lib/backup/s3remote: use http client from AWS instead of custom implementation (#9869)

AWS SDK does not modify custom http client configuration if it was provided. This leads to
additional configuration such as environment variables being ignored.

Use AWS http client builder instead of custom implementation and
override DialContext to preserve metrics exposed by custom transport.

See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9858

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>

docs/victoriametrics/changelog/CHANGELOG.md

@@ -40,6 +40,7 @@ It disables `Discovered targets` debug IU by default.
 
 * BUGFIX: [vmui](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#vmui): fix issue where updating one query parameter removed others. See [#9816](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/9816) for details.
 * BUGFIX: [vmui](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#vmui) alerting tab: update the search filter if the corresponding query argument was passed. Reset selected items in dropdown filters if they are not available anymore after the update.
+* BUGFIX: [vmbackup](https://docs.victoriametrics.com/victoriametrics/vmbackup/), [vmrestore](https://docs.victoriametrics.com/victoriametrics/vmrestore/), [vmbackupmanager](https://docs.victoriametrics.com/victoriametrics/vmbackupmanager/): properly apply additional configuration of connection provided via environment variables (such as `AWS_CA_BUNDLE`). Previously, such settings were ignored starting from [v1.115.0](https://docs.victoriametrics.com/victoriametrics/changelog/#v11150). See this issue [#9858](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9858) for details.
 
 ## [v1.127.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.127.0)
 

lib/backup/s3remote/s3.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/retry"
+	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/feature/s3/manager"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
@@ -21,8 +22,8 @@ import (
 
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/backup/common"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/backup/fscommon"
-	"github.com/VictoriaMetrics/VictoriaMetrics/lib/httputil"
 	"github.com/VictoriaMetrics/VictoriaMetrics/lib/logger"
+	"github.com/VictoriaMetrics/VictoriaMetrics/lib/netutil"
 )
 
 var (
@@ -169,15 +170,20 @@ func (fs *FS) Init(ctx context.Context) error {
 		return err
 	}
 
-	tr := httputil.NewTransport(true, "vmbackup_s3_client")
-	if fs.TLSInsecureSkipVerify {
-		tr.TLSClientConfig = &tls.Config{
-			InsecureSkipVerify: true,
+	// Use AWS client in order to allow SDK to override transport configuration
+	// based on additional configuration from environment variables.
+	// See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/9858
+	c := awshttp.NewBuildableClient()
+	cfg.HTTPClient = c.WithTransportOptions(func(t *http.Transport) {
+		if fs.TLSInsecureSkipVerify {
+			if t.TLSClientConfig == nil {
+				t.TLSClientConfig = &tls.Config{}
+			}
+			t.TLSClientConfig.InsecureSkipVerify = true
 		}
-	}
-	cfg.HTTPClient = &http.Client{
-		Transport: tr,
-	}
+
+		t.DialContext = netutil.NewStatDialFunc("vmbackup_s3_client")
+	})
 
 	var outerErr error
 	fs.s3 = s3.NewFromConfig(cfg, func(o *s3.Options) {