Support TLS in Daml Helper --json-api requests

This PR accepts the --tls flag but rejects the flags to set certs because those don’t really make sense here (or are at least not easily settable). Unfortunately no great way to test this without a huge amount of test infrastructure to setup a custom TLS reverse proxy for tests. If someone has an idea to add a reasonable test, I’m all ears. changelog_begin - [Daml Assistant] The `daml ledger` commands now accepts `--tls` in combination with `--json-api` to access a JSON API behind a TLS reverse proxy. changelog_end
digital-asset · Aug 30, 2021 · d4b940b · d4b940b
1 parent 65025c2
commit d4b940b
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/daml-assistant/daml-helper/src/DA/Daml/Helper/Ledger.hs b/daml-assistant/daml-helper/src/DA/Daml/Helper/Ledger.hs
@@ -594,9 +594,12 @@ httpBsRequest args method path modify = do
 
 makeRequest :: LedgerArgs -> Method -> Path -> (Request -> Request) -> IO Request
 makeRequest LedgerArgs {sslConfigM, tokM, port, host} method path modify = do
-  when (isJust sslConfigM) $
-    fail "The HTTP JSON API doesn't support TLS requests, but a TLS flag was set."
+  secure <- case sslConfigM of
+    Nothing -> pure False
+    Just (L.ClientSSLConfig Nothing Nothing Nothing) -> pure True
+    Just _ -> fail "The HTTP JSON API does not support --pem, --crt and --cacrt flags."
   pure $
+    setRequestSecure secure $
     setRequestPort port $
     setRequestHost (BSC.pack host) $
     setRequestMethod (unMethod method) $