diff --git a/Cargo.lock b/Cargo.lock index 16ba9d9e6..a2a790595 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -80,47 +80,48 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" [[package]] name = "anstream" -version = "0.6.13" +version = "0.6.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d96bd03f33fe50a863e394ee9718a706f988b9079b20c3784fb726e7678b62fb" +checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" dependencies = [ "anstyle", "anstyle-parse", "anstyle-query", "anstyle-wincon", "colorchoice", + "is_terminal_polyfill", "utf8parse", ] [[package]] name = "anstyle" -version = "1.0.6" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" [[package]] name = "anstyle-parse" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" +checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" +checksum = "a64c907d4e79225ac72e2a354c9ce84d50ebb4586dee56c82b3ee73004f537f5" dependencies = [ "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.2" +version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" +checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" dependencies = [ "anstyle", "windows-sys 0.52.0", @@ -128,9 +129,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.82" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" +checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3" [[package]] name = "anymap2" @@ -212,9 +213,9 @@ dependencies = [ [[package]] name = "async-compression" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e9eabd7a98fe442131a17c316bd9349c43695e49e730c3c8e12cfb5f4da2693" +checksum = "9c90a406b4495d129f00461241616194cb8a032c8d1c53c657f0961d5f8e0498" dependencies = [ "flate2", "futures-core", @@ -231,7 +232,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -253,7 +254,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -264,7 +265,7 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -297,9 +298,9 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "axum" @@ -388,7 +389,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -472,7 +473,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a56894edf5cd1efa7068d7454adeb7ce0b3da4ffa5ab08cfc06165bbc62f0c7" dependencies = [ "base64 0.21.7", - "paste 1.0.14", + "paste 1.0.15", "serde", ] @@ -498,13 +499,13 @@ dependencies = [ "lazycell", "log", "peeking_take_while", - "prettyplease 0.2.19", + "prettyplease 0.2.20", "proc-macro2", "quote", "regex", "rustc-hash", "shlex", - "syn 2.0.60", + "syn 2.0.63", "which", ] @@ -521,13 +522,13 @@ dependencies = [ "lazy_static", "lazycell", "log", - "prettyplease 0.2.19", + "prettyplease 0.2.20", "proc-macro2", "quote", "regex", "rustc-hash", "shlex", - "syn 2.0.60", + "syn 2.0.63", "which", ] @@ -622,9 +623,9 @@ checksum = "5ce89b21cab1437276d2650d57e971f9d548a2d9037cc231abdc0562b97498ce" [[package]] name = "bytemuck" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d6d68c57235a3a081186990eca2867354726650f42f7516ca50c28d6281fd15" +checksum = "78834c15cb5d5efe3452d58b1e8ba890dd62d21907f867f383358198e56ebca5" [[package]] name = "byteorder" @@ -646,9 +647,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.0.96" +version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "065a29261d53ba54260972629f9ca6bffa69bac13cd1fed61420f7fa68b9f8bd" +checksum = "099a5357d84c4c61eb35fc8eafa9a79a902c2f76911e5747ced4e032edd8d9b4" [[package]] name = "cexpr" @@ -770,7 +771,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -781,9 +782,9 @@ checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" [[package]] name = "clru" -version = "0.6.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8191fa7302e03607ff0e237d4246cc043ff5b3cb9409d995172ba3bea16b807" +checksum = "cbd0f76e066e64fdc5631e3bb46381254deab9ef1158292f27c8c57e3bf3fe59" [[package]] name = "color_quant" @@ -793,9 +794,9 @@ checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b" [[package]] name = "colorchoice" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" [[package]] name = "compact_jwt" @@ -1161,7 +1162,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.10.0", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -1183,7 +1184,7 @@ checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f" dependencies = [ "darling_core 0.20.8", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -1335,7 +1336,7 @@ checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -1388,13 +1389,13 @@ dependencies = [ [[package]] name = "enum-iterator-derive" -version = "1.3.1" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c19cbb53d33b57ac4df1f0af6b92c38c107cded663c4aea9fae1189dcfc17cf5" +checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -1414,7 +1415,7 @@ checksum = "5c785274071b1b420972453b306eeca06acf4633829db4223b58a2a8c5953bc4" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -1425,9 +1426,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -1689,7 +1690,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -1744,9 +1745,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "js-sys", @@ -2000,7 +2001,7 @@ checksum = "1dff438f14e67e7713ab9332f5fd18c8f20eb7eb249494f6c2bf170522224032" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -2820,6 +2821,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "is_terminal_polyfill" +version = "1.70.