Merge pull request #22 from wa5i/ci

Fix the bug causing compilation errors on Windows.

.github/workflows/rust.yml

@@ -10,12 +10,35 @@ env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  build:
+  unix-test:
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-latest
+    runs-on: ${{matrix.os}}
 
-    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build
+      run: cargo build --verbose
+    - name: Run tests
+      run: cargo test --verbose
+  windows-test:
+    strategy:
+      matrix:
+        os:
+          - windows-latest
+    runs-on: ${{matrix.os}}
 
     steps:
     - uses: actions/checkout@v3
+    - run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
+    - run: vcpkg install openssl:x64-windows-static-md
+    - name: Setup Rust
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
     - name: Build
       run: cargo build --verbose
     - name: Run tests

Cargo.toml

@@ -27,7 +27,6 @@ clap = { version = "4.4", features = ["wrap_help", "suggestions"] }
 sysexits = { version = "0.7", features = ["std"] }
 build-time = "0.1"
 hcl-rs = "0.16"
-daemonize = "0.5"
 actix-web = { version = "4.4", features = ["openssl"] }
 actix-tls = "3.1"
 actix-rt = "2.9"
@@ -40,6 +39,9 @@ as-any = "0.3.1"
 pem = "3.0"
 chrono = "0.4"
 
+[target.'cfg(unix)'.dependencies]
+daemonize = "0.5"
+
 [dependencies.foreign-types]
 version = "0.3.1"
 

src/cli/command/server.rs

@@ -2,11 +2,9 @@ use std::{
     env,
     fs,
     default::Default,
-    fs::OpenOptions,
     path::Path,
     sync::{Arc, RwLock}
 };
-use daemonize::Daemonize;
 use clap::{ArgMatches};
 use sysexits::ExitCode;
 use actix_web::{
@@ -52,6 +50,7 @@ pub fn main(config_path: &str) -> Result<(), RvError> {
         fs::create_dir_all(work_dir.as_str())?;
     }
 
+    #[cfg(not(windows))]
     if config.daemon {
         // start daemon
         let log_path = format!("{}/rusty_vault.log", work_dir);
@@ -70,7 +69,7 @@ pub fn main(config_path: &str) -> Result<(), RvError> {
             group = config.daemon_group.clone();
         }
 
-        let log_file = OpenOptions::new()
+        let log_file = std::fs::OpenOptions::new()
             .read(true)
             .write(true)
             .append(true)
@@ -79,7 +78,7 @@ pub fn main(config_path: &str) -> Result<(), RvError> {
             .open(log_path)
             .unwrap();
 
-        let daemonize = Daemonize::new()
+        let daemonize = daemonize::Daemonize::new()
             .working_directory(work_dir.as_str())
             .user(user.as_str())
             .group(group.as_str())

src/modules/auth/expiration.rs

@@ -9,7 +9,7 @@ use serde_json::{Value, Map};
 use serde::{Serialize, Deserialize};
 use delay_timer::prelude::*;
 use crate::{
-	utils::{generate_uuid, serialize_system_time, deserialize_system_time},
+    utils::{generate_uuid, serialize_system_time, deserialize_system_time},
     logical::{
         Auth, SecretData, Request, Response,
     },
@@ -163,7 +163,7 @@ impl ExpirationTask {
     }
 
     fn remove_task(&mut self, lease_id: &str) -> Result<(), RvError> {
-		log::debug!("remove task, lease_id: {}", lease_id);
+        log::debug!("remove task, lease_id: {}", lease_id);
         if let Some(task_id) = self.task_id_map.remove(lease_id) {
             self.task_id_remove_pending.push(task_id);
         }
@@ -172,7 +172,7 @@ impl ExpirationTask {
 
     fn clean_finish_task(&mut self) -> Result<(), RvError> {
         for task_id in self.task_id_remove_pending.iter() {
-			log::debug!("clean finish task, task_id: {}", *task_id);
+            log::debug!("clean finish task, task_id: {}", *task_id);
             self.task_timer.remove_task(*task_id)?;
         }
         self.task_id_remove_pending.clear();
@@ -182,8 +182,8 @@ impl ExpirationTask {
 
 impl Drop for ExpirationTask {
     fn drop(&mut self) {
-		log::debug!("expiration task timer stopping!");
-		let _ = self.task_timer.stop_delay_timer();
+        log::debug!("expiration task timer stopping!");
+        let _ = self.task_timer.stop_delay_timer();
     }
 }
 

src/modules/auth/token_store.rs

@@ -10,7 +10,7 @@ use serde_json::{json, Value};
 use serde::{Serialize, Deserialize};
 use humantime::parse_duration;
 use crate::{
-	utils::{generate_uuid, sha1, is_str_subset},
+    utils::{generate_uuid, sha1, is_str_subset},
     new_path, new_path_internal,
     new_logical_backend, new_logical_backend_internal,
     logical::{

