Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_config default provider (incorrectly?) requires rustls #3782

Open
ereOn opened this issue Aug 2, 2024 · 0 comments
Open

aws_config default provider (incorrectly?) requires rustls #3782

ereOn opened this issue Aug 2, 2024 · 0 comments

Comments

@ereOn
Copy link

ereOn commented Aug 2, 2024

I am in the process of cleaning up the dependency graph of our monorepo, and I noticed we are still pulling hyper 0.14 due to aws_config still referencing it.

I understand it still references it mainly through rustls and possibly also the "hyper 0.14 connector" facility.

Looking through the code I noticed here that the default provider seems to be gated for the rustls feature.

#[cfg(feature = "rustls")]
/// Default Credentials Provider chain
///
/// The region from the default region provider will be used
pub async fn default_provider() -> impl ProvideCredentials {
    DefaultCredentialsChain::builder().build().await
}

This seems to be confirmed by the comment here too:

/// Creates a `DefaultCredentialsChain`
    ///
    /// ## Panics
    /// This function will panic if no connector has been set or the `rustls`
    /// feature has been disabled.
    pub async fn build(self) -> DefaultCredentialsChain {
        let region = match self.region_override {
            Some(provider) => provider.region().await,
            None => self.region_chain.build().region().await,
        };

        let conf = self.conf.unwrap_or_default().with_region(region);

        let env_provider = EnvironmentVariableCredentialsProvider::new_with_env(conf.env());
        let profile_provider = self.profile_file_builder.configure(&conf).build();
        let web_identity_token_provider = self.web_identity_builder.configure(&conf).build();
        let imds_provider = self.imds_builder.configure(&conf).build();
        let ecs_provider = self.ecs_builder.configure(&conf).build();

        let provider_chain = CredentialsProviderChain::first_try("Environment", env_provider)
            .or_else("Profile", profile_provider)
            .or_else("WebIdentityToken", web_identity_token_provider)
            .or_else("EcsContainer", ecs_provider)
            .or_else("Ec2InstanceMetadata", imds_provider);

        DefaultCredentialsChain { provider_chain }
    }

Looking a all the referenced providers, it seems that none of those actually depends on rustls so I'm not sure whether the feature-gate is still legitimate or if I'm missing something obvious.

Also, if the rustls feature-gate is still legitimate, the comment seems to indicate that one might avoid the panic by specifying a connector. Is there any example of that ?

Thank you and sorry if this turns out to be a false positive.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ereOn