is used by a Pod, it - /// will be reused after that (subject to cert-manager renewal rules). - /// - /// [1]: DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-certmanager - #[serde(rename = "experimentalCertManager")] - CertManager(CertManagerBackend), - - /// The [`kerberosKeytab` backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-kerberoskeytab) - /// creates a Kerberos keytab file for a selected realm. - /// The Kerberos KDC and administrator credentials must be provided by the administrator. - KerberosKeytab(KerberosKeytabBackend), - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct K8sSearchBackend { - /// Configures the namespace searched for Secret objects. - pub search_namespace: SearchNamespace, - - /// Name of a ConfigMap that contains the information required to validate against this SecretClass. - /// - /// Resolved relative to `search_namespace`. - /// - /// Required to request a TrustStore for this SecretClass. - pub trust_store_config_map_name: Option, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, Hash, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub enum SearchNamespace { - /// The Secret objects are located in the same namespace as the Pod object. - /// Should be used for Secrets that are provisioned by the application administrator. - Pod {}, - - /// The Secret objects are located in a single global namespace. - /// Should be used for secrets that are provisioned by the cluster administrator. - Name(String), - } - - /// A partially evaluated match returned by [`SearchNamespace::matches_namespace`]. - /// Use [`Self::matches_pod_namespace`] to evaluate fully. - #[derive(Debug)] - pub enum SearchNamespaceMatchCondition { - /// The target object matches the search namespace. - True, - - /// The target object only matches the search namespace if mounted into a pod in - /// `namespace`. - IfPodIsInNamespace { namespace: String }, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct AutoTlsBackend { - /// Configures the certificate authority used to issue Pod certificates. - pub ca: AutoTlsCa, - - /// Additional trust roots which are added to the provided `ca.crt` file. - #[versioned(hint(vec))] - #[serde(default)] - pub additional_trust_roots: Vec, - - /// Maximum lifetime the created certificates are allowed to have. - /// In case consumers request a longer lifetime than allowed by this setting, - /// the lifetime will be the minimum of both, so this setting takes precedence. - /// The default value is 15 days. - #[serde(default = "v1alpha2::AutoTlsBackend::default_max_certificate_lifetime")] - pub max_certificate_lifetime: Duration, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct AutoTlsCa { - /// Reference (name and namespace) to a Kubernetes Secret object where the CA certificate - /// and key is stored in the keys `ca.crt` and `ca.key` respectively. - pub secret: SecretReference, - - /// Whether the certificate authority should be managed by Secret Operator, including being generated - /// if it does not already exist. - // TODO: Consider renaming to `manage` for v1alpha2 - #[serde(default)] - pub auto_generate: bool, - - /// The lifetime of each generated certificate authority. - /// - /// Should always be more than double `maxCertificateLifetime`. - /// - /// If `autoGenerate: true` then the Secret Operator will prepare a new CA certificate the old CA approaches expiration. - /// If `autoGenerate: false` then the Secret Operator will log a warning instead. - #[serde(default = "v1alpha2::AutoTlsCa::default_ca_certificate_lifetime")] - pub ca_certificate_lifetime: Duration, - - /// The algorithm used to generate a key pair and required configuration settings. - /// Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. - #[serde(default)] - pub key_generation: CertificateKeyGeneration, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub enum AdditionalTrustRoot { - /// Reference (name and namespace) to a Kubernetes ConfigMap object where additional - /// certificates are stored. - /// The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack - /// of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER - /// certificate. - ConfigMap(ConfigMapReference), - - /// Reference (name and namespace) to a Kubernetes Secret object where additional certificates - /// are stored. - /// The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack - /// of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER - /// certificate. - Secret(SecretReference), - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub enum CertificateKeyGeneration { - Rsa { - /// The amount of bits used for generating the RSA keypair. - /// Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. - #[schemars(schema_with = "v1alpha2::CertificateKeyGeneration::tls_key_length_schema")] - length: u32, - }, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct CertManagerBackend { - /// A reference to the cert-manager issuer that the certificates should be requested from. - pub issuer: CertManagerIssuer, - - /// The default lifetime of certificates. - /// - /// Defaults to 1 day. This may need to be increased for external issuers that impose rate limits (such as Let's Encrypt). - #[serde(default = "v1alpha2::CertManagerBackend::default_certificate_lifetime")] - pub default_certificate_lifetime: Duration, - - /// The algorithm used to generate a key pair and required configuration settings. - /// Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. - #[serde(default)] - pub key_generation: CertificateKeyGeneration, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct CertManagerIssuer { - /// The kind of the issuer, Issuer or ClusterIssuer. - /// - /// If Issuer then it must be in the same namespace as the Pods using it. - pub kind: CertManagerIssuerKind, - - /// The name of the issuer. - pub name: String, - } - - #[derive(Serialize, Deserialize, Clone, Copy, Debug, PartialEq, JsonSchema, strum::Display)] - pub enum CertManagerIssuerKind { - /// An [Issuer](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Issuer) in the same namespace as the Pod. - Issuer, - - /// A cluster-scoped [ClusterIssuer](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer). - ClusterIssuer, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct KerberosKeytabBackend { - /// The name of the Kerberos realm. This should be provided by the Kerberos administrator. - pub realm_name: KerberosRealmName, - - /// The hostname of the Kerberos Key Distribution Center (KDC). - /// This should be provided by the Kerberos administrator. - pub kdc: HostName, - - /// Kerberos admin configuration settings. - pub admin: KerberosKeytabBackendAdmin, - - /// Reference (`name` and `namespace`) to a K8s Secret object where a - /// keytab with administrative privileges is stored in the key `keytab`. - pub admin_keytab_secret: SecretReference, - - /// The admin principal. - pub admin_principal: KerberosPrincipal, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub enum KerberosKeytabBackendAdmin { - /// Credentials should be provisioned in a MIT Kerberos Admin Server. - Mit(KerberosKeytabBackendMit), - - /// Credentials should be provisioned in a Microsoft Active Directory domain. - ActiveDirectory(KerberosKeytabBackendActiveDirectory), - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct KerberosKeytabBackendMit { - /// The hostname of the Kerberos Admin Server. - /// This should be provided by the Kerberos administrator. - kadmin_server: HostName, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct KerberosKeytabBackendActiveDirectory { - /// An AD LDAP server, such as the AD Domain Controller. - /// This must match the server’s FQDN, or GSSAPI authentication will fail. - ldap_server: HostName, - - /// Reference (name and namespace) to a Kubernetes Secret object containing - /// the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. - ldap_tls_ca_secret: SecretReference, - - /// Reference (name and namespace) to a Kubernetes Secret object where workload - /// passwords will be stored. This must not be accessible to end users. - password_cache_secret: SecretReference, - - /// The root Distinguished Name (DN) where service accounts should be provisioned, - /// typically `CN=Users,{domain_dn}`. - user_distinguished_name: String, - - /// The root Distinguished Name (DN) for AD-managed schemas, - /// typically `CN=Schema,CN=Configuration,{domain_dn}`. - schema_distinguished_name: String, - - /// Allows samAccountName generation for new accounts to be customized. - /// Note that setting this field (even if empty) makes the Secret Operator take - /// over the generation duty from the domain controller. - #[versioned( - changed( - since = "v1alpha2", - from_name = "experimental_generate_sam_account_name" - ), - hint(option) - )] - generate_sam_account_name: Option, - } - - #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct ActiveDirectorySamAccountNameRules { - /// A prefix to be prepended to generated samAccountNames. - #[serde(default)] - pub prefix: String, - /// The total length of generated samAccountNames, _including_ `prefix`. - /// Must be larger than the length of `prefix`, but at most `20`. - /// - /// Note that this should be as large as possible, to minimize the risk of collisions. - #[serde(default = "v1alpha2::ActiveDirectorySamAccountNameRules::default_total_length")] - pub total_length: u8, - } +pub mod v1alpha1 { + // NOTE (@Techassi): SecretClass v1alpha1 is unused and as such not exported. + pub use crate::crd::trust_store::v1alpha1::*; +} - /// A [TrustStore](DOCS_BASE_URL_PLACEHOLDER/secret-operator/truststore) requests information about how to - /// validate secrets issued by a [SecretClass](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass). - /// - /// The requested information is written to a ConfigMap with the same name as the TrustStore. - #[versioned(crd(group = "secrets.stackable.tech", namespaced))] - #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] - #[serde(rename_all = "camelCase")] - pub struct TrustStoreSpec { - /// The name of the SecretClass that the request concerns. - pub secret_class_name: String, +pub use secret_class::{SecretClass, SecretClassVersion}; - /// The [format](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#format) that the data should be converted into. - pub format: Option, - } +pub mod v1alpha2 { + pub use crate::crd::secret_class::v1alpha2::*; } +pub use trust_store::{TrustStore, TrustStoreVersion}; + #[derive(Debug, Snafu)] #[snafu(module)] pub enum InvalidKerberosPrincipal { @@ -386,112 +76,3 @@ impl Deref for KerberosPrincipal { &self.0 } } - -#[cfg(test)] -mod test { - use super::*; - use crate::{ - backend::tls::{DEFAULT_CA_CERT_LIFETIME, DEFAULT_MAX_CERT_LIFETIME}, - crd::v1alpha2::{ - AdditionalTrustRoot, AutoTlsBackend, AutoTlsCa, CertificateKeyGeneration, SecretClass, - SecretClassBackend, SecretClassSpec, - }, - }; - - #[test] - fn test_deserialization() { - let input: &str = r#" - apiVersion: secrets.stackable.tech/v1alpha1 - kind: SecretClass - metadata: - name: tls - spec: - backend: - autoTls: - ca: - secret: - name: secret-provisioner-tls-ca - namespace: default - keyGeneration: - rsa: - length: 3072 - "#; - let deserializer = serde_yaml::Deserializer::from_str(input); - let secret_class: SecretClass = - serde_yaml::with::singleton_map_recursive::deserialize(deserializer).unwrap(); - assert_eq!( - secret_class.spec, - SecretClassSpec { - backend: SecretClassBackend::AutoTls(AutoTlsBackend { - ca: AutoTlsCa { - secret: SecretReference { - name: "secret-provisioner-tls-ca".to_string(), - namespace: "default".to_string(), - }, - auto_generate: false, - ca_certificate_lifetime: DEFAULT_CA_CERT_LIFETIME, - key_generation: CertificateKeyGeneration::Rsa { - length: CertificateKeyGeneration::RSA_KEY_LENGTH_3072 - } - }, - additional_trust_roots: vec![], - max_certificate_lifetime: DEFAULT_MAX_CERT_LIFETIME, - }) - } - ); - - let input: &str = r#" - apiVersion: secrets.stackable.tech/v1alpha1 - kind: SecretClass - metadata: - name: tls - spec: - backend: - autoTls: - ca: - secret: - name: secret-provisioner-tls-ca - namespace: default - autoGenerate: true - caCertificateLifetime: 100d - additionalTrustRoots: - - configMap: - name: tls-root-ca-config-map - namespace: default - - secret: - name: tls-root-ca-secret - namespace: default - maxCertificateLifetime: 31d - "#; - let deserializer = serde_yaml::Deserializer::from_str(input); - let secret_class: SecretClass = - serde_yaml::with::singleton_map_recursive::deserialize(deserializer).unwrap(); - assert_eq!( - secret_class.spec, - SecretClassSpec { - backend: SecretClassBackend::AutoTls(AutoTlsBackend { - ca: AutoTlsCa { - secret: SecretReference { - name: "secret-provisioner-tls-ca".to_string(), - namespace: "default".to_string(), - }, - auto_generate: true, - ca_certificate_lifetime: Duration::from_days_unchecked(100), - key_generation: CertificateKeyGeneration::default() - }, - additional_trust_roots: vec![ - AdditionalTrustRoot::ConfigMap(ConfigMapReference { - name: "tls-root-ca-config-map".to_string(), - namespace: "default".to_string(), - }), - AdditionalTrustRoot::Secret(SecretReference { - name: "tls-root-ca-secret".to_string(), - namespace: "default".to_string(), - }) - ], - max_certificate_lifetime: Duration::from_days_unchecked(31), - }) - } - ); - } -} diff --git a/rust/operator-binary/src/crd/secret_class/mod.rs b/rust/operator-binary/src/crd/secret_class/mod.rs new file mode 100644 index 00000000..a17ba3b4 --- /dev/null +++ b/rust/operator-binary/src/crd/secret_class/mod.rs @@ -0,0 +1,424 @@ +use serde::{Deserialize, Serialize}; +use stackable_operator::{ + commons::networking::{HostName, KerberosRealmName}, + kube::CustomResource, + schemars::{self, JsonSchema}, + shared::time::Duration, + versioned::versioned, +}; +use stackable_secret_operator_crd_utils::{ConfigMapReference, SecretReference}; + +use crate::crd::KerberosPrincipal; + +mod v1alpha1_impl; +mod v1alpha2_impl; + +#[versioned( + version(name = "v1alpha1"), + version(name = "v1alpha2"), + crates( + kube_core = "stackable_operator::kube::core", + kube_client = "stackable_operator::kube::client", + k8s_openapi = "stackable_operator::k8s_openapi", + schemars = "stackable_operator::schemars", + versioned = "stackable_operator::versioned" + ), + options(k8s(enable_tracing)) +)] +pub mod versioned { + /// A [SecretClass](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass) is a cluster-global Kubernetes resource + /// that defines a category of secrets that the Secret Operator knows how to provision. + #[versioned(crd(group = "secrets.stackable.tech"))] + #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct SecretClassSpec { + /// Each SecretClass is associated with a single + /// [backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend), + /// which dictates the mechanism for issuing that kind of Secret. + pub backend: SecretClassBackend, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + #[allow(clippy::large_enum_variant)] + pub enum SecretClassBackend { + /// The [`k8sSearch` backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-k8ssearch) + /// can be used to mount Secrets across namespaces into Pods. + K8sSearch(K8sSearchBackend), + + /// The [`autoTls` backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-autotls) + /// issues a TLS certificate signed by the Secret Operator. + /// The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator. + /// + /// A new certificate and key pair will be generated and signed for each Pod, keys or certificates are never reused. + AutoTls(AutoTlsBackend), + + /// The [`experimentalCertManager` backend][1] injects a TLS certificate issued + /// by [cert-manager](https://cert-manager.io/). + /// + /// A new certificate will be requested the first time it is used by a Pod, it + /// will be reused after that (subject to cert-manager renewal rules). + /// + /// [1]: DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-certmanager + #[serde(rename = "experimentalCertManager")] + CertManager(CertManagerBackend), + + /// The [`kerberosKeytab` backend](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#backend-kerberoskeytab) + /// creates a Kerberos keytab file for a selected realm. + /// The Kerberos KDC and administrator credentials must be provided by the administrator. + KerberosKeytab(KerberosKeytabBackend), + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct K8sSearchBackend { + /// Configures the namespace searched for Secret objects. + pub search_namespace: SearchNamespace, + + /// Name of a ConfigMap that contains the information required to validate against this SecretClass. + /// + /// Resolved relative to `search_namespace`. + /// + /// Required to request a TrustStore for this SecretClass. + pub trust_store_config_map_name: Option, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, Hash, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub enum SearchNamespace { + /// The Secret objects are located in the same namespace as the Pod object. + /// Should be used for Secrets that are provisioned by the application administrator. + Pod {}, + + /// The Secret objects are located in a single global namespace. + /// Should be used for secrets that are provisioned by the cluster administrator. + Name(String), + } + + /// A partially evaluated match returned by [`SearchNamespace::matches_namespace`]. + /// Use [`Self::matches_pod_namespace`] to evaluate fully. + #[derive(Debug)] + pub enum SearchNamespaceMatchCondition { + /// The target object matches the search namespace. + True, + + /// The target object only matches the search namespace if mounted into a pod in + /// `namespace`. + IfPodIsInNamespace { namespace: String }, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct AutoTlsBackend { + /// Configures the certificate authority used to issue Pod certificates. + pub ca: AutoTlsCa, + + /// Additional trust roots which are added to the provided `ca.crt` file. + #[versioned(hint(vec))] + #[serde(default)] + pub additional_trust_roots: Vec, + + /// Maximum lifetime the created certificates are allowed to have. + /// In case consumers request a longer lifetime than allowed by this setting, + /// the lifetime will be the minimum of both, so this setting takes precedence. + /// The default value is 15 days. + #[serde(default = "v1alpha2::AutoTlsBackend::default_max_certificate_lifetime")] + pub max_certificate_lifetime: Duration, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct AutoTlsCa { + /// Reference (name and namespace) to a Kubernetes Secret object where the CA certificate + /// and key is stored in the keys `ca.crt` and `ca.key` respectively. + pub secret: SecretReference, + + /// Whether the certificate authority should be managed by Secret Operator, including being generated + /// if it does not already exist. + // TODO: Consider renaming to `manage` for v1alpha2 + #[serde(default)] + pub auto_generate: bool, + + /// The lifetime of each generated certificate authority. + /// + /// Should always be more than double `maxCertificateLifetime`. + /// + /// If `autoGenerate: true` then the Secret Operator will prepare a new CA certificate the old CA approaches expiration. + /// If `autoGenerate: false` then the Secret Operator will log a warning instead. + #[serde(default = "v1alpha2::AutoTlsCa::default_ca_certificate_lifetime")] + pub ca_certificate_lifetime: Duration, + + /// The algorithm used to generate a key pair and required configuration settings. + /// Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. + #[serde(default)] + pub key_generation: CertificateKeyGeneration, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub enum AdditionalTrustRoot { + /// Reference (name and namespace) to a Kubernetes ConfigMap object where additional + /// certificates are stored. + /// The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack + /// of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER + /// certificate. + ConfigMap(ConfigMapReference), + + /// Reference (name and namespace) to a Kubernetes Secret object where additional certificates + /// are stored. + /// The extensions of the keys denote its contents: A key suffixed with `.crt` contains a stack + /// of base64 encoded DER certificates, a key suffixed with `.der` contains a binary DER + /// certificate. + Secret(SecretReference), + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub enum CertificateKeyGeneration { + Rsa { + /// The amount of bits used for generating the RSA keypair. + /// Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits. + #[schemars(schema_with = "v1alpha2::CertificateKeyGeneration::tls_key_length_schema")] + length: u32, + }, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct CertManagerBackend { + /// A reference to the cert-manager issuer that the certificates should be requested from. + pub issuer: CertManagerIssuer, + + /// The default lifetime of certificates. + /// + /// Defaults to 1 day. This may need to be increased for external issuers that impose rate limits (such as Let's Encrypt). + #[serde(default = "v1alpha2::CertManagerBackend::default_certificate_lifetime")] + pub default_certificate_lifetime: Duration, + + /// The algorithm used to generate a key pair and required configuration settings. + /// Currently only RSA and a key length of 2048, 3072 or 4096 bits can be configured. + #[serde(default)] + pub key_generation: CertificateKeyGeneration, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct CertManagerIssuer { + /// The kind of the issuer, Issuer or ClusterIssuer. + /// + /// If Issuer then it must be in the same namespace as the Pods using it. + pub kind: CertManagerIssuerKind, + + /// The name of the issuer. + pub name: String, + } + + #[derive(Serialize, Deserialize, Clone, Copy, Debug, PartialEq, JsonSchema, strum::Display)] + pub enum CertManagerIssuerKind { + /// An [Issuer](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Issuer) in the same namespace as the Pod. + Issuer, + + /// A cluster-scoped [ClusterIssuer](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer). + ClusterIssuer, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct KerberosKeytabBackend { + /// The name of the Kerberos realm. This should be provided by the Kerberos administrator. + pub realm_name: KerberosRealmName, + + /// The hostname of the Kerberos Key Distribution Center (KDC). + /// This should be provided by the Kerberos administrator. + pub kdc: HostName, + + /// Kerberos admin configuration settings. + pub admin: KerberosKeytabBackendAdmin, + + /// Reference (`name` and `namespace`) to a K8s Secret object where a + /// keytab with administrative privileges is stored in the key `keytab`. + pub admin_keytab_secret: SecretReference, + + /// The admin principal. + pub admin_principal: KerberosPrincipal, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub enum KerberosKeytabBackendAdmin { + /// Credentials should be provisioned in a MIT Kerberos Admin Server. + Mit(KerberosKeytabBackendMit), + + /// Credentials should be provisioned in a Microsoft Active Directory domain. + ActiveDirectory(KerberosKeytabBackendActiveDirectory), + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct KerberosKeytabBackendMit { + /// The hostname of the Kerberos Admin Server. + /// This should be provided by the Kerberos administrator. + kadmin_server: HostName, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct KerberosKeytabBackendActiveDirectory { + /// An AD LDAP server, such as the AD Domain Controller. + /// This must match the server’s FQDN, or GSSAPI authentication will fail. + ldap_server: HostName, + + /// Reference (name and namespace) to a Kubernetes Secret object containing + /// the TLS CA (in `ca.crt`) that the LDAP server’s certificate should be authenticated against. + ldap_tls_ca_secret: SecretReference, + + /// Reference (name and namespace) to a Kubernetes Secret object where workload + /// passwords will be stored. This must not be accessible to end users. + password_cache_secret: SecretReference, + + /// The root Distinguished Name (DN) where service accounts should be provisioned, + /// typically `CN=Users,{domain_dn}`. + user_distinguished_name: String, + + /// The root Distinguished Name (DN) for AD-managed schemas, + /// typically `CN=Schema,CN=Configuration,{domain_dn}`. + schema_distinguished_name: String, + + /// Allows samAccountName generation for new accounts to be customized. + /// Note that setting this field (even if empty) makes the Secret Operator take + /// over the generation duty from the domain controller. + #[versioned( + changed( + since = "v1alpha2", + from_name = "experimental_generate_sam_account_name" + ), + hint(option) + )] + generate_sam_account_name: Option, + } + + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct ActiveDirectorySamAccountNameRules { + /// A prefix to be prepended to generated samAccountNames. + #[serde(default)] + pub prefix: String, + /// The total length of generated samAccountNames, _including_ `prefix`. + /// Must be larger than the length of `prefix`, but at most `20`. + /// + /// Note that this should be as large as possible, to minimize the risk of collisions. + #[serde(default = "v1alpha2::ActiveDirectorySamAccountNameRules::default_total_length")] + pub total_length: u8, + } +} + +#[cfg(test)] +mod test { + use stackable_operator::shared::time::Duration; + use stackable_secret_operator_crd_utils::{ConfigMapReference, SecretReference}; + + use crate::{ + backend::tls::{DEFAULT_CA_CERT_LIFETIME, DEFAULT_MAX_CERT_LIFETIME}, + crd::v1alpha2::{ + AdditionalTrustRoot, AutoTlsBackend, AutoTlsCa, CertificateKeyGeneration, SecretClass, + SecretClassBackend, SecretClassSpec, + }, + }; + + #[test] + fn test_deserialization() { + let input: &str = r#" + apiVersion: secrets.stackable.tech/v1alpha1 + kind: SecretClass + metadata: + name: tls + spec: + backend: + autoTls: + ca: + secret: + name: secret-provisioner-tls-ca + namespace: default + keyGeneration: + rsa: + length: 3072 + "#; + let deserializer = serde_yaml::Deserializer::from_str(input); + let secret_class: SecretClass = + serde_yaml::with::singleton_map_recursive::deserialize(deserializer).unwrap(); + assert_eq!( + secret_class.spec, + SecretClassSpec { + backend: SecretClassBackend::AutoTls(AutoTlsBackend { + ca: AutoTlsCa { + secret: SecretReference { + name: "secret-provisioner-tls-ca".to_string(), + namespace: "default".to_string(), + }, + auto_generate: false, + ca_certificate_lifetime: DEFAULT_CA_CERT_LIFETIME, + key_generation: CertificateKeyGeneration::Rsa { + length: CertificateKeyGeneration::RSA_KEY_LENGTH_3072 + } + }, + additional_trust_roots: vec![], + max_certificate_lifetime: DEFAULT_MAX_CERT_LIFETIME, + }) + } + ); + + let input: &str = r#" + apiVersion: secrets.stackable.tech/v1alpha1 + kind: SecretClass + metadata: + name: tls + spec: + backend: + autoTls: + ca: + secret: + name: secret-provisioner-tls-ca + namespace: default + autoGenerate: true + caCertificateLifetime: 100d + additionalTrustRoots: + - configMap: + name: tls-root-ca-config-map + namespace: default + - secret: + name: tls-root-ca-secret + namespace: default + maxCertificateLifetime: 31d + "#; + let deserializer = serde_yaml::Deserializer::from_str(input); + let secret_class: SecretClass = + serde_yaml::with::singleton_map_recursive::deserialize(deserializer).unwrap(); + assert_eq!( + secret_class.spec, + SecretClassSpec { + backend: SecretClassBackend::AutoTls(AutoTlsBackend { + ca: AutoTlsCa { + secret: SecretReference { + name: "secret-provisioner-tls-ca".to_string(), + namespace: "default".to_string(), + }, + auto_generate: true, + ca_certificate_lifetime: Duration::from_days_unchecked(100), + key_generation: CertificateKeyGeneration::default() + }, + additional_trust_roots: vec![ + AdditionalTrustRoot::ConfigMap(ConfigMapReference { + name: "tls-root-ca-config-map".to_string(), + namespace: "default".to_string(), + }), + AdditionalTrustRoot::Secret(SecretReference { + name: "tls-root-ca-secret".to_string(), + namespace: "default".to_string(), + }) + ], + max_certificate_lifetime: Duration::from_days_unchecked(31), + }) + } + ); + } +} diff --git a/rust/operator-binary/src/crd/v1alpha1_impl.rs b/rust/operator-binary/src/crd/secret_class/v1alpha1_impl.rs similarity index 99% rename from rust/operator-binary/src/crd/v1alpha1_impl.rs rename to rust/operator-binary/src/crd/secret_class/v1alpha1_impl.rs index 199c75fe..8f1d0814 100644 --- a/rust/operator-binary/src/crd/v1alpha1_impl.rs +++ b/rust/operator-binary/src/crd/secret_class/v1alpha1_impl.rs @@ -4,7 +4,7 @@ use stackable_operator::{ schemars::{self, schema::Schema}, }; -use crate::crd::v1alpha1::{ +use crate::crd::secret_class::v1alpha1::{ CertificateKeyGeneration, SearchNamespace, SearchNamespaceMatchCondition, SecretClassBackend, }; diff --git a/rust/operator-binary/src/crd/v1alpha2_impl.rs b/rust/operator-binary/src/crd/secret_class/v1alpha2_impl.rs similarity index 100% rename from rust/operator-binary/src/crd/v1alpha2_impl.rs rename to rust/operator-binary/src/crd/secret_class/v1alpha2_impl.rs diff --git a/rust/operator-binary/src/crd/trust_store/mod.rs b/rust/operator-binary/src/crd/trust_store/mod.rs new file mode 100644 index 00000000..3c1b49e5 --- /dev/null +++ b/rust/operator-binary/src/crd/trust_store/mod.rs @@ -0,0 +1,35 @@ +use serde::{Deserialize, Serialize}; +use stackable_operator::{ + kube::CustomResource, + schemars::{self, JsonSchema}, + versioned::versioned, +}; + +use crate::format::SecretFormat; + +#[versioned( + version(name = "v1alpha1"), + crates( + kube_core = "stackable_operator::kube::core", + kube_client = "stackable_operator::kube::client", + k8s_openapi = "stackable_operator::k8s_openapi", + schemars = "stackable_operator::schemars", + versioned = "stackable_operator::versioned" + ) +)] +pub mod versioned { + /// A [TrustStore](DOCS_BASE_URL_PLACEHOLDER/secret-operator/truststore) requests information about how to + /// validate secrets issued by a [SecretClass](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass). + /// + /// The requested information is written to a ConfigMap with the same name as the TrustStore. + #[versioned(crd(group = "secrets.stackable.tech", namespaced))] + #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)] + #[serde(rename_all = "camelCase")] + pub struct TrustStoreSpec { + /// The name of the SecretClass that the request concerns. + pub secret_class_name: String, + + /// The [format](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#format) that the data should be converted into. + pub format: Option, + } +} diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index f61396ec..72fb7a57 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -76,7 +76,7 @@ async fn main() -> anyhow::Result<()> { stackable_operator::cli::Command::Crd => { SecretClass::merged_crd(crd::SecretClassVersion::V1Alpha2)? .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; - TrustStore::merged_crd(crd::TrustStoreVersion::V1Alpha2)? + TrustStore::merged_crd(crd::TrustStoreVersion::V1Alpha1)? .print_yaml_schema(built_info::PKG_VERSION, SerializeOptions::default())?; } stackable_operator::cli::Command::Run(SecretOperatorRun { diff --git a/rust/operator-binary/src/truststore_controller.rs b/rust/operator-binary/src/truststore_controller.rs index 96eed4c4..b95a02be 100644 --- a/rust/operator-binary/src/truststore_controller.rs +++ b/rust/operator-binary/src/truststore_controller.rs @@ -32,7 +32,7 @@ use strum::{EnumDiscriminants, IntoStaticStr}; use crate::{ OPERATOR_NAME, backend::{self, SecretBackendError, TrustSelector}, - crd::v1alpha2, + crd::{v1alpha1, v1alpha2}, format::{ self, well_known::{CompatibilityOptions, NamingOptions}, @@ -46,7 +46,7 @@ const FULL_CONTROLLER_NAME: &str = concatcp!