From 37604ad3350262414ec81312c8eecd9d0ce53118 Mon Sep 17 00:00:00 2001 From: Guillaume Smet Date: Wed, 19 May 2021 19:06:13 +0200 Subject: [PATCH] Support nonProxyHosts for Vault client Fixes #16453 --- .../runtime/client/MutinyVertxClientFactory.java | 4 ++++ .../vault/runtime/config/VaultBootstrapConfig.java | 11 +++++++++++ .../quarkus/vault/runtime/VaultAuthManagerTest.java | 1 + .../io/quarkus/vault/runtime/VaultDbManagerTest.java | 1 + .../io/quarkus/vault/test/VaultTestExtension.java | 1 + 5 files changed, 18 insertions(+) diff --git a/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/client/MutinyVertxClientFactory.java b/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/client/MutinyVertxClientFactory.java index b4ebe50c3fa29..35ad4f4ba25d2 100644 --- a/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/client/MutinyVertxClientFactory.java +++ b/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/client/MutinyVertxClientFactory.java @@ -22,6 +22,10 @@ public static WebClient createHttpClient(Vertx vertx, VaultBootstrapConfig vault .setConnectTimeout((int) vaultBootstrapConfig.connectTimeout.toMillis()) .setIdleTimeout((int) vaultBootstrapConfig.readTimeout.getSeconds()); + if (vaultBootstrapConfig.nonProxyHosts.isPresent()) { + options.setNonProxyHosts(vaultBootstrapConfig.nonProxyHosts.get()); + } + boolean trustAll = vaultBootstrapConfig.tls.skipVerify.orElseGet(() -> tlsConfig.trustAll); if (trustAll) { skipVerify(options); diff --git a/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultBootstrapConfig.java b/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultBootstrapConfig.java index 5f82842529cff..561d38880d953 100644 --- a/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultBootstrapConfig.java +++ b/extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultBootstrapConfig.java @@ -210,6 +210,17 @@ public class VaultBootstrapConfig { @ConfigItem(defaultValue = DEFAULT_READ_TIMEOUT) public Duration readTimeout; + /** + * List of remote hosts that are not proxied when the client is configured to use a proxy. This + * list serves the same purpose as the JVM {@code nonProxyHosts} configuration. + * + *

+ * Entries can use the * wildcard character for pattern matching, e.g *.example.com matches + * www.example.com. + */ + @ConfigItem + public Optional> nonProxyHosts; + /** * List of named credentials providers, such as: `quarkus.vault.credentials-provider.foo.kv-path=mypath` *

diff --git a/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultAuthManagerTest.java b/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultAuthManagerTest.java index 24e9dd84173de..fd9302df8368d 100644 --- a/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultAuthManagerTest.java +++ b/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultAuthManagerTest.java @@ -125,6 +125,7 @@ private VaultBootstrapConfig createConfig() { config.authentication.userpass.passwordWrappingToken = Optional.empty(); config.connectTimeout = Duration.ofSeconds(1); config.readTimeout = Duration.ofSeconds(1); + config.nonProxyHosts = Optional.empty(); config.tls.skipVerify = Optional.of(true); config.logConfidentialityLevel = LogConfidentialityLevel.LOW; config.renewGracePeriod = Duration.ofSeconds(3); diff --git a/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultDbManagerTest.java b/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultDbManagerTest.java index 3437587327e03..76fde7c66d141 100644 --- a/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultDbManagerTest.java +++ b/extensions/vault/runtime/src/test/java/io/quarkus/vault/runtime/VaultDbManagerTest.java @@ -135,6 +135,7 @@ private VaultBootstrapConfig createConfig() { config.authentication.userpass.passwordWrappingToken = Optional.empty(); config.connectTimeout = Duration.ofSeconds(1); config.readTimeout = Duration.ofSeconds(1); + config.nonProxyHosts = Optional.empty(); config.tls.skipVerify = Optional.of(true); config.logConfidentialityLevel = LogConfidentialityLevel.LOW; config.renewGracePeriod = Duration.ofSeconds(3); diff --git a/test-framework/vault/src/main/java/io/quarkus/vault/test/VaultTestExtension.java b/test-framework/vault/src/main/java/io/quarkus/vault/test/VaultTestExtension.java index 33b33f608efc2..3d496359b764f 100644 --- a/test-framework/vault/src/main/java/io/quarkus/vault/test/VaultTestExtension.java +++ b/test-framework/vault/src/main/java/io/quarkus/vault/test/VaultTestExtension.java @@ -178,6 +178,7 @@ private TestVaultClient createVaultClient() { vaultBootstrapConfig.tls.caCert = Optional.empty(); vaultBootstrapConfig.connectTimeout = Duration.ofSeconds(5); vaultBootstrapConfig.readTimeout = Duration.ofSeconds(1); + vaultBootstrapConfig.nonProxyHosts = Optional.empty(); vaultBootstrapConfig.authentication = new VaultAuthenticationConfig(); vaultBootstrapConfig.authentication.kubernetes = new VaultKubernetesAuthenticationConfig(); return new TestVaultClient(new VaultConfigHolder().setVaultBootstrapConfig(vaultBootstrapConfig));