rust: Update minimum toolchain to 1.88

Minimum rust version was set to 1.85. Fedora is way above that threshold
at the moment. Future EL releases will be above that as well.

While on it, fix some of the linter errors that arise from the minimum
version update.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>

Author: bgartzi

attestation-key-register/src/main.rs

@@ -40,7 +40,7 @@ async fn handle_registration(
     client: Client,
     addr: Option<SocketAddr>,
 ) -> Result<impl warp::Reply, Infallible> {
-    info!("Received registration request: {:?}", registration);
+    info!("Received registration request: {registration:?}");
 
     let api: Api<AttestationKey> = Api::default_namespaced(client);
 
@@ -50,8 +50,7 @@ async fn handle_registration(
                 if key.spec.public_key == registration.public_key {
                     let existing_name = key.metadata.name.unwrap_or_default();
                     error!(
-                        "Duplicate public key detected: already exists in AttestationKey '{}'",
-                        existing_name
+                        "Duplicate public key detected: already exists in AttestationKey '{existing_name}'"
                     );
                     return Ok(reply::with_status(
                         reply::json(&serde_json::json!({
@@ -64,11 +63,11 @@ async fn handle_registration(
             }
         }
         Err(e) => {
-            error!("Failed to list AttestationKeys: {}", e);
+            error!("Failed to list AttestationKeys: {e}");
             return Ok(reply::with_status(
                 reply::json(&serde_json::json!({
                     "status": "error",
-                    "message": format!("Failed to check for existing keys: {}", e),
+                    "message": format!("Failed to check for existing keys: {e}"),
                 })),
                 StatusCode::INTERNAL_SERVER_ERROR,
             ));
@@ -106,11 +105,11 @@ async fn handle_registration(
             ))
         }
         Err(e) => {
-            error!("Failed to create AttestationKey: {}", e);
+            error!("Failed to create AttestationKey: {e}");
             Ok(reply::with_status(
                 reply::json(&serde_json::json!({
                     "status": "error",
-                    "message": format!("Failed to create AttestationKey: {}", e),
+                    "message": format!("Failed to create AttestationKey: {e}"),
                 })),
                 StatusCode::INTERNAL_SERVER_ERROR,
             ))
@@ -145,7 +144,7 @@ async fn main() -> anyhow::Result<()> {
         .and_then(handle_registration);
 
     let addr = SocketAddr::from(([0, 0, 0, 0], args.port));
-    info!("Listening on {}", addr);
+    info!("Listening on {addr}");
 
     warp::serve(register).run(addr).await;
 

operator/src/attestation_key_register.rs

@@ -135,13 +135,13 @@ async fn ak_reconcile(
     client: Arc<Client>,
 ) -> Result<Action, ControllerError> {
     let ak_name = ak.metadata.name.clone().unwrap_or_default();
-    info!("Attestation Key reconciliation for: {}", ak_name);
+    info!("Attestation Key reconciliation for: {ak_name}");
 
     let client = Arc::unwrap_or_clone(client);
     let machines: Api<Machine> = Api::default_namespaced(client.clone());
     let lp = ListParams::default();
     let machine_list: ObjectList<Machine> = machines.list(&lp).await.map_err(|e| {
-        eprintln!("Error fetching machine list: {}", e);
+        eprintln!("Error fetching machine list: {e}");
         ControllerError::Anyhow(e.into())
     })?;
     for machine in &machine_list.items {
@@ -182,15 +182,15 @@ async fn machine_reconcile(
     let aks: Api<AttestationKey> = Api::default_namespaced(client.clone());
     let lp = ListParams::default();
     let ak_list: ObjectList<AttestationKey> = aks.list(&lp).await.map_err(|e| {
-        eprintln!("Error fetching attestation key list: {}", e);
+        eprintln!("Error fetching attestation key list: {e}");
         ControllerError::Anyhow(e.into())
     })?;
     for ak in ak_list.items {
-        if let Some(ak_address) = &ak.spec.address {
-            if *ak_address == machine_address {
-                approve_ak(&ak, &machine, client.clone()).await?;
-                return Ok(Action::await_change());
-            }
+        if let Some(ak_address) = &ak.spec.address
+            && *ak_address == machine_address
+        {
+            approve_ak(&ak, &machine, client.clone()).await?;
+            return Ok(Action::await_change());
         }
     }
     Ok(Action::await_change())
@@ -315,10 +315,7 @@ async fn secret_reconcile(
         return Ok(Action::await_change());
     }
 
