Skip to content

Commit

Permalink
fix(auth): handle non-Transport DefaultTransport (#10733)
Browse files Browse the repository at this point in the history 
If a client does not specify opts.BaseRoundTripper in httptransport.NewClient, avoid a panic if the global http.DefaultTransport has been overwritten to something that is not an instance of *http.Transport.

Our use case is to create a new Google API client, but the constructor for NewClient does not allow passing a BaseRoundTripper option as seen here.

Fixes #10742
  • Loading branch information
@adapap
adapap authored Aug 23, 2024
1 parent 96188df commit 98d91dc
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 3 deletions.
14 changes: 14 additions & 0 deletions auth/httptransport/httptransport_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,20 @@ func TestNewClient_BaseRoundTripper(t *testing.T) {
}
}

func TestNewClient_HandlesNonTransportAsDefaultTransport(t *testing.T) {
// Override the global http.DefaultTransport.
dt := http.DefaultTransport
http.DefaultTransport = &rt{}
defer func() { http.DefaultTransport = dt }()

_, err := NewClient(&Options{
APIKey: "key",
})
if err != nil {
t.Fatalf("NewClient() = %v", err)
}
}

type staticTP string

func (tp staticTP) Token(context.Context) (*auth.Token, error) {
Expand Down
6 changes: 5 additions & 1 deletion auth/httptransport/transport.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,11 @@ func newTransport(base http.RoundTripper, opts *Options) (http.RoundTripper, err
// http.DefaultTransport.
// If TLSCertificate is available, set TLSClientConfig as well.
func defaultBaseTransport(clientCertSource cert.Provider, dialTLSContext func(context.Context, string, string) (net.Conn, error)) http.RoundTripper {
trans := http.DefaultTransport.(*http.Transport).Clone()
defaultTransport, ok := http.DefaultTransport.(*http.Transport)
if !ok {
defaultTransport = transport.BaseTransport()
}
trans := defaultTransport.Clone()
trans.MaxIdleConnsPerHost = 100

if clientCertSource != nil {
Expand Down
6 changes: 4 additions & 2 deletions auth/internal/transport/transport.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,12 +81,14 @@ func ValidateUniverseDomain(clientUniverseDomain, credentialsUniverseDomain stri

// DefaultHTTPClientWithTLS constructs an HTTPClient using the provided tlsConfig, to support mTLS.
func DefaultHTTPClientWithTLS(tlsConfig *tls.Config) *http.Client {
trans := baseTransport()
trans := BaseTransport()
trans.TLSClientConfig = tlsConfig
return &http.Client{Transport: trans}
}

func baseTransport() *http.Transport {
// BaseTransport returns a default [http.Transport] which can be used if
// [http.DefaultTransport] has been overwritten.
func BaseTransport() *http.Transport {
return &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Expand Down

0 comments on commit 98d91dc

Please sign in to comment.