use system props when creating the RestTransport

[fer-marino]

this is a simple pull request that enable the usage of system properties when creating a RestTransport client. This is particularly useful when you need to configure the HTTP client for edge cases, eg. using an http proxy:

-Dhttp.proxyHost=10.250.0.1 -Dhttp.proxyPort=33128

[orca-security-eu]

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0   0   0   0	View in Orca
Passed	SAST	0   0   0   0	View in Orca
Passed	Secrets	0   0   0   0	View in Orca
Passed	Vulnerabilities	0   0   0   0	View in Orca

[weaviate-git-bot]

To avoid any confusion in the future about your contribution to Weaviate, we work with a Contributor License Agreement. If you agree, you can simply add a comment to this PR that you agree with the CLA so that we can merge.

beep boop - the Weaviate bot 👋🤖

PS:
Are you already a member of the Weaviate Forum?

[bevzzz]

Nice addition, thank you @fer-marino

[orca-security-eu]

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0   0   0   0	View in Orca
Warning	SAST	1   0   0   0	View in Orca
Passed	Secrets	0   0   0   0	View in Orca
Passed	Vulnerabilities	0   0   0   0	View in Orca

🛡️ The following SAST misconfigurations have been detected

	NAME	FILE
	Prevent Server-Side Request Forgery (SSRF) via User Input in URLs	...ltGrpcTransport.java	View in code

Note: The scan should have failed if no policies were configured in warn-only mode.

[fer-marino]

oh sorry. I've added a lot more stuff. Using an http proxy proved much more difficult than I thought, so here is the implementation. I've also added an extra method for the OIDC authentication to use resourceOwnerPassword providing also a client secret id (needed if anon login is disabled)

[bevzzz]

@fer-marino it's been a busy week, but I'm going to get back to this PR first thing Monday. Appreciate you taking time to contribute!

Using an http proxy proved much more difficult than I thought

Could you please elaborate on the difficulties you ran into with configuring http proxy via system properties? I guess one limitation of that approach would be that it doesn't allow using a different proxy per client. Was there something else you encountered?

[bevzzz]

I suggest focusing this PR on adding proxy support and introduce ROPC authentication in a separate PR.

[fer-marino]

hi, I've implemented most of your suggestions.

About my difficulties in implementing the proxy, is the different http libraries used by the different interfaces. My initial solution worked only for the rest transport, leaving out gRPC and OIDC authentication.

[bevzzz]

Thanks! Could you please rebase your branch on the latest main -- I've just merged a PR that should skip OIDC Client Credentials test if the secret is not available in the CI environment (which it isn't for outside contributions). All tests should be passing again then.

[bevzzz]

This is shaping up really well. Here are a couple more things I noticed.

Is there any simple test we could write for the HTTP / gRPC proxy configs? We're already using MockServer for some tests, can we extend the test suite to also verify request are being proxied correctly? e.g. using MockServer's proxying utility

[bevzzz]

Rename to resourceOwnerPasswordCredentials

[bevzzz]

My initial solution worked only for the rest transport, leaving out gRPC and OIDC authentication.

Makes sense, yes. Thanks a lot for taking these two aspects into consideration.

[fer-marino]

added some more test units, including one for the proxy. I've also modified the pom, as in my setup the lombok annotation processor was not getting invoked during unit tests execution.

[bevzzz]

When would endpoint be null? The endpoint describes how to execute the request.

[bevzzz]

Seems like nextResponse is only ever set to null. If so, the condition on line 52 if (nextResponse != null) {...} is never going to fire. What do we need this field for?

[bevzzz]

added some more test units, including one for the proxy

Thank you 👍

[fer-marino]

pushed another commit with your suggestions