Bumps deps

Cargo.toml

@@ -2,7 +2,7 @@
 name = "ztunnel"
 version = "0.0.0"
 edition = "2024"
-rust-version = "1.85"
+rust-version = "1.90"
 
 [features]
 default = ["tls-aws-lc"]
@@ -61,7 +61,7 @@ hickory-client = "0.25"
 hickory-proto = "0.25"
 hickory-resolver = "0.25"
 hickory-server = { version = "0.25", features = [ "resolver" ]}
-http-body = { package = "http-body", version = "1" }
+http-body = { version = "1" }
 http-body-util = "0.1"
 hyper = { version = "1.6", features = ["full"] }
 hyper-rustls = { version = "0.27.0", default-features = false, features = ["logging", "http1", "http2"] }
@@ -71,11 +71,11 @@ itertools = "0.14"
 keyed_priority_queue = "0.4"
 libc = "0.2"
 log = "0.4"
-nix = { version = "0.29", features = ["socket", "sched", "uio", "fs", "ioctl", "user", "net", "mount", "resource" ] }
+nix = { version = "0.30", features = ["socket", "sched", "uio", "fs", "ioctl", "user", "net", "mount", "resource" ] }
 once_cell = "1.21"
 num_cpus = "1.16"
 ppp = "2.3"
-prometheus-client = { version = "0.23" }
+prometheus-client = { version = "0.24" }
 prometheus-parse = "0.2"
 prost = "0.13"
 prost-types = "0.13"
@@ -103,7 +103,7 @@ x509-parser = { version = "0.17", default-features = false }
 tracing-log = "0.2"
 backoff = "0.4"
 pin-project-lite = "0.2"
-pingora-pool = "0.4"
+pingora-pool = "0.6"
 flurry = "0.5"
 h2 = "0.4"
 http = "1.3"

src/admin.rs

@@ -385,15 +385,15 @@ fn change_log_level(reset: bool, level: &str) -> Response<Full<Bytes>> {
     if !reset && level.is_empty() {
         return list_loggers();
     }
-    if !level.is_empty() {
-        if let Err(_e) = validate_log_level(level) {
-            // Invalid level provided
-            return plaintext_response(
-                hyper::StatusCode::BAD_REQUEST,
-                format!("Invalid level provided: {level}\n{HELP_STRING}"),
-            );
-        };
-    }
+    if !level.is_empty()
+        && let Err(_e) = validate_log_level(level)
+    {
+        // Invalid level provided
+        return plaintext_response(
+            hyper::StatusCode::BAD_REQUEST,
+            format!("Invalid level provided: {level}\n{HELP_STRING}"),
+        );
+    };
     match telemetry::set_level(reset, level) {
         Ok(_) => list_loggers(),
         Err(e) => plaintext_response(

src/cert_fetcher.rs

@@ -102,10 +102,10 @@ impl CertFetcherImpl {
 
 impl CertFetcher for CertFetcherImpl {
     fn prefetch_cert(&self, w: &Workload) {
-        if self.should_prefetch_certificate(w) {
-            if let Err(e) = self.tx.try_send(Request::Fetch(w.identity(), Warmup)) {
-                info!("couldn't prefetch: {:?}", e)
-            }
+        if self.should_prefetch_certificate(w)
+            && let Err(e) = self.tx.try_send(Request::Fetch(w.identity(), Warmup))
+        {
+            info!("couldn't prefetch: {:?}", e)
         }
     }
 

src/config.rs

@@ -982,10 +982,10 @@ fn construct_proxy_config(mc_path: &str, pc_env: Option<&str>) -> anyhow::Result
 }
 
 pub fn empty_to_none<A: AsRef<str>>(inp: Option<A>) -> Option<A> {
-    if let Some(inner) = &inp {
-        if inner.as_ref().is_empty() {
-            return None;
-        }
+    if let Some(inner) = &inp
+        && inner.as_ref().is_empty()
+    {
+        return None;
     }
     inp
 }

src/dns/forwarder.rs

@@ -180,12 +180,12 @@ mod tests {
             .expect("expected resolve error");
 
