address review comments

Signed-off-by: Rajat Jindal <[email protected]>

Author: rajatjindal

crates/trigger-http/src/lib.rs

@@ -738,8 +738,7 @@ impl OutboundWasiHttpHandler for HttpRuntimeData {
         // Once Wasmtime gives us the ability to do the spawn ourselves we can just call .instrument
         // and won't have to do this workaround.
         let response_handle = async move {
-            let res =
-                default_send_request_handler(request, config, client_tls_opts).await;
+            let res = send_request_handler(request, config, client_tls_opts).await;
             if let Ok(res) = &res {
                 tracing::Span::current()
                     .record("http.response.status_code", res.resp.status().as_u16());
@@ -1008,30 +1007,10 @@ mod tests {
     }
 }
 
-/// Translate a [`hyper::Error`] to a wasi-http `ErrorCode` in the context of a request.
-pub fn hyper_request_error(err: hyper::Error) -> ErrorCode {
-    // If there's a source, we might be able to extract a wasi-http error from it.
-    if let Some(cause) = err.source() {
-        if let Some(err) = cause.downcast_ref::<ErrorCode>() {
-            return err.clone();
-        }
-    }
-
-    tracing::warn!("hyper request error: {err:?}");
-
-    ErrorCode::HttpProtocolError
-}
-
-pub fn dns_error(rcode: String, info_code: u16) -> ErrorCode {
-    ErrorCode::DnsError(wasmtime_wasi_http::bindings::http::types::DnsErrorPayload {
-        rcode: Some(rcode),
-        info_code: Some(info_code),
-    })
-}
-
-/// This is a fork of wasmtime_wasi_http::default_send_request_handler function.
+/// This is a fork of wasmtime_wasi_http::default_send_request_handler function
+/// forked from bytecodealliance/wasmtime commit-sha 29a76b68200fcfa69c8fb18ce6c850754279a05b
 /// This fork provides the ability to configure client cert auth for mTLS
-pub async fn default_send_request_handler(
+pub async fn send_request_handler(
     mut request: hyper::Request<HyperOutgoingBody>,
     wasmtime_wasi_http::types::OutgoingRequestConfig {
         use_tls,
@@ -1216,3 +1195,24 @@ fn get_client_tls_config_for_authority(
             .with_no_client_auth(),
     }
 }
+
+/// Translate a [`hyper::Error`] to a wasi-http `ErrorCode` in the context of a request.
+pub fn hyper_request_error(err: hyper::Error) -> ErrorCode {
+    // If there's a source, we might be able to extract a wasi-http error from it.
+    if let Some(cause) = err.source() {
+        if let Some(err) = cause.downcast_ref::<ErrorCode>() {
+            return err.clone();
+        }
+    }
+
+    tracing::warn!("hyper request error: {err:?}");
+
+    ErrorCode::HttpProtocolError
+}
+
+pub fn dns_error(rcode: String, info_code: u16) -> ErrorCode {
+    ErrorCode::DnsError(wasmtime_wasi_http::bindings::http::types::DnsErrorPayload {
+        rcode: Some(rcode),
+        info_code: Some(info_code),
+    })
+}

crates/trigger-http/src/tls.rs

@@ -19,7 +19,7 @@ impl TlsConfig {
     // Creates a TLS acceptor from server config.
     pub(super) fn server_config(&self) -> anyhow::Result<TlsAcceptor> {
         let certs = load_certs(&self.cert_path)?;
-        let private_key = load_keys(&self.key_path)?;
+        let private_key = load_key(&self.key_path)?;
 
         let cfg = rustls::ServerConfig::builder()
             .with_no_client_auth()
@@ -47,7 +47,7 @@ pub fn load_certs(
 }
 
