initializing ECS Round tripper as the http client after default trans…

…port was created by SDK for custom CA transporter
mye956 · Jan 17, 2025 · ea2fea2 · ea2fea2
1 parent 5180ede
commit ea2fea2
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 2 deletions.
diff --git a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/ecs/client/ecs_client.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/api/ecs/client/ecs_client.go
diff --git a/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/httpclient/httpclient.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/httpclient/httpclient.go
diff --git a/ecs-agent/api/ecs/client/ecs_client.go b/ecs-agent/api/ecs/client/ecs_client.go
@@ -93,7 +93,7 @@ func NewECSClient(
 		credentialsProvider: credentialsProvider,
 		configAccessor:      configAccessor,
 		ec2metadata:         ec2MetadataClient,
-		httpClient:          httpclient.New(RoundtripTimeout, configAccessor.AcceptInsecureCert(), agentVer, configAccessor.OSType()),
+		httpClient:          &http.Client{Timeout: RoundtripTimeout},
 		pollEndpointCache:   async.NewTTLCache(&async.TTL{Duration: defaultPollEndpointCacheTTL}),
 	}
 
@@ -105,9 +105,13 @@ func NewECSClient(
 	ecsConfig := newECSConfig(credentialsProvider, configAccessor, client.httpClient, client.isFIPSDetected)
 	s, err := session.NewSession(&ecsConfig)
 	if err != nil {
+		logger.Info("TESTING in ECS CLIENT Package. Unable to create session in here")
 		return nil, err
 	}
 
+	logger.Info("Replacing the default transport with new ECS Roundtripper object")
+	client.httpClient.Transport = httpclient.NewECSRoundTripper(configAccessor.AcceptInsecureCert(), agentVer, configAccessor.OSType())
+
 	if client.standardClient == nil {
 		client.standardClient = ecsmodel.New(s)
 	}

diff --git a/ecs-agent/httpclient/httpclient.go b/ecs-agent/httpclient/httpclient.go
@@ -99,3 +99,24 @@ type OverridableTransport interface {
 func (client *ecsRoundTripper) SetTransport(transport http.RoundTripper) {
 	client.transport = transport
 }
+
+func NewECSRoundTripper(insecureSkipVerify bool, agentVersion string, osType string) *ecsRoundTripper {
+	transport := &http.Transport{
+		Proxy: httpproxy.Proxy,
+		DialContext: (&net.Dialer{
+			Timeout:   DefaultDialTimeout,
+			KeepAlive: DefaultDialKeepalive,
+		}).DialContext,
+		TLSHandshakeTimeout: DefaultTLSHandshakeTimeout,
+	}
+	transport.TLSClientConfig = &tls.Config{}
+	cipher.WithSupportedCipherSuites(transport.TLSClientConfig)
+	transport.TLSClientConfig.InsecureSkipVerify = insecureSkipVerify
+
+	return &ecsRoundTripper{
+		insecureSkipVerify: insecureSkipVerify,
+		agentVersion:       agentVersion,
+		osType:             osType,
+		transport:          transport,
+	}
+}