Use default http.Transport for AWS S3 session

Previously we used a custom Transport in order to modify the user agent header. This prevented the AWS SDK from being able to customize SSL and other client TLS parameters since it could not understand the Transport type. Instead we can simply use the SDK function MakeAddToUserAgentFreeFormHandler to customize the UserAgent if necessary and leave all the TLS configuration to the AWS SDK. The only exception being SkipVerify which we have to handle, but we can set it onto the standard http.Transport which does not interfere with the SDKs ability to set other options. Signed-off-by: Kirat Singh <kirat.singh@gmail.com>
distribution · Feb 15, 2023 · 3117e2e · 3117e2e
1 parent cf87e8d
commit 3117e2e
Showing 1 changed file with 11 additions and 16 deletions.
diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go
@@ -36,7 +36,6 @@ import (
 	"github.com/aws/aws-sdk-go/service/s3"
 
 	dcontext "github.com/distribution/distribution/v3/context"
-	"github.com/distribution/distribution/v3/registry/client/transport"
 	storagedriver "github.com/distribution/distribution/v3/registry/storage/driver"
 	"github.com/distribution/distribution/v3/registry/storage/driver/base"
 	"github.com/distribution/distribution/v3/registry/storage/driver/factory"
@@ -526,28 +525,24 @@ func New(params DriverParameters) (*Driver, error) {
 		awsConfig.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled
 	}
 
-	if params.UserAgent != "" || params.SkipVerify {
-		httpTransport := http.DefaultTransport
-		if params.SkipVerify {
-			httpTransport = &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-			}
-		}
-		if params.UserAgent != "" {
-			awsConfig.WithHTTPClient(&http.Client{
-				Transport: transport.NewTransport(httpTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})),
-			})
-		} else {
-			awsConfig.WithHTTPClient(&http.Client{
-				Transport: transport.NewTransport(httpTransport),
-			})
+	if params.SkipVerify {
+		httpTransport := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		}
+		awsConfig.WithHTTPClient(&http.Client{
+			Transport: httpTransport,
+		})
 	}
 
 	sess, err := session.NewSession(awsConfig)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create new session with aws config: %v", err)
 	}
+
+	if params.UserAgent != "" {
+		sess.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler(params.UserAgent))
+	}
+
 	s3obj := s3.New(sess)
 
 	// enable S3 compatible signature v2 signing instead