Expose HTTP transport

author: Martin Polden <mpolden@mpolden.no> 2023-03-17 12:02:18 +0100
committer: Martin Polden <mpolden@mpolden.no> 2023-03-23 12:13:44 +0100
commit: 489e1a1b5494bb75f8238084f9779d6cc465e660 (patch)
tree: e8013ae9e33b3dc86e2c0c13735d86f79bb0843c /client
parent: 7e9bc236241a5b2b0261f897116de00b94e5a27f (diff)
6 files changed, 36 insertions, 19 deletions
diff --git a/client/go/internal/cli/auth/zts/zts.go b/client/go/internal/cli/auth/zts/zts.go
index 0ca815a61e8..1e84912a271 100644
--- a/client/go/internal/cli/auth/zts/zts.go
+++ b/client/go/internal/cli/auth/zts/zts.go
@@ -37,7 +37,7 @@ func (c *Client) AccessToken(domain string, certificate tls.Certificate) (string
 	if err != nil {
 		return "", err
 	}
-	c.client.UseCertificate([]tls.Certificate{certificate})
+	util.SetCertificate(c.client, []tls.Certificate{certificate})
 	response, err := c.client.Do(req, 10*time.Second)
 	if err != nil {
 		return "", err
diff --git a/client/go/internal/cli/cmd/test.go b/client/go/internal/cli/cmd/test.go
index d071f9556a2..4a53fe6bed3 100644
--- a/client/go/internal/cli/cmd/test.go
+++ b/client/go/internal/cli/cmd/test.go
@@ -263,7 +263,7 @@ func verify(step step, defaultCluster string, defaultParameters map[string]strin
 
 	var response *http.Response
 	if externalEndpoint {
-		context.cli.httpClient.UseCertificate([]tls.Certificate{})
+		util.SetCertificate(context.cli.httpClient, []tls.Certificate{})
 		response, err = context.cli.httpClient.Do(request, 60*time.Second)
 	} else {
 		response, err = service.Do(request, 600*time.Second) // Vespa should provide a response within the given request timeout
diff --git a/client/go/internal/mock/http.go b/client/go/internal/mock/http.go
index 84718e846c1..d1fb4f28327 100644
--- a/client/go/internal/mock/http.go
+++ b/client/go/internal/mock/http.go
@@ -2,7 +2,6 @@ package mock
 
 import (
 	"bytes"
-	"crypto/tls"
 	"io"
 	"net/http"
 	"strconv"
@@ -60,4 +59,4 @@ func (c *HTTPClient) Do(request *http.Request, timeout time.Duration) (*http.Res
 		nil
 }
 
-func (c *HTTPClient) UseCertificate(certificates []tls.Certificate) {}
+func (c *HTTPClient) Transport() *http.Transport { return &http.Transport{} }
diff --git a/client/go/internal/util/http.go b/client/go/internal/util/http.go
index f47429a8d5d..b18f9a00c6a 100644
--- a/client/go/internal/util/http.go
+++ b/client/go/internal/util/http.go
@@ -12,11 +12,12 @@ import (
 
 type HTTPClient interface {
 	Do(request *http.Request, timeout time.Duration) (response *http.Response, error error)
-	UseCertificate(certificate []tls.Certificate)
+	Transport() *http.Transport
 }
 
 type defaultHTTPClient struct {
-	client *http.Client
+	client    *http.Client
+	transport *http.Transport
 }
 
 func (c *defaultHTTPClient) Do(request *http.Request, timeout time.Duration) (response *http.Response, error error) {
@@ -30,13 +31,24 @@ func (c *defaultHTTPClient) Do(request *http.Request, timeout time.Duration) (re
 	return c.client.Do(request)
 }
 
-func (c *defaultHTTPClient) UseCertificate(certificates []tls.Certificate) {
-	c.client.Transport = &http.Transport{TLSClientConfig: &tls.Config{
+func (c *defaultHTTPClient) Transport() *http.Transport { return c.transport }
+
+func SetCertificate(client HTTPClient, certificates []tls.Certificate) {
+	client.Transport().TLSClientConfig = &tls.Config{
 		Certificates: certificates,
 		MinVersion:   tls.VersionTLS12,
-	}}
+	}
 }
 
 func CreateClient(timeout time.Duration) HTTPClient {
-	return &defaultHTTPClient{client: &http.Client{Timeout: timeout}}
+	transport := http.Transport{
+		ForceAttemptHTTP2: true,
+	}
+	return &defaultHTTPClient{
+		client: &http.Client{
+			Timeout:   timeout,
+			Transport: &transport,
+		},
+		transport: &transport,
+	}
 }
diff --git a/client/go/internal/vespa/target.go b/client/go/internal/vespa/target.go
index 719b37012d5..0e173175720 100644
--- a/client/go/internal/vespa/target.go
+++ b/client/go/internal/vespa/target.go
@@ -92,9 +92,6 @@ type LogOptions struct {
 
