artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 18:31:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
main
sourcegraph/internal/httpcli/external.go

124 lines
3.6 KiB
Go
Raw Permalink Normal View History

revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
package httpcli
import (
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
"context"
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
"crypto/tls"
all: support certificates in tls.external (#8092) Extended the experimental tls.external site setting to include a list of certificates. When set repo-updater will add the certificates to the HTTP client's RootCAs. This features works on top of any certificates added to an individual external service configuration. Additionally these certificates are also set for remote git commands. This was tested by running a local HTTPS proxy to GitHub.com. I ensured both API requests and git requests only worked when the relevant tls.external setting was configured.
2020-01-29 14:37:03 +00:00
"crypto/x509"
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
"net/http"
"reflect"
"sync"
Revert "Revert "Log external requests (#44286)" (#44890)" aka reapply Log External Requests (#44893) Revert "Revert "Log external requests (#44286)" (#44890)" This reverts commit 8dc8fb0ad1cfd655a014351bd29b6b82e3fb7a7a. Co-authored-by: David Veszelovszki <veszelovszki@gmail.com>
2022-11-29 14:15:55 +00:00
"sync/atomic"
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
"go.opentelemetry.io/otel/attribute"
"github.com/sourcegraph/sourcegraph/internal/trace"
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
"github.com/sourcegraph/sourcegraph/schema"
)
type externalTransport struct {
httpcli: Expand usage across the codebase (#23575) * httpcli: Expand usage across the codebase This commit accomplishes three things: 1. Use the httpcli package for internal HTTP clients. 2. Use the httpcli for some remaining external use cases that weren't using it. 3. With retries in place, remove the `WaitForX` anti-pattern. Why is `WaitForX` an anti-pattern? Because in production availability isn't constant, and we should instead structure the code to retry when needed, which this commit achieves. I noticed that when repo-updater and gitservers were deployed at the same time, repo-updater would go into a crash loop since it couldn't wait for all gitservers to be up. * Update internal/repoupdater/client.go * fixup! Thread safe PRNG * fixup! Fix deadlock and logspam * fixup! Coury's review feedback * fixup! goimports -w * fixup! Remove internal timeout Timeouts should be application controlled. * fixup! ExpJitterDelay overflow handling
2021-08-05 10:46:16 +00:00
base *http.Transport
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
mu sync.RWMutex
config *schema.TlsExternal
effective *http.Transport
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
var tlsExternalConfigStore struct {
httpcli: Expand usage across the codebase (#23575) * httpcli: Expand usage across the codebase This commit accomplishes three things: 1. Use the httpcli package for internal HTTP clients. 2. Use the httpcli for some remaining external use cases that weren't using it. 3. With retries in place, remove the `WaitForX` anti-pattern. Why is `WaitForX` an anti-pattern? Because in production availability isn't constant, and we should instead structure the code to retry when needed, which this commit achieves. I noticed that when repo-updater and gitservers were deployed at the same time, repo-updater would go into a crash loop since it couldn't wait for all gitservers to be up. * Update internal/repoupdater/client.go * fixup! Thread safe PRNG * fixup! Fix deadlock and logspam * fixup! Coury's review feedback * fixup! goimports -w * fixup! Remove internal timeout Timeouts should be application controlled. * fixup! ExpJitterDelay overflow handling
2021-08-05 10:46:16 +00:00
sync.RWMutex
*schema.TlsExternal
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
var outboundRequestLogLimitStore atomic.Int32
var redactOutboundRequestHeadersStore atomic.Bool
Revert "Revert "Log external requests (#44286)" (#44890)" aka reapply Log External Requests (#44893) Revert "Revert "Log external requests (#44286)" (#44890)" This reverts commit 8dc8fb0ad1cfd655a014351bd29b6b82e3fb7a7a. Co-authored-by: David Veszelovszki <veszelovszki@gmail.com>
2022-11-29 14:15:55 +00:00
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
// setTLSExternalConfig is called by the conf package whenever TLSExternalConfig changes.
