-
Notifications
You must be signed in to change notification settings - Fork 782
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VAULT-12940 Add ability to configure Vault client user agent #1725
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SSLCACert string | ||
SSLCAPath string | ||
ServerName string | ||
ClientUserAgent string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❓Do we call this ClientUserAgent
within CreateVaultClientInput
(as opposed to just UserAgent
) because Vault (server) is the client here? Like the client (agent) of the client (server)? :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CreateVaultClientInput
builds a Vault Client, essentially, so ClientUserAgent
determines the User-Agent of that client. As far as why I didn't call it UserAgent
, it's mostly just because I found ClientUserAgent
clearer about what it was doing (setting the client's user agent), personally anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah OK, thanks. 👍🏼
Does that mean for example, that Address
is a client address? I was wondering if there's some fields that are server specific and some that are client specific (ServerName
looks suspicious in that regard).
Sorry it now sounds like a nitpick, I was just trying to understand it... why wouldn't we follow the same format of non-client prefixed fields and just use UserAgent
? It feels a bit redundant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Address
is the server address. Ultimately, this goes into configuring the client, but the inner workings might not be obvious to the user, as we can't assume they're looking at the code.
The configuration is done via HCL, e.g. this:
vault {
address = "https://vault.service.consul:8200"
namespace = ""
client_user_agent = "Consul Template"
#...
Especially in this context, I feel like the 'client' part of the config tells the user something, i.e. that this configuration is for Consul Template's Vault Client. I definitely err on the side of making things as unambiguous as possible. At least to me, user_agent
tells me a lot less than client_user_agent
in that HCL block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, so there are fields here that are related to the server properties which are configured within the client, that makes sense. 😄
What I was alluding to was being able to easily distinguish between the types of setting, so like ServerAddress
and now ClientUserAgent
, so the client specific settings for client and server settings for client were clear in code.
I agree with what you're saying about the clarity for the end-user, I think the HCL config example makes sense. 👍🏼
Maybe worth pointing out that the HCL name isn't the same as the name of the field we use in code though, it's just mapped via:
ClientUserAgent *string `mapstructure:"client_user_agent""`
No more questions from me, thanks!
Added some docs! Let me know if there's anything else you need. Thanks in advance! |
This adds a new configuration item for Vault,
ClientUserAgent
. When set, Consul Template will use the setUser-Agent
when making requests to Vault.This change is being made as part of a broader effort for Vault Agent to send its version as part of a
User-Agent
string in requests to Vault. Agent will then consume the latest version ofconsul-template
, then use this new config to set the correctUser-Agent
.Tests were of course added to validate that this works as expected, but let me know if there's anything else I should be testing as part of this change.