Add new method to access a client config's TLSConfig. (#20265)

hashicorp · Apr 19, 2023 · 5ce3054 · 5ce3054
1 parent caf8323
commit 5ce3054
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/api/client.go b/api/client.go
@@ -203,6 +203,7 @@ type Config struct {
 	// commands such as 'vault operator raft snapshot' as this redirects to the
 	// primary node.
 	DisableRedirects bool
+	clientTLSConfig  *tls.Config
 }
 
 // TLSConfig contains the parameters needed to configure TLS on the HTTP client
@@ -337,10 +338,17 @@ func (c *Config) configureTLS(t *TLSConfig) error {
 	if t.TLSServerName != "" {
 		clientTLSConfig.ServerName = t.TLSServerName
 	}
+	c.clientTLSConfig = clientTLSConfig
 
 	return nil
 }
 
+func (c *Config) TLSConfig() *tls.Config {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+	return c.clientTLSConfig.Clone()
+}
+
 // ConfigureTLS takes a set of TLS configurations and applies those to the
 // HTTP client.
 func (c *Config) ConfigureTLS(t *TLSConfig) error {
@@ -665,6 +673,7 @@ func (c *Client) CloneConfig() *Config {
 	newConfig.CloneHeaders = c.config.CloneHeaders
 	newConfig.CloneToken = c.config.CloneToken
 	newConfig.ReadYourWrites = c.config.ReadYourWrites
+	newConfig.clientTLSConfig = c.config.clientTLSConfig
 
 	// we specifically want a _copy_ of the client here, not a pointer to the original one
 	newClient := *c.config.HttpClient

diff --git a/changelog/20265.txt b/changelog/20265.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+* api: Add Config.TLSConfig method to fetch the TLS configuration from a client config.
+```