feat: add TLS support to most of the clients

trustification · Sep 18, 2023 · eacdac8 · eacdac8
1 parent 04f0f9c
commit eacdac8
Show file tree

Hide file tree

Showing 30 changed files with 259 additions and 69 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/admin/Cargo.toml b/admin/Cargo.toml
@@ -11,3 +11,5 @@ log = "0.4"
 clap = { version = "4", features = ["derive"] }
 anyhow = "1"
 reqwest = { version = "0.11.16", features = ["stream"] }
+
+trustification-common = { path = "../common" }
diff --git a/admin/src/reindex.rs b/admin/src/reindex.rs
@@ -1,6 +1,7 @@
 use std::process::ExitCode;
 
 use reqwest::StatusCode;
+use trustification_common::tls::ClientConfig;
 
 #[derive(clap::Subcommand, Debug)]
 pub enum Reindex {
@@ -25,11 +26,14 @@ pub struct ReindexStart {
 
     #[arg(short = 'i', long = "indexer", default_value = "http://localhost:8080/")]
     pub indexer_url: String,
+
+    #[command(flatten)]
+    pub client: ClientConfig,
 }
 
 impl ReindexStart {
     pub async fn run(self) -> anyhow::Result<ExitCode> {
-        let client = reqwest::Client::new();
+        let client = self.client.build_client()?;
         match client.post(self.indexer_url).send().await {
             Ok(response) => {
                 if response.status() == StatusCode::OK {

diff --git a/collector/client/src/lib.rs b/collector/client/src/lib.rs
@@ -46,16 +46,18 @@ impl CollectorUrl {
 }
 
 pub struct CollectorClient {
+    client: reqwest::Client,
     url: CollectorUrl,
     provider: Box<dyn TokenProvider>,
 }
 
 impl CollectorClient {
-    pub fn new<P>(url: Url, provider: P) -> Self
+    pub fn new<P>(client: reqwest::Client, url: Url, provider: P) -> Self
     where
         P: TokenProvider + 'static,
     {
         Self {
+            client,
             url: CollectorUrl::new(url),
             provider: Box::new(provider),
         }
@@ -65,7 +67,8 @@ impl CollectorClient {
         &self,
         request: CollectPackagesRequest,
     ) -> Result<CollectPackagesResponse, anyhow::Error> {
-        let response = reqwest::Client::new()
+        let response = self
+            .client
             .post(self.url.packages_url())
             .inject_token(self.provider.as_ref())
             .await?
@@ -80,7 +83,8 @@ impl CollectorClient {
         &self,
         request: CollectVulnerabilitiesRequest,
     ) -> Result<CollectVulnerabilitiesResponse, anyhow::Error> {
-        let response = reqwest::Client::new()
+        let response = self
+            .client
             .post(self.url.vulnerabilities_url())
             .inject_token(self.provider.as_ref())
             .await?

diff --git a/collector/nvd/Cargo.toml b/collector/nvd/Cargo.toml
@@ -9,6 +9,7 @@ edition = "2021"
 actix-web = "4"
 async-trait = "0.1"
 trustification-auth = { path = "../../auth" }
+trustification-common = { path = "../../common" }
 trustification-collector-common = { path = "../common" }
 trustification-infrastructure = { path = "../../infrastructure" }
 collectorist-api = { path = "../../collectorist/api"}

diff --git a/collector/nvd/src/lib.rs b/collector/nvd/src/lib.rs
@@ -12,6 +12,7 @@ use trustification_auth::{
     client::{OpenIdTokenProviderConfigArguments, TokenProvider},
 };
 use trustification_collector_common::{CollectorRegistration, CollectorStateHandler, RegistrationConfig};
+use trustification_common::tls::ClientConfig;
 use trustification_infrastructure::{
     app::http::HttpServerConfig,
     endpoint::{self, CollectorNvd, Endpoint},
@@ -64,6 +65,9 @@ pub struct Run {
 
     #[command(flatten)]
     pub(crate) http: HttpServerConfig<CollectorNvd>,
+
+    #[command(flatten)]
+    pub(crate) client: ClientConfig,
 }
 
 impl Run {
@@ -82,9 +86,16 @@ impl Run {
                 |_context| async { Ok(()) },
                 |context| async move {
                     let provider = self.oidc.into_provider_or_devmode(self.devmode).await?;
-                    let state = Self::configure(self.v11y_url, self.nvd_api_key, provider.clone()).await?;
+                    let state = Self::configure(
+                        self.client.build_client()?,
+                        self.v11y_url,
+                        self.nvd_api_key,
+                        provider.clone(),
+                    )
+                    .await?;
 
