chore: enforce rustfmt

Author: sangwa

.github/workflows/ci.yaml

@@ -24,6 +24,10 @@ jobs:
       - name: Install Clippy and Rustfmt
         run: rustup component add clippy rustfmt
 
+      - name: Check code formatting
+        run: |
+          cargo fmt --check --manifest-path enclaver/Cargo.toml
+
       - name: Check with default features
         run: |
           cargo clippy --quiet --no-deps --manifest-path enclaver/Cargo.toml

enclaver/src/api.rs

@@ -1,9 +1,9 @@
 use anyhow::Result;
 use async_trait::async_trait;
-use hyper::header::CONTENT_TYPE;
-use hyper::{Request, Response, StatusCode, Method};
+use http_body_util::{BodyExt, Full};
 use hyper::body::Bytes;
-use http_body_util::{Full, BodyExt};
+use hyper::header::CONTENT_TYPE;
+use hyper::{Method, Request, Response, StatusCode};
 use pkcs8::{DecodePublicKey, SubjectPublicKeyInfo};
 use serde::Deserialize;
 

enclaver/src/bin/odyn/kms_proxy.rs

@@ -9,7 +9,7 @@ use enclaver::http_util::HttpServer;
 use enclaver::keypair::KeyPair;
 use enclaver::nsm::{Nsm, NsmAttestationProvider};
 use enclaver::proxy::aws_util;
-use enclaver::proxy::kms::{KmsProxyConfig, KmsProxyHandler, CredentialsGetter};
+use enclaver::proxy::kms::{CredentialsGetter, KmsProxyConfig, KmsProxyHandler};
 
 use crate::config::Configuration;
 

enclaver/src/build.rs

@@ -6,7 +6,7 @@ use crate::manifest::{load_manifest, Manifest};
 use crate::nitro_cli::{EIFInfo, KnownIssue};
 use anyhow::{anyhow, Result};
 use bollard::container::{Config, LogOutput, LogsOptions, WaitContainerOptions};
-use bollard::models::{ImageConfig, HostConfig, Mount, MountTypeEnum};
+use bollard::models::{HostConfig, ImageConfig, Mount, MountTypeEnum};
 use bollard::Docker;
 use futures_util::stream::{StreamExt, TryStreamExt};
 use log::{debug, info, warn};
@@ -96,15 +96,22 @@ impl EnclaveArtifactBuilder {
 
         if let Some(signature) = &manifest.signature {
             if let Some(parent_path) = PathBuf::from(manifest_path).parent() {
-                certificate_path = Some(canonicalize(parent_path.join(&signature.certificate)).await?);
+                certificate_path =
+                    Some(canonicalize(parent_path.join(&signature.certificate)).await?);
                 key_path = Some(canonicalize(parent_path.join(&signature.key)).await?);
             } else {
                 return Err(anyhow!("Failed to get parent path of manifest"));
             }
         }
 
         let eif_info = self
-            .image_to_eif(&amended_img, &build_dir, EIF_FILE_NAME, key_path, certificate_path)
+            .image_to_eif(
+                &amended_img,
+                &build_dir,
+                EIF_FILE_NAME,
+                key_path,
+                certificate_path,
+            )
             .await?;
 
         Ok(IntermediateBuildResult {
@@ -237,7 +244,7 @@ impl EnclaveArtifactBuilder {
         build_dir: &TempDir,
         eif_name: &str,
         key: Option<PathBuf>,
-        certificate: Option<PathBuf>
+        certificate: Option<PathBuf>,
     ) -> Result<EIFInfo> {
         let build_dir_path = build_dir.path().to_str().unwrap();
 
@@ -288,7 +295,6 @@ impl EnclaveArtifactBuilder {
             cmd.push("--private-key");
             cmd.push("/var/run/key");
 
-
             mounts.push(Mount {
                 typ: Some(MountTypeEnum::BIND),
                 source: Some(key_path.to_string_lossy().to_string()),

enclaver/src/http_client.rs

@@ -1,9 +1,9 @@
-use hyper::Uri;
 use hyper::body::Body;
-use hyper_util::client::legacy::Client;
+use hyper::Uri;
+use hyper_proxy2::{Intercept, Proxy, ProxyConnector};
 use hyper_util::client::legacy::connect::HttpConnector;
+use hyper_util::client::legacy::Client;
 use hyper_util::rt::TokioExecutor;
-use hyper_proxy2::{Intercept, Proxy, ProxyConnector};
 
 pub type HttpProxyClient<B> = Client<ProxyConnector<HttpConnector>, B>;
 
