Pass the context to the Venafi clients

Add the client-go debug round tripper to the venafi clients Signed-off-by: Richard Wall <richard.wall@venafi.com>
jetstack · Nov 27, 2024 · f46d396 · f46d396
1 parent 24e02f3
commit f46d396
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 54 deletions.
diff --git a/pkg/agent/run.go b/pkg/agent/run.go
@@ -148,7 +148,6 @@ func Run(cmd *cobra.Command, args []string) (returnErr error) {
 			if err != nil {
 				return fmt.Errorf("failed to start a controller-runtime component: %v", err)
 			}
-
 			// The agent must stop if the controller-runtime component stops.
 			cancel()
 			return nil
@@ -231,8 +230,6 @@ func Run(cmd *cobra.Command, args []string) (returnErr error) {
 	// If any of the go routines exit (with nil or error) the main context will
 	// be cancelled, which will cause this blocking loop to exit
 	// instead of waiting for the time period.
-	// TODO(wallrj): Pass a context to gatherAndOutputData, so that we don't
-	// have to wait for it to finish before exiting the process.
 	for {
 		if err := gatherAndOutputData(klog.NewContext(ctx, log), eventf, config, preflightClient, dataGatherers); err != nil {
 			return err
@@ -397,9 +394,7 @@ func postData(ctx context.Context, config CombinedConfig, preflightClient client
 
 	if config.AuthMode == VenafiCloudKeypair || config.AuthMode == VenafiCloudVenafiConnection {
 		// orgID and clusterID are not required for Venafi Cloud auth
-		// TODO(wallrj): Pass the context to PostDataReadingsWithOptions, so
-		// that its network operations can be cancelled.
-		err := preflightClient.PostDataReadingsWithOptions(readings, client.Options{
+		err := preflightClient.PostDataReadingsWithOptions(ctx, readings, client.Options{
 			ClusterName:        config.ClusterID,
 			ClusterDescription: config.ClusterDescription,
 		})
@@ -427,10 +422,7 @@ func postData(ctx context.Context, config CombinedConfig, preflightClient client
 		if path == "" {
 			path = "/api/v1/datareadings"
 		}
-		// TODO(wallrj): Pass the context to Post, so that its network
-		// operations can be cancelled.
-		res, err := preflightClient.Post(path, bytes.NewBuffer(data))
-
+		res, err := preflightClient.Post(ctx, path, bytes.NewBuffer(data))
 		if err != nil {
 			return fmt.Errorf("failed to post data: %+v", err)
 		}
@@ -453,9 +445,7 @@ func postData(ctx context.Context, config CombinedConfig, preflightClient client
 		return fmt.Errorf("post to server failed: missing clusterID from agent configuration")
 	}
 
-	// TODO(wallrj): Pass the context to PostDataReadings, so
-	// that its network operations can be cancelled.
-	err := preflightClient.PostDataReadings(config.OrganizationID, config.ClusterID, readings)
+	err := preflightClient.PostDataReadings(ctx, config.OrganizationID, config.ClusterID, readings)
 	if err != nil {
 		return fmt.Errorf("post to server failed: %+v", err)
 	}

diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -1,6 +1,7 @@
 package client
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"net/http"
@@ -29,9 +30,9 @@ type (
 
 	// The Client interface describes types that perform requests against the Jetstack Secure backend.
 	Client interface {
-		PostDataReadings(orgID, clusterID string, readings []*api.DataReading) error
-		PostDataReadingsWithOptions(readings []*api.DataReading, options Options) error
-		Post(path string, body io.Reader) (*http.Response, error)
+		PostDataReadings(ctx context.Context, orgID, clusterID string, readings []*api.DataReading) error
+		PostDataReadingsWithOptions(ctx context.Context, readings []*api.DataReading, options Options) error
+		Post(ctx context.Context, path string, body io.Reader) (*http.Response, error)
 	}
 
 	// The Credentials interface describes methods for credential types to implement for verification.

diff --git a/pkg/client/client_api_token.go b/pkg/client/client_api_token.go
@@ -2,6 +2,7 @@ package client
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -10,6 +11,7 @@ import (
 	"time"
 
