-
Notifications
You must be signed in to change notification settings - Fork 67
Expand file tree
/
Copy pathclient.rs
More file actions
59 lines (52 loc) · 2.32 KB
/
client.rs
File metadata and controls
59 lines (52 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
/*
* SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
use ::rpc::forge_tls_client::{self, ApiConfig, ForgeClientConfig};
use forge_tls::client_config::ClientCert;
pub use scout::{CarbideClientError, CarbideClientResult};
use crate::Options;
pub(crate) async fn create_forge_client(
config: &Options,
) -> CarbideClientResult<forge_tls_client::ForgeClientT> {
let client_config = ForgeClientConfig::new(
config.root_ca.clone(),
Some(ClientCert {
cert_path: config.client_cert.clone(),
key_path: config.client_key.clone(),
}),
);
let api_config = ApiConfig::new(&config.api, &client_config);
let client = forge_tls_client::ForgeTlsClient::retry_build(&api_config)
.await
.map_err(|err| CarbideClientError::TransportError(err.to_string()))?;
Ok(client)
}
// create_http_client builds a reqwest HTTP client configured with the same
// mTLS certificates used for gRPC communication with carbide-api.
pub(crate) fn create_http_client(config: &Options) -> CarbideClientResult<reqwest::Client> {
let root_ca = std::fs::read(&config.root_ca)?;
let root_cert = reqwest::Certificate::from_pem(&root_ca)
.map_err(|e| CarbideClientError::TransportError(e.to_string()))?;
let client_cert = std::fs::read(&config.client_cert)?;
let client_key = std::fs::read(&config.client_key)?;
let identity = reqwest::Identity::from_pem(&[client_cert, client_key].concat())
.map_err(|e| CarbideClientError::TransportError(e.to_string()))?;
reqwest::Client::builder()
.add_root_certificate(root_cert)
.identity(identity)
.build()
.map_err(|e| CarbideClientError::TransportError(e.to_string()))
}