@@ -12,7 +12,7 @@ pub fn new_http_proxy_client<B>(proxy_uri: Uri) -> HttpProxyClient<B>
 where
     B: Body + Send + 'static,
     B::Data: Send,
-    B::Error: Into<Box<dyn std::error::Error + Send + Sync>>, 
+    B::Error: Into<Box<dyn std::error::Error + Send + Sync>>,
 {
     let proxy = Proxy::new(Intercept::All, proxy_uri);
     let connector = HttpConnector::new();

enclaver/src/http_util.rs

@@ -3,12 +3,12 @@ use std::sync::Arc;
 
 use anyhow::Result;
 use async_trait::async_trait;
-use hyper::{Request, Response, StatusCode};
-use hyper::server::conn::http1;
+use http_body_util::{BodyExt, Full};
 use hyper::body::{Bytes, Incoming};
+use hyper::server::conn::http1;
 use hyper::service::service_fn;
+use hyper::{Request, Response, StatusCode};
 use hyper_util::rt::TokioIo;
-use http_body_util::{Full, BodyExt};
 use tokio::net::TcpListener;
 
 #[async_trait]
@@ -45,16 +45,20 @@ impl HttpServer {
                 // Finally, we bind the incoming connection to our `hello` service
                 if let Err(err) = http1::Builder::new()
                     // `service_fn` converts our function in a `Service`
-                    .serve_connection(io, service_fn(move |req: Request<Incoming>| {
-                        let handler = handler.clone();  // Clone before moving into async block
-                        async move {
-                            let (head, body) = req.into_parts();
-                            let body = body.collect().await?;
+                    .serve_connection(
+                        io,
+                        service_fn(move |req: Request<Incoming>| {
+                            let handler = handler.clone(); // Clone before moving into async block
+                            async move {
+                                let (head, body) = req.into_parts();
+                                let body = body.collect().await?;
 
-                            let req_full = Request::from_parts(head, Full::new(body.to_bytes()));
-                            handler.handle(req_full).await
-                        }
-                    }))
+                                let req_full =
+                                    Request::from_parts(head, Full::new(body.to_bytes()));
+                                handler.handle(req_full).await
+                            }
+                        }),
+                    )
                     .await
                 {
                     eprintln!("Error serving connection: {:?}", err);

enclaver/src/images.rs

@@ -134,9 +134,8 @@ impl ImageManager {
         // pair of streams, and lazily write the tarball to one of them while streaming
         // the other end of the pipe into the daemon request.
         let (tar_write, tar_read) = duplex(1024);
-        let byte_stream = codec::FramedRead::new(tar_read, codec::BytesCodec::new()).map(|r| {
-            r.unwrap().freeze()
-        });
+        let byte_stream =
+            codec::FramedRead::new(tar_read, codec::BytesCodec::new()).map(|r| r.unwrap().freeze());
 
         // Concurrently build the context tarball and perform the build request.
         let (realize_res, build_res) = tokio::join!(

enclaver/src/proxy/aws_util.rs

@@ -2,19 +2,21 @@ use std::sync::Arc;
 
 use anyhow::{anyhow, Result};
 use http::Uri;
-use hyper::body::Bytes;
 use http_body_util::BodyExt;
+use hyper::body::Bytes;
 
 use aws_config::imds;
 use aws_config::imds::credentials::ImdsCredentialsProvider;
 use aws_config::imds::region::ImdsRegionProvider;
 use aws_config::provider_config::ProviderConfig;
-use aws_types::sdk_config::{SdkConfig, SharedHttpClient, SharedCredentialsProvider};
+use aws_types::sdk_config::{SdkConfig, SharedCredentialsProvider, SharedHttpClient};
 
+use aws_smithy_runtime_api::client::http::{
+    HttpClient, HttpConnector, HttpConnectorFuture, HttpConnectorSettings, SharedHttpConnector,
+};
+use aws_smithy_runtime_api::client::result::ConnectorError;
 use aws_smithy_runtime_api::client::runtime_components::RuntimeComponents;
 use aws_smithy_runtime_api::http::Request;
-use aws_smithy_runtime_api::client::http::{HttpClient, HttpConnectorSettings, SharedHttpConnector, HttpConnector, HttpConnectorFuture};
-use aws_smithy_runtime_api::client::result::ConnectorError;
 use aws_smithy_types::body::SdkBody;
 
 use crate::http_client::HttpProxyClient;
@@ -26,7 +28,9 @@ struct ProxiedHttpClient(Arc<HttpProxyClient<SdkBody>>);
 
 impl ProxiedHttpClient {
     fn new(proxy_uri: Uri) -> Self {
-        Self(Arc::new(crate::http_client::new_http_proxy_client(proxy_uri)))
+        Self(Arc::new(crate::http_client::new_http_proxy_client(
+            proxy_uri,
+        )))
     }
 }
 
@@ -47,7 +51,8 @@ impl HttpConnector for ProxiedHttpClient {
             let request = request.try_into_http1x().unwrap();
             let response = client.request(request).await.unwrap();
             let (head, body) = response.into_parts();
-            body.collect().await
+            body.collect()
+                .await
                 .map_err(|err| ConnectorError::user(err.into()))
                 .and_then(|body| into_aws_response(head, body.to_bytes()))
         };
@@ -56,9 +61,10 @@ impl HttpConnector for ProxiedHttpClient {
     }
 }
 
