func defaultHTTPClient()

in server/gcpcredential/validate.go [28:52]

• 22 lines of code
• 4 McCabe index (conditional complexity)

func defaultHTTPClient() (*http.Client, error) {
	resp, err := http.Get(googleCAURL)
	if err != nil {
		return nil, fmt.Errorf("Unable to retrieve Google CAs: %v", err)
	}

	bodyBytes, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return nil, fmt.Errorf("Unable to read response body: %v", err)
	}

	certs := x509.NewCertPool()
	if !certs.AppendCertsFromPEM(bodyBytes) {
		return nil, errors.New("failed to parse Google CA certificates")
	}

	return &http.Client{
		Transport: &http.Transport{
			TLSClientConfig: &tls.Config{
				RootCAs:    certs,
				MinVersion: tls.VersionTLS13,
			},
		},
	}, nil
}