src/modules/pki/mod.rs

@@ -98,122 +98,122 @@ impl PkiBackend {
                 {
                     pattern: r"roles/(?P<name>\w[\w-]+\w)",
                     fields: {
-						"name": {
+                        "name": {
                             field_type: FieldType::Str,
                             required: true,
-							description: r#"Name of the role."#
-						},
-						"ttl": {
+                            description: r#"Name of the role."#
+                        },
+                        "ttl": {
                             field_type: FieldType::Str,
-							description: r#"
+                            description: r#"
 The lease duration (validity period of the certificate) if no specific lease
  duration is requested. The lease duration controls the expiration of certificates
 issued by this backend. defaults to the system default value or the value of
 max_ttl, whichever is shorter."#
-						},
-						"max_ttl": {
+                        },
+                        "max_ttl": {
                             field_type: FieldType::Str,
                             required: true,
-							description: r#"
+                            description: r#"
 The maximum allowed lease duration. If not set, defaults to the system maximum lease TTL."#
-						},
-						"allow_localhost": {
+                        },
+                        "allow_localhost": {
                             field_type: FieldType::Bool,
-							default: true,
-							description: r#"
+                            default: true,
+                            description: r#"
 Whether to allow "localhost" and "localdomain" as a valid common name in a request,
 independent of allowed_domains value."#
-						},
-						"allowed_domains": {
-							field_type: FieldType::Str,
-							description: r#"
+                        },
+                        "allowed_domains": {
+                            field_type: FieldType::Str,
+                            description: r#"
 Specifies the domains this role is allowed to issue certificates for.
 This is used with the allow_bare_domains, allow_subdomains, and allow_glob_domains
 to determine matches for the common name, DNS-typed SAN entries, and Email-typed
 SAN entries of certificates. See the documentation for more information.
 This parameter accepts a comma-separated string or list of domains."#
-						},
-						"allow_bare_domains": {
-							field_type: FieldType::Bool,
+                        },
+                        "allow_bare_domains": {
+                            field_type: FieldType::Bool,
                             default: false,
-							description: r#"
+                            description: r#"
 If set, clients can request certificates for the base domains themselves,
 e.g. "example.com" of domains listed in allowed_domains. This is a separate
 option as in some cases this can be considered a security threat.
 See the documentation for more information."#
-						},
-						"allow_subdomains": {
-							field_type: FieldType::Bool,
+                        },
+                        "allow_subdomains": {
+                            field_type: FieldType::Bool,
                             default: false,
-							description: r#"
+                            description: r#"
 If set, clients can request certificates for subdomains of domains listed in
 allowed_domains, including wildcard subdomains. See the documentation for more information."#
-						},
-						"allow_any_name": {
-							field_type: FieldType::Bool,
+                        },
+                        "allow_any_name": {
+                            field_type: FieldType::Bool,
                             default: false,
-							description: r#"
+                            description: r#"
 If set, clients can request certificates for any domain, regardless of allowed_domains restrictions.
 See the documentation for more information."#
-						},
-						"allow_ip_sans": {
-							field_type: FieldType::Bool,
-							default: true,
-							description: r#"
+                        },
+                        "allow_ip_sans": {
+                            field_type: FieldType::Bool,
+                            default: true,
+                            description: r#"
 If set, IP Subject Alternative Names are allowed. Any valid IP is accepted and No authorization checking is performed."#
-						},
-						"server_flag": {
-							field_type: FieldType::Bool,
-							default: true,
-							description: r#"
+                        },
+                        "server_flag": {
+                            field_type: FieldType::Bool,
+                            default: true,
+                            description: r#"
 If set, certificates are flagged for server auth use. defaults to true. See also RFC 5280 Section 4.2.1.12."#
-						},
-						"client_flag": {
-							field_type: FieldType::Bool,
-							default: true,
-							description: r#"
+                        },
+                        "client_flag": {
+                            field_type: FieldType::Bool,
+                            default: true,
+                            description: r#"
 If set, certificates are flagged for client auth use. defaults to true. See also RFC 5280 Section 4.2.1.12."#
-						},
-						"code_signing_flag": {
-							field_type: FieldType::Bool,
-							description: r#"
+                        },
+                        "code_signing_flag": {
+                            field_type: FieldType::Bool,
+                            description: r#"
 If set, certificates are flagged for code signing use. defaults to false. See also RFC 5280 Section 4.2.1.12."#
-						},
-						"key_type": {
-							field_type: FieldType::Str,
-							default: "rsa",
-							description: r#"
+                        },
+                        "key_type": {
+                            field_type: FieldType::Str,
+                            default: "rsa",
+                            description: r#"
 The type of key to use; defaults to RSA. "rsa" "ec", "ed25519" and "any" are the only valid values."#
-						},
-						"key_bits": {
-							field_type: FieldType::Int,
-							default: 0,
-							description: r#"
+                        },
+                        "key_bits": {
+                            field_type: FieldType::Int,
+                            default: 0,
+                            description: r#"
 The number of bits to use. Allowed values are 0 (universal default); with rsa
  key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default),
 384, or 521; ignored with ed25519."#
-						},
-						"signature_bits": {
-							field_type: FieldType::Int,
-							default: 0,
-							description: r#"
+                        },
+                        "signature_bits": {
+                            field_type: FieldType::Int,
+                            default: 0,
+                            description: r#"
 The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256,
 384 for SHA-2-384, and 512 for SHA-2-512. defaults to 0 to automatically detect
  based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves)."#
-						},
-						"not_before_duration": {
-							field_type: FieldType::Int,
-							default: 30,
-							description: r#"
+                        },
+                        "not_before_duration": {
+                            field_type: FieldType::Int,
+                            default: 30,
+                            description: r#"
 The duration before now which the certificate needs to be backdated by."#
-						},
-						"not_after": {
-							field_type: FieldType::Str,
+                        },
+                        "not_after": {
+                            field_type: FieldType::Str,
                             default: "",
-							description: r#"
+                            description: r#"
 Set the not after field of the certificate with specified date value.
 The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ."#
-						},
+                        },
                         "ou": {
                             required: false,
                             field_type: FieldType::Str,
@@ -282,7 +282,7 @@ or revoked, so this option is recommended only for certificates that are
 non-sensitive, or extremely short-lived. This option implies a value of "false"
 for "generate_lease"."#
                         }
-					},
+                    },
                     operations: [
                         {op: Operation::Read, handler: pki_backend_ref1.read_path_role},
                         {op: Operation::Write, handler: pki_backend_ref2.create_path_role},

