Propagate vault.tls_server_name to consul-template

Fixes #2776
2026-01-04 09:25:46 +03:00 · 2017-07-06 16:50:52 -07:00
parent 4f150e1650
commit 3bf148bc05
2 changed files with 34 additions and 12 deletions
--- a/client/consul_template.go
+++ b/client/consul_template.go
@@ -485,21 +485,23 @@ func runnerConfig(config *config.Config, vaultToken string) (*ctconf.Config, err
 			skipVerify := config.VaultConfig.TLSSkipVerify != nil && *config.VaultConfig.TLSSkipVerify
 			verify := !skipVerify
 			conf.Vault.SSL = &ctconf.SSLConfig{
-				Enabled: &t,
-				Verify:  &verify,
-				Cert:    &config.VaultConfig.TLSCertFile,
-				Key:     &config.VaultConfig.TLSKeyFile,
-				CaCert:  &config.VaultConfig.TLSCaFile,
-				CaPath:  &config.VaultConfig.TLSCaPath,
+				Enabled:    &t,
+				Verify:     &verify,
+				Cert:       &config.VaultConfig.TLSCertFile,
+				Key:        &config.VaultConfig.TLSKeyFile,
+				CaCert:     &config.VaultConfig.TLSCaFile,
+				CaPath:     &config.VaultConfig.TLSCaPath,
+				ServerName: &config.VaultConfig.TLSServerName,
 			}
 		} else {
 			conf.Vault.SSL = &ctconf.SSLConfig{
-				Enabled: &f,
-				Verify:  &f,
-				Cert:    &emptyStr,
-				Key:     &emptyStr,
-				CaCert:  &emptyStr,
-				CaPath:  &emptyStr,
+				Enabled:    &f,
+				Verify:     &f,
+				Cert:       &emptyStr,
+				Key:        &emptyStr,
+				CaCert:     &emptyStr,
+				CaPath:     &emptyStr,
+				ServerName: &emptyStr,
 			}
 		}
 	}
--- a/client/consul_template_test.go
+++ b/client/consul_template_test.go
@@ -13,6 +13,7 @@ import (
 	ctestutil "github.com/hashicorp/consul/testutil"
 	"github.com/hashicorp/nomad/client/config"
 	"github.com/hashicorp/nomad/client/driver/env"
+	"github.com/hashicorp/nomad/helper"
 	"github.com/hashicorp/nomad/nomad/mock"
 	"github.com/hashicorp/nomad/nomad/structs"
 	sconfig "github.com/hashicorp/nomad/nomad/structs/config"
@@ -1033,3 +1034,22 @@ func TestTaskTemplateManager_Env_Multi(t *testing.T) {
 		t.Errorf("expected FOO=bar but found %q", vars["yup"])
 	}
 }
+
+// TestTaskTemplateManager_Config_ServerName asserts the tls_server_name
+// setting is propogated to consul-template's configuration. See #2776
+func TestTaskTemplateManager_Config_ServerName(t *testing.T) {
+	c := config.DefaultConfig()
+	c.VaultConfig = &sconfig.VaultConfig{
+		Enabled:       helper.BoolToPtr(true),
+		Addr:          "https://localhost/",
+		TLSServerName: "notlocalhost",
+	}
+	ctconf, err := runnerConfig(c, "token")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if *ctconf.Vault.SSL.ServerName != c.VaultConfig.TLSServerName {
+		t.Fatalf("expected %q but found %q", c.VaultConfig.TLSServerName, *ctconf.Vault.SSL.ServerName)
+	}
+}