├── .editorconfig ├── .envrc ├── .github └── workflows │ └── ci.yml ├── .gitignore ├── LICENSE ├── README.md ├── eval ├── .gitignore ├── Cargo.lock ├── Cargo.toml ├── rust-toolchain.toml └── src │ └── main.rs ├── examples ├── flake.json ├── flake.rego ├── rbac.rego └── tfstate.rego ├── flake.bad.lock ├── flake.lock ├── flake.nix └── nix ├── evaluator.nix └── nu └── opa-wasm.nu /.editorconfig: -------------------------------------------------------------------------------- 1 | # https://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | indent_style = space 6 | indent_size = 2 7 | end_of_line = lf 8 | charset = utf-8 9 | trim_trailing_whitespace = true 10 | insert_final_newline = true 11 | max_line_length = 100 12 | 13 | [*.rego] 14 | indent_size = 4 15 | 16 | [*.rs] 17 | indent_size = 4 18 | 19 | [*.json] 20 | insert_final_newline = false 21 | -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: Nix + Open Policy Agent 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: 7 | - main 8 | 9 | jobs: 10 | check-and-build: 11 | strategy: 12 | matrix: 13 | os: [ubuntu-22.04, macos-12] 14 | runs-on: ${{ matrix.os }} 15 | environment: build 16 | steps: 17 | - name: git checkout 18 | uses: actions/checkout@v3 19 | 20 | - uses: DeterminateSystems/nix-installer-action@main 21 | 22 | - uses: DeterminateSystems/magic-nix-cache-action@main 23 | 24 | - name: Nix checks 25 | run: | 26 | nix flake check --all-systems 27 | 28 | - name: Nix build 29 | run: | 30 | nix build .#check-flake 31 | nix build .#flake-checker 32 | nix build .#rbac-eval 33 | nix build .#tfstate-eval 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Nix artifacts 2 | result 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Policy-driven Nix 2 | 3 | > [!INFO] 4 | > This repo was created as a complement to the [Packaging Open Policy Agent policies with Nix][blog-post] blog post on the [Determinate Systems blog][blog] and fulfilled its purpose. 5 | > It won't be updated further but you're free to use it [as you see fit](./LICENSE)! 6 | 7 | An experiment using [Nix] with [Open Policy Agent][opa] (OPA). 8 | 9 | ## How it works 10 | 11 | This project uses [Nix] to create CLI tools that wrap [Rego] policies for [Open Policy Agent][opa]: 12 | 13 | - The OPA CLI tool generates a [WebAssembly] (Wasm) binary for the specified Rego policy file and [entrypoint][bundle] 14 | - A [Rust CLI](./eval) wraps the generated Wasm and provides the final user interface. 15 | That CLI is itself a thin wrapper around the [`rust-opa-wasm`][lib] library from the good folks at [Matrix]. 16 | 17 | You can run the default example for the [`rbac.rego`](./examples/rbac.rego): 18 | 19 | ```shell 20 | # Generate a Wasm binary from an OPA policy 21 | nix build --print-build-logs 22 | 23 | ./result/bin/rbac-eval \ 24 | --input '{"password":"opensesame"}' \ 25 | --data '{"expected":"opensesame"}' 26 | # [{"result":true}] 27 | 28 | ./result/bin/rbac-eval \ 29 | --input '{"password":"somethingelse"}' \ 30 | --data '{"expected":"opensesame"}' 31 | # [{"result":false}] 32 | ``` 33 | 34 | That CLI wraps this policy: 35 | 36 | ```rego 37 | package rbac 38 | 39 | default allow := false 40 | 41 | allow = true { 42 | expected := data.expected 43 | password := input.password 44 | password == expected 45 | } 46 | ``` 47 | 48 | The magic here is that the generated CLI automatically reads from the Rego-policy-turned-into-Wasm stored in the Nix store, which means that you don't need to specify an entrypoint or a path to the Wasm file on the CLI; that's handled at the Nix level. 49 | 50 | ## Create your own evaluator 51 | 52 | You can create your own using the [`mkPolicyEvaluator`](./nix/evaluator.nix) function provided by this flake. 53 | Here's an example: 54 | 55 | ```nix 56 | mkPolicyEvaluator { 57 | name = "evaluate-tf-state"; # The name of the CLI 58 | src = ./.; # The local workspace 59 | policy = ./policies/terraform.rego; # The Rego policy that the CLI wraps 60 | entrypoint = "terraform/allow"; # The entrypoint for evaluation 61 | } 62 | ``` 63 | 64 | Here's that function used in the context of a full flake: 65 | 66 | ```nix 67 | { 68 | inputs = { 69 | nixpkgs.url = "github:NixOS/nixpkgs"; 70 | nix-policy.url = "github:DeterminateSystems/nix-policy"; 71 | }; 72 | 73 | outputs = { self, nix-policy }: 74 | let 75 | systems = [ 76 | "aarch64-linux" 77 | "x86_64-linux" 78 | "aarch64-darwin" 79 | "x86_64-darwin" 80 | ]; 81 | forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f { 82 | pkgs = import nixpkgs { inherit system; overlays = [ nix-policy-overlays.opa-wasm ]; }; 83 | }); 84 | in 85 | { 86 | packages = forAllSystems ({ pkgs }: { 87 | default = pkgs.mkPolicyEvaluator { 88 | name = "evaluate-tf-state"; 89 | src = ./.; 90 | policy = ./policies/terraform.rego; 91 | entrypoint = "terraform/allow"; 92 | }; 93 | }); 94 | }; 95 | } 96 | ``` 97 | 98 | Then you can build and run: 99 | 100 | ```shell 101 | nix build 102 | 103 | ./result/bin/evaluate-tf-state \ 104 | --input-path terraform.tfstate \ 105 | --data-path policy-data.json 106 | ``` 107 | 108 | [blog]: https://determinate.systems/posts 109 | [blog-post]: https://determinate.systems/posts/open-policy-agent 110 | [bundle]: https://www.openpolicyagent.org/docs/latest/management-bundles/#bundle-file-format 111 | [lib]: https://github.com/matrix-org/rust-opa-wasm 112 | [matrix]: https://github.com/matrix-org 113 | [nix]: https://zero-to-nix.com 114 | [opa]: https://open-policy-agent.org 115 | [rego]: https://www.openpolicyagent.org/docs/latest/policy-language 116 | [webassembly]: https://webassembly.org 117 | -------------------------------------------------------------------------------- /eval/.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | -------------------------------------------------------------------------------- /eval/Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "addr2line" 7 | version = "0.17.0" 8 | source = "registry+https://github.com/rust-lang/crates.io-index" 9 | checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b" 10 | dependencies = [ 11 | "gimli 0.26.2", 12 | ] 13 | 14 | [[package]] 15 | name = "addr2line" 16 | version = "0.21.0" 17 | source = "registry+https://github.com/rust-lang/crates.io-index" 18 | checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" 19 | dependencies = [ 20 | "gimli 0.28.1", 21 | ] 22 | 23 | [[package]] 24 | name = "adler" 25 | version = "1.0.2" 26 | source = "registry+https://github.com/rust-lang/crates.io-index" 27 | checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" 28 | 29 | [[package]] 30 | name = "ahash" 31 | version = "0.7.7" 32 | source = "registry+https://github.com/rust-lang/crates.io-index" 33 | checksum = "5a824f2aa7e75a0c98c5a504fceb80649e9c35265d44525b5f94de4771a395cd" 34 | dependencies = [ 35 | "getrandom", 36 | "once_cell", 37 | "version_check", 38 | ] 39 | 40 | [[package]] 41 | name = "aho-corasick" 42 | version = "1.1.2" 43 | source = "registry+https://github.com/rust-lang/crates.io-index" 44 | checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" 45 | dependencies = [ 46 | "memchr", 47 | ] 48 | 49 | [[package]] 50 | name = "android-tzdata" 51 | version = "0.1.1" 52 | source = "registry+https://github.com/rust-lang/crates.io-index" 53 | checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" 54 | 55 | [[package]] 56 | name = "android_system_properties" 57 | version = "0.1.5" 58 | source = "registry+https://github.com/rust-lang/crates.io-index" 59 | checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" 60 | dependencies = [ 61 | "libc", 62 | ] 63 | 64 | [[package]] 65 | name = "anstream" 66 | version = "0.6.4" 67 | source = "registry+https://github.com/rust-lang/crates.io-index" 68 | checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" 69 | dependencies = [ 70 | "anstyle", 71 | "anstyle-parse", 72 | "anstyle-query", 73 | "anstyle-wincon", 74 | "colorchoice", 75 | "utf8parse", 76 | ] 77 | 78 | [[package]] 79 | name = "anstyle" 80 | version = "1.0.4" 81 | source = "registry+https://github.com/rust-lang/crates.io-index" 82 | checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" 83 | 84 | [[package]] 85 | name = "anstyle-parse" 86 | version = "0.2.2" 87 | source = "registry+https://github.com/rust-lang/crates.io-index" 88 | checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" 89 | dependencies = [ 90 | "utf8parse", 91 | ] 92 | 93 | [[package]] 94 | name = "anstyle-query" 95 | version = "1.0.0" 96 | source = "registry+https://github.com/rust-lang/crates.io-index" 97 | checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" 98 | dependencies = [ 99 | "windows-sys 0.48.0", 100 | ] 101 | 102 | [[package]] 103 | name = "anstyle-wincon" 104 | version = "3.0.1" 105 | source = "registry+https://github.com/rust-lang/crates.io-index" 106 | checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" 107 | dependencies = [ 108 | "anstyle", 109 | "windows-sys 0.48.0", 110 | ] 111 | 112 | [[package]] 113 | name = "anyhow" 114 | version = "1.0.75" 115 | source = "registry+https://github.com/rust-lang/crates.io-index" 116 | checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" 117 | 118 | [[package]] 119 | name = "arrayvec" 120 | version = "0.7.4" 121 | source = "registry+https://github.com/rust-lang/crates.io-index" 122 | checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" 123 | 124 | [[package]] 125 | name = "async-trait" 126 | version = "0.1.74" 127 | source = "registry+https://github.com/rust-lang/crates.io-index" 128 | checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" 129 | dependencies = [ 130 | "proc-macro2", 131 | "quote", 132 | "syn 2.0.39", 133 | ] 134 | 135 | [[package]] 136 | name = "autocfg" 137 | version = "1.1.0" 138 | source = "registry+https://github.com/rust-lang/crates.io-index" 139 | checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" 140 | 141 | [[package]] 142 | name = "backtrace" 143 | version = "0.3.69" 144 | source = "registry+https://github.com/rust-lang/crates.io-index" 145 | checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" 146 | dependencies = [ 147 | "addr2line 0.21.0", 148 | "cc", 149 | "cfg-if", 150 | "libc", 151 | "miniz_oxide", 152 | "object 0.32.1", 153 | "rustc-demangle", 154 | ] 155 | 156 | [[package]] 157 | name = "base64" 158 | version = "0.13.1" 159 | source = "registry+https://github.com/rust-lang/crates.io-index" 160 | checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" 161 | 162 | [[package]] 163 | name = "base64" 164 | version = "0.21.5" 165 | source = "registry+https://github.com/rust-lang/crates.io-index" 166 | checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" 167 | 168 | [[package]] 169 | name = "bincode" 170 | version = "1.3.3" 171 | source = "registry+https://github.com/rust-lang/crates.io-index" 172 | checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" 173 | dependencies = [ 174 | "serde", 175 | ] 176 | 177 | [[package]] 178 | name = "bitflags" 179 | version = "1.3.2" 180 | source = "registry+https://github.com/rust-lang/crates.io-index" 181 | checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" 182 | 183 | [[package]] 184 | name = "bitflags" 185 | version = "2.4.1" 186 | source = "registry+https://github.com/rust-lang/crates.io-index" 187 | checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" 188 | 189 | [[package]] 190 | name = "block-buffer" 191 | version = "0.10.4" 192 | source = "registry+https://github.com/rust-lang/crates.io-index" 193 | checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" 194 | dependencies = [ 195 | "generic-array", 196 | ] 197 | 198 | [[package]] 199 | name = "bumpalo" 200 | version = "3.14.0" 201 | source = "registry+https://github.com/rust-lang/crates.io-index" 202 | checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" 203 | 204 | [[package]] 205 | name = "byteorder" 206 | version = "1.5.0" 207 | source = "registry+https://github.com/rust-lang/crates.io-index" 208 | checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" 209 | 210 | [[package]] 211 | name = "cc" 212 | version = "1.0.83" 213 | source = "registry+https://github.com/rust-lang/crates.io-index" 214 | checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" 215 | dependencies = [ 216 | "jobserver", 217 | "libc", 218 | ] 219 | 220 | [[package]] 221 | name = "cfg-if" 222 | version = "1.0.0" 223 | source = "registry+https://github.com/rust-lang/crates.io-index" 224 | checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" 225 | 226 | [[package]] 227 | name = "chrono" 228 | version = "0.4.31" 229 | source = "registry+https://github.com/rust-lang/crates.io-index" 230 | checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38" 231 | dependencies = [ 232 | "android-tzdata", 233 | "iana-time-zone", 234 | "js-sys", 235 | "num-traits", 236 | "wasm-bindgen", 237 | "windows-targets 0.48.5", 238 | ] 239 | 240 | [[package]] 241 | name = "chrono-tz" 242 | version = "0.8.4" 243 | source = "registry+https://github.com/rust-lang/crates.io-index" 244 | checksum = "e23185c0e21df6ed832a12e2bda87c7d1def6842881fb634a8511ced741b0d76" 245 | dependencies = [ 246 | "chrono", 247 | "chrono-tz-build", 248 | "phf", 249 | ] 250 | 251 | [[package]] 252 | name = "chrono-tz-build" 253 | version = "0.2.1" 254 | source = "registry+https://github.com/rust-lang/crates.io-index" 255 | checksum = "433e39f13c9a060046954e0592a8d0a4bcb1040125cbf91cb8ee58964cfb350f" 256 | dependencies = [ 257 | "parse-zoneinfo", 258 | "phf", 259 | "phf_codegen", 260 | ] 261 | 262 | [[package]] 263 | name = "chronoutil" 264 | version = "0.2.6" 265 | source = "registry+https://github.com/rust-lang/crates.io-index" 266 | checksum = "aa531c9c2b0e6168a6e4c5023cd38e8d5ab009d3a10459cd3e7baecd68fc3715" 267 | dependencies = [ 268 | "chrono", 269 | ] 270 | 271 | [[package]] 272 | name = "clap" 273 | version = "4.4.8" 274 | source = "registry+https://github.com/rust-lang/crates.io-index" 275 | checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64" 276 | dependencies = [ 277 | "clap_builder", 278 | "clap_derive", 279 | ] 280 | 281 | [[package]] 282 | name = "clap_builder" 283 | version = "4.4.8" 284 | source = "registry+https://github.com/rust-lang/crates.io-index" 285 | checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc" 286 | dependencies = [ 287 | "anstream", 288 | "anstyle", 289 | "clap_lex", 290 | "strsim", 291 | ] 292 | 293 | [[package]] 294 | name = "clap_derive" 295 | version = "4.4.7" 296 | source = "registry+https://github.com/rust-lang/crates.io-index" 297 | checksum = "cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442" 298 | dependencies = [ 299 | "heck", 300 | "proc-macro2", 301 | "quote", 302 | "syn 2.0.39", 303 | ] 304 | 305 | [[package]] 306 | name = "clap_lex" 307 | version = "0.6.0" 308 | source = "registry+https://github.com/rust-lang/crates.io-index" 309 | checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" 310 | 311 | [[package]] 312 | name = "colorchoice" 313 | version = "1.0.0" 314 | source = "registry+https://github.com/rust-lang/crates.io-index" 315 | checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" 316 | 317 | [[package]] 318 | name = "core-foundation-sys" 319 | version = "0.8.4" 320 | source = "registry+https://github.com/rust-lang/crates.io-index" 321 | checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" 322 | 323 | [[package]] 324 | name = "cpp_demangle" 325 | version = "0.3.5" 326 | source = "registry+https://github.com/rust-lang/crates.io-index" 327 | checksum = "eeaa953eaad386a53111e47172c2fedba671e5684c8dd601a5f474f4f118710f" 328 | dependencies = [ 329 | "cfg-if", 330 | ] 331 | 332 | [[package]] 333 | name = "cpufeatures" 334 | version = "0.2.11" 335 | source = "registry+https://github.com/rust-lang/crates.io-index" 336 | checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" 337 | dependencies = [ 338 | "libc", 339 | ] 340 | 341 | [[package]] 342 | name = "cranelift-bforest" 343 | version = "0.93.2" 344 | source = "registry+https://github.com/rust-lang/crates.io-index" 345 | checksum = "2bc42ba2e232e5b20ff7dc299a812d53337dadce9a7e39a238e6a5cb82d2e57b" 346 | dependencies = [ 347 | "cranelift-entity", 348 | ] 349 | 350 | [[package]] 351 | name = "cranelift-codegen" 352 | version = "0.93.2" 353 | source = "registry+https://github.com/rust-lang/crates.io-index" 354 | checksum = "253531aca9b6f56103c9420369db3263e784df39aa1c90685a1f69cfbba0623e" 355 | dependencies = [ 356 | "arrayvec", 357 | "bumpalo", 358 | "cranelift-bforest", 359 | "cranelift-codegen-meta", 360 | "cranelift-codegen-shared", 361 | "cranelift-entity", 362 | "cranelift-isle", 363 | "gimli 0.26.2", 364 | "hashbrown 0.12.3", 365 | "log", 366 | "regalloc2", 367 | "smallvec", 368 | "target-lexicon", 369 | ] 370 | 371 | [[package]] 372 | name = "cranelift-codegen-meta" 373 | version = "0.93.2" 374 | source = "registry+https://github.com/rust-lang/crates.io-index" 375 | checksum = "72f2154365e2bff1b1b8537a7181591fdff50d8e27fa6e40d5c69c3bad0ca7c8" 376 | dependencies = [ 377 | "cranelift-codegen-shared", 378 | ] 379 | 380 | [[package]] 381 | name = "cranelift-codegen-shared" 382 | version = "0.93.2" 383 | source = "registry+https://github.com/rust-lang/crates.io-index" 384 | checksum = "687e14e3f5775248930e0d5a84195abef8b829958e9794bf8d525104993612b4" 385 | 386 | [[package]] 387 | name = "cranelift-entity" 388 | version = "0.93.2" 389 | source = "registry+https://github.com/rust-lang/crates.io-index" 390 | checksum = "f42ea692c7b450ad18b8c9889661505d51c09ec4380cf1c2d278dbb2da22cae1" 391 | dependencies = [ 392 | "serde", 393 | ] 394 | 395 | [[package]] 396 | name = "cranelift-frontend" 397 | version = "0.93.2" 398 | source = "registry+https://github.com/rust-lang/crates.io-index" 399 | checksum = "8483c2db6f45fe9ace984e5adc5d058102227e4c62e5aa2054e16b0275fd3a6e" 400 | dependencies = [ 401 | "cranelift-codegen", 402 | "log", 403 | "smallvec", 404 | "target-lexicon", 405 | ] 406 | 407 | [[package]] 408 | name = "cranelift-isle" 409 | version = "0.93.2" 410 | source = "registry+https://github.com/rust-lang/crates.io-index" 411 | checksum = "e9793158837678902446c411741d87b43f57dadfb944f2440db4287cda8cbd59" 412 | 413 | [[package]] 414 | name = "cranelift-native" 415 | version = "0.93.2" 416 | source = "registry+https://github.com/rust-lang/crates.io-index" 417 | checksum = "72668c7755f2b880665cb422c8ad2d56db58a88b9bebfef0b73edc2277c13c49" 418 | dependencies = [ 419 | "cranelift-codegen", 420 | "libc", 421 | "target-lexicon", 422 | ] 423 | 424 | [[package]] 425 | name = "cranelift-wasm" 426 | version = "0.93.2" 427 | source = "registry+https://github.com/rust-lang/crates.io-index" 428 | checksum = "3852ce4b088b44ac4e29459573943009a70d1b192c8d77ef949b4e814f656fc1" 429 | dependencies = [ 430 | "cranelift-codegen", 431 | "cranelift-entity", 432 | "cranelift-frontend", 433 | "itertools", 434 | "log", 435 | "smallvec", 436 | "wasmparser", 437 | "wasmtime-types", 438 | ] 439 | 440 | [[package]] 441 | name = "crc32fast" 442 | version = "1.3.2" 443 | source = "registry+https://github.com/rust-lang/crates.io-index" 444 | checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" 445 | dependencies = [ 446 | "cfg-if", 447 | ] 448 | 449 | [[package]] 450 | name = "crossbeam-deque" 451 | version = "0.8.3" 452 | source = "registry+https://github.com/rust-lang/crates.io-index" 453 | checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" 454 | dependencies = [ 455 | "cfg-if", 456 | "crossbeam-epoch", 457 | "crossbeam-utils", 458 | ] 459 | 460 | [[package]] 461 | name = "crossbeam-epoch" 462 | version = "0.9.15" 463 | source = "registry+https://github.com/rust-lang/crates.io-index" 464 | checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" 465 | dependencies = [ 466 | "autocfg", 467 | "cfg-if", 468 | "crossbeam-utils", 469 | "memoffset 0.9.0", 470 | "scopeguard", 471 | ] 472 | 473 | [[package]] 474 | name = "crossbeam-utils" 475 | version = "0.8.16" 476 | source = "registry+https://github.com/rust-lang/crates.io-index" 477 | checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" 478 | dependencies = [ 479 | "cfg-if", 480 | ] 481 | 482 | [[package]] 483 | name = "crypto-common" 484 | version = "0.1.6" 485 | source = "registry+https://github.com/rust-lang/crates.io-index" 486 | checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" 487 | dependencies = [ 488 | "generic-array", 489 | "typenum", 490 | ] 491 | 492 | [[package]] 493 | name = "deranged" 494 | version = "0.3.9" 495 | source = "registry+https://github.com/rust-lang/crates.io-index" 496 | checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" 497 | dependencies = [ 498 | "powerfmt", 499 | ] 500 | 501 | [[package]] 502 | name = "digest" 503 | version = "0.10.7" 504 | source = "registry+https://github.com/rust-lang/crates.io-index" 505 | checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" 506 | dependencies = [ 507 | "block-buffer", 508 | "crypto-common", 509 | "subtle", 510 | ] 511 | 512 | [[package]] 513 | name = "directories-next" 514 | version = "2.0.0" 515 | source = "registry+https://github.com/rust-lang/crates.io-index" 516 | checksum = "339ee130d97a610ea5a5872d2bbb130fdf68884ff09d3028b81bec8a1ac23bbc" 517 | dependencies = [ 518 | "cfg-if", 519 | "dirs-sys-next", 520 | ] 521 | 522 | [[package]] 523 | name = "dirs-sys-next" 524 | version = "0.1.2" 525 | source = "registry+https://github.com/rust-lang/crates.io-index" 526 | checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d" 527 | dependencies = [ 528 | "libc", 529 | "redox_users", 530 | "winapi", 531 | ] 532 | 533 | [[package]] 534 | name = "duration-str" 535 | version = "0.5.1" 536 | source = "registry+https://github.com/rust-lang/crates.io-index" 537 | checksum = "d9f037c488d179e21c87ef5fa9c331e8e62f5dddfa84618b41bb197da03edff1" 538 | dependencies = [ 539 | "chrono", 540 | "nom", 541 | "rust_decimal", 542 | "serde", 543 | "thiserror", 544 | "time", 545 | ] 546 | 547 | [[package]] 548 | name = "either" 549 | version = "1.9.0" 550 | source = "registry+https://github.com/rust-lang/crates.io-index" 551 | checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" 552 | 553 | [[package]] 554 | name = "env_logger" 555 | version = "0.10.1" 556 | source = "registry+https://github.com/rust-lang/crates.io-index" 557 | checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece" 558 | dependencies = [ 559 | "humantime", 560 | "is-terminal", 561 | "log", 562 | "regex", 563 | "termcolor", 564 | ] 565 | 566 | [[package]] 567 | name = "equivalent" 568 | version = "1.0.1" 569 | source = "registry+https://github.com/rust-lang/crates.io-index" 570 | checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" 571 | 572 | [[package]] 573 | name = "errno" 574 | version = "0.3.7" 575 | source = "registry+https://github.com/rust-lang/crates.io-index" 576 | checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8" 577 | dependencies = [ 578 | "libc", 579 | "windows-sys 0.48.0", 580 | ] 581 | 582 | [[package]] 583 | name = "eval" 584 | version = "0.1.0" 585 | dependencies = [ 586 | "anyhow", 587 | "clap", 588 | "opa-wasm", 589 | "serde", 590 | "serde_json", 591 | "thiserror", 592 | "tokio", 593 | "wasmtime", 594 | ] 595 | 596 | [[package]] 597 | name = "fallible-iterator" 598 | version = "0.2.0" 599 | source = "registry+https://github.com/rust-lang/crates.io-index" 600 | checksum = "4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7" 601 | 602 | [[package]] 603 | name = "file-per-thread-logger" 604 | version = "0.1.6" 605 | source = "registry+https://github.com/rust-lang/crates.io-index" 606 | checksum = "84f2e425d9790201ba4af4630191feac6dcc98765b118d4d18e91d23c2353866" 607 | dependencies = [ 608 | "env_logger", 609 | "log", 610 | ] 611 | 612 | [[package]] 613 | name = "form_urlencoded" 614 | version = "1.2.1" 615 | source = "registry+https://github.com/rust-lang/crates.io-index" 616 | checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" 617 | dependencies = [ 618 | "percent-encoding", 619 | ] 620 | 621 | [[package]] 622 | name = "fxhash" 623 | version = "0.2.1" 624 | source = "registry+https://github.com/rust-lang/crates.io-index" 625 | checksum = "c31b6d751ae2c7f11320402d34e41349dd1016f8d5d45e48c4312bc8625af50c" 626 | dependencies = [ 627 | "byteorder", 628 | ] 629 | 630 | [[package]] 631 | name = "generic-array" 632 | version = "0.14.7" 633 | source = "registry+https://github.com/rust-lang/crates.io-index" 634 | checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" 