refactor: use reqwest for cert fetcher (#1064)

* refact: Use reqwest for cert fetcher

* remove unused deps

Author: gsanchezgavier

Cargo.lock

@@ -24,14 +24,12 @@ tracing-test = "0.2.4"
 assert_cmd = "2.0.14"
 assert_fs = "1.1.1"
 assert_matches = "1.5.0"
-bollard = "0.18.1"
 tower-test = "0.4.0"
 serde_yaml = "0.9.34"
 schemars = "0.8.21"
 http = "1.2.0"
 mockall_double = "0.3.1"
 predicates = "3.1.0"
-hyper = "1.3.1"
 konst = "0.3.9"
 semver = "1.0.23"
 chrono = "0.4"

Cargo.toml

@@ -21,7 +21,6 @@ ctrlc = { version = "3.4.5", features = ["termination"] }
 serde_yaml = { workspace = true }
 regex = { workspace = true }
 futures = { version = "0.3.31", optional = true }
-async-trait = { version = "0.1.83", optional = true }
 tokio = { version = "1.41.1", features = ["rt-multi-thread", "macros", "sync"] }
 console-subscriber = { version = "0.4.1", optional = true }
 uuid = { version = "1.8.0", features = ["serde", "v7"] }
@@ -63,19 +62,15 @@ http-serde = "2.1.1"
 paste = "1.0"
 config = { version = "0.15.7", features = ["yaml"] }
 rustls = { version = "0.23.18", features = ["ring"] }
-rustls-pemfile = { version = "2.1.3" }
-rustls-native-certs = "0.8.1"
 webpki = { version = "0.22.4", features = ["alloc"] }
 x509-parser = "0.17.0"
 ring = "0.17.8"
 
 [dev-dependencies]
 assert_cmd = { workspace = true }
 assert_fs = { workspace = true }
-bollard = { workspace = true }
 predicates = { workspace = true }
 tower-test = { workspace = true }
-hyper = { workspace = true }
 tempfile = { workspace = true }
 mockall = { workspace = true }
 schemars = { workspace = true }
@@ -93,6 +88,7 @@ httpmock = { version = "0.8.0-alpha.1", features = ["proxy"] }
 serial_test = "3.1.1"
 futures = "0.3.30"
 rcgen = { version = "0.13.2", features = ["crypto"] }
+rustls-pemfile = { version = "2.1.3" }
 
 
 [build-dependencies]
@@ -114,7 +110,6 @@ k8s = [
   "dep:k8s-openapi",
   "dep:either",
   "dep:futures",
-  "dep:async-trait",
 ]
 # feature ci allows calling --all-features (needed on the test pipelines) and not failing to compile
 ci = []

agent-control/Cargo.toml

@@ -14,6 +14,9 @@ use crate::event::{
 use crate::http::proxy::ProxyConfig;
 use crate::opamp::auth::token_retriever::TokenRetrieverImpl;
 use crate::opamp::http::builder::OpAMPHttpClientBuilder;
+use crate::opamp::remote_config::validators::signature::validator::{
+    build_signature_validator, SignatureValidator,
+};
 use std::error::Error;
 use std::path::PathBuf;
 use std::sync::Arc;
@@ -69,6 +72,7 @@ pub struct AgentControlRunner {
     opamp_poll_interval: Duration,
     agent_control_publisher: EventPublisher<AgentControlEvent>,
     sub_agent_publisher: EventPublisher<SubAgentEvent>,
+    signature_validator: SignatureValidator,
     base_paths: BasePaths,
     #[cfg(feature = "k8s")]
     k8s_config: super::config::K8sConfig,
@@ -135,6 +139,12 @@ impl AgentControlRunner {
                 .join(DYNAMIC_AGENT_TYPE_FILENAME),
         );
 