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" + [[package]] name = "iso8601" version = "0.6.1" @@ -3253,7 +3260,7 @@ version = "1.3.0-dev" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -3788,7 +3795,7 @@ dependencies = [ "lazy_static", "libc", "libnss", - "paste 1.0.14", + "paste 1.0.15", ] [[package]] @@ -3803,25 +3810,24 @@ dependencies = [ [[package]] name = "num" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3135b08af27d103b0a51f2ae0f8632117b7b185ccf931445affa8df530576a41" +checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23" dependencies = [ "num-bigint", "num-complex", "num-integer", "num-iter", - "num-rational 0.4.1", + "num-rational 0.4.2", "num-traits", ] [[package]] name = "num-bigint" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" +checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" dependencies = [ - "autocfg", "num-integer", "num-traits", ] @@ -3834,9 +3840,9 @@ checksum = "63335b2e2c34fae2fb0aa2cecfd9f0832a1e24b3b32ecec612c3426d46dc8aaa" [[package]] name = "num-complex" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23c6602fda94a57c990fe0df199a035d83576b496aa29f4e634a8ac6004e68a6" +checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495" dependencies = [ "num-traits", ] @@ -3869,9 +3875,9 @@ dependencies = [ [[package]] name = "num-iter" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -3891,11 +3897,10 @@ dependencies = [ [[package]] name = "num-rational" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0638a1c9d0a3c0914158145bc76cff373a75a627e6ecbfb71cbe6f453a5a19b0" +checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824" dependencies = [ - "autocfg", "num-bigint", "num-integer", "num-traits", @@ -3903,9 +3908,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", ] @@ -4031,7 +4036,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -4284,9 +4289,9 @@ dependencies = [ [[package]] name = "paste" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "paste-impl" @@ -4338,9 +4343,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "petgraph" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1d3afd2628e69da2be385eb6f2fd57c8ac7977ceeff6dc166ff1657b0e386a9" +checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset", "indexmap 2.2.6", @@ -4400,7 +4405,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -4521,12 +4526,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.19" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ac2cf0f2e4f42b49f5ffd07dae8d746508ef7526c13940e5f524012ae6c6550" +checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -4571,9 +4576,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.81" +version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1597b0c024618f09a9c3b8655b7e430397a36d23fdafec26d6965e9eec3eba" +checksum = "8ad3d49ab951a01fbaafe34f2ec74122942fe18a3f9814c3268f1bb72042131b" dependencies = [ "unicode-ident", ] @@ -4916,9 +4921,9 @@ dependencies = [ [[package]] name = "rust-embed" -version = "8.3.0" +version = "8.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb78f46d0066053d16d4ca7b898e9343bc3530f71c61d5ad84cd404ada068745" +checksum = "19549741604902eb99a7ed0ee177a0663ee1eda51a29f71401f166e47e77806a" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -4927,23 +4932,23 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "8.3.0" +version = "8.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b91ac2a3c6c0520a3fb3dd89321177c3c692937c4eb21893378219da10c44fc8" +checksum = "cb9f96e283ec64401f30d3df8ee2aaeb2561f34c824381efa24a35f79bf40ee4" dependencies = [ "proc-macro2", "quote", "rust-embed-utils", "shellexpand 3.1.0", - "syn 2.0.60", + "syn 2.0.63", "walkdir", ] [[package]] name = "rust-embed-utils" -version = "8.3.0" +version = "8.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86f69089032567ffff4eada41c573fc43ff466c7db7c5688b2e7969584345581" +checksum = "38c74a686185620830701348de757fd36bef4aa9680fd23c49fc539ddcc1af32" dependencies = [ "sha2", "walkdir", @@ -4951,9 +4956,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -4994,15 +4999,15 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80af6f9131f277a45a3fba6ce8e2258037bb0477a67e610d3c1fe046ab31de47" +checksum = "092474d1a01ea8278f69e6a358998405fae5b8b963ddaeb2b0b04a128bf1dfb0" [[package]] name = "ryu" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "same-file" @@ -5059,11 +5064,11 @@ checksum = "621e3680f3e07db4c9c2c3fb07c6223ab2fab2e54bd3c04c3ae037990f428c32" [[package]] name = "security-framework" -version = "2.10.0" +version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" +checksum = "c627723fd09706bacdb5cf41499e95098555af3c3c29d014dc3c458ef6be11c0" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", "core-foundation", "core-foundation-sys", "libc", @@ -5072,9 +5077,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.10.0" +version = "2.