-                    let client = CollectoristClient::new("nvd", self.collectorist_url, provider);
+                    let client =
+                        CollectoristClient::new(self.client.build_client()?, "nvd", self.collectorist_url, provider);
                     let (collector, collector_state) = CollectorRegistration::new(
                         client,
                         RegistrationConfig {
@@ -125,11 +136,16 @@ impl Run {
         Ok(ExitCode::SUCCESS)
     }
 
-    async fn configure<P>(v11y_url: Url, nvd_api_key: String, provider: P) -> anyhow::Result<Arc<AppState>>
+    async fn configure<P>(
+        client: reqwest::Client,
+        v11y_url: Url,
+        nvd_api_key: String,
+        provider: P,
+    ) -> anyhow::Result<Arc<AppState>>
     where
         P: TokenProvider + Clone + 'static,
     {
-        let state = Arc::new(AppState::new(v11y_url, nvd_api_key, provider));
+        let state = Arc::new(AppState::new(client, v11y_url, nvd_api_key, provider));
         Ok(state)
     }
 }
@@ -152,12 +168,12 @@ impl CollectorStateHandler for AppState {
 }
 
 impl AppState {
-    pub fn new<P>(v11y_url: Url, nvd_api_key: String, provider: P) -> Self
+    pub fn new<P>(client: reqwest::Client, v11y_url: Url, nvd_api_key: String, provider: P) -> Self
     where
         P: TokenProvider + Clone + 'static,
     {
         Self {
-            v11y_client: v11y_client::V11yClient::new(v11y_url, provider),
+            v11y_client: v11y_client::V11yClient::new(client, v11y_url, provider),
             guac_url: RwLock::new(None),
             nvd: NvdClient::new(&nvd_api_key),
         }

diff --git a/collector/osv/Cargo.toml b/collector/osv/Cargo.toml
@@ -9,6 +9,7 @@ edition = "2021"
 actix-web = "4"
 async-trait = "0.1"
 trustification-auth = { path = "../../auth" }
+trustification-common = { path = "../../common" }
 trustification-collector-common = { path = "../common" }
 trustification-infrastructure = { path = "../../infrastructure" }
 collectorist-api = { path = "../../collectorist/api"}

diff --git a/collector/osv/src/lib.rs b/collector/osv/src/lib.rs
@@ -14,6 +14,7 @@ use trustification_auth::{
     client::{OpenIdTokenProviderConfigArguments, TokenProvider},
 };
 use trustification_collector_common::{CollectorRegistration, CollectorStateHandler, RegistrationConfig};
+use trustification_common::tls::ClientConfig;
 use trustification_infrastructure::{
     app::http::HttpServerConfig,
     endpoint::{self, CollectorOsv, Endpoint},
@@ -59,6 +60,9 @@ pub struct Run {
 
     #[command(flatten)]
     pub(crate) http: HttpServerConfig<CollectorOsv>,
+
+    #[command(flatten)]
+    pub(crate) client: ClientConfig,
 }
 
 impl Run {
@@ -77,9 +81,10 @@ impl Run {
                 |_context| async { Ok(()) },
                 |context| async move {
                     let provider = self.oidc.into_provider_or_devmode(self.devmode).await?;
-                    let state = Self::configure(self.v11y_url, provider.clone()).await?;
+                    let state = Self::configure(self.client.build_client()?, self.v11y_url, provider.clone()).await?;
 
-                    let client = CollectoristClient::new("osv", self.collectorist_url, provider);
+                    let client =
+                        CollectoristClient::new(self.client.build_client()?, "osv", self.collectorist_url, provider);
                     let (collector, collector_state) = CollectorRegistration::new(
                         client,
                         RegistrationConfig {
@@ -120,11 +125,11 @@ impl Run {
         Ok(ExitCode::SUCCESS)
     }
 
-    async fn configure<P>(v11y_url: Url, provider: P) -> anyhow::Result<Arc<AppState>>
+    async fn configure<P>(client: reqwest::Client, v11y_url: Url, provider: P) -> anyhow::Result<Arc<AppState>>
     where
         P: TokenProvider + Clone + 'static,
     {
-        let state = Arc::new(AppState::new(v11y_url, provider));
+        let state = Arc::new(AppState::new(client, v11y_url, provider));
         Ok(state)
     }
 }
@@ -136,12 +141,12 @@ pub struct AppState {
 }
 
 impl AppState {
-    pub fn new<P>(v11y_url: Url, provider: P) -> Self
+    pub fn new<P>(client: reqwest::Client, v11y_url: Url, provider: P) -> Self
     where
         P: TokenProvider + Clone + 'static,
     {
         Self {
-            v11y_client: v11y_client::V11yClient::new(v11y_url, provider),
+            v11y_client: v11y_client::V11yClient::new(client, v11y_url, provider),
             guac_url: RwLock::new(None),
             osv: OsvClient::new(),
         }

