From a1f84d645a9b68ddd3c99d4bd193b340ded7be8d Mon Sep 17 00:00:00 2001 From: Andy Zhao Date: Tue, 28 Feb 2023 12:14:12 -0800 Subject: [PATCH] google: Remove TLSConfig injection logic in favor of HTTPClient injection via context --- google/default.go | 4 ---- google/google.go | 30 ------------------------------ 2 files changed, 34 deletions(-) diff --git a/google/default.go b/google/default.go index bc6611d..da1ebbf 100644 --- a/google/default.go +++ b/google/default.go @@ -6,7 +6,6 @@ package google import ( "context" - "crypto/tls" "encoding/json" "fmt" "io/ioutil" @@ -66,9 +65,6 @@ type CredentialsParams struct { // The OAuth2 TokenURL to use, which depends on whether mTLS is enabled. Optional. TokenURL string - - // The TLSConfig used for constructing an mTLS-enabled HTTP client. Optional. - TLSConfig *tls.Config } func (params CredentialsParams) deepCopy() CredentialsParams { diff --git a/google/google.go b/google/google.go index 1537a32..a1b629a 100644 --- a/google/google.go +++ b/google/google.go @@ -6,12 +6,9 @@ package google import ( "context" - "crypto/tls" "encoding/json" "errors" "fmt" - "net" - "net/http" "net/url" "strings" "time" @@ -19,7 +16,6 @@ import ( "cloud.google.com/go/compute/metadata" "golang.org/x/oauth2" "golang.org/x/oauth2/google/internal/externalaccount" - "golang.org/x/oauth2/internal" "golang.org/x/oauth2/jwt" ) @@ -185,9 +181,6 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar cfg.Endpoint.TokenURL = Endpoint.TokenURL } } - if params.TLSConfig != nil { - ctx = context.WithValue(ctx, internal.HTTPClient, customHTTPClient(params.TLSConfig)) - } tok := &oauth2.Token{RefreshToken: f.RefreshToken} return cfg.TokenSource(ctx, tok), nil case externalAccountKey: @@ -289,26 +282,3 @@ func (cs computeSource) Token() (*oauth2.Token, error) { "oauth2.google.serviceAccount": acct, }), nil } - -// customHTTPClient constructs an HTTPClient using the provided tlsConfig, to support mTLS. -func customHTTPClient(tlsConfig *tls.Config) *http.Client { - trans := baseTransport() - trans.TLSClientConfig = tlsConfig - return &http.Client{Transport: trans} -} - -func baseTransport() *http.Transport { - return &http.Transport{ - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - MaxIdleConnsPerHost: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - } -}