Reverts "Respect user defined proxy's CA cert" (#513)

openshift · Oct 4, 2021 · bdc9b11 · bdc9b11
1 parent 141f148
commit bdc9b11
Showing 1 changed file with 5 additions and 58 deletions.
diff --git a/pkg/insights/insightsclient/insightsclient.go b/pkg/insights/insightsclient/insightsclient.go
@@ -31,7 +31,6 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	apimachineryversion "k8s.io/apimachinery/pkg/version"
-	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 
 	"github.com/openshift/insights-operator/pkg/authorizer"
 )
@@ -121,9 +120,9 @@ func getTrustedCABundle() (*x509.CertPool, error) {
 }
 
 // clientTransport creates new http.Transport with either system or configured Proxy
-func (c *Client) clientTransport() http.RoundTripper {
+func clientTransport(authorizer Authorizer) http.RoundTripper {
 	clientTransport := &http.Transport{
-		Proxy: c.authorizer.NewSystemOrConfiguredProxy(),
+		Proxy: authorizer.NewSystemOrConfiguredProxy(),
 		DialContext: (&net.Dialer{
 			Timeout:   30 * time.Second,
 			KeepAlive: 30 * time.Second,
@@ -137,21 +136,6 @@ func (c *Client) clientTransport() http.RoundTripper {
 	if err != nil {
 		klog.Errorf("Failed to get proxy trusted CA: %v", err)
 	}
-	// check if some proxy is set
-	if isProxySet() {
-		userCAPem, err := c.getUserCABundle()
-		if err != nil {
-			klog.Error(err)
-		}
-		if userCAPem != nil {
-			if ok := rootCAs.AppendCertsFromPEM(userCAPem); !ok {
-				klog.Error("failed to parse CA pem data")
-			} else {
-				klog.Infof("Sucecssfully added CA cert referenced in the clusterProxy.Spec.TrustedCA bundle")
-			}
-		}
-	}
-
 	if rootCAs != nil {
 		clientTransport.TLSClientConfig = &tls.Config{}
 		clientTransport.TLSClientConfig.RootCAs = rootCAs
@@ -253,7 +237,7 @@ func (c *Client) Send(ctx context.Context, endpoint string, source Source) error
 	req.Body = pr
 
 	// dynamically set the proxy environment
-	c.client.Transport = c.clientTransport()
+	c.client.Transport = clientTransport(c.authorizer)
 
 	klog.V(4).Infof("Uploading %s to %s", source.Type, req.URL.String())
 	resp, err := c.client.Do(req)
@@ -322,7 +306,7 @@ func (c Client) RecvReport(ctx context.Context, endpoint string) (io.ReadCloser,
 	}
 
 	// dynamically set the proxy environment
-	c.client.Transport = c.clientTransport()
+	c.client.Transport = clientTransport(c.authorizer)
 
 	klog.V(4).Infof("Retrieving report from %s", req.URL.String())
 	resp, err := c.client.Do(req)
@@ -398,7 +382,7 @@ func (c Client) RecvSCACerts(ctx context.Context, endpoint string) ([]byte, erro
 		return nil, err
 	}
 	req.Header.Set("Content-Type", "application/json")
-	c.client.Transport = c.clientTransport()
+	c.client.Transport = clientTransport(c.authorizer)
 	authHeader := fmt.Sprintf("AccessToken %s:%s", cv.Spec.ClusterID, token)
 	req.Header.Set("Authorization", authHeader)
 
@@ -440,43 +424,6 @@ func ocmErrorMessage(url *url.URL, r *http.Response) error {
 	}
 }
 
-// isProxySet looks up "HTTP_PROXY" and "HTTPS_PROXY" environment variables
-// and returns true if at least one is set
-func isProxySet() (ok bool) {
-	_, httpProxySet := os.LookupEnv("HTTP_PROXY")
-	_, httpsProxySet := os.LookupEnv("HTTPS_PROXY")
-
-	return httpProxySet || httpsProxySet
-}
-
-// getUserCABundle reads "cluster" proxy resource to get a name of config map with
-// "TrustedCA" certificate and then it tries to read the certificate data from "ca-bundle.crt" key
-// Returns the certificate data or an error in case of failed reading
-func (c *Client) getUserCABundle() ([]byte, error) {
-	configCli, err := configv1client.NewForConfig(c.gatherKubeConfig)
-	if err != nil {
-		return nil, err
-	}
-	clusterProxy, err := configCli.Proxies().Get(context.Background(), "cluster", metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-	cmWithCACert := clusterProxy.Spec.TrustedCA.Name
-	coreCli, err := corev1client.NewForConfig(c.gatherKubeConfig)
-	if err != nil {
-		return nil, err
-	}
-	cm, err := coreCli.ConfigMaps("openshift-config").Get(context.Background(), cmWithCACert, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-	data, ok := cm.Data["ca-bundle.crt"]
-	if !ok {
-		return nil, fmt.Errorf("can't find ca-bundle.crt key in %s config map", cmWithCACert)
-	}
-	return []byte(data), nil
-}
-
 var (
 	counterRequestSend = metrics.NewCounterVec(&metrics.CounterOpts{
 		Name: "insightsclient_request_send_total",