         // Expect NoRecordsFound with a NXDomain response code.
-        if let ResolveErrorKind::Proto(proto) = err.kind() {
-            if let ProtoErrorKind::NoRecordsFound { response_code, .. } = proto.kind() {
-                // Respond with the error code.
-                assert_eq!(&ResponseCode::NXDomain, response_code);
-                return;
-            }
+        if let ResolveErrorKind::Proto(proto) = err.kind()
+            && let ProtoErrorKind::NoRecordsFound { response_code, .. } = proto.kind()
+        {
+            // Respond with the error code.
+            assert_eq!(&ResponseCode::NXDomain, response_code);
+            return;
         }
         panic!("unexpected error kind {}", err.kind())
     }

src/dns/handler.rs

@@ -118,11 +118,11 @@ async fn send_lookup_error<R: ResponseHandler>(
         }
         LookupError::ResponseCode(code) => send_error(request, response_handle, code).await,
         LookupError::ResolveError(e) => {
-            if let ResolveErrorKind::Proto(proto) = e.kind() {
-                if let ProtoErrorKind::NoRecordsFound { response_code, .. } = proto.kind() {
-                    // Respond with the error code.
-                    return send_error(request, response_handle, *response_code).await;
-                }
+            if let ResolveErrorKind::Proto(proto) = e.kind()
+                && let ProtoErrorKind::NoRecordsFound { response_code, .. } = proto.kind()
+            {
+                // Respond with the error code.
+                return send_error(request, response_handle, *response_code).await;
             }
             // TODO(nmittler): log?
             send_error(request, response_handle, ResponseCode::ServFail).await

src/identity/manager.rs

@@ -609,10 +609,10 @@ impl SecretManager {
                 let rx = st.rx.clone();
                 drop(certs);
 
-                if let Some(existing_pri) = init_pri(&rx) {
-                    if pri > existing_pri {
-                        self.post(Request::Fetch(id.clone(), pri)).await;
-                    }
+                if let Some(existing_pri) = init_pri(&rx)
+                    && pri > existing_pri
+                {
+                    self.post(Request::Fetch(id.clone(), pri)).await;
                 }
                 Ok(rx)
             }

src/inpod/netns.rs

@@ -13,8 +13,7 @@
 // limitations under the License.
 
 use nix::sched::{CloneFlags, setns};
-use std::os::fd::OwnedFd;
-use std::os::unix::io::AsRawFd;
+use std::os::fd::{AsFd, OwnedFd};
 use std::sync::Arc;
 
 #[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)]
@@ -53,7 +52,7 @@ impl InpodNetns {
     }
 
     pub fn new(cur_netns: Arc<OwnedFd>, workload_netns: OwnedFd) -> std::io::Result<Self> {
-        let res = nix::sys::stat::fstat(workload_netns.as_raw_fd())
+        let res = nix::sys::stat::fstat(workload_netns.as_fd())
             .map_err(|e| std::io::Error::from_raw_os_error(e as i32))?;
         let inode = res.st_ino;
         let dev = res.st_dev;
@@ -110,6 +109,7 @@ mod tests {
     use nix::sched::unshare;
     use nix::unistd::gettid;
     use std::assert;
+    use std::os::fd::AsRawFd;
     use std::os::fd::OwnedFd;
     use std::process::Command;
 

src/proxy/connection_manager.rs

@@ -231,12 +231,12 @@ impl ConnectionManager {
     // uses a counter to determine if there are other tracked connections or not so it may retain the tx/rx channels when necessary
     pub fn release(&self, c: &InboundConnection) {
         let mut drains = self.drains.write().expect("mutex");
-        if let Some((k, mut v)) = drains.remove_entry(c) {
-            if v.count > 1 {
-                // something else is tracking this connection, decrement count but retain
-                v.count -= 1;
-                drains.insert(k, v);
-            }
+        if let Some((k, mut v)) = drains.remove_entry(c)
+            && v.count > 1
+        {
+            // something else is tracking this connection, decrement count but retain
+            v.count -= 1;
+            drains.insert(k, v);
         }
     }
 

src/proxy/metrics.rs

@@ -242,7 +242,7 @@ pub struct CommonTrafficLabels {
 #[derive(Clone, Hash, Default, Debug, PartialEq, Eq)]
 struct OptionallyEncode<T>(Option<T>);
 impl<T: EncodeLabelSet> EncodeLabelSet for OptionallyEncode<T> {
-    fn encode(&self, encoder: LabelSetEncoder) -> Result<(), std::fmt::Error> {
+    fn encode(&self, encoder: &mut LabelSetEncoder) -> Result<(), std::fmt::Error> {
         match &self.0 {
             None => Ok(()),
             Some(ll) => ll.encode(encoder),

