Support custom transport dialer

config/transport.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"net"
 	"runtime"
 	"time"
 )
@@ -36,6 +37,11 @@ var (
 // TransportConfig is the configuration to tune low-level APIs for the
 // interactions on the wire.
 type TransportConfig struct {
+	// CustomDialer overrides the default net.Dial with a custom dialer. This is
+	// useful for instance with Vault Agent Templating to direct Consul Template
+	// requests through an internal cache.
+	CustomDialer TransportDialer `mapstructure:"-"`
+
 	// DialKeepAlive is the amount of time for keep-alives.
 	DialKeepAlive *time.Duration `mapstructure:"dial_keep_alive"`
 
@@ -61,6 +67,12 @@ type TransportConfig struct {
 	TLSHandshakeTimeout *time.Duration `mapstructure:"tls_handshake_timeout"`
 }
 
+// TransportDialer is an interface that allows passing a custom dialer to an
+// HTTP client's transport config
+type TransportDialer interface {
+	Dial(network, address string) (net.Conn, error)
+}
+
 // DefaultTransportConfig returns a configuration that is populated with the
 // default values.
 func DefaultTransportConfig() *TransportConfig {
@@ -75,6 +87,7 @@ func (c *TransportConfig) Copy() *TransportConfig {
 
 	var o TransportConfig
 
+	o.CustomDialer = c.CustomDialer
 	o.DialKeepAlive = c.DialKeepAlive
 	o.DialTimeout = c.DialTimeout
 	o.DisableKeepAlives = c.DisableKeepAlives
@@ -104,6 +117,10 @@ func (c *TransportConfig) Merge(o *TransportConfig) *TransportConfig {
 
 	r := c.Copy()
 
+	if o.CustomDialer != nil {
+		r.CustomDialer = o.CustomDialer
+	}
+
 	if o.DialKeepAlive != nil {
 		r.DialKeepAlive = o.DialKeepAlive
 	}

config/transport_test.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"net"
 	"reflect"
 	"testing"
 	"time"
@@ -33,6 +34,17 @@ func TestTransportConfig_Copy(t *testing.T) {
 				TLSHandshakeTimeout: TimeDuration(30 * time.Second),
 			},
 		},
+		{
+			"same_enabled_custom_dialer",
+			&TransportConfig{
+				CustomDialer:        &net.Dialer{Timeout: 10 * time.Second},
+				DisableKeepAlives:   Bool(true),
+				IdleConnTimeout:     TimeDuration(40 * time.Second),
+				MaxIdleConns:        Int(150),
+				MaxIdleConnsPerHost: Int(15),
+				TLSHandshakeTimeout: TimeDuration(30 * time.Second),
+			},
+		},
 	}
 
 	for i, tc := range cases {
@@ -245,6 +257,30 @@ func TestTransportConfig_Merge(t *testing.T) {
 			&TransportConfig{TLSHandshakeTimeout: TimeDuration(10 * time.Second)},
 			&TransportConfig{TLSHandshakeTimeout: TimeDuration(10 * time.Second)},
 		},
+		{
+			"custom_transport_dialer",
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 20 * time.Second}},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 20 * time.Second}},
+		},
+		{
+			"custom_transport_dialer_empty_one",
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+			&TransportConfig{},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+		},
+		{
+			"custom_transport_dialer_empty_two",
+			&TransportConfig{},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+		},
+		{
+			"custom_transport_dialer_same",
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+			&TransportConfig{CustomDialer: &net.Dialer{Timeout: 10 * time.Second}},
+		},
 	}
 
 	for i, tc := range cases {

dependency/client_set.go

@@ -12,6 +12,8 @@ import (
 	consulapi "github.com/hashicorp/consul/api"
 	rootcerts "github.com/hashicorp/go-rootcerts"
 	vaultapi "github.com/hashicorp/vault/api"
+
+	"github.com/hashicorp/consul-template/config"
 )
 
 // ClientSet is a collection of clients that dependencies use to communicate
@@ -74,6 +76,7 @@ type CreateVaultClientInput struct {
 	SSLCAPath   string
 	ServerName  string
 
+	TransportCustomDialer        config.TransportDialer
 	TransportDialKeepAlive       time.Duration
 	TransportDialTimeout         time.Duration
 	TransportDisableKeepAlives   bool
@@ -202,12 +205,19 @@ func (c *ClientSet) CreateVaultClient(i *CreateVaultClientInput) error {
 	}
 
 	// This transport will attempt to keep connections open to the Vault server.
+	var dialer config.TransportDialer
+	dialer = &net.Dialer{
+		Timeout:   i.TransportDialTimeout,
+		KeepAlive: i.TransportDialKeepAlive,
+	}
+
+	if i.TransportCustomDialer != nil {
+		dialer = i.TransportCustomDialer
+	}
+
 	transport := &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		Dial: (&net.Dialer{
-			Timeout:   i.TransportDialTimeout,
-			KeepAlive: i.TransportDialKeepAlive,
-		}).Dial,
+		Proxy:               http.ProxyFromEnvironment,
+		Dial:                dialer.Dial,
 		DisableKeepAlives:   i.TransportDisableKeepAlives,
 		MaxIdleConns:        i.TransportMaxIdleConns,
 		IdleConnTimeout:     i.TransportIdleConnTimeout,

manager/runner.go

@@ -1284,6 +1284,7 @@ func newClientSet(c *config.Config) (*dep.ClientSet, error) {
 		SSLCACert:                    config.StringVal(c.Vault.SSL.CaCert),
 		SSLCAPath:                    config.StringVal(c.Vault.SSL.CaPath),
 		ServerName:                   config.StringVal(c.Vault.SSL.ServerName),
+		TransportCustomDialer:        c.Vault.Transport.CustomDialer,
 		TransportDialKeepAlive:       config.TimeDurationVal(c.Vault.Transport.DialKeepAlive),
 		TransportDialTimeout:         config.TimeDurationVal(c.Vault.Transport.DialTimeout),
 		TransportDisableKeepAlives:   config.BoolVal(c.Vault.Transport.DisableKeepAlives),