ca-certificates is likely the answer....

EPFL-ENAC · Oct 23, 2024 · 3122e35 · 3122e35
1 parent 184c4df
commit 3122e35
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 180 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,12 +7,7 @@ edition = "2021"
 members = [".", "migration"]
 
 [dependencies]
-reqwest = { version = "0.12.8", features = [
-    "json",
-    "blocking",
-    "rustls-tls",
-    "native-tls-vendored",
-] }
+reqwest = { version = "0.12.8", features = ["json", "blocking", "rustls-tls"] }
 migration = { path = "migration" }
 axum = { version = "0.7.5", features = ["macros", "multipart", "json"] }
 dotenvy = "0.15.7"
@@ -60,4 +55,3 @@ secrecy = "0.8.0"
 anyhow = "1.0.89"
 thiserror = "1.0.64"
 tokio-util = "0.7.12"
-rustls = { version = "0.23.15", features = ["ring"] }
diff --git a/Dockerfile b/Dockerfile
@@ -22,7 +22,7 @@ RUN cargo build --release --bin labcaller-api
 # We do not need the Rust toolchain to run the binary!
 FROM debian:bookworm-slim AS runtime
 
-RUN apt-get update && apt-get install -y --no-install-recommends openssl && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 COPY --from=builder /app/target/release/labcaller-api /usr/local/bin

diff --git a/src/external/k8s/services.rs b/src/external/k8s/services.rs
@@ -29,7 +29,10 @@ async fn refresh_oidc_token(refresh_token: &str, idp_issuer_url: &str) -> Result
     println!("Refreshing OIDC token, url: {:?}", url);
     let res = match client.post(&url).form(&params).send().await {
         Ok(res) => res,
-        Err(e) => return Err(anyhow!("Failed to refresh token: {}", e)),
+        Err(e) => {
+            println!("Failed to refresh token: {:?}", e);
+            return Err(anyhow!("Failed to refresh token: {}", e));
+        }
     };
 
     println!("Response: {:?}", res);

diff --git a/src/main.rs b/src/main.rs
@@ -8,16 +8,14 @@ use axum::{routing::get, Router};
 use axum_keycloak_auth::{instance::KeycloakAuthInstance, instance::KeycloakConfig, Url};
 use config::Config;
 use migration::{Migrator, MigratorTrait};
-use rustls;
+
 use sea_orm::{Database, DatabaseConnection};
 use std::sync::Arc;
 use std::time::Duration;
+
 #[tokio::main]
 async fn main() {
     let config = Config::from_env();
-    rustls::crypto::ring::default_provider()
-        .install_default()
-        .expect("Failed to install rustls crypto provider");
 
     let db: DatabaseConnection = Database::connect(&*config.db_url.as_ref().unwrap())
         .await