From 3322b97e23cfee59b1f5e34e88c4ecda1939f9eb Mon Sep 17 00:00:00 2001
From: Andreas Auernhammer <github@aead.dev>
Date: Fri, 16 Aug 2024 16:34:08 +0200
Subject: [PATCH] entrust: use reasonable defaults for HTTP transport

This commit fixes the HTTP transport of the entrust keycontrol client
to use a connection pool to reuse connections or close idle ones.

Signed-off-by: Andreas Auernhammer <github@aead.dev>
---
 internal/keystore/entrust/keycontrol.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/internal/keystore/entrust/keycontrol.go b/internal/keystore/entrust/keycontrol.go
index 9d63ecdd..a5d06a17 100644
--- a/internal/keystore/entrust/keycontrol.go
+++ b/internal/keystore/entrust/keycontrol.go
@@ -14,6 +14,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"net"
 	"net/http"
 	"net/url"
 	"strings"
@@ -69,7 +70,17 @@ func (c *Config) Clone() *Config {
 func Login(ctx context.Context, config *Config) (*KeyControl, error) {
 	config = config.Clone()
 	transport := &http.Transport{
-		TLSClientConfig: config.TLS,
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).DialContext,
+		ForceAttemptHTTP2:     true,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		TLSClientConfig:       config.TLS,
 	}
 	token, expiresAt, err := login(ctx, transport, config.Endpoint, config.VaultID, config.Username, config.Password)
 	if err != nil {