(CONTROLLER_NAME, ".", OPERATOR_NAME pub async fn start(client: &stackable_operator::client::Client, watch_namespace: &WatchNamespace) { let (secretclasses, secretclasses_writer) = reflector::store(); let controller = Controller::new( - watch_namespace.get_api::>(client), + watch_namespace.get_api::>(client), watcher::Config::default(), ); let truststores = controller.store(); @@ -122,10 +122,10 @@ pub async fn start(client: &stackable_operator::client::Client, watch_namespace: /// Resolves modifications to dependencies of [`v1alpha2::SecretClass`] objects into /// a list of affected [`v1alpha2::TrustStore`]s. fn secretclass_dependency_watch_mapper( - truststores: reflector::Store>, + truststores: reflector::Store>, secretclasses: reflector::Store>, reference_conditions: impl Copy + Fn(&v1alpha2::SecretClass, &Dep) -> Conds, -) -> impl Fn(Dep) -> Vec>> +) -> impl Fn(Dep) -> Vec>> where Conds: IntoIterator, { @@ -238,7 +238,7 @@ struct Ctx { } async fn reconcile( - truststore: Arc>, + truststore: Arc>, ctx: Arc, ) -> Result { let truststore = truststore @@ -308,7 +308,7 @@ async fn reconcile( } fn error_policy( - _obj: Arc>, + _obj: Arc>, _error: &Error, _ctx: Arc, ) -> controller::Action { diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs index dee79f17..6b587d3e 100644 --- a/rust/operator-binary/src/webhooks/conversion.rs +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -23,7 +23,7 @@ pub async fn conversion_webhook( SecretClass::try_convert as fn(_) -> _, ), ( - TrustStore::merged_crd(TrustStoreVersion::V1Alpha2)?, + TrustStore::merged_crd(TrustStoreVersion::V1Alpha1)?, TrustStore::try_convert as fn(_) -> _, ), ]; From 2c405104150391cd9d2ec24e1e4faf727def440d Mon Sep 17 00:00:00 2001 From: Techassi Date: Tue, 9 Sep 2025 10:14:10 +0200 Subject: [PATCH 11/19] chore: Move generated CRDs into folder --- Makefile | 3 ++- crds.yaml => extra/crds.yaml | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename crds.yaml => extra/crds.yaml (100%) diff --git a/Makefile b/Makefile index 7f5aadb5..9afd741a 100644 --- a/Makefile +++ b/Makefile @@ -119,7 +119,8 @@ config: # We generate a crds.yaml, so that the effect of code changes are visible. # The operator will take care of the CRD rollout itself. crds: - cargo run --bin stackable-"${OPERATOR_NAME}" -- crd > crds.yaml + mkdir -p extra + cargo run --bin stackable-"${OPERATOR_NAME}" -- crd > extra/crds.yaml chart-lint: compile-chart docker run -it -v $(shell pwd):/build/helm-charts -w /build/helm-charts quay.io/helmpack/chart-testing:v3.5.0 ct lint --config deploy/helm/ct.yaml diff --git a/crds.yaml b/extra/crds.yaml similarity index 100% rename from crds.yaml rename to extra/crds.yaml From 2ea20607c618aa891772891c79c496f756d32bae Mon Sep 17 00:00:00 2001 From: Techassi Date: Tue, 9 Sep 2025 10:15:26 +0200 Subject: [PATCH 12/19] chore: Use main branch for stackable-operator --- Cargo.lock | 24 ++++++++++++------------ Cargo.nix | 43 ++++++++++++++++++++++--------------------- Cargo.toml | 2 +- crate-hashes.json | 18 +++++++++--------- 4 files changed, 44 insertions(+), 43 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f191a6f0..50eb8445 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1740,7 +1740,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "darling 0.21.3", "regex", @@ -2634,7 +2634,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac6c3320f9abac597dcbc668774ef006702672474aad53c6d596b62e487b40b1" dependencies = [ "heck", - "itertools 0.14.0", + "itertools 0.13.0", "log", "multimap", "once_cell", @@ -2656,7 +2656,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d" dependencies = [ "anyhow", - "itertools 0.14.0", + "itertools 0.13.0", "proc-macro2", "quote", "syn 2.0.106", @@ -2669,7 +2669,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425" dependencies = [ "anyhow", - "itertools 0.14.0", + "itertools 0.13.0", "proc-macro2", "quote", "syn 2.0.106", @@ -3367,7 +3367,7 @@ checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "const-oid", "ecdsa", @@ -3411,7 +3411,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.96.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "chrono", "clap", @@ -3450,7 +3450,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "darling 0.21.3", "proc-macro2", @@ -3527,7 +3527,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.2" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "k8s-openapi", "kube", @@ -3543,7 +3543,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "axum", "clap", @@ -3567,7 +3567,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.8.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "schemars", "serde", @@ -3580,7 +3580,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.8.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "convert_case", "darling 0.21.3", @@ -3597,7 +3597,7 @@ dependencies = [ [[package]] name = "stackable-webhook" version = "0.5.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat/stackable-versioned-hint-wrapped#95385414f756251e10d81cf018fe241e9182ce84" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" dependencies = [ "arc-swap", "axum", diff --git a/Cargo.nix b/Cargo.nix index fbdb144d..daea8706 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -5261,6 +5261,7 @@ rec { "default" = [ "use_std" ]; "use_std" = [ "use_alloc" "either/use_std" ]; }; + resolvedDefaultFeatures = [ "default" "use_alloc" "use_std" ]; }; "itertools 0.14.0" = rec { crateName = "itertools"; @@ -5536,8 +5537,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "k8s_version"; authors = [ @@ -8585,7 +8586,7 @@ rec { } { name = "itertools"; - packageId = "itertools 0.14.0"; + packageId = "itertools 0.13.0"; usesDefaultFeatures = false; features = [ "use_alloc" ]; } @@ -8677,7 +8678,7 @@ rec { } { name = "itertools"; - packageId = "itertools 0.14.0"; + packageId = "itertools 0.13.0"; } { name = "proc-macro2"; @@ -8715,7 +8716,7 @@ rec { } { name = "itertools"; - packageId = "itertools 0.14.0"; + packageId = "itertools 0.13.0"; } { name = "proc-macro2"; @@ -11082,8 +11083,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "stackable_certs"; authors = [ @@ -11267,8 +11268,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "stackable_operator"; authors = [ @@ -11440,8 +11441,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -11746,8 +11747,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "stackable_shared"; authors = [ @@ -11821,8 +11822,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "stackable_telemetry"; authors = [ @@ -11931,8 +11932,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "stackable_versioned"; authors = [ @@ -11975,8 +11976,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -12039,8 +12040,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech//operator-rs.git"; - rev = "95385414f756251e10d81cf018fe241e9182ce84"; - sha256 = "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp"; + rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; + sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; }; libName = "stackable_webhook"; authors = [ diff --git a/Cargo.toml b/Cargo.toml index 9c220afd..a7cb6863 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -54,4 +54,4 @@ yasna = "0.5" [patch."https://github.com/stackabletech/operator-rs.git"] # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } -stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feat/stackable-versioned-hint-wrapped" } +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } diff --git a/crate-hashes.json b/crate-hashes.json index 63a6b4a0..804c3397 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,13 +1,13 @@ { - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#k8s-version@0.1.3": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-certs@0.4.0": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-operator-derive@0.3.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-operator@0.96.0": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-shared@0.0.2": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-telemetry@0.6.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-versioned-macros@0.8.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-versioned@0.8.1": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", - "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fstackable-versioned-hint-wrapped#stackable-webhook@0.5.0": "00r5hixmi51vzs6bm8lg6ygygf5f584k7a2i97ppnjbk53d5s3rp", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#k8s-version@0.1.3": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-certs@0.4.0": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-operator-derive@0.3.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-operator@0.96.0": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-shared@0.0.2": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-telemetry@0.6.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-versioned-macros@0.8.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-versioned@0.8.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", + "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-webhook@0.5.0": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5-sys@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" From 0f9fa2971743e4464f86da9fd4d093ad0af8ec40 Mon Sep 17 00:00:00 2001 From: Techassi Date: Tue, 9 Sep 2025 10:38:39 +0200 Subject: [PATCH 13/19] docs: Fix TrustStore reference --- rust/operator-binary/src/truststore_controller.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/operator-binary/src/truststore_controller.rs b/rust/operator-binary/src/truststore_controller.rs index 810ca924..6045c386 100644 --- a/rust/operator-binary/src/truststore_controller.rs +++ b/rust/operator-binary/src/truststore_controller.rs @@ -125,7 +125,7 @@ pub async fn start(client: &stackable_operator::client::Client, watch_namespace: } /// Resolves modifications to dependencies of [`v1alpha2::SecretClass`] objects into -/// a list of affected [`v1alpha2::TrustStore`]s. +/// a list of affected [`v1alpha1::TrustStore`]s. fn secretclass_dependency_watch_mapper( truststores: reflector::Store>, secretclasses: reflector::Store>, From c5320297f83bb9e7e11826e43d4f25dfa3d66dab Mon Sep 17 00:00:00 2001 From: Techassi Date: Tue, 9 Sep 2025 10:39:24 +0200 Subject: [PATCH 14/19] chore: Use single try_join! --- rust/operator-binary/src/main.rs | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 72fb7a57..1f4f8cd4 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -10,7 +10,7 @@ use csi_server::{ controller::SecretProvisionerController, identity::SecretProvisionerIdentity, node::SecretProvisionerNode, }; -use futures::{FutureExt, TryFutureExt, TryStreamExt, future::try_join}; +use futures::{FutureExt, TryFutureExt, TryStreamExt, try_join}; use grpc::csi::v1::{ controller_server::ControllerServer, identity_server::IdentityServer, node_server::NodeServer, }; @@ -162,11 +162,7 @@ async fn main() -> anyhow::Result<()> { .run() .map_err(|err| anyhow!(err).context("failed to run conversion webhook")); - try_join( - csi_server, - try_join(truststore_controller, conversion_webhook), - ) - .await?; + try_join!(csi_server, truststore_controller, conversion_webhook,)?; } } Ok(()) From 3e7f87ae9eec2cd1de3f5af9008bbbdd243512e7 Mon Sep 17 00:00:00 2001 From: Techassi Date: Tue, 9 Sep 2025 12:08:46 +0200 Subject: [PATCH 15/19] chore: Use default socket address constant --- rust/operator-binary/src/webhooks/conversion.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/rust/operator-binary/src/webhooks/conversion.rs b/rust/operator-binary/src/webhooks/conversion.rs index 6b587d3e..b9d3967d 100644 --- a/rust/operator-binary/src/webhooks/conversion.rs +++ b/rust/operator-binary/src/webhooks/conversion.rs @@ -2,7 +2,7 @@ use stackable_operator::{ cli::OperatorEnvironmentOptions, kube::Client, webhook::{ - constants::CONVERSION_WEBHOOK_HTTPS_PORT, + constants::DEFAULT_SOCKET_ADDRESS, servers::{ConversionWebhookOptions, ConversionWebhookServer}, }, }; @@ -29,9 +29,7 @@ pub async fn conversion_webhook( ]; let options = ConversionWebhookOptions { - socket_addr: format!("0.0.0.0:{CONVERSION_WEBHOOK_HTTPS_PORT}") - .parse() - .expect("static address is always valid"), + socket_addr: DEFAULT_SOCKET_ADDRESS, field_manager: OPERATOR_NAME.to_owned(), namespace: operator_environment.operator_namespace, service_name: operator_environment.operator_service_name, From 29ccbdf6ac516127ae21f50d592ad074cf4b8e3d Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Tue, 16 Sep 2025 13:38:47 +0200 Subject: [PATCH 16/19] Use op-rs 0.97.0 --- Cargo.lock | 416 ++++++++++++++++++++++++++++++----------------------- Cargo.toml | 4 +- 2 files changed, 242 insertions(+), 178 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 50eb8445..e7bbb565 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -45,12 +45,6 @@ version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" -[[package]] -name = "android-tzdata" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" - [[package]] name = "android_system_properties" version = "0.1.5" @@ -314,9 +308,9 @@ checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb" [[package]] name = "bitflags" -version = "2.9.3" +version = "2.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34efbcccd345379ca2868b2b2c9d3782e9cc58ba87bc7d79d5b53d9c9ae6f25d" +checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394" [[package]] name = "block-buffer" @@ -375,10 +369,11 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.34" +version = "1.2.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42bc4aea80032b7bf409b0bc7ccad88853858911b7713a8062fdc0623867bedc" +checksum = "65193589c6404eb80b450d618eaf9a2cafaaafd57ecce47370519ef674a7bd44" dependencies = [ + "find-msvc-tools", "jobserver", "libc", "shlex", @@ -401,15 +396,14 @@ checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" [[package]] name = "chrono" -version = "0.4.41" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c469d952047f47f91b68d1cba3f10d63c11d73e4636f24f08daf0278abf01c4d" +checksum = "145052bdd345b87320e369255277e3fb5152762ad123a901ef5c262dd38fe8d2" dependencies = [ - "android-tzdata", "iana-time-zone", "num-traits", "serde", - "windows-link", + "windows-link 0.2.0", ] [[package]] @@ -435,9 +429,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.45" +version = "4.5.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fc0e74a703892159f5ae7d3aac52c8e6c392f5ae5f359c70b5881d60aaac318" +checksum = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931" dependencies = [ "clap_builder", "clap_derive", @@ -445,9 +439,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.44" +version = "4.5.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3e7f4214277f3c7aa526a59dd3fbe306a370daee1f8b7b8c987069cd8e888a8" +checksum = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6" dependencies = [ "anstream", "anstyle", @@ -457,9 +451,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.45" +version = "4.5.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14cb31bb0a7d536caef2639baa7fad459e15c3144efefa6dbd1c84562c4739f6" +checksum = "bbfd7eae0b0f1a6e63d4b13c9c478de77c2eb546fba158ad50b4203dc24b9f9c" dependencies = [ "heck", "proc-macro2", @@ -724,9 +718,9 @@ dependencies = [ [[package]] name = "deranged" -version = "0.4.0" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e" +checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc" dependencies = [ "powerfmt", ] @@ -907,12 +901,12 @@ checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" [[package]] name = "errno" -version = "0.3.13" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.60.2", + "windows-sys 0.61.0", ] [[package]] @@ -963,6 +957,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "find-msvc-tools" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fd99930f64d146689264c637b5af2f0233a933bef0d8570e2526bf9e083192d" + [[package]] name = "fixedbitset" version = "0.5.7" @@ -1148,7 +1148,7 @@ dependencies = [ "cfg-if", "libc", "r-efi", - "wasi 0.14.2+wasi-0.2.4", + "wasi 0.14.7+wasi-0.2.4", ] [[package]] @@ -1291,7 +1291,7 @@ checksum = "a56f203cd1c76362b69e3863fd987520ac36cf70a8c92627449b2f64a8cf7d65" dependencies = [ "cfg-if", "libc", - "windows-link", + "windows-link 0.1.3", ] [[package]] @@ -1416,9 +1416,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.16" +version = "0.1.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9b05277c7e8da2c93a568989bb6207bef0112e8d17df7a6eda4a3cf143bc5e" +checksum = "3c6995591a8f1380fcb4ba966a252a4b29188d51d2b89e3a252f5305be65aea8" dependencies = [ "base64", "bytes", @@ -1440,9 +1440,9 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.63" +version = "0.1.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0c919e5debc312ad217002b8048a17b7d83f80703865bbfcfebb0458b0b27d8" +checksum = "33e57f83510bb73707521ebaffa789ec8caf86f9657cad665b092b581d40e9fb" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -1450,7 +1450,7 @@ dependencies = [ "js-sys", "log", "wasm-bindgen", - "windows-core", + "windows-core 0.62.0", ] [[package]] @@ -1577,9 +1577,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.11.0" +version = "2.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2481980430f9f78649238835720ddccc57e52df14ffce1c6f37391d61b563e9" +checksum = "92119844f513ffa41556430369ab02c295a3578af21cf945caa3e9e0c2481ac3" dependencies = [ "equivalent", "hashbrown", @@ -1681,9 +1681,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.77" +version = "0.3.78" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" +checksum = "0c0b063578492ceec17683ef2f8c5e89121fbd0b172cbc280635ab7567db2738" dependencies = [ "once_cell", "wasm-bindgen", @@ -1740,11 +1740,11 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "darling 0.21.3", "regex", - "snafu 0.8.7", + "snafu 0.8.9", ] [[package]] @@ -1753,7 +1753,7 @@ version = "0.1.0" source = "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#cba32789257540e31f262647f9b59cb592e2e011" dependencies = [ "krb5-sys", - "snafu 0.8.7", + "snafu 0.8.9", ] [[package]] @@ -2002,9 +2002,9 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.9.4" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12" +checksum = "df1d3c3b53da64cf5760482273a98e575c651a67eec7f77df96b5b642de8f039" [[package]] name = "litemap" @@ -2024,9 +2024,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.27" +version = "0.4.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" +checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" [[package]] name = "matchers" @@ -2428,9 +2428,9 @@ checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" [[package]] name = "pest" -version = "2.8.1" +version = "2.