 	"github.com/jetstack/preflight/api"
+	"k8s.io/client-go/transport"
 )
 
 type (
@@ -34,19 +36,22 @@ func NewAPITokenClient(agentMetadata *api.AgentMetadata, apiToken, baseURL strin
 		apiToken:      apiToken,
 		agentMetadata: agentMetadata,
 		baseURL:       baseURL,
-		client:        &http.Client{Timeout: time.Minute},
+		client: &http.Client{
+			Timeout:   time.Minute,
+			Transport: transport.DebugWrappers(http.DefaultTransport),
+		},
 	}, nil
 }
 
 // PostDataReadingsWithOptions uploads the slice of api.DataReading to the Jetstack Secure backend to be processed for later
 // viewing in the user-interface.
-func (c *APITokenClient) PostDataReadingsWithOptions(readings []*api.DataReading, opts Options) error {
-	return c.PostDataReadings(opts.OrgID, opts.ClusterID, readings)
+func (c *APITokenClient) PostDataReadingsWithOptions(ctx context.Context, readings []*api.DataReading, opts Options) error {
+	return c.PostDataReadings(ctx, opts.OrgID, opts.ClusterID, readings)
 }
 
 // PostDataReadings uploads the slice of api.DataReading to the Jetstack Secure backend to be processed for later
 // viewing in the user-interface.
-func (c *APITokenClient) PostDataReadings(orgID, clusterID string, readings []*api.DataReading) error {
+func (c *APITokenClient) PostDataReadings(ctx context.Context, orgID, clusterID string, readings []*api.DataReading) error {
 	payload := api.DataReadingsPost{
 		AgentMetadata:  c.agentMetadata,
 		DataGatherTime: time.Now().UTC(),
@@ -57,7 +62,7 @@ func (c *APITokenClient) PostDataReadings(orgID, clusterID string, readings []*a
 		return err
 	}
 
-	res, err := c.Post(filepath.Join("/api/v1/org", orgID, "datareadings", clusterID), bytes.NewBuffer(data))
+	res, err := c.Post(ctx, filepath.Join("/api/v1/org", orgID, "datareadings", clusterID), bytes.NewBuffer(data))
 	if err != nil {
 		return err
 	}
@@ -77,8 +82,8 @@ func (c *APITokenClient) PostDataReadings(orgID, clusterID string, readings []*a
 }
 
 // Post performs an HTTP POST request.
-func (c *APITokenClient) Post(path string, body io.Reader) (*http.Response, error) {
-	req, err := http.NewRequest(http.MethodPost, fullURL(c.baseURL, path), body)
+func (c *APITokenClient) Post(ctx context.Context, path string, body io.Reader) (*http.Response, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, fullURL(c.baseURL, path), body)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/client/client_oauth.go b/pkg/client/client_oauth.go
@@ -2,6 +2,7 @@ package client
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -13,6 +14,7 @@ import (
 
 	"github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
+	"k8s.io/client-go/transport"
 
 	"github.com/jetstack/preflight/api"
 )
@@ -93,17 +95,20 @@ func NewOAuthClient(agentMetadata *api.AgentMetadata, credentials *OAuthCredenti
 		credentials:   credentials,
 		baseURL:       baseURL,
 		accessToken:   &accessToken{},
-		client:        &http.Client{Timeout: time.Minute},
+		client: &http.Client{
+			Timeout:   time.Minute,
+			Transport: transport.DebugWrappers(http.DefaultTransport),
+		},
 	}, nil
 }
 
-func (c *OAuthClient) PostDataReadingsWithOptions(readings []*api.DataReading, opts Options) error {
-	return c.PostDataReadings(opts.OrgID, opts.ClusterID, readings)
+func (c *OAuthClient) PostDataReadingsWithOptions(ctx context.Context, readings []*api.DataReading, opts Options) error {
+	return c.PostDataReadings(ctx, opts.OrgID, opts.ClusterID, readings)
 }
 
 // PostDataReadings uploads the slice of api.DataReading to the Jetstack Secure backend to be processed for later
 // viewing in the user-interface.
-func (c *OAuthClient) PostDataReadings(orgID, clusterID string, readings []*api.DataReading) error {
+func (c *OAuthClient) PostDataReadings(ctx context.Context, orgID, clusterID string, readings []*api.DataReading) error {
 	payload := api.DataReadingsPost{
 		AgentMetadata:  c.agentMetadata,
 		DataGatherTime: time.Now().UTC(),
@@ -114,7 +119,7 @@ func (c *OAuthClient) PostDataReadings(orgID, clusterID string, readings []*api.
 		return err
 	}
 
