Add new method to access a client config's TLSConfig. (#20265)

2023-04-19 15:14:18 -04:00 · 2023-04-19 15:14:18 -04:00 · 9e34c0b543
parent 21f3977639
commit 9e34c0b543
2 changed files with 12 additions and 0 deletions
--- a/api/client.go
+++ b/api/client.go
@ -203,6 +203,7 @@ type Config struct {
 	// commands such as 'vault operator raft snapshot' as this redirects to the
 	// primary node.
 	DisableRedirects bool
+	clientTLSConfig  *tls.Config
 }

 // TLSConfig contains the parameters needed to configure TLS on the HTTP client
@ -337,10 +338,17 @@ func (c *Config) configureTLS(t *TLSConfig) error {
 	if t.TLSServerName != "" {
 		clientTLSConfig.ServerName = t.TLSServerName
 	}
+	c.clientTLSConfig = clientTLSConfig

 	return nil
 }

+func (c *Config) TLSConfig() *tls.Config {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+	return c.clientTLSConfig.Clone()
+}
+
 // ConfigureTLS takes a set of TLS configurations and applies those to the
 // HTTP client.
 func (c *Config) ConfigureTLS(t *TLSConfig) error {
@ -665,6 +673,7 @@ func (c *Client) CloneConfig() *Config {
 	newConfig.CloneHeaders = c.config.CloneHeaders
 	newConfig.CloneToken = c.config.CloneToken
 	newConfig.ReadYourWrites = c.config.ReadYourWrites
+	newConfig.clientTLSConfig = c.config.clientTLSConfig

 	// we specifically want a _copy_ of the client here, not a pointer to the original one
 	newClient := *c.config.HttpClient
--- a/changelog/20265.txt
+++ b/changelog/20265.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+* api: Add Config.TLSConfig method to fetch the TLS configuration from a client config.
+```