httpcli: Expand usage across the codebase (#23575) * httpcli: Expand usage across the codebase This commit accomplishes three things: 1. Use the httpcli package for internal HTTP clients. 2. Use the httpcli for some remaining external use cases that weren't using it. 3. With retries in place, remove the `WaitForX` anti-pattern. Why is `WaitForX` an anti-pattern? Because in production availability isn't constant, and we should instead structure the code to retry when needed, which this commit achieves. I noticed that when repo-updater and gitservers were deployed at the same time, repo-updater would go into a crash loop since it couldn't wait for all gitservers to be up. * Update internal/repoupdater/client.go * fixup! Thread safe PRNG * fixup! Fix deadlock and logspam * fixup! Coury's review feedback * fixup! goimports -w * fixup! Remove internal timeout Timeouts should be application controlled. * fixup! ExpJitterDelay overflow handling
2021-08-05 10:46:16 +00:00
// This is needed to avoid circular imports.
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
func setTLSExternalConfig(c *schema.TlsExternal) {
tlsExternalConfigStore.Lock()
tlsExternalConfigStore.TlsExternal = c
tlsExternalConfigStore.Unlock()
httpcli: Expand usage across the codebase (#23575) * httpcli: Expand usage across the codebase This commit accomplishes three things: 1. Use the httpcli package for internal HTTP clients. 2. Use the httpcli for some remaining external use cases that weren't using it. 3. With retries in place, remove the `WaitForX` anti-pattern. Why is `WaitForX` an anti-pattern? Because in production availability isn't constant, and we should instead structure the code to retry when needed, which this commit achieves. I noticed that when repo-updater and gitservers were deployed at the same time, repo-updater would go into a crash loop since it couldn't wait for all gitservers to be up. * Update internal/repoupdater/client.go * fixup! Thread safe PRNG * fixup! Fix deadlock and logspam * fixup! Coury's review feedback * fixup! goimports -w * fixup! Remove internal timeout Timeouts should be application controlled. * fixup! ExpJitterDelay overflow handling
2021-08-05 10:46:16 +00:00
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
// tlsExternalConfig returns the current value of the global TLS external config.
func tlsExternalConfig() *schema.TlsExternal {
tlsExternalConfigStore.RLock()
defer tlsExternalConfigStore.RUnlock()
return tlsExternalConfigStore.TlsExternal
httpcli: Expand usage across the codebase (#23575) * httpcli: Expand usage across the codebase This commit accomplishes three things: 1. Use the httpcli package for internal HTTP clients. 2. Use the httpcli for some remaining external use cases that weren't using it. 3. With retries in place, remove the `WaitForX` anti-pattern. Why is `WaitForX` an anti-pattern? Because in production availability isn't constant, and we should instead structure the code to retry when needed, which this commit achieves. I noticed that when repo-updater and gitservers were deployed at the same time, repo-updater would go into a crash loop since it couldn't wait for all gitservers to be up. * Update internal/repoupdater/client.go * fixup! Thread safe PRNG * fixup! Fix deadlock and logspam * fixup! Coury's review feedback * fixup! goimports -w * fixup! Remove internal timeout Timeouts should be application controlled. * fixup! ExpJitterDelay overflow handling
2021-08-05 10:46:16 +00:00
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
// setOutboundRequestLogLimit is called by the conf package whenever OutboundRequestLogLimit changes.
Revert "Revert "Log external requests (#44286)" (#44890)" aka reapply Log External Requests (#44893) Revert "Revert "Log external requests (#44286)" (#44890)" This reverts commit 8dc8fb0ad1cfd655a014351bd29b6b82e3fb7a7a. Co-authored-by: David Veszelovszki <veszelovszki@gmail.com>
2022-11-29 14:15:55 +00:00
// This is needed to avoid circular imports.
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
func setOutboundRequestLogLimit(i int32) {
outboundRequestLogLimitStore.Store(i)
Revert "Revert "Log external requests (#44286)" (#44890)" aka reapply Log External Requests (#44893) Revert "Revert "Log external requests (#44286)" (#44890)" This reverts commit 8dc8fb0ad1cfd655a014351bd29b6b82e3fb7a7a. Co-authored-by: David Veszelovszki <veszelovszki@gmail.com>
2022-11-29 14:15:55 +00:00
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
// outboundRequestLogLimit returns the current value of the global OutboundRequestLogLimit value.
func outboundRequestLogLimit() int32 {
return outboundRequestLogLimitStore.Load()
Revert "Revert "Log external requests (#44286)" (#44890)" aka reapply Log External Requests (#44893) Revert "Revert "Log external requests (#44286)" (#44890)" This reverts commit 8dc8fb0ad1cfd655a014351bd29b6b82e3fb7a7a. Co-authored-by: David Veszelovszki <veszelovszki@gmail.com>
2022-11-29 14:15:55 +00:00
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
// setRedactOutboundRequestHeaders is called by the conf package whenever the RedactOutboundRequestHeaders setting changes.
