From 87c34693590a8c5582eb8bf00b36a407d144ec61 Mon Sep 17 00:00:00 2001 From: Julien Date: Mon, 14 Oct 2024 16:07:53 +0200 Subject: [PATCH] Reload certificates even when no CA is used This commit uses the roundtripper that reloads itself even when there is no CA, so when keys and certs are reloaded on disk, we have a new rountripper and we use the new certificates. Signed-off-by: Julien --- config/http_config.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/config/http_config.go b/config/http_config.go index b640b899..e6bdd4c0 100644 --- a/config/http_config.go +++ b/config/http_config.go @@ -679,8 +679,8 @@ func NewRoundTripperFromConfigWithContext(ctx context.Context, cfg HTTPClientCon if err != nil { return nil, err } - if tlsSettings.CA == nil || tlsSettings.CA.Immutable() { - // No need for a RoundTripper that reloads the CA file automatically. + if tlsSettings.immutable() { + // No need for a RoundTripper that reloads the files automatically. return newRT(tlsConfig) } return NewTLSRoundTripperWithContext(ctx, tlsConfig, tlsSettings, newRT) @@ -914,7 +914,7 @@ func (rt *oauth2RoundTripper) newOauth2TokenSource(req *http.Request, secret str if err != nil { return nil, nil, err } - if tlsSettings.CA == nil || tlsSettings.CA.Immutable() { + if tlsSettings.immutable() { t, _ = tlsTransport(tlsConfig) } else { t, err = NewTLSRoundTripperWithContext(req.Context(), tlsConfig, tlsSettings, tlsTransport) @@ -1259,6 +1259,10 @@ type TLSRoundTripperSettings struct { Key SecretReader } +func (t *TLSRoundTripperSettings) immutable() bool { + return (t.CA == nil || t.CA.Immutable()) && (t.Cert == nil || t.Cert.Immutable()) && (t.Key == nil || t.Key.Immutable()) +} + func NewTLSRoundTripper( cfg *tls.Config, settings TLSRoundTripperSettings,