From 79662d0842a93d9fc7623b25c9e39753502eb6b6 Mon Sep 17 00:00:00 2001 From: Michael Boulding Date: Wed, 6 Oct 2021 17:40:31 +0100 Subject: [PATCH] Patch to support VAULT_HTTP_PROXY variable (#12582) * patch to support VAULT_HTTP_PROXY variable * simplify the proxy replacement * internal code review * rename to VAULT_HTTP_PROXY, apply within ReadEnvironment * clean up some unintended whitespace changes * add docs for the new env variable and a changelog entry Co-authored-by: Dave Du Cros --- api/client.go | 16 ++++++++++++++++ changelog/12582.txt | 3 +++ website/content/docs/commands/index.mdx | 6 ++++++ 3 files changed, 25 insertions(+) create mode 100644 changelog/12582.txt diff --git a/api/client.go b/api/client.go index 9b7129ceb..df8cfa551 100644 --- a/api/client.go +++ b/api/client.go @@ -42,6 +42,7 @@ const ( EnvVaultToken = "VAULT_TOKEN" EnvVaultMFA = "VAULT_MFA" EnvRateLimit = "VAULT_RATE_LIMIT" + EnvHTTPProxy = "VAULT_HTTP_PROXY" ) // Deprecated values @@ -271,6 +272,7 @@ func (c *Config) ReadEnvironment() error { var envMaxRetries *uint64 var envSRVLookup bool var limit *rate.Limiter + var envHTTPProxy string // Parse the environment variables if v := os.Getenv(EnvVaultAddress); v != "" { @@ -339,6 +341,10 @@ func (c *Config) ReadEnvironment() error { envTLSServerName = v } + if v := os.Getenv(EnvHTTPProxy); v != "" { + envHTTPProxy = v + } + // Configure the HTTP clients TLS configuration. t := &TLSConfig{ CACert: envCACert, @@ -375,6 +381,16 @@ func (c *Config) ReadEnvironment() error { c.Timeout = envClientTimeout } + if envHTTPProxy != "" { + url, err := url.Parse(envHTTPProxy) + if err != nil { + return err + } + + transport := c.HttpClient.Transport.(*http.Transport) + transport.Proxy = http.ProxyURL(url) + } + return nil } diff --git a/changelog/12582.txt b/changelog/12582.txt new file mode 100644 index 000000000..6e5c0c916 --- /dev/null +++ b/changelog/12582.txt @@ -0,0 +1,3 @@ +```release-note:improvement +api: Support VAULT_HTTP_PROXY environment variable to allow overriding the Vault client's HTTP proxy +``` diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index 992715250..cefdeeed8 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -323,6 +323,12 @@ can be supplied. If a MFA method expects multiple credential values, or if there are multiple MFA methods specified on a path, then the CLI flag `-mfa` should be used. +### `VAULT_HTTP_PROXY` + +HTTP proxy location which should be used to access Vault. When present, this +overrides any other proxies found in the environment. Format should be +`http://server:port`. + ## Flags There are different CLI flags that are available depending on subcommands. Some