+        let signature_validator = config
+            .opamp
+            .map(|fleet_config| build_signature_validator(fleet_config.signature_validation))
+            .transpose()?
+            .unwrap_or(SignatureValidator::Noop);
+
         Ok(AgentControlRunner {
             _http_server_runner,
             runtime,
@@ -149,6 +159,7 @@ impl AgentControlRunner {
             agent_control_publisher,
             sub_agent_publisher,
             base_paths: config.base_paths,
+            signature_validator,
         })
     }
 }

agent-control/src/agent_control/run.rs

@@ -14,9 +14,6 @@ use crate::opamp::effective_config::loader::DefaultEffectiveConfigLoaderBuilder;
 use crate::opamp::instance_id::getter::InstanceIDWithIdentifiersGetter;
 use crate::opamp::instance_id::Identifiers;
 use crate::opamp::operations::build_opamp_with_channel;
-use crate::opamp::remote_config::validators::signature::validator::{
-    build_signature_validator, SignatureValidator,
-};
 use crate::sub_agent::effective_agents_assembler::LocalEffectiveAgentsAssembler;
 use crate::{
     agent_control::error::AgentError,
@@ -96,16 +93,6 @@ impl AgentControlRunner {
 
         let hash_repository = Arc::new(HashRepositoryConfigMap::new(k8s_store.clone()));
 
-        let signature_validator = agent_control_config
-            .fleet_control
-            .map(|fleet_config| {
-                build_signature_validator(fleet_config.signature_validation).map_err(|e| {
-                    AgentError::ExternalError(format!("initializing signature validator: {}", e))
-                })
-            })
-            .transpose()?
-            .unwrap_or(SignatureValidator::Noop);
-
         info!("Creating the k8s sub_agent builder");
         let sub_agent_builder = K8sSubAgentBuilder::new(
             opamp_client_builder.as_ref(),
@@ -115,7 +102,7 @@ impl AgentControlRunner {
             agents_assembler,
             self.k8s_config.clone(),
             yaml_config_repository.clone(),
-            Arc::new(signature_validator),
+            Arc::new(self.signature_validator),
         );
 
         let additional_identifying_attributes =

agent-control/src/agent_control/run/k8s.rs

@@ -14,9 +14,6 @@ use crate::opamp::effective_config::loader::DefaultEffectiveConfigLoaderBuilder;
 use crate::opamp::instance_id::getter::InstanceIDWithIdentifiersGetter;
 use crate::opamp::instance_id::{Identifiers, Storer};
 use crate::opamp::operations::build_opamp_with_channel;
-use crate::opamp::remote_config::validators::signature::validator::{
-    build_signature_validator, SignatureValidator,
-};
 use crate::sub_agent::effective_agents_assembler::LocalEffectiveAgentsAssembler;
 use crate::{agent_control::error::AgentError, opamp::client_builder::DefaultOpAMPClientBuilder};
 use crate::{
@@ -107,24 +104,14 @@ impl AgentControlRunner {
             template_renderer,
         ));
 
-        let signature_validator = config
-            .fleet_control
-            .map(|fleet_config| {
-                build_signature_validator(fleet_config.signature_validation).map_err(|e| {
-                    AgentError::ExternalError(format!("initializing signature validator: {}", e))
-                })
-            })
-            .transpose()?
-            .unwrap_or(SignatureValidator::Noop);
-
         let sub_agent_builder = OnHostSubAgentBuilder::new(
             opamp_client_builder.as_ref(),
             &instance_id_getter,
             sub_agent_hash_repository,
             agents_assembler,
             self.base_paths.log_dir.join(SUB_AGENT_DIR),
             yaml_config_repository.clone(),
-            Arc::new(signature_validator),
+            Arc::new(self.signature_validator),
         );
 
         let (maybe_client, maybe_sa_opamp_consumer) = opamp_client_builder

agent-control/src/agent_control/run/on_host.rs

@@ -6,6 +6,7 @@ pub struct HttpConfig {
     pub(crate) timeout: Duration,
     pub(crate) conn_timeout: Duration,
     pub(crate) proxy: ProxyConfig,
+    pub(crate) tls_info: bool,
 }
 
 impl HttpConfig {
@@ -14,6 +15,13 @@ impl HttpConfig {
             timeout,
             conn_timeout,
             proxy,
+            tls_info: false,
+        }
+    }
+    pub fn with_tls_info(self) -> Self {
+        Self {
+            tls_info: true,
+            ..self
         }
     }
 }