luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Add TLS server name to Vault stanza of Agent configuration (#7519)

Browse source
This commit is contained in:
Dilan Bellinghoven 2019-10-29 09:11:01 -04:00 committed by Jeff Mitchell
parent 64a0037f7d
commit 5f8528381c
5 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
command/agent.go
View file

@ -259,6 +259,12 @@ func (c *AgentCommand) Run(args []string) int {
Default: false, Default: false,
EnvVar: api.EnvVaultSkipVerify, EnvVar: api.EnvVaultSkipVerify,
}) })
c.setStringFlag(f, config.Vault.TLSServerName, &StringVar{
Name: flagTLSServerName,
Target: &c.flagTLSServerName,
Default: "",
EnvVar: api.EnvVaultTLSServerName,
})
infoKeys := make([]string, 0, 10) infoKeys := make([]string, 0, 10)
info := make(map[string]string) info := make(map[string]string)

1
command/agent/config/config.go
View file

@ -38,6 +38,7 @@ type Vault struct {
TLSSkipVerifyRaw interface{} `hcl:"tls_skip_verify"` TLSSkipVerifyRaw interface{} `hcl:"tls_skip_verify"`
ClientCert string `hcl:"client_cert"` ClientCert string `hcl:"client_cert"`
ClientKey string `hcl:"client_key"` ClientKey string `hcl:"client_key"`
TLSServerName string `hcl:"tls_server_name"`
} }
// Cache contains any configuration needed for Cache mode // Cache contains any configuration needed for Cache mode

2
command/base.go
View file

@ -296,7 +296,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
}) })
f.StringVar(&StringVar{ f.StringVar(&StringVar{
Name: "tls-server-name", Name: flagTLSServerName,
Target: &c.flagTLSServerName, Target: &c.flagTLSServerName,
Default: "", Default: "",
EnvVar: api.EnvVaultTLSServerName, EnvVar: api.EnvVaultTLSServerName,

3
command/commands.go
View file

@ -88,6 +88,9 @@ const (
// flagNameTLSSkipVerify is the flag used in the base command to read in // flagNameTLSSkipVerify is the flag used in the base command to read in
// the option to ignore TLS certificate verification. // the option to ignore TLS certificate verification.
flagNameTLSSkipVerify = "tls-skip-verify" flagNameTLSSkipVerify = "tls-skip-verify"
// flagTLSServerName is the flag used in the base command to read in
// the TLS server name.
flagTLSServerName = "tls-server-name"
// flagNameAuditNonHMACRequestKeys is the flag name used for auth/secrets enable // flagNameAuditNonHMACRequestKeys is the flag name used for auth/secrets enable
flagNameAuditNonHMACRequestKeys = "audit-non-hmac-request-keys" flagNameAuditNonHMACRequestKeys = "audit-non-hmac-request-keys"
// flagNameAuditNonHMACResponseKeys is the flag name used for auth/secrets enable // flagNameAuditNonHMACResponseKeys is the flag name used for auth/secrets enable

4
website/source/docs/agent/index.html.md
View file

@ -89,6 +89,10 @@ configuration entries:
security of data transmissions to and from the Vault server. This value can security of data transmissions to and from the Vault server. This value can
be overridden by setting the `VAULT_SKIP_VERIFY` environment variable. be overridden by setting the `VAULT_SKIP_VERIFY` environment variable.
- `tls_server_name (string: optional)` - Name to use as the SNI host when
connecting via TLS. This value can be overridden by setting the
`VAULT_TLS_SERVER_NAME` environment variable.
### listener Stanza ### listener Stanza
Agent supports one or more [listener][listener_main] stanzas. In addition to Agent supports one or more [listener][listener_main] stanzas. In addition to