feat: tls

Signed-off-by: kjuulh <contact@kjuulh.io>

crates/flux-releaser/Cargo.toml

@@ -12,7 +12,7 @@ clap.workspace = true
 dotenv.workspace = true
 axum.workspace = true
 prost = "0.12.3"
-tonic = "0.11.0"
+tonic = { version = "0.11.0", features = ["tls"] }
 uuid = { version = "1.7.0", features = ["v7", "v4"] }
 async-trait = "0.1.77"
 aws-config = { version = "1.1.5", features = ["behavior-version-latest"] }

crates/flux-releaser/src/app.rs

@@ -44,7 +44,8 @@ impl App {
             nats: infra::nats::Nats::new().await?,
             database: infra::database::get_database().await?,
             git: Git::new(
-                "ssh://git@git.front.kjuulh.io/kjuulh/clank-clusters.git".into(),
+                std::env::var("FLUX_RELEASER_GIT_REPOSITORY")
+                    .unwrap_or("ssh://git@git.front.kjuulh.io/kjuulh/clank-clusters.git".into()),
                 ClusterList::default(),
                 Archive::default(),
             )

crates/flux-releaser/src/app/infra/aws_s3.rs

@@ -15,6 +15,7 @@ pub async fn s3_client() -> anyhow::Result<aws_sdk_s3::Client> {
 
     let config = aws_sdk_s3::config::Builder::from(&shared_config.load().await)
         .endpoint_url(std::env::var("AWS_ENDPOINT_URL").context("AWS_ENDPOINT_URL was not set")?)
+        .force_path_style(true)
         .build();
 
     let client = aws_sdk_s3::Client::from_conf(config);

crates/flux-releaser/src/app/infra/grpc.rs

@@ -1,19 +1,28 @@
 use std::sync::Arc;
 
-use anyhow::Context;
 use tokio::sync::Mutex;
-use tonic::transport::Channel;
+use tonic::transport::{Channel, ClientTlsConfig};
 
 use crate::grpc::gen::flux_releaser_client::FluxReleaserClient;
 
 pub type FluxReleaserGrpcClient = Arc<Mutex<FluxReleaserClient<Channel>>>;
 
 pub async fn new_client(registry: impl Into<String>) -> anyhow::Result<FluxReleaserGrpcClient> {
-    let registry = registry.into();
+    let registry: String = registry.into();
 
-    let client = FluxReleaserClient::connect(registry)
-        .await
-        .context("failed to connect to flux_releaser registry")?;
+    let channel = if registry.starts_with("https") {
+        let mut tls = ClientTlsConfig::new();
+        tls = tls.domain_name(&registry);
+
+        Channel::from_shared(registry)?
+            .tls_config(tls)?
+            .connect()
+            .await?
+    } else {
+        Channel::from_shared(registry)?.connect().await?
+    };
+
+    let client = FluxReleaserClient::new(channel);
 
     Ok(Arc::new(Mutex::new(client)))
 }

crates/flux-releaser/src/grpc.rs

@@ -64,14 +64,21 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc {
 
             let _ = file.write(&item.content).await?;
         }
+        tracing::info!("got this far 1a");
 
         file.flush().await?;
+        tracing::info!("got this far 1");
 
         let upload_id = match self.release_manager.upload_artifact(file_path.into()).await {
             Ok(res) => res,
-            Err(e) => return Err(tonic::Status::unknown(e.to_string())),
+            Err(e) => {
+                tracing::warn!("failed to upload artifact: {}", e);
+                return Err(tonic::Status::unknown(e.to_string()));
+            }
         };
 
+        tracing::info!("got this far 2");
+
         Ok(tonic::Response::new(UploadArtifactResponse {
             upload_id: upload_id.to_string(),
         }))
@@ -85,12 +92,15 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc {
         let req = request.into_inner();
         let artifact = self
             .release_manager
-            .commit_artifact(
-                req.try_into()
-                    .map_err(|e: anyhow::Error| tonic::Status::invalid_argument(e.to_string()))?,
-            )
+            .commit_artifact(req.try_into().map_err(|e: anyhow::Error| {
+                tracing::warn!("failed to parse input body: {}", e);
+                tonic::Status::invalid_argument(e.to_string())
+            })?)
             .await
-            .map_err(|e: anyhow::Error| tonic::Status::internal(e.to_string()))?;
+            .map_err(|e: anyhow::Error| {
+                tracing::warn!("failed to commit artifact: {}", e);
+                tonic::Status::internal(e.to_string())
+            })?;
 
         Ok(tonic::Response::new(CommitArtifactResponse {
             artifact_id: artifact.to_string(),
@@ -104,13 +114,18 @@ impl flux_releaser_server::FluxReleaser for FluxReleaserGrpc {
     ) -> std::result::Result<tonic::Response<TriggerReleaseResponse>, tonic::Status> {
         let req = request.into_inner();
 
+        tracing::info!("some trigger release");
+
         self.release_manager
-            .release(
-                req.try_into()
-                    .map_err(|e: anyhow::Error| tonic::Status::invalid_argument(e.to_string()))?,
-            )
+            .release(req.try_into().map_err(|e: anyhow::Error| {
+                tracing::warn!("failed to parse input body: {}", e);
+                tonic::Status::invalid_argument(e.to_string())
+            })?)
             .await
-            .map_err(|e| tonic::Status::internal(e.to_string()))?;
+            .map_err(|e| {
+                tracing::warn!("failed to release: {}", e);
+                tonic::Status::internal(e.to_string())
+            })?;
 
         Ok(tonic::Response::new(TriggerReleaseResponse {}))
     }

crates/flux-releaser/src/services/release_manager.rs

@@ -106,7 +106,9 @@ impl ReleaseManager {
 
         let artifact_contents = tokio::fs::read(artifact).await?;
         let env = if release_req.branch == "main" {
-            "prod"
+            // FIXME: select prod instead
+            //"prod"
+            "dev"
         } else {
             "dev"
         };