diff --git a/config/http_config.go b/config/http_config.go index 3fb120a0..bf52ce32 100644 --- a/config/http_config.go +++ b/config/http_config.go @@ -161,6 +161,8 @@ type OAuth2 struct { TokenURL string `yaml:"token_url" json:"token_url"` EndpointParams map[string]string `yaml:"endpoint_params,omitempty" json:"endpoint_params,omitempty"` + // HTTP proxy server to use to connect to the targets. + ProxyURL URL `yaml:"proxy_url,omitempty" json:"proxy_url,omitempty"` // TLSConfig is used to connect to the token URL. TLSConfig TLSConfig `yaml:"tls_config,omitempty"` } @@ -606,10 +608,16 @@ func (rt *oauth2RoundTripper) RoundTrip(req *http.Request) (*http.Response, erro var t http.RoundTripper if len(rt.config.TLSConfig.CAFile) == 0 { - t = &http.Transport{TLSClientConfig: tlsConfig} + t = &http.Transport{ + TLSClientConfig: tlsConfig, + Proxy: http.ProxyURL(rt.config.ProxyURL.URL), + } } else { t, err = NewTLSRoundTripper(tlsConfig, rt.config.TLSConfig.CAFile, func(tls *tls.Config) (http.RoundTripper, error) { - return &http.Transport{TLSClientConfig: tls}, nil + return &http.Transport{ + TLSClientConfig: tls, + Proxy: http.ProxyURL(rt.config.ProxyURL.URL), + }, nil }) if err != nil { return nil, err diff --git a/config/http_config_test.go b/config/http_config_test.go index 4f664773..429ad227 100644 --- a/config/http_config_test.go +++ b/config/http_config_test.go @@ -1482,3 +1482,10 @@ func TestMarshalURLWithSecret(t *testing.T) { t.Fatalf("URL not properly marshaled in YAML, got '%s'", string(b)) } } + +func TestOAuth2Proxy(t *testing.T) { + _, _, err := LoadHTTPConfigFile("testdata/http.conf.oauth2-proxy.good.yml") + if err != nil { + t.Errorf("Error loading OAuth2 client config: %v", err) + } +} diff --git a/config/testdata/http.conf.oauth2-proxy.good.yml b/config/testdata/http.conf.oauth2-proxy.good.yml new file mode 100644 index 00000000..881bca54 --- /dev/null +++ b/config/testdata/http.conf.oauth2-proxy.good.yml @@ -0,0 +1,5 @@ +oauth2: + client_id: "myclient" + client_secret: "mysecret" + token_url: "http://auth" + proxy_url: "http://foo"