Respect transport of custom http client

Signed-off-by: Jan-Otto Kröpke <[email protected]>

Author: jkroepke

core/auth/auth.go

@@ -45,7 +45,7 @@ func SetupAuth(cfg *config.Configuration) (rt http.RoundTripper, err error) {
 	if cfg.CustomAuth != nil {
 		return cfg.CustomAuth, nil
 	} else if cfg.NoAuth {
-		noAuthRoundTripper, err := NoAuth()
+		noAuthRoundTripper, err := NoAuth(cfg)
 		if err != nil {
 			return nil, fmt.Errorf("configuring no auth client: %w", err)
 		}
@@ -98,10 +98,17 @@ func DefaultAuth(cfg *config.Configuration) (rt http.RoundTripper, err error) {
 
 // NoAuth configures a flow without authentication and returns an http.RoundTripper
 // that can be used to make unauthenticated requests
-func NoAuth() (rt http.RoundTripper, err error) {
+func NoAuth(cfg *config.Configuration) (rt http.RoundTripper, err error) {
 	noAuthConfig := clients.NoAuthFlowConfig{}
 	noAuthRoundTripper := &clients.NoAuthFlow{}
-	if err := noAuthRoundTripper.Init(noAuthConfig); err != nil {
+
+	if cfg.HTTPClient == nil {
+		cfg.HTTPClient = &http.Client{
+			Timeout: clients.DefaultClientTimeout,
+		}
+	}
+
+	if err := noAuthRoundTripper.Init(noAuthConfig, cfg.HTTPClient.Transport); err != nil {
 		return nil, fmt.Errorf("initializing client: %w", err)
 	}
 	return noAuthRoundTripper, nil
@@ -130,8 +137,14 @@ func TokenAuth(cfg *config.Configuration) (http.RoundTripper, error) {
 		ServiceAccountToken: cfg.Token,
 	}
 
+	if cfg.HTTPClient == nil {
+		cfg.HTTPClient = &http.Client{
+			Timeout: clients.DefaultClientTimeout,
+		}
+	}
+
 	client := &clients.TokenFlow{}
-	if err := client.Init(&tokenCfg); err != nil {
+	if err := client.Init(&tokenCfg, cfg.HTTPClient.Transport); err != nil {
 		return nil, fmt.Errorf("error initializing client: %w", err)
 	}
 
@@ -187,8 +200,14 @@ func KeyAuth(cfg *config.Configuration) (http.RoundTripper, error) {
 		BackgroundTokenRefreshContext: cfg.BackgroundTokenRefreshContext,
 	}
 
+	if cfg.HTTPClient == nil {
+		cfg.HTTPClient = &http.Client{
+			Timeout: clients.DefaultClientTimeout,
+		}
+	}
+
 	client := &clients.KeyFlow{}
-	if err := client.Init(&keyCfg); err != nil {
+	if err := client.Init(&keyCfg, cfg.HTTPClient.Transport); err != nil {
 		return nil, fmt.Errorf("error initializing client: %w", err)
 	}
 

core/auth/auth_test.go

@@ -6,6 +6,7 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"encoding/pem"
+	"net/http"
 	"os"
 	"reflect"
 	"testing"
@@ -125,6 +126,7 @@ func TestSetupAuth(t *testing.T) {
 		t.Fatalf("Creating temporary file: %s", err)
 	}
 	defer func() {
+		_ = credentialsKeyFile.Close()
 		err := os.Remove(credentialsKeyFile.Name())
 		if err != nil {
 			t.Fatalf("Removing temporary file: %s", err)
@@ -361,6 +363,7 @@ func TestDefaultAuth(t *testing.T) {
 		t.Fatalf("Creating temporary file: %s", err)
 	}
 	defer func() {
+		_ = saKeyFile.Close()
 		err := os.Remove(saKeyFile.Name())
 		if err != nil {
 			t.Fatalf("Removing temporary file: %s", err)
@@ -377,19 +380,13 @@ func TestDefaultAuth(t *testing.T) {
 		t.Fatalf("Writing private key to temporary file: %s", err)
 	}
 
-	defer func() {
-		err := saKeyFile.Close()
-		if err != nil {
-			t.Fatalf("Removing temporary file: %s", err)
-		}
-	}()
-
 	// create a credentials file with saKey and private key
 	credentialsKeyFile, errs := os.CreateTemp("", "temp-*.txt")
 	if errs != nil {
 		t.Fatalf("Creating temporary file: %s", err)
 	}
 	defer func() {
+		_ = credentialsKeyFile.Close()
 		err := os.Remove(credentialsKeyFile.Name())
 		if err != nil {
 			t.Fatalf("Removing temporary file: %s", err)
@@ -681,7 +678,7 @@ func TestNoAuth(t *testing.T) {
 	} {
 		t.Run(test.desc, func(t *testing.T) {
 			setTemporaryHome(t) // Get the default authentication client and ensure that it's not nil
-			authClient, err := NoAuth()
+			authClient, err := NoAuth(&config.Configuration{HTTPClient: http.DefaultClient})
 			if err != nil {
 				t.Fatalf("Test returned error on valid test case: %v", err)
 			}

