dns-name: Remove webpki dependency (#1316)

The `dns::Name` type is backed by `webpki::DNSName`; and the `webpki` crate has a dependency on `ring`. As we setup to support alternate cryptographic implementations, we don't want to incur this dependency for such a simple type that only validates DNS-like names. This change copies the `webpki::DNSName` and `webpki::DNSNameRef` types as `dns::Name` and `dns::NameRef` (preserving copyright information). Name parsing is simplified, as we don't need to handle wildcards with these types. Furthermore, this change updates the various identity-type wrapper types to implement `Deref` so that `dns::Name::as_str` and `dns::Name::as_bytes` are available implicitly. (cherry picked from commit 27587f5) Signed-off-by: Oliver Gould <ver@buoyant.io>
linkerd · Mar 30, 2022 · 62c0466 · 62c0466
1 parent df11327
commit 62c0466
Show file tree

Hide file tree

Showing 15 changed files with 352 additions and 119 deletions.
diff --git a/Cargo.lock b/Cargo.lock
@@ -895,7 +895,6 @@ version = "0.1.0"
 dependencies = [
  "thiserror",
  "untrusted",
- "webpki",
 ]
 
 [[package]]

diff --git a/linkerd/app/gateway/src/gateway.rs b/linkerd/app/gateway/src/gateway.rs
@@ -159,7 +159,7 @@ where
                 {
                     if let Some(by) = fwd_by(forwarded) {
                         tracing::info!(%forwarded);
-                        if by == local_id.as_ref() {
+                        if by == local_id.as_str() {
                             return Box::pin(future::err(GatewayLoop.into()));
                         }
                     }

diff --git a/linkerd/app/inbound/src/http/set_identity_header.rs b/linkerd/app/inbound/src/http/set_identity_header.rs
@@ -43,7 +43,7 @@ where
             .and_then(|tls| match tls {
                 tls::ServerTls::Established { client_id, .. } => {
                     client_id.as_ref().and_then(|id| {
-                        match http::HeaderValue::from_str(id.as_ref().as_ref()) {
+                        match http::HeaderValue::from_str(id.as_str()) {
                             Ok(v) => Some(v),
                             Err(error) => {
                                 tracing::warn!(%error, "identity not a valid header value");

diff --git a/linkerd/app/inbound/src/policy/mod.rs b/linkerd/app/inbound/src/policy/mod.rs
@@ -144,8 +144,8 @@ impl AllowPolicy {
                             ..
                         }) = tls
                         {
-                            if identities.contains(id.as_ref())
-                                || suffixes.iter().any(|s| s.contains(id.as_ref()))
+                            if identities.contains(id.as_str())
+                                || suffixes.iter().any(|s| s.contains(id.as_str()))
                             {
                                 return Ok(Permit::new(self.dst, &*server, authz));
                             }

diff --git a/linkerd/app/outbound/src/http/require_id_header.rs b/linkerd/app/outbound/src/http/require_id_header.rs
@@ -86,7 +86,7 @@ where
         if let Some(require_id) = Self::extract_id(&mut request) {
             match self.tls.as_ref() {
                 Conditional::Some(tls::ClientTls { server_id, .. }) => {
-                    if require_id != *server_id.as_ref() {
+                    if require_id != **server_id {
                         debug!(
                             required = %require_id,
                             found = %server_id,

diff --git a/linkerd/dns/name/Cargo.toml b/linkerd/dns/name/Cargo.toml
@@ -9,4 +9,3 @@ publish = false
 [dependencies]
 thiserror = "1.0"
 untrusted = "0.7"
-webpki = "0.21"
diff --git a/linkerd/dns/name/src/lib.rs b/linkerd/dns/name/src/lib.rs
@@ -4,5 +4,5 @@
 mod name;
 mod suffix;
 
-pub use self::name::{InvalidName, Name};
+pub use self::name::{InvalidName, Name, NameRef};
 pub use self::suffix::Suffix;