diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-03-17 12:02:18 +0100 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-03-23 12:13:44 +0100 |
commit | 489e1a1b5494bb75f8238084f9779d6cc465e660 (patch) | |
tree | e8013ae9e33b3dc86e2c0c13735d86f79bb0843c /client | |
parent | 7e9bc236241a5b2b0261f897116de00b94e5a27f (diff) |
Expose HTTP transport
Diffstat (limited to 'client')
-rw-r--r-- | client/go/internal/cli/auth/zts/zts.go | 2 | ||||
-rw-r--r-- | client/go/internal/cli/cmd/test.go | 2 | ||||
-rw-r--r-- | client/go/internal/mock/http.go | 3 | ||||
-rw-r--r-- | client/go/internal/util/http.go | 24 | ||||
-rw-r--r-- | client/go/internal/vespa/target.go | 7 | ||||
-rw-r--r-- | client/go/internal/vespa/target_cloud.go | 17 |
6 files changed, 36 insertions, 19 deletions
diff --git a/client/go/internal/cli/auth/zts/zts.go b/client/go/internal/cli/auth/zts/zts.go index 0ca815a61e8..1e84912a271 100644 --- a/client/go/internal/cli/auth/zts/zts.go +++ b/client/go/internal/cli/auth/zts/zts.go @@ -37,7 +37,7 @@ func (c *Client) AccessToken(domain string, certificate tls.Certificate) (string if err != nil { return "", err } - c.client.UseCertificate([]tls.Certificate{certificate}) + util.SetCertificate(c.client, []tls.Certificate{certificate}) response, err := c.client.Do(req, 10*time.Second) if err != nil { return "", err diff --git a/client/go/internal/cli/cmd/test.go b/client/go/internal/cli/cmd/test.go index d071f9556a2..4a53fe6bed3 100644 --- a/client/go/internal/cli/cmd/test.go +++ b/client/go/internal/cli/cmd/test.go @@ -263,7 +263,7 @@ func verify(step step, defaultCluster string, defaultParameters map[string]strin var response *http.Response if externalEndpoint { - context.cli.httpClient.UseCertificate([]tls.Certificate{}) + util.SetCertificate(context.cli.httpClient, []tls.Certificate{}) response, err = context.cli.httpClient.Do(request, 60*time.Second) } else { response, err = service.Do(request, 600*time.Second) // Vespa should provide a response within the given request timeout diff --git a/client/go/internal/mock/http.go b/client/go/internal/mock/http.go index 84718e846c1..d1fb4f28327 100644 --- a/client/go/internal/mock/http.go +++ b/client/go/internal/mock/http.go @@ -2,7 +2,6 @@ package mock import ( "bytes" - "crypto/tls" "io" "net/http" "strconv" @@ -60,4 +59,4 @@ func (c *HTTPClient) Do(request *http.Request, timeout time.Duration) (*http.Res nil } -func (c *HTTPClient) UseCertificate(certificates []tls.Certificate) {} +func (c *HTTPClient) Transport() *http.Transport { return &http.Transport{} } diff --git a/client/go/internal/util/http.go b/client/go/internal/util/http.go index f47429a8d5d..b18f9a00c6a 100644 --- a/client/go/internal/util/http.go +++ b/client/go/internal/util/http.go @@ -12,11 +12,12 @@ import ( type HTTPClient interface { Do(request *http.Request, timeout time.Duration) (response *http.Response, error error) - UseCertificate(certificate []tls.Certificate) + Transport() *http.Transport } type defaultHTTPClient struct { - client *http.Client + client *http.Client + transport *http.Transport } func (c *defaultHTTPClient) Do(request *http.Request, timeout time.Duration) (response *http.Response, error error) { @@ -30,13 +31,24 @@ func (c *defaultHTTPClient) Do(request *http.Request, timeout time.Duration) (re return c.client.Do(request) } -func (c *defaultHTTPClient) UseCertificate(certificates []tls.Certificate) { - c.client.Transport = &http.Transport{TLSClientConfig: &tls.Config{ +func (c *defaultHTTPClient) Transport() *http.Transport { return c.transport } + +func SetCertificate(client HTTPClient, certificates []tls.Certificate) { + client.Transport().TLSClientConfig = &tls.Config{ Certificates: certificates, MinVersion: tls.VersionTLS12, - }} + } } func CreateClient(timeout time.Duration) HTTPClient { - return &defaultHTTPClient{client: &http.Client{Timeout: timeout}} + transport := http.Transport{ + ForceAttemptHTTP2: true, + } + return &defaultHTTPClient{ + client: &http.Client{ + Timeout: timeout, + Transport: &transport, + }, + transport: &transport, + } } diff --git a/client/go/internal/vespa/target.go b/client/go/internal/vespa/target.go index 719b37012d5..0e173175720 100644 --- a/client/go/internal/vespa/target.go +++ b/client/go/internal/vespa/target.go @@ -92,9 +92,6 @@ type LogOptions struct { // Do sends request to this service. Any required authentication happens automatically. func (s *Service) Do(request *http.Request, timeout time.Duration) (*http.Response, error) { - if s.TLSOptions.KeyPair.Certificate != nil { - s.httpClient.UseCertificate([]tls.Certificate{s.TLSOptions.KeyPair}) - } if s.TLSOptions.AthenzDomain != "" { accessToken, err := s.zts.AccessToken(s.TLSOptions.AthenzDomain, s.TLSOptions.KeyPair) if err != nil { @@ -108,6 +105,8 @@ func (s *Service) Do(request *http.Request, timeout time.Duration) (*http.Respon return s.httpClient.Do(request, timeout) } +func (s *Service) Transport() *http.Transport { return s.httpClient.Transport() } + // Wait polls the health check of this service until it succeeds or timeout passes. func (s *Service) Wait(timeout time.Duration) (int, error) { url := s.BaseURL @@ -153,7 +152,7 @@ func waitForOK(client util.HTTPClient, url string, certificate *tls.Certificate, func wait(client util.HTTPClient, fn responseFunc, reqFn requestFunc, certificate *tls.Certificate, timeout time.Duration) (int, error) { if certificate != nil { - client.UseCertificate([]tls.Certificate{*certificate}) + util.SetCertificate(client, []tls.Certificate{*certificate}) } var ( httpErr error diff --git a/client/go/internal/vespa/target_cloud.go b/client/go/internal/vespa/target_cloud.go index 5d9e6d9272a..827d6c6a56a 100644 --- a/client/go/internal/vespa/target_cloud.go +++ b/client/go/internal/vespa/target_cloud.go @@ -118,9 +118,10 @@ func (t *cloudTarget) IsCloud() bool { return true } func (t *cloudTarget) Deployment() Deployment { return t.deploymentOptions.Deployment } func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, cluster string) (*Service, error) { + var service *Service switch name { case DeployService: - service := &Service{ + service = &Service{ Name: name, BaseURL: t.apiOptions.System.URL, TLSOptions: t.apiOptions.TLSOptions, @@ -136,7 +137,6 @@ func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, c return nil, fmt.Errorf("got status %d from deploy service at %s", status, service.BaseURL) } } - return service, nil case QueryService, DocumentService: if t.deploymentOptions.ClusterURLs == nil { if err := t.waitForEndpoints(timeout, runID); err != nil { @@ -148,15 +148,22 @@ func (t *cloudTarget) Service(name string, timeout time.Duration, runID int64, c return nil, err } t.deploymentOptions.TLSOptions.AthenzDomain = t.apiOptions.System.AthenzDomain - return &Service{ + service = &Service{ Name: name, BaseURL: url, TLSOptions: t.deploymentOptions.TLSOptions, zts: t.zts, httpClient: t.httpClient, - }, nil + } + + default: + return nil, fmt.Errorf("unknown service: %s", name) + + } + if service.TLSOptions.KeyPair.Certificate != nil { + util.SetCertificate(service, []tls.Certificate{service.TLSOptions.KeyPair}) } - return nil, fmt.Errorf("unknown service: %s", name) + return service, nil } func (t *cloudTarget) SignRequest(req *http.Request, keyID string) error { |