Add support for go-sockaddr templated addresses in config. (#9109)

2025-10-30 18:17:55 +00:00 · 2021-10-21 10:10:48 -04:00
parent e8e1344839
commit 4ef0d3e187
6 changed files with 91 additions and 2 deletions
--- a/changelog/9109.txt
+++ b/changelog/9109.txt
@@ -0,0 +1,3 @@
 ```release-note:improvement
 core: Add support for go-sockaddr templated addresses in config.
 ```
--- a/command/server/config.go
+++ b/command/server/config.go
@@ -392,6 +392,17 @@ func ParseConfig(d, source string) (*Config, error) {
 		return nil, err
 	}
 	if rendered, err := configutil.ParseSingleIPTemplate(result.APIAddr); err != nil {
 		return nil, err
 	} else {
 		result.APIAddr = rendered
 	}
 	if rendered, err := configutil.ParseSingleIPTemplate(result.ClusterAddr); err != nil {
 		return nil, err
 	} else {
 		result.ClusterAddr = rendered
 	}
 	sharedConfig, err := configutil.ParseConfig(d)
 	if err != nil {
 		return nil, err
--- a/command/server/config_test.go
+++ b/command/server/config_test.go
@@ -36,6 +36,10 @@ func TestParseListeners(t *testing.T) {
 	testParseListeners(t)
 }
 func TestParseSockaddrTemplate(t *testing.T) {
 	testParseSockaddrTemplate(t)
 }
 func TestConfigRaftRetryJoin(t *testing.T) {
 	testConfigRaftRetryJoin(t)
 }
--- a/command/server/config_test_helpers.go
+++ b/command/server/config_test_helpers.go
@@ -843,6 +843,43 @@ listener "tcp" {
 	}
 }
 func testParseSockaddrTemplate(t *testing.T) {
 	config, err := ParseConfig(`
 api_addr = <<EOF
 {{- GetAllInterfaces | include "flags" "loopback" | include "type" "ipv4" | attr "address" -}}
 EOF
 listener "tcp" {
 	address = <<EOF
 {{- GetAllInterfaces | include "flags" "loopback" | include "type" "ipv4" | attr "address" -}}:443
 EOF
 	cluster_address = <<EOF
 {{- GetAllInterfaces | include "flags" "loopback" | include "type" "ipv4" | attr "address" -}}:8201
 EOF
 	tls_disable = true
 }`, "")
 	if err != nil {
 		t.Fatal(err)
 	}
 	expected := &Config{
 		APIAddr: "127.0.0.1",
 		SharedConfig: &configutil.SharedConfig{
 			Listeners: []*configutil.Listener{
 				{
 					Type:           "tcp",
 					Address:        "127.0.0.1:443",
 					ClusterAddress: "127.0.0.1:8201",
 					TLSDisable:     true,
 				},
 			},
 		},
 	}
 	config.Prune()
 	if diff := deep.Equal(config, expected); diff != nil {
 		t.Fatal(diff)
 	}
 }
 func testParseSeals(t *testing.T) {
 	config, err := LoadConfigFile("./test-fixtures/config_seals.hcl")
 	if err != nil {
--- a/internalshared/configutil/listener.go
+++ b/internalshared/configutil/listener.go
@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/go-secure-stdlib/strutil"
 	"github.com/hashicorp/go-secure-stdlib/tlsutil"
 	"github.com/hashicorp/go-sockaddr"
 	"github.com/hashicorp/go-sockaddr/template"
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/hcl/hcl/ast"
 )
@@ -122,6 +123,16 @@ func ParseListeners(result *SharedConfig, list *ast.ObjectList) error {
 		if err := hcl.DecodeObject(&l, item.Val); err != nil {
 			return multierror.Prefix(err, fmt.Sprintf("listeners.%d:", i))
 		}
 		if rendered, err := ParseSingleIPTemplate(l.Address); err != nil {
 			return multierror.Prefix(err, fmt.Sprintf("listeners.%d:", i))
 		} else {
 			l.Address = rendered
 		}
 		if rendered, err := ParseSingleIPTemplate(l.ClusterAddress); err != nil {
 			return multierror.Prefix(err, fmt.Sprintf("listeners.%d:", i))
 		} else {
 			l.ClusterAddress = rendered
 		}
 		// Hacky way, for now, to get the values we want for sanitizing
 		var m map[string]interface{}
@@ -381,3 +392,22 @@ func ParseListeners(result *SharedConfig, list *ast.ObjectList) error {
 	return nil
 }
 // ParseSingleIPTemplate is used as a helper function to parse out a single IP
 // address from a config parameter.
 func ParseSingleIPTemplate(ipTmpl string) (string, error) {
 	out, err := template.Parse(ipTmpl)
 	if err != nil {
 		return "", fmt.Errorf("unable to parse address template %q: %v", ipTmpl, err)
 	}
 	ips := strings.Split(out, " ")
 	switch len(ips) {
 	case 0:
 		return "", errors.New("no addresses found, please configure one")
 	case 1:
 		return strings.TrimSpace(ips[0]), nil
 	default:
 		return "", fmt.Errorf("multiple addresses found (%q), please configure one", out)
 	}
 }
--- a/website/content/docs/configuration/listener/tcp.mdx
+++ b/website/content/docs/configuration/listener/tcp.mdx
@@ -47,14 +47,18 @@ default value in the `"/sys/config/ui"` [API endpoint](/api/system/config-ui).
 ## `tcp` Listener Parameters
 - `address` `(string: "127.0.0.1:8200")` – Specifies the address to bind to for
-  listening.
+  listening.  This can be dynamically defined with a
  [go-sockaddr template](https://pkg.go.dev/github.com/hashicorp/go-sockaddr/template)
  that is resolved at runtime.
 - `cluster_address` `(string: "127.0.0.1:8201")` – Specifies the address to bind
  to for cluster server-to-server requests. This defaults to one port higher
  than the value of `address`. This does not usually need to be set, but can be
  useful in case Vault servers are isolated from each other in such a way that
  they need to hop through a TCP load balancer or some other scheme in order to
-  talk.
+  talk. This can be dynamically defined with a
  [go-sockaddr template](https://pkg.go.dev/github.com/hashicorp/go-sockaddr/template)
  that is resolved at runtime.
 - `http_idle_timeout` `(string: "5m")` - Specifies the maximum amount of time to
  wait for the next request when keep-alives are enabled. If `http_idle_timeout`