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1db05f56d34358a8b1066f67cbb203ee3e7ed2ba674a6263a1d5ec6db2204323" +checksum = "21e0a3a33733faeaf8651dfee72dd0f388f0c8e5ad496a3478fa5a922f49cfa8" dependencies = [ "memchr", "thiserror 2.0.16", @@ -2439,9 +2439,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.8.1" +version = "2.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb056d9e8ea77922845ec74a1c4e8fb17e7c218cc4fc11a15c5d25e189aa40bc" +checksum = "bc58706f770acb1dbd0973e6530a3cff4746fb721207feb3a8a6064cd0b6c663" dependencies = [ "pest", "pest_generator", @@ -2449,9 +2449,9 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.8.1" +version = "2.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87e404e638f781eb3202dc82db6760c8ae8a1eeef7fb3fa8264b2ef280504966" +checksum = "6d4f36811dfe07f7b8573462465d5cb8965fffc2e71ae377a33aecf14c2c9a2f" dependencies = [ "pest", "pest_meta", @@ -2462,9 +2462,9 @@ dependencies = [ [[package]] name = "pest_meta" -version = "2.8.1" +version = "2.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edd1101f170f5903fde0914f899bb503d9ff5271d7ba76bbb70bea63690cc0d5" +checksum = "42919b05089acbd0a5dcd5405fb304d17d1053847b81163d09c4ad18ce8e8420" dependencies = [ "pest", "sha2", @@ -2541,9 +2541,9 @@ checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" [[package]] name = "potential_utf" -version = "0.1.2" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5a7c30837279ca13e7c867e9e40053bc68740f988cb07f7ca6df43cc734b585" +checksum = "84df19adbe5b5a0782edcab45899906947ab039ccf4573713735ee7de1e6b08a" dependencies = [ "zerovec", ] @@ -2603,7 +2603,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.7", + "snafu 0.8.9", "xml-rs", ] @@ -2634,7 +2634,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac6c3320f9abac597dcbc668774ef006702672474aad53c6d596b62e487b40b1" dependencies = [ "heck", - "itertools 0.13.0", + "itertools 0.14.0", "log", "multimap", "once_cell", @@ -2656,7 +2656,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d" dependencies = [ "anyhow", - "itertools 0.13.0", + "itertools 0.14.0", "proc-macro2", "quote", "syn 2.0.106", @@ -2669,7 +2669,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425" dependencies = [ "anyhow", - "itertools 0.13.0", + "itertools 0.14.0", "proc-macro2", "quote", "syn 2.0.106", @@ -2917,15 +2917,15 @@ checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" [[package]] name = "rustix" -version = "1.0.8" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8" +checksum = "cd15f8a2c5551a84d56efdc1cd049089e409ac19a3072d5037a17fd70719ff3e" dependencies = [ "bitflags", "errno", "libc", "linux-raw-sys", - "windows-sys 0.60.2", + "windows-sys 0.61.0", ] [[package]] @@ -2965,7 +2965,7 @@ dependencies = [ "openssl-probe", "rustls-pki-types", "schannel", - "security-framework 3.3.0", + "security-framework 3.4.0", ] [[package]] @@ -2988,9 +2988,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.4" +version = "0.103.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" +checksum = "8572f3c2cb9934231157b45499fc41e1f58c589fdfb81a844ba873265e80f8eb" dependencies = [ "ring", "rustls-pki-types", @@ -3020,11 +3020,11 @@ dependencies = [ [[package]] name = "schannel" -version = "0.1.27" +version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" +checksum = "891d81b926048e76efe18581bf793546b4c0eaf8448d72be8de2bbee5fd166e1" dependencies = [ - "windows-sys 0.59.0", + "windows-sys 0.61.0", ] [[package]] @@ -3096,9 +3096,9 @@ dependencies = [ [[package]] name = "security-framework" -version = "3.3.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80fb1d92c5028aa318b4b8bd7302a5bfcf48be96a37fc6fc790f806b0004ee0c" +checksum = "60b369d18893388b345804dc0007963c99b7d665ae71d275812d828c6f089640" dependencies = [ "bitflags", "core-foundation 0.10.1", @@ -3109,9 +3109,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.14.0" +version = "2.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" +checksum = "cc1f0cbffaac4852523ce30d8bd3c5cdc873501d96ff467ca09b6767bb8cd5c0" dependencies = [ "core-foundation-sys", "libc", @@ -3119,16 +3119,17 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.26" +version = "1.0.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" +checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" [[package]] name = "serde" -version = "1.0.219" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +checksum = "fd6c24dee235d0da097043389623fb913daddf92c76e9f5a1db88607a0bcbd1d" dependencies = [ + "serde_core", "serde_derive", ] @@ -3142,11 +3143,20 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_core" +version = "1.0.225" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "659356f9a0cb1e529b24c01e43ad2bdf520ec4ceaf83047b83ddcc2251f96383" +dependencies = [ + "serde_derive", +] + [[package]] name = "serde_derive" -version = "1.0.219" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +checksum = "0ea936adf78b1f766949a4977b91d2f5595825bd6ec079aa9543ad2685fc4516" dependencies = [ "proc-macro2", "quote", @@ -3166,24 +3176,26 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.143" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a" +checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" dependencies = [ "itoa", "memchr", "ryu", "serde", + "serde_core", ] [[package]] name = "serde_path_to_error" -version = "0.1.17" +version = "0.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59fab13f937fa393d08645bf3a84bdfe86e296747b506ada67bb15f10f218b2a" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" dependencies = [ "itoa", "serde", + "serde_core", ] [[package]] @@ -3302,11 +3314,11 @@ dependencies = [ [[package]] name = "snafu" -version = "0.8.7" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0062a372b26c4a6e9155d099a3416d732514fd47ae2f235b3695b820afcee74a" +checksum = "6e84b3f4eacbf3a1ce05eac6763b4d629d60cbc94d632e4092c54ade71f1e1a2" dependencies = [ - "snafu-derive 0.8.7", + "snafu-derive 0.8.9", ] [[package]] @@ -3322,9 +3334,9 @@ dependencies = [ [[package]] name = "snafu-derive" -version = "0.8.7" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e5fd9e3263fc19d73abd5107dbd4d43e37949212d2b15d4d334ee5db53022b8" +checksum = "c1c97747dbf44bb1ca44a561ece23508e99cb592e862f22222dcf42f51d1e451" dependencies = [ "heck", "proc-macro2", @@ -3367,7 +3379,7 @@ checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "const-oid", "ecdsa", @@ -3379,7 +3391,7 @@ dependencies = [ "rsa", "sha2", "signature", - "snafu 0.8.7", + "snafu 0.8.9", "stackable-shared", "tokio", "tokio-rustls", @@ -3400,7 +3412,7 @@ dependencies = [ "rand 0.9.2", "serde", "serde_json", - "snafu 0.8.7", + "snafu 0.8.9", "stackable-operator", "stackable-secret-operator-crd-utils", "tokio", @@ -3410,8 +3422,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.96.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +version = "0.97.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "chrono", "clap", @@ -3433,7 +3445,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.7", + "snafu 0.8.9", "stackable-operator-derive", "stackable-shared", "stackable-telemetry", @@ -3450,7 +3462,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "darling 0.21.3", "proc-macro2", @@ -3480,7 +3492,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "snafu 0.8.7", + "snafu 0.8.9", "socket2", "stackable-krb5-provision-keytab", "stackable-operator", @@ -3491,7 +3503,7 @@ dependencies = [ "time", "tokio", "tokio-stream", - "tonic 0.14.1", + "tonic 0.14.2", "tonic-prost", "tonic-prost-build", "tonic-reflection", @@ -3527,7 +3539,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.2" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "k8s-openapi", "kube", @@ -3535,7 +3547,7 @@ dependencies = [ "semver", "serde", "serde_yaml", - "snafu 0.8.7", + "snafu 0.8.9", "strum", "time", ] @@ -3543,7 +3555,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "axum", "clap", @@ -3554,7 +3566,7 @@ dependencies = [ "opentelemetry-semantic-conventions", "opentelemetry_sdk", "pin-project", - "snafu 0.8.7", + "snafu 0.8.9", "strum", "tokio", "tower", @@ -3566,21 +3578,21 @@ dependencies = [ [[package]] name = "stackable-versioned" -version = "0.8.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +version = "0.8.2" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "schemars", "serde", "serde_json", "serde_yaml", - "snafu 0.8.7", + "snafu 0.8.9", "stackable-versioned-macros", ] [[package]] name = "stackable-versioned-macros" -version = "0.8.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +version = "0.8.2" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "convert_case", "darling 0.21.3", @@ -3596,8 +3608,8 @@ dependencies = [ [[package]] name = "stackable-webhook" -version = "0.5.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=main#f93c5528c0bc10b86b07d0d5936f19afe41550a6" +version = "0.6.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#36e9fad31f07903a545010998fb99aae0188337d" dependencies = [ "arc-swap", "axum", @@ -3610,7 +3622,7 @@ dependencies = [ "opentelemetry-semantic-conventions", "rand 0.9.2", "serde_json", - "snafu 0.8.7", + "snafu 0.8.9", "stackable-certs", "stackable-shared", "stackable-telemetry", @@ -3713,15 +3725,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.21.0" +version = "3.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15b61f8f20e3a6f7e0649d825294eaf317edce30f82cf6026e7e4cb9222a7d1e" +checksum = "84fa4d11fadde498443cca10fd3ac23c951f0dc59e080e9f4b93d4df4e4eea53" dependencies = [ "fastrand", "getrandom 0.3.3", "once_cell", "rustix", - "windows-sys 0.60.2", + "windows-sys 0.61.0", ] [[package]] @@ -3775,12 +3787,11 @@ dependencies = [ [[package]] name = "time" -version = "0.3.41" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40" +checksum = "83bde6f1ec10e72d583d91623c939f623002284ef622b87de38cfd546cbf2031" dependencies = [ "deranged", - "itoa", "num-conv", "powerfmt", "serde", @@ -3790,15 +3801,15 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.4" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c" +checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" [[package]] name = "time-macros" -version = "0.2.22" +version = "0.2.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49" +checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" dependencies = [ "num-conv", "time-core", @@ -3940,9 +3951,9 @@ dependencies = [ [[package]] name = "tonic" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67ac5a8627ada0968acec063a4746bf79588aa03ccb66db2f75d7dce26722a40" +checksum = "eb7613188ce9f7df5bfe185db26c5814347d110db17920415cf2fbcad85e7203" dependencies = [ "async-trait", "axum", @@ -3969,9 +3980,9 @@ dependencies = [ [[package]] name = "tonic-build" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49e323d8bba3be30833707e36d046deabf10a35ae8ad3cae576943ea8933e25d" +checksum = "4c40aaccc9f9eccf2cd82ebc111adc13030d23e887244bc9cfa5d1d636049de3" dependencies = [ "prettyplease", "proc-macro2", @@ -3981,20 +3992,20 @@ dependencies = [ [[package]] name = "tonic-prost" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9c511b9a96d40cb12b7d5d00464446acf3b9105fd3ce25437cfe41c92b1c87d" +checksum = "66bd50ad6ce1252d87ef024b3d64fe4c3cf54a86fb9ef4c631fdd0ded7aeaa67" dependencies = [ "bytes", "prost 0.14.1", - "tonic 0.14.1", + "tonic 0.14.2", ] [[package]] name = "tonic-prost-build" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ef298fcd01b15e135440c4b8c974460ceca4e6a5af7f1c933b08e4d2875efa1" +checksum = "b4a16cba4043dc3ff43fcb3f96b4c5c154c64cbd18ca8dce2ab2c6a451d058a2" dependencies = [ "prettyplease", "proc-macro2", @@ -4008,15 +4019,15 @@ dependencies = [ [[package]] name = "tonic-reflection" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0267a0073385cd94996197d12acb1856a3a0a2367482c726a48a769f6fed8a3a" +checksum = "34da53e8387581d66db16ff01f98a70b426b091fdf76856e289d5c1bd386ed7b" dependencies = [ "prost 0.14.1", "prost-types", "tokio", "tokio-stream", - "tonic 0.14.1", + "tonic 0.14.2", "tonic-prost", ] @@ -4203,9 +4214,9 @@ checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539" [[package]] name = "unicode-ident" -version = "1.0.18" +version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" +checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d" [[package]] name = "unicode-segmentation" @@ -4257,9 +4268,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.18.0" +version = "1.18.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f33196643e165781c20a5ead5582283a7dacbb87855d867fbc2df3f81eddc1be" +checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2" dependencies = [ "getrandom 0.3.3", "js-sys", @@ -4311,30 +4322,40 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasi" -version = "0.14.2+wasi-0.2.4" +version = "0.14.7+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c" dependencies = [ - "wit-bindgen-rt", + "wasip2", +] + +[[package]] +name = "wasip2" +version = "1.0.1+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" +dependencies = [ + "wit-bindgen", ] [[package]] name = "wasm-bindgen" -version = "0.2.100" +version = "0.2.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" +checksum = "7e14915cadd45b529bb8d1f343c4ed0ac1de926144b746e2710f9cd05df6603b" dependencies = [ "cfg-if", "once_cell", "rustversion", "wasm-bindgen-macro", + "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.100" +version = "0.2.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" +checksum = "e28d1ba982ca7923fd01448d5c30c6864d0a14109560296a162f80f305fb93bb" dependencies = [ "bumpalo", "log", @@ -4346,9 +4367,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.50" +version = "0.4.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61" +checksum = "0ca85039a9b469b38336411d6d6ced91f3fc87109a2a27b0c197663f5144dffe" dependencies = [ "cfg-if", "js-sys", @@ -4359,9 +4380,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.100" +version = "0.2.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" +checksum = "7c3d463ae3eff775b0c45df9da45d68837702ac35af998361e2c84e7c5ec1b0d" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -4369,9 +4390,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.100" +version = "0.2.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" +checksum = "7bb4ce89b08211f923caf51d527662b75bdc9c9c7aab40f86dcb9fb85ac552aa" dependencies = [ "proc-macro2", "quote", @@ -4382,18 +4403,18 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.100" +version = "0.2.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" +checksum = "f143854a3b13752c6950862c906306adb27c7e839f7414cec8fea35beab624c1" dependencies = [ "unicode-ident", ] [[package]] name = "web-sys" -version = "0.3.77" +version = "0.3.78" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2" +checksum = "77e4b637749ff0d92b8fad63aa1f7cff3cbe125fd49c175cd6345e7272638b12" dependencies = [ "js-sys", "wasm-bindgen", @@ -4411,11 +4432,11 @@ dependencies = [ [[package]] name = "winapi-util" -version = "0.1.10" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0978bf7171b3d90bac376700cb56d606feb40f251a475a5d6634613564460b22" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" dependencies = [ - "windows-sys 0.60.2", + "windows-sys 0.61.0", ] [[package]] @@ -4425,9 +4446,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9babd3a767a4c1aef6900409f85f5d53ce2544ccdfaa86dad48c91782c6d6893" dependencies = [ "windows-collections", - "windows-core", + "windows-core 0.61.2", "windows-future", - "windows-link", + "windows-link 0.1.3", "windows-numerics", ] @@ -4437,7 +4458,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8" dependencies = [ - "windows-core", + "windows-core 0.61.2", ] [[package]] @@ -4448,9 +4469,22 @@ checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3" dependencies = [ "windows-implement", "windows-interface", - "windows-link", - "windows-result", - "windows-strings", + "windows-link 0.1.3", + "windows-result 0.3.4", + "windows-strings 0.4.2", +] + +[[package]] +name = "windows-core" +version = "0.62.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57fe7168f7de578d2d8a05b07fd61870d2e73b4020e9f49aa00da8471723497c" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link 0.2.0", + "windows-result 0.4.0", + "windows-strings 0.5.0", ] [[package]] @@ -4459,8 +4493,8 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e" dependencies = [ - "windows-core", - "windows-link", + "windows-core 0.61.2", + "windows-link 0.1.3", "windows-threading", ] @@ -4492,14 +4526,20 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a" +[[package]] +name = "windows-link" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45e46c0661abb7180e7b9c281db115305d49ca1709ab8242adf09666d2173c65" + [[package]] name = "windows-numerics" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1" dependencies = [ - "windows-core", - "windows-link", + "windows-core 0.61.2", + "windows-link 0.1.3", ] [[package]] @@ -4508,7 +4548,16 @@ version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6" dependencies = [ - "windows-link", + "windows-link 0.1.3", +] + +[[package]] +name = "windows-result" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7084dcc306f89883455a206237404d3eaf961e5bd7e0f312f7c91f57eb44167f" +dependencies = [ + "windows-link 0.2.0", ] [[package]] @@ -4517,7 +4566,16 @@ version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57" dependencies = [ - "windows-link", + "windows-link 0.1.3", +] + +[[package]] +name = "windows-strings" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7218c655a553b0bed4426cf54b20d7ba363ef543b52d515b3e48d7fd55318dda" +dependencies = [ + "windows-link 0.2.0", ] [[package]] @@ -4547,6 +4605,15 @@ dependencies = [ "windows-targets 0.53.3", ] +[[package]] +name = "windows-sys" +version = "0.61.