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef" +checksum = "317936bbbd05227752583946b9e66d7ce3b489f84e11a94a510b4437fef407d7" dependencies = [ "core-foundation-sys", "libc", @@ -5108,15 +5113,15 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.22" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.199" +version = "1.0.201" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c9f6e76df036c77cd94996771fb40db98187f096dd0b9af39c6c6e452ba966a" +checksum = "780f1cebed1629e4753a1a38a3c72d30b97ec044f0aef68cb26650a3c5cf363c" dependencies = [ "serde_derive", ] @@ -5174,20 +5179,20 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.199" +version = "1.0.201" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11bd257a6541e141e42ca6d24ae26f7714887b47e89aa739099104c7e4d3b7fc" +checksum = "c5e405930b9796f1c00bee880d03fc7e0bb4b9a11afc776885ffe84320da2865" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] name = "serde_json" -version = "1.0.116" +version = "1.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" dependencies = [ "itoa", "ryu", @@ -5243,7 +5248,7 @@ dependencies = [ "darling 0.20.8", "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -5474,9 +5479,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.60" +version = "2.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" +checksum = "bf5be731623ca1a1fb7d8be6f261a3be6d3e2337b8a1f97be944d020c8fcb704" dependencies = [ "proc-macro2", "quote", @@ -5552,27 +5557,27 @@ version = "0.1.0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] name = "thiserror" -version = "1.0.59" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0126ad08bff79f29fc3ae6a55cc72352056dfff61e3ff8bb7129476d44b23aa" +checksum = "579e9083ca58dd9dcf91a9923bb9054071b9ebbd800b342194c9feb0ee89fc18" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.59" +version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1cd413b5d558b4c5bf3680e324a6fa5014e7b7c067a51e69dbdf47eb7148b66" +checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -5699,7 +5704,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -5738,16 +5743,15 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" dependencies = [ "bytes", "futures-core", "futures-sink", "pin-project-lite", "tokio", - "tracing", ] [[package]] @@ -5884,7 +5888,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -6002,7 +6006,7 @@ dependencies = [ "num-derive", "num-traits", "oid", - "paste 1.0.14", + "paste 1.0.15", "picky-asn1", "picky-asn1-x509", "regex", @@ -6109,9 +6113,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "utoipa" -version = "4.2.0" +version = "4.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "272ebdfbc99111033031d2f10e018836056e4d2c8e2acda76450ec7974269fa7" +checksum = "c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23" dependencies = [ "indexmap 2.2.6", "serde", @@ -6121,15 +6125,15 @@ dependencies = [ [[package]] name = "utoipa-gen" -version = "4.2.0" +version = "4.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3c9f4d08338c1bfa70dde39412a040a884c6f318b3d09aaaf3437a1e52027fc" +checksum = "7bf0e16c02bc4bf5322ab65f10ab1149bdbcaa782cba66dc7057370a3f8190be" dependencies = [ "proc-macro-error", "proc-macro2", "quote", "regex", - "syn 2.0.60", + "syn 2.0.63", "url", "uuid", ] @@ -6241,7 +6245,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", "wasm-bindgen-shared", ] @@ -6275,7 +6279,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -6308,7 +6312,7 @@ checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -6833,22 +6837,22 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.32" +version = "0.7.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.32" +version = "0.7.