scl_lib/

client.rs

// SPDX-License-Identifier: EUPL-1.2
pub use async_trait::async_trait;

use reqwest::{
    header::{self, HeaderMap, HeaderValue},
    tls::CertificateRevocationList,
    Certificate, Client, Identity, Response,
};
pub use reqwest::{Error, StatusCode};

use std::ops::Deref;

use crate::{
    api_objects::{SclEvent, SclObject},
    tls_config::TlsConfig,
};

use crate::LogError;

/// This module contains a SclClient-specific error type and associated trait implementations.
pub mod error {
    /// A specialized `Result` type for SclClient operations.
    pub type Result<T> = std::result::Result<T, ClientError>;

    /// General error type for any SclClient errors.
    #[derive(Debug)]
    pub enum ClientError {
        /// Custom error that does not belong to any other category.
        Custom(String),
        /// Wrapper for a `reqwest::Error`.
        Http(reqwest::Error),
        /// Wrapper for a `serde_json::Error`.
        Decode(serde_json::Error),
    }

    impl std::fmt::Display for ClientError {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
            use ClientError::*;
            match self {
                Custom(e) => e.fmt(f),
                Http(e) => e.fmt(f),
                Decode(e) => e.fmt(f),
            }
        }
    }

    impl std::error::Error for ClientError {}

    impl From<reqwest::Error> for ClientError {
        fn from(e: reqwest::Error) -> Self {
            Self::Http(e)
        }
    }

    impl From<serde_json::Error> for ClientError {
        fn from(e: serde_json::Error) -> Self {
            Self::Decode(e)
        }
    }
}

/// A trait for objects which can be passed as [EventHandler] to the `watch` function of a
/// [SclClient].
#[async_trait]
pub trait EventHandler {
    type Item: SclObject;
    async fn handle_event(&mut self, event: SclEvent<Self::Item>);
}

/// A builder to construct a request object that can be used with the SclClient.
///
/// All members are optional and can be omitted. Specify them to create more complex requests.
///
/// # Examples
///
/// ```
/// use scl_lib::api_objects::VirtualMachine;
/// use scl_lib::client::SclRequest;
///
/// let req = SclRequest::<VirtualMachine>::new()
///     .obj_name("vm-01")
///     .sc("sc-01")
///     .query(&[("node", "node-01")]);
/// ```
#[derive(Clone, Debug, Default)]
pub struct SclRequest<'a, T: SclObject> {
    pub obj_name: Option<String>,
    pub sc_name: Option<String>,
    pub body: Option<&'a T>,
    pub query: &'a [(&'a str, &'a str)],
}

impl<'a, T: SclObject> SclRequest<'a, T> {
    /// Creates and initializes a new [SclRequest] object.
    pub fn new() -> Self {
        Self {
            obj_name: None,
            body: None,
            sc_name: None,
            query: &[],
        }
    }

    /// Sets the name of the request object to use as `T::path()/<name>` when constructing the URL.
    pub fn obj_name(mut self, name: &str) -> Self {
        self.obj_name = Some(name.into());
        self
    }

    /// Adds a [SclObject] as body data to the request object.
    pub fn body(mut self, obj: &'a T) -> Self {
        self.body = Some(obj);
        self
    }

    /// Sets the name of the the separation context to use as `/scs/<sc_name>` when constructing
    /// the URL.
    pub fn sc(mut self, sc_name: &str) -> Self {
        self.sc_name = Some(sc_name.into());
        self
    }

    /// Specify query parameters for the request.
    pub fn query(mut self, query: &'a [(&'a str, &'a str)]) -> Self {
        self.query = query;
        self
    }

    /// Constructs a URL path from all member variables and returns it as [String].
    pub fn url_path(&self) -> String {
        T::api_endpoint(self.sc_name.as_deref(), self.obj_name.as_deref())
    }
}

/// A wrapper object for a [Client] to provide convenient functions for interacting with the SCL
/// API.
///
/// It implements the [Deref] trait so that custom requests can still be made directly via the
/// wrapped client object.
///
/// # Examples
///
/// ```no_run
/// use scl_lib::api_objects::VirtualMachine;
/// use scl_lib::client::error::ClientError;
/// use scl_lib::client::{reqwest_client, SclClient, SclRequest};
///
/// #[tokio::main]
/// async fn main() -> Result<(), ClientError> {
///     // Create client instance
///     let client = {
///         let reqwest_client = reqwest_client(None, None)
///             .map_err(|e| ClientError::Custom(e.to_string()))?;
///         SclClient::new("https://127.0.0.1:8008/api/v1".to_string(), reqwest_client)
///     };
///     // List all VMs of node "node-01"
///     let vms: Vec<VirtualMachine> = client.list(
///         &SclRequest::new().query(&[("node", "node-01")])
///     ).await.unwrap();
///     // Get the VM with the name "vm-01" of separation context "sc-01"
///     let vm: VirtualMachine = client.show(
///         &SclRequest::new().obj_name("vm-01").sc("sc-01")
///     ).await.unwrap();
///     // Update the virtual machine
///     let _ = client.update(
///         &SclRequest::new().obj_name(vm.metadata.name()).sc(&vm.separation_context).body(&vm)
///     ).await.unwrap();
///     // Delete the VM
///     let _ = client.delete(
///         &SclRequest::<VirtualMachine>::new().obj_name(vm.metadata.name())
///     ).await.unwrap();
///     Ok(())
/// }
/// ```
#[derive(Clone)]
pub struct SclClient {
    pub api_url: String,
    client: Client,
}

impl SclClient {
    /// Creates a new [SclClient] from a URL string and an preconfigured [Client].
    pub fn new(api_url: String, client: Client) -> Self {
        Self { api_url, client }
    }