core/clients/key_flow.go

@@ -34,9 +34,9 @@ const (
 
 // KeyFlow handles auth with SA key
 type KeyFlow struct {
-	client        *http.Client
+	rt            http.RoundTripper
+	authClient    *http.Client
 	config        *KeyFlowConfig
-	doer          func(req *http.Request) (resp *http.Response, err error)
 	key           *ServiceAccountKeyResponse
 	privateKey    *rsa.PrivateKey
 	privateKeyPEM []byte
@@ -116,15 +116,25 @@ func (c *KeyFlow) GetToken() TokenResponseBody {
 	return *c.token
 }
 
-func (c *KeyFlow) Init(cfg *KeyFlowConfig) error {
+func (c *KeyFlow) Init(cfg *KeyFlowConfig, rt http.RoundTripper) error {
 	// No concurrency at this point, so no mutex check needed
 	c.token = &TokenResponseBody{}
 	c.config = cfg
 
 	if c.config.TokenUrl == "" {
 		c.config.TokenUrl = tokenAPI
 	}
-	c.configureHTTPClient()
+
+	if rt == nil {
+		rt = http.DefaultTransport
+	}
+
+	c.rt = rt
+	c.authClient = &http.Client{
+		Transport: rt,
+		Timeout:   DefaultClientTimeout,
+	}
+
 	err := c.validate()
 	if err != nil {
 		return err
@@ -163,7 +173,7 @@ func (c *KeyFlow) SetToken(accessToken, refreshToken string) error {
 
 // Roundtrip performs the request
 func (c *KeyFlow) RoundTrip(req *http.Request) (*http.Response, error) {
-	if c.client == nil {
+	if c.rt == nil {
 		return nil, fmt.Errorf("please run Init()")
 	}
 
@@ -172,13 +182,13 @@ func (c *KeyFlow) RoundTrip(req *http.Request) (*http.Response, error) {
 		return nil, err
 	}
 	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
-	return c.doer(req)
+	return c.rt.RoundTrip(req)
 }
 
 // GetAccessToken returns a short-lived access token and saves the access and refresh tokens in the token field
 func (c *KeyFlow) GetAccessToken() (string, error) {
-	if c.client == nil {
-		return "", fmt.Errorf("nil http client, please run Init()")
+	if c.rt == nil {
+		return "", fmt.Errorf("nil http round tripper, please run Init()")
 	}
 
 	c.tokenMutex.RLock()
@@ -203,14 +213,6 @@ func (c *KeyFlow) GetAccessToken() (string, error) {
 	return accessToken, nil
 }
 
-// configureHTTPClient configures the HTTP client
-func (c *KeyFlow) configureHTTPClient() {
-	client := &http.Client{}
-	client.Timeout = DefaultClientTimeout
-	c.client = client
-	c.doer = c.client.Do
-}
-
 // validate the client is configured well
 func (c *KeyFlow) validate() error {
 	if c.config.ServiceAccountKey == nil {
@@ -279,10 +281,6 @@ func (c *KeyFlow) createAccessToken() (err error) {
 // createAccessTokenWithRefreshToken creates an access token using
 // an existing pre-validated refresh token
 func (c *KeyFlow) createAccessTokenWithRefreshToken() (err error) {
-	if c.client == nil {
-		return fmt.Errorf("nil http client, please run Init()")
-	}
-
 	c.tokenMutex.RLock()
 	refreshToken := c.token.RefreshToken
 	c.tokenMutex.RUnlock()
@@ -334,7 +332,8 @@ func (c *KeyFlow) requestToken(grant, assertion string) (*http.Response, error)
 		return nil, err
 	}
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-	return c.doer(req)
+
+	return c.authClient.Do(req)
 }
 
 // parseTokenResponse parses the response from the server

core/clients/key_flow_continuous_refresh_test.go

@@ -137,8 +137,9 @@ func TestContinuousRefreshToken(t *testing.T) {
 				config: &KeyFlowConfig{
 					BackgroundTokenRefreshContext: ctx,
 				},
-				client: &http.Client{},
-				doer:   mockDo,
+				authClient: &http.Client{
+					Transport: mockTransportFn{mockDo},
+				},
 				token: &TokenResponseBody{
 					AccessToken:  accessToken,
 					RefreshToken: refreshToken,
@@ -328,11 +329,13 @@ func TestContinuousRefreshTokenConcurrency(t *testing.T) {
 	}
 
 	keyFlow := &KeyFlow{
-		client: &http.Client{},
 		config: &KeyFlowConfig{
 			BackgroundTokenRefreshContext: ctx,
 		},
-		doer: mockDo,
+		authClient: &http.Client{
+			Transport: mockTransportFn{mockDo},
+		},
+		rt: mockTransportFn{mockDo},
 		token: &TokenResponseBody{
 			AccessToken:  accessTokenFirst,
 			RefreshToken: refreshToken,