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e201184e40b2ede64bc2ea34968b28e33622acdbbf37104f0e4a33f7abe657aa" +dependencies = [ + "windows-link 0.2.0", +] + [[package]] name = "windows-targets" version = "0.52.6" @@ -4569,7 +4636,7 @@ version = "0.53.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91" dependencies = [ - "windows-link", + "windows-link 0.1.3", "windows_aarch64_gnullvm 0.53.0", "windows_aarch64_msvc 0.53.0", "windows_i686_gnu 0.53.0", @@ -4586,7 +4653,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b66463ad2e0ea3bbf808b7f1d371311c80e115c0b71d60efc142cafbcfb057a6" dependencies = [ - "windows-link", + "windows-link 0.1.3", ] [[package]] @@ -4686,13 +4753,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" [[package]] -name = "wit-bindgen-rt" -version = "0.39.0" +name = "wit-bindgen" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" -dependencies = [ - "bitflags", -] +checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" [[package]] name = "writeable" @@ -4752,18 +4816,18 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.8.26" +version = "0.8.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" +checksum = "0894878a5fa3edfd6da3f88c4805f4c8558e2b996227a3d864f47fe11e38282c" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.26" +version = "0.8.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" +checksum = "88d2b8d9c68ad2b9e4340d7832716a4d21a22a1154777ad56ea55c51a9cf3831" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index a7cb6863..e6d73023 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ edition = "2021" repository = "https://github.com/stackabletech/secret-operator" [workspace.dependencies] -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["time", "telemetry", "versioned", "webhook"], tag = "stackable-operator-0.96.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["time", "telemetry", "versioned", "webhook"], tag = "stackable-operator-0.97.0" } krb5 = { git = "https://github.com/stackabletech/krb5-rs.git", tag = "v0.1.0" } anyhow = "1.0" @@ -54,4 +54,4 @@ yasna = "0.5" [patch."https://github.com/stackabletech/operator-rs.git"] # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } -stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +# stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } From 09cbad6631e8dd935c13d6cf0e67e6ca299d690a Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Tue, 16 Sep 2025 14:56:06 +0200 Subject: [PATCH 17/19] nix --- Cargo.nix | 935 +++++++++++++++++++++++++++++++++------------- crate-hashes.json | 18 +- 2 files changed, 675 insertions(+), 278 deletions(-) diff --git a/Cargo.nix b/Cargo.nix index daea8706..9c52d079 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -251,17 +251,6 @@ rec { }; resolvedDefaultFeatures = [ "alloc" ]; }; - "android-tzdata" = rec { - crateName = "android-tzdata"; - version = "0.1.1"; - edition = "2018"; - sha256 = "1w7ynjxrfs97xg3qlcdns4kgfpwcdv824g611fq32cag4cdr96g9"; - libName = "android_tzdata"; - authors = [ - "RumovZ" - ]; - - }; "android_system_properties" = rec { crateName = "android_system_properties"; version = "0.1.5"; @@ -1072,9 +1061,9 @@ rec { }; "bitflags" = rec { crateName = "bitflags"; - version = "2.9.3"; + version = "2.9.4"; edition = "2021"; - sha256 = "0pgjwsd9qgdmsmwpvg47p9ccrsc26yfjqawbhsi9qds5sg6brvrl"; + sha256 = "157kkcv8s7vk6d17dar1pa5cqcz4c8pdrn16wm1ld7jnr86d2q92"; authors = [ "The Rust Project Developers" ]; @@ -1228,13 +1217,17 @@ rec { }; "cc" = rec { crateName = "cc"; - version = "1.2.34"; + version = "1.2.37"; edition = "2018"; - sha256 = "1p5ycww65h7xca03lwdp264qalw8v357rg5h17s7naq3h3m4mg22"; + sha256 = "0i5xlxsgd7jif1ry9k3ysnpsmbrckapqwq8d8l5vhkj0qs4ka6b5"; authors = [ "Alex Crichton " ]; dependencies = [ + { + name = "find-msvc-tools"; + packageId = "find-msvc-tools"; + } { name = "jobserver"; packageId = "jobserver"; @@ -1292,16 +1285,10 @@ rec { }; "chrono" = rec { crateName = "chrono"; - version = "0.4.41"; + version = "0.4.42"; edition = "2021"; - sha256 = "0k8wy2mph0mgipq28vv3wirivhb31pqs7jyid0dzjivz0i9djsf4"; + sha256 = "1lp8iz9js9jwxw0sj8yi59v54lgvwdvm49b9wch77f25sfym4l0l"; dependencies = [ - { - name = "android-tzdata"; - packageId = "android-tzdata"; - optional = true; - target = { target, features }: ("android" == target."os" or null); - } { name = "iana-time-zone"; packageId = "iana-time-zone"; @@ -1322,15 +1309,14 @@ rec { } { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.2.0"; optional = true; target = { target, features }: (target."windows" or false); } ]; features = { - "android-tzdata" = [ "dep:android-tzdata" ]; "arbitrary" = [ "dep:arbitrary" ]; - "clock" = [ "winapi" "iana-time-zone" "android-tzdata" "now" ]; + "clock" = [ "winapi" "iana-time-zone" "now" ]; "default" = [ "clock" "std" "oldtime" "wasmbind" ]; "iana-time-zone" = [ "dep:iana-time-zone" ]; "js-sys" = [ "dep:js-sys" ]; @@ -1349,7 +1335,7 @@ rec { "winapi" = [ "windows-link" ]; "windows-link" = [ "dep:windows-link" ]; }; - resolvedDefaultFeatures = [ "alloc" "android-tzdata" "clock" "iana-time-zone" "now" "serde" "std" "winapi" "windows-link" ]; + resolvedDefaultFeatures = [ "alloc" "clock" "iana-time-zone" "now" "serde" "std" "winapi" "windows-link" ]; }; "cipher" = rec { crateName = "cipher"; @@ -1444,10 +1430,10 @@ rec { }; "clap" = rec { crateName = "clap"; - version = "4.5.45"; + version = "4.5.47"; edition = "2021"; crateBin = []; - sha256 = "0663m85dd0aq1g3mkwz5b8pkjv4f5k2smlz7bagib4iqf15fgh0z"; + sha256 = "0c99f6m4a7d4ffgahid49h0ci2pv4ccdf417f76nl4wx5n801b3y"; dependencies = [ { name = "clap_builder"; @@ -1486,9 +1472,9 @@ rec { }; "clap_builder" = rec { crateName = "clap_builder"; - version = "4.5.44"; + version = "4.5.47"; edition = "2021"; - sha256 = "1a48x3c9q1l7r6wbgy71mq6kfsihpqzxsnbaaamcgwvp88hz9rxk"; + sha256 = "1mp1f0fz6wp9v87jc9372lg6r4514ja1l8cazf25hfz7a3vvpn9a"; dependencies = [ { name = "anstream"; @@ -1525,9 +1511,9 @@ rec { }; "clap_derive" = rec { crateName = "clap_derive"; - version = "4.5.45"; + version = "4.5.47"; edition = "2021"; - sha256 = "1xir8wn5d10wpmnzmzjf2k1ib7j5mmzsm6v3yap6qlvx1axk3jql"; + sha256 = "174z9g13s85la2nmi8gv8ssjwz77im3rqg5isiinw6hg1fp7xzdv"; procMacro = true; dependencies = [ { @@ -2265,9 +2251,9 @@ rec { }; "deranged" = rec { crateName = "deranged"; - version = "0.4.0"; + version = "0.5.3"; edition = "2021"; - sha256 = "13h6skwk411wzhf1l9l7d3yz5y6vg9d7s3dwhhb4a942r88nm7lw"; + sha256 = "1k473y8lzjac956dm3s1cs2rz364py9zd52y9fkbanws8b6vqc6n"; authors = [ "Jacob Pratt " ]; @@ -2280,7 +2266,6 @@ rec { } ]; features = { - "default" = [ "std" ]; "macros" = [ "dep:deranged-macros" ]; "num" = [ "dep:num-traits" ]; "powerfmt" = [ "dep:powerfmt" ]; @@ -2289,9 +2274,8 @@ rec { "rand08" = [ "dep:rand08" ]; "rand09" = [ "dep:rand09" ]; "serde" = [ "dep:serde" ]; - "std" = [ "alloc" ]; }; - resolvedDefaultFeatures = [ "alloc" "powerfmt" "std" ]; + resolvedDefaultFeatures = [ "default" "powerfmt" ]; }; "derive_more" = rec { crateName = "derive_more"; @@ -2859,9 +2843,9 @@ rec { }; "errno" = rec { crateName = "errno"; - version = "0.3.13"; + version = "0.3.14"; edition = "2018"; - sha256 = "1bd5g3srn66zr3bspac0150bvpg1s7zi6zwhwhlayivciz12m3kp"; + sha256 = "1szgccmh8vgryqyadg8xd58mnwwicf39zmin3bsn63df2wbbgjir"; authors = [ "Chris Wong " "Dan Gohman " @@ -2887,7 +2871,7 @@ rec { } { name = "windows-sys"; - packageId = "windows-sys 0.60.2"; + packageId = "windows-sys 0.61.0"; target = { target, features }: (target."windows" or false); features = [ "Win32_Foundation" "Win32_System_Diagnostics_Debug" ]; } @@ -3051,6 +3035,14 @@ rec { }; resolvedDefaultFeatures = [ "alloc" ]; }; + "find-msvc-tools" = rec { + crateName = "find-msvc-tools"; + version = "0.1.1"; + edition = "2018"; + sha256 = "0b8rhghgjssjw9q8a3gg7f9kl8zhy9d7nqsc4s4nc52dyqq9knbz"; + libName = "find_msvc_tools"; + + }; "fixedbitset" = rec { crateName = "fixedbitset"; version = "0.5.7"; @@ -3636,7 +3628,7 @@ rec { } { name = "wasi"; - packageId = "wasi 0.14.2+wasi-0.2.4"; + packageId = "wasi 0.14.7+wasi-0.2.4"; usesDefaultFeatures = false; target = { target, features }: (("wasm32" == target."arch" or null) && ("wasi" == target."os" or null) && ("p2" == target."env" or null)); } @@ -4042,7 +4034,7 @@ rec { } { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; target = { target, features }: ("windows" == target."os" or null); } ]; @@ -4519,9 +4511,9 @@ rec { }; "hyper-util" = rec { crateName = "hyper-util"; - version = "0.1.16"; + version = "0.1.17"; edition = "2021"; - sha256 = "0pmw8gqkqjnsdrxdy5wd5q8z1gh7caxqk2an7b4s53byghkhb6wd"; + sha256 = "1a5fcnz0alrg4lx9xf6ja66ihaab58jnm5msnky804wg39cras9w"; libName = "hyper_util"; authors = [ "Sean McArthur " @@ -4648,9 +4640,9 @@ rec { }; "iana-time-zone" = rec { crateName = "iana-time-zone"; - version = "0.1.63"; + version = "0.1.64"; edition = "2021"; - sha256 = "1n171f5lbc7bryzmp1h30zw86zbvl5480aq02z92lcdwvvjikjdh"; + sha256 = "1yz980fmhaq9bdkasz35z63az37ci6kzzfhya83kgdqba61pzr9k"; libName = "iana_time_zone"; authors = [ "Andrew Straw " @@ -4690,7 +4682,7 @@ rec { } { name = "windows-core"; - packageId = "windows-core"; + packageId = "windows-core 0.62.0"; target = { target, features }: ("windows" == target."os" or null); } ]; @@ -5089,9 +5081,9 @@ rec { }; "indexmap" = rec { crateName = "indexmap"; - version = "2.11.0"; + version = "2.11.3"; edition = "2021"; - sha256 = "1sb3nmhisf9pdwfcxzqlvx97xifcvlh5g0rqj9j7i7qg8f01jj7j"; + sha256 = "1hqs931f1sd3r92zj77ji9bs75f20amnj0s3aqas9zqkym29h4cj"; dependencies = [ { name = "equivalent"; @@ -5110,7 +5102,7 @@ rec { "default" = [ "std" ]; "quickcheck" = [ "dep:quickcheck" ]; "rayon" = [ "dep:rayon" ]; - "serde" = [ "dep:serde" ]; + "serde" = [ "dep:serde_core" "dep:serde" ]; "sval" = [ "dep:sval" ]; }; resolvedDefaultFeatures = [ "default" "std" ]; @@ -5261,7 +5253,6 @@ rec { "default" = [ "use_std" ]; "use_std" = [ "use_alloc" "either/use_std" ]; }; - resolvedDefaultFeatures = [ "default" "use_alloc" "use_std" ]; }; "itertools 0.14.0" = rec { crateName = "itertools"; @@ -5346,9 +5337,9 @@ rec { }; "js-sys" = rec { crateName = "js-sys"; - version = "0.3.77"; + version = "0.3.78"; edition = "2021"; - sha256 = "13x2qcky5l22z4xgivi59xhjjx4kxir1zg7gcj0f1ijzd4yg7yhw"; + sha256 = "0f17vdkpbarm0qlbqb0p1fyiy4l9bs62zvw3fv0ywb29g0shc2qc"; libName = "js_sys"; authors = [ "The wasm-bindgen Developers" @@ -5536,9 +5527,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "k8s_version"; authors = [ @@ -5556,7 +5547,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } ]; features = { @@ -5585,7 +5576,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } ]; @@ -6563,20 +6554,19 @@ rec { }; "linux-raw-sys" = rec { crateName = "linux-raw-sys"; - version = "0.9.4"; + version = "0.11.0"; edition = "2021"; - sha256 = "04kyjdrq79lz9ibrf7czk6cv9d3jl597pb9738vzbsbzy1j5i56d"; + sha256 = "0fghx0nn8nvbz5yzgizfcwd6ap2pislp68j8c1bwyr6sacxkq7fz"; libName = "linux_raw_sys"; authors = [ "Dan Gohman " ]; features = { - "compiler_builtins" = [ "dep:compiler_builtins" ]; "core" = [ "dep:core" ]; "default" = [ "std" "general" "errno" ]; - "rustc-dep-of-std" = [ "core" "compiler_builtins" "no_std" ]; + "rustc-dep-of-std" = [ "core" "no_std" ]; }; - resolvedDefaultFeatures = [ "elf" "errno" "general" "ioctl" "no_std" ]; + resolvedDefaultFeatures = [ "auxvec" "elf" "errno" "general" "ioctl" "no_std" ]; }; "litemap" = rec { crateName = "litemap"; @@ -6625,9 +6615,9 @@ rec { }; "log" = rec { crateName = "log"; - version = "0.4.27"; + version = "0.4.28"; edition = "2021"; - sha256 = "150x589dqil307rv0rwj0jsgz5bjbwvl83gyl61jf873a7rjvp0k"; + sha256 = "0cklpzrpxafbaq1nyxarhnmcw9z3xcjrad3ch55mmr58xw2ha21l"; authors = [ "The Rust Project Developers" ]; @@ -8015,9 +8005,9 @@ rec { }; "pest" = rec { crateName = "pest"; - version = "2.8.1"; + version = "2.8.2"; edition = "2021"; - sha256 = "08s342r6vv6ml5in4jk7pb97wgpf0frcnrvg0sqshn23sdb5zc0x"; + sha256 = "1a6g94pr4npsg0s6ljddwp4g127ks0nygzhxcpwfmyik6yis7q11"; authors = [ "Dragoș Tiselice " ]; @@ -8049,9 +8039,9 @@ rec { }; "pest_derive" = rec { crateName = "pest_derive"; - version = "2.8.1"; + version = "2.8.2"; edition = "2021"; - sha256 = "1g20ma4y29axbjhi3z64ihhpqzmiix71qjn7bs224yd7isg6s1dv"; + sha256 = "0qy6nv84q1m6m2rzw1qjfbxlcizz7h557rkk16yivjqafxpp0n5w"; procMacro = true; authors = [ "Dragoș Tiselice " @@ -8078,9 +8068,9 @@ rec { }; "pest_generator" = rec { crateName = "pest_generator"; - version = "2.8.1"; + version = "2.8.2"; edition = "2021"; - sha256 = "0rj9a20g4bjb4sl3zyzpxqg8mbn8c1kxp0nw08rfp0gp73k09r47"; + sha256 = "0bws5i6g3v1sldvy66p7qbzmz5mqbiflcqilaywgf1zy3n0kckvd"; authors = [ "Dragoș Tiselice " ]; @@ -8117,9 +8107,9 @@ rec { }; "pest_meta" = rec { crateName = "pest_meta"; - version = "2.8.1"; + version = "2.8.2"; edition = "2021"; - sha256 = "1mf01iln7shbnyxpdfnpf59gzn83nndqjkwiw3yh6n8g2wgi1lgd"; + sha256 = "0844iv71ibf414yid0bvhi9i0zfi0jrmyh6mvjjx1jws102rp4a2"; authors = [ "Dragoș Tiselice " ]; @@ -8311,9 +8301,9 @@ rec { }; "potential_utf" = rec { crateName = "potential_utf"; - version = "0.1.2"; + version = "0.1.3"; edition = "2021"; - sha256 = "11dm6k3krx3drbvhgjw8z508giiv0m09wzl6ghza37176w4c79z5"; + sha256 = "12mhwvhpvvim6xqp6ifgkh1sniv9j2cmid6axn10fnjvpsnikpw4"; authors = [ "The ICU4X Project Developers" ]; @@ -8499,7 +8489,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "xml-rs"; @@ -8586,7 +8576,7 @@ rec { } { name = "itertools"; - packageId = "itertools 0.13.0"; + packageId = "itertools 0.14.0"; usesDefaultFeatures = false; features = [ "use_alloc" ]; } @@ -8678,7 +8668,7 @@ rec { } { name = "itertools"; - packageId = "itertools 0.13.0"; + packageId = "itertools 0.14.0"; } { name = "proc-macro2"; @@ -8716,7 +8706,7 @@ rec { } { name = "itertools"; - packageId = "itertools 0.13.0"; + packageId = "itertools 0.14.0"; } { name = "proc-macro2"; @@ -9677,9 +9667,9 @@ rec { }; "rustix" = rec { crateName = "rustix"; - version = "1.0.8"; + version = "1.1.2"; edition = "2021"; - sha256 = "1j6ajqi61agdnh1avr4bplrsgydjw1n4mycdxw3v8g94pyx1y60i"; + sha256 = "0gpz343xfzx16x82s1x336n0kr49j02cvhgxdvaq86jmqnigh5fd"; authors = [ "Dan Gohman " "Jakub Konka " @@ -9729,7 +9719,7 @@ rec { name = "linux-raw-sys"; packageId = "linux-raw-sys"; usesDefaultFeatures = false; - target = { target, features }: ((("android" == target."os" or null) || ("linux" == target."os" or null)) && ((target."rustix_use_libc" or false) || (target."miri" or false) || (!(("linux" == target."os" or null) && (("little" == target."endian" or null) || (("s390x" == target."arch" or null) || ("powerpc" == target."arch" or null))) && (("arm" == target."arch" or null) || (("aarch64" == target."arch" or null) && ("64" == target."pointer_width" or null)) || ("riscv64" == target."arch" or null) || ((target."rustix_use_experimental_asm" or false) && ("powerpc" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("powerpc64" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("s390x" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips32r6" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips64" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips64r6" == target."arch" or null)) || ("x86" == target."arch" or null) || (("x86_64" == target."arch" or null) && ("64" == target."pointer_width" or null))))))); + target = { target, features }: ((("linux" == target."os" or null)) && ((target."rustix_use_libc" or false) || (target."miri" or false) || (!(("linux" == target."os" or null) && (("little" == target."endian" or null) || (("s390x" == target."arch" or null) || ("powerpc" == target."arch" or null))) && (("arm" == target."arch" or null) || (("aarch64" == target."arch" or null) && ("64" == target."pointer_width" or null)) || ("riscv64" == target."arch" or null) || ((target."rustix_use_experimental_asm" or false) && ("powerpc" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("powerpc64" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("s390x" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips32r6" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips64" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips64r6" == target."arch" or null)) || ("x86" == target."arch" or null) || (("x86_64" == target."arch" or null) && ("64" == target."pointer_width" or null))))))); features = [ "general" "ioctl" "no_std" ]; } { @@ -9737,11 +9727,11 @@ rec { packageId = "linux-raw-sys"; usesDefaultFeatures = false; target = { target, features }: ((!