Uses AWS SDK BuildableClient for custom HTTP client

go.mod

@@ -9,7 +9,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.14.0
 	github.com/aws/smithy-go v1.10.0
 	github.com/google/go-cmp v0.5.7
-	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-multierror v1.1.1
 )
 

go.sum

@@ -29,8 +29,6 @@ github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=

internal/httpclient/http_client.go

@@ -1,38 +1,32 @@
 package httpclient
 
 import (
-	"crypto/tls"
 	"fmt"
 	"net/http"
 	"net/url"
 
+	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
 	"github.com/hashicorp/aws-sdk-go-base/v2/internal/config"
-	"github.com/hashicorp/go-cleanhttp"
 )
 
-func DefaultHttpClient(c *config.Config) (*http.Client, error) {
-	httpClient := cleanhttp.DefaultClient()
-	transport := httpClient.Transport.(*http.Transport)
-
-	tlsConfig := transport.TLSClientConfig
-	if tlsConfig == nil {
-		tlsConfig = &tls.Config{}
-		transport.TLSClientConfig = tlsConfig
-	}
-	tlsConfig.MinVersion = tls.VersionTLS12
-
-	if c.Insecure {
-		tlsConfig.InsecureSkipVerify = true
-	}
-
-	if c.HTTPProxy != "" {
-		proxyUrl, err := url.Parse(c.HTTPProxy)
-		if err != nil {
-			return nil, fmt.Errorf("error parsing HTTP proxy URL: %w", err)
-		}
-
-		transport.Proxy = http.ProxyURL(proxyUrl)
-	}
-
-	return httpClient, nil
+func DefaultHttpClient(c *config.Config) (*awshttp.BuildableClient, error) {
+	var err error
+
+	httpClient := awshttp.NewBuildableClient().
+		WithTransportOptions(func(tr *http.Transport) {
+			if c.Insecure {
+				tlsConfig := tr.TLSClientConfig
+				tlsConfig.InsecureSkipVerify = true
+			}
+			if c.HTTPProxy != "" {
+				var proxyUrl *url.URL
+				proxyUrl, parseErr := url.Parse(c.HTTPProxy)
+				if parseErr != nil {
+					err = fmt.Errorf("error parsing HTTP proxy URL: %w", parseErr)
+				}
+				tr.Proxy = http.ProxyURL(proxyUrl)
+			}
+		})
+
+	return httpClient, err
 }

internal/httpclient/http_client_test.go

@@ -0,0 +1,62 @@
+package httpclient_test
+
+import (
+	"crypto/tls"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws/transport/http"
+	"github.com/hashicorp/aws-sdk-go-base/v2/internal/config"
+	"github.com/hashicorp/aws-sdk-go-base/v2/internal/httpclient"
+)
+
+func TestHTTPClientConfiguration_basic(t *testing.T) {
+	client, err := httpclient.DefaultHttpClient(&config.Config{})
+	if err != nil {
+		t.Fatalf("unexpected error: %s", err)
+	}
+
+	transport := client.GetTransport()
+
+	if a, e := transport.MaxIdleConns, http.DefaultHTTPTransportMaxIdleConns; a != e {
+		t.Errorf("expected MaxIdleConns to be %d, got %d", e, a)
+	}
+	if a, e := transport.MaxIdleConnsPerHost, http.DefaultHTTPTransportMaxIdleConnsPerHost; a != e {
+		t.Errorf("expected MaxIdleConnsPerHost to be %d, got %d", e, a)
+	}
+	if a, e := transport.IdleConnTimeout, http.DefaultHTTPTransportIdleConnTimeout; a != e {
+		t.Errorf("expected IdleConnTimeout to be %s, got %s", e, a)
+	}
+	if a, e := transport.TLSHandshakeTimeout, http.DefaultHTTPTransportTLSHandleshakeTimeout; a != e {
+		t.Errorf("expected TLSHandshakeTimeout to be %s, got %s", e, a)
+	}
+	if a, e := transport.ExpectContinueTimeout, http.DefaultHTTPTransportExpectContinueTimeout; a != e {
+		t.Errorf("expected ExpectContinueTimeout to be %s, got %s", e, a)
+	}
+	if !transport.ForceAttemptHTTP2 {
+		t.Error("expected ForceAttemptHTTP2 to be true, got false")
+	}
+
+	tlsConfig := transport.TLSClientConfig
+	if a, e := int(tlsConfig.MinVersion), tls.VersionTLS12; a != e {
+		t.Errorf("expected tlsConfig.MinVersion to be %d, got %d", e, a)
+	}
+	if tlsConfig.InsecureSkipVerify {
+		t.Error("expected InsecureSkipVerify to be false, got true")
+	}
+}
+
+func TestHTTPClientConfiguration_insecureHTTPS(t *testing.T) {
+	client, err := httpclient.DefaultHttpClient(&config.Config{
+		Insecure: true,
+	})
+	if err != nil {
+		t.Fatalf("unexpected error: %s", err)
+	}
+
+	transport := client.GetTransport()
+
+	tlsConfig := transport.TLSClientConfig
+	if !tlsConfig.InsecureSkipVerify {
+		t.Error("expected InsecureSkipVerify to be true, got false")
+	}
+}

v2/awsv1shim/go.sum

@@ -32,8 +32,6 @@ github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=

v2/awsv1shim/session.go

@@ -41,10 +41,11 @@ func getSessionOptions(awsC *awsv2.Config, c *awsbase.Config) (*session.Options,
 
 	httpClient, ok := awsC.HTTPClient.(*http.Client)
 	if !ok { // This is unlikely, but technically possible
-		httpClient, err = httpclient.DefaultHttpClient(c)
+		client, err := httpclient.DefaultHttpClient(c)
 		if err != nil {
 			return nil, err
 		}
+		httpClient = client.Freeze().(*http.Client)
 	}
 	options := &session.Options{
 		Config: aws.Config{