-    info!(
-        "Secret reconciliation for AttestationKey secret: {}",
-        secret_name
-    );
+    info!("Secret reconciliation for AttestationKey secret: {secret_name}");
 
     let secrets: Api<Secret> = Api::default_namespaced(Arc::unwrap_or_clone(client.clone()));
     finalizer(&secrets, ATTESTATION_KEY_SECRET_FINALIZER, secret, |ev| async move {
@@ -330,15 +327,14 @@ async fn secret_reconcile(
                     .await
                     .map(|_| Action::await_change())
                     .map_err(|e| {
-                        eprintln!("Error updating attestation key volumes on secret apply: {}", e);
+                        eprintln!("Error updating attestation key volumes on secret apply: {e}");
                         finalizer::Error::<ControllerError>::ApplyFailed(e.into())
                     })
             }
             Event::Cleanup(secret) => {
                 let secret_name = secret.metadata.name.clone().unwrap_or_default();
                 info!(
-                    "AttestationKey secret {} is being deleted, updating trustee deployment volumes",
-                    secret_name
+                    "AttestationKey secret {secret_name} is being deleted, updating trustee deployment volumes"
                 );
                 let client = Arc::unwrap_or_clone(client);
                 // Update trustee deployment - secrets with deletion_timestamp will be filtered out
@@ -347,8 +343,7 @@ async fn secret_reconcile(
                     .map(|_| Action::await_change())
                     .map_err(|e| {
                         eprintln!(
-                            "Error updating attestation key volumes during secret deletion: {}",
-                            e
+                            "Error updating attestation key volumes during secret deletion: {e}"
                         );
                         finalizer::Error::<ControllerError>::CleanupFailed(e.into())
                     })

operator/src/reference_values.rs

@@ -297,13 +297,13 @@ pub async fn handle_new_image(
     let config_maps: Api<ConfigMap> = Api::default_namespaced(ctx.client.clone());
     let mut image_pcrs_map = config_maps.get(PCR_CONFIG_MAP).await?;
     let mut image_pcrs = get_image_pcrs(image_pcrs_map.clone())?;
-    if let Some(pcr) = image_pcrs.0.get(resource_name) {
-        if pcr.reference == boot_image {
-            info!("Image {boot_image} was to be allowed, but already was allowed");
-            return trustee::update_reference_values(ctx)
-                .await
-                .map(|_| COMMITTED_REASON);
-        }
+    if let Some(pcr) = image_pcrs.0.get(resource_name)
+        && pcr.reference == boot_image
+    {
+        info!("Image {boot_image} was to be allowed, but already was allowed");
+        return trustee::update_reference_values(ctx)
+            .await
+            .map(|_| COMMITTED_REASON);
     }
     let image_ref: oci_client::Reference = boot_image.parse()?;
     if image_ref.digest().is_none() {

operator/src/trustee.rs

@@ -254,7 +254,7 @@ pub async fn update_attestation_keys(client: Client) -> Result<()> {
                     name: secret_name.to_string(),
                     items: Some(vec![KeyToPath {
                         key: "public_key".to_string(),
-                        path: format!("{}.pub", secret_name),
+                        path: format!("{secret_name}.pub"),
                         ..Default::default()
                     }]),
                     ..Default::default()

test_utils/src/lib.rs

@@ -225,13 +225,12 @@ impl TestContext {
                 async move {
                     let deployment = api.get(&name).await?;
 
-                    if let Some(status) = &deployment.status {
-                        if let Some(available_replicas) = status.available_replicas {
-                            if available_replicas == 1 {
-                                test_info!(&tn, "{} deployment has 1 available replica", name);
-                                return Ok(());
-                            }
-                        }
+                    if let Some(status) = &deployment.status
+                        && let Some(available_replicas) = status.available_replicas
+                        && available_replicas == 1
+                    {
+                        test_info!(&tn, "{} deployment has 1 available replica", name);
+                        return Ok(());
                     }
 