(target."rustix_use_libc" or false)) && (!(target."miri" or false)) && ("linux" == target."os" or null) && (("little" == target."endian" or null) || (("s390x" == target."arch" or null) || ("powerpc" == target."arch" or null))) && (("arm" == target."arch" or null) || (("aarch64" == target."arch" or null) && ("64" == target."pointer_width" or null)) || ("riscv64" == target."arch" or null) || ((target."rustix_use_experimental_asm" or false) && ("powerpc" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("powerpc64" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("s390x" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips32r6" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips64" == target."arch" or null)) || ((target."rustix_use_experimental_asm" or false) && ("mips64r6" == target."arch" or null)) || ("x86" == target."arch" or null) || (("x86_64" == target."arch" or null) && ("64" == target."pointer_width" or null)))); - features = [ "general" "errno" "ioctl" "no_std" "elf" ]; + features = [ "auxvec" "general" "errno" "ioctl" "no_std" "elf" ]; } { name = "windows-sys"; - packageId = "windows-sys 0.60.2"; + packageId = "windows-sys 0.61.0"; target = { target, features }: (target."windows" or false); features = [ "Win32_Foundation" "Win32_Networking_WinSock" ]; } @@ -9910,7 +9900,7 @@ rec { } { name = "security-framework"; - packageId = "security-framework 3.3.0"; + packageId = "security-framework 3.4.0"; target = { target, features }: ("macos" == target."os" or null); } ]; @@ -9959,9 +9949,9 @@ rec { }; "rustls-webpki" = rec { crateName = "rustls-webpki"; - version = "0.103.4"; + version = "0.103.6"; edition = "2021"; - sha256 = "1z4jmmgasjgk9glb160a66bshvgifa64mgfjrkqp7dy1w158h5qa"; + sha256 = "1szqh1g2cwx89f21mf6zkxc8rxg187y9jm5law8j6d4rrg1g6wl5"; libName = "webpki"; dependencies = [ { @@ -10036,9 +10026,9 @@ rec { }; "schannel" = rec { crateName = "schannel"; - version = "0.1.27"; + version = "0.1.28"; edition = "2018"; - sha256 = "0gbbhy28v72kd5iina0z2vcdl3vz63mk5idvkzn5r52z6jmfna8z"; + sha256 = "1qb6s5gyxfz2inz753a4z3mc1d266mwvz0c5w7ppd3h44swq27c9"; authors = [ "Steven Fackler " "Steffen Butzer " @@ -10046,14 +10036,14 @@ rec { dependencies = [ { name = "windows-sys"; - packageId = "windows-sys 0.59.0"; + packageId = "windows-sys 0.61.0"; features = [ "Win32_Foundation" "Win32_Security_Cryptography" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_SystemInformation" ]; } ]; devDependencies = [ { name = "windows-sys"; - packageId = "windows-sys 0.59.0"; + packageId = "windows-sys 0.61.0"; features = [ "Win32_System_SystemInformation" "Win32_System_Time" ]; } ]; @@ -10294,11 +10284,11 @@ rec { }; resolvedDefaultFeatures = [ "OSX_10_10" "OSX_10_11" "OSX_10_12" "OSX_10_9" "default" ]; }; - "security-framework 3.3.0" = rec { + "security-framework 3.4.0" = rec { crateName = "security-framework"; - version = "3.3.0"; + version = "3.4.0"; edition = "2021"; - sha256 = "037f0h06p00gg7ycczx3jsz4ikxzll177gdqnhca72h2qn91vyw0"; + sha256 = "0h4n11pqr0idh5sx4wdfcpbbg69wjq3h1p04b0s8nf4ki38nkcv0"; libName = "security_framework"; authors = [ "Steven Fackler " @@ -10340,9 +10330,9 @@ rec { }; "security-framework-sys" = rec { crateName = "security-framework-sys"; - version = "2.14.0"; + version = "2.15.0"; edition = "2021"; - sha256 = "0chwn01qrnvs59i5220bymd38iddy4krbnmfnhf4k451aqfj7ns9"; + sha256 = "1h6mijxnfrwvl1y4dzwn3m877j6dqp9qn3g37i954j5czazhq7yc"; libName = "security_framework_sys"; authors = [ "Steven Fackler " @@ -10371,9 +10361,9 @@ rec { }; "semver" = rec { crateName = "semver"; - version = "1.0.26"; + version = "1.0.27"; edition = "2018"; - sha256 = "1l5q2vb8fjkby657kdyfpvv40x2i2xqq9bg57pxqakfj92fgmrjn"; + sha256 = "1qmi3akfrnqc2hfkdgcxhld5bv961wbk8my3ascv5068mc5fnryp"; authors = [ "David Tolnay " ]; @@ -10385,35 +10375,34 @@ rec { }; "serde" = rec { crateName = "serde"; - version = "1.0.219"; - edition = "2018"; - sha256 = "1dl6nyxnsi82a197sd752128a4avm6mxnscywas1jq30srp2q3jz"; + version = "1.0.225"; + edition = "2021"; + sha256 = "07dxpjh0g1mq3md9yvn7jbgssgcizcircf23f04xml1mwbg28v7x"; authors = [ "Erick Tryzelaar " "David Tolnay " ]; dependencies = [ { - name = "serde_derive"; - packageId = "serde_derive"; - optional = true; - } - { - name = "serde_derive"; - packageId = "serde_derive"; - target = { target, features }: false; + name = "serde_core"; + packageId = "serde_core"; + usesDefaultFeatures = false; + features = [ "result" ]; } - ]; - devDependencies = [ { name = "serde_derive"; packageId = "serde_derive"; + optional = true; } ]; features = { + "alloc" = [ "serde_core/alloc" ]; "default" = [ "std" ]; "derive" = [ "serde_derive" ]; + "rc" = [ "serde_core/rc" ]; "serde_derive" = [ "dep:serde_derive" ]; + "std" = [ "serde_core/std" ]; + "unstable" = [ "serde_core/unstable" ]; }; resolvedDefaultFeatures = [ "alloc" "default" "derive" "serde_derive" "std" ]; }; @@ -10438,11 +10427,38 @@ rec { ]; }; + "serde_core" = rec { + crateName = "serde_core"; + version = "1.0.225"; + edition = "2021"; + sha256 = "10v3z58j5k6xhdxh90xgrv20wlnz5fnl67n04jdm47nbl3wmd4v5"; + authors = [ + "Erick Tryzelaar " + "David Tolnay " + ]; + dependencies = [ + { + name = "serde_derive"; + packageId = "serde_derive"; + target = { target, features }: false; + } + ]; + devDependencies = [ + { + name = "serde_derive"; + packageId = "serde_derive"; + } + ]; + features = { + "default" = [ "std" "result" ]; + }; + resolvedDefaultFeatures = [ "alloc" "result" "std" ]; + }; "serde_derive" = rec { crateName = "serde_derive"; - version = "1.0.219"; - edition = "2015"; - sha256 = "001azhjmj7ya52pmfiw4ppxm16nd44y15j2pf5gkcwrcgz7pc0jv"; + version = "1.0.225"; + edition = "2021"; + sha256 = "05j5zj2jdba3jnm7kh3fpljmhngmsa8pp5x495lpc7wbyynkda8f"; procMacro = true; authors = [ "Erick Tryzelaar " @@ -10504,9 +10520,9 @@ rec { }; "serde_json" = rec { crateName = "serde_json"; - version = "1.0.143"; + version = "1.0.145"; edition = "2021"; - sha256 = "0njabwzldvj13ykrf1aaf4gh5cgl25kf9hzbpafbv3qh3ppsn0fl"; + sha256 = "1767y6kxjf7gwpbv8bkhgwc50nhg46mqwm9gy9n122f7v1k6yaj0"; authors = [ "Erick Tryzelaar " "David Tolnay " @@ -10529,6 +10545,12 @@ rec { name = "serde"; packageId = "serde"; usesDefaultFeatures = false; + target = { target, features }: false; + } + { + name = "serde_core"; + packageId = "serde_core"; + usesDefaultFeatures = false; } ]; devDependencies = [ @@ -10539,19 +10561,19 @@ rec { } ]; features = { - "alloc" = [ "serde/alloc" ]; + "alloc" = [ "serde_core/alloc" ]; "default" = [ "std" ]; "indexmap" = [ "dep:indexmap" ]; "preserve_order" = [ "indexmap" "std" ]; - "std" = [ "memchr/std" "serde/std" ]; + "std" = [ "memchr/std" "serde_core/std" ]; }; resolvedDefaultFeatures = [ "alloc" "default" "raw_value" "std" ]; }; "serde_path_to_error" = rec { crateName = "serde_path_to_error"; - version = "0.1.17"; + version = "0.1.20"; edition = "2021"; - sha256 = "0alb447z25dvczd6ll3vfjbf51pypn23mgs5hv8978vzjczv3yjr"; + sha256 = "0mxls44p2ycmnxh03zpnlxxygq42w61ws7ir7r0ba6rp5s1gza8h"; authors = [ "David Tolnay " ]; @@ -10560,6 +10582,20 @@ rec { name = "itoa"; packageId = "itoa"; } + { + name = "serde"; + packageId = "serde"; + usesDefaultFeatures = false; + target = { target, features }: false; + } + { + name = "serde_core"; + packageId = "serde_core"; + usesDefaultFeatures = false; + features = [ "alloc" ]; + } + ]; + devDependencies = [ { name = "serde"; packageId = "serde"; @@ -10886,18 +10922,18 @@ rec { }; resolvedDefaultFeatures = [ "default" "guide" "std" ]; }; - "snafu 0.8.7" = rec { + "snafu 0.8.9" = rec { crateName = "snafu"; - version = "0.8.7"; + version = "0.8.9"; edition = "2018"; - sha256 = "0jp7rspj1f4m6rdj6bxf8zyi89bkdm0s76fhan8nwjkcn9ra6qh0"; + sha256 = "18p1y5qxwjn5j902wqsdr75n17b29lxpdipa0p7a3wybxbsb713f"; authors = [ "Jake Goulding " ]; dependencies = [ { name = "snafu-derive"; - packageId = "snafu-derive 0.8.7"; + packageId = "snafu-derive 0.8.9"; } ]; features = { @@ -10945,11 +10981,11 @@ rec { features = { }; }; - "snafu-derive 0.8.7" = rec { + "snafu-derive 0.8.9" = rec { crateName = "snafu-derive"; - version = "0.8.7"; + version = "0.8.9"; edition = "2018"; - sha256 = "1f1262smvvilsga1aard454pkqs39nyps46mmdrrvh9z4vixjpvy"; + sha256 = "0lg4s58jzx6w48ig4qp8jasrrs886pifqqd58k5b2jzlvd3pgjf1"; procMacro = true; libName = "snafu_derive"; authors = [ @@ -11082,9 +11118,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "stackable_certs"; authors = [ @@ -11142,7 +11178,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "stackable-shared"; @@ -11234,7 +11270,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "stackable-operator"; @@ -11263,13 +11299,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.96.0"; + version = "0.97.0"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "stackable_operator"; authors = [ @@ -11368,7 +11404,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "stackable-operator-derive"; @@ -11440,9 +11476,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -11558,7 +11594,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "socket2"; @@ -11609,7 +11645,7 @@ rec { } { name = "tonic"; - packageId = "tonic 0.14.1"; + packageId = "tonic 0.14.2"; } { name = "tonic-prost"; @@ -11746,9 +11782,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "stackable_shared"; authors = [ @@ -11787,7 +11823,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "strum"; @@ -11821,9 +11857,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "stackable_telemetry"; authors = [ @@ -11874,7 +11910,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "strum"; @@ -11927,13 +11963,13 @@ rec { }; "stackable-versioned" = rec { crateName = "stackable-versioned"; - version = "0.8.1"; + version = "0.8.2"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "stackable_versioned"; authors = [ @@ -11960,7 +11996,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "stackable-versioned-macros"; @@ -11971,13 +12007,13 @@ rec { }; "stackable-versioned-macros" = rec { crateName = "stackable-versioned-macros"; - version = "0.8.1"; + version = "0.8.2"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -12035,13 +12071,13 @@ rec { }; "stackable-webhook" = rec { crateName = "stackable-webhook"; - version = "0.5.0"; + version = "0.6.0"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech//operator-rs.git"; - rev = "f93c5528c0bc10b86b07d0d5936f19afe41550a6"; - sha256 = "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq"; + url = "https://github.com/stackabletech/operator-rs.git"; + rev = "36e9fad31f07903a545010998fb99aae0188337d"; + sha256 = "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0"; }; libName = "stackable_webhook"; authors = [ @@ -12100,7 +12136,7 @@ rec { } { name = "snafu"; - packageId = "snafu 0.8.7"; + packageId = "snafu 0.8.9"; } { name = "stackable-certs"; @@ -12390,9 +12426,9 @@ rec { }; "tempfile" = rec { crateName = "tempfile"; - version = "3.21.0"; + version = "3.22.0"; edition = "2021"; - sha256 = "07kx58ibjk3ydq1gcb7q637fs5zkxaa550lxckhgg9p3427izdhm"; + sha256 = "0lza9r7dzm4k9fghw24yql6iz59wq8xgs46a7i29ir6xz88lvyl4"; authors = [ "Steven Allen " "The Rust Project Developers" @@ -12425,7 +12461,7 @@ rec { } { name = "windows-sys"; - packageId = "windows-sys 0.60.2"; + packageId = "windows-sys 0.61.0"; target = { target, features }: (target."windows" or false); features = [ "Win32_Storage_FileSystem" "Win32_Foundation" ]; } @@ -12542,9 +12578,9 @@ rec { }; "time" = rec { crateName = "time"; - version = "0.3.41"; + version = "0.3.43"; edition = "2021"; - sha256 = "0h0cpiyya8cjlrh00d2r72bmgg4lsdcncs76qpwy0rn2kghijxla"; + sha256 = "0c90pxn59zccwdyvh8pn9ql04c32ky9kqqli7mc2vrqhxkqydgc3"; authors = [ "Jacob Pratt " "Time contributors" @@ -12553,14 +12589,8 @@ rec { { name = "deranged"; packageId = "deranged"; - usesDefaultFeatures = false; features = [ "powerfmt" ]; } - { - name = "itoa"; - packageId = "itoa"; - optional = true; - } { name = "num-conv"; packageId = "num-conv"; @@ -12605,26 +12635,28 @@ rec { features = { "alloc" = [ "serde?/alloc" ]; "default" = [ "std" ]; - "formatting" = [ "dep:itoa" "std" "time-macros?/formatting" ]; + "formatting" = [ "std" "time-macros?/formatting" ]; "large-dates" = [ "time-macros?/large-dates" ]; "local-offset" = [ "std" "dep:libc" "dep:num_threads" ]; "macros" = [ "dep:time-macros" ]; "parsing" = [ "time-macros?/parsing" ]; "quickcheck" = [ "dep:quickcheck" "alloc" "deranged/quickcheck" ]; - "rand" = [ "dep:rand" "deranged/rand" ]; + "rand" = [ "rand08" "rand09" ]; + "rand08" = [ "dep:rand08" "deranged/rand08" ]; + "rand09" = [ "dep:rand09" "deranged/rand09" ]; "serde" = [ "dep:serde" "time-macros?/serde" "deranged/serde" ]; "serde-human-readable" = [ "serde" "formatting" "parsing" ]; "serde-well-known" = [ "serde" "formatting" "parsing" ]; - "std" = [ "alloc" "deranged/std" ]; + "std" = [ "alloc" ]; "wasm-bindgen" = [ "dep:js-sys" ]; }; resolvedDefaultFeatures = [ "alloc" "default" "formatting" "parsing" "std" ]; }; "time-core" = rec { crateName = "time-core"; - version = "0.1.4"; + version = "0.1.6"; edition = "2021"; - sha256 = "0z5h9fknvdvbs2k2s1chpi3ab3jvgkfhdnqwrvixjngm263s7sf9"; + sha256 = "0sqwhg7n47gbffyr0zhipqcnskxgcgzz1ix8wirqs2rg3my8x1j0"; libName = "time_core"; authors = [ "Jacob Pratt " @@ -12634,9 +12666,9 @@ rec { }; "time-macros" = rec { crateName = "time-macros"; - version = "0.2.22"; + version = "0.2.24"; edition = "2021"; - sha256 = "0jcaxpw220han2bzbrdlpqhy1s5k9i8ri3lw6n5zv4zcja9p69im"; + sha256 = "1wzb6hnl35856f58cx259q7ijc4c7yis0qsnydvw5n8jbw9b1krh"; procMacro = true; libName = "time_macros"; authors = [ @@ -13206,11 +13238,11 @@ rec { }; resolvedDefaultFeatures = [ "channel" "codegen" "gzip" "prost" ]; }; - "tonic 0.14.1" = rec { + "tonic 0.14.2" = rec { crateName = "tonic"; - version = "0.14.1"; + version = "0.14.2"; edition = "2021"; - sha256 = "0h1af8kcwzaxyyr6vdnc0fm8i5gpddsa8qy0rs59d85d4y35mb37"; + sha256 = "00vjbvccmyzjbi0j0ydi1l8psd0lb1nb4p8qzrdxzxz9ihc16xpb"; authors = [ "Lucio Franco " ]; @@ -13329,7 +13361,7 @@ rec { } ]; features = { - "_tls-any" = [ "dep:tokio-rustls" "dep:tokio" "tokio?/rt" "tokio?/macros" ]; + "_tls-any" = [ "dep:tokio" "tokio?/rt" "tokio?/macros" "tls-connect-info" ]; "channel" = [ "dep:hyper" "hyper?/client" "dep:hyper-util" "hyper-util?/client-legacy" "dep:tower" "tower?/balance" "tower?/buffer" "tower?/discover" "tower?/limit" "tower?/load-shed" "tower?/util" "dep:tokio" "tokio?/time" "dep:hyper-timeout" ]; "codegen" = [ "dep:async-trait" ]; "default" = [ "router" "transport" "codegen" ]; @@ -13338,6 +13370,7 @@ rec { "router" = [ "dep:axum" "dep:tower" "tower?/util" ]; "server" = [ "dep:h2" "dep:hyper" "hyper?/server" "dep:hyper-util" "hyper-util?/service" "hyper-util?/server-auto" "dep:socket2" "dep:tokio" "tokio?/macros" "tokio?/net" "tokio?/time" "tokio-stream/net" "dep:tower" "tower?/util" "tower?/limit" "tower?