Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-12266

Replace HTTPClient gem with Faraday in Zync

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Zync
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Summary

      Replace HTTPClient gem with Faraday throughout the codebase to eliminate maintenance burden and improve SSL certificate handling.

      Current status: zync uses httpclient directly, oauth2 gem uses faraday + httpclient adapter.

      Goal: Get rid of httpclient, use faraday for both zync and oauth2 gem. Use the net-http-persistent adapter, or any other, for both zync and oauth2

      Background

      Zync currently uses the httpclient gem for all HTTP operations (Keycloak API calls, REST adapter calls, OIDC discovery). This dependency has become problematic:

      1. HTTPClient is abandoned - The upstream gem was last released in 2016 and is essentially unmaintained
      2. Requires a fork for SSL support - We maintain a fork (3scale/httpclient branch ssl-env-cert) because upstream HTTPClient ignores SSL_CERT_FILE and SSL_CERT_DIR environment variables, which are needed for custom CA certificates in OpenShift/Kubernetes environments
      3. Requires faraday-httpclient - Since Faraday 2.x, the httpclient adapter is no longer bundled, requiring an additional faraday-httpclient gem dependency for OAuth2 token requests

      Proposed Solution

      Migrate all HTTP operations from HTTPClient to Faraday with an appropriate adapter. This would:

      • Unify HTTP handling - OAuth2 gem already uses Faraday internally; we could share the same adapter for both OAuth2 token requests and Zync's direct API calls
      • Remove forked dependency - Faraday adapters based on Net::HTTP natively respect SSL_CERT_FILE/SSL_CERT_DIR via OpenSSL
      • Reduce maintenance burden - No need to maintain a fork of an abandoned gem

      Requirements

      The replacement solution must provide:

      • Connection pooling
      • Keep-alive (persistent connections)
      • Thread safety
      • Native SSL environment variable support (SSL_CERT_FILE/SSL_CERT_DIR)

      Suggested Approach

      Use Faraday with the net-http-persistent adapter, which provides all the required features. Other adapters could also be evaluated from the Awesome Faraday adapters list.

      # Gemfile
      gem 'faraday'
      gem 'faraday-net_http_persistent'
      gem 'net-http-persistent'
      

      This would allow removing:

      • httpclient (forked gem)
      • faraday-httpclient

              Unassigned Unassigned
              rh-ee-jlledo Joan Lledo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: