160 lines
5.4 KiB
Diff
160 lines
5.4 KiB
Diff
From 23536a5aa38d1197ac554f7cfedd31e4d5138223 Mon Sep 17 00:00:00 2001
|
|
From: Cropi <alakatos@redhat.com>
|
|
Date: Wed, 21 Jan 2026 14:05:45 +0100
|
|
Subject: [PATCH] replace derivative with educe for debug derivation
|
|
|
|
Although we are not using plugins in the current kbs, this patch can
|
|
come handy in case we decide to do so in the future.
|
|
|
|
Replace the `derivative` crate with `educe` to manage Debug
|
|
implementations where sensitive fields need to be ignored (e.g. API
|
|
keys, passwords, tokens). `educe` is a lighter and more maintained
|
|
alternative that is often available in system repositories (like
|
|
Fedora).
|
|
|
|
Refactored components:
|
|
- Intel Trust Authority (Attestation)
|
|
- PKCS#11 plugin
|
|
- Aliyun KMS plugin
|
|
- Vault KV plugin
|
|
---
|
|
kbs/Cargo.toml | 1 -
|
|
kbs/src/attestation/intel_trust_authority/mod.rs | 8 ++++----
|
|
kbs/src/plugins/implementations/pkcs11.rs | 8 ++++----
|
|
kbs/src/plugins/implementations/resource/aliyun_kms.rs | 10 +++++-----
|
|
kbs/src/plugins/implementations/resource/vault_kv.rs | 8 ++++----
|
|
5 files changed, 17 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/kbs/Cargo.toml b/kbs/Cargo.toml
|
|
index 3fd8963..653c759 100644
|
|
--- a/kbs/Cargo.toml
|
|
+++ b/kbs/Cargo.toml
|
|
@@ -84,7 +84,6 @@ tonic = { workspace = true, optional = true }
|
|
uuid = { version = "1.18.0", features = ["serde", "v4"] }
|
|
openssl.workspace = true
|
|
az-cvm-vtpm = { version = "0.7.0", default-features = false, optional = true }
|
|
-derivative = "2.2.0"
|
|
vaultrs = { version = "0.7.4", optional = true }
|
|
|
|
|
|
diff --git a/kbs/src/attestation/intel_trust_authority/mod.rs b/kbs/src/attestation/intel_trust_authority/mod.rs
|
|
index 58c63b2..45565da 100644
|
|
--- a/kbs/src/attestation/intel_trust_authority/mod.rs
|
|
+++ b/kbs/src/attestation/intel_trust_authority/mod.rs
|
|
@@ -10,7 +10,7 @@ use anyhow::*;
|
|
use async_trait::async_trait;
|
|
use az_cvm_vtpm::hcl::HclReport;
|
|
use base64::{engine::general_purpose::STANDARD, Engine};
|
|
-use derivative::Derivative;
|
|
+use educe::Educe;
|
|
use kbs_types::{Challenge, HashAlgorithm, Tee};
|
|
use reqwest::header::{ACCEPT, CONTENT_TYPE, USER_AGENT};
|
|
use serde::{Deserialize, Serialize};
|
|
@@ -83,11 +83,11 @@ struct ErrorResponse {
|
|
error: String,
|
|
}
|
|
|
|
-#[derive(Clone, Derivative, Deserialize, PartialEq, Default)]
|
|
-#[derivative(Debug)]
|
|
+[derive(Clone, Educe, Deserialize, PartialEq, Default)]
|
|
+#[educe(Debug)]
|
|
pub struct IntelTrustAuthorityConfig {
|
|
pub base_url: String,
|
|
- #[derivative(Debug = "ignore")]
|
|
+ #[educe(Debug(ignore))]
|
|
pub api_key: String,
|
|
pub certs_file: String,
|
|
pub allow_unmatched_policy: Option<bool>,
|
|
diff --git a/kbs/src/plugins/implementations/pkcs11.rs b/kbs/src/plugins/implementations/pkcs11.rs
|
|
index d562cbd..0c31f8e 100644
|
|
--- a/kbs/src/plugins/implementations/pkcs11.rs
|
|
+++ b/kbs/src/plugins/implementations/pkcs11.rs
|
|
@@ -12,7 +12,7 @@ use cryptoki::{
|
|
session::{Session, UserType},
|
|
types::AuthPin,
|
|
};
|
|
-use derivative::Derivative;
|
|
+use educe::Educe;
|
|
use serde::Deserialize;
|
|
use std::{path::PathBuf, sync::Arc};
|
|
use tokio::sync::Mutex;
|
|
@@ -20,8 +20,8 @@ use uuid::Uuid;
|
|
|
|
use super::super::plugin_manager::ClientPlugin;
|
|
|
|
-#[derive(Derivative, Deserialize, Clone, PartialEq)]
|
|
-#[derivative(Debug)]
|
|
+#[derive(Educe, Deserialize, Clone, PartialEq, Default)]
|
|
+#[educe(Debug)]
|
|
pub struct Pkcs11Config {
|
|
/// Path to the PKCS11 module.
