clawdie/zot
1
0
Fork 0
mirror of https://github.com/patriceckhart/zot.git synced 2026-06-26 21:36:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
zot/packages/provider/httpclient_test.go
patriceckhart ab7fb37046 Scope --insecure TLS to explicit base URL, drop global transport override 
Builds on s3rj1k's --insecure flag (#35) but limits insecure TLS to the
resolved inference client for an explicit --base-url, instead of mutating
http.DefaultTransport process-wide. Built-in providers, auth, and model
discovery keep normal certificate verification. Documents the flag in
the CLI reference.

Co-authored-by: s3rj1k <evasive.gyron@gmail.com>
2026-06-16 07:41:38 +02:00

54 lines
1.5 KiB
Go
Raw Permalink Blame History

package provider
import (
"net/http"
"net/http/httptest"
"testing"
)
func TestNewHTTPClientDoesNotChangeDefaultTransport(t *testing.T) {
orig := http.DefaultTransport
t.Cleanup(func() { http.DefaultTransport = orig })
client := NewHTTPClient(true)
if http.DefaultTransport != orig {
t.Fatal("NewHTTPClient must not mutate http.DefaultTransport")
}
tr, ok := client.Transport.(*http.Transport)
if !ok {
t.Fatalf("expected *http.Transport, got %T", client.Transport)
}
if tr.TLSClientConfig == nil || !tr.TLSClientConfig.InsecureSkipVerify {
t.Fatal("expected scoped InsecureSkipVerify=true in TLS config")
}
}
func TestScopedInsecureClientReachesTLSServer(t *testing.T) {
srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusOK)
}))
defer srv.Close()
orig := http.DefaultTransport
t.Cleanup(func() { http.DefaultTransport = orig })
secureClient := NewHTTPClient(false)
if _, err := secureClient.Get(srv.URL); err == nil {
t.Fatal("expected TLS error with secure client, got nil")
}
insecureClient := NewHTTPClient(true)
resp, err := insecureClient.Get(srv.URL)
if err != nil {
t.Fatalf("request failed with scoped insecure client: %v", err)
}
resp.Body.Close()
if resp.StatusCode != http.StatusOK {
t.Fatalf("status=%d", resp.StatusCode)
}
defaultClient := &http.Client{}
if _, err := defaultClient.Get(srv.URL); err == nil {
t.Fatal("default client must still reject self-signed TLS")
}
}
Reference in a new issue View git blame Copy permalink