-	res, err := c.Post(filepath.Join("/api/v1/org", orgID, "datareadings", clusterID), bytes.NewBuffer(data))
+	res, err := c.Post(ctx, filepath.Join("/api/v1/org", orgID, "datareadings", clusterID), bytes.NewBuffer(data))
 	if err != nil {
 		return err
 	}
@@ -134,13 +139,13 @@ func (c *OAuthClient) PostDataReadings(orgID, clusterID string, readings []*api.
 }
 
 // Post performs an HTTP POST request.
-func (c *OAuthClient) Post(path string, body io.Reader) (*http.Response, error) {
-	token, err := c.getValidAccessToken()
+func (c *OAuthClient) Post(ctx context.Context, path string, body io.Reader) (*http.Response, error) {
+	token, err := c.getValidAccessToken(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	req, err := http.NewRequest(http.MethodPost, fullURL(c.baseURL, path), body)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, fullURL(c.baseURL, path), body)
 	if err != nil {
 		return nil, err
 	}
@@ -157,9 +162,9 @@ func (c *OAuthClient) Post(path string, body io.Reader) (*http.Response, error)
 // getValidAccessToken returns a valid access token. It will fetch a new access
 // token from the auth server in case the current access token does not exist
 // or it is expired.
-func (c *OAuthClient) getValidAccessToken() (*accessToken, error) {
+func (c *OAuthClient) getValidAccessToken(ctx context.Context) (*accessToken, error) {
 	if c.accessToken.needsRenew() {
-		err := c.renewAccessToken()
+		err := c.renewAccessToken(ctx)
 		if err != nil {
 			return nil, err
 		}
@@ -168,7 +173,7 @@ func (c *OAuthClient) getValidAccessToken() (*accessToken, error) {
 	return c.accessToken, nil
 }
 
-func (c *OAuthClient) renewAccessToken() error {
+func (c *OAuthClient) renewAccessToken(ctx context.Context) error {
 	tokenURL := fmt.Sprintf("https://%s/oauth/token", c.credentials.AuthServerDomain)
 	audience := "https://preflight.jetstack.io/api/v1"
 	payload := url.Values{}
@@ -178,7 +183,7 @@ func (c *OAuthClient) renewAccessToken() error {
 	payload.Set("audience", audience)
 	payload.Set("username", c.credentials.UserID)
 	payload.Set("password", c.credentials.UserSecret)
-	req, err := http.NewRequest("POST", tokenURL, strings.NewReader(payload.Encode()))
+	req, err := http.NewRequestWithContext(ctx, "POST", tokenURL, strings.NewReader(payload.Encode()))
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -188,7 +193,8 @@ func (c *OAuthClient) renewAccessToken() error {
 	if err != nil {
 		return errors.WithStack(err)
 	}
-
+	// TODO(wallrj): This will block. Read the body incrementally and check for
+	// context cancellation.
 	body, err := io.ReadAll(res.Body)
 	if err != nil {
 		return errors.WithStack(err)

diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go
@@ -2,6 +2,7 @@ package client
 
 import (
 	"bytes"
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
@@ -26,6 +27,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-multierror"
 	"github.com/microcosm-cc/bluemonday"
+	"k8s.io/client-go/transport"
 
 	"github.com/jetstack/preflight/api"
 )
@@ -111,7 +113,10 @@ func NewVenafiCloudClient(agentMetadata *api.AgentMetadata, credentials *VenafiS
 		credentials:   credentials,
 		baseURL:       baseURL,
 		accessToken:   &venafiCloudAccessToken{},
-		Client:        &http.Client{Timeout: time.Minute},
+		Client: &http.Client{
+			Timeout:   time.Minute,
+			Transport: transport.DebugWrappers(http.DefaultTransport),
+		},
 		uploaderID:    uploaderID,
 		uploadPath:    uploadPath,
 		privateKey:    privateKey,
@@ -168,7 +173,7 @@ func (c *VenafiSvcAccountCredentials) IsClientSet() (ok bool, why string) {
 
