deps: enable hyper-rustls/ring conditionally

no reason to include the "ring" crate if aws-lc-rs is being used.

add a new "ring" feature (enabled by default, to avoid breaking
existing users), that will enable hyper-rustls/ring only if needed.

Signed-off-by: Eliad Peller <[email protected]>

Author: eliad-wiz

e2e/Cargo.toml

@@ -20,7 +20,7 @@ path = "boot.rs"
 [features]
 latest = ["k8s-openapi/latest"]
 mk8sv = ["k8s-openapi/earliest"]
-rustls = ["kube/rustls-tls"]
+rustls = ["kube/rustls-tls", "kube/ring"]
 openssl = ["kube/openssl-tls"]
 
 [dependencies]

examples/Cargo.toml

@@ -13,7 +13,7 @@ release = false
 default = ["rustls-tls", "kubederive", "ws", "latest", "socks5", "runtime", "refresh"]
 kubederive = ["kube/derive"]
 openssl-tls = ["kube/client", "kube/openssl-tls", "kube/unstable-client"]
-rustls-tls = ["kube/client", "kube/rustls-tls", "kube/unstable-client"]
+rustls-tls = ["kube/client", "kube/rustls-tls", "kube/ring", "kube/unstable-client"]
 runtime = ["kube/runtime", "kube/unstable-runtime"]
 socks5 = ["kube/socks5"]
 refresh = ["kube/oauth", "kube/oidc"]

kube-client/Cargo.toml

@@ -12,10 +12,11 @@ keywords = ["kubernetes", "client",]
 categories = ["web-programming::http-client", "network-programming", "api-bindings"]
 
 [features]
-default = ["client"]
+default = ["client", "ring"]
 rustls-tls = ["rustls", "hyper-rustls", "hyper-http-proxy?/rustls-tls-native-roots"]
 webpki-roots = ["hyper-rustls/webpki-roots"]
-aws-lc-rs = ["rustls?/aws-lc-rs"]
+aws-lc-rs = ["hyper-rustls?/aws-lc-rs"]
+ring = ["hyper-rustls?/ring"]
 openssl-tls = ["openssl", "hyper-openssl"]
 ws = ["client", "tokio-tungstenite", "kube-core/ws", "tokio/macros"]
 kubelet-debug = ["ws", "kube-core/kubelet-debug"]
@@ -65,7 +66,7 @@ tokio-util = { workspace = true, features = ["io", "codec"], optional = true }
 hyper = { workspace = true, features = ["client", "http1"], optional = true }
 hyper-http-proxy = { version = "1", default-features = false, optional = true }
 hyper-util = { workspace = true, features = ["client", "client-legacy", "http1", "tokio"], optional = true }
-hyper-rustls = { workspace = true, features = ["http1", "logging", "native-tokio", "ring", "tls12"], optional = true }
+hyper-rustls = { workspace = true, features = ["http1", "logging", "native-tokio", "tls12"], optional = true }
 hyper-socks2 = { workspace = true, optional = true }
 tokio-tungstenite = { workspace = true, optional = true }
 tower = { workspace = true, features = ["buffer", "filter", "util"], optional = true }
@@ -80,7 +81,7 @@ k8s-openapi= { workspace = true, features = [] }
 
 [dev-dependencies]
 hyper = { workspace = true, features = ["server"] }
-kube = { path = "../kube", features = ["derive", "client", "ws"], version = "<1.0.0, >=0.61.0" }
+kube = { path = "../kube", features = ["derive", "client", "ws", "ring"], version = "<1.0.0, >=0.61.0" }
 tempfile.workspace = true
 futures = { workspace = true, features = ["async-await"] }
 tokio = { workspace = true, features = ["full"] }

kube-client/src/client/auth/oidc.rs

@@ -254,6 +254,9 @@ struct TokenResponse {
     id_token: Option<String>,
 }
 
+#[cfg(all(feature = "rustls-tls", not(any(feature = "ring", feature = "aws-lc-rs"))))]
+compile_error!("At least one of ring or aws-lc-rs feature must be enabled to use rustls-tls feature");
+
 #[cfg(not(any(feature = "rustls-tls", feature = "openssl-tls")))]
 compile_error!(
     "At least one of rustls-tls or openssl-tls feature must be enabled to use refresh-oidc feature"

kube/Cargo.toml

@@ -12,7 +12,7 @@ keywords = ["kubernetes", "client", "runtime", "cncf"]
 categories = ["network-programming", "caching", "api-bindings", "encoding"]
 
 [features]
-default = ["client", "rustls-tls"]
+default = ["client", "rustls-tls", "ring"]
 
 # default features
 client = ["kube-client/client", "config"]
@@ -22,6 +22,7 @@ rustls-tls = ["kube-client/rustls-tls", "client"]
 # alternative features
 openssl-tls = ["kube-client/openssl-tls", "client"]
 aws-lc-rs = ["kube-client?/aws-lc-rs"]
+ring = ["kube-client?/ring"]
 
 # auxiliary features
 ws = ["kube-client/ws", "kube-core/ws"]