 // load_keys parse and return the first private key from the provided file
-pub fn load_keys(path: impl AsRef<Path>) -> io::Result<rustls_pki_types::PrivateKeyDer<'static>> {
+pub fn load_key(path: impl AsRef<Path>) -> io::Result<rustls_pki_types::PrivateKeyDer<'static>> {
     private_key(&mut io::BufReader::new(fs::File::open(path).map_err(
         |err| {
             io::Error::new(
@@ -110,7 +110,7 @@ mod tests {
         let mut path = testdatadir();
         path.push("non-existing-file.pem");
 
-        let keys = load_keys(path);
+        let keys = load_key(path);
         assert!(keys.is_err());
         assert_eq!(keys.err().unwrap().to_string(), "failed to read private key file Os { code: 2, kind: NotFound, message: \"No such file or directory\" }");
     }
@@ -120,7 +120,7 @@ mod tests {
         let mut path = testdatadir();
         path.push("invalid-private-key.pem");
 
-        let keys = load_keys(path);
+        let keys = load_key(path);
         assert!(keys.is_err());
         assert_eq!(keys.err().unwrap().to_string(), "invalid private key");
     }
@@ -130,7 +130,7 @@ mod tests {
         let mut path = testdatadir();
         path.push("valid-private-key.pem");
 
-        let keys = load_keys(path);
+        let keys = load_key(path);
         assert!(keys.is_ok());
     }
 }

crates/trigger/src/runtime_config.rs

@@ -19,7 +19,7 @@ use spin_sqlite::Connection;
 use crate::TriggerHooks;
 
 use self::{
-    client_tls::{load_certs, load_keys, ClientTlsOpts},
+    client_tls::{load_certs, load_key, ClientTlsOpts},
     key_value::{KeyValueStore, KeyValueStoreOpts},
     llm::LlmComputeOpts,
     sqlite::SqliteDatabaseOpts,
@@ -555,18 +555,18 @@ pub struct ParsedClientTlsOpts {
 
 fn parse_client_tls_opts(inp: &ClientTlsOpts) -> Result<ParsedClientTlsOpts, anyhow::Error> {
     let custom_root_ca = match &inp.custom_root_ca_file {
-        Some(path) => Some(load_certs(&path).context("loading custom root ca")?),
+        Some(path) => Some(load_certs(path).context("loading custom root ca")?),
         None => None,
     };
 
     let cert_chain = match &inp.cert_chain_file {
-        Some(file) => Some(load_certs(&file).context("loading client tls certs")?),
+        Some(file) => Some(load_certs(file).context("loading client tls certs")?),
         None => None,
     };
 
     let private_key = match &inp.private_key_file {
         Some(file) => {
-            let privatekey = load_keys(&file).context("loading private key")?;
+            let privatekey = load_key(file).context("loading private key")?;
             Some(Arc::from(privatekey))
         }
         None => None,

crates/trigger/src/runtime_config/client_tls.rs

@@ -2,16 +2,16 @@ use anyhow::Context;
 use rustls_pemfile::private_key;
 use std::io;
 use std::io::Cursor;
-use std::{fs, path::Path};
+use std::{fs, path::{Path, PathBuf}};
 
 #[derive(Debug, serde::Deserialize)]
 #[serde(rename_all = "snake_case", tag = "type")]
 pub struct ClientTlsOpts {
     pub component_ids: Vec<String>,
     pub hosts: Vec<String>,
-    pub custom_root_ca_file: Option<String>,
-    pub cert_chain_file: Option<String>,
-    pub private_key_file: Option<String>,
+    pub custom_root_ca_file: Option<PathBuf>,
+    pub cert_chain_file: Option<PathBuf>,
+    pub private_key_file: Option<PathBuf>,
 }
 
 // load_certs parse and return the certs from the provided file
@@ -28,7 +28,7 @@ pub fn load_certs(
 }
 
 // load_keys parse and return the first private key from the provided file
-pub fn load_keys(
+pub fn load_key(
     path: impl AsRef<Path>,
 ) -> anyhow::Result<rustls_pki_types::PrivateKeyDer<'static>> {
     private_key(&mut io::BufReader::new(