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] @@ -6868,7 +6872,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.63", ] [[package]] diff --git a/book/src/developers/designs/replication_coordinator.md b/book/src/developers/designs/replication_coordinator.md index cdcd08b42..397a4399f 100644 --- a/book/src/developers/designs/replication_coordinator.md +++ b/book/src/developers/designs/replication_coordinator.md @@ -49,31 +49,6 @@ configures the state of replication across the topology. └────────────────┘ └────────────────┘ ``` -The KRC issues configuration tokens. These are JWT's that are signed by the KRC. - -A configuration token is _not_ unique to a node. It can be copied between many nodes. This allows -stateless deployments where nodes can be spun up and provided their replication config. - -The node is provided with the KRC TLS CA, and a configuration token. - -The node when configured contacts the KRC with its configuration token as bearer authentication. The -KRC uses this to determine and issue a replication configuration. Because the configuration token is -signed by the KRC, a fraudulent configuration token can _not_ be used by an attacker to fraudulently -subscribe a kanidm node. Because the KRC is contacted over TLS this gives the node strong assurances -of the legitimacy of the KRC due to TLS certificate validation and pinning. - -The KRC must be able to revoke replication configuration tokens in case of a token disclosure. - -The node sends its KRC token, server UUID, and server repl public key to the KRC. - -The configuration token defines the replication group identifier of that node. The KRC uses the -configuration token _and_ the servers UUID to assign replication metadata to the node. The KRC -issues a replication configuration to the node. - -The replication configuration defines the nodes that the server should connect to, as well as -providing the public keys that are required for that node to perform replication. These are -elaborated on in node configuration. - ## Kanidm Node Configuration There are some limited cases where an administrator may wish to _manually_ define replication @@ -98,7 +73,8 @@ All replicas require: ### Pull mode -This is the standard and preferred mode. The map contains for each node to pull from. +This is the standard mode. The map contains for each node to pull replication data from. This +logically maps to the implementation of the underlying replication mechanism. - the url of the node's replication endpoint. - The self-signed node certificate to be pinned for the connection. @@ -106,11 +82,7 @@ This is the standard and preferred mode. The map contains for each node to pull ### Push mode -This mode is only available in manual configurations, and should only be used as a last resort. - -- The url of the nodes replication endpoint. -- The self-signed node certificate to be pinned for the connection. -- If a refresh required message would be sent, if the node should be force-refreshed next cycle. +This mode is unlikely to be developed as it does not match the way that replication works. ## Worked examples @@ -118,175 +90,246 @@ This mode is only available in manual configurations, and should only be used as There are two nodes, A and B. -The administrator configures the kanidm server with replication urls +The administrator configures both kanidm servers with replication urls. ``` +# Server A [replication] -node_url = https://private.name.of.node +origin = "repl://kanidmd_a:8444" +bindaddress = "[::]:8444" +``` + +``` +# Server B +[replication] +origin = "repl://kanidmd_b:8444" +bindaddress = "[::]:8444" ``` The administrator extracts their replication certificates with the kanidmd binary admin features. This will reflect the `node_url` in the certificate. +``` kanidmd replication get-certificate +``` -For each node, a replication configuration is created in json. For A pulling from B. +For each node, a replication configuration is created in json. + +For A pulling from B. ``` -[ - { "pull": - { - url: "https://node-b.private-name", - publiccert: "pem certificate from B", - automatic_refresh: false - } - }, - { "allow-pull": - { - clientcert: "pem certificate from B" - } - } -] +[replication."repl://kanidmd_b:8444"] +type = "mutual-pull" +partner_cert = "M..." +automatic_refresh = false ``` For B pulling from A. ``` -[ - { "pull": - { - url: "https://node-a.private-name", - publiccert: "pem certificate from A", - automatic_refresh: false - } - }, - { "allow-pull": - { - clientcert: "pem certificate from A" - } - } -] +[replication."repl://kanidmd_a:8444"] +type = "mutual-pull" +partner_cert = "M..." +automatic_refresh = true ``` Notice that automatic refresh only goes from A -> B and not the other way around. This allows one server to be "authoritative". -TODO: The node configuration will also need to list nodes that can do certain tasks. An example of -these tasks is that to prevent "update storms" a limited set of nodes should be responsible for -recycling and tombstoning of entries. These should be defined as tasks in the replication -configuration, so that the KRC can later issue out which nodes are responsible for those processes. - -These are analogous to the AD FSMO roles, but I think we need a different name for them. Single Node -Origin Task? Single Node Operation Runner? Yes I'm trying to make