                     Err(anyhow::anyhow!(
@@ -357,40 +356,40 @@ impl TestContext {
 
         let sa_src = workspace_root.join("config/rbac/service_account.yaml");
         let sa_content = std::fs::read_to_string(&sa_src)?
-            .replace("namespace: system", &format!("namespace: {}", ns));
+            .replace("namespace: system", &format!("namespace: {ns}"));
         let sa_dst = rbac_temp_dir.join("service_account.yaml");
         std::fs::write(&sa_dst, sa_content)?;
 
         let role_path = rbac_temp_dir.join("role.yaml");
         let role_content = std::fs::read_to_string(&role_path)?.replace(
             "name: trusted-cluster-operator-role",
-            &format!("name: {}-trusted-cluster-operator-role", ns),
+            &format!("name: {ns}-trusted-cluster-operator-role"),
         );
         std::fs::write(&role_path, role_content)?;
 
         let rb_src = workspace_root.join("config/rbac/role_binding.yaml");
         let rb_content = std::fs::read_to_string(&rb_src)?
             .replace(
                 "name: manager-rolebinding",
-                &format!("name: {}-manager-rolebinding", ns),
+                &format!("name: {ns}-manager-rolebinding"),
             )
             .replace(
                 "name: trusted-cluster-operator-role",
-                &format!("name: {}-trusted-cluster-operator-role", ns),
+                &format!("name: {ns}-trusted-cluster-operator-role"),
             )
-            .replace("namespace: system", &format!("namespace: {}", ns));
+            .replace("namespace: system", &format!("namespace: {ns}"));
         let rb_dst = rbac_temp_dir.join("role_binding.yaml");
         std::fs::write(&rb_dst, rb_content)?;
 
         let le_role_src = workspace_root.join("config/rbac/leader_election_role.yaml");
         let le_role_content = std::fs::read_to_string(&le_role_src)?
-            .replace("namespace: system", &format!("namespace: {}", ns));
+            .replace("namespace: system", &format!("namespace: {ns}"));
         let le_role_dst = rbac_temp_dir.join("leader_election_role.yaml");
         std::fs::write(&le_role_dst, le_role_content)?;
 
         let le_rb_src = workspace_root.join("config/rbac/leader_election_role_binding.yaml");
         let le_rb_content = std::fs::read_to_string(&le_rb_src)?
-            .replace("namespace: system", &format!("namespace: {}", ns));
+            .replace("namespace: system", &format!("namespace: {ns}"));
         let le_rb_dst = rbac_temp_dir.join("leader_election_role_binding.yaml");
         std::fs::write(&le_rb_dst, le_rb_content)?;
 
@@ -399,16 +398,15 @@ impl TestContext {
             r#"# SPDX-FileCopyrightText: Generated for testing
 # SPDX-License-Identifier: CC0-1.0
 
-namespace: {}
+namespace: {ns}
 
 resources:
   - service_account.yaml
   - role.yaml
   - role_binding.yaml
   - leader_election_role.yaml
   - leader_election_role_binding.yaml
-"#,
-            ns
+"#
         );
 
         let temp_kustomization_path = rbac_temp_dir.join("kustomization.yaml");
@@ -436,19 +434,19 @@ resources:
             &self.test_name,
             "Updating CR manifest with publicTrusteeAddr"
         );
-        let trustee_addr = format!("kbs-service.{}.svc.cluster.local:8080", ns);
+        let trustee_addr = format!("kbs-service.{ns}.svc.cluster.local:8080");
         let cr_manifest_path = manifests_path.join("trusted_execution_cluster_cr.yaml");
 
         let cr_content = std::fs::read_to_string(&cr_manifest_path)?;
         let mut cr_value: serde_yaml::Value = serde_yaml::from_str(&cr_content)?;
 
-        if let Some(spec) = cr_value.get_mut("spec") {
-            if let Some(spec_map) = spec.as_mapping_mut() {
-                spec_map.insert(
-                    serde_yaml::Value::String("publicTrusteeAddr".to_string()),
-                    serde_yaml::Value::String(trustee_addr.clone()),
-                );
-            }
+        if let Some(spec) = cr_value.get_mut("spec")
+            && let Some(spec_map) = spec.as_mapping_mut()
+        {
+            spec_map.insert(
+                serde_yaml::Value::String("publicTrusteeAddr".to_string()),
+                serde_yaml::Value::String(trustee_addr.clone()),
+            );
         }
 
         let updated_content = serde_yaml::to_string(&cr_value)?;
@@ -494,8 +492,7 @@ resources:
             .with_timeout(Duration::from_secs(60))
             .with_interval(Duration::from_secs(5))
             .with_error_message(format!(
-                "image-pcrs ConfigMap in the namespace {} not found",
-                ns
+                "image-pcrs ConfigMap in the namespace {ns} not found"
             ));
 
         let test_name_owned = self.test_name.clone();

test_utils/src/virt.rs

@@ -49,10 +49,7 @@ pub fn generate_ssh_key_pair() -> anyhow::Result<(String, String, std::path::Pat
         let stderr = String::from_utf8_lossy(&ssh_add_output.stderr);
         // Clean up the key file if ssh-add fails
         let _ = fs::remove_file(&key_path);
-        return Err(anyhow::anyhow!(
-            "Failed to add SSH key to agent: {}",
-            stderr
-        ));
+        return Err(anyhow::anyhow!("Failed to add SSH key to agent: {stderr}"));
     }
 
     Ok((private_key_str, public_key_str, key_path))
@@ -138,10 +135,8 @@ pub fn generate_ignition_config(
         serde_json::to_value(&config).expect("Failed to serialize ignition config");
 
     // Add attestation key registration field
-    let attestation_url = format!(
-        "http://attestation-key-register.{}.svc.cluster.local:8001/register-ak",
-        namespace
-    );
+    let attestation_url =
+        format!("http://attestation-key-register.{namespace}.svc.cluster.local:8001/register-ak");
 
     if let Some(obj) = ignition_json.as_object_mut() {
         obj.insert(
@@ -309,8 +304,7 @@ pub async fn wait_for_vm_running(
         .with_timeout(Duration::from_secs(timeout_secs))
         .with_interval(Duration::from_secs(5))
         .with_error_message(format!(
-            "VirtualMachine {} did not reach Running phase after {} seconds",
-            vm_name, timeout_secs
+            "VirtualMachine {vm_name} did not reach Running phase after {timeout_secs} seconds"
         ));
 
     poller
@@ -321,17 +315,15 @@ pub async fn wait_for_vm_running(
                 let vm = api.get(&name).await?;
 
                 // Check VM status phase
-                if let Some(status) = vm.status {
-                    if let Some(phase) = status.printable_status {
-                        if phase.as_str() == "Running" {
-                            return Ok(());
-                        }
-                    }
+                if let Some(status) = vm.status
+                    && let Some(phase) = status.printable_status
+                    && phase.as_str() == "Running"
+                {
+                    return Ok(());
                 }
 
                 Err(anyhow::anyhow!(
-                    "VirtualMachine {} is not in Running phase yet",
-                    name
+                    "VirtualMachine {name} is not in Running phase yet"
                 ))
             }
         })
@@ -344,7 +336,7 @@ pub async fn virtctl_ssh_exec(
     key_path: &Path,
     command: &str,
 ) -> anyhow::Result<String> {
-    let _vm_target = format!("core@vmi/{}/{}", vm_name, namespace);
+    let _vm_target = format!("core@vmi/{vm_name}/{namespace}");
     let full_cmd = format!(
         "virtctl ssh -i {} core@vmi/{}/{} -t '-o IdentitiesOnly=yes' -t '-o StrictHostKeyChecking=no' --known-hosts /dev/null -c '{}'",
         key_path.display(),
@@ -356,7 +348,7 @@ pub async fn virtctl_ssh_exec(
     let output = Command::new("sh").arg("-c").arg(full_cmd).output().await?;
     if !output.status.success() {
         let stderr = String::from_utf8_lossy(&output.stderr);
-        return Err(anyhow::anyhow!("virtctl ssh command failed: {}", stderr));
+        return Err(anyhow::anyhow!("virtctl ssh command failed: {stderr}"));
     }
 
     Ok(String::from_utf8_lossy(&output.stdout).to_string())
@@ -392,8 +384,7 @@ async fn wait_for_vm_ssh(
         .with_timeout(Duration::from_secs(timeout_secs))
         .with_interval(Duration::from_secs(10))
         .with_error_message(format!(
-            "SSH access to VM {}/{} did not become {}available after {} seconds",
-            namespace, vm_name, avail_prefix, timeout_secs
+            "SSH access to VM {namespace}/{vm_name} did not become {avail_prefix}available after {timeout_secs} seconds",
         ));
 
     poller