Use Custom HTTP Client for AWS and GCP Clients to allow debug logging (#524)

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2024-12-14 11:57:32 +00:00 · 2024-10-20 09:54:12 +02:00 · 2024-10-20 09:54:12 +02:00 · 84a592e2e1
commit 84a592e2e1
parent 83694c5e9e
3 changed files with 23 additions and 4 deletions
--- a/pkg/target/http/utils.go
+++ b/pkg/target/http/utils.go
@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
+	"net"
 	"net/http"
 	"os"
 	"time"
@ -79,13 +80,23 @@ func NewJSONResult(r v1alpha2.PolicyReportResult) Result {
 }

 func NewClient(certificatePath string, skipTLS bool) *http.Client {
-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig = &tls.Config{
-		InsecureSkipVerify: skipTLS,
+	transport := &http.Transport{
+		DialContext: (&net.Dialer{
+			Timeout:   10 * time.Second,
+			KeepAlive: 60 * time.Second,
+		}).DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: skipTLS,
+		},
 	}

 	client := &http.Client{
 		Transport: NewLoggingRoundTripper(transport),
+		Timeout:   30 * time.Second,
 	}

 	if certificatePath != "" {
--- a/pkg/target/provider/aws/aws.go
+++ b/pkg/target/provider/aws/aws.go
@ -17,6 +17,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/securityhub"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"go.uber.org/zap"
+
+	"github.com/kyverno/policy-reporter/pkg/target/http"
 )

 var enable = true
@ -152,6 +154,8 @@ func createConfig(accessKeyID, secretAccessKey, region string) (aws.Config, erro
 			o.Region = region
 		}

+		o.HTTPClient = http.NewClient("", false)
+
 		return nil
 	})
 	if err != nil {
--- a/pkg/target/provider/gcs/gcs.go
+++ b/pkg/target/provider/gcs/gcs.go
@ -8,6 +8,8 @@ import (
 	"go.uber.org/zap"
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/option"
+
+	"github.com/kyverno/policy-reporter/pkg/target/http"
 )

 type Client interface {
@ -36,7 +38,9 @@ func (c *client) Upload(body *bytes.Buffer, key string) error {

 // NewClient creates a new GCS.client to send Results to GCS Bucket
 func NewClient(ctx context.Context, credentials, bucket string) Client {
-	options := make([]option.ClientOption, 0, 1)
+	options := []option.ClientOption{
+		option.WithHTTPClient(http.NewClient("", false)),
+	}

 	if credentials != "" {
 		cred, err := google.CredentialsFromJSON(ctx, []byte(credentials), storage.ScopeReadWrite)