silly acronyms. - ### KRC Configuration -> Still not fully sure about the KRC config yet. More thinking needed! - -The KRC is configured with its URL and certificates. - -```toml -[krc_config] -origin = https://krc.example.com -tls_chain = /path/to/tls/chain -tls_key = /path/to/tls/key -``` - -The KRC is also configured with replication groups. +The KRC is enabled as a replication parameter. This informs the node that it must not contact other +nodes for its replication topology, and it prepares the node for serving that replication metadata. +This is analgous to a single node operation configuration. ``` - [origin_nodes] - # This group never auto refreshes - they are authoritative. - mesh = full +[replication] +origin = "repl://kanidmd_a:8444" +bindaddress = "[::]:8444" - [replicas_syd] - # Every node has two links inside of this group. - mesh = 2 - # at least 2 nodes in this group link externally. - linkcount = 2 - linkto = [ "origin_nodes" ] +krc_enable = true - [replicas_bne] - # Every node has one link inside of this group. - mesh = 1 - # at least 1 node in this group link externally. - linkcount = 1 - linkto = [ "origin_nodes" ] +# krc_url -- unset +# krc_ca_dir -- unset ``` -This would yield the following arrangement. +All other nodes will have a configuration of: ``` - ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ - origin_nodes │ - │ - ┌────────┐ ┌────────┐ │ - │ │ │ │ │ - │ O1 │◀───────▶│ O2 │ │ - │ │ │ │ │ - └────────┘◀───┬───▶└────────┘ │ - │ ▲ │ ▲ - │ │ │ │ - │ │ │ │ - ▼ │ ▼ │ - │ ┌────────┐◀───┴───▶┌────────┐ - │ │ │ │ │ - │ │ O3 │◀───────▶│ O4 │◀─────────────────────────────┐ - │ │ │ │ │ │ - │ └────────┘ └────────┘ │ - ▲ ▲ │ │ - └ ─ ─ ─ ─│─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ │ - │ │ │ - │ │ │ - │ │ │ - ┌──┘ │ │ - │ │ │ - │ │ │ -┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ - replicas_bne │ │ │ replicas_syd │ │ -│ │ │ │ │ - ┌────────┐ ┌────────┐ │ │ ┌────────┐ ┌────────┐ │ -│ │ │ │ │ │ │ │ │ │ │ - │ B1 │◀───────▶│ B2 │ │ └──────────│ S1 │◀───────▶│ S2 │ │ -│ │ │ │ │ │ │ │ │ │ - └────────┘ └────────┘ │ └────────┘ └────────┘ │ -│ ▲ │ ▲ ▲ - │ │ │ │ │ -│ │ │ │ │ - ▼ │ ▼ ▼ │ -│ ┌────────┐ ┌────────┐ │ ┌────────┐ ┌────────┐ - │ │ │ │ │ │ │ │ │ │ -│ │ B3 │◀───────▶│ B4 │ │ │ S3 │◀───────▶│ S4 │ - │ │ │ │ │ │ │ │ │ │ -│ └────────┘ └────────┘ │ └────────┘ └────────┘ - │ │ -└ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ +[replication] +origin = "repl://kanidmd_b:8444" +bindaddress = "[::]:8444" + +# krc_enable -- unset / false + +# krc_url = https://private.name.of.krc.node +krc_url = https://kanidmd_a +# must contain ca that signs kanidmd_a's tls_chain. +krc_ca_dir = /path/to/ca_dir ``` -!!! TBD - How to remove / decomission nodes? +The domain will automatically add a `Default Site`. The KRC implies its own membership to "Default +Site" and it will internally add itself to the `Default Site`. -I think origin nodes are persistent and must be manually defined. Will this require configuration of -their server uuid in the config? +The KRC can then issue Tokens that define which Site a new replica should join. Initially we will +only allow `Default Site` (and will disallow creation of other sites). -Auto-node groups need to check in with periodic elements, and missed checkins. +The new replica will load its KRC token from the environment variable `KANIDMD_KRC_TOKEN_PATH`. This +value will contain a file path where the JWT is stored. This is compatible with systemd credentials +and docker secrets. By default the value if unset will be defined by a profile default +(`/etc/kanidm/krc.token` or `/data/krc.token`). -Checkins need to send ruv? This will allow the KRC to detect nodes that are stale. +A new replica can then contact the `krc_url` validating the presented TLS chain with the roots from +`krc_ca_dir` to assert the legitimacy of the KRC. Only once these are asserted, then the KRC token +can be sent to the instance as a `Bearer` token. The new replica will also provide its mTLS +certificate and its server UUID. -If a node misses checkins after a certain period they should be removed from the KRC knowledge? +Once validated, the KRC will create or update the server's replica entry. The replica entry in the +database will contain the active mTLS cert of the replica and a reference to the replication site +that the token referenced. -R/O nodes could removed after x days of failed checkins, without much consequence. +This will additionally add the "time first seen" to the server entry. -R/W nodes on the other hand it's a bit trickier to know if they should be automatically removed. +From this, for each server in the replication site associated to the token, the KRC will provide a +replication config map to the new replica providing all URL's and