feat: support customize net/http transport

knadh · Sep 13, 2023 · 6b7933a · 6b7933a
1 parent 9360da2
commit 6b7933a
Showing 1 changed file with 7 additions and 13 deletions.
diff --git a/providers/vault/vault.go b/providers/vault/vault.go
@@ -4,7 +4,6 @@ package vault
 
 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"net/http"
 	"time"
@@ -39,13 +38,9 @@ type Config struct {
 	// Internal HTTP client timeout
 	Timeout time.Duration
 
-	// InsecureSkipVerify controls whether a client verifies the server's
-	// certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
-	// accepts any certificate presented by the server and any host name in that
-	// certificate. In this mode, TLS is susceptible to machine-in-the-middle
-	// attacks unless custom verification is used. This should be used only for
-	// testing or in combination with VerifyConnection or VerifyPeerCertificate.
-	InsecureSkipVerify bool
+	// Transport the optional http transport allows you to
+	// customize the settings like disable ssl verification
+	Transport *http.Transport
 
 	// ExcludeMeta states whether the secret should be returned with its metadata.
 	// If ExcludeMeta is true, no metadata will be returned, and the data can be
@@ -62,11 +57,10 @@ type Vault struct {
 
 // Provider returns a provider that takes a Vault config.
 func Provider(cfg Config) *Vault {
-	httpClient := &http.Client{Timeout: cfg.Timeout, Transport: &http.Transport{
-		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: cfg.InsecureSkipVerify,
-		},
-	}}
+	httpClient := &http.Client{Timeout: cfg.Timeout}
+	if cfg.Transport != nil {
+		httpClient.Transport = cfg.Transport
+	}
 	client, err := api.NewClient(&api.Config{Address: cfg.Address, HttpClient: httpClient})
 	if err != nil {
 		return nil