Add redactOutboundRequestHeaders setting (#45156)
2022-12-06 10:54:10 +00:00
// This is needed to avoid circular imports.
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
func setRedactOutboundRequestHeaders(b bool) {
redactOutboundRequestHeadersStore.Store(b)
Add redactOutboundRequestHeaders setting (#45156)
2022-12-06 10:54:10 +00:00
}
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
// redactOutboundRequestHeaders returns the current value of the global redactOutboundRequestHeaders setting.
func redactOutboundRequestHeaders() bool {
return redactOutboundRequestHeadersStore.Load()
Add redactOutboundRequestHeaders setting (#45156)
2022-12-06 10:54:10 +00:00
}
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
func (t *externalTransport) RoundTrip(r *http.Request) (*http.Response, error) {
t.mu.RLock()
config, effective := t.config, t.effective
t.mu.RUnlock()
httpcli: Move init function from conf package into httpcli (#62318) There was a weird dependency between internal/conf and internal/httpcli because of a cyclic import. This is resolved by using conftypes instead, so we can properly split those concerns. Test plan: Existing tests don't break.
2024-05-02 16:30:44 +00:00
if current := tlsExternalConfig(); current == nil {
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
return t.base.RoundTrip(r)
httpcli: only call effective.RoundTrip once (#7775)
2020-01-17 08:54:41 +00:00
} else if !reflect.DeepEqual(config, current) {
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
effective = t.update(r.Context(), current)
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
}
return effective.RoundTrip(r)
}
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
func (t *externalTransport) update(ctx context.Context, config *schema.TlsExternal) *http.Transport {
// No function calls here use the context further
Tracing: replace `family` and `title` with `name` (#54563) This removes the "title" argument to `trace.New()`. This was previously only displayed as an attribute on the span, which is confusing since people would often use a span name for this argument since it is called "title." OpenTelemetry does not have the concept of a family and title (these are from `x/net/trace`, which is no longer used), so this is another step towards reconciling our tracing package with OpenTelemetry. Basically, I went through all uses of `trace.New()` and either named the span `family.title`, removed the title in the case it was an empty string, or converted the title to a set of more structured attributes. Now, `trace.New()` only takes a context, a span name, and an optional set of attributes.
2023-07-05 23:14:18 +00:00
tr, _ := trace.New(ctx, "externalTransport.update")
Tracing: final cleanups (#54694) This will be my last PR related to the backend tracing work I've been doing. This is a set of small cleanups to the `trace` package that I've collecting as I have worked on tracing and used tracing. Following this PR, the `trace` package is just a very lightweight wrapper around the standard OpenTelemetry APIs. I think it's best to keep the package around rather than using opentelemetry directly because it easy to add convenience methods (which I would be sad to lose). Each commit is self-contained and has a descriptive message. If anyone wants to pick up where I'm leaving off, here are a few things left undone: - Convert Zoekt to use OpenTelemetry rather than OpenTracing - Add OpenTelemetry support to other services like syntect-server - Merge the `internal/trace` and `internal/tracer` packages - Consider adding a type that conforms to the OpenTelemetry `Span` interface but also writes to `x/net/trace` that can be enabled when tracing is not available. - Remove unrelated code from the `trace` and `tracer` package (see [here](https://sourcegraph.com/github.com/sourcegraph/sourcegraph@a6759b95dbd8e5e3a604f7fd452b0b85f37091d9/-/blob/internal/tracer/tracer.go?L75-83) and [here](https://sourcegraph.com/github.com/sourcegraph/sourcegraph@769fbbf5008e8decc63967dbff53f26333620265/-/blob/internal/trace/buckets.go?L3-7)) - Noodle on a `Traceable` interface (one that impls `Attr()` or `Attrs()`) so types can be easily added with `SetAttributes()` - Experiment with sampling - Experiment with replacing `policy.ShouldTrace` with native opentelemetry tools ## Test plan Tested manually that tracing still looks good locally. Will test on other instances when it rolls out. <!-- All pull requests REQUIRE a test plan: https://docs.sourcegraph.com/dev/background-information/testing_principles -->
2023-07-13 08:16:11 +00:00
defer tr.End()
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
t.mu.Lock()
defer t.mu.Unlock()
effective := t.base.Clone()
if effective.TLSClientConfig == nil {
effective.TLSClientConfig = new(tls.Config)
}
effective.TLSClientConfig.InsecureSkipVerify = config.InsecureSkipVerify
all: support certificates in tls.external (#8092) Extended the experimental tls.external site setting to include a list of certificates. When set repo-updater will add the certificates to the HTTP client's RootCAs. This features works on top of any certificates added to an individual external service configuration. Additionally these certificates are also set for remote git commands. This was tested by running a local HTTPS proxy to GitHub.com. I ensured both API requests and git requests only worked when the relevant tls.external setting was configured.