diff --git a/collector/snyk/Cargo.toml b/collector/snyk/Cargo.toml
@@ -9,6 +9,7 @@ edition = "2021"
 actix-web = "4"
 async-trait = "0.1"
 trustification-auth = { path = "../../auth" }
+trustification-common = { path = "../../common" }
 trustification-collector-common = { path = "../common" }
 trustification-infrastructure = { path = "../../infrastructure" }
 collectorist-api = { path = "../../collectorist/api"}

diff --git a/collector/snyk/src/lib.rs b/collector/snyk/src/lib.rs
@@ -13,6 +13,7 @@ use trustification_auth::{
     client::{OpenIdTokenProviderConfigArguments, TokenProvider},
 };
 use trustification_collector_common::{CollectorRegistration, CollectorStateHandler, RegistrationConfig};
+use trustification_common::tls::ClientConfig;
 use trustification_infrastructure::{
     app::http::HttpServerConfig,
     endpoint::CollectorSnyk,
@@ -72,6 +73,9 @@ pub struct Run {
 
     #[command(flatten)]
     pub(crate) http: HttpServerConfig<CollectorSnyk>,
+
+    #[command(flatten)]
+    pub(crate) client: ClientConfig,
 }
 
 impl Run {
@@ -90,10 +94,17 @@ impl Run {
                 |_context| async { Ok(()) },
                 |context| async move {
                     let provider = self.oidc.into_provider_or_devmode(self.devmode).await?;
-                    let state =
-                        Self::configure(self.snyk_org_id, self.snyk_token, self.v11y_url, provider.clone()).await?;
+                    let state = Self::configure(
+                        self.client.build_client()?,
+                        self.snyk_org_id,
+                        self.snyk_token,
+                        self.v11y_url,
+                        provider.clone(),
+                    )
+                    .await?;
 
-                    let client = CollectoristClient::new("snyk", self.collectorist_url, provider);
+                    let client =
+                        CollectoristClient::new(self.client.build_client()?, "snyk", self.collectorist_url, provider);
                     let (collector, collector_state) = CollectorRegistration::new(
                         client,
                         RegistrationConfig {
@@ -135,6 +146,7 @@ impl Run {
     }
 
     async fn configure<P>(
+        client: reqwest::Client,
         snyk_org_id: String,
         snyk_token: String,
         v11y_url: Url,
@@ -143,7 +155,7 @@ impl Run {
     where
         P: TokenProvider + Clone + 'static,
     {
-        let state = Arc::new(AppState::new(snyk_org_id, snyk_token, v11y_url, provider));
+        let state = Arc::new(AppState::new(client, snyk_org_id, snyk_token, v11y_url, provider));
         Ok(state)
     }
 }
@@ -156,12 +168,12 @@ pub struct AppState {
 }
 
 impl AppState {
-    pub fn new<P>(snyk_org_id: String, snyk_token: String, v11y_url: Url, provider: P) -> Self
+    pub fn new<P>(client: reqwest::Client, snyk_org_id: String, snyk_token: String, v11y_url: Url, provider: P) -> Self
     where
         P: TokenProvider + Clone + 'static,
     {
         Self {
-            v11y_client: v11y_client::V11yClient::new(v11y_url, provider),
+            v11y_client: v11y_client::V11yClient::new(client, v11y_url, provider),
             guac_url: RwLock::new(None),
             snyk_org_id,
             snyk_token,

diff --git a/collectorist/api/Cargo.toml b/collectorist/api/Cargo.toml
@@ -8,6 +8,7 @@ edition = "2021"
 [dependencies]
 actix-web = "4"
 trustification-auth = { path = "../../auth", features = ["swagger"] }
+trustification-common = { path = "../../common" }
 trustification-infrastructure = { path = "../../infrastructure" }
 collectorist-client = { path = "../client" }
 collector-client = { path = "../../collector/client" }

diff --git a/collectorist/api/src/coordinator/collector.rs b/collectorist/api/src/coordinator/collector.rs
@@ -35,11 +35,17 @@ pub struct Collector {
 }
 
 impl Collector {
-    pub fn new<P>(state: Arc<AppState>, id: String, config: CollectorConfig, provider: P) -> Self
+    pub fn new<P>(
+        client: reqwest::Client,
+        state: Arc<AppState>,
+        id: String,
+        config: CollectorConfig,
+        provider: P,
+    ) -> Self
     where
         P: TokenProvider + 'static,
     {
-        let client = Arc::new(CollectorClient::new(config.url.clone(), provider));
+        let client = Arc::new(CollectorClient::new(client, config.url.clone(), provider));
         let update = tokio::spawn(Collector::update(client.clone(), state, id.clone()));
         Self {
             id,