-fn into_aws_response(head: hyper::http::response::Parts, body: Bytes)
-    -> Result<aws_smithy_runtime_api::client::orchestrator::HttpResponse, ConnectorError>
-{
+fn into_aws_response(
+    head: hyper::http::response::Parts,
+    body: Bytes,
+) -> Result<aws_smithy_runtime_api::client::orchestrator::HttpResponse, ConnectorError> {
     let resp = http::Response::from_parts(head, body.into());
     aws_smithy_runtime_api::client::orchestrator::HttpResponse::try_from(resp)
         .map_err(|err| ConnectorError::user(err.into()))
@@ -77,7 +83,7 @@ pub async fn imds_client_with_proxy(proxy_uri: Uri) -> Result<imds::Client> {
     let client = imds::Client::builder()
         .configure(&config)
         .endpoint(IMDS_URL)
-        .map_err( anyhow::Error::from_boxed)?
+        .map_err(anyhow::Error::from_boxed)?
         .build();
 
     Ok(client)

enclaver/src/proxy/egress_http.rs

@@ -6,15 +6,15 @@ use anyhow::anyhow;
 use async_trait::async_trait;
 use futures::{Stream, StreamExt};
 use http_body_util::combinators::BoxBody;
-use hyper::{Method, Request, Response, StatusCode};
+use http_body_util::Full;
 use hyper::body::{Body, Bytes, Incoming};
-use hyper::http::uri::PathAndQuery;
+use hyper::client::conn::http1 as http1_client;
 use hyper::header::HeaderValue;
+use hyper::http::uri::PathAndQuery;
 use hyper::server::conn::http1 as http1_server;
-use hyper::client::conn::http1 as http1_client;
 use hyper::service::service_fn;
+use hyper::{Method, Request, Response, StatusCode};
 use hyper_util::rt::TokioIo;
-use http_body_util::Full;
 use log::{debug, error};
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
@@ -211,7 +211,8 @@ async fn proxy(
 
 fn with_boxed_body<B>(resp: Response<B>) -> Response<BoxBody<Bytes, anyhow::Error>>
 where
-    B: Body<Data = Bytes> + Send + Sync + 'static, <B as hyper::body::Body>::Error: std::error::Error + Send + Sync
+    B: Body<Data = Bytes> + Send + Sync + 'static,
+    <B as hyper::body::Body>::Error: std::error::Error + Send + Sync,
 {
     use http_body_util::BodyExt;
 
@@ -246,9 +247,7 @@ async fn handle_connect(
             // Connect to remote server before the upgrade so we can return an error if it fails
             let mut remote = match remote_connect(egress_port, authority.host(), port).await {
                 Ok(remote) => remote,
-                Err(err) => {
-                    return err_resp(StatusCode::SERVICE_UNAVAILABLE, err.to_string())
-                }
+                Err(err) => return err_resp(StatusCode::SERVICE_UNAVAILABLE, err.to_string()),
             };
 
             tokio::task::spawn(async move {
@@ -280,7 +279,11 @@ async fn handle_request(
 ) -> anyhow::Result<Response<BoxBody<Bytes, anyhow::Error>>> {
     let host = match req.uri().host() {
         Some(host) => host,
-        None => return Ok(with_boxed_body(bad_request("URI is missing a host".to_string()))),
+        None => {
+            return Ok(with_boxed_body(bad_request(
+                "URI is missing a host".to_string(),
+            )))
+        }
     };
     let port = req.uri().port_u16().unwrap_or(80);
 
@@ -390,12 +393,12 @@ async fn remote_connect(egress_port: u32, host: &str, port: u16) -> anyhow::Resu
 mod tests {
     use assert2::assert;
     use http::{uri::PathAndQuery, Method, Version};
-    use hyper::{Request, Response};
+    use http_body_util::{BodyExt, Full};
     use hyper::body::{Bytes, Incoming};
     use hyper::server::conn::http1 as http1_server;
     use hyper::service::service_fn;
+    use hyper::{Request, Response};
     use hyper_util::rt::TokioIo;
-    use http_body_util::{Full, BodyExt};
     use rand::RngCore;
     use std::convert::Infallible;
     use std::net::{Ipv4Addr, SocketAddr};

enclaver/src/proxy/ingress.rs

@@ -126,8 +126,6 @@ mod tests {
     use anyhow::Result;
     use assert2::assert;
     use rand::RngCore;
-    use tokio_rustls::rustls::{ClientConfig, ServerConfig};
-    use tokio_rustls::rustls::pki_types::ServerName;
     use std::collections::hash_map::DefaultHasher;
     use std::hash::Hasher;
     use std::net::{Ipv4Addr, SocketAddrV4};
@@ -136,6 +134,8 @@ mod tests {
     use tokio::net::{TcpListener, TcpStream};
     use tokio::sync::watch::Sender;
     use tokio::task::JoinHandle;
+    use tokio_rustls::rustls::pki_types::ServerName;
+    use tokio_rustls::rustls::{ClientConfig, ServerConfig};
     use tokio_rustls::TlsConnector;
 
     use super::{EnclaveProxy, HostProxy};