From 060a47409f6dee10e2ceede0fefed12acd449cc1 Mon Sep 17 00:00:00 2001 From: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com> Date: Wed, 1 Dec 2021 12:07:48 -0500 Subject: [PATCH] Override TLS flags individually for meta commands (#11592) * Override TLS flags individually for meta commands * Update command/meta.go Co-authored-by: Tim Gross Co-authored-by: Tim Gross --- command/meta.go | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/command/meta.go b/command/meta.go index 725f8ac9c9d..f4e6d0dac6e 100644 --- a/command/meta.go +++ b/command/meta.go @@ -115,6 +115,7 @@ type ApiClientFactory func() (*api.Client, error) // the default command line arguments and env vars. func (m *Meta) clientConfig() *api.Config { config := api.DefaultConfig() + if m.flagAddress != "" { config.Address = m.flagAddress } @@ -125,23 +126,36 @@ func (m *Meta) clientConfig() *api.Config { config.Namespace = m.namespace } - // If we need custom TLS configuration, then set it - if m.caCert != "" || m.caPath != "" || m.clientCert != "" || m.clientKey != "" || m.tlsServerName != "" || m.insecure { - t := &api.TLSConfig{ - CACert: m.caCert, - CAPath: m.caPath, - ClientCert: m.clientCert, - ClientKey: m.clientKey, - TLSServerName: m.tlsServerName, - Insecure: m.insecure, - } - config.TLSConfig = t - } - if m.token != "" { config.SecretID = m.token } + // Override TLS configuration fields we may have received from env vars with + // flag arguments from the user only if they're provided. + if m.caCert != "" { + config.TLSConfig.CACert = m.caCert + } + + if m.caPath != "" { + config.TLSConfig.CAPath = m.caPath + } + + if m.clientCert != "" { + config.TLSConfig.ClientCert = m.clientCert + } + + if m.clientKey != "" { + config.TLSConfig.ClientKey = m.clientKey + } + + if m.tlsServerName != "" { + config.TLSConfig.TLSServerName = m.tlsServerName + } + + if m.insecure { + config.TLSConfig.Insecure = m.insecure + } + return config }