inconsistencies when making outbound http requests

[rajatjindal]

There are currently three code paths when making an outbound http request when running a Spin app:

1. outbound-http crate (used by old spin sdk such as Golang)
2. WasiOutboundHttpHandler in trigger-http crate (used when outbound request is made from within a http-trigger)
3. WasiOutboundHttpHandler implementation in core (used when outbound request is made from other trigger types e.g. redis trigger and using a newer sdk e.g. Rust)

In addition to that, we also have host-components that makes outbound requests on behalf of the Spin app e.g. remote-llm host component for making inferencing request to cloud app.

This introduces interesting problems w.r.t CA certificates used when making an outbound https request:

1. outbound-http and host-components uses the CA bundle present on the file system.
2. WasiOutboundHttpHandler in trigger-http crate and WasiOutboundHttpHandler implementation in core uses the CA bundle configured in wasmtime (at build time).

We ran into this problem when working deploying an AI app to SpinKube/Kubernetes (which made an outbound request from host component) and resolved that by injecting CA bundle as a volume.

but then when trying out a different app, the injected custom CA was not working as expected (because it was using wasmtime outbound handler which uses default CA).

It will be nice if we can make this behavior consistent and deterministic.

[lann]

Fixing this is one of the motivations behind Spin Factors. You can see in the branch that the (unfinished) outbound http factor implements both spin and wasi interfaces. I haven't tackled the http-trigger differences there yet but that is definitely a priority.