github.com/kyma-incubator/compass/components/director@v0.0.0-20230623144113-d764f56ff805/pkg/auth/clients.go (about)

     1  package auth
     2  
     3  import (
     4  	"crypto/tls"
     5  	"net/http"
     6  	"time"
     7  
     8  	"github.com/kyma-incubator/compass/components/director/pkg/certloader"
     9  	httputil "github.com/kyma-incubator/compass/components/director/pkg/http"
    10  )
    11  
    12  // PrepareMTLSClient creates a mtls secured http client with given timeout and cert cache
    13  func PrepareMTLSClient(timeout time.Duration, cache certloader.Cache, secretName string) *http.Client {
    14  	return PrepareMTLSClientWithSSLValidation(timeout, cache, false, secretName)
    15  }
    16  
    17  // PrepareMTLSClientWithSSLValidation creates a mtls secured http client with given timeout, SSL validation and cert cache
    18  func PrepareMTLSClientWithSSLValidation(timeout time.Duration, cache certloader.Cache, skipSSLValidation bool, secretName string) *http.Client {
    19  	basicTransport := http.DefaultTransport.(*http.Transport).Clone()
    20  	basicTransport.TLSClientConfig.InsecureSkipVerify = skipSSLValidation
    21  	basicTransport.TLSClientConfig.GetClientCertificate = func(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) {
    22  		return cache.Get()[secretName], nil
    23  	}
    24  	roundTripper := httputil.NewHTTPTransportWrapper(basicTransport)
    25  	httpTransport := httputil.NewCorrelationIDTransport(roundTripper)
    26  
    27  	return &http.Client{
    28  		Timeout:   timeout,
    29  		Transport: httpTransport,
    30  		CheckRedirect: func(req *http.Request, via []*http.Request) error {
    31  			return http.ErrUseLastResponse
    32  		},
    33  	}
    34  }
    35  
    36  // PrepareHTTPClient creates a http client with given timeout
    37  func PrepareHTTPClient(timeout time.Duration) *http.Client {
    38  	return PrepareHTTPClientWithSSLValidation(timeout, false)
    39  }
    40  
    41  // PrepareHTTPClientWithSSLValidation creates a secured http client with given timeout and SSL validation
    42  func PrepareHTTPClientWithSSLValidation(timeout time.Duration, skipSSLValidation bool) *http.Client {
    43  	transport := &http.Transport{
    44  		TLSClientConfig: &tls.Config{
    45  			InsecureSkipVerify: skipSSLValidation,
    46  		},
    47  	}
    48  
    49  	roundTripper := httputil.NewHTTPTransportWrapper(transport)
    50  
    51  	unsecuredClient := &http.Client{
    52  		Timeout:   timeout,
    53  		Transport: httputil.NewCorrelationIDTransport(roundTripper),
    54  		CheckRedirect: func(req *http.Request, via []*http.Request) error {
    55  			return http.ErrUseLastResponse
    56  		},
    57  	}
    58  
    59  	basicProvider := NewBasicAuthorizationProvider()
    60  	tokenProvider := NewTokenAuthorizationProvider(unsecuredClient)
    61  
    62  	securedTransport := httputil.NewSecuredTransport(httputil.NewCorrelationIDTransport(roundTripper), basicProvider, tokenProvider)
    63  	securedClient := &http.Client{
    64  		Timeout:   timeout,
    65  		Transport: securedTransport,
    66  		CheckRedirect: func(req *http.Request, via []*http.Request) error {
    67  			return http.ErrUseLastResponse
    68  		},
    69  	}
    70  
    71  	return securedClient
    72  }