Add feature to use reqwest with rustls/webpki_roots

Cargo.toml

@@ -49,6 +49,7 @@ path = "sdk/typespec/typespec_macros"
 [workspace.dependencies.azure_core]
 version = "0.27.0"
 path = "sdk/core/azure_core"
+default-features = false
 
 [workspace.dependencies.azure_core_macros]
 version = "0.1.0"

sdk/core/azure_core/Cargo.toml

@@ -28,7 +28,7 @@ sha2 = { workspace = true, optional = true }
 tokio = { workspace = true, optional = true }
 tracing.workspace = true
 typespec = { workspace = true, features = ["http", "json"] }
-typespec_client_core = { workspace = true, features = [
+typespec_client_core = { workspace = true, default-features = false, features = [
   "derive",
   "http",
   "json",
@@ -58,10 +58,16 @@ azurite_workaround = []
 debug = ["typespec_client_core/debug"]
 hmac_openssl = ["dep:openssl"]
 hmac_rust = ["dep:sha2", "dep:hmac"]
-reqwest = ["typespec_client_core/reqwest"]
+reqwest = ["typespec_client_core/reqwest_native_tls"]
 reqwest_deflate = ["typespec_client_core/reqwest_deflate"]
 reqwest_gzip = ["typespec_client_core/reqwest_gzip"]
-reqwest_rustls = ["typespec_client_core/reqwest_rustls"]
+reqwest_rustls = ["reqwest_rustls_native_roots"]
+reqwest_rustls_native_roots = [
+  "typespec_client_core/reqwest_rustls_native_roots",
+]
+reqwest_rustls_webpki_roots = [
+  "typespec_client_core/reqwest_rustls_webpki_roots",
+]
 test = ["typespec_client_core/test"]
 tokio = ["dep:tokio", "typespec_client_core/tokio"]
 xml = ["typespec_client_core/xml"]

sdk/core/azure_core/README.md

@@ -50,7 +50,8 @@ We guarantee that all client instance methods are thread-safe and independent of
 - `reqwest` (default): enables and sets `reqwest` as the default `HttpClient`. Enables `reqwest`'s `native-tls` feature.
 - `reqwest_deflate` (default): enables deflate compression for `reqwest`.
 - `reqwest_gzip` (default): enables gzip compression for `reqwest`.
-- `reqwest_rustls`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+- `reqwest_rustls_native_roots`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+- `reqwest_rustls_webpki_roots`: enables `reqwest`'s `rustls-tls-webpki-roots-no-provider` feature,
 - `tokio`: enables and sets `tokio` as the default async runtime.
 - `xml`: enables XML support.
 

sdk/identity/azure_identity/Cargo.toml

@@ -23,7 +23,9 @@ serde.workspace = true
 time.workspace = true
 tokio = { workspace = true, optional = true }
 tracing.workspace = true
-typespec_client_core = { workspace = true, features = ["derive"] }
+typespec_client_core = { workspace = true, default-features = false, features = [
+  "derive",
+] }
 url.workspace = true
 
 [dev-dependencies]
@@ -39,7 +41,9 @@ tracing-subscriber.workspace = true
 [features]
 default = ["reqwest"]
 reqwest = ["azure_core/reqwest"]
-reqwest_rustls = ["azure_core/reqwest_rustls"]
+reqwest_rustls = ["reqwest_rustls_native_roots"]
+reqwest_rustls_native_roots = ["azure_core/reqwest_rustls_native_roots"]
+reqwest_rustls_webpki_roots = ["azure_core/reqwest_rustls_webpki_roots"]
 tokio = ["dep:tokio", "azure_core/tokio", "tokio/process"]
 client_certificate = ["openssl"]
 

sdk/keyvault/azure_security_keyvault_certificates/Cargo.toml

@@ -15,7 +15,9 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait = { workspace = true }
-azure_core = { workspace = true }
+azure_core = { workspace = true, features = [
+  "default",
+] }
 futures = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }

sdk/keyvault/azure_security_keyvault_keys/Cargo.toml

@@ -15,7 +15,9 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait = { workspace = true }
-azure_core = { workspace = true }
+azure_core = { workspace = true, features = [
+  "default",
+] }
 futures = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }

sdk/keyvault/azure_security_keyvault_secrets/Cargo.toml

@@ -15,7 +15,9 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait = { workspace = true }
-azure_core = { workspace = true }
+azure_core = { workspace = true, features = [
+  "default",
+] }
 futures = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }

sdk/storage/azure_storage_blob/Cargo.toml

@@ -17,7 +17,7 @@ categories = ["api-bindings"]
 
