Use Custom HTTP Client for AWS and GCP Clients to allow debug logging (…

…#524) Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
kyverno · Oct 20, 2024 · 84a592e · 84a592e
1 parent 83694c5
commit 84a592e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/pkg/target/http/utils.go b/pkg/target/http/utils.go
@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
+	"net"
 	"net/http"
 	"os"
 	"time"
@@ -79,13 +80,23 @@ func NewJSONResult(r v1alpha2.PolicyReportResult) Result {
 }
 
 func NewClient(certificatePath string, skipTLS bool) *http.Client {
-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig = &tls.Config{
-		InsecureSkipVerify: skipTLS,
+	transport := &http.Transport{
+		DialContext: (&net.Dialer{
+			Timeout:   10 * time.Second,
+			KeepAlive: 60 * time.Second,
+		}).DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: skipTLS,
+		},
 	}
 
 	client := &http.Client{
 		Transport: NewLoggingRoundTripper(transport),
+		Timeout:   30 * time.Second,
 	}
 
 	if certificatePath != "" {

diff --git a/pkg/target/provider/aws/aws.go b/pkg/target/provider/aws/aws.go
@@ -17,6 +17,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/securityhub"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"go.uber.org/zap"
+
+	"github.com/kyverno/policy-reporter/pkg/target/http"
 )
 
 var enable = true
@@ -152,6 +154,8 @@ func createConfig(accessKeyID, secretAccessKey, region string) (aws.Config, erro
 			o.Region = region
 		}
 
+		o.HTTPClient = http.NewClient("", false)
+
 		return nil
 	})
 	if err != nil {

diff --git a/pkg/target/provider/gcs/gcs.go b/pkg/target/provider/gcs/gcs.go
@@ -8,6 +8,8 @@ import (
 	"go.uber.org/zap"
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/option"
+
+	"github.com/kyverno/policy-reporter/pkg/target/http"
 )
 
 type Client interface {
@@ -36,7 +38,9 @@ func (c *client) Upload(body *bytes.Buffer, key string) error {
 
 // NewClient creates a new GCS.client to send Results to GCS Bucket
 func NewClient(ctx context.Context, credentials, bucket string) Client {
-	options := make([]option.ClientOption, 0, 1)
+	options := []option.ClientOption{
+		option.WithHTTPClient(http.NewClient("", false)),
+	}
 
 	if credentials != "" {
 		cred, err := google.CredentialsFromJSON(ctx, []byte(credentials), storage.ScopeReadWrite)