feat: add custom CA support to the NATS provider, rework Redis TLS

This PR does two things: * adds the ability to add a custom root CA to each NATS linkdef so that you can connect to servers that might be secured with self-signed certs * reworks how the Redis provider depends on rustls and other dependencies so that the webroot PKI certs are embedded. This removes a dependency on the host for anything TLS related. Signed-off-by: Dan Norris <protochron@users.noreply.github.com>
wasmCloud · Jan 27, 2024 · b30aff3 · b30aff3
1 parent 73c9383
commit b30aff3
Show file tree

Hide file tree

Showing 6 changed files with 273 additions and 87 deletions.
diff --git a/kvredis/Cargo.lock b/kvredis/Cargo.lock
diff --git a/kvredis/Cargo.toml b/kvredis/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "wasmcloud-provider-kvredis"
-version = "0.22.0"
+version = "0.23.0"
 edition = "2021"
 
 [dependencies]
@@ -12,7 +12,7 @@ chrono = "0.4"
 crossbeam = "0.8"
 futures = "0.3"
 once_cell = "1.8"
-redis = { version = "0.23.0", features = ["tokio-comp", "aio", "connection-manager", "rustls"] }
+redis = { version = "0.24.0", features = ["tokio-rustls-comp", "aio", "connection-manager", "tls-rustls-webpki-roots"] }
 rmp-serde = "1.1.0"
 serde_bytes = "0.11"
 serde_json = "1.0"

diff --git a/kvredis/src/main.rs b/kvredis/src/main.rs
@@ -85,14 +85,17 @@ impl ProviderHandler for KvRedisProvider {
         let redis_url = get_redis_url(&ld.values, &self.default_connect_url);
 
         if let Ok(client) = redis::Client::open(redis_url.clone()) {
-            if let Ok(conn_manager) = client.get_tokio_connection_manager().await {
-                let mut update_map = self.actors.write().await;
-                update_map.insert(ld.actor_id.to_string(), RwLock::new(conn_manager));
-            } else {
-                warn!(
-                    "Could not create Redis connection manager for actor {}, keyvalue operations will fail",
-                    ld.actor_id
-                );
+            match client.get_connection_manager().await {
+                Ok(conn_manager) => {
+                    let mut update_map = self.actors.write().await;
+                    update_map.insert(ld.actor_id.to_string(), RwLock::new(conn_manager));
+                }
+                Err(e) => {
+                    warn!(
+                        "Could not create Redis connection manager for actor {}, keyvalue operations will fail: {}",
+                        ld.actor_id, e
+                    );
+                }
             }
         } else {
             warn!(
@@ -245,7 +248,7 @@ impl KeyValue for KvRedisProvider {
     async fn set(&self, ctx: &Context, arg: &SetRequest) -> RpcResult<()> {
         let mut cmd = match arg.expires {
             0 => redis::Cmd::set(&arg.key, &arg.value),
-            _ => redis::Cmd::set_ex(&arg.key, &arg.value, arg.expires as usize),
+            _ => redis::Cmd::set_ex(&arg.key, &arg.value, arg.expires as u64),
         };
         let _value: Option<String> = self.exec(ctx, &mut cmd).await?;
         Ok(())