diff --git a/command/agent.go b/command/agent.go index 21b9811be6..e47599f89b 100644 --- a/command/agent.go +++ b/command/agent.go @@ -226,6 +226,18 @@ func (c *AgentCommand) Run(args []string) int { Default: "", EnvVar: api.EnvVaultCAPath, }) + c.setStringFlag(f, config.Vault.ClientCert, &StringVar{ + Name: flagNameClientCert, + Target: &c.flagClientCert, + Default: "", + EnvVar: api.EnvVaultClientCert, + }) + c.setStringFlag(f, config.Vault.ClientKey, &StringVar{ + Name: flagNameClientKey, + Target: &c.flagClientKey, + Default: "", + EnvVar: api.EnvVaultClientKey, + }) c.setBoolFlag(f, config.Vault.TLSSkipVerify, &BoolVar{ Name: flagNameTLSSkipVerify, Target: &c.flagTLSSkipVerify, diff --git a/command/agent/config/config.go b/command/agent/config/config.go index b75b94656c..2fd69544e2 100644 --- a/command/agent/config/config.go +++ b/command/agent/config/config.go @@ -31,6 +31,8 @@ type Vault struct { CACert string `hcl:"ca_cert"` CAPath string `hcl:"ca_path"` TLSSkipVerify bool `hcl:"tls_skip_verify"` + ClientCert string `hcl:"client_cert"` + ClientKey string `hcl:"client_key"` } type Cache struct { diff --git a/command/agent/config/config_test.go b/command/agent/config/config_test.go index eeec7bf377..97063c713c 100644 --- a/command/agent/config/config_test.go +++ b/command/agent/config/config_test.go @@ -72,6 +72,8 @@ func TestLoadConfigFile_AgentCache(t *testing.T) { CACert: "config_ca_cert", CAPath: "config_ca_path", TLSSkipVerify: true, + ClientCert: "config_client_cert", + ClientKey: "config_client_key", }, PidFile: "./pidfile", } diff --git a/command/agent/config/test-fixtures/config-cache-embedded-type.hcl b/command/agent/config/test-fixtures/config-cache-embedded-type.hcl index 01c466e93e..7f32a1c262 100644 --- a/command/agent/config/test-fixtures/config-cache-embedded-type.hcl +++ b/command/agent/config/test-fixtures/config-cache-embedded-type.hcl @@ -48,4 +48,6 @@ vault { ca_cert = "config_ca_cert" ca_path = "config_ca_path" tls_skip_verify = "true" + client_cert = "config_client_cert" + client_key = "config_client_key" } diff --git a/command/agent/config/test-fixtures/config-cache.hcl b/command/agent/config/test-fixtures/config-cache.hcl index 1329808111..99310d7202 100644 --- a/command/agent/config/test-fixtures/config-cache.hcl +++ b/command/agent/config/test-fixtures/config-cache.hcl @@ -45,4 +45,6 @@ vault { ca_cert = "config_ca_cert" ca_path = "config_ca_path" tls_skip_verify = "true" + client_cert = "config_client_cert" + client_key = "config_client_key" } diff --git a/command/base.go b/command/base.go index edef8e761a..693a241268 100644 --- a/command/base.go +++ b/command/base.go @@ -255,7 +255,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets { }) f.StringVar(&StringVar{ - Name: "client-cert", + Name: flagNameClientCert, Target: &c.flagClientCert, Default: "", EnvVar: api.EnvVaultClientCert, @@ -266,7 +266,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets { }) f.StringVar(&StringVar{ - Name: "client-key", + Name: flagNameClientKey, Target: &c.flagClientKey, Default: "", EnvVar: api.EnvVaultClientKey, diff --git a/command/commands.go b/command/commands.go index 9c67ddd12b..55bd340bb8 100644 --- a/command/commands.go +++ b/command/commands.go @@ -75,6 +75,12 @@ const ( // flagnameCAPath is the flag used in the base command to read in the CA // cert path. flagNameCAPath = "ca-path" + //flagNameClientCert is the flag used in the base command to read in the + //client key + flagNameClientKey = "client-key" + //flagNameClientCert is the flag used in the base command to read in the + //client cert + flagNameClientCert = "client-cert" // flagNameTLSSkipVerify is the flag used in the base command to read in // the option to ignore TLS certificate verification. flagNameTLSSkipVerify = "tls-skip-verify"