Change influx library to remove dependency on OpenSSL (#15)

obelisk · Jan 31, 2022 · d052dcd · d052dcd
1 parent 022b903
commit d052dcd
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 144 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/docker/Dockerfile_influx.aarch64 b/docker/Dockerfile_influx.aarch64
@@ -0,0 +1,18 @@
+FROM messense/rust-musl-cross:aarch64-musl as builder
+
+RUN rustup component add rustfmt
+RUN mkdir /rustica
+COPY proto /tmp/proto
+COPY rustica /tmp/rustica
+WORKDIR /tmp/rustica
+
+RUN cargo build --features="influx" --release
+
+FROM alpine:3.6 as alpine
+RUN apk add -U --no-cache ca-certificates
+
+from scratch as runtime
+COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /tmp/rustica/target/aarch64-unknown-linux-musl/release/rustica /rustica
+USER 1000
+ENTRYPOINT [ "/rustica" ]
diff --git a/docker/Dockerfile_influx.amd64 b/docker/Dockerfile_influx.amd64
@@ -0,0 +1,19 @@
+FROM ekidd/rust-musl-builder:1.57.0 as builder
+USER root
+RUN apt update && apt upgrade -y && apt install -y git
+RUN rustup component add rustfmt
+RUN mkdir /rustica
+COPY proto /tmp/proto
+COPY rustica /tmp/rustica
+WORKDIR /tmp/rustica
+
+RUN cargo build --target=x86_64-unknown-linux-musl --features="influx" --release
+
+FROM alpine:3.6 as alpine
+RUN apk add -U --no-cache ca-certificates
+
+from scratch as runtime
+COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /tmp/rustica/target/x86_64-unknown-linux-musl/release/rustica /rustica
+USER 1000
+ENTRYPOINT [ "/rustica" ]
diff --git a/rustica/Cargo.toml b/rustica/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rustica"
-version = "0.8.1"
+version = "0.8.2"
 authors = ["Mitchell Grenier <[email protected]>"]
 edition = "2018"
 
@@ -10,7 +10,7 @@ default = []
 all = ["amazon-kms", "influx", "splunk", "yubikey-support", "local-db"]
 
 amazon-kms = ["aws-config", "aws-sdk-kms", "aws-types"]
-influx = ["influx_db_client"]
+influx = ["influxdb"]
 local-db = ["diesel"]
 splunk = ["reqwest", "serde_json"]
 yubikey-support = ["sshcerts/yubikey-support"]
@@ -43,12 +43,11 @@ aws-config = { version = "0.5", optional = true }
 aws-sdk-kms = { version = "0.5", optional = true }
 aws-types = { version = "0.5", optional = true }
 
-
 # Dependencies for local-db
 diesel = { version = "1.4.4", features = ["sqlite"], optional = true }
 
 # Dependencies for Influx
-influx_db_client = { version = "0.5.0", optional = true }
+influxdb = { version = "0.5.1", optional = true }
 
 # Dependencies for Splunk
 reqwest = { version = "0.11", default-features = false, features = ["rustls-tls"], optional = true }

diff --git a/rustica/src/logging/influx.rs b/rustica/src/logging/influx.rs
@@ -1,13 +1,14 @@
 use super::{Log, LoggingError, RusticaLogger, WrappedLog};
 
-use influx_db_client::{
-    Client, Point, Points, Precision, points
-};
+use influxdb::{Client, Timestamp};
+use influxdb::InfluxDbWriteable;
 
 use tokio::runtime::Runtime;
 
 use serde::Deserialize;
 
+use std::time::{SystemTime, UNIX_EPOCH};
+
 #[derive(Deserialize)]
 pub struct Config {
     address: String,
@@ -23,11 +24,12 @@ pub struct InfluxLogger {
     dataset: String,
 }
 
+
 impl InfluxLogger {
     /// Create a new InfluxDB logger from the provided configuration
     pub fn new(config: Config) -> Self {
         Self {
-            client: Client::new(config.address.parse().unwrap(), config.database).set_authentication(config.user, config.password),
+            client: Client::new(config.address, config.database).with_auth(config.user, config.password),
             runtime: Runtime::new().unwrap(),
             dataset: config.dataset,
         }
@@ -43,16 +45,22 @@ impl RusticaLogger for InfluxLogger {
     fn send_log(&self, log: &WrappedLog) -> Result<(), LoggingError> {
         match &log.log {
             Log::CertificateIssued(ci) => {
-                let point = Point::new(&self.dataset)
-                .add_tag("fingerprint", ci.fingerprint.clone())
-                .add_tag("mtls_identities", ci.mtls_identities.join(","))
-                .add_field("principals", ci.principals.join(","));
+                let start = SystemTime::now();
+                let timestamp = start
+                    .duration_since(UNIX_EPOCH)
+                    .expect("Time went backwards");
+
+                let point_query = Timestamp::Seconds(timestamp.as_secs().into()).into_query(&self.dataset)
+                    .add_tag("fingerprint", ci.fingerprint.clone())
+                    .add_tag("mtls_identities", ci.mtls_identities.join(","))
+                    .add_field("principals", ci.principals.join(","));
 
                 let client = self.client.clone();
+
                 self.runtime.spawn(async move {
-                    if let Err(e) = client.write_points(points!(point), Some(Precision::Seconds), None).await {
-                        error!("Could not log to influx DB: {}", e);
-                    }
+                    if let Err(e) = client.query(point_query).await {
+                        error!("Could not send log to Influx: {}", e);
+                    }                
                 });  
             }
             Log::KeyRegistered(_kr) => (),