diff --git a/CHANGELOG.md b/CHANGELOG.md index db48fcbe09b..b294f9a3d2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,8 @@ BUG FIXES: * client/artifact: Handle tars where file in directory is listed before directory [GH-2524] * client/config: Use `cpu_total_compute` whenever it is set [GH-2745] + * client/config: Respect `vault.tls_server_name` setting in consul-template + [GH-2793] * driver/exec: Properly set file/dir ownership in chroots [GH-2552] * driver/docker: Fix panic in Docker driver on Windows [GH-2614] * driver/rkt: Fix env var interpolation [GH-2777] diff --git a/client/consul_template.go b/client/consul_template.go index dd71e89a7a3..00b6020b338 100644 --- a/client/consul_template.go +++ b/client/consul_template.go @@ -485,21 +485,23 @@ func runnerConfig(config *config.Config, vaultToken string) (*ctconf.Config, err skipVerify := config.VaultConfig.TLSSkipVerify != nil && *config.VaultConfig.TLSSkipVerify verify := !skipVerify conf.Vault.SSL = &ctconf.SSLConfig{ - Enabled: &t, - Verify: &verify, - Cert: &config.VaultConfig.TLSCertFile, - Key: &config.VaultConfig.TLSKeyFile, - CaCert: &config.VaultConfig.TLSCaFile, - CaPath: &config.VaultConfig.TLSCaPath, + Enabled: &t, + Verify: &verify, + Cert: &config.VaultConfig.TLSCertFile, + Key: &config.VaultConfig.TLSKeyFile, + CaCert: &config.VaultConfig.TLSCaFile, + CaPath: &config.VaultConfig.TLSCaPath, + ServerName: &config.VaultConfig.TLSServerName, } } else { conf.Vault.SSL = &ctconf.SSLConfig{ - Enabled: &f, - Verify: &f, - Cert: &emptyStr, - Key: &emptyStr, - CaCert: &emptyStr, - CaPath: &emptyStr, + Enabled: &f, + Verify: &f, + Cert: &emptyStr, + Key: &emptyStr, + CaCert: &emptyStr, + CaPath: &emptyStr, + ServerName: &emptyStr, } } } diff --git a/client/consul_template_test.go b/client/consul_template_test.go index 246a2197aef..2631d0abf8c 100644 --- a/client/consul_template_test.go +++ b/client/consul_template_test.go @@ -13,6 +13,7 @@ import ( ctestutil "github.com/hashicorp/consul/testutil" "github.com/hashicorp/nomad/client/config" "github.com/hashicorp/nomad/client/driver/env" + "github.com/hashicorp/nomad/helper" "github.com/hashicorp/nomad/nomad/mock" "github.com/hashicorp/nomad/nomad/structs" sconfig "github.com/hashicorp/nomad/nomad/structs/config" @@ -1033,3 +1034,22 @@ func TestTaskTemplateManager_Env_Multi(t *testing.T) { t.Errorf("expected FOO=bar but found %q", vars["yup"]) } } + +// TestTaskTemplateManager_Config_ServerName asserts the tls_server_name +// setting is propogated to consul-template's configuration. See #2776 +func TestTaskTemplateManager_Config_ServerName(t *testing.T) { + c := config.DefaultConfig() + c.VaultConfig = &sconfig.VaultConfig{ + Enabled: helper.BoolToPtr(true), + Addr: "https://localhost/", + TLSServerName: "notlocalhost", + } + ctconf, err := runnerConfig(c, "token") + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + + if *ctconf.Vault.SSL.ServerName != c.VaultConfig.TLSServerName { + t.Fatalf("expected %q but found %q", c.VaultConfig.TLSServerName, *ctconf.Vault.SSL.ServerName) + } +}