635 | dependencies = [ 636 | "typenum", 637 | "version_check", 638 | ] 639 | 640 | [[package]] 641 | name = "getrandom" 642 | version = "0.2.11" 643 | source = "registry+https://github.com/rust-lang/crates.io-index" 644 | checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" 645 | dependencies = [ 646 | "cfg-if", 647 | "libc", 648 | "wasi", 649 | ] 650 | 651 | [[package]] 652 | name = "gimli" 653 | version = "0.26.2" 654 | source = "registry+https://github.com/rust-lang/crates.io-index" 655 | checksum = "22030e2c5a68ec659fde1e949a745124b48e6fa8b045b7ed5bd1fe4ccc5c4e5d" 656 | dependencies = [ 657 | "fallible-iterator", 658 | "indexmap 1.9.3", 659 | "stable_deref_trait", 660 | ] 661 | 662 | [[package]] 663 | name = "gimli" 664 | version = "0.28.1" 665 | source = "registry+https://github.com/rust-lang/crates.io-index" 666 | checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" 667 | 668 | [[package]] 669 | name = "hashbrown" 670 | version = "0.12.3" 671 | source = "registry+https://github.com/rust-lang/crates.io-index" 672 | checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" 673 | dependencies = [ 674 | "ahash", 675 | ] 676 | 677 | [[package]] 678 | name = "hashbrown" 679 | version = "0.14.3" 680 | source = "registry+https://github.com/rust-lang/crates.io-index" 681 | checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" 682 | 683 | [[package]] 684 | name = "heck" 685 | version = "0.4.1" 686 | source = "registry+https://github.com/rust-lang/crates.io-index" 687 | checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" 688 | 689 | [[package]] 690 | name = "hermit-abi" 691 | version = "0.3.3" 692 | source = "registry+https://github.com/rust-lang/crates.io-index" 693 | checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" 694 | 695 | [[package]] 696 | name = "hex" 697 | version = "0.4.3" 698 | source = "registry+https://github.com/rust-lang/crates.io-index" 699 | checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" 700 | 701 | [[package]] 702 | name = "hmac" 703 | version = "0.12.1" 704 | source = "registry+https://github.com/rust-lang/crates.io-index" 705 | checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" 706 | dependencies = [ 707 | "digest", 708 | ] 709 | 710 | [[package]] 711 | name = "humantime" 712 | version = "2.1.0" 713 | source = "registry+https://github.com/rust-lang/crates.io-index" 714 | checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" 715 | 716 | [[package]] 717 | name = "iana-time-zone" 718 | version = "0.1.58" 719 | source = "registry+https://github.com/rust-lang/crates.io-index" 720 | checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20" 721 | dependencies = [ 722 | "android_system_properties", 723 | "core-foundation-sys", 724 | "iana-time-zone-haiku", 725 | "js-sys", 726 | "wasm-bindgen", 727 | "windows-core", 728 | ] 729 | 730 | [[package]] 731 | name = "iana-time-zone-haiku" 732 | version = "0.1.2" 733 | source = "registry+https://github.com/rust-lang/crates.io-index" 734 | checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" 735 | dependencies = [ 736 | "cc", 737 | ] 738 | 739 | [[package]] 740 | name = "id-arena" 741 | version = "2.2.1" 742 | source = "registry+https://github.com/rust-lang/crates.io-index" 743 | checksum = "25a2bc672d1148e28034f176e01fffebb08b35768468cc954630da77a1449005" 744 | 745 | [[package]] 746 | name = "idna" 747 | version = "0.5.0" 748 | source = "registry+https://github.com/rust-lang/crates.io-index" 749 | checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" 750 | dependencies = [ 751 | "unicode-bidi", 752 | "unicode-normalization", 753 | ] 754 | 755 | [[package]] 756 | name = "indexmap" 757 | version = "1.9.3" 758 | source = "registry+https://github.com/rust-lang/crates.io-index" 759 | checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" 760 | dependencies = [ 761 | "autocfg", 762 | "hashbrown 0.12.3", 763 | "serde", 764 | ] 765 | 766 | [[package]] 767 | name = "indexmap" 768 | version = "2.1.0" 769 | source = "registry+https://github.com/rust-lang/crates.io-index" 770 | checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" 771 | dependencies = [ 772 | "equivalent", 773 | "hashbrown 0.14.3", 774 | ] 775 | 776 | [[package]] 777 | name = "io-lifetimes" 778 | version = "1.0.11" 779 | source = "registry+https://github.com/rust-lang/crates.io-index" 780 | checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" 781 | dependencies = [ 782 | "hermit-abi", 783 | "libc", 784 | "windows-sys 0.48.0", 785 | ] 786 | 787 | [[package]] 788 | name = "is-terminal" 789 | version = "0.4.9" 790 | source = "registry+https://github.com/rust-lang/crates.io-index" 791 | checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" 792 | dependencies = [ 793 | "hermit-abi", 794 | "rustix 0.38.25", 795 | "windows-sys 0.48.0", 796 | ] 797 | 798 | [[package]] 799 | name = "itertools" 800 | version = "0.10.5" 801 | source = "registry+https://github.com/rust-lang/crates.io-index" 802 | checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" 803 | dependencies = [ 804 | "either", 805 | ] 806 | 807 | [[package]] 808 | name = "itoa" 809 | version = "1.0.9" 810 | source = "registry+https://github.com/rust-lang/crates.io-index" 811 | checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" 812 | 813 | [[package]] 814 | name = "ittapi" 815 | version = "0.3.5" 816 | source = "registry+https://github.com/rust-lang/crates.io-index" 817 | checksum = "25a5c0b993601cad796222ea076565c5d9f337d35592f8622c753724f06d7271" 818 | dependencies = [ 819 | "anyhow", 820 | "ittapi-sys", 821 | "log", 822 | ] 823 | 824 | [[package]] 825 | name = "ittapi-sys" 826 | version = "0.3.5" 827 | source = "registry+https://github.com/rust-lang/crates.io-index" 828 | checksum = "cb7b5e473765060536a660eed127f758cf1a810c73e49063264959c60d1727d9" 829 | dependencies = [ 830 | "cc", 831 | ] 832 | 833 | [[package]] 834 | name = "jobserver" 835 | version = "0.1.27" 836 | source = "registry+https://github.com/rust-lang/crates.io-index" 837 | checksum = "8c37f63953c4c63420ed5fd3d6d398c719489b9f872b9fa683262f8edd363c7d" 838 | dependencies = [ 839 | "libc", 840 | ] 841 | 842 | [[package]] 843 | name = "js-sys" 844 | version = "0.3.65" 845 | source = "registry+https://github.com/rust-lang/crates.io-index" 846 | checksum = "54c0c35952f67de54bb584e9fd912b3023117cbafc0a77d8f3dee1fb5f572fe8" 847 | dependencies = [ 848 | "wasm-bindgen", 849 | ] 850 | 851 | [[package]] 852 | name = "json-patch" 853 | version = "0.3.0" 854 | source = "registry+https://github.com/rust-lang/crates.io-index" 855 | checksum = "e712e62827c382a77b87f590532febb1f8b2fdbc3eefa1ee37fe7281687075ef" 856 | dependencies = [ 857 | "serde", 858 | "serde_json", 859 | "thiserror", 860 | "treediff", 861 | ] 862 | 863 | [[package]] 864 | name = "leb128" 865 | version = "0.2.5" 866 | source = "registry+https://github.com/rust-lang/crates.io-index" 867 | checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67" 868 | 869 | [[package]] 870 | name = "libc" 871 | version = "0.2.150" 872 | source = "registry+https://github.com/rust-lang/crates.io-index" 873 | checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" 874 | 875 | [[package]] 876 | name = "libredox" 877 | version = "0.0.1" 878 | source = "registry+https://github.com/rust-lang/crates.io-index" 879 | checksum = "85c833ca1e66078851dba29046874e38f08b2c883700aa29a03ddd3b23814ee8" 880 | dependencies = [ 881 | "bitflags 2.4.1", 882 | "libc", 883 | "redox_syscall", 884 | ] 885 | 886 | [[package]] 887 | name = "linux-raw-sys" 888 | version = "0.1.4" 889 | source = "registry+https://github.com/rust-lang/crates.io-index" 890 | checksum = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4" 891 | 892 | [[package]] 893 | name = "linux-raw-sys" 894 | version = "0.4.11" 895 | source = "registry+https://github.com/rust-lang/crates.io-index" 896 | checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" 897 | 898 | [[package]] 899 | name = "log" 900 | version = "0.4.20" 901 | source = "registry+https://github.com/rust-lang/crates.io-index" 902 | checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" 903 | 904 | [[package]] 905 | name = "mach" 906 | version = "0.3.2" 907 | source = "registry+https://github.com/rust-lang/crates.io-index" 908 | checksum = "b823e83b2affd8f40a9ee8c29dbc56404c1e34cd2710921f2801e2cf29527afa" 909 | dependencies = [ 910 | "libc", 911 | ] 912 | 913 | [[package]] 914 | name = "md-5" 915 | version = "0.10.6" 916 | source = "registry+https://github.com/rust-lang/crates.io-index" 917 | checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" 918 | dependencies = [ 919 | "cfg-if", 920 | "digest", 921 | ] 922 | 923 | [[package]] 924 | name = "memchr" 925 | version = "2.6.4" 926 | source = "registry+https://github.com/rust-lang/crates.io-index" 927 | checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" 928 | 929 | [[package]] 930 | name = "memfd" 931 | version = "0.6.4" 932 | source = "registry+https://github.com/rust-lang/crates.io-index" 933 | checksum = "b2cffa4ad52c6f791f4f8b15f0c05f9824b2ced1160e88cc393d64fff9a8ac64" 934 | dependencies = [ 935 | "rustix 0.38.25", 936 | ] 937 | 938 | [[package]] 939 | name = "memoffset" 940 | version = "0.6.5" 941 | source = "registry+https://github.com/rust-lang/crates.io-index" 942 | checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" 943 | dependencies = [ 944 | "autocfg", 945 | ] 946 | 947 | [[package]] 948 | name = "memoffset" 949 | version = "0.9.0" 950 | source = "registry+https://github.com/rust-lang/crates.io-index" 951 | checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" 952 | dependencies = [ 953 | "autocfg", 954 | ] 955 | 956 | [[package]] 957 | name = "minimal-lexical" 958 | version = "0.2.1" 959 | source = "registry+https://github.com/rust-lang/crates.io-index" 960 | checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 961 | 962 | [[package]] 963 | name = "miniz_oxide" 964 | version = "0.7.1" 965 | source = "registry+https://github.com/rust-lang/crates.io-index" 966 | checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" 967 | dependencies = [ 968 | "adler", 969 | ] 970 | 971 | [[package]] 972 | name = "nom" 973 | version = "7.1.3" 974 | source = "registry+https://github.com/rust-lang/crates.io-index" 975 | checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" 976 | dependencies = [ 977 | "memchr", 978 | "minimal-lexical", 979 | ] 980 | 981 | [[package]] 982 | name = "num-traits" 983 | version = "0.2.17" 984 | source = "registry+https://github.com/rust-lang/crates.io-index" 985 | checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" 986 | dependencies = [ 987 | "autocfg", 988 | ] 989 | 990 | [[package]] 991 | name = "num_cpus" 992 | version = "1.16.0" 993 | source = "registry+https://github.com/rust-lang/crates.io-index" 994 | checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" 995 | dependencies = [ 996 | "hermit-abi", 997 | "libc", 998 | ] 999 | 1000 | [[package]] 1001 | name = "object" 1002 | version = "0.29.0" 1003 | source = "registry+https://github.com/rust-lang/crates.io-index" 1004 | checksum = "21158b2c33aa6d4561f1c0a6ea283ca92bc54802a93b263e910746d679a7eb53" 1005 | dependencies = [ 1006 | "crc32fast", 1007 | "hashbrown 0.12.3", 1008 | "indexmap 1.9.3", 1009 | "memchr", 1010 | ] 1011 | 1012 | [[package]] 1013 | name = "object" 1014 | version = "0.32.1" 1015 | source = "registry+https://github.com/rust-lang/crates.io-index" 1016 | checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" 1017 | dependencies = [ 1018 | "memchr", 1019 | ] 1020 | 1021 | [[package]] 1022 | name = "once_cell" 1023 | version = "1.18.0" 1024 | source = "registry+https://github.com/rust-lang/crates.io-index" 1025 | checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" 1026 | 1027 | [[package]] 1028 | name = "opa-wasm" 1029 | version = "0.1.0" 1030 | source = "git+https://github.com/matrix-org/rust-opa-wasm.git?rev=f2a72769f9082dd9bc007247bb9bc4546ae3f7d3#f2a72769f9082dd9bc007247bb9bc4546ae3f7d3" 1031 | dependencies = [ 1032 | "anyhow", 1033 | "base64 0.21.5", 1034 | "cc", 1035 | "chrono", 1036 | "chrono-tz", 1037 | "chronoutil", 1038 | "digest", 1039 | "duration-str", 1040 | "form_urlencoded", 1041 | "hex", 1042 | "hmac", 1043 | "json-patch", 1044 | "md-5", 1045 | "parse-size", 1046 | "rand", 1047 | "semver", 1048 | "serde", 1049 | "serde_json", 1050 | "serde_yaml", 1051 | "sha1", 1052 | "sha2", 1053 | "sprintf", 1054 | "thiserror", 1055 | "tokio", 1056 | "tracing", 1057 | "urlencoding", 1058 | "wasmtime", 1059 | ] 1060 | 1061 | [[package]] 1062 | name = "parse-size" 1063 | version = "1.0.0" 1064 | source = "registry+https://github.com/rust-lang/crates.io-index" 1065 | checksum = "944553dd59c802559559161f9816429058b869003836120e262e8caec061b7ae" 1066 | 1067 | [[package]] 1068 | name = "parse-zoneinfo" 1069 | version = "0.3.0" 1070 | source = "registry+https://github.com/rust-lang/crates.io-index" 1071 | checksum = "c705f256449c60da65e11ff6626e0c16a0a0b96aaa348de61376b249bc340f41" 1072 | dependencies = [ 1073 | "regex", 1074 | ] 1075 | 1076 | [[package]] 1077 | name = "paste" 1078 | version = "1.0.14" 1079 | source = "registry+https://github.com/rust-lang/crates.io-index" 1080 | checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" 1081 | 1082 | [[package]] 1083 | name = "percent-encoding" 1084 | version = "2.3.1" 1085 | source = "registry+https://github.com/rust-lang/crates.io-index" 1086 | checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" 1087 | 1088 | [[package]] 1089 | name = "phf" 1090 | version = "0.11.2" 1091 | source = "registry+https://github.com/rust-lang/crates.io-index" 1092 | checksum = "ade2d8b8f33c7333b51bcf0428d37e217e9f32192ae4772156f65063b8ce03dc" 1093 | dependencies = [ 1094 | "phf_shared", 1095 | ] 1096 | 1097 | [[package]] 1098 | name = "phf_codegen" 1099 | version = "0.11.2" 1100 | source = "registry+https://github.com/rust-lang/crates.io-index" 1101 | checksum = "e8d39688d359e6b34654d328e262234662d16cc0f60ec8dcbe5e718709342a5a" 1102 | dependencies = [ 1103 | "phf_generator", 1104 | "phf_shared", 1105 | ] 1106 | 1107 | [[package]] 1108 | name = "phf_generator" 1109 | version = "0.11.2" 1110 | source = "registry+https://github.com/rust-lang/crates.io-index" 1111 | checksum = "48e4cc64c2ad9ebe670cb8fd69dd50ae301650392e81c05f9bfcb2d5bdbc24b0" 1112 | dependencies = [ 1113 | "phf_shared", 1114 | "rand", 1115 | ] 1116 | 1117 | [[package]] 1118 | name = "phf_shared" 1119 | version = "0.11.2" 1120 | source = "registry+https://github.com/rust-lang/crates.io-index" 1121 | checksum = "90fcb95eef784c2ac79119d1dd819e162b5da872ce6f3c3abe1e8ca1c082f72b" 1122 | dependencies = [ 1123 | "siphasher", 1124 | ] 1125 | 1126 | [[package]] 1127 | name = "pin-project-lite" 1128 | version = "0.2.13" 1129 | source = "registry+https://github.com/rust-lang/crates.io-index" 1130 | checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" 1131 | 1132 | [[package]] 1133 | name = "pkg-config" 1134 | version = "0.3.27" 1135 | source = "registry+https://github.com/rust-lang/crates.io-index" 1136 | checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" 1137 | 1138 | [[package]] 1139 | name = "powerfmt" 1140 | version = "0.2.0" 1141 | source = "registry+https://github.com/rust-lang/crates.io-index" 1142 | checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" 1143 | 1144 | [[package]] 1145 | name = "ppv-lite86" 1146 | version = "0.2.17" 1147 | source = "registry+https://github.com/rust-lang/crates.io-index" 1148 | checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" 1149 | 1150 | [[package]] 1151 | name = "proc-macro2" 1152 | version = "1.0.70" 1153 | source = "registry+https://github.com/rust-lang/crates.io-index" 1154 | checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" 1155 | dependencies = [ 1156 | "unicode-ident", 1157 | ] 1158 | 1159 | [[package]] 1160 | name = "psm" 1161 | version = "0.1.21" 1162 | source = "registry+https://github.com/rust-lang/crates.io-index" 1163 | checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874" 1164 | dependencies = [ 1165 | "cc", 1166 | ] 1167 | 1168 | [[package]] 1169 | name = "pulldown-cmark" 1170 | version = "0.8.0" 1171 | source = "registry+https://github.com/rust-lang/crates.io-index" 1172 | checksum = "ffade02495f22453cd593159ea2f59827aae7f53fa8323f756799b670881dcf8" 1173 | dependencies = [ 1174 | "bitflags 1.3.2", 1175 | "memchr", 1176 | "unicase", 1177 | ] 1178 | 1179 | [[package]] 1180 | name = "quote" 1181 | version = "1.0.33" 1182 | source = "registry+https://github.com/rust-lang/crates.io-index" 1183 | checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" 1184 | dependencies = [ 1185 | "proc-macro2", 1186 | ] 1187 | 1188 | [[package]] 1189 | name = "rand" 1190 | version = "0.8.5" 1191 | source = "registry+https://github.com/rust-lang/crates.io-index" 1192 | checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" 1193 | dependencies = [ 1194 | "libc", 1195 | "rand_chacha", 1196 | "rand_core", 1197 | ] 1198 | 1199 | [[package]] 1200 | name = "rand_chacha" 1201 | version = "0.3.1" 1202 | source = "registry+https://github.com/rust-lang/crates.io-index" 1203 | checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" 1204 | dependencies = [ 1205 | "ppv-lite86", 1206 | "rand_core", 1207 | ] 1208 | 1209 | [[package]] 1210 | name = "rand_core" 1211 | version = "0.6.4" 1212 | source = "registry+https://github.com/rust-lang/crates.io-index" 1213 | checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" 1214 | dependencies = [ 1215 | "getrandom", 1216 | ] 1217 | 1218 | [[package]] 1219 | name = "rayon" 1220 | version = "1.8.0" 1221 | source = "registry+https://github.com/rust-lang/crates.io-index" 1222 | checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" 1223 | dependencies = [ 1224 | "either", 1225 | "rayon-core", 1226 | ] 1227 | 1228 | [[package]] 1229 | name = "rayon-core" 1230 | version = "1.12.0" 1231 | source = "registry+https://github.com/rust-lang/crates.io-index" 1232 | checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" 1233 | dependencies = [ 1234 | "crossbeam-deque", 1235 | "crossbeam-utils", 1236 | ] 1237 | 1238 | [[package]] 1239 | name = "redox_syscall" 1240 | version = "0.4.1" 1241 | source = "registry+https://github.com/rust-lang/crates.io-index" 1242 | checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" 1243 | dependencies = [ 1244 | "bitflags 1.3.2", 1245 | ] 1246 | 1247 | [[package]] 1248 | name = "redox_users" 1249 | version = "0.4.4" 1250 | source = "registry+https://github.com/rust-lang/crates.io-index" 1251 | checksum = "a18479200779601e498ada4e8c1e1f50e3ee19deb0259c25825a98b5603b2cb4" 1252 | dependencies = [ 1253 | "getrandom", 1254 | "libredox", 1255 | "thiserror", 1256 | ] 1257 | 1258 | [[package]] 1259 | name = "regalloc2" 1260 | version = "0.5.1" 1261 | source = "registry+https://github.com/rust-lang/crates.io-index" 1262 | checksum = "300d4fbfb40c1c66a78ba3ddd41c1110247cf52f97b87d0f2fc9209bd49b030c" 1263 | dependencies = [ 1264 | "fxhash", 1265 | "log", 1266 | "slice-group-by", 1267 | "smallvec", 1268 | ] 1269 | 1270 | [[package]] 1271 | name = "regex" 1272 | version = "1.10.2" 1273 | source = "registry+https://github.com/rust-lang/crates.io-index" 1274 | checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" 1275 | dependencies = [ 1276 | "aho-corasick", 1277 | "memchr", 1278 | "regex-automata", 1279 | "regex-syntax", 1280 | ] 1281 | 1282 | [[package]] 1283 | name = "regex-automata" 1284 | version = "0.4.3" 1285 | source = "registry+https://github.com/rust-lang/crates.io-index" 1286 | checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" 1287 | dependencies = [ 1288 | "aho-corasick", 1289 | "memchr", 1290 | "regex-syntax", 1291 | ] 1292 | 1293 | [[package]] 1294 | name = "regex-syntax" 1295 | version = "0.8.2" 1296 | source = "registry+https://github.com/rust-lang/crates.io-index" 1297 | checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" 1298 | 1299 | [[package]] 1300 | name = "rust_decimal" 1301 | version = "1.33.1" 1302 | source = "registry+https://github.com/rust-lang/crates.io-index" 1303 | checksum = "06676aec5ccb8fc1da723cc8c0f9a46549f21ebb8753d3915c6c41db1e7f1dc4" 1304 | dependencies = [ 1305 | "arrayvec", 1306 | "num-traits", 1307 | ] 1308 | 1309 | [[package]] 1310 | name = "rustc-demangle" 1311 | version = "0.1.23" 1312 | source = "registry+https://github.com/rust-lang/crates.io-index" 1313 | checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" 1314 | 1315 | [[package]] 1316 | name = "rustix" 1317 | version = "0.36.17" 1318 | source = "registry+https://github.com/rust-lang/crates.io-index" 1319 | checksum = "305efbd14fde4139eb501df5f136994bb520b033fa9fbdce287507dc23b8c7ed" 1320 | dependencies = [ 1321 | "bitflags 1.3.2", 1322 | "errno", 1323 | "io-lifetimes", 1324 | "libc", 1325 | "linux-raw-sys 0.1.4", 1326 | "windows-sys 0.45.0", 1327 | ] 1328 | 1329 | [[package]] 1330 | name = "rustix" 1331 | version = "0.38.25" 1332 | source = "registry+https://github.com/rust-lang/crates.io-index" 1333 | checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" 1334 | dependencies = [ 1335 | "bitflags 2.4.1", 1336 | "errno", 1337 | "libc", 1338 | "linux-raw-sys 0.4.11", 1339 | "windows-sys 0.48.0", 1340 | ] 1341 | 1342 | [[package]] 1343 | name = "ryu" 1344 | version = "1.0.15" 1345 | source = "registry+https://github.com/rust-lang/crates.io-index" 1346 | checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" 1347 | 1348 | [[package]] 1349 | name = "scopeguard" 1350 | version = "1.2.0" 1351 | source = "registry+https://github.com/rust-lang/crates.io-index" 1352 | checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" 1353 | 1354 | [[package]] 1355 | name = "semver" 1356 | version = "1.0.20" 1357 | source = "registry+https://github.com/rust-lang/crates.io-index" 1358 | checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" 1359 | 1360 | [[package]] 1361 | name = "serde" 1362 | version = "1.0.193" 1363 | source = "registry+https://github.com/rust-lang/crates.io-index" 1364 | checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" 1365 | dependencies = [ 1366 | "serde_derive", 1367 | ] 1368 | 1369 | [[package]] 1370 | name = "serde_derive" 1371 | version = "1.0.193" 1372 | source = "registry+https://github.com/rust-lang/crates.io-index" 1373 | checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" 1374 | dependencies = [ 1375 | "proc-macro2", 1376 | "quote", 1377 | "syn 2.0.39", 1378 | ] 1379 | 1380 | [[package]] 1381 | name = "serde_json" 1382 | version = "1.0.108" 1383 | source = "registry+https://github.com/rust-lang/crates.io-index" 1384 | checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" 1385 | dependencies = [ 1386 | "itoa", 1387 | "ryu", 1388 | "serde", 1389 | ] 1390 | 1391 | [[package]] 1392 | name = "serde_yaml" 1393 | version = "0.9.29" 1394 | source = "registry+https://github.com/rust-lang/crates.io-index" 1395 | checksum = "a15e0ef66bf939a7c890a0bf6d5a733c70202225f9888a89ed5c62298b019129" 1396 | dependencies = [ 1397 | "indexmap 2.1.0", 1398 | "itoa", 1399 | "ryu", 1400 | "serde", 1401 | "unsafe-libyaml", 1402 | ] 1403 | 1404 | [[package]] 1405 | name = "sha1" 1406 | version = "0.10.6" 1407 | source = "registry+https://github.com/rust-lang/crates.io-index" 1408 | checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" 1409 | dependencies = [ 1410 | "cfg-if", 1411 | "cpufeatures", 1412 | "digest", 1413 | ] 1414 | 1415 | [[package]] 1416 | name = "sha2" 1417 | version = "0.10.8" 1418 | source = "registry+https://github.com/rust-lang/crates.io-index" 1419 | checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" 1420 | dependencies = [ 1421 | "cfg-if", 1422 | "cpufeatures", 1423 | "digest", 1424 | ] 1425 | 1426 | [[package]] 1427 | name = "siphasher" 1428 | version = "0.3.11" 1429 | source = "registry+https://github.com/rust-lang/crates.io-index" 1430 | checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d" 1431 | 1432 | [[package]] 1433 | name = "slice-group-by" 1434 | version = "0.3.1" 1435 | source = "registry+https://github.com/rust-lang/crates.io-index" 1436 | checksum = "826167069c09b99d56f31e9ae5c99049e932a98c9dc2dac47645b08dbbf76ba7" 1437 | 1438 | [[package]] 1439 | name = "smallvec" 1440 | version = "1.11.2" 1441 | source = "registry+https://github.com/rust-lang/crates.io-index" 1442 | checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" 1443 | 1444 | [[package]] 1445 | name = "sprintf" 1446 | version = "0.1.4" 1447 | source = "registry+https://github.com/rust-lang/crates.io-index" 1448 | checksum = "6c0cdea5a20a06e7c57f627094e7b1618e5665592cd88f2d45fa4014e348db58" 1449 | 1450 | [[package]] 1451 | name = "stable_deref_trait" 1452 | version = "1.2.0" 1453 | source = "registry+https://github.com/rust-lang/crates.io-index" 1454 | checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" 1455 | 1456 | [[package]] 1457 | name = "strsim" 1458 | version = "0.10.0" 1459 | source = "registry+https://github.com/rust-lang/crates.io-index" 1460 | checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" 1461 | 1462 | [[package]] 1463 | name = "subtle" 1464 | version = "2.5.0" 1465 | source = "registry+https://github.com/rust-lang/crates.io-index" 1466 | checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" 1467 | 1468 | [[package]] 1469 | name = "syn" 1470 | version = "1.0.109" 1471 | source = "registry+https://github.com/rust-lang/crates.io-index" 1472 | checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" 1473 | dependencies = [ 1474 | "proc-macro2", 1475 | "quote", 1476 | "unicode-ident", 1477 | ] 1478 | 1479 | [[package]] 1480 | name = "syn" 1481 | version = "2.0.39" 1482 | source = "registry+https://github.com/rust-lang/crates.io-index" 1483 | checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" 1484 | dependencies = [ 1485 | "proc-macro2", 1486 | "quote", 1487 | "unicode-ident", 1488 | ] 1489 | 1490 | [[package]] 1491 | name = "target-lexicon" 1492 | version = "0.12.12" 1493 | source = "registry+https://github.com/rust-lang/crates.io-index" 1494 | checksum = "14c39fd04924ca3a864207c66fc2cd7d22d7c016007f9ce846cbb9326331930a" 1495 | 1496 | [[package]] 1497 | name = "termcolor" 1498 | version = "1.4.0" 1499 | source = "registry+https://github.com/rust-lang/crates.io-index" 1500 | checksum = "ff1bc3d3f05aff0403e8ac0d92ced918ec05b666a43f83297ccef5bea8a3d449" 1501 | dependencies = [ 1502 | "winapi-util", 1503 | ] 1504 | 1505 | [[package]] 1506 | name = "thiserror" 1507 | version = "1.0.50" 1508 | source = "registry+https://github.com/rust-lang/crates.io-index" 1509 | checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" 1510 | dependencies = [ 1511 | "thiserror-impl", 1512 | ] 1513 | 1514 | [[package]] 1515 | name = "thiserror-impl" 1516 | version = "1.0.50" 1517 | source = "registry+https://github.com/rust-lang/crates.io-index" 1518 | checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" 1519 | dependencies = [ 1520 | "proc-macro2", 1521 | "quote", 1522 | "syn 2.0.39", 1523 | ] 1524 | 1525 | [[package]] 1526 | name = "time" 1527 | version = "0.3.30" 1528 | source = "registry+https://github.com/rust-lang/crates.io-index" 1529 | checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" 1530 | dependencies = [ 1531 | "deranged", 1532 | "powerfmt", 1533 | "serde", 1534 | "time-core", 1535 | ] 1536 | 1537 | [[package]] 1538 | name = "time-core" 1539 | version = "0.1.2" 1540 | source = "registry+https://github.com/rust-lang/crates.io-index" 1541 | checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" 1542 | 1543 | [[package]] 1544 | name = "tinyvec" 1545 | version = "1.6.0" 1546 | source = "registry+https://github.com/rust-lang/crates.io-index" 1547 | checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" 1548 | dependencies = [ 1549 | "tinyvec_macros", 1550 | ] 1551 | 1552 | [[package]] 1553 | name = "tinyvec_macros" 1554 | version = "0.1.1" 1555 | source = "registry+https://github.com/rust-lang/crates.io-index" 1556 | checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" 1557 | 1558 | [[package]] 1559 | name = "tokio" 1560 | version = "1.34.0" 1561 | source = "registry+https://github.com/rust-lang/crates.io-index" 1562 | checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" 1563 | dependencies = [ 1564 | "backtrace", 1565 | "num_cpus", 1566 | "pin-project-lite", 1567 | "tokio-macros", 1568 | ] 1569 | 1570 | [[package]] 1571 | name = "tokio-macros" 1572 | version = "2.2.0" 1573 | source = "registry+https://github.com/rust-lang/crates.io-index" 1574 | checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" 1575 | dependencies = [ 1576 | "proc-macro2", 1577 | "quote", 1578 | "syn 2.0.39", 1579 | ] 1580 | 1581 | [[package]] 1582 | name = "toml" 1583 | version = "0.5.11" 1584 | source = "registry+https://github.com/rust-lang/crates.io-index" 1585 | checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" 1586 | dependencies = [ 1587 | "serde", 1588 | ] 1589 | 1590 | [[package]] 1591 | name = "tracing" 1592 | version = "0.1.40" 1593 | source = "registry+https://github.com/rust-lang/crates.io-index" 1594 | checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" 1595 | dependencies = [ 1596 | "pin-project-lite", 1597 | "tracing-attributes", 1598 | "tracing-core", 1599 | ] 1600 | 1601 | [[package]] 1602 | name = "tracing-attributes" 1603 | version = "0.1.27" 1604 | source = "registry+https://github.com/rust-lang/crates.io-index" 1605 | checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" 1606 | dependencies = [ 1607 | "proc-macro2", 1608 | "quote", 1609 | "syn 2.0.39", 1610 | ] 1611 | 1612 | [[package]] 1613 | name = "tracing-core" 1614 | version = "0.1.32" 1615 | source = "registry+https://github.com/rust-lang/crates.io-index" 1616 | checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" 1617 | dependencies = [ 1618 | "once_cell", 1619 | ] 1620 | 1621 | [[package]] 1622 | name = "treediff" 1623 | version = "4.0.2" 1624 | source = "registry+https://github.com/rust-lang/crates.io-index" 1625 | checksum = "52984d277bdf2a751072b5df30ec0377febdb02f7696d64c2d7d54630bac4303" 1626 | dependencies = [ 1627 | "serde_json", 1628 | ] 1629 | 1630 | [[package]] 1631 | name = "typenum" 1632 | version = "1.17.0" 1633 | source = "registry+https://github.com/rust-lang/crates.io-index" 1634 | checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" 1635 | 1636 | [[package]] 1637 | name = "unicase" 1638 | version = "2.7.0" 1639 | source = "registry+https://github.com/rust-lang/crates.io-index" 1640 | checksum = "f7d2d4dafb69621809a81864c9c1b864479e1235c0dd4e199924b9742439ed89" 1641 | dependencies = [ 1642 | "version_check", 1643 | ] 1644 | 1645 | [[package]] 1646 | name = "unicode-bidi" 1647 | version = "0.3.13" 1648 | source = "registry+https://github.com/rust-lang/crates.io-index" 1649 | checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" 1650 | 1651 | [[package]] 1652 | name = "unicode-ident" 1653 | version = "1.0.12" 1654 | source = "registry+https://github.com/rust-lang/crates.io-index" 1655 | checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" 1656 | 1657 | [[package]] 1658 | name = "unicode-normalization" 1659 | version = "0.1.22" 1660 | source = "registry+https://github.com/rust-lang/crates.io-index" 1661 | checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" 1662 | dependencies = [ 1663 | "tinyvec", 1664 | ] 1665 | 1666 | [[package]] 1667 | name = "unicode-width" 1668 | version = "0.1.11" 1669 | source = "registry+https://github.com/rust-lang/crates.io-index" 1670 | checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" 1671 | 1672 | [[package]] 1673 | name = "unicode-xid" 1674 | version = "0.2.4" 1675 | source = "registry+https://github.com/rust-lang/crates.io-index" 1676 | checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" 1677 | 1678 | [[package]] 1679 | name = "unsafe-libyaml" 1680 | version = "0.2.10" 1681 | source = "registry+https://github.com/rust-lang/crates.io-index" 1682 | checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b" 1683 | 1684 | [[package]] 1685 | name = "url" 1686 | version = "2.5.0" 1687 | source = "registry+https://github.com/rust-lang/crates.io-index" 1688 | checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" 1689 | dependencies = [ 1690 | "form_urlencoded", 1691 | "idna", 1692 | "percent-encoding", 1693 | ] 1694 | 1695 | [[package]] 1696 | name = "urlencoding" 1697 | version = "2.1.3" 1698 | source = "registry+https://github.com/rust-lang/crates.io-index" 1699 | checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" 1700 | 1701 | [[package]] 1702 | name = "utf8parse" 1703 | version = "0.2.1" 1704 | source = "registry+https://github.com/rust-lang/crates.io-index" 1705 | checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" 1706 | 1707 | [[package]] 1708 | name = "version_check" 1709 | version = "0.9.4" 1710 | source = "registry+https://github.com/rust-lang/crates.io-index" 1711 | checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" 1712 | 1713 | [[package]] 1714 | name = "wasi" 1715 | version = "0.11.0+wasi-snapshot-preview1" 1716 | source = "registry+https://github.com/rust-lang/crates.io-index" 1717 | checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" 1718 | 1719 | [[package]] 1720 | name = "wasm-bindgen" 1721 | version = "0.2.88" 1722 | source = "registry+https://github.com/rust-lang/crates.io-index" 1723 | checksum = "7daec296f25a1bae309c0cd5c29c4b260e510e6d813c286b19eaadf409d40fce" 1724 | dependencies = [ 1725 | "cfg-if", 1726 | "wasm-bindgen-macro", 1727 | ] 1728 | 1729 | [[package]] 1730 | name = "wasm-bindgen-backend" 1731 | version = "0.2.88" 1732 | source = "registry+https://github.com/rust-lang/crates.io-index" 1733 | checksum = "e397f4664c0e4e428e8313a469aaa58310d302159845980fd23b0f22a847f217" 1734 | dependencies = [ 1735 | "bumpalo", 1736 | "log", 1737 | "once_cell", 1738 | "proc-macro2", 1739 | "quote", 1740 | "syn 2.0.39", 1741 | "wasm-bindgen-shared", 1742 | ] 1743 | 1744 | [[package]] 1745 | name = "wasm-bindgen-macro" 1746 | version = "0.2.88" 1747 | source = "registry+https://github.com/rust-lang/crates.io-index" 1748 | checksum = "5961017b3b08ad5f3fe39f1e79877f8ee7c23c5e5fd5eb80de95abc41f1f16b2" 1749 | dependencies = [ 1750 | "quote", 1751 | "wasm-bindgen-macro-support", 1752 | ] 1753 | 1754 | [[package]] 1755 | name = "wasm-bindgen-macro-support" 1756 | version = "0.2.88" 1757 | source = "registry+https://github.com/rust-lang/crates.io-index" 1758 | checksum = "c5353b8dab669f5e10f5bd76df26a9360c748f054f862ff5f3f8aae0c7fb3907" 1759 | dependencies = [ 1760 | "proc-macro2", 1761 | "quote", 1762 | "syn 2.0.39", 1763 | "wasm-bindgen-backend", 1764 | "wasm-bindgen-shared", 1765 | ] 1766 | 1767 | [[package]] 1768 | name = "wasm-bindgen-shared" 1769 | version = "0.2.88" 1770 | source = "registry+https://github.com/rust-lang/crates.io-index" 1771 | checksum = "0d046c5d029ba91a1ed14da14dca44b68bf2f124cfbaf741c54151fdb3e0750b" 1772 | 1773 | [[package]] 1774 | name = "wasm-encoder" 1775 | version = "0.38.0" 1776 | source = "registry+https://github.com/rust-lang/crates.io-index" 1777 | checksum = "7b09bc5df933a3dabbdb72ae4b6b71be8ae07f58774d5aa41bd20adcd41a235a" 1778 | dependencies = [ 1779 | "leb128", 1780 | ] 1781 | 1782 | [[package]] 1783 | name = "wasmparser" 1784 | version = "0.100.0" 1785 | source = "registry+https://github.com/rust-lang/crates.io-index" 1786 | checksum = "64b20236ab624147dfbb62cf12a19aaf66af0e41b8398838b66e997d07d269d4" 1787 | dependencies = [ 1788 | "indexmap 1.9.3", 1789 | "url", 1790 | ] 1791 | 1792 | [[package]] 1793 | name = "wasmtime" 1794 | version = "6.0.2" 1795 | source = "registry+https://github.com/rust-lang/crates.io-index" 1796 | checksum = "76a222f5fa1e14b2cefc286f1b68494d7a965f4bf57ec04c59bb62673d639af6" 1797 | dependencies = [ 1798 | "anyhow", 1799 | "async-trait", 1800 | "bincode", 1801 | "cfg-if", 1802 | "indexmap 1.9.3", 1803 | "libc", 1804 | "log", 1805 | "object 0.29.0", 1806 | "once_cell", 1807 | "paste", 1808 | "psm", 1809 | "rayon", 1810 | "serde", 1811 | "target-lexicon", 1812 | "wasmparser", 1813 | "wasmtime-cache", 1814 | "wasmtime-component-macro", 1815 | "wasmtime-cranelift", 1816 | "wasmtime-environ", 1817 | "wasmtime-fiber", 1818 | "wasmtime-jit", 1819 | "wasmtime-runtime", 1820 | "wat", 1821 | "windows-sys 0.42.0", 1822 | ] 1823 | 1824 | [[package]] 1825 | name = "wasmtime-asm-macros" 1826 | version = "6.0.2" 1827 | source = "registry+https://github.com/rust-lang/crates.io-index" 1828 | checksum = "4407a7246e7d2f3d8fb1cf0c72fda8dbafdb6dd34d555ae8bea0e5ae031089cc" 1829 | dependencies = [ 1830 | "cfg-if", 1831 | ] 1832 | 1833 | [[package]] 1834 | name = "wasmtime-cache" 1835 | version = "6.0.2" 1836 | source = "registry+https://github.com/rust-lang/crates.io-index" 1837 | checksum = "5ceb3adf61d654be0be67fffdce42447b0880481348785be5fe40b5dd7663a4c" 1838 | dependencies = [ 1839 | "anyhow", 1840 | "base64 0.13.1", 1841 | "bincode", 1842 | "directories-next", 1843 | "file-per-thread-logger", 1844 | "log", 1845 | "rustix 0.36.17", 1846 | "serde", 1847 | "sha2", 1848 | "toml", 1849 | "windows-sys 0.42.0", 1850 | "zstd", 1851 | ] 1852 | 1853 | [[package]] 1854 | name = "wasmtime-component-macro" 1855 | version = "6.0.2" 1856 | source = "registry+https://github.com/rust-lang/crates.io-index" 1857 | checksum = "8fa788049cb25d2c6ca14408bbe8e25c5d529f90b22f2ae994048a9aaac3a23e" 1858 | dependencies = [ 1859 | "anyhow", 1860 | "proc-macro2", 1861 | "quote", 1862 | "syn 1.0.109", 1863 | "wasmtime-component-util", 1864 | "wasmtime-wit-bindgen", 1865 | "wit-parser", 1866 | ] 1867 | 1868 | [[package]] 1869 | name = "wasmtime-component-util" 1870 | version = "6.0.2" 1871 | source = "registry+https://github.com/rust-lang/crates.io-index" 1872 | checksum = "ef714fd2c055ad19e5b9dfd21cf2efdcd57c841ef5b5e96a0340b4af0b4320e3" 1873 | 1874 | [[package]] 1875 | name = "wasmtime-cranelift" 1876 | version = "6.0.2" 1877 | source = "registry+https://github.com/rust-lang/crates.io-index" 1878 | checksum = "3c366bb8647e01fd08cb5589976284b00abfded5529b33d7e7f3f086c68304a4" 1879 | dependencies = [ 1880 | "anyhow", 1881 | "cranelift-codegen", 1882 | "cranelift-entity", 1883 | "cranelift-frontend", 1884 | "cranelift-native", 1885 | "cranelift-wasm", 1886 | "gimli 0.26.2", 1887 | "log", 1888 | "object 0.29.0", 1889 | "target-lexicon", 1890 | "thiserror", 1891 | "wasmparser", 1892 | "wasmtime-environ", 1893 | ] 1894 | 1895 | [[package]] 1896 | name = "wasmtime-environ" 1897 | version = "6.0.2" 1898 | source = "registry+https://github.com/rust-lang/crates.io-index" 1899 | checksum = "47b8b50962eae38ee319f7b24900b7cf371f03eebdc17400c1dc8575fc10c9a7" 1900 | dependencies = [ 1901 | "anyhow", 1902 | "cranelift-entity", 1903 | "gimli 0.26.2", 1904 | "indexmap 1.9.3", 1905 | "log", 1906 | "object 0.29.0", 1907 | "serde", 1908 | "target-lexicon", 1909 | "thiserror", 1910 | "wasmparser", 1911 | "wasmtime-types", 1912 | ] 1913 | 1914 | [[package]] 1915 | name = "wasmtime-fiber" 1916 | version = "6.0.2" 1917 | source = "registry+https://github.com/rust-lang/crates.io-index" 1918 | checksum = "41b166ca664b08e68d992b8184a7d66600bb3f2faf348fa98ce1d4b60195c591" 1919 | dependencies = [ 1920 | "cc", 1921 | "cfg-if", 1922 | "rustix 0.36.17", 1923 | "wasmtime-asm-macros", 1924 | "windows-sys 0.42.0", 1925 | ] 1926 | 1927 | [[package]] 1928 | name = "wasmtime-jit" 1929 | version = "6.0.2" 1930 | source = "registry+https://github.com/rust-lang/crates.io-index" 1931 | checksum = "ffaed4f9a234ba5225d8e64eac7b4a5d13b994aeb37353cde2cbeb3febda9eaa" 1932 | dependencies = [ 1933 | "addr2line 0.17.0", 1934 | "anyhow", 1935 | "bincode", 1936 | "cfg-if", 1937 | "cpp_demangle", 1938 | "gimli 0.26.2", 1939 | "ittapi", 1940 | "log", 1941 | "object 0.29.0", 1942 | "rustc-demangle", 1943 | "serde", 1944 | "target-lexicon", 1945 | "wasmtime-environ", 1946 | "wasmtime-jit-debug", 1947 | "wasmtime-jit-icache-coherence", 1948 | "wasmtime-runtime", 1949 | "windows-sys 0.42.0", 1950 | ] 1951 | 1952 | [[package]] 1953 | name = "wasmtime-jit-debug" 1954 | version = "6.0.2" 1955 | source = "registry+https://github.com/rust-lang/crates.io-index" 1956 | checksum = "eed41cbcbf74ce3ff6f1d07d1b707888166dc408d1a880f651268f4f7c9194b2" 1957 | dependencies = [ 1958 | "object 0.29.0", 1959 | "once_cell", 1960 | "rustix 0.36.17", 1961 | ] 1962 | 1963 | [[package]] 1964 | name = "wasmtime-jit-icache-coherence" 1965 | version = "6.0.2" 1966 | source = "registry+https://github.com/rust-lang/crates.io-index" 1967 | checksum = "43a28ae1e648461bfdbb79db3efdaee1bca5b940872e4175390f465593a2e54c" 1968 | dependencies = [ 1969 | "cfg-if", 1970 | "libc", 1971 | "windows-sys 0.42.0", 1972 | ] 1973 | 1974 | [[package]] 1975 | name = "wasmtime-runtime" 1976 | version = "6.0.2" 1977 | source = "registry+https://github.com/rust-lang/crates.io-index" 1978 | checksum = "e704b126e4252788ccfc3526d4d4511d4b23c521bf123e447ac726c14545217b" 1979 | dependencies = [ 1980 | "anyhow", 1981 | "cc", 1982 | "cfg-if", 1983 | "indexmap 1.9.3", 1984 | "libc", 1985 | "log", 1986 | "mach", 1987 | "memfd", 1988 | "memoffset 0.6.5", 1989 | "paste", 1990 | "rand", 1991 | "rustix 0.36.17", 1992 | "wasmtime-asm-macros", 1993 | "wasmtime-environ", 1994 | "wasmtime-fiber", 1995 | "wasmtime-jit-debug", 1996 | "windows-sys 0.42.0", 1997 | ] 1998 | 1999 | [[package]] 2000 | name = "wasmtime-types" 2001 | version = "6.0.2" 2002 | source = "registry+https://github.com/rust-lang/crates.io-index" 2003 | checksum = "83e5572c5727c1ee7e8f28717aaa8400e4d22dcbd714ea5457d85b5005206568" 2004 | dependencies = [ 2005 | "cranelift-entity", 2006 | "serde", 2007 | "thiserror", 2008 | "wasmparser", 2009 | ] 2010 | 2011 | [[package]] 2012 | name = "wasmtime-wit-bindgen" 2013 | version = "6.0.2" 2014 | source = "registry+https://github.com/rust-lang/crates.io-index" 2015 | checksum = "bdac99f42950e84adf9d284c60b8b015e5bb6010d5bc53c6a5b0070d6d19ca63" 2016 | dependencies = [ 2017 | "anyhow", 2018 | "heck", 2019 | "wit-parser", 2020 | ] 2021 | 2022 | [[package]] 2023 | name = "wast" 2024 | version = "69.0.0" 2025 | source = "registry+https://github.com/rust-lang/crates.io-index" 2026 | checksum = "efa51b5ad1391943d1bfad537e50f28fe938199ee76b115be6bae83802cd5185" 2027 | dependencies = [ 2028 | "leb128", 2029 | "memchr", 2030 | "unicode-width", 2031 | "wasm-encoder", 2032 | ] 2033 | 2034 | [[package]] 2035 | name = "wat" 2036 | version = "1.0.81" 2037 | source = "registry+https://github.com/rust-lang/crates.io-index" 2038 | checksum = "74a4c2488d058326466e086a43f5d4ea448241a8d0975e3eb0642c0828be1eb3" 2039 | dependencies = [ 2040 | "wast", 2041 | ] 2042 | 2043 | [[package]] 2044 | name = "winapi" 2045 | version = "0.3.9" 2046 | source = "registry+https://github.com/rust-lang/crates.io-index" 2047 | checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" 2048 | dependencies = [ 2049 | "winapi-i686-pc-windows-gnu", 2050 | "winapi-x86_64-pc-windows-gnu", 2051 | ] 2052 | 2053 | [[package]] 2054 | name = "winapi-i686-pc-windows-gnu" 2055 | version = "0.4.0" 2056 | source = "registry+https://github.com/rust-lang/crates.io-index" 2057 | checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" 2058 | 2059 | [[package]] 2060 | name = "winapi-util" 2061 | version = "0.1.6" 2062 | source = "registry+https://github.com/rust-lang/crates.io-index" 2063 | checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" 2064 | dependencies = [ 2065 | "winapi", 2066 | ] 2067 | 2068 | [[package]] 2069 | name = "winapi-x86_64-pc-windows-gnu" 2070 | version = "0.4.0" 2071 | source = "registry+https://github.com/rust-lang/crates.io-index" 2072 | checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" 2073 | 2074 | [[package]] 2075 | name = "windows-core" 2076 | version = "0.51.1" 2077 | source = "registry+https://github.com/rust-lang/crates.io-index" 2078 | checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64" 2079 | dependencies = [ 2080 | "windows-targets 0.48.5", 2081 | ] 2082 | 2083 | [[package]] 2084 | name = "windows-sys" 2085 | version = "0.42.0" 2086 | source = "registry+https://github.com/rust-lang/crates.io-index" 2087 | checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" 2088 | dependencies = [ 2089 | "windows_aarch64_gnullvm 0.42.2", 2090 | "windows_aarch64_msvc 0.42.2", 2091 | "windows_i686_gnu 0.42.2", 2092 | "windows_i686_msvc 0.42.2", 2093 | "windows_x86_64_gnu 0.42.2", 2094 | "windows_x86_64_gnullvm 0.42.2", 2095 | "windows_x86_64_msvc 0.42.2", 2096 | ] 2097 | 2098 | [[package]] 2099 | name = "windows-sys" 2100 | version = "0.45.0" 2101 | source = "registry+https://github.com/rust-lang/crates.io-index" 2102 | checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" 2103 | dependencies = [ 2104 | "windows-targets 0.42.2", 2105 | ] 2106 | 2107 | [[package]] 2108 | name = "windows-sys" 2109 | version = "0.48.0" 2110 | source = "registry+https://github.com/rust-lang/crates.io-index" 2111 | checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" 2112 | dependencies = [ 2113 | "windows-targets 0.48.5", 2114 | ] 2115 | 2116 | [[package]] 2117 | name = "windows-targets" 2118 | version = "0.42.2" 2119 | source = "registry+https://github.com/rust-lang/crates.io-index" 2120 | checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" 2121 | dependencies = [ 2122 | "windows_aarch64_gnullvm 0.42.2", 2123 | "windows_aarch64_msvc 0.42.2", 2124 | "windows_i686_gnu 0.42.2", 2125 | "windows_i686_msvc 0.42.2", 2126 | "windows_x86_64_gnu 0.42.2", 2127 | "windows_x86_64_gnullvm 0.42.2", 2128 | "windows_x86_64_msvc 0.42.2", 2129 | ] 2130 | 2131 | [[package]] 2132 | name = "windows-targets" 2133 | version = "0.48.5" 2134 | source = "registry+https://github.com/rust-lang/crates.io-index" 2135 | checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" 2136 | dependencies = [ 2137 | "windows_aarch64_gnullvm 0.48.5", 2138 | "windows_aarch64_msvc 0.48.5", 2139 | "windows_i686_gnu 0.48.5", 2140 | "windows_i686_msvc 0.48.5", 2141 | "windows_x86_64_gnu 0.48.5", 2142 | "windows_x86_64_gnullvm 0.48.5", 2143 | "windows_x86_64_msvc 0.48.5", 2144 | ] 2145 | 2146 | [[package]] 2147 | name = "windows_aarch64_gnullvm" 2148 | version = "0.42.2" 2149 | source = "registry+https://github.com/rust-lang/crates.io-index" 2150 | checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" 2151 | 2152 | [[package]] 2153 | name = "windows_aarch64_gnullvm" 2154 | version = "0.48.5" 2155 | source = "registry+https://github.com/rust-lang/crates.io-index" 2156 | checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" 2157 | 2158 | [[package]] 2159 | name = "windows_aarch64_msvc" 2160 | version = "0.42.2" 2161 | source = "registry+https://github.com/rust-lang/crates.io-index" 2162 | checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" 2163 | 2164 | [[package]] 2165 | name = "windows_aarch64_msvc" 2166 | version = "0.48.5" 2167 | source = "registry+https://github.com/rust-lang/crates.io-index" 2168 | checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" 2169 | 2170 | [[package]] 2171 | name = "windows_i686_gnu" 2172 | version = "0.42.2" 2173 | source = "registry+https://github.com/rust-lang/crates.io-index" 2174 | checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" 2175 | 2176 | [[package]] 2177 | name = "windows_i686_gnu" 2178 | version = "0.48.5" 2179 | source = "registry+https://github.com/rust-lang/crates.io-index" 2180 | checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" 2181 | 2182 | [[package]] 2183 | name = "windows_i686_msvc" 2184 | version = "0.42.2" 2185 | source = "registry+https://github.com/rust-lang/crates.io-index" 2186 | checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" 2187 | 2188 | [[package]] 2189 | name = "windows_i686_msvc" 2190 | version = "0.48.5" 2191 | source = "registry+https://github.com/rust-lang/crates.io-index" 2192 | checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" 2193 | 2194 | [[package]] 2195 | name = "windows_x86_64_gnu" 2196 | version = "0.42.2" 2197 | source = "registry+https://github.com/rust-lang/crates.io-index" 2198 | checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" 2199 | 2200 | [[package]] 2201 | name = "windows_x86_64_gnu" 2202 | version = "0.48.5" 2203 | source = "registry+https://github.com/rust-lang/crates.io-index" 2204 | checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" 2205 | 2206 | [[package]] 2207 | name = "windows_x86_64_gnullvm" 2208 | version = "0.42.2" 2209 | source = "registry+https://github.com/rust-lang/crates.io-index" 2210 | checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" 2211 | 2212 | [[package]] 2213 | name = "windows_x86_64_gnullvm" 2214 | version = "0.48.5" 2215 | source = "registry+https://github.com/rust-lang/crates.io-index" 2216 | checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" 2217 | 2218 | [[package]] 2219 | name = "windows_x86_64_msvc" 2220 | version = "0.42.2" 2221 | source = "registry+https://github.com/rust-lang/crates.io-index" 2222 | checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" 2223 | 2224 | [[package]] 2225 | name = "windows_x86_64_msvc" 2226 | version = "0.48.5" 2227 | source = "registry+https://github.com/rust-lang/crates.io-index" 2228 | checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" 2229 | 2230 | [[package]] 2231 | name = "wit-parser" 2232 | version = "0.6.4" 2233 | source = "registry+https://github.com/rust-lang/crates.io-index" 2234 | checksum = "f887c3da527a51b321076ebe6a7513026a4757b6d4d144259946552d6fc728b3" 2235 | dependencies = [ 2236 | "anyhow", 2237 | "id-arena", 2238 | "indexmap 1.9.3", 2239 | "log", 2240 | "pulldown-cmark", 2241 | "unicode-xid", 2242 | "url", 2243 | ] 2244 | 2245 | [[package]] 2246 | name = "zstd" 2247 | version = "0.11.2+zstd.1.5.2" 2248 | source = "registry+https://github.com/rust-lang/crates.io-index" 2249 | checksum = "20cc960326ece64f010d2d2107537f26dc589a6573a316bd5b1dba685fa5fde4" 2250 | dependencies = [ 2251 | "zstd-safe", 2252 | ] 2253 | 2254 | [[package]] 2255 | name = "zstd-safe" 2256 | version = "5.0.2+zstd.1.5.2" 2257 | source = "registry+https://github.com/rust-lang/crates.io-index" 2258 | checksum = "1d2a5585e04f9eea4b2a3d1eca508c4dee9592a89ef6f450c11719da0726f4db" 2259 | dependencies = [ 2260 | "libc", 2261 | "zstd-sys", 2262 | ] 2263 | 2264 | [[package]] 2265 | name = "zstd-sys" 2266 | version = "2.0.9+zstd.1.5.5" 2267 | source = "registry+https://github.com/rust-lang/crates.io-index" 2268 | checksum = "9e16efa8a874a0481a574084d34cc26fdb3b99627480f785888deb6386506656" 2269 | dependencies = [ 2270 | "cc", 2271 | "pkg-config", 2272 | ] 2273 | -------------------------------------------------------------------------------- /eval/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "eval" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | anyhow = "1.0.70" 8 | clap = { version = "4.2.1", features = ["derive"] } 9 | opa-wasm = { git = "https://github.com/matrix-org/rust-opa-wasm.git", rev = "f2a72769f9082dd9bc007247bb9bc4546ae3f7d3" } 10 | serde = { version = "1.0.159", features = ["derive"] } 11 | serde_json = "1.0.95" 12 | thiserror = "1.0.40" 13 | tokio = { version = "1.27.0", features = ["fs", "macros", "rt-multi-thread"] } 14 | wasmtime = "6.0.0" 15 | -------------------------------------------------------------------------------- /eval/rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "1.74.0" 3 | profile = "minimal" 4 | -------------------------------------------------------------------------------- /eval/src/main.rs: -------------------------------------------------------------------------------- 1 | use clap::Parser; 2 | use opa_wasm::Runtime; 3 | use serde_json::{json, Value}; 4 | use std::fs::File; 5 | use std::io::Write; 6 | use std::path::PathBuf; 7 | use wasmtime::{Config, Engine, Module, Store}; 8 | 9 | #[tokio::main] 10 | async fn main() -> Result<(), EvalError> { 11 | let args = Cli::parse(); 12 | args.validate()?; 13 | 14 | // Convert CLI inputs into JSON (serde_json::Value) 15 | let data = get_json(args.data, args.data_path)?; // OPA data object 16 | let input = get_json(args.input, args.input_path)?; // OPA input object 17 | 18 | // Create a Wasm engine to handle policy.wasm 19 | let mut config = Config::new(); 20 | config.async_support(true); 21 | let engine = Engine::new(&config)?; 22 | let policy_wasm = tokio::fs::read("%policy%").await?; // Nix substitutes %policy% with a Nix store path to the policy file 23 | let policy_module = Module::new(&engine, policy_wasm)?; 24 | 25 | // Create a Wasmtime store 26 | let mut store = Store::new(&engine, ()); 27 | 28 | // Create a Wasmtime runtime from the store and module 29 | let runtime = Runtime::new(&mut store, &policy_module).await?; 30 | 31 | // Supply the runtime with data 32 | let policy = runtime.with_data(&mut store, &data).await?; 33 | 34 | // Evaluate the policy 35 | let value: serde_json::Value = policy.evaluate(&mut store, "%entrypoint%", &input).await?; 36 | 37 | // Convert the resulting JSON into a nice indented string 38 | let output_json = serde_json::to_string_pretty(&value)?; 39 | 40 | // Write the result either to a file or to stdout 41 | if let Some(output) = args.output { 42 | let path = output.to_str().unwrap(); 43 | let mut file = File::create(path)?; 44 | file.write_all(output_json.as_bytes())?; 45 | } else { 46 | std::io::stdout().write_all(output_json.as_bytes())?; 47 | } 48 | 49 | Ok(()) 50 | } 51 | 52 | 53 | /// A policy evaluator wrapping the OPA policy %rego% with entrypoint %entrypoint% 54 | #[derive(Parser)] 55 | #[command(author, about, long_about = None)] 56 | struct Cli { 57 | /// Policy data object 58 | #[arg(short, long)] 59 | data: Option, 60 | 61 | /// Path to policy data JSON object 62 | #[arg(short, long)] 63 | data_path: Option, 64 | 65 | /// Policy input object 66 | #[arg(short, long)] 67 | input: Option, 68 | 69 | /// Path to policy input JSON object 70 | #[arg(short, long)] 71 | input_path: Option, 72 | 73 | /// Result JSON output path 74 | #[arg(short, long)] 75 | output: Option, 76 | } 77 | 78 | impl Cli { 79 | fn validate(&self) -> Result<(), EvalError> { 80 | if self.input.is_some() && self.input_path.is_some() { 81 | return Err(EvalError::ConfigError(String::from( 82 | "you can only specify --input or --input-path, not both", 83 | ))); 84 | } 85 | 86 | if self.data.is_some() && self.data_path.is_some() { 87 | return Err(EvalError::ConfigError(String::from( 88 | "you can only specify --data or --data-path, not both", 89 | ))); 90 | } 91 | 92 | Ok(()) 93 | } 94 | } 95 | 96 | #[derive(Debug, thiserror::Error)] 97 | enum EvalError { 98 | #[error("config error: {0}")] 99 | ConfigError(String), 100 | 101 | #[error("io error: {0}")] 102 | Io(#[from] std::io::Error), 103 | 104 | #[error("error: {0}")] 105 | Any(#[from] anyhow::Error), 106 | 107 | #[error("json error: {0}")] 108 | Json(#[from] serde_json::Error), 109 | } 110 | 111 | // Helper function for producing JSON from either a raw string or a filepath 112 | // If neither is supplied, an empty JSON object is returned 113 | fn get_json(s: Option, p: Option) -> Result { 114 | let js = if let Some(s) = s { 115 | serde_json::from_str(&s)? 116 | } else if let Some(p) = p { 117 | let s = std::fs::read_to_string(p)?; 118 | serde_json::from_str(&s)? 119 | } else { 120 | json!({}) 121 | }; 122 | Ok(js) 123 | } 124 | -------------------------------------------------------------------------------- /examples/flake.json: -------------------------------------------------------------------------------- 1 | { 2 | "allowed_refs": [ 3 | "nixos-22.11", 4 | "nixos-22.11-small", 5 | "nixos-unstable", 6 | "nixos-unstable-small", 7 | "nixpkgs-22.11-darwin", 8 | "nixpkgs-unstable" 9 | ], 10 | "max_days": 30 11 | } 12 | -------------------------------------------------------------------------------- /examples/flake.rego: -------------------------------------------------------------------------------- 1 | package flake 2 | 3 | import data.allowed_refs as allowed_refs 4 | import data.max_days as max_days 5 | import future.keywords.in 6 | import input as flake_lock 7 | 8 | # Constants and helper functions 9 | has_key(obj, k) { 10 | _ = obj[k] 11 | } 12 | 13 | # Deny flake.lock files with a Git ref that's not included in the provided data.json 14 | deny[{ 15 | "issue": "disallowed-nixpkgs-ref", 16 | "detail": { 17 | "disallowed_ref": ref, 18 | }, 19 | }] { 20 | has_key(flake_lock.nodes.root.inputs, "nixpkgs") 21 | nixpkgs_root := flake_lock.nodes.root.inputs.nixpkgs 22 | nixpkgs := flake_lock.nodes[nixpkgs_root] 23 | has_key(nixpkgs.original, "ref") 24 | ref := nixpkgs.original.ref 25 | not ref in allowed_refs 26 | } 27 | 28 | # Deny flake.lock files where any Nixpkgs was last updated more than 30 days ago 29 | deny[{ 30 | "issue": "outdated-nixpkgs-ref", 31 | "detail": { 32 | "age_in_days": floor(age / ((24 * 60) * 60)), 33 | "max_days": data.max_days, 34 | }, 35 | }] { 36 | has_key(flake_lock.nodes.root.inputs, "nixpkgs") 37 | nixpkgs_root := flake_lock.nodes.root.inputs.nixpkgs 38 | nixpkgs := flake_lock.nodes[nixpkgs_root] 39 | last_mod := nixpkgs.locked.lastModified 40 | age := (time.now_ns() / 1000000000) - last_mod 41 | secs_per_max_period := max_days * ((24 * 60) * 60) 42 | age > secs_per_max_period 43 | } 44 | -------------------------------------------------------------------------------- /examples/rbac.rego: -------------------------------------------------------------------------------- 1 | package rbac 2 | 3 | default allow := false 4 | 5 | allow = true { 6 | expected := data.expected 7 | password := input.password 8 | password == expected 9 | } 10 | -------------------------------------------------------------------------------- /examples/tfstate.rego: -------------------------------------------------------------------------------- 1 | package tfstate 2 | 3 | import input as tfstate 4 | 5 | # METADATA 6 | # title: Ensure minimum Terraform version 7 | # description: Terraform version must be greater than the minimum specified in data.min_tf_version 8 | # custom: 9 | # severity: FATAL 10 | deny[format(rego.metadata.rule())] { 11 | tf_version := tfstate.version 12 | min_tf_version := data.min_tf_version 13 | semver.compare(tf_version, min_tf_version) == -1 14 | } 15 | 16 | # METADATA 17 | # title: Ensure outputs 18 | # description: Terraform state outputs must not be empty 19 | # custom: 20 | # severity: HIGH 21 | deny[format(rego.metadata.rule())] { 22 | count(tfstate.outputs) == 0 23 | } 24 | 25 | format(meta) := {"severity": meta.custom.severity, "reason": meta.description} 26 | -------------------------------------------------------------------------------- /flake.bad.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "flake-utils": { 4 | "inputs": { 5 | "systems": "systems" 6 | }, 7 | "locked": { 8 | "lastModified": 1681202837, 9 | "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 10 | "owner": "numtide", 11 | "repo": "flake-utils", 12 | "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 13 | "type": "github" 14 | }, 15 | "original": { 16 | "owner": "numtide", 17 | "repo": "flake-utils", 18 | "type": "github" 19 | } 20 | }, 21 | "flake-utils_2": { 22 | "inputs": { 23 | "systems": "systems_2" 24 | }, 25 | "locked": { 26 | "lastModified": 1681202837, 27 | "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 28 | "owner": "numtide", 29 | "repo": "flake-utils", 30 | "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 31 | "type": "github" 32 | }, 33 | "original": { 34 | "owner": "numtide", 35 | "repo": "flake-utils", 36 | "type": "github" 37 | } 38 | }, 39 | "nixpkgs": { 40 | "locked": { 41 | "lastModified": 1674408516, 42 | "narHash": "sha256-LpM5It7O9Qb/szkmMJesmABJ9es8aIy7wXSNjA7VMcg=", 43 | "owner": "NixOS", 44 | "repo": "nixpkgs", 45 | "rev": "cc8c9f21bb4b89776b357475d6bc813bf17d09a8", 46 | "type": "github" 47 | }, 48 | "original": { 49 | "ref": "some-ancient-ref", 50 | "owner": "NixOS", 51 | "repo": "nixpkgs", 52 | "type": "github" 53 | } 54 | }, 55 | "nuenv": { 56 | "inputs": { 57 | "nixpkgs": [ 58 | "nixpkgs" 59 | ], 60 | "rust-overlay": "rust-overlay" 61 | }, 62 | "locked": { 63 | "lastModified": 1684409155, 64 | "narHash": "sha256-oHAifXgrHcuOkoH2z2biyhBH+Qb+C+bVow7eofECGLM=", 65 | "owner": "DeterminateSystems", 66 | "repo": "nuenv", 67 | "rev": "0c3850380e1dfc919b7c348f3f5a7f53d31e4b38", 68 | "type": "github" 69 | }, 70 | "original": { 71 | "owner": "DeterminateSystems", 72 | "repo": "nuenv", 73 | "type": "github" 74 | } 75 | }, 76 | "root": { 77 | "inputs": { 78 | "nixpkgs": "nixpkgs", 79 | "nuenv": "nuenv", 80 | "rust-overlay": "rust-overlay_2" 81 | } 82 | }, 83 | "rust-overlay": { 84 | "inputs": { 85 | "flake-utils": "flake-utils", 86 | "nixpkgs": [ 87 | "nuenv", 88 | "nixpkgs" 89 | ] 90 | }, 91 | "locked": { 92 | "lastModified": 1684376381, 93 | "narHash": "sha256-XVFTXADfvBXKwo4boqfg80awUbT+JgQvlQ8uZ+Xgo1s=", 94 | "owner": "oxalica", 95 | "repo": "rust-overlay", 96 | "rev": "7c9a265c2eaa5783bc18593b1aec39a85653c076", 97 | "type": "github" 98 | }, 99 | "original": { 100 | "owner": "oxalica", 101 | "repo": "rust-overlay", 102 | "type": "github" 103 | } 104 | }, 105 | "rust-overlay_2": { 