s3: use http client with configured timeouts for s3 IAM communication

The default client has no timeouts configured opening network connections. Thus, if 169.254.169.254 is inaccessible, then the client would wait for until the operating system gives up, which will take several minutes.
2024-07-07 11:32:40 +02:00 · 2024-07-07 11:32:40 +02:00 · 4b364940aa
commit 4b364940aa
parent a2a2401a68
1 changed files with 3 additions and 3 deletions
--- a/internal/backend/s3/s3.go
+++ b/internal/backend/s3/s3.go
@ -52,7 +52,7 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro
 		minio.MaxRetry = int(cfg.MaxRetries)
 	}

-	creds, err := getCredentials(cfg)
+	creds, err := getCredentials(cfg, rt)
 	if err != nil {
 		return nil, errors.Wrap(err, "s3.getCredentials")
 	}
@ -97,7 +97,7 @@ func open(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, erro

 // getCredentials -- runs through the various credential types and returns the first one that works.
 // additionally if the user has specified a role to assume, it will do that as well.
-func getCredentials(cfg Config) (*credentials.Credentials, error) {
+func getCredentials(cfg Config, tr http.RoundTripper) (*credentials.Credentials, error) {
 	// Chains all credential types, in the following order:
 	// 	- Static credentials provided by user
 	//	- AWS env vars (i.e. AWS_ACCESS_KEY_ID)
@ -120,7 +120,7 @@ func getCredentials(cfg Config) (*credentials.Credentials, error) {
 		&credentials.FileMinioClient{},
 		&credentials.IAM{
 			Client: &http.Client{
-				Transport: http.DefaultTransport,
+				Transport: tr,
 			},
 		},
 	})