Expose VaultSharp's PostProcessHttpClientHandlerAction hook

Expose PostProcessHttpClientHandlerAction via the VaultSharp configuration provider settings. This allows arbitrary customizations to the underlying HTTP client, such as customizing HTTP proxy settings.
MrZoidberg · Feb 6, 2024 · 0992b65 · 0992b65
1 parent ec06b46
commit 0992b65
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/Source/VaultSharp.Extensions.Configuration/VaultConfigurationProvider.cs b/Source/VaultSharp.Extensions.Configuration/VaultConfigurationProvider.cs
@@ -92,6 +92,8 @@ public override void Load()
                                 {
                                     clientHandler.ServerCertificateCustomValidationCallback = this.ConfigurationSource.Options.ServerCertificateCustomValidationCallback;
                                 }
+
+                                this.ConfigurationSource.Options.PostProcessHttpClientHandlerAction?.Invoke(clientHandler);
                             }
                         }
                     };

diff --git a/Source/VaultSharp.Extensions.Configuration/VaultOptions.cs b/Source/VaultSharp.Extensions.Configuration/VaultOptions.cs
@@ -163,5 +163,17 @@ public VaultOptions(
         /// An optional action to post-process the HttpClientHandler. Used to manually validate the server certificate. Ignored if AcceptInsecureConnection is true.
         /// </summary>
         public Func<HttpRequestMessage, X509Certificate2?, X509Chain?, SslPolicyErrors, bool>? ServerCertificateCustomValidationCallback { get; set;}
+
+        /// <summary>
+        /// An optional hook to allow custom configuration of the HttpClientHandler.
+        /// This is useful if you need to customize the HTTP client's proxy settings, for example.
+        /// </summary>
+        /// <remarks>
+        /// The action will be invoked after the VaultSharp provider applies the AcceptInsecureConnection and ServerCertificateCustomValidationCallback
+        /// customizations, if you enabled them.  Be aware that if you overwrite the HttpMessageHandler's ServerCertificateCustomValidationCallback 
+        /// in your action-handler method, you will cancel out the effect of enabling the AcceptInsecureConnection and/or
+        /// ServerCertificateCustomValidationCallback options.
+        /// </remarks>
+        public Action<HttpMessageHandler>? PostProcessHttpClientHandlerAction { get; set; }
     }
 }
diff --git a/Tests/VaultSharp.Extensions.Configuration.Test/IntegrationTests.cs b/Tests/VaultSharp.Extensions.Configuration.Test/IntegrationTests.cs
@@ -616,6 +616,58 @@ public async Task Failure_PermissionDenied()
                     It.Is<Func<It.IsAnyType, Exception?, string>>((v, t) => true)), Times.Once);
 
         }
+
+        [Fact]
+        public async Task Success_Proxy_Verify_Custom_Hook_Invoked()
+        {
+            // arrange
+            using CancellationTokenSource cts = new CancellationTokenSource();
+            var values =
+              new Dictionary<string, IEnumerable<KeyValuePair<string, object>>>
+              {
+                    {
+                        "myservice-config", new[]
+                        {
+                            new KeyValuePair<string, object>("option1", "value1"),
+                            new KeyValuePair<string, object>("subsection", new {option2 = "value2"}),
+                        }
+                    },
+              };
+
+            var container = this.PrepareVaultContainer();
+            try
+            {
+                await container.StartAsync(cts.Token).ConfigureAwait(false);
+                await this.LoadDataAsync("http://localhost:8200", values).ConfigureAwait(false);
+
+                // Moq mock of PostProcessHttpClientHandlerAction implementation:
+                var mockConfigureProxyAction = new Mock<Action<HttpMessageHandler>>();
+
+                // act
+                ConfigurationBuilder builder = new ConfigurationBuilder();
+                builder.AddVaultConfiguration(
+                    () => new VaultOptions("http://localhost:8200", new TokenAuthMethodInfo("root"), reloadOnChange: true, reloadCheckIntervalSeconds: 10, omitVaultKeyName: true)
+                    {
+                        PostProcessHttpClientHandlerAction = mockConfigureProxyAction.Object
+                    },
+                    "myservice-config",
+                    "secret",
+                    this.logger);
+                var configurationRoot = builder.Build();
+
+                // assert secrets were loaded successfully:
+                configurationRoot.GetValue<string>("option1").Should().Be("value1");
+                configurationRoot.GetSection("subsection").GetValue<string>("option2").Should().Be("value2");
+
+                // assert that PostProcessHttpClientHandlerAction was actually invoked, and a HttpMessageHandler was passed:
+                mockConfigureProxyAction.Verify(x => x(It.IsAny<HttpMessageHandler>()), Times.Once);
+            }
+            finally
+            {
+                cts.Cancel();
+                await container.DisposeAsync().ConfigureAwait(false);
+            }
+        }
     }
 
     public class TestConfigObject
-Original file line number
+Diff line change
@@ Expand Up / @@ -92,6 +92,8 @@ public override void Load() @@
                                     {
                                         clientHandler.ServerCertificateCustomValidationCallback = this.ConfigurationSource.Options.ServerCertificateCustomValidationCallback;
                                     }
+                                    this.ConfigurationSource.Options.PostProcessHttpClientHandlerAction?.Invoke(clientHandler);
                                 }
                             }
                         };
@@ Expand Down @@