Patch to support VAULT_HTTP_PROXY variable (#12582)
* patch to support VAULT_HTTP_PROXY variable * simplify the proxy replacement * internal code review * rename to VAULT_HTTP_PROXY, apply within ReadEnvironment * clean up some unintended whitespace changes * add docs for the new env variable and a changelog entry Co-authored-by: Dave Du Cros <davidducros@gmail.com>
This commit is contained in:
parent
1549af7e53
commit
79662d0842
|
@ -42,6 +42,7 @@ const (
|
||||||
EnvVaultToken = "VAULT_TOKEN"
|
EnvVaultToken = "VAULT_TOKEN"
|
||||||
EnvVaultMFA = "VAULT_MFA"
|
EnvVaultMFA = "VAULT_MFA"
|
||||||
EnvRateLimit = "VAULT_RATE_LIMIT"
|
EnvRateLimit = "VAULT_RATE_LIMIT"
|
||||||
|
EnvHTTPProxy = "VAULT_HTTP_PROXY"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Deprecated values
|
// Deprecated values
|
||||||
|
@ -271,6 +272,7 @@ func (c *Config) ReadEnvironment() error {
|
||||||
var envMaxRetries *uint64
|
var envMaxRetries *uint64
|
||||||
var envSRVLookup bool
|
var envSRVLookup bool
|
||||||
var limit *rate.Limiter
|
var limit *rate.Limiter
|
||||||
|
var envHTTPProxy string
|
||||||
|
|
||||||
// Parse the environment variables
|
// Parse the environment variables
|
||||||
if v := os.Getenv(EnvVaultAddress); v != "" {
|
if v := os.Getenv(EnvVaultAddress); v != "" {
|
||||||
|
@ -339,6 +341,10 @@ func (c *Config) ReadEnvironment() error {
|
||||||
envTLSServerName = v
|
envTLSServerName = v
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if v := os.Getenv(EnvHTTPProxy); v != "" {
|
||||||
|
envHTTPProxy = v
|
||||||
|
}
|
||||||
|
|
||||||
// Configure the HTTP clients TLS configuration.
|
// Configure the HTTP clients TLS configuration.
|
||||||
t := &TLSConfig{
|
t := &TLSConfig{
|
||||||
CACert: envCACert,
|
CACert: envCACert,
|
||||||
|
@ -375,6 +381,16 @@ func (c *Config) ReadEnvironment() error {
|
||||||
c.Timeout = envClientTimeout
|
c.Timeout = envClientTimeout
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if envHTTPProxy != "" {
|
||||||
|
url, err := url.Parse(envHTTPProxy)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
transport := c.HttpClient.Transport.(*http.Transport)
|
||||||
|
transport.Proxy = http.ProxyURL(url)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
3
changelog/12582.txt
Normal file
3
changelog/12582.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:improvement
|
||||||
|
api: Support VAULT_HTTP_PROXY environment variable to allow overriding the Vault client's HTTP proxy
|
||||||
|
```
|
|
@ -323,6 +323,12 @@ can be supplied. If a MFA method expects multiple credential values, or if there
|
||||||
are multiple MFA methods specified on a path, then the CLI flag `-mfa` should be
|
are multiple MFA methods specified on a path, then the CLI flag `-mfa` should be
|
||||||
used.
|
used.
|
||||||
|
|
||||||
|
### `VAULT_HTTP_PROXY`
|
||||||
|
|
||||||
|
HTTP proxy location which should be used to access Vault. When present, this
|
||||||
|
overrides any other proxies found in the environment. Format should be
|
||||||
|
`http://server:port`.
|
||||||
|
|
||||||
## Flags
|
## Flags
|
||||||
|
|
||||||
There are different CLI flags that are available depending on subcommands. Some
|
There are different CLI flags that are available depending on subcommands. Some
|
||||||
|
|
Loading…
Reference in a new issue