github.com/verrazzano/verrazzano@v1.7.0/authproxy/internal/httputil/httputil.go

github.com/verrazzano/verrazzano@v1.7.0/authproxy/internal/httputil/httputil.go (about)

     1  // Copyright (c) 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package httputil
     5  
     6  import (
     7  	"context"
     8  	"crypto/tls"
     9  	"crypto/x509"
    10  	"net/http"
    11  
    12  	"github.com/hashicorp/go-retryablehttp"
    13  	vzpassword "github.com/verrazzano/verrazzano/pkg/security/password"
    14  )
    15  
    16  // GetHTTPClientWithCABundle returns a retryable HTTP client with the given cert pool
    17  func GetHTTPClientWithCABundle(rootCA *x509.CertPool) *retryablehttp.Client {
    18  	transport := http.DefaultTransport.(*http.Transport).Clone()
    19  	transport.TLSClientConfig = &tls.Config{
    20  		RootCAs:    rootCA,
    21  		MinVersion: tls.VersionTLS12,
    22  	}
    23  
    24  	client := retryablehttp.NewClient()
    25  	client.HTTPClient.Transport = transport
    26  	return client
    27  }
    28  
    29  // ObfuscateRequestData removes the Authorization header data from the request before logging
    30  func ObfuscateRequestData(req *http.Request) *http.Request {
    31  	hiddenReq := req.Clone(context.TODO())
    32  	authKey := "Authorization"
    33  	for i := range hiddenReq.Header[authKey] {
    34  		hiddenReq.Header[authKey][i] = vzpassword.MaskFunction("")(hiddenReq.Header[authKey][i])
    35  	}
    36  	return hiddenReq
    37  }