Changeset View
Changeset View
Standalone View
Standalone View
shared/grpc_clients/src/lib.rs
| pub mod error; | pub mod error; | ||||
| pub mod identity; | pub mod identity; | ||||
| pub mod tunnelbroker; | |||||
| use error::Error; | |||||
| use std::path::Path; | use std::path::Path; | ||||
| use tonic::transport::{Certificate, Channel, ClientTlsConfig}; | |||||
| use tracing::info; | |||||
| const CERT_PATHS: &'static [&'static str] = &[ | const CERT_PATHS: &'static [&'static str] = &[ | ||||
| // MacOS and newer Ubuntu | // MacOS and newer Ubuntu | ||||
| "/etc/ssl/cert.pem", | "/etc/ssl/cert.pem", | ||||
| // Common CA cert paths | // Common CA cert paths | ||||
| "/etc/ssl/certs/ca-bundle.crt", | "/etc/ssl/certs/ca-bundle.crt", | ||||
| "/etc/ssl/certs/ca-certificates.crt", | "/etc/ssl/certs/ca-certificates.crt", | ||||
| ]; | ]; | ||||
| pub(crate) fn get_ca_cert_contents() -> Option<String> { | pub(crate) fn get_ca_cert_contents() -> Option<String> { | ||||
| CERT_PATHS | CERT_PATHS | ||||
| .iter() | .iter() | ||||
| .map(Path::new) | .map(Path::new) | ||||
| .filter(|p| p.exists()) | .filter(|p| p.exists()) | ||||
| .filter_map(|f| std::fs::read_to_string(f).ok()) | .filter_map(|f| std::fs::read_to_string(f).ok()) | ||||
| .next() | .next() | ||||
| } | } | ||||
| pub(crate) async fn get_grpc_service_channel( | |||||
| url: &str, | |||||
| ) -> Result<Channel, Error> { | |||||
| let ca_cert = crate::get_ca_cert_contents().expect("Unable to get CA bundle"); | |||||
| info!("Connecting to gRPC service at {}", url); | |||||
| let mut channel = Channel::from_shared(url.to_string())?; | |||||
| // tls_config will fail if the underlying URI is only http:// | |||||
| if url.starts_with("https:") { | |||||
| channel = channel.tls_config( | |||||
| ClientTlsConfig::new().ca_certificate(Certificate::from_pem(&ca_cert)), | |||||
| )? | |||||
| } | |||||
| Ok(channel.connect().await?) | |||||
| } | |||||