feat: add configurable HTTP client timeouts via config file

<!-- markdownlint-disable MD041 -->

Introduce the `http.config.ocm.software/v1alpha1` config type for
controlling HTTP client timeouts (dial, TLS handshake, response header,
idle connection, keep-alive, and overall timeout). Timeouts are configured exclusively through the OCM config. When not set, `http.DefaultTransport` values are preserved unchanged.

- Add `api/utils/httpclient` transport factory (clones DefaultTransport,
  selectively overrides from config)
- Wire HTTP settings into docker daemon and OCI registry clients
- Add integration tests using toxiproxy for timeout verification
- Update docs with new config type documentation

Fixes: #1731

Signed-off-by: Piotr Janik <piotr.janik@sap.com>

Author: piotrjanik

api/datacontext/attrs/httpcfgattr/attr.go

@@ -0,0 +1,123 @@
+package httpcfgattr
+
+import (
+	"time"
+
+	"github.com/mandelsoft/goutils/errors"
+
+	"ocm.software/ocm/api/datacontext"
+	"ocm.software/ocm/api/utils/runtime"
+)
+
+type (
+	Context         = datacontext.AttributesContext
+	ContextProvider = datacontext.ContextProvider
+)
+
+const (
+	ATTR_KEY   = "ocm.software/ocm/api/datacontext/attrs/httpcfg"
+	ATTR_SHORT = "httpcfg"
+)
+
+func init() {
+	datacontext.RegisterAttributeType(ATTR_KEY, AttributeType{}, ATTR_SHORT)
+}
+
+type AttributeType struct{}
+
+func (a AttributeType) Name() string {
+	return ATTR_KEY
+}
+
+func (a AttributeType) Description() string {
+	return `
+*JSON*
+Configures HTTP client timeout settings for OCI registry and remote endpoint access.
+Settings are provided as a JSON document matching the ` + ConfigType + ` config type.
+
+For full control use the config file:
+<pre>
+    type: ` + ConfigType + `
+    timeout: 0s
+    tcpDialTimeout: 30s
+    tcpKeepAlive: 30s
+    tlsHandshakeTimeout: 10s
+    idleConnTimeout: 90s
+</pre>
+`
+}
+
+func (a AttributeType) Encode(v interface{}, marshaller runtime.Marshaler) ([]byte, error) {
+	attr, ok := v.(*Attribute)
+	if !ok {
+		return nil, errors.ErrInvalid("httpcfg attribute")
+	}
+	cfg := New()
+	cfg.Timeout = durationPtrToString(attr.timeout)
+	cfg.TCPDialTimeout = durationPtrToString(attr.tcpDialTimeout)
+	cfg.TCPKeepAlive = durationPtrToString(attr.tcpKeepAlive)
+	cfg.TLSHandshakeTimeout = durationPtrToString(attr.tlsHandshakeTimeout)
+	cfg.ResponseHeaderTimeout = durationPtrToString(attr.responseHeaderTimeout)
+	cfg.IdleConnTimeout = durationPtrToString(attr.idleConnTimeout)
+
+	return marshaller.Marshal(cfg)
+}
+
+func (a AttributeType) Decode(data []byte, unmarshaller runtime.Unmarshaler) (interface{}, error) {
+	var value Config
+	err := unmarshaller.Unmarshal(data, &value)
+	if err != nil {
+		return nil, err
+	}
+
+	attr := &Attribute{}
+	err = value.ApplyToAttribute(attr)
+	if err != nil {
+		return nil, err
+	}
+	return attr, nil
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+// Attribute holds the effective HTTP client settings for a context.
+// nil means "not configured" (use transport default), non-nil means
+// explicitly set (including 0 which disables the timeout).
+type Attribute struct {
+	timeout               *time.Duration
+	tcpDialTimeout        *time.Duration
+	tcpKeepAlive          *time.Duration
+	tlsHandshakeTimeout   *time.Duration
+	responseHeaderTimeout *time.Duration
+	idleConnTimeout       *time.Duration
+}
+
+// durationPtrToString converts a *time.Duration to string, returning "" for nil.
+func durationPtrToString(d *time.Duration) string {
+	if d == nil {
+		return ""
+	}
+	return d.String()
+}
+
+func (a *Attribute) GetTimeout() *time.Duration               { return a.timeout }
+func (a *Attribute) GetTCPDialTimeout() *time.Duration        { return a.tcpDialTimeout }
+func (a *Attribute) GetTCPKeepAlive() *time.Duration          { return a.tcpKeepAlive }
+func (a *Attribute) GetTLSHandshakeTimeout() *time.Duration   { return a.tlsHandshakeTimeout }
+func (a *Attribute) GetResponseHeaderTimeout() *time.Duration { return a.responseHeaderTimeout }
+func (a *Attribute) GetIdleConnTimeout() *time.Duration       { return a.idleConnTimeout }
+
+////////////////////////////////////////////////////////////////////////////////
+
+// Get returns the HTTP client attribute from the context.
+// If not set, a default empty Attribute is created and stored.
+func Get(ctx ContextProvider) *Attribute {
+	return ctx.AttributesContext().GetAttributes().GetOrCreateAttribute(ATTR_KEY, func(datacontext.Context) interface{} {
+		return &Attribute{}
+	}).(*Attribute)
+}
+
+// Set stores the HTTP client attribute in the context.
+func Set(ctx ContextProvider, attr *Attribute) error {
+	return ctx.AttributesContext().GetAttributes().SetAttribute(ATTR_KEY, attr)
+}