2020-01-29 14:37:03 +00:00
for _, cert := range config.Certificates {
// There is no exposed Clone function for CertPools. So if a certificate
// is removed it will continue to be accepted since we are mutating base's
// RootCAs. This is an acceptable tradeoff since it would be quite tricky
// to avoid this.
if effective.TLSClientConfig.RootCAs == nil {
pool, err := x509.SystemCertPool() // safe to mutate, a clone is returned
if err != nil {
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
tr.AddEvent("failed to load SystemCertPool",
Tracing: clean up uses of opentracing in search code (#51856) This removes nearly all the dependencies on opentracing from the search codebase. The search codebase used the opentracing log types heavily for logging, tracing, and pretty printing our search jobs. And because our search jobs all conform to a common interface, it would be difficult to approach this incrementally. So I just ripped the band-aid off and converted everything to use the opentelemetry types. Now the only dependent of the opentracing log types is the observation package.
2023-05-12 10:04:15 +00:00
trace.Error(err),
internal/httpcli: remove log15, add NewLoggingMiddleware to enable logs (#40963) Removes log15 usages from `internal/httpcli`, and removes an improper pre-package-initialization usage of `log.Scoped`. This means that we cannot provided a package-level, out-of-the-box-logged `httpcli.Doer` implementation - instead, we make logging opt-in with `NewLoggingMiddleware`, and replace existing logging with either: 1. Set desired metadata into context for logging middleware to pick up 2. Log in trace instead To enable easier inclusion of logging, the default client factory constructors have been updated to accept a set of `Middleware`, which can include the new logging middleware. We also add the new logging middleware to a variety of callsites that used to use `ExternalClientFactory` or `NewExternalClientFactory`.
2022-08-30 17:13:45 +00:00
attribute.String("warning", "communication with external HTTPS APIs may fail"))
all: support certificates in tls.external (#8092) Extended the experimental tls.external site setting to include a list of certificates. When set repo-updater will add the certificates to the HTTP client's RootCAs. This features works on top of any certificates added to an individual external service configuration. Additionally these certificates are also set for remote git commands. This was tested by running a local HTTPS proxy to GitHub.com. I ensured both API requests and git requests only worked when the relevant tls.external setting was configured.
2020-01-29 14:37:03 +00:00
pool = x509.NewCertPool()
}
effective.TLSClientConfig.RootCAs = pool
}
// TODO(keegancsmith) ensure we validate these certs somewhere
effective.TLSClientConfig.RootCAs.AppendCertsFromPEM([]byte(cert))
}
revert^2: experimental tls.external site setting (#7765) Reverting the revert https://github.com/sourcegraph/sourcegraph/pull/7741 AWS Code Commit broke with two commits: https://github.com/sourcegraph/sourcegraph/pull/7651 and https://github.com/sourcegraph/sourcegraph/pull/7648 The first broke it because previously NewCertOpt would not be run for it, now it always would be. The second broke it further because that PR can't wrap non-http.Transport RoundTrippers. This PR introduces a marker interface to let us skip that. The effect is AWS Code Commit won't respect the new tls.external site setting. This is fine for now, since the setting is experimental.
2020-01-15 17:53:33 +00:00
t.config = config
t.effective = effective
return effective
}
Reference in New Issue Copy Permalink