fix(ssh): failure create https connection to keycloak (#149)

The omnect-cli is not able to create ssh connections, as it cannot
create secure connections to the keycloak server to retrieve an access
token. This regression was introduced when default features were
disabled for all dependencies. One consequence of this action was, that
reqwest did no longer ship with tls support. We therefore re-enable said
feature.

Author: empwilli

Cargo.lock

@@ -7,7 +7,7 @@ license = "MIT OR Apache-2.0"
 name = "omnect-cli"
 readme = "README.md"
 repository = "https://github.com/omnect/omnect-cli"
-version = "0.26.2"
+version = "0.26.3"
 
 [dependencies]
 actix-web = "4.11"
@@ -47,7 +47,7 @@ num_cpus = { version = "1.17", default-features = false }
 oauth2 = { version = "5.0", default-features = false, features = ["reqwest"] }
 open = { version = "5.3", default-features = false }
 regex = { version = "1.11", default-features = false }
-reqwest = { version = "0.12", default-features = false, features = ["json"] }
+reqwest = { version = "0.12", default-features = false, features = ["json", "native-tls"] }
 serde = { version = "1.0", default-features = false, features = ["derive"] }
 serde_json = { version = "1.0", default-features = false }
 serde_path_to_error = { version = "0.1", default-features = false }

Cargo.toml

@@ -4,13 +4,12 @@ use tokio::sync::{mpsc, oneshot};
 
 use anyhow::Result;
 
-use actix_web::{error, get, web, App, HttpServer};
+use actix_web::{App, HttpServer, error, get, web};
 use serde::Deserialize;
 
-use oauth2::basic::BasicClient;
 use oauth2::{
     AuthUrl, AuthorizationCode, ClientId, CsrfToken, PkceCodeChallenge, RedirectUrl, TokenResponse,
-    TokenUrl,
+    TokenUrl, basic::BasicClient,
 };
 
 #[derive(Deserialize)]

src/auth.rs

@@ -1,7 +1,7 @@
 use anyhow::{Context, Result};
 use azure_identity::{ClientSecretCredential, TokenCredentialOptions};
 use azure_iot_deviceupdate::DeviceUpdateClient;
-use azure_storage::{shared_access_signature::service_sas::BlobSasPermissions, StorageCredentials};
+use azure_storage::{StorageCredentials, shared_access_signature::service_sas::BlobSasPermissions};
 use azure_storage_blobs::prelude::{BlobServiceClient, ContainerClient};
 use base64::prelude::*;
 use log::{debug, info};

src/device_update.rs

@@ -2,15 +2,17 @@ pub mod compression;
 pub mod functions;
 use super::validators::{
     device_update,
-    identity::{validate_identity, IdentityConfig, IdentityType},
+    identity::{IdentityConfig, IdentityType, validate_identity},
     ssh::validate_ssh_pub_key,
 };
 use crate::file::functions::{FileCopyFromParams, FileCopyToParams, Partition};
 use anyhow::{Context, Result};
 use log::warn;
 use regex::Regex;
-use std::fs;
-use std::path::{Path, PathBuf};
+use std::{
+    fs,
+    path::{Path, PathBuf},
+};
 
 pub fn set_iotedge_gateway_config(
     config_file: &Path,

src/file/mod.rs

@@ -1,7 +1,7 @@
 use std::path::Path;
 
-use crate::file::functions::read_file_from_image;
 use crate::file::functions::Partition;
+use crate::file::functions::read_file_from_image;
 use anyhow::{Context, Result};
 use regex::Regex;
 use std::sync::LazyLock;

src/image.rs

@@ -251,17 +251,14 @@ pub fn run() -> Result<()> {
             generate_bmap,
             compress_image,
         }) => {
-            let cert_info = create_image_cert(
-                &image,
-                CertificateOptions {
-                    intermediate_full_chain_cert: &intermediate_full_chain_cert,
-                    intermediate_key: &intermediate_key,
-                    target_cert: "device_cert_path.pem",
-                    target_key: "device_key_path.key.pem",
-                    subject: &device_id,
-                    validity_days: days,
-                },
-            )
+            let cert_info = create_image_cert(&image, CertificateOptions {
+                intermediate_full_chain_cert: &intermediate_full_chain_cert,
+                intermediate_key: &intermediate_key,
+                target_cert: "device_cert_path.pem",
+                target_key: "device_key_path.key.pem",
+                subject: &device_id,
+                validity_days: days,
+            })
             .context("set_device_certificate: could not create certificate")?;
 
             run_image_command(image, generate_bmap, compress_image, |img| {
@@ -282,17 +279,14 @@ pub fn run() -> Result<()> {
             generate_bmap,
             compress_image,
         }) => {
-            let cert_info = create_image_cert(
-                &image,
-                CertificateOptions {
-                    intermediate_full_chain_cert: &intermediate_full_chain_cert,
-                    intermediate_key: &intermediate_key,
-                    target_cert: "edge_ca_cert_path.pem",
-                    target_key: "edge_ca_key_path.key.pem",
-                    subject: &device_id,
-                    validity_days: days,
-                },
-            )
+            let cert_info = create_image_cert(&image, CertificateOptions {
+                intermediate_full_chain_cert: &intermediate_full_chain_cert,
+                intermediate_key: &intermediate_key,
+                target_cert: "edge_ca_cert_path.pem",
+                target_key: "edge_ca_key_path.key.pem",
+                subject: &device_id,
+                validity_days: days,
+            })
             .context("set_edge_ca_certificate: could not create certificate")?;
 
             run_image_command(image, generate_bmap, compress_image, |img| {

src/lib.rs

@@ -1,17 +1,14 @@
 use std::convert::AsRef;
 use std::fs;
-use std::io::prelude::*;
-use std::io::BufWriter;
+use std::io::{BufWriter, prelude::*};
 use std::path::{Path, PathBuf};
 use std::process::{Command, Stdio};
 use std::str;
 
-use anyhow::anyhow;
-use anyhow::{Context, Result};
+use anyhow::{Context, Result, anyhow};
 use directories::ProjectDirs;
 use oauth2::AccessToken;
-use serde::de::DeserializeOwned;
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Serialize, de::DeserializeOwned};
 use url::Url;
 
 static BACKEND_API_ENDPOINT: &str = "/api/devices/prepareSSHConnection";
@@ -192,9 +189,11 @@ async fn unpack_response<T: DeserializeOwned>(response: reqwest::Response) -> Re
             internal_message: String,
         }
 
-        anyhow::bail!(serde_json::from_str::<ErrorMessage>(&body)
-            .map(|err| err.internal_message)
-            .unwrap_or_else(|_| "unknown error type".to_string()))
+        anyhow::bail!(
+            serde_json::from_str::<ErrorMessage>(&body)
+                .map(|err| err.internal_message)
+                .unwrap_or_else(|_| "unknown error type".to_string())
+        )
     } else {
         serde_json::from_str(&body).map_err(|_| anyhow!("unsupported reply."))
     }