|
|
module: PathBuf,
|
|
@@ -31,7 +31,7 @@ pub struct Pkcs11Config {
|
|
slot_index: u8,
|
|
|
|
/// The user pin for authenticating the session.
|
|
- #[derivative(Debug = "ignore")]
|
|
+ #[educe(Debug(ignore))]
|
|
pin: String,
|
|
}
|
|
|
|
diff --git a/kbs/src/plugins/implementations/resource/aliyun_kms.rs b/kbs/src/plugins/implementations/resource/aliyun_kms.rs
|
|
index 8521236..b029bf6 100644
|
|
--- a/kbs/src/plugins/implementations/resource/aliyun_kms.rs
|
|
+++ b/kbs/src/plugins/implementations/resource/aliyun_kms.rs
|
|
@@ -4,18 +4,18 @@
|
|
|
|
use super::backend::{ResourceDesc, StorageBackend};
|
|
use anyhow::{Context, Result};
|
|
-use derivative::Derivative;
|
|
+use educe::Educe;
|
|
use kms::{plugins::aliyun::AliyunKmsClient, Annotations, Getter};
|
|
use log::info;
|
|
use serde::Deserialize;
|
|
|
|
-#[derive(Derivative, Deserialize, Clone, PartialEq)]
|
|
-#[derivative(Debug)]
|
|
+#[derive(Educe, Deserialize, Clone, PartialEq)]
|
|
+#[educe(Debug)]
|
|
pub struct AliyunKmsBackendConfig {
|
|
- #[derivative(Debug = "ignore")]
|
|
+ #[educe(Debug(ignore))]
|
|
client_key: String,
|
|
kms_instance_id: String,
|
|
- #[derivative(Debug = "ignore")]
|
|
+ #[educe(Debug(ignore))]
|
|
password: String,
|
|
cert_pem: String,
|
|
}
|
|
diff --git a/kbs/src/plugins/implementations/resource/vault_kv.rs b/kbs/src/plugins/implementations/resource/vault_kv.rs
|
|
index ed7733f..812ef98 100644
|
|
--- a/kbs/src/plugins/implementations/resource/vault_kv.rs
|
|
+++ b/kbs/src/plugins/implementations/resource/vault_kv.rs
|
|
@@ -4,7 +4,7 @@
|
|
|
|
use super::backend::{ResourceDesc, StorageBackend};
|
|
use anyhow::{Context, Result};
|
|
-use derivative::Derivative;
|
|
+use educe::Educe;
|
|
use log::info;
|
|
use serde::Deserialize;
|
|
use std::collections::HashMap;
|
|
@@ -28,11 +28,11 @@ pub enum VaultError {
|
|
VaultApiError { path: String, source: anyhow::Error },
|
|
}
|
|
|
|
-#[derive(Derivative, Deserialize, Clone, PartialEq)]
|
|
-#[derivative(Debug)]
|
|
+#[derive(Educe, Deserialize, Clone, PartialEq)]
|
|
+#[educe(Debug)]
|
|
pub struct VaultKvBackendConfig {
|
|
pub vault_url: String,
|
|
- #[derivative(Debug = "ignore")]
|
|
+ #[educe(Debug(ignore))]
|
|
pub token: String,
|
|
#[serde(default = "default_mount_path")]
|
|
pub mount_path: String,
|
|
--
|
|
2.52.0
|
|
|