From 4b364940aa19bc3f6db9fa733b8bd8ebeb9cc034 Mon Sep 17 00:00:00 2001 From: Michael Eischer Date: Sun, 7 Jul 2024 11:32:40 +0200 Subject: [PATCH] s3: use http client with configured timeouts for s3 IAM communication The default client has no timeouts configured opening network connections. Thus, if 169.254.169.254 is inaccessible, then the client would wait for until the operating system gives up, which will take several minutes. --- internal/backend/s3/s3.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/backend/s3/s3.go b/internal/backend/s3/s3.go index 1b7f6e3d2..6fe9e384b 100644 --- a/internal/backend/s3/s3.go +++ b/internal/backend/s3/s3.go @@ -52,7 +52,7 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro minio.MaxRetry = int(cfg.MaxRetries) } - creds, err := getCredentials(cfg) + creds, err := getCredentials(cfg, rt) if err != nil { return nil, errors.Wrap(err, "s3.getCredentials") } @@ -97,7 +97,7 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro // getCredentials -- runs through the various credential types and returns the first one that works. // additionally if the user has specified a role to assume, it will do that as well. -func getCredentials(cfg Config) (*credentials.Credentials, error) { +func getCredentials(cfg Config, tr http.RoundTripper) (*credentials.Credentials, error) { // Chains all credential types, in the following order: // - Static credentials provided by user // - AWS env vars (i.e. AWS_ACCESS_KEY_ID) @@ -120,7 +120,7 @@ func getCredentials(cfg Config) (*credentials.Credentials, error) { &credentials.FileMinioClient{}, &credentials.IAM{ Client: &http.Client{ - Transport: http.DefaultTransport, + Transport: tr, }, }, })