diff --git a/pkg/commoncfg/config.go b/pkg/commoncfg/config.go index de653e4..3e92076 100644 --- a/pkg/commoncfg/config.go +++ b/pkg/commoncfg/config.go @@ -370,17 +370,6 @@ type GRPCClientAttributes struct { type HTTPClient struct { Timeout time.Duration `yaml:"timeout" json:"timeout" default:"10s" mapstructure:"timeout"` - //Deprecated [to be replaced by using MTLS] - RootCAs *SourceRef `yaml:"rootCAs" json:"rootCAs" mapstructure:"rootCAs"` - //Deprecated [to be replaced by using MTLS] - InsecureSkipVerify bool `yaml:"insecureSkipVerify" json:"insecureSkipVerify" mapstructure:"insecureSkipVerify"` - //Deprecated [to be replaced by using MTLS] - MinVersion uint16 `yaml:"minVersion" json:"minVersion" mapstructure:"minVersion"` - //Deprecated [to be replaced by using MTLS] - Cert *SourceRef `yaml:"cert" json:"cert" mapstructure:"cert"` - //Deprecated [to be replaced by using MTLS] - CertKey *SourceRef `yaml:"certKey" json:"certKey" mapstructure:"certKey"` - APIToken *SourceRef `yaml:"apiToken" json:"apiToken" mapstructure:"apiToken"` BasicAuth *BasicAuth `yaml:"basicAuth" json:"basicAuth" mapstructure:"basicAuth"` OAuth2Auth *OAuth2 `yaml:"oauth2Auth" json:"oauth2Auth" mapstructure:"oauth2Auth"` diff --git a/pkg/commonhttp/client.go b/pkg/commonhttp/client.go index 6a88f7f..aed36ad 100644 --- a/pkg/commonhttp/client.go +++ b/pkg/commonhttp/client.go @@ -9,65 +9,6 @@ import ( "github.com/openkcm/common-sdk/pkg/commoncfg" ) -// NewClient creates an *http.Client configured with optional TLS/mTLS and custom settings. -// -// Supports: -// - Timeout -// - TLS minimum version (default TLS1.2) -// - InsecureSkipVerify -// - Custom root CAs -// - Optional client certificates (mTLS) -// -// Deprecated [to be replaced with NewHTTPClient] -func NewClient(cfg *commoncfg.HTTPClient) (*http.Client, error) { - if cfg == nil { - return nil, errors.New("HTTPClient config is nil") - } - - // Base HTTP client with timeout - client := &http.Client{ - Timeout: cfg.Timeout, - } - - // Prepare TLS configuration - tlsConfig := &tls.Config{ - InsecureSkipVerify: cfg.InsecureSkipVerify, - MinVersion: tls.VersionTLS12, - } - - // Override minimum TLS version if provided - if cfg.MinVersion >= tlsConfig.MinVersion { - tlsConfig.MinVersion = cfg.MinVersion - } - - // Load custom root CAs if provided and not skipping verification - if !cfg.InsecureSkipVerify && cfg.RootCAs != nil { - certPool, err := commoncfg.LoadCACertPool(cfg.RootCAs) - if err != nil { - return nil, fmt.Errorf("failed to load root CAs: %w", err) - } - - tlsConfig.RootCAs = certPool - } - - // Load client certificate for mTLS if both Cert and CertKey are provided - if cfg.Cert != nil && cfg.CertKey != nil { - cert, err := commoncfg.LoadClientCertificate(cfg.Cert, cfg.CertKey) - if err != nil { - return nil, fmt.Errorf("failed to load client certificate: %w", err) - } - - tlsConfig.Certificates = []tls.Certificate{*cert} - } - - // Assign custom transport with TLS configuration - client.Transport = &http.Transport{ - TLSClientConfig: tlsConfig, - } - - return client, nil -} - // NewHTTPClient creates an *http.Client using the full HTTPClient configuration. // // It supports the following authentication methods: diff --git a/pkg/commonhttp/client_test.go b/pkg/commonhttp/client_test.go index af62b16..271c152 100644 --- a/pkg/commonhttp/client_test.go +++ b/pkg/commonhttp/client_test.go @@ -42,7 +42,7 @@ func TestNewClient(t *testing.T) { // test nil config t.Run("nil config", func(t *testing.T) { - client, err := commonhttp.NewClient(nil) + client, err := commonhttp.NewHTTPClient(nil) if err == nil { t.Errorf("expected error for nil config, got client: %v", client) } @@ -104,7 +104,7 @@ func TestNewClient(t *testing.T) { for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { // Act - client, err := commonhttp.NewClient(&tc.cfg) + client, err := commonhttp.NewHTTPClient(&tc.cfg) // Assert if err != nil {