Combine transports to one package

4 files changed, 7 insertions, 59 deletions

diff --git a/internal/artifact/artifact.go b/internal/artifact/artifact.go
index 9a23e269..5050b426 100644
--- a/internal/artifact/artifact.go
+++ b/internal/artifact/artifact.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httperrors"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/httptransport"
 )
 
 const (
@@ -43,7 +44,7 @@ func New(server string, timeoutSeconds int, pagesDomain string) *Artifact {
 		suffix: "." + strings.ToLower(pagesDomain),
 		client: &http.Client{
 			Timeout:   time.Second * time.Duration(timeoutSeconds),
-			Transport: transport,
+			Transport: httptransport.Transport,
 		},
 	}
 }
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 936754cc..da6789dc 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -15,6 +15,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/domain"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/httperrors"
+	"gitlab.com/gitlab-org/gitlab-pages/internal/httptransport"
 )
 
 const (
@@ -465,7 +466,7 @@ func New(pagesDomain string, storeSecret string, clientID string, clientSecret s
 		storeSecret:  storeSecret,
 		apiClient: &http.Client{
 			Timeout:   5 * time.Second,
-			Transport: transport,
+			Transport: httptransport.Transport,
 		},
 	}
 }
diff --git a/internal/auth/transport.go b/internal/auth/transport.go
deleted file mode 100644
index c8682ba2..00000000
--- a/internal/auth/transport.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package auth
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"os"
-	"sync"
-
-	log "github.com/sirupsen/logrus"
-)
-
-var (
-	sysPoolOnce = &sync.Once{}
-	sysPool     *x509.CertPool
-
-	transport = &http.Transport{
-		DialTLS: func(network, addr string) (net.Conn, error) {
-			return tls.Dial(network, addr, &tls.Config{RootCAs: pool()})
-		},
-	}
-)
-
-// This is here because macOS does not support the SSL_CERT_FILE
-// environment variable. We have arrange things to read SSL_CERT_FILE as
-// late as possible to avoid conflicts with file descriptor passing at
-// startup.
-func pool() *x509.CertPool {
-	sysPoolOnce.Do(loadPool)
-	return sysPool
-}
-
-func loadPool() {
-	sslCertFile := os.Getenv("SSL_CERT_FILE")
-	if sslCertFile == "" {
-		return
-	}
-
-	var err error
-	sysPool, err = x509.SystemCertPool()
-	if err != nil {
-		log.WithError(err).Error("failed to load system cert pool for artifacts client")
-		return
-	}
-
-	certPem, err := ioutil.ReadFile(sslCertFile)
-	if err != nil {
-		log.WithError(err).Error("failed to read SSL_CERT_FILE")
-		return
-	}
-
-	sysPool.AppendCertsFromPEM(certPem)
-}
diff --git a/internal/artifact/transport.go b/internal/httptransport/transport.go
index da182df6..207531f4 100644
--- a/internal/artifact/transport.go
+++ b/internal/httptransport/transport.go
@@ -1,4 +1,4 @@
-package artifact
+package httptransport
 
 import (
 	"crypto/tls"
@@ -16,7 +16,8 @@ var (
 	sysPoolOnce = &sync.Once{}
 	sysPool     *x509.CertPool
 
-	transport = &http.Transport{
+	// Transport can be used with httpclient with TLS and certificates
+	Transport = &http.Transport{
 		DialTLS: func(network, addr string) (net.Conn, error) {
 			return tls.Dial(network, addr, &tls.Config{RootCAs: pool()})
 		},