src/proxy/outbound.rs

@@ -517,17 +517,16 @@ impl OutboundConnection {
             )
             .await?
         else {
-            if let Some(service) = service {
-                if service.
+            if let Some(service) = service
+                && service.
                 load_balancer.
                 as_ref().
                 // If we are not a passthrough service, we should have an upstream
                 map(|lb| lb.mode != LoadBalancerMode::Passthrough).
                 // If the service had no lb, we should have an upstream
                 unwrap_or(true)
-                {
-                    return Err(Error::NoHealthyUpstream(target));
-                }
+            {
+                return Err(Error::NoHealthyUpstream(target));
             }
             debug!("built request as passthrough; no upstream found");
             return Ok(Request {

src/state.rs

@@ -299,10 +299,10 @@ impl ProxyState {
             .services
             .get_by_vip(&network_addr(network.clone(), addr.ip()))
         {
-            if let Some(lb) = &svc.load_balancer {
-                if lb.mode == LoadBalancerMode::Passthrough {
-                    return Some(UpstreamDestination::OriginalDestination);
-                }
+            if let Some(lb) = &svc.load_balancer
+                && lb.mode == LoadBalancerMode::Passthrough
+            {
+                return Some(UpstreamDestination::OriginalDestination);
             }
             return self.find_upstream_from_service(
                 source_workload,

src/state/policy.rs

@@ -84,12 +84,11 @@ impl PolicyStore {
             RbacScope::Global => Some(strng::EMPTY),
             RbacScope::Namespace => Some(rbac.namespace),
             RbacScope::WorkloadSelector => None,
-        } {
-            if let Some(pl) = self.by_namespace.get_mut(&key) {
-                pl.remove(&xds_name);
-                if pl.is_empty() {
-                    self.by_namespace.remove(&key);
-                }
+        } && let Some(pl) = self.by_namespace.get_mut(&key)
+        {
+            pl.remove(&xds_name);
+            if pl.is_empty() {
+                self.by_namespace.remove(&key);
             }
         }
     }

src/state/workload.rs

@@ -825,10 +825,9 @@ impl WorkloadStore {
                     for wip in prev.workload_ips.iter() {
                         if let Entry::Occupied(mut o) =
                             self.by_addr.entry(network_addr(prev.network.clone(), *wip))
+                            && o.get_mut().remove_uid(prev.uid.clone())
                         {
-                            if o.get_mut().remove_uid(prev.uid.clone()) {
-                                o.remove();
-                            }
+                            o.remove();
                         }
                     }
                 }

src/telemetry.rs

@@ -241,10 +241,10 @@ where
             for span in scope.from_root() {
                 write!(writer, ":{}", span.metadata().name())?;
                 let ext = span.extensions();
-                if let Some(fields) = &ext.get::<FormattedFields<N>>() {
-                    if !fields.is_empty() {
-                        write!(writer, "{{{fields}}}")?;
-                    }
+                if let Some(fields) = &ext.get::<FormattedFields<N>>()
+                    && !fields.is_empty()
+                {
+                    write!(writer, "{{{fields}}}")?;
                 }
             }
         };

src/xds.rs

@@ -62,10 +62,10 @@ impl fmt::Display for DisplayStatus<'_> {
                 " (hint: check the control plane logs for more information)"
             )?;
         }
-        if !s.details().is_empty() {
-            if let Ok(st) = std::str::from_utf8(s.details()) {
-                write!(f, ", details: {st}")?;
-            }
+        if !s.details().is_empty()
+            && let Ok(st) = std::str::from_utf8(s.details())
+        {
+            write!(f, ", details: {st}")?;
         }
         if let Some(src) = s.source().and_then(|s| s.source()) {
             write!(f, ", source: {src}")?;

src/xds/client.rs

@@ -666,14 +666,13 @@ impl AdsClient {
                     if !self.types_to_expect.is_empty() {
                         received_type = Some(msg.type_url.clone())
                     }
-                    if let XdsSignal::Ack = self.handle_stream_event(msg, &discovery_req_tx).await? {
-                        if let Some(received_type) = received_type {
+                    if let XdsSignal::Ack = self.handle_stream_event(msg, &discovery_req_tx).await?
+                        && let Some(received_type) = received_type {
                             self.types_to_expect.remove(&received_type);
                             if self.types_to_expect.is_empty() {
                                 mem::drop(mem::take(&mut self.block_ready));
                             }
-                        }
-                    };
+                        };
                 }
             }
         }