added client_key and client_cert options to the agent config (#6319)

2025-11-01 11:08:10 +00:00 · 2019-03-01 15:11:16 -05:00
parent 7cc75c5f38
commit be555fccca
7 changed files with 28 additions and 2 deletions
--- a/command/agent.go
+++ b/command/agent.go
@@ -226,6 +226,18 @@ func (c *AgentCommand) Run(args []string) int {
 			Default: "",
 			EnvVar:  api.EnvVaultCAPath,
 		})
+		c.setStringFlag(f, config.Vault.ClientCert, &StringVar{
+			Name:    flagNameClientCert,
+			Target:  &c.flagClientCert,
+			Default: "",
+			EnvVar:  api.EnvVaultClientCert,
+		})
+		c.setStringFlag(f, config.Vault.ClientKey, &StringVar{
+			Name:    flagNameClientKey,
+			Target:  &c.flagClientKey,
+			Default: "",
+			EnvVar:  api.EnvVaultClientKey,
+		})
 		c.setBoolFlag(f, config.Vault.TLSSkipVerify, &BoolVar{
 			Name:    flagNameTLSSkipVerify,
 			Target:  &c.flagTLSSkipVerify,
--- a/command/agent/config/config.go
+++ b/command/agent/config/config.go
@@ -31,6 +31,8 @@ type Vault struct {
 	CACert        string `hcl:"ca_cert"`
 	CAPath        string `hcl:"ca_path"`
 	TLSSkipVerify bool   `hcl:"tls_skip_verify"`
+	ClientCert    string `hcl:"client_cert"`
+	ClientKey     string `hcl:"client_key"`
 }

 type Cache struct {
--- a/command/agent/config/config_test.go
+++ b/command/agent/config/config_test.go
@@ -72,6 +72,8 @@ func TestLoadConfigFile_AgentCache(t *testing.T) {
 			CACert:        "config_ca_cert",
 			CAPath:        "config_ca_path",
 			TLSSkipVerify: true,
+			ClientCert:    "config_client_cert",
+			ClientKey:     "config_client_key",
 		},
 		PidFile: "./pidfile",
 	}
--- a/command/agent/config/test-fixtures/config-cache-embedded-type.hcl
+++ b/command/agent/config/test-fixtures/config-cache-embedded-type.hcl
@@ -48,4 +48,6 @@ vault {
 	ca_cert = "config_ca_cert"
 	ca_path = "config_ca_path"
 	tls_skip_verify = "true"
+	client_cert = "config_client_cert"
+	client_key = "config_client_key"
 }
--- a/command/agent/config/test-fixtures/config-cache.hcl
+++ b/command/agent/config/test-fixtures/config-cache.hcl
@@ -45,4 +45,6 @@ vault {
 	ca_cert = "config_ca_cert"
 	ca_path = "config_ca_path"
 	tls_skip_verify = "true"
+	client_cert = "config_client_cert"
+	client_key = "config_client_key"
 }
--- a/command/base.go
+++ b/command/base.go
@@ -255,7 +255,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
 			})

 			f.StringVar(&StringVar{
-				Name:       "client-cert",
+				Name:       flagNameClientCert,
 				Target:     &c.flagClientCert,
 				Default:    "",
 				EnvVar:     api.EnvVaultClientCert,
@@ -266,7 +266,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
 			})

 			f.StringVar(&StringVar{
-				Name:       "client-key",
+				Name:       flagNameClientKey,
 				Target:     &c.flagClientKey,
 				Default:    "",
 				EnvVar:     api.EnvVaultClientKey,
--- a/command/commands.go
+++ b/command/commands.go
@@ -75,6 +75,12 @@ const (
 	// flagnameCAPath is the flag used in the base command to read in the CA
 	// cert path.
 	flagNameCAPath = "ca-path"
+	//flagNameClientCert is the flag used in the base command to read in the
+	//client key
+	flagNameClientKey = "client-key"
+	//flagNameClientCert is the flag used in the base command to read in the
+	//client cert
+	flagNameClientCert = "client-cert"
 	// flagNameTLSSkipVerify is the flag used in the base command to read in
 	// the option to ignore TLS certificate verification.
 	flagNameTLSSkipVerify = "tls-skip-verify"