feat: support TLS connection in flagd provider

[odubajDT]

Related Issues

Fixes #36

[toddbaert]

Let me do a manual test with this (unless you already have)

[odubajDT]

Let me do a manual test with this (unless you already have)

I did, but I would really appreciate that. Thank you!

I already have a testing mechanism/code that I can share with you, or do you want to do it completely independent ?

[toddbaert]

Despite my efforts, I was not able to get this to work, though I can't see anything wrong with your code. I generated a keys/certs like so:

  openssl ecparam -name prime256v1 -genkey -noout -out ca.key
  openssl req -new -x509 -sha256 -key ca.key -out ca.crt
  openssl ecparam -name prime256v1 -genkey -noout -out server.key
  openssl req -new -sha256 -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=localhost" -key server.key -out server.csr
  openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key  -out server.crt -days 1000 -sha256

Then I started flagd like:

./bin/flagd start --uri file://flags.json --server-key-path '/server.key' --server-cert-path '/server.crt'

When I set the env vars (FLAGD_SERVER_CERT_PATH=/ca.crt and FLAGD_TLS=true) in dotnet code, I got these sorts of errors from the provider:

HttpRequestException: The SSL connection could not be established, see inner exception. AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain"

I think flagd is configured correctly, because my curl to it works:

curl -X POST "https://localhost:8013/schema.v1.Service/ResolveFloat" -d '{"flagKey":"myIntFlag","context":{}}' -H "Content-Type: application/json" --cacert '/ca.crt'

[toddbaert]

@odubajDT Please take a look at my PR to your fork. I was able to get the TLS test I had locally working with this. I hope it explains things.