    /// Performs a HTTP GET request to the SCL API to fetch and return all [SclObject]s of type
    /// `T`.
    pub async fn list<T: SclObject>(&self, req: &SclRequest<'_, T>) -> Result<Vec<T>, Error> {
        let url = format!("{}{}", self.api_url, req.url_path());
        self.client
            .get(url)
            .query(req.query)
            .send()
            .await
            .log_err()?
            .error_for_status()
            .log_err()?
            .json::<Vec<T>>()
            .await
    }

    /// Performs a HTTP GET request to the SCL API to fetch and return a object of type `T`.
    pub async fn show<T: SclObject>(&self, req: &SclRequest<'_, T>) -> Result<T, Error> {
        let url = format!("{}{}", self.api_url, req.url_path());
        self.client
            .get(url)
            .send()
            .await
            .log_err()?
            .error_for_status()
            .log_err()?
            .json::<T>()
            .await
    }

    /// Performs a HTTP DELETE request to the SCL API to delete a object of type `T`.
    pub async fn delete<T: SclObject>(&self, req: &SclRequest<'_, T>) -> Result<(), Error> {
        let url = format!("{}{}", self.api_url, req.url_path());
        self.client
            .delete(url)
            .send()
            .await
            .log_err()?
            .error_for_status()
            .log_err()?;
        Ok(())
    }

    /// Performs a HTTP POST request to the SCL API to create a object of type `T`.
    pub async fn create<T: SclObject>(&self, req: &SclRequest<'_, T>) -> Result<(), Error> {
        let url = format!("{}{}", self.api_url, req.url_path());
        match req.body {
            Some(body) => self.client.post(url).json(body),
            None => self.client.post(url),
        }
        .send()
        .await
        .log_err()?
        .error_for_status()
        .log_err()?;
        Ok(())
    }

    /// Performs a HTTP PUT request to the SCL API to update a object of type `T`.
    pub async fn update<T: SclObject>(&self, req: &SclRequest<'_, T>) -> Result<(), Error> {
        let url = format!("{}{}", self.api_url, req.url_path());
        match req.body {
            Some(body) => self.client.put(url).json(body),
            None => self.client.put(url),
        }
        .send()
        .await
        .log_err()?
        .error_for_status()
        .log_err()?;
        Ok(())
    }

    /// Performs an HTTP GET request to the watch endpoint of the item associated with the
    /// EventHandler and calls the `handle` function for every received SclEvent.
    ///
    /// Invalid events are logged and then the function waits for further data. The function either
    /// returns `Ok(())` when the bytestream ends, or returns an [reqwest::Error] if the connection
    /// fails or breaks. For an automatic reconnect the function call should be executed in a
    /// `loop{ }`.
    pub async fn watch<T: EventHandler>(&self, mut handler: T) -> Result<(), reqwest::Error> {
        let url = format!(
            "{}/watch{}",
            self.api_url,
            T::Item::api_endpoint(None, None)
        );
        let mut resp = self.client.get(url).send().await?.error_for_status()?;
        while let Some(bytes) = resp.chunk().await.log_err()? {
            match serde_json::from_slice::<SclEvent<T::Item>>(&bytes) {
                Ok(event) => handler.handle_event(event).await,
                Err(err) => log::error!("{}", err),
            };
        }
        Ok(())
    }

    /// Reads chunks of bytes from an open HTTP stream, parses them into an `SclEvent<T>` object
    /// and then returns the result. Returns a `client::error::Error` if the stream fails to read
    /// or the response body has been exhausted.
    pub async fn recv_event<T: SclObject>(resp: &mut Response) -> error::Result<SclEvent<T>> {
        if let Some(bytes) = resp.chunk().await.log_err()? {
            Ok(serde_json::from_slice::<SclEvent<T>>(&bytes)?)
        } else {
            Err(error::ClientError::Custom(
                "Empty Chunk: Response body has been exhausted.".to_string(),
            ))
        }
    }
}

impl Deref for SclClient {
    type Target = Client;

    fn deref(&self) -> &Self::Target {
        &self.client
    }
}

pub fn reqwest_client(
    additional_headers: Option<HeaderMap<HeaderValue>>,
    tls: Option<&TlsConfig>,
) -> Result<reqwest::Client, Box<dyn std::error::Error>> {
    let mut headers = HeaderMap::new();
    // Set ACCEPT and CONTENT_TYPE headers to application/json
    headers.insert(header::ACCEPT, HeaderValue::from_static("application/json"));
    headers.insert(
        header::CONTENT_TYPE,
        HeaderValue::from_static("application/json"),
    );
    // Add additional headers
    if let Some(additional_headers) = additional_headers {
        for (key, value) in additional_headers.iter() {
            headers.insert(key, value.clone());
        }
    }

    let mut client_builder = Client::builder().default_headers(headers);

    if let Some(tls) = tls {
        let ca_certs = Certificate::from_pem_bundle(&tls.ca_cert)?;
        let mut id_buf = Vec::new();
        id_buf.extend(&tls.client_cert);
        id_buf.extend(&tls.client_key);
        let identity = Identity::from_pem(&id_buf)?;
        let crls = CertificateRevocationList::from_pem_bundle(&tls.crl)?;

        client_builder = client_builder
            .tls_backend_rustls()
            .tls_certs_only(ca_certs)
            .identity(identity)
            .tls_crls_only(crls);
    } else {
        #[cfg(test)]
        {
            // Don't panic on empty CA certs even if we use reqwest with rustls feature flags.
            client_builder = client_builder.tls_danger_accept_invalid_certs(true);
        }
    }

    Ok(client_builder.build()?)
}