Ability to set NoProxy on the HTTP client

[deberhar]

Ability to set NoProxy on the HTTP client

Good afternoon, would it be possible to expose a way to set NoProxy=true on the underlying HttpClient? This would be helpful for working around proxy-configuration issues in our environment.

VaultSharp itself offers PostProcessHttpClientHandlerAction as a way to perform arbitrary configuration on the HttpClient. One approach might be to expose access through a similar Action<HttpClientHandler>? property added to VaultOptions, which if set, could be invoked by VaultConfigurationProvider before the existing AcceptInsecureConnections-handling code. This could then be leveraged by developers to adjust proxy settings (or make other HttpClient tweaks) as needed.

An alternative approach might be to more narrowly add support for a NoProxy option in VaultOptions and apply that explicitly in VaultConfigurationProvider's PostProcessHttpClientHandlerAction handler, if you'd prefer.

Happy to submit a PR for this; just let me know your preferred approach please.

[MrZoidberg]

Will take a look in nearest time. thanks

[MrZoidberg]

@deberhar I would like to implement the first approach, it looks reasonable. However, I'm struggling to write an integration test for it. Would you mind elaborating what are the preconditions when current version fails?

[deberhar]

Hi @MrZoidberg,
Preconditions are as follows: we have a system-wide HTTP proxy set via Windows AD policy on all domain-connected PCs, including developer PCs. Access to our Vault servers is restricted; the web proxies are not permitted to connect to them. While secured and firewall-restricted, there is a desire not to advertise the Vault server addresses domain-wide via the PAC file. This presents a difficulty during local development, since traffic would be routed via the proxy and blocked from reaching the Vault servers. In our environment, traffic to our Vault servers should never be tunneled through a proxy. Thus, having a mechanism by which we can set the HttpClientHandler's NoProxy property to false when configuring the Vault ConfigurationProvider would address the issue.

In my opinion, it's not necessary to try to verify the actual HTTP client's proxy behavior in the unit test for the VaultSharp configuration provider; having the test verify that the hook method is (if installed) invoked and that the HttpClientHandler is passed in is probably sufficient.

I've just sent you PR #52 for your consideration, which implements this change and the verify-invoked unit test. Unfortunately, I don't have Docker for Windows available -- would you please verify the new test is passing before merging? (if not, poke me and I'll fix it...)

Thank you!