api/datacontext/attrs/httpcfgattr/attr_test.go

@@ -0,0 +1,88 @@
+package httpcfgattr_test
+
+import (
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+
+	"ocm.software/ocm/api/datacontext"
+	"ocm.software/ocm/api/datacontext/attrs/httpcfgattr"
+	"ocm.software/ocm/api/utils/runtime"
+)
+
+var _ = Describe("httpcfg attribute", func() {
+	var ctx datacontext.Context
+	attr := httpcfgattr.AttributeType{}
+	enc := runtime.DefaultJSONEncoding
+
+	BeforeEach(func() {
+		ctx = datacontext.New(nil)
+	})
+
+	Context("get and set", func() {
+		It("defaults to nil with no timeout", func() {
+			a := httpcfgattr.Get(ctx)
+			Expect(a).NotTo(BeNil())
+			Expect(a.GetTimeout()).To(BeNil())
+		})
+
+		It("round-trips through encode/decode", func() {
+			a := httpcfgattr.Get(ctx)
+			cfg := httpcfgattr.New()
+			cfg.Timeout = "30s"
+			Expect(cfg.ApplyToAttribute(a)).To(Succeed())
+
+			d := httpcfgattr.Get(ctx).GetTimeout()
+			Expect(d).NotTo(BeNil())
+			Expect(*d).To(Equal(30 * time.Second))
+		})
+	})
+
+	Context("encoding", func() {
+		It("encodes *Attribute to JSON", func() {
+			a := httpcfgattr.Get(ctx)
+			cfg := httpcfgattr.New()
+			cfg.Timeout = "30s"
+			Expect(cfg.ApplyToAttribute(a)).To(Succeed())
+
+			data, err := attr.Encode(a, enc)
+			Expect(err).To(Succeed())
+			Expect(string(data)).To(ContainSubstring(`"timeout":"30s"`))
+		})
+
+		It("encodes explicit zero duration as 0s, not omitted", func() {
+			a := httpcfgattr.Get(ctx)
+			cfg := httpcfgattr.New()
+			cfg.Timeout = "0s"
+			Expect(cfg.ApplyToAttribute(a)).To(Succeed())
+
+			data, err := attr.Encode(a, enc)
+			Expect(err).To(Succeed())
+			Expect(string(data)).To(ContainSubstring(`"timeout":"0s"`))
+		})
+
+		It("rejects non-*Attribute input", func() {
+			_, err := attr.Encode("invalid", enc)
+			Expect(err).To(HaveOccurred())
+			Expect(err.Error()).To(ContainSubstring("is invalid"))
+		})
+	})
+
+	Context("decoding", func() {
+		It("decodes JSON to *Attribute", func() {
+			raw := []byte(`{"type":"http.config.ocm.software/v1alpha1","timeout":"10s"}`)
+			val, err := attr.Decode(raw, enc)
+			Expect(err).To(Succeed())
+			a, ok := val.(*httpcfgattr.Attribute)
+			Expect(ok).To(BeTrue())
+			Expect(a.GetTimeout()).NotTo(BeNil())
+			Expect(*a.GetTimeout()).To(Equal(10 * time.Second))
+		})
+
+		It("rejects invalid JSON", func() {
+			_, err := attr.Decode([]byte(`{invalid`), enc)
+			Expect(err).To(HaveOccurred())
+		})
+	})
+})