src/modules/pki/path_config_ca.rs

@@ -21,7 +21,7 @@ impl PkiBackendInner {
         let pem_bundle_value = req.get_data("pem_bundle")?;
         let pem_bundle = pem_bundle_value.as_str().unwrap();
 
-		let items = pem::parse_many(pem_bundle)?;
+        let items = pem::parse_many(pem_bundle)?;
         let mut key_found = false;
         let mut i = 0;
 

src/modules/pki/path_roles.rs

@@ -4,7 +4,7 @@ use std::{
 use humantime::parse_duration;
 use serde::{Serialize, Deserialize};
 use crate::{
-	utils::{serialize_duration, deserialize_duration},
+    utils::{serialize_duration, deserialize_duration},
     logical::{
         Backend, Request, Response,
     },

src/storage/barrier_aes_gcm.rs

@@ -505,9 +505,12 @@ mod test {
         assert!(keys.is_ok());
         let keys = keys.unwrap();
         assert_eq!(keys.len(), 3);
-        assert_eq!(keys[0], "bar".to_string());
-        assert_eq!(keys[1], "barrier/".to_string());
-        assert_eq!(keys[2], "bar/".to_string());
+        assert!(keys.join("") == "barbarrier/bar/"
+                || keys.join("") == "barbar/barrier/"
+                || keys.join("") == "bar/barbarrier/"
+                || keys.join("") == "barrier/bar/bar"
+                || keys.join("") == "barrier/barbar/"
+                || keys.join("") == "bar/barrier/bar");
         let get = barrier.get("bar");
         assert!(get.is_ok());
         assert_eq!(get.unwrap().unwrap().value, "test1".as_bytes());
@@ -517,8 +520,7 @@ mod test {
         assert!(keys.is_ok());
         let keys = keys.unwrap();
         assert_eq!(keys.len(), 2);
-        assert_eq!(keys[0], "foo".to_string());
-        assert_eq!(keys[1], "foo/".to_string());
+        assert!(keys.join("") == "foofoo/" || keys.join("") == "foo/foo");
         let get = barrier.get("bar/foo");
         assert!(get.is_ok());
         assert_eq!(get.unwrap().unwrap().value, "test2".as_bytes());
@@ -548,8 +550,7 @@ mod test {
         assert!(keys.is_ok());
         let keys = keys.unwrap();
         assert_eq!(keys.len(), 2);
-        assert_eq!(keys[0], "barrier/".to_string());
-        assert_eq!(keys[1], "bar/".to_string());
+        assert!(keys.join("") == "barrier/bar/" || keys.join("") == "bar/barrier/");
 
         let seal = barrier.seal();
         assert!(seal.is_ok());