106 | "inputs": { 107 | "flake-utils": "flake-utils_2", 108 | "nixpkgs": [ 109 | "nixpkgs" 110 | ] 111 | }, 112 | "locked": { 113 | "lastModified": 1684376381, 114 | "narHash": "sha256-XVFTXADfvBXKwo4boqfg80awUbT+JgQvlQ8uZ+Xgo1s=", 115 | "owner": "oxalica", 116 | "repo": "rust-overlay", 117 | "rev": "7c9a265c2eaa5783bc18593b1aec39a85653c076", 118 | "type": "github" 119 | }, 120 | "original": { 121 | "owner": "oxalica", 122 | "repo": "rust-overlay", 123 | "type": "github" 124 | } 125 | }, 126 | "systems": { 127 | "locked": { 128 | "lastModified": 1681028828, 129 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 130 | "owner": "nix-systems", 131 | "repo": "default", 132 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 133 | "type": "github" 134 | }, 135 | "original": { 136 | "owner": "nix-systems", 137 | "repo": "default", 138 | "type": "github" 139 | } 140 | }, 141 | "systems_2": { 142 | "locked": { 143 | "lastModified": 1681028828, 144 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 145 | "owner": "nix-systems", 146 | "repo": "default", 147 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 148 | "type": "github" 149 | }, 150 | "original": { 151 | "owner": "nix-systems", 152 | "repo": "default", 153 | "type": "github" 154 | } 155 | } 156 | }, 157 | "root": "root", 158 | "version": 7 159 | } 160 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "flake-utils": { 4 | "inputs": { 5 | "systems": "systems" 6 | }, 7 | "locked": { 8 | "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 9 | "owner": "numtide", 10 | "repo": "flake-utils", 11 | "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 12 | "type": "github" 13 | }, 14 | "original": { 15 | "owner": "numtide", 16 | "repo": "flake-utils", 17 | "type": "github" 18 | } 19 | }, 20 | "flake-utils_2": { 21 | "inputs": { 22 | "systems": "systems_2" 23 | }, 24 | "locked": { 25 | "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 26 | "owner": "numtide", 27 | "repo": "flake-utils", 28 | "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 29 | "type": "github" 30 | }, 31 | "original": { 32 | "owner": "numtide", 33 | "repo": "flake-utils", 34 | "type": "github" 35 | } 36 | }, 37 | "nixpkgs": { 38 | "locked": { 39 | "lastModified": 1700851152, 40 | "narHash": "sha256-3PWITNJZyA3jz5IGREJRfSykM6xSLmD8u5A3WpBCyDM=", 41 | "rev": "1216a5ba22a93a4a3a3bfdb4bff0f4727c576fcc", 42 | "revCount": 492333, 43 | "type": "tarball", 44 | "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2305.492333%2Brev-1216a5ba22a93a4a3a3bfdb4bff0f4727c576fcc/018c062f-228c-717f-a68e-3d68efbfa794/source.tar.gz" 45 | }, 46 | "original": { 47 | "type": "tarball", 48 | "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2305.%2A.tar.gz" 49 | } 50 | }, 51 | "nuenv": { 52 | "inputs": { 53 | "nixpkgs": [ 54 | "nixpkgs" 55 | ], 56 | "rust-overlay": "rust-overlay" 57 | }, 58 | "locked": { 59 | "lastModified": 1, 60 | "narHash": "sha256-NF5mgnHDy8UXkbYamrxzs6e/VYaOgYDxRPdB8eTIY+w=", 61 | "rev": "9beb9b3a8c245d56c7882da1c0d443202e96e47c", 62 | "revCount": 160, 63 | "type": "tarball", 64 | "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nuenv/0.1.160%2Brev-9beb9b3a8c245d56c7882da1c0d443202e96e47c/0189fb87-7845-7d6f-8421-7b0957de85ae/source.tar.gz" 65 | }, 66 | "original": { 67 | "type": "tarball", 68 | "url": "https://flakehub.com/f/DeterminateSystems/nuenv/0.1.%2A.tar.gz" 69 | } 70 | }, 71 | "root": { 72 | "inputs": { 73 | "nixpkgs": "nixpkgs", 74 | "nuenv": "nuenv", 75 | "rust-overlay": "rust-overlay_2" 76 | } 77 | }, 78 | "rust-overlay": { 79 | "inputs": { 80 | "flake-utils": "flake-utils", 81 | "nixpkgs": [ 82 | "nuenv", 83 | "nixpkgs" 84 | ] 85 | }, 86 | "locked": { 87 | "narHash": "sha256-QwVeE9YTgH3LmL7yw2V/hgswL6yorIvYSp4YGI8lZYM=", 88 | "owner": "oxalica", 89 | "repo": "rust-overlay", 90 | "rev": "99df4908445be37ddb2d332580365fce512a7dcf", 91 | "type": "github" 92 | }, 93 | "original": { 94 | "owner": "oxalica", 95 | "repo": "rust-overlay", 96 | "type": "github" 97 | } 98 | }, 99 | "rust-overlay_2": { 100 | "inputs": { 101 | "flake-utils": "flake-utils_2", 102 | "nixpkgs": [ 103 | "nixpkgs" 104 | ] 105 | }, 106 | "locked": { 107 | "narHash": "sha256-vprUv4maYeo0zW5uyEznXsv6DXwE+lLk4dcyOz6rVBI=", 108 | "owner": "oxalica", 109 | "repo": "rust-overlay", 110 | "rev": "ee42d1bf90ceed1b1d2e4b79f947f7513f3a3506", 111 | "type": "github" 112 | }, 113 | "original": { 114 | "owner": "oxalica", 115 | "repo": "rust-overlay", 116 | "type": "github" 117 | } 118 | }, 119 | "systems": { 120 | "locked": { 121 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 122 | "owner": "nix-systems", 123 | "repo": "default", 124 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 125 | "type": "github" 126 | }, 127 | "original": { 128 | "owner": "nix-systems", 129 | "repo": "default", 130 | "type": "github" 131 | } 132 | }, 133 | "systems_2": { 134 | "locked": { 135 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 136 | "owner": "nix-systems", 137 | "repo": "default", 138 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 139 | "type": "github" 140 | }, 141 | "original": { 142 | "owner": "nix-systems", 143 | "repo": "default", 144 | "type": "github" 145 | } 146 | } 147 | }, 148 | "root": "root", 149 | "version": 7 150 | } 151 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "Applying Open Policy Agent policies to Nix"; 3 | 4 | inputs = { 5 | nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.2305.*.tar.gz"; 6 | nuenv = { 7 | url = "https://flakehub.com/f/DeterminateSystems/nuenv/0.1.*.tar.gz"; 8 | inputs.nixpkgs.follows = "nixpkgs"; 9 | }; 10 | rust-overlay = { 11 | url = "github:oxalica/rust-overlay"; 12 | inputs.nixpkgs.follows = "nixpkgs"; 13 | }; 14 | }; 15 | 16 | outputs = 17 | { self, ... }@inputs: 18 | 19 | let 20 | systems = [ 21 | "aarch64-linux" 22 | "x86_64-linux" 23 | "aarch64-darwin" 24 | "x86_64-darwin" 25 | ]; 26 | 27 | overlays = [ 28 | inputs.rust-overlay.overlays.rust-overlay # Provide rust-bin attribute 29 | self.overlays.default # Provide rustToolchain and mkPolicyEvaluator attributes 30 | inputs.nuenv.overlays.nuenv # Provide the nuenv attribute (for nuenv.mkDerivation) 31 | ]; 32 | 33 | forAllSystems = f: inputs.nixpkgs.lib.genAttrs systems (system: f { 34 | inherit system; 35 | pkgs = import inputs.nixpkgs { 36 | inherit overlays system; 37 | }; 38 | }); 39 | in 40 | { 41 | devShells = forAllSystems ({ pkgs, system }: { 42 | default = pkgs.mkShell { 43 | name = "nix-policy"; 44 | packages = with pkgs; [ 45 | open-policy-agent 46 | rustToolchain 47 | cargo-edit 48 | cargo-watch 49 | ]; 50 | }; 51 | 52 | ci = pkgs.mkShell { 53 | name = "nix-policy-ci"; 54 | packages = with pkgs; [ 55 | direnv 56 | ]; 57 | }; 58 | }); 59 | 60 | packages = forAllSystems ({ pkgs, system }: rec { 61 | default = rbac-eval; 62 | 63 | rbac-eval = pkgs.mkPolicyEvaluator { 64 | name = "rbac-eval"; 65 | src = ./.; 66 | policy = ./examples/rbac.rego; 67 | entrypoint = "rbac"; 68 | }; 69 | 70 | tfstate-eval = pkgs.mkPolicyEvaluator { 71 | name = "tfstate-eval"; 72 | src = ./.; 73 | policy = ./examples/tfstate.rego; 74 | entrypoint = "tfstate"; 75 | }; 76 | 77 | check-flake = pkgs.mkPolicyEvaluator { 78 | name = "check-flake"; 79 | src = ./.; 80 | policy = ./examples/flake.rego; 81 | entrypoint = "flake/deny"; 82 | }; 83 | 84 | # A Nushell script wrapping the check-flake package 85 | flake-checker = pkgs.nuenv.mkScript { 86 | name = "flake-checker"; 87 | script = '' 88 | # Checks that a flake.lock file conforms to Determinate Systems' strict policies 89 | def main [ 90 | path: path = "./flake.lock", # The flake.lock file to check (default: "./flake.lock") 91 | ] { 92 | let res = ( 93 | ${self.packages.${system}.check-flake}/bin/check-flake 94 | --input-path $path 95 | --data-path ${./examples/flake.json} 96 | ) 97 | let result = ($res | from json | get 0.result) 98 | 99 | let numProblems = ($result | length) 100 | if $numProblems == 0 { 101 | print $"(ansi green)SUCCESS(ansi reset)" 102 | } else { 103 | let problem = $"problem(if $numProblems > 1 { "s" })" 104 | let was = (if $numProblems > 1 { "were" } else { "was" }) 105 | print $"(ansi red)ERROR(ansi reset): (ansi blue)($numProblems)(ansi reset) ($problem) ($was) encountered" 106 | 107 | for problem in $result { 108 | if $problem.issue == "disallowed-nixpkgs-ref" { 109 | print $"> Disallowed Git ref for Nixpkgs: (ansi red)($problem.detail.disallowed_ref)(ansi reset)" 110 | } 111 | 112 | if $problem.issue == "outdated-nixpkgs-ref" { 113 | print $"> Outdated Nixpkgs dependency is (ansi red)($problem.detail.age_in_days)(ansi reset) days old while the limit is (ansi blue)($problem.detail.max_days)(ansi reset)" 114 | } 115 | } 116 | } 117 | } 118 | ''; 119 | }; 120 | }); 121 | 122 | lib = { 123 | # The OPA Wasm -> Rust CLI tool builder 124 | mkPolicyEvaluator = pkgs: import ./nix/evaluator.nix { inherit pkgs; }; 125 | }; 126 | 127 | overlays = { 128 | default = final: prev: rec { 129 | rustToolchain = prev.rust-bin.fromRustupToolchainFile ./eval/rust-toolchain.toml; 130 | mkPolicyEvaluator = self.lib.mkPolicyEvaluator final; 131 | }; 132 | }; 133 | }; 134 | } 135 | -------------------------------------------------------------------------------- /nix/evaluator.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: # Pinned Nixpkgs (from overlay) 2 | 3 | { name # The name of the final executable 4 | , src # The relative source root 5 | , policy # The Rego policy file 6 | , entrypoint # The OPA entrypoint 7 | }: 8 | 9 | let 10 | # Convert /nix/store/...-policy.rego into policy.rego 11 | policyName = builtins.baseNameOf policy; 12 | 13 | # Rust toolchain (from overlay) 14 | rust = pkgs.rustToolchain; 15 | 16 | # Rust platform derived from Rust toolchain 17 | rustPlatform = pkgs.makeRustPlatform { 18 | rustc = rust; 19 | cargo = rust; 20 | }; 21 | 22 | # Build a Wasm binary for the specified policy and entrypoint 23 | policyDrv = pkgs.nuenv.mkDerivation { 24 | name = "${name}-policy"; 25 | inherit entrypoint policy src; 26 | packages = with pkgs; [ binaryen gnutar gzip open-policy-agent ]; 27 | build = builtins.readFile ./nu/opa-wasm.nu; 28 | }; 29 | in 30 | rustPlatform.buildRustPackage { 31 | inherit name; 32 | src = ../eval; 33 | cargoLock = { 34 | lockFile = ../eval/Cargo.lock; 35 | outputHashes = { 36 | # Required because this is a git dependency, not crates.io 37 | "opa-wasm-0.1.0" = "sha256-ZasUQHHBLnGtGB+pkN/jjgXL0iVeCPA/q1Dxl5QAhQ0="; 38 | }; 39 | }; 40 | prePatch = '' 41 | substituteInPlace src/main.rs \ 42 | --replace %policy% ${policyDrv}/lib/policy.wasm \ 43 | --replace %rego% ${policyName} \ 44 | --replace %entrypoint% ${entrypoint} 45 | ''; 46 | postInstall = '' 47 | mv $out/bin/eval $out/bin/${name} 48 | ''; 49 | doCheck = false; # No tests yet 50 | } 51 | -------------------------------------------------------------------------------- /nix/nu/opa-wasm.nu: -------------------------------------------------------------------------------- 1 | def bl [msg: string] { $"(ansi blue)($msg)(ansi reset)" } 2 | def gr [msg: string] { $"(ansi light_green)($msg)(ansi reset)" } 3 | 4 | let out = $env.out 5 | let outLib = $"($out)/lib" 6 | 7 | let tarball = "bundle.tar.gz" 8 | let wasmOutput = "policy.wasm" 9 | let policy = $env.policy 10 | let relativePolicyPath = ($policy | parse $"($env.NIX_STORE)/{__hash}-{policy}" | get policy.0) 11 | let policyName = ($relativePolicyPath | parse "{policy}.rego" | get policy.0) 12 | let entrypoint = $env.entrypoint 13 | 14 | log $"Building Wasm policy (bl $relativePolicyPath) with entrypoint (gr $entrypoint)" 15 | 16 | let opaCmd = $"opa build --target wasm --entrypoint ($entrypoint) ($policy)" 17 | 18 | log $"Running (gr $opaCmd)" 19 | 20 | nu --commands $opaCmd 21 | 22 | log $"Running OPA tests on ($tarball)" 23 | opa run $tarball 24 | 25 | log $"Untarring ($tarball)" 26 | 27 | log "Tar output:" 28 | tar xvzf $tarball 29 | 30 | log "Reducing Wasm binary size using wasm-opt" 31 | wasm-opt $wasmOutput --output $wasmOutput 32 | 33 | log $"Making output directory (bl $out)" 34 | 35 | mkdir $outLib 36 | 37 | log $"Copying (bl $wasmOutput) to (gr $outLib)" 38 | 39 | mv $wasmOutput $outLib 40 | --------------------------------------------------------------------------------