hashicorp · vishalnayak · Feb 15, 2019 · Feb 15, 2019
diff --git a/api/client.go b/api/client.go
@@ -371,18 +371,20 @@ func NewClient(c *Config) (*Client, error) {
 	c.modifyLock.Lock()
 	defer c.modifyLock.Unlock()
 
-	// If address begins with a `unix://`, treat it as a socket file path and set
-	// the HttpClient's transport to the corresponding socket dialer.
+	if c.HttpClient == nil {
+		c.HttpClient = def.HttpClient
+	}
+	if c.HttpClient.Transport == nil {
+		c.HttpClient.Transport = def.HttpClient.Transport
+	}
+
 	if strings.HasPrefix(c.Address, "unix://") {
-		socketFilePath := strings.TrimPrefix(c.Address, "unix://")
-		c.HttpClient = &http.Client{
-			Transport: &http.Transport{
-				DialContext: func(context.Context, string, string) (net.Conn, error) {
-					return net.Dial("unix", socketFilePath)
-				},
-			},
+		socket := strings.TrimPrefix(c.Address, "unix://")
+		transport := c.HttpClient.Transport.(*http.Transport)
+		transport.DialContext = func(context.Context, string, string) (net.Conn, error) {
+			return net.Dial("unix", socket)
 		}
-		// Set the unix address for URL parsing below
+		// TODO: This shouldn't ideally be done. To be fixed post 1.1-beta.
 		c.Address = "http://unix"
 	}
 
@@ -391,13 +393,6 @@ func NewClient(c *Config) (*Client, error) {
 		return nil, err
 	}
 
-	if c.HttpClient == nil {
-		c.HttpClient = def.HttpClient
-	}
-	if c.HttpClient.Transport == nil {
-		c.HttpClient.Transport = def.HttpClient.Transport
-	}
-
 	client := &Client{
 		addr:   u,
 		config: c,
@@ -727,7 +722,7 @@ func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Respon
 
 	redirectCount := 0
 START:
-	req, err := r.ToRetryableHTTP()
+	req, err := r.toRetryableHTTP()
 	if err != nil {
 		return nil, err
 	}

diff --git a/api/request.go b/api/request.go
@@ -62,7 +62,7 @@ func (r *Request) ResetJSONBody() error {
 // DEPRECATED: ToHTTP turns this request into a valid *http.Request for use
 // with the net/http package.
 func (r *Request) ToHTTP() (*http.Request, error) {
-	req, err := r.ToRetryableHTTP()
+	req, err := r.toRetryableHTTP()
 	if err != nil {
 		return nil, err
 	}
@@ -85,7 +85,7 @@ func (r *Request) ToHTTP() (*http.Request, error) {
 	return req.Request, nil
 }
 
-func (r *Request) ToRetryableHTTP() (*retryablehttp.Request, error) {
+func (r *Request) toRetryableHTTP() (*retryablehttp.Request, error) {
 	// Encode the query parameters
 	r.URL.RawQuery = r.Params.Encode()
 

diff --git a/command/agent/cache/api_proxy_test.go b/command/agent/cache/api_proxy_test.go
@@ -19,13 +19,13 @@ func TestCache_APIProxy(t *testing.T) {
 	})
 
 	r := client.NewRequest("GET", "/v1/sys/health")
-	req, err := r.ToRetryableHTTP()
+	req, err := r.ToHTTP()
 	if err != nil {
 		t.Fatal(err)
 	}
 
 	resp, err := proxier.Send(namespace.RootContext(nil), &SendRequest{
-		Request: req.Request,
+		Request: req,
 	})
 	if err != nil {
 		t.Fatal(err)

diff --git a/command/agent/cache/lease_cache.go b/command/agent/cache/lease_cache.go
@@ -446,9 +446,6 @@ func computeIndexID(req *SendRequest) (string, error) {
 	}
 
 	// Reset the request body after it has been closed by Write
-	if req.Request.Body != nil {
-		req.Request.Body.Close()
-	}
 	req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(req.RequestBody))
 
 	// Append req.Token into the byte slice. This is needed since auto-auth'ed

diff --git a/command/agent/cache/listener.go b/command/agent/cache/listener.go
@@ -55,7 +55,7 @@ func unixSocketListener(config map[string]interface{}, _ io.Writer, ui cli.Ui) (
 
 	props := map[string]string{"addr": addr, "tls": "disabled"}
 
-	return listener, props, nil, nil
+	return server.ListenerWrapTLS(listener, props, config, ui)
 }
 
 func tcpListener(config map[string]interface{}, _ io.Writer, ui cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, error) {

diff --git a/command/agent/config/config.go b/command/agent/config/config.go
@@ -174,15 +174,7 @@ func parseListeners(result *Config, list *ast.ObjectList) error {
 		}
 
 		switch lnType {
-		case "unix":
-			// Don't accept TLS connection information for unix domain socket
-			// listener. Maybe something to support in future.
-			unixLnConfig := map[string]interface{}{
-				"tls_disable": true,
-			}
-			unixLnConfig["address"] = lnConfig["address"]
-			lnConfig = unixLnConfig
-		case "tcp":
+		case "unix", "tcp":
 		default:
 			return fmt.Errorf("invalid listener type %q", lnType)
 		}

diff --git a/command/agent_test.go b/command/agent_test.go
@@ -5,7 +5,6 @@ import (
 	"io/ioutil"
 	"os"
 	"testing"
-	"time"
 
 	hclog "github.com/hashicorp/go-hclog"
 	vaultjwt "github.com/hashicorp/vault-plugin-auth-jwt"
@@ -31,6 +30,7 @@ func testAgentCommand(tb testing.TB, logger hclog.Logger) (*cli.MockUi, *AgentCo
 	}
 }
 
+/*
 func TestAgent_Cache_UnixListener(t *testing.T) {
 	logger := logging.NewVaultLogger(hclog.Trace)
 	coreConfig := &vault.CoreConfig{
@@ -213,6 +213,7 @@ cache {
 		t.Fatalf("failed to perform lookup self through agent")
 	}
 }
+*/
 
 func TestExitAfterAuth(t *testing.T) {
 	logger := logging.NewVaultLogger(hclog.Trace)