From b39bfbbd5b89bcd216759bb7ed68e3ddb327ce2d Mon Sep 17 00:00:00 2001
From: Dave Du Cros <davidducros@gmail.com>
Date: Fri, 10 Sep 2021 15:31:02 +0100
Subject: [PATCH] patch to support VAULT_HTTP_PROXY variable

---
 api/client.go | 36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/api/client.go b/api/client.go
index 870dee7764ba8..37819264cc517 100644
--- a/api/client.go
+++ b/api/client.go
@@ -42,6 +42,7 @@ const (
 	EnvVaultToken         = "VAULT_TOKEN"
 	EnvVaultMFA           = "VAULT_MFA"
 	EnvRateLimit          = "VAULT_RATE_LIMIT"
+	EnvHttpProxy          = "VAULT_HTTP_PROXY"
 )
 
 // Deprecated values
@@ -79,6 +80,8 @@ type Config struct {
 	// (or http.DefaultClient).
 	HttpClient *http.Client
 
+	HttpProxy string
+
 	// MinRetryWait controls the minimum time to wait before retrying when a 5xx
 	// error occurs. Defaults to 1000 milliseconds.
 	MinRetryWait time.Duration
@@ -173,6 +176,25 @@ func DefaultConfig() *Config {
 		Backoff:      retryablehttp.LinearJitterBackoff,
 	}
 
+	if err := config.ReadEnvironment(); err != nil {
+		config.Error = err
+		return config
+	}
+
+	if config.HttpProxy != "" {
+		url, err := url.Parse(config.HttpProxy)
+		if err != nil {
+			config.Error = err
+			return config
+		}
+
+		proxied_transport := cleanhttp.DefaultPooledTransport()
+		proxied_transport.Proxy = http.ProxyURL(url)
+		config.HttpClient = &http.Client{
+			Transport: proxied_transport,
+		}
+	}
+
 	transport := config.HttpClient.Transport.(*http.Transport)
 	transport.TLSHandshakeTimeout = 10 * time.Second
 	transport.TLSClientConfig = &tls.Config{
@@ -183,11 +205,6 @@ func DefaultConfig() *Config {
 		return config
 	}
 
-	if err := config.ReadEnvironment(); err != nil {
-		config.Error = err
-		return config
-	}
-
 	// Ensure redirects are not automatically followed
 	// Note that this is sane for the API client as it has its own
 	// redirect handling logic (and thus also for command/meta),
@@ -271,6 +288,7 @@ func (c *Config) ReadEnvironment() error {
 	var envMaxRetries *uint64
 	var envSRVLookup bool
 	var limit *rate.Limiter
+	var envHttpProxy string
 
 	// Parse the environment variables
 	if v := os.Getenv(EnvVaultAddress); v != "" {
@@ -339,6 +357,10 @@ func (c *Config) ReadEnvironment() error {
 		envTLSServerName = v
 	}
 
+	if v := os.Getenv(EnvHttpProxy); v != "" {
+		envHttpProxy = v
+	}
+
 	// Configure the HTTP clients TLS configuration.
 	t := &TLSConfig{
 		CACert:        envCACert,
@@ -375,6 +397,10 @@ func (c *Config) ReadEnvironment() error {
 		c.Timeout = envClientTimeout
 	}
 
+	if envHttpProxy != "" {
+		c.HttpProxy = envHttpProxy
+	}
+
 	return nil
 }