Bump base64 to 0.21 (#1308)

* Bump base64 to 0.21 Signed-off-by: clux <sszynrae@gmail.com> * Fix build and tests Signed-off-by: clux <sszynrae@gmail.com> * Update kube-client/src/client/auth/oidc.rs Co-authored-by: Natalie <nat.roijezon@stackable.tech> Signed-off-by: Eirik A <sszynrae@gmail.com> * Update kube-client/src/client/auth/oidc.rs Co-authored-by: Natalie <nat.roijezon@stackable.tech> Signed-off-by: Eirik A <sszynrae@gmail.com> * separate names for separate engines Signed-off-by: clux <sszynrae@gmail.com> * actually think this test should use JWT engine Signed-off-by: clux <sszynrae@gmail.com> * avoid polluting import space and use big names in one place Signed-off-by: clux <sszynrae@gmail.com> --------- Signed-off-by: clux <sszynrae@gmail.com> Signed-off-by: Eirik A <sszynrae@gmail.com> Co-authored-by: Natalie <nat.roijezon@stackable.tech>
kube-rs · Oct 12, 2023 · fba2b9d · fba2b9d
1 parent 3d7ebdd
commit fba2b9d
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 19 deletions.
diff --git a/kube-client/Cargo.toml b/kube-client/Cargo.toml
@@ -37,7 +37,7 @@ features = ["client", "rustls-tls", "openssl-tls", "ws", "oauth", "oidc", "jsonp
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
-base64 = { version = "0.20.0", optional = true }
+base64 = { version = "0.21.4", optional = true }
 chrono = { version = "0.4.23", optional = true, default-features = false }
 home = { version = "0.5.4", optional = true }
 serde = { version = "1.0.130", features = ["derive"] }

diff --git a/kube-client/src/client/auth/oidc.rs b/kube-client/src/client/auth/oidc.rs
@@ -1,12 +1,5 @@
 use std::collections::HashMap;
 
-use base64::{
-    alphabet,
-    engine::{
-        fast_portable::{FastPortable, FastPortableConfig},
-        DecodePaddingMode,
-    },
-};
 use chrono::{Duration, TimeZone, Utc};
 use form_urlencoded::Serializer;
 use http::{
@@ -137,12 +130,14 @@ pub mod errors {
     }
 }
 
-const BASE64_ENGINE: FastPortable = FastPortable::from(
-    &alphabet::URL_SAFE,
-    FastPortableConfig::new()
+use base64::Engine as _;
+const JWT_BASE64_ENGINE: base64::engine::GeneralPurpose = base64::engine::GeneralPurpose::new(
+    &base64::alphabet::URL_SAFE,
+    base64::engine::GeneralPurposeConfig::new()
         .with_decode_allow_trailing_bits(true)
-        .with_decode_padding_mode(DecodePaddingMode::Indifferent),
+        .with_decode_padding_mode(base64::engine::DecodePaddingMode::Indifferent),
 );
+use base64::engine::general_purpose::STANDARD as STANDARD_BASE64_ENGINE;
 
 #[derive(Debug)]
 pub struct Oidc {
@@ -164,7 +159,7 @@ impl Oidc {
             .split('.')
             .nth(1)
             .ok_or(errors::IdTokenError::InvalidFormat)?;
-        let payload = base64::decode_engine(part, &BASE64_ENGINE)?;
+        let payload = JWT_BASE64_ENGINE.decode(part)?;
         let expiry = serde_json::from_slice::<Claims>(&payload)?.expiry;
         let timestamp = Utc
             .timestamp_opt(expiry, 0)
@@ -370,7 +365,7 @@ impl Refresher {
                     AUTHORIZATION,
                     format!(
                         "Basic {}",
-                        base64::encode(format!(
+                        STANDARD_BASE64_ENGINE.encode(format!(
                             "{}:{}",
                             self.client_id.expose_secret(),
                             self.client_secret.expose_secret()
@@ -481,7 +476,7 @@ mod tests {
         let invalid_claims_token = format!(
             "{}.{}.{}",
             token_valid.split_once('.').unwrap().0,
-            base64::encode(serde_json::to_string(&invalid_claims).unwrap()),
+            JWT_BASE64_ENGINE.encode(serde_json::to_string(&invalid_claims).unwrap()),
             token_valid.rsplit_once('.').unwrap().1,
         );
         oidc.id_token = invalid_claims_token.into();

diff --git a/kube-client/src/client/upgrade.rs b/kube-client/src/client/upgrade.rs
@@ -39,7 +39,6 @@ pub enum UpgradeConnectionError {
     GetPendingUpgrade(#[source] hyper::Error),
 }
 
-
 // Verify upgrade response according to RFC6455.
 // Based on `tungstenite` and added subprotocol verification.
 pub fn verify_response(res: &Response<Body>, key: &str) -> Result<(), UpgradeConnectionError> {
@@ -90,6 +89,7 @@ pub fn verify_response(res: &Response<Body>, key: &str) -> Result<(), UpgradeCon
 /// Generate a random key for the `Sec-WebSocket-Key` header.
 /// This must be nonce consisting of a randomly selected 16-byte value in base64.
 pub fn sec_websocket_key() -> String {
+    use base64::Engine;
     let r: [u8; 16] = rand::random();
-    base64::encode(r)
+    base64::engine::general_purpose::STANDARD.encode(r)
 }
diff --git a/kube-client/src/config/file_config.rs b/kube-client/src/config/file_config.rs
@@ -537,7 +537,10 @@ fn load_from_base64_or_file<P: AsRef<Path>>(
 }
 
 fn load_from_base64(value: &str) -> Result<Vec<u8>, LoadDataError> {
-    base64::decode(value).map_err(LoadDataError::DecodeBase64)
+    use base64::Engine;
+    base64::engine::general_purpose::STANDARD
+        .decode(value)
+        .map_err(LoadDataError::DecodeBase64)
 }
 
 fn load_from_file<P: AsRef<Path>>(file: &P) -> Result<Vec<u8>, LoadDataError> {
@@ -768,7 +771,6 @@ users:
     client-key-data: aGVsbG8K
 "#;
 
-
         let kubeconfig1 = Kubeconfig::from_yaml(config1)?;
         let kubeconfig2 = Kubeconfig::from_yaml(config2)?;
         let merged = kubeconfig1.merge(kubeconfig2).unwrap();