Skip to main content

databricks_zerobus_ingest_sdk/
tls_config.rs

1//! TLS configuration for Zerobus connections.
2//!
3//! This module provides a strategy pattern for TLS configuration,
4//! allowing different TLS setups (secure, custom CA, or no TLS for testing).
5
6use crate::errors::ZerobusError;
7use crate::ZerobusResult;
8use tonic::transport::{ClientTlsConfig, Endpoint};
9
10/// Trait for TLS configuration strategies.
11///
12/// Implementations define how to configure the gRPC channel's TLS settings.
13/// This allows the SDK to support different TLS configurations:
14/// - `SecureTlsConfig`: Production TLS with system CA certificates (default)
15/// - `NoTlsConfig`: No TLS, for testing with local `http://` endpoints (requires `testing` feature)
16/// - Custom implementations for special certificate requirements
17///
18/// # Examples
19///
20/// ```rust
21/// use databricks_zerobus_ingest_sdk::{SecureTlsConfig, TlsConfig};
22/// use std::sync::Arc;
23///
24/// // Secure TLS with system CAs (default)
25/// let tls: Arc<dyn TlsConfig> = Arc::new(SecureTlsConfig::new());
26/// ```
27#[allow(clippy::result_large_err)]
28pub trait TlsConfig: Send + Sync {
29    /// Configure a gRPC endpoint with TLS settings.
30    ///
31    /// # Arguments
32    ///
33    /// * `endpoint` - The gRPC endpoint to configure
34    ///
35    /// # Returns
36    ///
37    /// The configured endpoint, ready to connect
38    ///
39    /// # Errors
40    ///
41    /// Returns an error if TLS configuration fails
42    fn configure_endpoint(&self, endpoint: Endpoint) -> ZerobusResult<Endpoint>;
43}
44
45/// Secure TLS configuration using system CA certificates.
46///
47/// This is the default and recommended configuration for production use.
48/// It enables TLS encryption using the operating system's trusted CA certificates.
49///
50/// # Examples
51///
52/// ```rust
53/// use databricks_zerobus_ingest_sdk::SecureTlsConfig;
54///
55/// let tls = SecureTlsConfig::new();
56/// ```
57#[derive(Clone, Debug, Default)]
58pub struct SecureTlsConfig;
59
60impl SecureTlsConfig {
61    /// Create a new secure TLS configuration.
62    pub fn new() -> Self {
63        Self
64    }
65}
66
67impl TlsConfig for SecureTlsConfig {
68    fn configure_endpoint(&self, endpoint: Endpoint) -> ZerobusResult<Endpoint> {
69        // Use native OS certificate store (works on Windows, macOS, and Linux).
70        let tls_config = ClientTlsConfig::new().with_native_roots();
71
72        endpoint
73            .tls_config(tls_config)
74            .map_err(|_| ZerobusError::FailedToEstablishTlsConnectionError)
75    }
76}
77
78/// No-op TLS configuration for testing with plaintext `http://` endpoints.
79///
80/// This passes the endpoint through without any TLS configuration.
81/// Only available when the `testing` feature is enabled.
82///
83/// # Examples
84///
85/// ```rust
86/// use databricks_zerobus_ingest_sdk::{NoTlsConfig, TlsConfig};
87/// use std::sync::Arc;
88///
89/// let tls: Arc<dyn TlsConfig> = Arc::new(NoTlsConfig);
90/// ```
91#[cfg(feature = "testing")]
92#[derive(Clone, Debug, Default)]
93pub struct NoTlsConfig;
94
95#[cfg(feature = "testing")]
96impl TlsConfig for NoTlsConfig {
97    fn configure_endpoint(&self, endpoint: Endpoint) -> ZerobusResult<Endpoint> {
98        Ok(endpoint)
99    }
100}