core/clients/key_flow_test.go

@@ -5,6 +5,7 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -113,7 +114,7 @@ func TestKeyFlowInit(t *testing.T) {
 			}
 
 			cfg.ServiceAccountKey = tt.serviceAccountKey
-			if err := c.Init(cfg); (err != nil) != tt.wantErr {
+			if err := c.Init(cfg, http.DefaultTransport); (err != nil) != tt.wantErr {
 				t.Errorf("KeyFlow.Init() error = %v, wantErr %v", err, tt.wantErr)
 			}
 			if c.config == nil {
@@ -268,13 +269,14 @@ func TestRequestToken(t *testing.T) {
 
 	for _, tt := range testCases {
 		t.Run(tt.name, func(t *testing.T) {
-			mockDo := func(_ *http.Request) (resp *http.Response, err error) {
-				return tt.mockResponse, tt.mockError
-			}
-
 			c := &KeyFlow{
+				authClient: &http.Client{
+					Transport: mockTransportFn{func(_ *http.Request) (*http.Response, error) {
+						return tt.mockResponse, tt.mockError
+					}},
+				},
 				config: &KeyFlowConfig{},
-				doer:   mockDo,
+				rt:     http.DefaultTransport,
 			}
 
 			res, err := c.requestToken(tt.grant, tt.assertion)
@@ -289,7 +291,7 @@ func TestRequestToken(t *testing.T) {
 			if tt.expectedError != nil {
 				if err == nil {
 					t.Errorf("Expected error '%v' but no error was returned", tt.expectedError)
-				} else if tt.expectedError.Error() != err.Error() {
+				} else if errors.Is(err, tt.expectedError) {
 					t.Errorf("Error is not correct. Expected %v, got %v", tt.expectedError, err)
 				}
 			} else {
@@ -303,3 +305,11 @@ func TestRequestToken(t *testing.T) {
 		})
 	}
 }
+
+type mockTransportFn struct {
+	fn func(req *http.Request) (*http.Response, error)
+}
+
+func (m mockTransportFn) RoundTrip(req *http.Request) (*http.Response, error) {
+	return m.fn(req)
+}

core/clients/no_auth_flow.go

@@ -6,7 +6,7 @@ import (
 )
 
 type NoAuthFlow struct {
-	client *http.Client
+	rt     http.RoundTripper
 	config *NoAuthFlowConfig
 }
 
@@ -24,18 +24,23 @@ func (c *NoAuthFlow) GetConfig() NoAuthFlowConfig {
 	return *c.config
 }
 
-func (c *NoAuthFlow) Init(_ NoAuthFlowConfig) error {
+func (c *NoAuthFlow) Init(_ NoAuthFlowConfig, rt http.RoundTripper) error {
 	c.config = &NoAuthFlowConfig{}
-	c.client = &http.Client{
-		Timeout: DefaultClientTimeout,
+
+	if rt == nil {
+		rt = http.DefaultTransport
 	}
+
+	c.rt = rt
+
 	return nil
 }
 
 // Roundtrip performs the request
 func (c *NoAuthFlow) RoundTrip(req *http.Request) (*http.Response, error) {
-	if c.client == nil {
+	if c.rt == nil {
 		return nil, fmt.Errorf("please run Init()")
 	}
-	return c.client.Do(req)
+
+	return c.rt.RoundTrip(req)
 }

core/clients/no_auth_flow_test.go

@@ -25,7 +25,7 @@ func TestNoAuthFlow_Init(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			c := &NoAuthFlow{}
-			if err := c.Init(tt.args.cfg); (err != nil) != tt.wantErr {
+			if err := c.Init(tt.args.cfg, http.DefaultTransport); (err != nil) != tt.wantErr {
 				t.Errorf("NoAuthFlow.Init() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -34,7 +34,7 @@ func TestNoAuthFlow_Init(t *testing.T) {
 
 func TestNoAuthFlow_Do(t *testing.T) {
 	type fields struct {
-		client *http.Client
+		rt http.RoundTripper
 	}
 	type args struct{}
 	tests := []struct {
@@ -45,16 +45,18 @@ func TestNoAuthFlow_Do(t *testing.T) {
 		wantErr bool
 	}{
 		{
-			name:    "fail",
-			fields:  fields{nil},
+			name: "fail",
+			fields: fields{
+				nil,
+			},
 			args:    args{},
 			want:    0,
 			wantErr: true,
 		},
 		{
 			name: "success",
 			fields: fields{
-				&http.Client{},
+				http.DefaultTransport,
 			},
 			args:    args{},
 			want:    http.StatusOK,
@@ -64,7 +66,7 @@ func TestNoAuthFlow_Do(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			c := &NoAuthFlow{
-				client: tt.fields.client,
+				rt: tt.fields.rt,
 			}
 			handler := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 				w.Header().Set("Content-Type", "application/json")