Skip to content

Commit

Permalink
fix(forwarder): support disabling TLS verification for testing
Browse files Browse the repository at this point in the history 
Allow skipping TLS verification when configuring forwarder. This option
is never needed in a Lambda context, so we never surface it through
envirionment variables.
  • Loading branch information
@jta
jta committed Jun 10, 2024
1 parent 8fad5f7 commit 0029730
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 8 deletions.
8 changes: 6 additions & 2 deletions pkg/lambda/forwarder/lambda.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ type Config struct {
OTELServiceName string `env:"OTEL_SERVICE_NAME,default=forwarder"`
OTELTracesExporter string `env:"OTEL_TRACES_EXPORTER,default=none"`
OTELExporterOTLPEndpoint string `env:"OTEL_EXPORTER_OTLP_ENDPOINT"`

// The following variables are not configurable via environment
HTTPInsecureSkipVerify bool
}

type Lambda struct {
Expand Down Expand Up @@ -108,8 +111,9 @@ func New(ctx context.Context, cfg *Config) (*Lambda, error) {
DestinationURI: cfg.DestinationURI,
GetObjectAPIClient: awsS3Client,
HTTPClient: tracing.NewHTTPClient(&tracing.HTTPClientConfig{
TracerProvider: tracerProvider,
Logger: &logger,
TracerProvider: tracerProvider,
Logger: &logger,
InsecureSkipVerify: cfg.HTTPInsecureSkipVerify,
}),
})
if err != nil {
Expand Down
18 changes: 12 additions & 6 deletions pkg/tracing/http.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package tracing

import (
"crypto/tls"
"fmt"
"net/http"
"os"
Expand Down Expand Up @@ -36,10 +37,11 @@ func (l *leveledLogger) Debug(msg string, keysAndValues ...interface{}) {
}

type HTTPClientConfig struct {
RetryWaitMin *time.Duration // Minimum time to wait on retry
RetryWaitMax *time.Duration // Maximumum time to wait on retry
RetryMax *int // Maximum number of retries
HTTPClient *http.Client
RetryWaitMin *time.Duration // Minimum time to wait on retry
RetryWaitMax *time.Duration // Maximumum time to wait on retry
RetryMax *int // Maximum number of retries
InsecureSkipVerify bool // disable TLS verification

Logger *logr.Logger
TracerProvider trace.TracerProvider
}
Expand All @@ -51,8 +53,12 @@ func NewHTTPClient(cfg *HTTPClientConfig) *http.Client {

client := retryablehttp.NewClient()

if cfg.HTTPClient != nil {
client.HTTPClient = cfg.HTTPClient
if cfg.InsecureSkipVerify {
if t, ok := client.HTTPClient.Transport.(*http.Transport); ok {
t.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
}

if cfg.RetryWaitMin != nil {
Expand Down

0 comments on commit 0029730

Please sign in to comment.