Dont modify provided transport

Signed-off-by: Matthias Fehr <matthias@monostream.com> (cherry picked from commit cab1fc8)
helm · Apr 8, 2022 · f4276f4 · f4276f4
1 parent b216f76
commit f4276f4
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 17 deletions.
diff --git a/pkg/getter/httpgetter.go b/pkg/getter/httpgetter.go
@@ -109,21 +109,20 @@ func NewHTTPGetter(options ...Option) (Getter, error) {
 }
 
 func (g *HTTPGetter) httpClient() (*http.Client, error) {
-	var transport *http.Transport
-
 	if g.opts.transport != nil {
-		transport = g.opts.transport
-	} else {
-		g.once.Do(func() {
-			g.transport = &http.Transport{
-				DisableCompression: true,
-				Proxy:              http.ProxyFromEnvironment,
-			}
-		})
-
-		transport = g.transport
+		return &http.Client{
+			Transport: g.opts.transport,
+			Timeout:   g.opts.timeout,
+		}, nil
 	}
 
+	g.once.Do(func() {
+		g.transport = &http.Transport{
+			DisableCompression: true,
+			Proxy:              http.ProxyFromEnvironment,
+		}
+	})
+
 	if (g.opts.certFile != "" && g.opts.keyFile != "") || g.opts.caFile != "" {
 		tlsConf, err := tlsutil.NewClientTLS(g.opts.certFile, g.opts.keyFile, g.opts.caFile)
 		if err != nil {
@@ -137,21 +136,21 @@ func (g *HTTPGetter) httpClient() (*http.Client, error) {
 		}
 		tlsConf.ServerName = sni
 
-		transport.TLSClientConfig = tlsConf
+		g.transport.TLSClientConfig = tlsConf
 	}
 
 	if g.opts.insecureSkipVerifyTLS {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{
+		if g.transport.TLSClientConfig == nil {
+			g.transport.TLSClientConfig = &tls.Config{
 				InsecureSkipVerify: true,
 			}
 		} else {
-			transport.TLSClientConfig.InsecureSkipVerify = true
+			g.transport.TLSClientConfig.InsecureSkipVerify = true
 		}
 	}
 
 	client := &http.Client{
-		Transport: transport,
+		Transport: g.transport,
 		Timeout:   g.opts.timeout,
 	}
 

diff --git a/pkg/getter/httpgetter_test.go b/pkg/getter/httpgetter_test.go
@@ -518,4 +518,15 @@ func TestHTTPTransportOption(t *testing.T) {
 	if transport1 != transport2 {
 		t.Fatalf("Expected applied transport to be reused")
 	}
+
+	g = HTTPGetter{}
+	g.opts.url = "https://localhost"
+	g.opts.certFile = "testdata/client.crt"
+	g.opts.keyFile = "testdata/client.key"
+	g.opts.insecureSkipVerifyTLS = true
+	g.opts.transport = transport
+	usedTransport := verifyInsecureSkipVerify(t, &g, "HTTPGetter with 2 way ssl", false)
+	if usedTransport.TLSClientConfig != nil {
+		t.Fatal("transport.TLSClientConfig should not be set")
+	}
 }