 // PostDataReadingsWithOptions uploads the slice of api.DataReading to the Venafi Cloud backend to be processed.
 // The Options are then passed as URL params in the request
-func (c *VenafiCloudClient) PostDataReadingsWithOptions(readings []*api.DataReading, opts Options) error {
+func (c *VenafiCloudClient) PostDataReadingsWithOptions(ctx context.Context, readings []*api.DataReading, opts Options) error {
 	payload := api.DataReadingsPost{
 		AgentMetadata:  c.agentMetadata,
 		DataGatherTime: time.Now().UTC(),
@@ -199,7 +204,7 @@ func (c *VenafiCloudClient) PostDataReadingsWithOptions(readings []*api.DataRead
 	}
 	venafiCloudUploadURL.RawQuery = query.Encode()
 
-	res, err := c.Post(venafiCloudUploadURL.String(), bytes.NewBuffer(data))
+	res, err := c.Post(ctx, venafiCloudUploadURL.String(), bytes.NewBuffer(data))
 	if err != nil {
 		return err
 	}
@@ -219,7 +224,7 @@ func (c *VenafiCloudClient) PostDataReadingsWithOptions(readings []*api.DataRead
 
 // PostDataReadings uploads the slice of api.DataReading to the Venafi Cloud backend to be processed for later
 // viewing in the user-interface.
-func (c *VenafiCloudClient) PostDataReadings(_ string, _ string, readings []*api.DataReading) error {
+func (c *VenafiCloudClient) PostDataReadings(ctx context.Context, _ string, _ string, readings []*api.DataReading) error {
 	// orgID and clusterID are ignored in Venafi Cloud auth
 
 	payload := api.DataReadingsPost{
@@ -235,7 +240,7 @@ func (c *VenafiCloudClient) PostDataReadings(_ string, _ string, readings []*api
 	if !strings.HasSuffix(c.uploadPath, "/") {
 		c.uploadPath = fmt.Sprintf("%s/", c.uploadPath)
 	}
-	res, err := c.Post(filepath.Join(c.uploadPath, c.uploaderID), bytes.NewBuffer(data))
+	res, err := c.Post(ctx, filepath.Join(c.uploadPath, c.uploaderID), bytes.NewBuffer(data))
 	if err != nil {
 		return err
 	}
@@ -254,8 +259,8 @@ func (c *VenafiCloudClient) PostDataReadings(_ string, _ string, readings []*api
 }
 
 // Post performs an HTTP POST request.
-func (c *VenafiCloudClient) Post(path string, body io.Reader) (*http.Response, error) {
-	token, err := c.getValidAccessToken()
+func (c *VenafiCloudClient) Post(ctx context.Context, path string, body io.Reader) (*http.Response, error) {
+	token, err := c.getValidAccessToken(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -278,9 +283,9 @@ func (c *VenafiCloudClient) Post(path string, body io.Reader) (*http.Response, e
 // getValidAccessToken returns a valid access token. It will fetch a new access
 // token from the auth server in case the current access token does not exist
 // or it is expired.
-func (c *VenafiCloudClient) getValidAccessToken() (*venafiCloudAccessToken, error) {
+func (c *VenafiCloudClient) getValidAccessToken(ctx context.Context) (*venafiCloudAccessToken, error) {
 	if c.accessToken == nil || time.Now().Add(time.Minute).After(c.accessToken.expirationTime) {
-		err := c.updateAccessToken()
+		err := c.updateAccessToken(ctx)
 		if err != nil {
 			return nil, err
 		}
@@ -289,7 +294,7 @@ func (c *VenafiCloudClient) getValidAccessToken() (*venafiCloudAccessToken, erro
 	return c.accessToken, nil
 }
 
-func (c *VenafiCloudClient) updateAccessToken() error {
+func (c *VenafiCloudClient) updateAccessToken(ctx context.Context) error {
 	jwtToken, err := c.generateAndSignJwtToken()
 	if err != nil {
 		return err
@@ -302,7 +307,7 @@ func (c *VenafiCloudClient) updateAccessToken() error {
 	tokenURL := fullURL(c.baseURL, accessTokenEndpoint)
 
 	encoded := values.Encode()
-	request, err := http.NewRequest(http.MethodPost, tokenURL, strings.NewReader(encoded))
+	request, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(encoded))
 	if err != nil {
 		return err
 	}