kube-rs · clux · Sep 8, 2023 · Jul 20, 2023 · Jul 20, 2023 · Aug 8, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -37,19 +37,9 @@ jobs:
       #     echo "OPENSSL_LIB_DIR=C:/Program Files/OpenSSL-Win64/lib" >> $env:GITHUB_ENV
       #     echo "OPENSSL_DIR=C:/Program Files/OpenSSL-Win64/" >> $env:GITHUB_ENV
       #     echo "OPENSSL_INCLUDE_DIR=C:/Program Files/OpenSSL-Win64/include" >> $env:GITHUB_ENV
-      # Only test Rustls on Windows instead due to #1191
-      - name: "Interim Hacky Windows Test for #1191"
-        if: matrix.os == 'windows-latest'
-        run: |
-          sed -i '0,/openssl/s//rustls/' kube/Cargo.toml
-          cat kube/Cargo.toml
-          cargo build
-          cargo test --workspace --lib --exclude kube-examples --exclude e2e -j6
-
 
       # Real CI work starts here
       - name: Build workspace
-        if: matrix.os != 'windows-latest'
         run: cargo build
 
       # Workspace unit tests with various feature sets
@@ -58,7 +48,7 @@ jobs:
         if: matrix.os == 'ubuntu-latest' # only linux tests all feature combinations
       - name: Run workspace unit tests (default features)
         run: cargo test --workspace --lib --exclude kube-examples --exclude e2e -j6
-        if: matrix.os == 'ubuntu-latest'
+        if: matrix.os != 'macos-latest'
       - name: Run workspace unit tests (all features)
         if: matrix.os != 'windows-latest'
         run: cargo test --workspace --lib --all-features --exclude kube-examples --exclude e2e -j6

diff --git a/kube-client/src/client/auth/oauth.rs b/kube-client/src/client/auth/oauth.rs
@@ -108,17 +108,17 @@ impl Gcp {
                     "At least one of rustls-tls or openssl-tls feature must be enabled to use oauth feature"
                 );
                 // Current TLS feature precedence when more than one are set:
-                // 1. openssl-tls
-                // 2. rustls-tls
-                #[cfg(feature = "openssl-tls")]
-                let https =
-                    hyper_openssl::HttpsConnector::new().map_err(Error::CreateOpensslHttpsConnector)?;
-                #[cfg(all(not(feature = "openssl-tls"), feature = "rustls-tls"))]
+                // 1. rustls-tls
+                // 2. openssl-tls
+                #[cfg(feature = "rustls-tls")]
                 let https = hyper_rustls::HttpsConnectorBuilder::new()
                     .with_native_roots()
                     .https_only()
                     .enable_http1()
                     .build();
+                #[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]
+                let https =
+                    hyper_openssl::HttpsConnector::new().map_err(Error::CreateOpensslHttpsConnector)?;
 
                 let client = hyper::Client::builder().build::<_, hyper::Body>(https);
 

diff --git a/kube-client/src/client/auth/oidc.rs b/kube-client/src/client/auth/oidc.rs
@@ -251,12 +251,12 @@ compile_error!(
     "At least one of rustls-tls or openssl-tls feature must be enabled to use refresh-oidc feature"
 );
 // Current TLS feature precedence when more than one are set:
-// 1. openssl-tls
-// 2. rustls-tls
-#[cfg(feature = "openssl-tls")]
-type HttpsConnector = hyper_openssl::HttpsConnector<HttpConnector>;
-#[cfg(all(not(feature = "openssl-tls"), feature = "rustls-tls"))]
+// 1. rustls-tls
+// 2. openssl-tls
+#[cfg(feature = "rustls-tls")]
 type HttpsConnector = hyper_rustls::HttpsConnector<HttpConnector>;
+#[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]
+type HttpsConnector = hyper_openssl::HttpsConnector<HttpConnector>;
 
 /// Struct for refreshing the ID token with the refresh token.
 #[derive(Debug)]
@@ -300,15 +300,14 @@ impl Refresher {
         let client_id = get_field(Self::CONFIG_CLIENT_ID)?.into();
         let client_secret = get_field(Self::CONFIG_CLIENT_SECRET)?.into();
 
-
-        #[cfg(feature = "openssl-tls")]
-        let https = hyper_openssl::HttpsConnector::new()?;
-        #[cfg(all(not(feature = "openssl-tls"), feature = "rustls-tls"))]
+        #[cfg(feature = "rustls-tls")]
         let https = hyper_rustls::HttpsConnectorBuilder::new()
             .with_native_roots()
             .https_only()
             .enable_http1()
             .build();
+        #[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]
+        let https = hyper_openssl::HttpsConnector::new()?;
 
         let https_client = hyper::Client::builder().build(https);
 

diff --git a/kube-client/src/client/builder.rs b/kube-client/src/client/builder.rs
@@ -78,14 +78,14 @@ impl TryFrom<Config> for ClientBuilder<BoxService<Request<hyper::Body>, Response
             connector.enforce_http(false);
 
             // Current TLS feature precedence when more than one are set:
-            // 1. openssl-tls
-            // 2. rustls-tls
+            // 1. rustls-tls
+            // 2. openssl-tls
             // Create a custom client to use something else.
             // If TLS features are not enabled, http connector will be used.
-            #[cfg(feature = "openssl-tls")]
-            let connector = config.openssl_https_connector_with_connector(connector)?;
-            #[cfg(all(not(feature = "openssl-tls"), feature = "rustls-tls"))]
+            #[cfg(feature = "rustls-tls")]
             let connector = config.rustls_https_connector_with_connector(connector)?;
+            #[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]
+            let connector = config.openssl_https_connector_with_connector(connector)?;
 
             let mut connector = TimeoutConnector::new(connector);
 

diff --git a/kube/Cargo.toml b/kube/Cargo.toml
@@ -16,18 +16,24 @@ rust-version = "1.64.0"
 edition = "2021"
 
 [features]
-default = ["client", "openssl-tls"]
+default = ["client", "rustls-tls"]
+
+# default features
+client = ["kube-client/client", "config"]
+config = ["kube-client/config"]
 rustls-tls = ["kube-client/rustls-tls"]
+
+# alternative features
 openssl-tls = ["kube-client/openssl-tls"]
+
+# auxiliary features
 ws = ["kube-client/ws", "kube-core/ws"]
 oauth = ["kube-client/oauth"]
 oidc = ["kube-client/oidc"]
 gzip = ["kube-client/gzip"]
-client = ["kube-client/client", "config"]
 jsonpatch = ["kube-core/jsonpatch"]
 admission = ["kube-core/admission"]
 derive = ["kube-derive", "kube-core/schema"]
-config = ["kube-client/config"]
 runtime = ["kube-runtime"]
 unstable-runtime = ["kube-runtime/unstable-runtime"]