/load-shed" ]; "tls-aws-lc" = [ "_tls-any" "tokio-rustls/aws-lc-rs" ]; + "tls-connect-info" = [ "dep:tokio-rustls" ]; "tls-native-roots" = [ "_tls-any" "channel" "dep:rustls-native-certs" ]; "tls-ring" = [ "_tls-any" "tokio-rustls/ring" ]; "tls-webpki-roots" = [ "_tls-any" "channel" "dep:webpki-roots" ]; @@ -13348,9 +13381,9 @@ rec { }; "tonic-build" = rec { crateName = "tonic-build"; - version = "0.14.1"; + version = "0.14.2"; edition = "2021"; - sha256 = "0pg26f4ylhv9ayp3rbg8baii1gzadl26vqq76y1k1gm3pgc27qs9"; + sha256 = "1qwx0hvddld5rz4ln947x0ihs0qkvhd13g1fv0nczv7rr76alh2c"; libName = "tonic_build"; authors = [ "Lucio Franco " @@ -13380,9 +13413,9 @@ rec { }; "tonic-prost" = rec { crateName = "tonic-prost"; - version = "0.14.1"; + version = "0.14.2"; edition = "2021"; - sha256 = "0zf8n691rr6g6xaf4g7x0n8kpkva8ij09l6mnw9cnh3dm6wi3idr"; + sha256 = "0rxamvbxxl7x673g97pvhr5gag2czrj3sjq2xy3js9g1djnm1gb6"; libName = "tonic_prost"; authors = [ "Lucio Franco " @@ -13398,7 +13431,7 @@ rec { } { name = "tonic"; - packageId = "tonic 0.14.1"; + packageId = "tonic 0.14.2"; usesDefaultFeatures = false; } ]; @@ -13406,9 +13439,9 @@ rec { }; "tonic-prost-build" = rec { crateName = "tonic-prost-build"; - version = "0.14.1"; + version = "0.14.2"; edition = "2021"; - sha256 = "18ggfll4v3mh6g4z3xssd97cmkk08jbqqjqc8hsy258vs3y9iwlf"; + sha256 = "18jqs18s9imj5b78vjhqpm6ccm61qns9cgyb7zs3zp2382x6r8dl"; libName = "tonic_prost_build"; authors = [ "Lucio Franco " @@ -13457,9 +13490,9 @@ rec { }; "tonic-reflection" = rec { crateName = "tonic-reflection"; - version = "0.14.1"; + version = "0.14.2"; edition = "2021"; - sha256 = "0flaxmpryxlalhkcg0kl6sia18sn335jmlcpc6cr9kc56c3s0rq2"; + sha256 = "0yzdhv9inp4x51p8axnz3w4nnhhblyc1zw3gn5nxd0bm73l57nil"; libName = "tonic_reflection"; authors = [ "James Nugent " @@ -13489,7 +13522,7 @@ rec { } { name = "tonic"; - packageId = "tonic 0.14.1"; + packageId = "tonic 0.14.2"; usesDefaultFeatures = false; features = [ "codegen" ]; } @@ -13508,7 +13541,7 @@ rec { } { name = "tonic"; - packageId = "tonic 0.14.1"; + packageId = "tonic 0.14.2"; usesDefaultFeatures = false; features = [ "transport" ]; } @@ -14267,9 +14300,9 @@ rec { }; "unicode-ident" = rec { crateName = "unicode-ident"; - version = "1.0.18"; + version = "1.0.19"; edition = "2018"; - sha256 = "04k5r6sijkafzljykdq26mhjpmhdx4jwzvn1lh90g9ax9903jpss"; + sha256 = "17bx1j1zf6b9j3kpyf74mraary7ava3984km0n8kh499h5a58fpn"; libName = "unicode_ident"; authors = [ "David Tolnay " @@ -14400,9 +14433,9 @@ rec { }; "uuid" = rec { crateName = "uuid"; - version = "1.18.0"; + version = "1.18.1"; edition = "2018"; - sha256 = "1gn1vlggiwrdpizqcpc5hyxsqz9s5215bbay1b182mqn7rj9ccgk"; + sha256 = "18kh01qmfayn4psap52x8xdjkzw2q8bcbpnhhxjs05dr22mbi1rg"; authors = [ "Ashley Mannix" "Dylan DPC" @@ -14552,34 +14585,49 @@ rec { }; resolvedDefaultFeatures = [ "default" "std" ]; }; - "wasi 0.14.2+wasi-0.2.4" = rec { + "wasi 0.14.7+wasi-0.2.4" = rec { crateName = "wasi"; - version = "0.14.2+wasi-0.2.4"; + version = "0.14.7+wasi-0.2.4"; edition = "2021"; - sha256 = "1cwcqjr3dgdq8j325awgk8a715h0hg0f7jqzsb077n4qm6jzk0wn"; - authors = [ - "The Cranelift Project Developers" + sha256 = "133fq3mq7h65mzrsphcm7bbbx1gsz7srrbwh01624zin43g7hd48"; + dependencies = [ + { + name = "wasip2"; + packageId = "wasip2"; + usesDefaultFeatures = false; + } ]; + features = { + "bitflags" = [ "wasip2/bitflags" ]; + "default" = [ "wasip2/default" ]; + "std" = [ "wasip2/std" ]; + }; + }; + "wasip2" = rec { + crateName = "wasip2"; + version = "1.0.1+wasi-0.2.4"; + edition = "2021"; + sha256 = "1rsqmpspwy0zja82xx7kbkbg9fv34a4a2if3sbd76dy64a244qh5"; dependencies = [ { - name = "wit-bindgen-rt"; - packageId = "wit-bindgen-rt"; - features = [ "bitflags" ]; + name = "wit-bindgen"; + packageId = "wit-bindgen"; + usesDefaultFeatures = false; } ]; features = { - "compiler_builtins" = [ "dep:compiler_builtins" ]; + "alloc" = [ "dep:alloc" ]; + "bitflags" = [ "wit-bindgen/bitflags" ]; "core" = [ "dep:core" ]; - "default" = [ "std" ]; - "rustc-dep-of-std" = [ "compiler_builtins" "core" "rustc-std-workspace-alloc" ]; - "rustc-std-workspace-alloc" = [ "dep:rustc-std-workspace-alloc" ]; + "default" = [ "std" "bitflags" ]; + "rustc-dep-of-std" = [ "core" "alloc" "wit-bindgen/rustc-dep-of-std" ]; }; }; "wasm-bindgen" = rec { crateName = "wasm-bindgen"; - version = "0.2.100"; + version = "0.2.101"; edition = "2021"; - sha256 = "1x8ymcm6yi3i1rwj78myl1agqv2m86i648myy3lc97s9swlqkp0y"; + sha256 = "0fv0yrfx170gf7i4dds4c69dxh8axp247wyip2dm4nylmmf9253y"; libName = "wasm_bindgen"; authors = [ "The wasm-bindgen Developers" @@ -14603,6 +14651,10 @@ rec { name = "wasm-bindgen-macro"; packageId = "wasm-bindgen-macro"; } + { + name = "wasm-bindgen-shared"; + packageId = "wasm-bindgen-shared"; + } ]; devDependencies = [ { @@ -14619,15 +14671,14 @@ rec { "serde-serialize" = [ "serde" "serde_json" "std" ]; "serde_json" = [ "dep:serde_json" ]; "strict-macro" = [ "wasm-bindgen-macro/strict-macro" ]; - "xxx_debug_only_print_generated_code" = [ "wasm-bindgen-macro/xxx_debug_only_print_generated_code" ]; }; resolvedDefaultFeatures = [ "default" "msrv" "rustversion" "std" ]; }; "wasm-bindgen-backend" = rec { crateName = "wasm-bindgen-backend"; - version = "0.2.100"; + version = "0.2.101"; edition = "2021"; - sha256 = "1ihbf1hq3y81c4md9lyh6lcwbx6a5j0fw4fygd423g62lm8hc2ig"; + sha256 = "1fwkzc2z701g2rm2jq4m20a0lkc6qqq5r3a407yj6yfahalip3g2"; libName = "wasm_bindgen_backend"; authors = [ "The wasm-bindgen Developers" @@ -14665,9 +14716,9 @@ rec { }; "wasm-bindgen-futures" = rec { crateName = "wasm-bindgen-futures"; - version = "0.4.50"; + version = "0.4.51"; edition = "2021"; - sha256 = "0q8ymi6i9r3vxly551dhxcyai7nc491mspj0j1wbafxwq074fpam"; + sha256 = "1znz8i8kyrlpq6q2fals223zrwwixmn6s7a16s1v6sdlm4wm1a0c"; libName = "wasm_bindgen_futures"; authors = [ "The wasm-bindgen Developers" @@ -14710,9 +14761,9 @@ rec { }; "wasm-bindgen-macro" = rec { crateName = "wasm-bindgen-macro"; - version = "0.2.100"; + version = "0.2.101"; edition = "2021"; - sha256 = "01xls2dvzh38yj17jgrbiib1d3nyad7k2yw9s0mpklwys333zrkz"; + sha256 = "038vxk2yg11c3qv9iyasqcm70dw8sr2xmyaxqjq7bxzgwcx4cgbw"; procMacro = true; libName = "wasm_bindgen_macro"; authors = [ @@ -14734,9 +14785,9 @@ rec { }; "wasm-bindgen-macro-support" = rec { crateName = "wasm-bindgen-macro-support"; - version = "0.2.100"; + version = "0.2.101"; edition = "2021"; - sha256 = "1plm8dh20jg2id0320pbmrlsv6cazfv6b6907z19ys4z1jj7xs4a"; + sha256 = "1ajjqmdbi7ybdpw41avskjfdqnxpc9v547gmr8izj4c2n24wxd3v"; libName = "wasm_bindgen_macro_support"; authors = [ "The wasm-bindgen Developers" @@ -14770,10 +14821,10 @@ rec { }; "wasm-bindgen-shared" = rec { crateName = "wasm-bindgen-shared"; - version = "0.2.100"; + version = "0.2.101"; edition = "2021"; links = "wasm_bindgen"; - sha256 = "0gffxvqgbh9r9xl36gprkfnh3w9gl8wgia6xrin7v11sjcxxf18s"; + sha256 = "1h94nvm5p8zyr3718x4zhdz7rcmd0rir0b46a1ljqx8k7d58ahzi"; libName = "wasm_bindgen_shared"; authors = [ "The wasm-bindgen Developers" @@ -14788,9 +14839,9 @@ rec { }; "web-sys" = rec { crateName = "web-sys"; - version = "0.3.77"; + version = "0.3.78"; edition = "2021"; - sha256 = "1lnmc1ffbq34qw91nndklqqm75rasaffj2g4f8h1yvqqz4pdvdik"; + sha256 = "04lbcdr74pilsrf1g76lbw9bwg7zghgslqxdiwmxkw4zfhvvdr3p"; libName = "web_sys"; authors = [ "The wasm-bindgen Developers" @@ -14905,6 +14956,7 @@ rec { "FontFaceSetLoadEvent" = [ "Event" ]; "GainNode" = [ "AudioNode" "EventTarget" ]; "GamepadEvent" = [ "Event" ]; + "GestureEvent" = [ "Event" "UiEvent" ]; "GpuDevice" = [ "EventTarget" ]; "GpuInternalError" = [ "GpuError" ]; "GpuOutOfMemoryError" = [ "GpuError" ]; @@ -15059,6 +15111,8 @@ rec { "PerformanceNavigationTiming" = [ "PerformanceEntry" "PerformanceResourceTiming" ]; "PerformanceResourceTiming" = [ "PerformanceEntry" ]; "PermissionStatus" = [ "EventTarget" ]; + "PictureInPictureEvent" = [ "Event" ]; + "PictureInPictureWindow" = [ "EventTarget" ]; "PointerEvent" = [ "Event" "MouseEvent" "UiEvent" ]; "PopStateEvent" = [ "Event" ]; "PopupBlockedEvent" = [ "Event" ]; @@ -15293,9 +15347,9 @@ rec { }; "winapi-util" = rec { crateName = "winapi-util"; - version = "0.1.10"; + version = "0.1.11"; edition = "2021"; - sha256 = "08hb8rj3aq9lcrfmliqs4l7v9zh6srbcn0376yn0pndkf5qvyy09"; + sha256 = "08hdl7mkll7pz8whg869h58c1r9y7in0w0pk8fm24qc77k0b39y2"; libName = "winapi_util"; authors = [ "Andrew Gallant " @@ -15303,7 +15357,7 @@ rec { dependencies = [ { name = "windows-sys"; - packageId = "windows-sys 0.60.2"; + packageId = "windows-sys 0.61.0"; target = { target, features }: (target."windows" or false); features = [ "Win32_Foundation" "Win32_Storage_FileSystem" "Win32_System_Console" "Win32_System_SystemInformation" ]; } @@ -15326,7 +15380,7 @@ rec { } { name = "windows-core"; - packageId = "windows-core"; + packageId = "windows-core 0.61.2"; usesDefaultFeatures = false; } { @@ -15336,7 +15390,7 @@ rec { } { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; usesDefaultFeatures = false; } { @@ -16050,7 +16104,7 @@ rec { dependencies = [ { name = "windows-core"; - packageId = "windows-core"; + packageId = "windows-core 0.61.2"; usesDefaultFeatures = false; } ]; @@ -16058,7 +16112,7 @@ rec { "default" = [ "std" ]; }; }; - "windows-core" = rec { + "windows-core 0.61.2" = rec { crateName = "windows-core"; version = "0.61.2"; edition = "2021"; @@ -16080,17 +16134,56 @@ rec { } { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; + usesDefaultFeatures = false; + } + { + name = "windows-result"; + packageId = "windows-result 0.3.4"; + usesDefaultFeatures = false; + } + { + name = "windows-strings"; + packageId = "windows-strings 0.4.2"; + usesDefaultFeatures = false; + } + ]; + features = { + "default" = [ "std" ]; + "std" = [ "windows-result/std" "windows-strings/std" ]; + }; + resolvedDefaultFeatures = [ "std" ]; + }; + "windows-core 0.62.0" = rec { + crateName = "windows-core"; + version = "0.62.0"; + edition = "2021"; + sha256 = "0z294cblga0dl2dg9s9080xyglkh33b7zc05i8nqsmyyyxl73zjp"; + libName = "windows_core"; + dependencies = [ + { + name = "windows-implement"; + packageId = "windows-implement"; + usesDefaultFeatures = false; + } + { + name = "windows-interface"; + packageId = "windows-interface"; + usesDefaultFeatures = false; + } + { + name = "windows-link"; + packageId = "windows-link 0.2.0"; usesDefaultFeatures = false; } { name = "windows-result"; - packageId = "windows-result"; + packageId = "windows-result 0.4.0"; usesDefaultFeatures = false; } { name = "windows-strings"; - packageId = "windows-strings"; + packageId = "windows-strings 0.5.0"; usesDefaultFeatures = false; } ]; @@ -16109,12 +16202,12 @@ rec { dependencies = [ { name = "windows-core"; - packageId = "windows-core"; + packageId = "windows-core 0.61.2"; usesDefaultFeatures = false; } { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; usesDefaultFeatures = false; } { @@ -16187,7 +16280,7 @@ rec { ]; }; - "windows-link" = rec { + "windows-link 0.1.3" = rec { crateName = "windows-link"; version = "0.1.3"; edition = "2021"; @@ -16197,6 +16290,14 @@ rec { "Microsoft" ]; + }; + "windows-link 0.2.0" = rec { + crateName = "windows-link"; + version = "0.2.0"; + edition = "2021"; + sha256 = "0r9w2z96d5phmm185aq92z54jp9h2nqisa4wgc71idxbc436rr25"; + libName = "windows_link"; + }; "windows-numerics" = rec { crateName = "windows-numerics"; @@ -16207,12 +16308,12 @@ rec { dependencies = [ { name = "windows-core"; - packageId = "windows-core"; + packageId = "windows-core 0.61.2"; usesDefaultFeatures = false; } { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; usesDefaultFeatures = false; } ]; @@ -16220,7 +16321,7 @@ rec { "default" = [ "std" ]; }; }; - "windows-result" = rec { + "windows-result 0.3.4" = rec { crateName = "windows-result"; version = "0.3.4"; edition = "2021"; @@ -16232,7 +16333,25 @@ rec { dependencies = [ { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; + usesDefaultFeatures = false; + } + ]; + features = { + "default" = [ "std" ]; + }; + resolvedDefaultFeatures = [ "std" ]; + }; + "windows-result 0.4.0" = rec { + crateName = "windows-result"; + version = "0.4.0"; + edition = "2021"; + sha256 = "0zqn8kmmf7y9yw9g7q6pbcg9dbry9m03fqi0b92q767q0v1xr13h"; + libName = "windows_result"; + dependencies = [ + { + name = "windows-link"; + packageId = "windows-link 0.2.0"; usesDefaultFeatures = false; } ]; @@ -16241,7 +16360,7 @@ rec { }; resolvedDefaultFeatures = [ "std" ]; }; - "windows-strings" = rec { + "windows-strings 0.4.2" = rec { crateName = "windows-strings"; version = "0.4.2"; edition = "2021"; @@ -16253,7 +16372,25 @@ rec { dependencies = [ { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; + usesDefaultFeatures = false; + } + ]; + features = { + "default" = [ "std" ]; + }; + resolvedDefaultFeatures = [ "std" ]; + }; + "windows-strings 0.5.0" = rec { + crateName = "windows-strings"; + version = "0.5.0"; + edition = "2021"; + sha256 = "1nld65azvms87rdm2bdm8gskwdmsswh4pxbc8babxc2klmawc63j"; + libName = "windows_strings"; + dependencies = [ + { + name = "windows-link"; + packageId = "windows-link 0.2.0"; usesDefaultFeatures = false; } ]; @@ -16767,7 +16904,7 @@ rec { "Win32_Web" = [ "Win32" ]; "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; }; - resolvedDefaultFeatures = [ "Wdk" "Wdk_Foundation" "Wdk_Storage" "Wdk_Storage_FileSystem" "Wdk_System" "Wdk_System_IO" "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Security_Authentication" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_Security_Cryptography" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Com" "Win32_System_Console" "Win32_System_IO" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_Pipes" "Win32_System_SystemInformation" "Win32_System_SystemServices" "Win32_System_Threading" "Win32_System_WindowsProgramming" "Win32_UI" "Win32_UI_Shell" "default" ]; + resolvedDefaultFeatures = [ "Wdk" "Wdk_Foundation" "Wdk_Storage" "Wdk_Storage_FileSystem" "Wdk_System" "Wdk_System_IO" "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Com" "Win32_System_Console" "Win32_System_IO" "Win32_System_Pipes" "Win32_System_SystemServices" "Win32_System_Threading" "Win32_System_WindowsProgramming" "Win32_UI" "Win32_UI_Shell" "default" ]; }; "windows-sys 0.60.2" = rec { crateName = "windows-sys"; @@ -17032,7 +17169,269 @@ rec { "Win32_Web" = [ "Win32" ]; "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; }; - resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Console" "Win32_System_Diagnostics" "Win32_System_Diagnostics_Debug" "Win32_System_SystemInformation" "default" ]; + resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_System" "Win32_System_Console" "default" ]; + }; + "windows-sys 0.61.0" = rec { + crateName = "windows-sys"; + version = "0.61.0"; + edition = "2021"; + sha256 = "1ajpwsmzfcsa1r7i0dxzvfn24dp3525rcd7aq95ydvdj8171h0g2"; + libName = "windows_sys"; + dependencies = [ + { + name = "windows-link"; + packageId = "windows-link 0.2.0"; + usesDefaultFeatures = false; + } + ]; + features = { + "Wdk" = [ "Win32_Foundation" ]; + "Wdk_Devices" = [ "Wdk" ]; + "Wdk_Devices_Bluetooth" = [ "Wdk_Devices" ]; + "Wdk_Devices_HumanInterfaceDevice" = [ "Wdk_Devices" ]; + "Wdk_Foundation" = [ "Wdk" ]; + "Wdk_Graphics" = [ "Wdk" ]; + "Wdk_Graphics_Direct3D" = [ "Wdk_Graphics" ]; + "Wdk_NetworkManagement" = [ "Wdk" ]; + "Wdk_NetworkManagement_Ndis" = [ "Wdk_NetworkManagement" ]; + "Wdk_NetworkManagement_WindowsFilteringPlatform" = [ "Wdk_NetworkManagement" ]; + "Wdk_Storage" = [ "Wdk" ]; + "Wdk_Storage_FileSystem" = [ "Wdk_Storage" ]; + "Wdk_Storage_FileSystem_Minifilters" = [ "Wdk_Storage_FileSystem" ]; + "Wdk_System" = [ "Wdk" ]; + "Wdk_System_IO" = [ "Wdk_System" ]; + "Wdk_System_Memory" = [ "Wdk_System" ]; + "Wdk_System_OfflineRegistry" = [ "Wdk_System" ]; + "Wdk_System_Registry" = [ "Wdk_System" ]; + "Wdk_System_SystemInformation" = [ "Wdk_System" ]; + "Wdk_System_SystemServices" = [ "Wdk_System" ]; + "Wdk_System_Threading" = [ "Wdk_System" ]; + "Win32" = [ "Win32_Foundation" ]; + "Win32_Data" = [ "Win32" ]; + "Win32_Data_HtmlHelp" = [ "Win32_Data" ]; + "Win32_Data_RightsManagement" = [ "Win32_Data" ]; + "Win32_Devices" = [ "Win32" ]; + "Win32_Devices_AllJoyn" = [ "Win32_Devices" ]; + "Win32_Devices_Beep" = [ "Win32_Devices" ]; + "Win32_Devices_BiometricFramework" = [ "Win32_Devices" ]; + "Win32_Devices_Bluetooth" = [ "Win32_Devices" ]; + "Win32_Devices_Cdrom" = [ "Win32_Devices" ]; + "Win32_Devices_Communication" = [ "Win32_Devices" ]; + "Win32_Devices_DeviceAndDriverInstallation" = [ "Win32_Devices" ]; + "Win32_Devices_DeviceQuery" = [ "Win32_Devices" ]; + "Win32_Devices_Display" = [ "Win32_Devices" ]; + "Win32_Devices_Dvd" = [ "Win32_Devices" ]; + "Win32_Devices_Enumeration" = [ "Win32_Devices" ]; + "Win32_Devices_Enumeration_Pnp" = [ "Win32_Devices_Enumeration" ]; + "Win32_Devices_Fax" = [ "Win32_Devices" ]; + "Win32_Devices_HumanInterfaceDevice" = [ "Win32_Devices" ]; + "Win32_Devices_Nfc" = [ "Win32_Devices" ]; + "Win32_Devices_Nfp" = [ "Win32_Devices" ]; + "Win32_Devices_PortableDevices" = [ "Win32_Devices" ]; + "Win32_Devices_Properties" = [ "Win32_Devices" ]; + "Win32_Devices_Pwm" = [ "Win32_Devices" ]; + "Win32_Devices_Sensors" = [ "Win32_Devices" ]; + "Win32_Devices_SerialCommunication" = [ "Win32_Devices" ]; + "Win32_Devices_Tapi" = [ "Win32_Devices" ]; + "Win32_Devices_Usb" = [ "Win32_Devices" ]; + "Win32_Devices_WebServicesOnDevices" = [ "Win32_Devices" ]; + "Win32_Foundation" = [ "Win32" ]; + "Win32_Gaming" = [ "Win32" ]; + "Win32_Globalization" = [ "Win32" ]; + "Win32_Graphics" = [ "Win32" ]; + "Win32_Graphics_Dwm" = [ "Win32_Graphics" ]; + "Win32_Graphics_Gdi" = [ "Win32_Graphics" ]; + "Win32_Graphics_GdiPlus" = [ "Win32_Graphics" ]; + "Win32_Graphics_Hlsl" = [ "Win32_Graphics" ]; + "Win32_Graphics_OpenGL" = [ "Win32_Graphics" ]; + "Win32_Graphics_Printing" = [ "Win32_Graphics" ]; + "Win32_Graphics_Printing_PrintTicket" = [ "Win32_Graphics_Printing" ]; + "Win32_Management" = [ "Win32" ]; + "Win32_Management_MobileDeviceManagementRegistration" = [ "Win32_Management" ]; + "Win32_Media" = [ "Win32" ]; + "Win32_Media_Audio" = [ "Win32_Media" ]; + "Win32_Media_DxMediaObjects" = [ "Win32_Media" ]; + "Win32_Media_KernelStreaming" = [ "Win32_Media" ]; + "Win32_Media_Multimedia" = [ "Win32_Media" ]; + "Win32_Media_Streaming" = [ "Win32_Media" ]; + "Win32_Media_WindowsMediaFormat" = [ "Win32_Media" ]; + "Win32_NetworkManagement" = [ "Win32" ]; + "Win32_NetworkManagement_Dhcp" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_Dns" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_InternetConnectionWizard" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_IpHelper" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_Multicast" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_Ndis" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_NetBios" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_NetManagement" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_NetShell" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_NetworkDiagnosticsFramework" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_P2P" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_QoS" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_Rras" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_Snmp" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WNet" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WebDav" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WiFi" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WindowsConnectionManager" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WindowsFilteringPlatform" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WindowsFirewall" = [ "Win32_NetworkManagement" ]; + "Win32_NetworkManagement_WindowsNetworkVirtualization" = [ "Win32_NetworkManagement" ]; + "Win32_Networking" = [ "Win32" ]; + "Win32_Networking_ActiveDirectory" = [ "Win32_Networking" ]; + "Win32_Networking_Clustering" = [ "Win32_Networking" ]; + "Win32_Networking_HttpServer" = [ "Win32_Networking" ]; + "Win32_Networking_Ldap" = [ "Win32_Networking" ]; + "Win32_Networking_WebSocket" = [ "Win32_Networking" ]; + "Win32_Networking_WinHttp" = [ "Win32_Networking" ]; + "Win32_Networking_WinInet" = [ "Win32_Networking" ]; + "Win32_Networking_WinSock" = [ "Win32_Networking" ]; + "Win32_Networking_WindowsWebServices" = [ "Win32_Networking" ]; + "Win32_Security" = [ "Win32" ]; + "Win32_Security_AppLocker" = [ "Win32_Security" ]; + "Win32_Security_Authentication" = [ "Win32_Security" ]; + "Win32_Security_Authentication_Identity" = [ "Win32_Security_Authentication" ]; + "Win32_Security_Authorization" = [ "Win32_Security" ]; + "Win32_Security_Credentials" = [ "Win32_Security" ]; + "Win32_Security_Cryptography" = [ "Win32_Security" ]; + "Win32_Security_Cryptography_Catalog" = [ "Win32_Security_Cryptography" ]; + "Win32_Security_Cryptography_Certificates" = [ "Win32_Security_Cryptography" ]; + "Win32_Security_Cryptography_Sip" = [ "Win32_Security_Cryptography" ]; + "Win32_Security_Cryptography_UI" = [ "Win32_Security_Cryptography" ]; + "Win32_Security_DiagnosticDataQuery" = [ "Win32_Security" ]; + "Win32_Security_DirectoryServices" = [ "Win32_Security" ]; + "Win32_Security_EnterpriseData" = [ "Win32_Security" ]; + "Win32_Security_ExtensibleAuthenticationProtocol" = [ "Win32_Security" ]; + "Win32_Security_Isolation" = [ "Win32_Security" ]; + "Win32_Security_LicenseProtection" = [ "Win32_Security" ]; + "Win32_Security_NetworkAccessProtection" = [ "Win32_Security" ]; + "Win32_Security_WinTrust" = [ "Win32_Security" ]; + "Win32_Security_WinWlx" = [ "Win32_Security" ]; + "Win32_Storage" = [ "Win32" ]; + "Win32_Storage_Cabinets" = [ "Win32_Storage" ]; + "Win32_Storage_CloudFilters" = [ "Win32_Storage" ]; + "Win32_Storage_Compression" = [ "Win32_Storage" ]; + "Win32_Storage_DistributedFileSystem" = [ "Win32_Storage" ]; + "Win32_Storage_FileHistory" = [ "Win32_Storage" ]; + "Win32_Storage_FileSystem" = [ "Win32_Storage" ]; + "Win32_Storage_Imapi" = [ "Win32_Storage" ]; + "Win32_Storage_IndexServer" = [ "Win32_Storage" ]; + "Win32_Storage_InstallableFileSystems" = [ "Win32_Storage" ]; + "Win32_Storage_IscsiDisc" = [ "Win32_Storage" ]; + "Win32_Storage_Jet" = [ "Win32_Storage" ]; + "Win32_Storage_Nvme" = [ "Win32_Storage" ]; + "Win32_Storage_OfflineFiles" = [ "Win32_Storage" ]; + "Win32_Storage_OperationRecorder" = [ "Win32_Storage" ]; + "Win32_Storage_Packaging" = [ "Win32_Storage" ]; + "Win32_Storage_Packaging_Appx" = [ "Win32_Storage_Packaging" ]; + "Win32_Storage_ProjectedFileSystem" = [ "Win32_Storage" ]; + "Win32_Storage_StructuredStorage" = [ "Win32_Storage" ]; + "Win32_Storage_Vhd" = [ "Win32_Storage" ]; + "Win32_Storage_Xps" = [ "Win32_Storage" ]; + "Win32_System" = [ "Win32" ]; + "Win32_System_AddressBook" = [ "Win32_System" ]; + "Win32_System_Antimalware" = [ "Win32_System" ]; + "Win32_System_ApplicationInstallationAndServicing" = [ "Win32_System" ]; + "Win32_System_ApplicationVerifier" = [ "Win32_System" ]; + "Win32_System_ClrHosting" = [ "Win32_System" ]; + "Win32_System_Com" = [ "Win32_System" ]; + "Win32_System_Com_Marshal" = [ "Win32_System_Com" ]; + "Win32_System_Com_StructuredStorage" = [ "Win32_System_Com" ]; + "Win32_System_Com_Urlmon" = [ "Win32_System_Com" ]; + "Win32_System_ComponentServices" = [ "Win32_System" ]; + "Win32_System_Console" = [ "Win32_System" ]; + "Win32_System_CorrelationVector" = [ "Win32_System" ]; + "Win32_System_DataExchange" = [ "Win32_System" ]; + "Win32_System_DeploymentServices" = [ "Win32_System" ]; + "Win32_System_DeveloperLicensing" = [ "Win32_System" ]; + "Win32_System_Diagnostics" = [ "Win32_System" ]; + "Win32_System_Diagnostics_Ceip" = [ "Win32_System_Diagnostics" ]; + "Win32_System_Diagnostics_Debug" = [ "Win32_System_Diagnostics" ]; + "Win32_System_Diagnostics_Debug_Extensions" = [ "Win32_System_Diagnostics_Debug" ]; + "Win32_System_Diagnostics_Etw" = [ "Win32_System_Diagnostics" ]; + "Win32_System_Diagnostics_ProcessSnapshotting" = [ "Win32_System_Diagnostics" ]; + "Win32_System_Diagnostics_ToolHelp" = [ "Win32_System_Diagnostics" ]; + "Win32_System_Diagnostics_TraceLogging" = [ "Win32_System_Diagnostics" ]; + "Win32_System_DistributedTransactionCoordinator" = [ "Win32_System" ]; + "Win32_System_Environment" = [ "Win32_System" ]; + "Win32_System_ErrorReporting" = [ "Win32_System" ]; + "Win32_System_EventCollector" = [ "Win32_System" ]; + "Win32_System_EventLog" = [ "Win32_System" ]; + "Win32_System_EventNotificationService" = [ "Win32_System" ]; + "Win32_System_GroupPolicy" = [ "Win32_System" ]; + "Win32_System_HostCompute" = [ "Win32_System" ]; + "Win32_System_HostComputeNetwork" = [ "Win32_System" ]; + "Win32_System_HostComputeSystem" = [ "Win32_System" ]; + "Win32_System_Hypervisor" = [ "Win32_System" ]; + "Win32_System_IO" = [ "Win32_System" ]; + "Win32_System_Iis" = [ "Win32_System" ]; + "Win32_System_Ioctl" = [ "Win32_System" ]; + "Win32_System_JobObjects" = [ "Win32_System" ]; + "Win32_System_Js" = [ "Win32_System" ]; + "Win32_System_Kernel" = [ "Win32_System" ]; + "Win32_System_LibraryLoader" = [ "Win32_System" ]; + "Win32_System_Mailslots" = [ "Win32_System" ]; + "Win32_System_Mapi" = [ "Win32_System" ]; + "Win32_System_Memory" = [ "Win32_System" ]; + "Win32_System_Memory_NonVolatile" = [ "Win32_System_Memory" ]; + "Win32_System_MessageQueuing" = [ "Win32_System" ]; + "Win32_System_MixedReality" = [ "Win32_System" ]; + "Win32_System_Ole" = [ "Win32_System" ]; + "Win32_System_PasswordManagement" = [ "Win32_System" ]; + "Win32_System_Performance" = [ "Win32_System" ]; + "Win32_System_Performance_HardwareCounterProfiling" = [ "Win32_System_Performance" ]; + "Win32_System_Pipes" = [ "Win32_System" ]; + "Win32_System_Power" = [ "Win32_System" ]; + "Win32_System_ProcessStatus" = [ "Win32_System" ]; + "Win32_System_Recovery" = [ "Win32_System" ]; + "Win32_System_Registry" = [ "Win32_System" ]; + "Win32_System_RemoteDesktop" = [ "Win32_System" ]; + "Win32_System_RemoteManagement" = [ "Win32_System" ]; + "Win32_System_RestartManager" = [ "Win32_System" ]; + "Win32_System_Restore" = [ "Win32_System" ]; + "Win32_System_Rpc" = [ "Win32_System" ]; + "Win32_System_Search" = [ "Win32_System" ]; + "Win32_System_Search_Common" = [ "Win32_System_Search" ]; + "Win32_System_SecurityCenter" = [ "Win32_System" ]; + "Win32_System_Services" = [ "Win32_System" ]; + "Win32_System_SetupAndMigration" = [ "Win32_System" ]; + "Win32_System_Shutdown" = [ "Win32_System" ]; + "Win32_System_StationsAndDesktops" = [ "Win32_System" ]; + "Win32_System_SubsystemForLinux" = [ "Win32_System" ]; + "Win32_System_SystemInformation" = [ "Win32_System" ]; + "Win32_System_SystemServices" = [ "Win32_System" ]; + "Win32_System_Threading" = [ "Win32_System" ]; + "Win32_System_Time" = [ "Win32_System" ]; + "Win32_System_TpmBaseServices" = [ "Win32_System" ]; + "Win32_System_UserAccessLogging" = [ "Win32_System" ]; + "Win32_System_Variant" = [ "Win32_System" ]; + "Win32_System_VirtualDosMachines" = [ "Win32_System" ]; + "Win32_System_WindowsProgramming" = [ "Win32_System" ]; + "Win32_System_Wmi" = [ "Win32_System" ]; + "Win32_UI" = [ "Win32" ]; + "Win32_UI_Accessibility" = [ "Win32_UI" ]; + "Win32_UI_ColorSystem" = [ "Win32_UI" ]; + "Win32_UI_Controls" = [ "Win32_UI" ]; + "Win32_UI_Controls_Dialogs" = [ "Win32_UI_Controls" ]; + "Win32_UI_HiDpi" = [ "Win32_UI" ]; + "Win32_UI_Input" = [ "Win32_UI" ]; + "Win32_UI_Input_Ime" = [ "Win32_UI_Input" ]; + "Win32_UI_Input_KeyboardAndMouse" = [ "Win32_UI_Input" ]; + "Win32_UI_Input_Pointer" = [ "Win32_UI_Input" ]; + "Win32_UI_Input_Touch" = [ "Win32_UI_Input" ]; + "Win32_UI_Input_XboxController" = [ "Win32_UI_Input" ]; + "Win32_UI_InteractionContext" = [ "Win32_UI" ]; + "Win32_UI_Magnification" = [ "Win32_UI" ]; + "Win32_UI_Shell" = [ "Win32_UI" ]; + "Win32_UI_Shell_Common" = [ "Win32_UI_Shell" ]; + "Win32_UI_Shell_PropertiesSystem" = [ "Win32_UI_Shell" ]; + "Win32_UI_TabletPC" = [ "Win32_UI" ]; + "Win32_UI_TextServices" = [ "Win32_UI" ]; + "Win32_UI_WindowsAndMessaging" = [ "Win32_UI" ]; + "Win32_Web" = [ "Win32" ]; + "Win32_Web_InternetExplorer" = [ "Win32_Web" ]; + }; + resolvedDefaultFeatures = [ "Win32" "Win32_Foundation" "Win32_Networking" "Win32_Networking_WinSock" "Win32_Security" "Win32_Security_Authentication" "Win32_Security_Authentication_Identity" "Win32_Security_Credentials" "Win32_Security_Cryptography" "Win32_Storage" "Win32_Storage_FileSystem" "Win32_System" "Win32_System_Console" "Win32_System_Diagnostics" "Win32_System_Diagnostics_Debug" "Win32_System_LibraryLoader" "Win32_System_Memory" "Win32_System_SystemInformation" "default" ]; }; "windows-targets 0.52.6" = rec { crateName = "windows-targets"; @@ -17099,7 +17498,7 @@ rec { dependencies = [ { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; usesDefaultFeatures = false; target = { target, features }: (target."windows_raw_dylib" or false); } @@ -17158,7 +17557,7 @@ rec { dependencies = [ { name = "windows-link"; - packageId = "windows-link"; + packageId = "windows-link 0.1.3"; usesDefaultFeatures = false; } ]; @@ -17324,24 +17723,22 @@ rec { ]; }; - "wit-bindgen-rt" = rec { - crateName = "wit-bindgen-rt"; - version = "0.39.0"; + "wit-bindgen" = rec { + crateName = "wit-bindgen"; + version = "0.46.0"; edition = "2021"; - sha256 = "1hd65pa5hp0nl664m94bg554h4zlhrzmkjsf6lsgsb7yc4734hkg"; - libName = "wit_bindgen_rt"; - dependencies = [ - { - name = "bitflags"; - packageId = "bitflags"; - optional = true; - } + sha256 = "0ngysw50gp2wrrfxbwgp6dhw1g6sckknsn3wm7l00vaf7n48aypi"; + libName = "wit_bindgen"; + authors = [ + "Alex Crichton " ]; features = { - "async" = [ "dep:futures" "dep:once_cell" ]; + "async" = [ "macros" "std" "dep:futures" "dep:once_cell" "wit-bindgen-rust-macro/async" ]; "bitflags" = [ "dep:bitflags" ]; + "default" = [ "macros" "realloc" "async" "std" "bitflags" ]; + "macros" = [ "dep:wit-bindgen-rust-macro" ]; + "rustc-dep-of-std" = [ "dep:core" "dep:alloc" ]; }; - resolvedDefaultFeatures = [ "bitflags" ]; }; "writeable" = rec { crateName = "writeable"; @@ -17520,9 +17917,9 @@ rec { }; "zerocopy" = rec { crateName = "zerocopy"; - version = "0.8.26"; + version = "0.8.27"; edition = "2021"; - sha256 = "0bvsj0qzq26zc6nlrm3z10ihvjspyngs7n0jw1fz031i7h6xsf8h"; + sha256 = "0b1870gf2zzlckca69v2k4mqwmf8yh2li37qldnzvvd3by58g508"; authors = [ "Joshua Liebow-Feeser " "Jack Wrenn " @@ -17556,9 +17953,9 @@ rec { }; "zerocopy-derive" = rec { crateName = "zerocopy-derive"; - version = "0.8.26"; + version = "0.8.27"; edition = "2021"; - sha256 = "10aiywi5qkha0mpsnb1zjwi44wl2rhdncaf3ykbp4i9nqm65pkwy"; + sha256 = "0c9qrylm2p55dvaplxsl24ma48add9qk4y0d6kjbkllaqvcvill8"; procMacro = true; libName = "zerocopy_derive"; authors = [ diff --git a/crate-hashes.json b/crate-hashes.json index 804c3397..0d9f338a 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,14 +1,14 @@ { - "git+https://github.com/stackabletech//operator-rs.git?branch=main#k8s-version@0.1.3": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-certs@0.4.0": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-operator-derive@0.3.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-operator@0.96.0": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-shared@0.0.2": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-telemetry@0.6.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-versioned-macros@0.8.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-versioned@0.8.1": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", - "git+https://github.com/stackabletech//operator-rs.git?branch=main#stackable-webhook@0.5.0": "0h5zs7mhaf72hqrhf7n6i9bma3k9i5ibymw3w02wlcs115yw1bxq", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5-sys@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", "git+https://github.com/stackabletech/krb5-rs.git?tag=v0.1.0#krb5@0.1.0": "148zr0q04163hpirkrff5q7cbxqgwzzxh0091zr4g23x7l64jh39", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#k8s-version@0.1.3": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-certs@0.4.0": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-operator-derive@0.3.1": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-operator@0.97.0": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-shared@0.0.2": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-telemetry@0.6.1": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-versioned-macros@0.8.2": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-versioned@0.8.2": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.97.0#stackable-webhook@0.6.0": "1ags7i3a0l5w5dcpfp6zzp4a172bp1jr9wkma0f1byjbk56q8bi0", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file From b12c65777ef45409d7aee2057c068494fbc857b5 Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Thu, 18 Sep 2025 16:08:03 +0200 Subject: [PATCH 18/19] fix: remove cluster info cli arguments from olm deployer --- rust/olm-deployer/src/env/mod.rs | 2 +- rust/olm-deployer/src/main.rs | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/rust/olm-deployer/src/env/mod.rs b/rust/olm-deployer/src/env/mod.rs index d9c421dc..5a793c2d 100644 --- a/rust/olm-deployer/src/env/mod.rs +++ b/rust/olm-deployer/src/env/mod.rs @@ -10,7 +10,7 @@ use crate::data::container; /// Copy the environment from the "secret-operator-deployer" container in `source` /// to the container "secret-operator" in `target`. -/// The `target` must be a DaemonSet object otherwise this is a no-op. +/// The `target` must be a DaemonSet object, otherwise this is a no-op. pub(super) fn maybe_copy_env( source: &Deployment, target: &mut DynamicObject, diff --git a/rust/olm-deployer/src/main.rs b/rust/olm-deployer/src/main.rs index 81aa506c..59a51730 100644 --- a/rust/olm-deployer/src/main.rs +++ b/rust/olm-deployer/src/main.rs @@ -71,9 +71,6 @@ struct OlmDeployerRun { #[command(flatten)] pub telemetry: TelemetryOptions, - - #[command(flatten)] - pub cluster_info: KubernetesClusterInfoOptions, } #[tokio::main] @@ -85,7 +82,6 @@ async fn main() -> Result<()> { namespace, dir, telemetry, - cluster_info, }) = opts.cmd { // NOTE (@NickLarsenNZ): Before stackable-telemetry was used: @@ -104,7 +100,13 @@ async fn main() -> Result<()> { description = built_info::PKG_DESCRIPTION ); - let client = client::initialize_operator(Some(APP_NAME.to_string()), &cluster_info).await?; + let dummy_cluster_info = KubernetesClusterInfoOptions { + kubernetes_cluster_domain: None, + kubernetes_node_name: "".to_string(), + }; + + let client = + client::initialize_operator(Some(APP_NAME.to_string()), &dummy_cluster_info).await?; let deployment = get_deployment(&csv, &namespace, &client).await?; let cluster_role = get_cluster_role(&csv, &client).await?; From ee204312ab084fa4d253a366679c408a182b5106 Mon Sep 17 00:00:00 2001 From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com> Date: Thu, 18 Sep 2025 16:50:50 +0200 Subject: [PATCH 19/19] need to pass a domain name --- rust/olm-deployer/src/main.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/olm-deployer/src/main.rs b/rust/olm-deployer/src/main.rs index 59a51730..0247b5db 100644 --- a/rust/olm-deployer/src/main.rs +++ b/rust/olm-deployer/src/main.rs @@ -23,6 +23,7 @@ use clap::Parser; use stackable_operator::{ cli::Command, client, + commons::networking::DomainName, k8s_openapi::api::{apps::v1::Deployment, rbac::v1::ClusterRole}, kube::{ self, @@ -101,7 +102,7 @@ async fn main() -> Result<()> { ); let dummy_cluster_info = KubernetesClusterInfoOptions { - kubernetes_cluster_domain: None, + kubernetes_cluster_domain: Some(DomainName::try_from("cluster.local")?), kubernetes_node_name: "".to_string(), };