Patch to support VAULT_HTTP_PROXY variable (#12582)

* patch to support VAULT_HTTP_PROXY variable

* simplify the proxy replacement

* internal code review

* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment

* clean up some unintended whitespace changes

* add docs for the new env variable and a changelog entry

Co-authored-by: Dave Du Cros <davidducros@gmail.com>
This commit is contained in:
Michael Boulding 2021-10-06 17:40:31 +01:00 committed by GitHub
parent 1549af7e53
commit 79662d0842
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 0 deletions

View file

@ -42,6 +42,7 @@ const (
EnvVaultToken = "VAULT_TOKEN" EnvVaultToken = "VAULT_TOKEN"
EnvVaultMFA = "VAULT_MFA" EnvVaultMFA = "VAULT_MFA"
EnvRateLimit = "VAULT_RATE_LIMIT" EnvRateLimit = "VAULT_RATE_LIMIT"
EnvHTTPProxy = "VAULT_HTTP_PROXY"
) )
// Deprecated values // Deprecated values
@ -271,6 +272,7 @@ func (c *Config) ReadEnvironment() error {
var envMaxRetries *uint64 var envMaxRetries *uint64
var envSRVLookup bool var envSRVLookup bool
var limit *rate.Limiter var limit *rate.Limiter
var envHTTPProxy string
// Parse the environment variables // Parse the environment variables
if v := os.Getenv(EnvVaultAddress); v != "" { if v := os.Getenv(EnvVaultAddress); v != "" {
@ -339,6 +341,10 @@ func (c *Config) ReadEnvironment() error {
envTLSServerName = v envTLSServerName = v
} }
if v := os.Getenv(EnvHTTPProxy); v != "" {
envHTTPProxy = v
}
// Configure the HTTP clients TLS configuration. // Configure the HTTP clients TLS configuration.
t := &TLSConfig{ t := &TLSConfig{
CACert: envCACert, CACert: envCACert,
@ -375,6 +381,16 @@ func (c *Config) ReadEnvironment() error {
c.Timeout = envClientTimeout c.Timeout = envClientTimeout
} }
if envHTTPProxy != "" {
url, err := url.Parse(envHTTPProxy)
if err != nil {
return err
}
transport := c.HttpClient.Transport.(*http.Transport)
transport.Proxy = http.ProxyURL(url)
}
return nil return nil
} }

3
changelog/12582.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:improvement
api: Support VAULT_HTTP_PROXY environment variable to allow overriding the Vault client's HTTP proxy
```

View file

@ -323,6 +323,12 @@ can be supplied. If a MFA method expects multiple credential values, or if there
are multiple MFA methods specified on a path, then the CLI flag `-mfa` should be are multiple MFA methods specified on a path, then the CLI flag `-mfa` should be
used. used.
### `VAULT_HTTP_PROXY`
HTTP proxy location which should be used to access Vault. When present, this
overrides any other proxies found in the environment. Format should be
`http://server:port`.
## Flags ## Flags
There are different CLI flags that are available depending on subcommands. Some There are different CLI flags that are available depending on subcommands. Some