5fa1fef6c8
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 5s
CI Pipeline / Clippy Lints (push) Successful in 51s
CI Pipeline / Rust Unit Tests (push) Failing after 1m31s
CI Pipeline / Security Audit (push) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
CI Pipeline / Build .deb & Release (push) Has been skipped
- Remove all cert files from git tracking (git rm --cached) - crates/pm-agent-client/certs/client.key (private key) - crates/pm-agent-client/certs/client.crt (public cert) - crates/pm-agent-client/certs/ca.crt (public cert) - Add .gitignore patterns for *.key, *.key.pem, certs/*.crt, certs/*.pem - Update pm-agent-client doc examples to use std::fs::read() instead of include_bytes! - Add gitleaks secret scanning job to CI workflow - Update security-review.md with critical finding for Issue #12 - Add README.md to crates/pm-agent-client/certs/ explaining runtime cert generation Private keys were dev/test only - no production key rotation needed. Git history purge with filter-repo will follow after PR merge. Co-authored-by: Draco Lunaris <331325+Draco-Lunaris@users.noreply.github.com>
49 lines
1.6 KiB
Rust
49 lines
1.6 KiB
Rust
//! `pm-agent-client` — mTLS HTTP client for Linux Patch API agent communication.
|
|
//!
|
|
//! This crate provides [`client::AgentClient`], an async HTTP client that
|
|
//! establishes mutual-TLS connections (TLS 1.3) to `linux_patch_api` agents
|
|
//! running on managed hosts.
|
|
//!
|
|
//! # Quick start
|
|
//!
|
|
//! ```no_run
|
|
//! use pm_agent_client::AgentClient;
|
|
//!
|
|
//! # async fn run() -> Result<(), pm_agent_client::AgentClientError> {
|
|
//! // Load certificates from files (never hardcode or include_bytes! private keys)
|
|
//! let client_cert = std::fs::read("/etc/patch-manager/certs/client.crt")?;
|
|
//! let client_key = std::fs::read("/etc/patch-manager/certs/client.key")?;
|
|
//! let ca_cert = std::fs::read("/etc/patch-manager/ca/ca.crt")?;
|
|
//!
|
|
//! let client = AgentClient::new(
|
|
//! "10.0.1.5",
|
|
//! 12443,
|
|
//! &client_cert,
|
|
//! &client_key,
|
|
//! &ca_cert,
|
|
//! )?;
|
|
//!
|
|
//! let health = client.health().await?;
|
|
//! println!("Agent {}: {}", health.status, health.version);
|
|
//! # Ok(())
|
|
//! # }
|
|
//! ```
|
|
|
|
pub mod client;
|
|
pub mod error;
|
|
pub mod types;
|
|
|
|
// ── Convenience re-exports ──────────────────────────────────────────────────
|
|
|
|
/// Primary client — re-exported from [`client::AgentClient`].
|
|
pub use client::{AgentClient, DEFAULT_AGENT_PORT};
|
|
|
|
/// Error type — re-exported from [`error::AgentClientError`].
|
|
pub use error::AgentClientError;
|
|
|
|
/// Response envelope and all data types.
|
|
pub use types::{
|
|
AgentEnvelope, AgentErrorBody, HealthData, Package, PackagesData, Patch, PatchesData,
|
|
RollbackResponse, ServiceStatusData, SystemInfoData,
|
|
};
|