 [dependencies]
 async-trait.workspace = true
-azure_core = { workspace = true, features = ["xml"] }
+azure_core = { workspace = true, features = ["default", "xml"] }
 serde.workspace = true
 typespec_client_core = { workspace = true, features = ["derive"] }
 url.workspace = true

sdk/typespec/typespec_client_core/CHANGELOG.md

@@ -6,6 +6,8 @@
 
 ### Breaking Changes
 
+- Renamed the `reqwest` feature into `reqwest_native_tls` so that cargo would not auto-enable `reqwest/native-tls` for other TLS provider  (like e.g. `reqwest_rustls`).
+
 ### Bugs Fixed
 
 ### Other Changes

sdk/typespec/typespec_client_core/Cargo.toml

@@ -19,7 +19,7 @@ futures.workspace = true
 pin-project.workspace = true
 quick-xml = { workspace = true, optional = true }
 rand.workspace = true
-reqwest = { workspace = true, optional = true }
+reqwest = { workspace = true, default-features = false, optional = true }
 rust_decimal = { workspace = true, optional = true }
 serde.workspace = true
 serde_json.workspace = true
@@ -45,17 +45,25 @@ tracing-subscriber.workspace = true
 typespec_macros.path = "../typespec_macros"
 
 [features]
-default = ["http", "json", "reqwest", "reqwest_deflate", "reqwest_gzip"]
+default = [
+  "http",
+  "json",
+  "reqwest_native_tls",
+  "reqwest_deflate",
+  "reqwest_gzip",
+]
 debug = ["typespec_macros?/debug"]
 derive = ["dep:typespec_macros"]
 http = ["typespec/http"]
 json = ["typespec/json"]
-reqwest = ["reqwest/native-tls"]
+reqwest_native_tls = ["reqwest/native-tls"]
 reqwest_deflate = ["reqwest/deflate"]
 reqwest_gzip = ["reqwest/gzip"]
-reqwest_rustls = [
+reqwest_rustls = ["reqwest_rustls_native_roots"]
+reqwest_rustls_native_roots = [
   "reqwest/rustls-tls-native-roots-no-provider",
 ] # Remove dependency on banned `ring` crate; requires manually configuring crypto provider.
+reqwest_rustls_webpki_roots = ["reqwest/rustls-tls-webpki-roots-no-provider"]
 test = [] # Enables extra tracing including error bodies that may contain PII.
 tokio = ["tokio/fs", "tokio/sync", "tokio/time", "tokio/io-util"]
 xml = ["dep:quick-xml"]

sdk/typespec/typespec_client_core/README.md

@@ -11,7 +11,8 @@ This is the runtime for [TypeSpec](https://typespec.io)-generated clients.
 * `reqwest` (default): enables and sets `reqwest` as the default `HttpClient`. Enables `reqwest`'s `native-tls` feature.
 * `reqwest_deflate` (default): enables deflate compression for `reqwest`.
 * `reqwest_gzip` (default): enables gzip compression for `reqwest`.
-* `reqwest_rustls`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+* `reqwest_rustls_native_roots`: enables `reqwest`'s `rustls-tls-native-roots-no-provider` feature,
+* `reqwest_rustls_webpki_roots`: enables `reqwest`'s `rustls-tls-webpki-roots-no-provider` feature,
   which requires manually configuring a cryptography provider since `ring` is a banned dependency.
 * `tokio`: enables and sets `tokio` as the default async runtime.
 * `xml`: enables XML support.

sdk/typespec/typespec_client_core/src/http/clients/mod.rs

@@ -3,14 +3,30 @@
 
 //! Built-in HTTP clients.
 
-#[cfg(not(any(feature = "reqwest", feature = "reqwest_rustls")))]
+#[cfg(not(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+)))]
 mod noop;
-#[cfg(any(feature = "reqwest", feature = "reqwest_rustls"))]
+#[cfg(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+))]
 mod reqwest;
 
-#[cfg(not(any(feature = "reqwest", feature = "reqwest_rustls")))]
+#[cfg(not(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+)))]
 use self::noop::new_noop_client;
-#[cfg(any(feature = "reqwest", feature = "reqwest_rustls"))]
+#[cfg(any(
+    feature = "reqwest",
+    feature = "reqwest_rustls_native_roots",
+    feature = "reqwest_rustls_webpki_roots"
+))]
 use self::reqwest::new_reqwest_client;
 
 use crate::http::{RawResponse, Request};
@@ -20,11 +36,19 @@ use typespec::error::Result;
 
 /// Create a new [`HttpClient`].
 pub fn new_http_client() -> Arc<dyn HttpClient> {
-    #[cfg(any(feature = "reqwest", feature = "reqwest_rustls"))]
+    #[cfg(any(
+        feature = "reqwest",
+        feature = "reqwest_rustls_native_roots",
+        feature = "reqwest_rustls_webpki_roots"
+    ))]
     {
         new_reqwest_client()
     }
-    #[cfg(not(any(feature = "reqwest", feature = "reqwest_rustls")))]
+    #[cfg(not(any(
+        feature = "reqwest",
+        feature = "reqwest_rustls_native_roots",
+        feature = "reqwest_rustls_webpki_roots"
+    )))]
     {
         new_noop_client()
     }