 // Do sends request to this service. Any required authentication happens automatically.
 func (s *Service) Do(request *http.Request, timeout time.Duration) (*http.Response, error) {
-	if s.TLSOptions.KeyPair.Certificate != nil {
-		s.httpClient.UseCertificate([]tls.Certificate{s.TLSOptions.KeyPair})
-	}
 	if s.TLSOptions.AthenzDomain != "" {
 		accessToken, err := s.zts.AccessToken(s.TLSOptions.AthenzDomain, s.TLSOptions.KeyPair)
 		if err != nil {
@@ -108,6 +105,8 @@ func (s *Service) Do(request *http.Request, timeout time.Duration) (*http.Respon
 	return s.httpClient.Do(request, timeout)
 }
 
+func (s *Service) Transport() *http.Transport { return s.httpClient.Transport() }
+
 // Wait polls the health check of this service until it succeeds or timeout passes.
 func (s *Service) Wait(timeout time.Duration) (int, error) {
 	url := s.BaseURL
@@ -153,7 +152,7 @@ func waitForOK(client util.HTTPClient, url string, certificate *tls.Certificate,
 
 func wait(client util.HTTPClient, fn responseFunc, reqFn requestFunc, certificate *tls.Certificate, timeout time.Duration) (int, error) {
 	if certificate != nil {
-		client.UseCertificate([]tls.Certificate{*certificate})
+		util.SetCertificate(client, []tls.Certificate{*certificate})
 	}
 	var (
 		httpErr    error
diff --git a/client/go/internal/vespa/target_cloud.go b/client/go/internal/vespa/target_cloud.go
index 5d9e6d9272a..827d6c6a56a 100644
--- a/client/go/internal/vespa/target_cloud.go
+++ b/client/go/internal/vespa/target_cloud.go
@@ -118,9 +118,10 @@ func (t *cloudTarget) IsCloud() bool { return true }
 func (t *cloudTarget) Deployment() Deployment { return t.deploymentOptions.Deployment }
 
 func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, cluster string) (*Service, error) {
+	var service *Service
 	switch name {
 	case DeployService:
-		service := &Service{
+		service = &Service{
 			Name:       name,
 			BaseURL:    t.apiOptions.System.URL,
 			TLSOptions: t.apiOptions.TLSOptions,
@@ -136,7 +137,6 @@ func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, c
 				return nil, fmt.Errorf("got status %d from deploy service at %s", status, service.BaseURL)
 			}
 		}
-		return service, nil
 	case QueryService, DocumentService:
 		if t.deploymentOptions.ClusterURLs == nil {
 			if err := t.waitForEndpoints(timeout, runID); err != nil {
@@ -148,15 +148,22 @@ func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, c
 			return nil, err
 		}
 		t.deploymentOptions.TLSOptions.AthenzDomain = t.apiOptions.System.AthenzDomain
-		return &Service{
+		service = &Service{
 			Name:       name,
 			BaseURL:    url,
 			TLSOptions: t.deploymentOptions.TLSOptions,
 			zts:        t.zts,
 			httpClient: t.httpClient,
-		}, nil
+		}
+
+	default:
+		return nil, fmt.Errorf("unknown service: %s", name)
+
+	}
+	if service.TLSOptions.KeyPair.Certificate != nil {
+		util.SetCertificate(service, []tls.Certificate{service.TLSOptions.KeyPair})
 	}
-	return nil, fmt.Errorf("unknown service: %s", name)
+	return service, nil
 }
 
 func (t *cloudTarget) SignRequest(req *http.Request, keyID string) error {
author	Martin Polden <mpolden@mpolden.no>	2023-03-17 12:02:18 +0100
committer	Martin Polden <mpolden@mpolden.no>	2023-03-23 12:13:44 +0100
commit	489e1a1b5494bb75f8238084f9779d6cc465e660 (patch)
tree	e8013ae9e33b3dc86e2c0c13735d86f79bb0843c /client
parent	7e9bc236241a5b2b0261f897116de00b94e5a27f (diff)