From 3117e2eb2f5598acd556d104fd8733453bd4b433 Mon Sep 17 00:00:00 2001 From: Kirat Singh Date: Tue, 14 Feb 2023 10:20:54 -0500 Subject: [PATCH] Use default http.Transport for AWS S3 session Previously we used a custom Transport in order to modify the user agent header. This prevented the AWS SDK from being able to customize SSL and other client TLS parameters since it could not understand the Transport type. Instead we can simply use the SDK function MakeAddToUserAgentFreeFormHandler to customize the UserAgent if necessary and leave all the TLS configuration to the AWS SDK. The only exception being SkipVerify which we have to handle, but we can set it onto the standard http.Transport which does not interfere with the SDKs ability to set other options. Signed-off-by: Kirat Singh --- registry/storage/driver/s3-aws/s3.go | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go index 8b6e213e..01985230 100644 --- a/registry/storage/driver/s3-aws/s3.go +++ b/registry/storage/driver/s3-aws/s3.go @@ -36,7 +36,6 @@ import ( "github.com/aws/aws-sdk-go/service/s3" dcontext "github.com/distribution/distribution/v3/context" - "github.com/distribution/distribution/v3/registry/client/transport" storagedriver "github.com/distribution/distribution/v3/registry/storage/driver" "github.com/distribution/distribution/v3/registry/storage/driver/base" "github.com/distribution/distribution/v3/registry/storage/driver/factory" @@ -526,28 +525,24 @@ func New(params DriverParameters) (*Driver, error) { awsConfig.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled } - if params.UserAgent != "" || params.SkipVerify { - httpTransport := http.DefaultTransport - if params.SkipVerify { - httpTransport = &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - } - } - if params.UserAgent != "" { - awsConfig.WithHTTPClient(&http.Client{ - Transport: transport.NewTransport(httpTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})), - }) - } else { - awsConfig.WithHTTPClient(&http.Client{ - Transport: transport.NewTransport(httpTransport), - }) + if params.SkipVerify { + httpTransport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } + awsConfig.WithHTTPClient(&http.Client{ + Transport: httpTransport, + }) } sess, err := session.NewSession(awsConfig) if err != nil { return nil, fmt.Errorf("failed to create new session with aws config: %v", err) } + + if params.UserAgent != "" { + sess.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler(params.UserAgent)) + } + s3obj := s3.New(sess) // enable S3 compatible signature v2 signing instead