From 0029730b2c8ee9c1363fabcf84ad78f4fedc44cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Taveira=20Ara=C3=BAjo?= Date: Mon, 10 Jun 2024 08:53:36 -0700 Subject: [PATCH] fix(forwarder): support disabling TLS verification for testing Allow skipping TLS verification when configuring forwarder. This option is never needed in a Lambda context, so we never surface it through envirionment variables. --- pkg/lambda/forwarder/lambda.go | 8 ++++++-- pkg/tracing/http.go | 18 ++++++++++++------ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/pkg/lambda/forwarder/lambda.go b/pkg/lambda/forwarder/lambda.go index 5df19aae..9d0cda96 100644 --- a/pkg/lambda/forwarder/lambda.go +++ b/pkg/lambda/forwarder/lambda.go @@ -35,6 +35,9 @@ type Config struct { OTELServiceName string `env:"OTEL_SERVICE_NAME,default=forwarder"` OTELTracesExporter string `env:"OTEL_TRACES_EXPORTER,default=none"` OTELExporterOTLPEndpoint string `env:"OTEL_EXPORTER_OTLP_ENDPOINT"` + + // The following variables are not configurable via environment + HTTPInsecureSkipVerify bool } type Lambda struct { @@ -108,8 +111,9 @@ func New(ctx context.Context, cfg *Config) (*Lambda, error) { DestinationURI: cfg.DestinationURI, GetObjectAPIClient: awsS3Client, HTTPClient: tracing.NewHTTPClient(&tracing.HTTPClientConfig{ - TracerProvider: tracerProvider, - Logger: &logger, + TracerProvider: tracerProvider, + Logger: &logger, + InsecureSkipVerify: cfg.HTTPInsecureSkipVerify, }), }) if err != nil { diff --git a/pkg/tracing/http.go b/pkg/tracing/http.go index 864f0c4c..857fdd29 100644 --- a/pkg/tracing/http.go +++ b/pkg/tracing/http.go @@ -1,6 +1,7 @@ package tracing import ( + "crypto/tls" "fmt" "net/http" "os" @@ -36,10 +37,11 @@ func (l *leveledLogger) Debug(msg string, keysAndValues ...interface{}) { } type HTTPClientConfig struct { - RetryWaitMin *time.Duration // Minimum time to wait on retry - RetryWaitMax *time.Duration // Maximumum time to wait on retry - RetryMax *int // Maximum number of retries - HTTPClient *http.Client + RetryWaitMin *time.Duration // Minimum time to wait on retry + RetryWaitMax *time.Duration // Maximumum time to wait on retry + RetryMax *int // Maximum number of retries + InsecureSkipVerify bool // disable TLS verification + Logger *logr.Logger TracerProvider trace.TracerProvider } @@ -51,8 +53,12 @@ func NewHTTPClient(cfg *HTTPClientConfig) *http.Client { client := retryablehttp.NewClient() - if cfg.HTTPClient != nil { - client.HTTPClient = cfg.HTTPClient + if cfg.InsecureSkipVerify { + if t, ok := client.HTTPClient.Transport.(*http.Transport); ok { + t.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: true, + } + } } if cfg.RetryWaitMin != nil {