mTLS certs. -Or is delete of nodes a manual cleanup / triggers clean-ruv? +Anytime the replica checks in, if the KRC replication map has changed a new one will be provided, or +the response will be `None` for no changes. -Should replication maps have "priorities" to make it a tree so that if nodes are offline then it can -auto-re-route? Should they have multiple paths? Want to avoid excess links/loops/disconnections of -nodes. +To determine no changes we use a "generation". This is where any change to a replication site or +server entries will increment the generation counter. This allows us to detect when a client +requires a new configuration or not. -I think some more thought is needed here. Possibly a node state machine. +If a server's entry in the database is marked to be `Revoked` then it will remain in the database, +but be inelligible for replication participation. This is to allow for forced removal of a +potentially compromised node. -I think for R/O nodes, we need to define how R/W will pass through. I can see a possibility like +The KRC will periodically examine its RUV. For any server entry whose UUID is not contained in the +RUV, and whose "time first seen + trime window" is less than now, then the server entry will be +REMOVED for inactivity since it has now been trimmed from the RUV. + +### Moving the Replication Coordinator Role + +Since the coordinator is part of a kanidmd server, there must be a process to move the KRC to +another node. + +Imagine the following example. Here, Node A is acting as the KRC. + +``` +┌─────────────────┐ ┌─────────────────┐ +│ │ │ │ +│ │ │ │ +│ Node A │◀───────────────│ Node B │ +│ │ │ │ +│ │ │ │ +└─────────────────┘ └─────────────────┘ + ▲ ▲ + │ │ + │ │ + │ └────────────────────────────┐ + │ │ + │ │ + │ │ +┌─────────────────┐ ┌─────────────────┐ +│ │ │ │ +│ │ │ │ +│ Node C │ │ Node D │ +│ │ │ │ +│ │ │ │ +└─────────────────┘ └─────────────────┘ +``` + +This would allow Node A to be aware of B, C, D and then create a full mesh. + +We wish to decommision Node A and promote Node B to become the new KRC. Imagine at this point we cut +over Node D to point its KRC at Node B. + +``` +┌─────────────────┐ ┌─────────────────┐ +│ │ │ │ +│ │ │ │ +│ Node A │ │ Node B │ +│ │ │ │ +│ │ │ │ +└─────────────────┘ └─────────────────┘ + ▲ ▲ + │ │ + │ │ + │ │ + │ │ + │ │ + │ │ +┌─────────────────┐ ┌─────────────────┐ +│ │ │ │ +│ │ │ │ +│ Node C │ │ Node D │ +│ │ │ │ +│ │ │ │ +└─────────────────┘ └─────────────────┘ +``` + +Since we still have the Server Entry records in the Default Site on both Node A and Node B, then all +nodes will continue to participate in full mesh, and will update certificates as required. + +Since all servers would still be updating their RUV's and by proxy, updating RUV's to their partners +then no nodes will be trimmed from the topology. + +This allows a time window where servers can be moved from Node A to Node B. + +### Gruesome Details + +Server Start Up Process + +``` +Token is read from a file defined in the env. + works with systemd + docker secrets + +Token is JWT with HS256. (OR JWE + AES-GCM) + +Read the token +- if token domain_uuid != our domain_uuid -> set status to "waiting" + - empty replication config map +- if token domain_uuid == domain_uuid -> status to "ok" + - use cached replication config map + +No TOKEN -> Implies KRC role. +- Set status to "ok", we are the domain_uuid source. +``` + +Client Process + +``` +connect to KRC +- provide token for site binding +- submit my server_uuid +- submit my public cert with the request +- submit current domain_uuid + generation if possible + +- reply from KRC -> repl config map. + - config_map contains issuing KRC server uuid. + - if config_map generation > current config_map + - reload config. + - if config_map == None + - current map remains valid. +``` + +KRC Process + +``` +- Validate Token +- is server_uuid present as a server entry? + - if no: add it with site association + - if yes: verify site associated to token +- is server_uuid certificate the same as before? + - if no: replace it. +- compare domain_uuid + generation + - if different supply config + - else None (no change) +``` + +### FUTURE: Possible Read Only nodes + +For R/O nodes, we need to define how R/W will pass through. I can see a possibility like ``` No direct line diff --git a/server/core/src/repl/mod.rs b/server/core/src/repl/mod.rs index 63c846cb1..d6ff6be18 100644 --- a/server/core/src/repl/mod.rs +++ b/server/core/src/repl/mod.rs @@ -661,8 +661,6 @@ async fn repl_acceptor( // Get the private key / cert. let res = { - // Does this actually need to be a read in case we need to write - // to sqlite? let ct = duration_from_epoch_now(); let mut idms_prox_write = idms.proxy_write(ct).await; idms_prox_write