api/datacontext/attrs/httpcfgattr/config.go

@@ -0,0 +1,137 @@
+package httpcfgattr
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/mandelsoft/goutils/errors"
+
+	cfgcpi "ocm.software/ocm/api/config/cpi"
+	"ocm.software/ocm/api/utils/runtime"
+)
+
+const (
+	ConfigType         = "http" + cfgcpi.OCM_CONFIG_TYPE_SUFFIX
+	ConfigTypeV1Alpha1 = ConfigType + runtime.VersionSeparator + "v1alpha1"
+)
+
+func init() {
+	cfgcpi.RegisterConfigType(cfgcpi.NewConfigType[*Config](ConfigType, usage))
+	cfgcpi.RegisterConfigType(cfgcpi.NewConfigType[*Config](ConfigTypeV1Alpha1, usage))
+}
+
+// Config describes the configuration for HTTP client settings.
+type Config struct {
+	runtime.ObjectVersionedType `json:",inline"`
+
+	// Timeout is the overall http.Client timeout.
+	Timeout string `json:"timeout,omitempty"`
+
+	// TCPDialTimeout is the time limit for establishing a TCP connection.
+	TCPDialTimeout string `json:"tcpDialTimeout,omitempty"`
+
+	// TCPKeepAlive is the interval between TCP keep-alive probes.
+	TCPKeepAlive string `json:"tcpKeepAlive,omitempty"`
+
+	// TLSHandshakeTimeout is the maximum time to wait for a TLS handshake.
+	TLSHandshakeTimeout string `json:"tlsHandshakeTimeout,omitempty"`
+
+	// ResponseHeaderTimeout is the time limit to wait for response headers.
+	ResponseHeaderTimeout string `json:"responseHeaderTimeout,omitempty"`
+
+	// IdleConnTimeout is the maximum time an idle connection remains open.
+	IdleConnTimeout string `json:"idleConnTimeout,omitempty"`
+}
+
+// New creates a new empty HTTP Config.
+func New() *Config {
+	return &Config{
+		ObjectVersionedType: runtime.NewVersionedTypedObject(ConfigType),
+	}
+}
+
+func (a *Config) GetType() string {
+	return ConfigType
+}
+
+func (a *Config) ApplyTo(ctx cfgcpi.Context, target interface{}) error {
+	if t, ok := target.(Context); ok {
+		if t.AttributesContext().IsAttributesContext() { // apply only to root context
+			return errors.Wrapf(a.ApplyToAttribute(Get(t)), "applying config failed")
+		}
+	}
+	return cfgcpi.ErrNoContext(ConfigType)
+}
+
+// parseDuration parses a duration string, returning nil if empty.
+func parseDuration(s string) (*time.Duration, error) {
+	if s == "" {
+		return nil, nil
+	}
+	d, err := time.ParseDuration(s)
+	if err != nil {
+		return nil, fmt.Errorf("invalid duration %q: %w", s, err)
+	}
+	return &d, nil
+}
+
+// ApplyToAttribute merges this config's settings into an existing attribute.
+func (a *Config) ApplyToAttribute(attr *Attribute) error {
+	var errs error
+
+	if d, err := parseDuration(a.Timeout); err != nil {
+		errs = errors.Join(errs, err)
+	} else if d != nil {
+		attr.timeout = d
+	}
+	if d, err := parseDuration(a.TCPDialTimeout); err != nil {
+		errs = errors.Join(errs, err)
+	} else if d != nil {
+		attr.tcpDialTimeout = d
+	}
+	if d, err := parseDuration(a.TCPKeepAlive); err != nil {
+		errs = errors.Join(errs, err)
+	} else if d != nil {
+		attr.tcpKeepAlive = d
+	}
+	if d, err := parseDuration(a.TLSHandshakeTimeout); err != nil {
+		errs = errors.Join(errs, err)
+	} else if d != nil {
+		attr.tlsHandshakeTimeout = d
+	}
+	if d, err := parseDuration(a.ResponseHeaderTimeout); err != nil {
+		errs = errors.Join(errs, err)
+	} else if d != nil {
+		attr.responseHeaderTimeout = d
+	}
+	if d, err := parseDuration(a.IdleConnTimeout); err != nil {
+		errs = errors.Join(errs, err)
+	} else if d != nil {
+		attr.idleConnTimeout = d
+	}
+
+	return errs
+}
+
+const usage = `
+The config type <code>` + ConfigType + `</code> can be used to configure
+HTTP client settings:
+
+<pre>
+    type: ` + ConfigType + `
+    timeout: 0s
+    tcpDialTimeout: 30s
+    tcpKeepAlive: 30s
+    tlsHandshakeTimeout: 10s
+    responseHeaderTimeout: 0s
+    idleConnTimeout: 90s
+</pre>
+
+All timeout values are Go duration strings (e.g. "30s", "5m", "1h").
+Use "0s" to disable a specific timeout. If not set, the <code>http.DefaultTransport</code>
+values from the Go standard library are used.
+
+Note: <code>timeout</code> controls the overall <code>http.Client</code> request deadline and is
+independent of the transport-level settings. Setting only <code>timeout</code> does not
+affect <code>tcpDialTimeout</code>, <code>tlsHandshakeTimeout</code>, or other transport timeouts.
+`