http_config: Allow customizing TLS config and settings.

Signed-off-by: bwplotka <[email protected]>
prometheus · Jan 16, 2025 · ca379f3 · ca379f3
1 parent 8d916fa
commit ca379f3
Showing 1 changed file with 28 additions and 7 deletions.
diff --git a/config/http_config.go b/config/http_config.go
@@ -453,13 +453,14 @@ func (a *BasicAuth) UnmarshalYAML(unmarshal func(interface{}) error) error {
 type DialContextFunc func(context.Context, string, string) (net.Conn, error)
 
 type httpClientOptions struct {
-	dialContextFunc   DialContextFunc
-	keepAlivesEnabled bool
-	http2Enabled      bool
-	idleConnTimeout   time.Duration
-	userAgent         string
-	host              string
-	secretManager     SecretManager
+	dialContextFunc     DialContextFunc
+	keepAlivesEnabled   bool
+	http2Enabled        bool
+	idleConnTimeout     time.Duration
+	userAgent           string
+	host                string
+	secretManager       SecretManager
+	extendTLSConfigFunc TLSConfigExtension
 }
 
 // HTTPClientOption defines an option that can be applied to the HTTP client.
@@ -515,6 +516,17 @@ func WithHost(host string) HTTPClientOption {
 	})
 }
 
+// TLSConfigExtension modifies the given tls config and settings.
+type TLSConfigExtension func(*tls.Config, TLSRoundTripperSettings) (*tls.Config, TLSRoundTripperSettings, error)
+
+// WithTLSConfigExtension allows to insert extension function that can freely modify
+// TLSConfig and TLSRoundTripperSettings used for the round tripper creation.
+func WithTLSConfigExtension(extendTLSConfigFunc TLSConfigExtension) HTTPClientOption {
+	return httpClientOptionFunc(func(opts *httpClientOptions) {
+		opts.extendTLSConfigFunc = extendTLSConfigFunc
+	})
+}
+
 type secretManagerOption struct {
 	secretManager SecretManager
 }
@@ -679,6 +691,15 @@ func NewRoundTripperFromConfigWithContext(ctx context.Context, cfg HTTPClientCon
 	if err != nil {
 		return nil, err
 	}
+
+	// Allow customizing the TLS config and settings, if specified in opts.
+	if opts.extendTLSConfigFunc != nil {
+		tlsConfig, tlsSettings, err = opts.extendTLSConfigFunc(tlsConfig, tlsSettings)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	if tlsSettings.immutable() {
 		// No need for a RoundTripper that reloads the files automatically.
 		return newRT(tlsConfig)