UPSTREAM distribution/distribution: 4190 fix: use http.DefaultTransport in S3 client

Signed-off-by: Michal Pryc <[email protected]>

Author: milosgajdos

registry/storage/driver/s3-aws/s3.go

@@ -557,9 +557,8 @@ func New(params DriverParameters) (*Driver, error) {
 	awsConfig.WithUseDualStack(params.UseDualStack)
 
 	if params.SkipVerify {
-		httpTransport := &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-		}
+		httpTransport := http.DefaultTransport.(*http.Transport).Clone()
+		httpTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 		awsConfig.WithHTTPClient(&http.Client{
 			Transport: httpTransport,
 		})

registry/storage/driver/s3-aws/s3_test.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"math/rand"
+	"net/http"
 	"os"
 	"path"
 	"reflect"
@@ -254,6 +255,59 @@ func TestWalkEmptySubDirectory(t *testing.T) {
 	}
 }
 
+func TestClientTransport(t *testing.T) {
+	if skipS3() != "" {
+		t.Skip(skipS3())
+	}
+
+	testCases := []struct {
+		skipverify bool
+	}{
+		{true},
+		{false},
+	}
+
+	for _, tc := range testCases {
+		// NOTE(milosgajdos): we cannot simply reuse s3DriverConstructor
+		// because s3DriverConstructor is initialized in init() using the process
+		// env vars: we can not override S3_SKIP_VERIFY env var with t.Setenv
+		params := map[string]interface{}{
+			"region":     os.Getenv("AWS_REGION"),
+			"bucket":     os.Getenv("S3_BUCKET"),
+			"skipverify": tc.skipverify,
+		}
+		t.Run(fmt.Sprintf("SkipVerify %v", tc.skipverify), func(t *testing.T) {
+			drv, err := FromParameters(context.TODO(), params)
+			if err != nil {
+				t.Fatalf("failed to create driver: %v", err)
+			}
+
+			s3drv := drv.baseEmbed.Base.StorageDriver.(*driver)
+			if tc.skipverify {
+				tr, ok := s3drv.S3.Client.Config.HTTPClient.Transport.(*http.Transport)
+				if !ok {
+					t.Fatal("unexpected driver transport")
+				}
+				if !tr.TLSClientConfig.InsecureSkipVerify {
+					t.Errorf("unexpected TLS Config. Expected InsecureSkipVerify: %v, got %v",
+						tc.skipverify,
+						tr.TLSClientConfig.InsecureSkipVerify)
+				}
+				// make sure the proxy is always set
+				if tr.Proxy == nil {
+					t.Fatal("missing HTTP transport proxy config")
+				}
+				return
+			}
+			// if tc.skipverify is false we do not override the driver
+			// HTTP clien transport and leave it to the AWS SDK.
+			if s3drv.S3.Client.Config.HTTPClient.Transport != nil {
+				t.Errorf("unexpected S3 driver client transport")
+			}
+		})
+	}
+}
+
 func TestStorageClass(t *testing.T) {
 	if skipS3() != "" {
 		t.Skip(skipS3())