[http_check] add support for no_proxy environment variable relaying t…

…o requests. [http] allow overriding of no_proxy if set in init_config, otherwise grab from env. [http_check] 'proxies' looks like it should have http, https, and no keys. [http] requests not enforcing no_proxy - attempting to disable. [http] respect environment variables if defined [http] adding per instance no_proxy feature flag.
DataDog · May 4, 2016 · 4964d66 · 4964d66
1 parent aa73259
commit 4964d66
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 10 deletions.
diff --git a/checks.d/http_check.py b/checks.d/http_check.py
@@ -5,6 +5,7 @@
 # stdlib
 from datetime import datetime
 import os.path
+from os import environ
 import re
 import socket
 import ssl
@@ -150,9 +151,11 @@ class HTTPCheck(NetworkCheck):
     def __init__(self, name, init_config, agentConfig, instances):
         self.ca_certs = init_config.get('ca_certs', get_ca_certs_path())
         proxy_settings = get_proxy(agentConfig)
-        if not proxy_settings:
-            self.proxies = None
-        else:
+        self.proxies = {
+            "http": None,
+            "https": None,
+        }
+        if proxy_settings:
             uri = "{host}:{port}".format(
                 host=proxy_settings['host'],
                 port=proxy_settings['port'])
@@ -161,10 +164,15 @@ def __init__(self, name, init_config, agentConfig, instances):
                     user=proxy_settings['user'],
                     password=proxy_settings['password'],
                     uri=uri)
-            self.proxies = {
-                'http': "http://{uri}".format(uri=uri),
-                'https': "https://{uri}".format(uri=uri)
-            }
+            self.proxies['http'] = "http://{uri}".format(uri=uri)
+            self.proxies['https'] = "https://{uri}".format(uri=uri)
+        else:
+            self.proxies['http'] = environ.get('http', None)
+            self.proxies['https'] = environ.get('https', None)
+
+        self.proxies['no'] = environ.get('no_proxy',
+                                         environ.get('NO_PROXY', None)
+                                         )
 
         NetworkCheck.__init__(self, name, init_config, agentConfig, instances)
 
@@ -189,15 +197,16 @@ def _load_conf(self, instance):
         instance_ca_certs = instance.get('ca_certs', self.ca_certs)
         weakcipher = _is_affirmative(instance.get('weakciphers', False))
         ignore_ssl_warning = _is_affirmative(instance.get('ignore_ssl_warning', False))
+        skip_proxy = _is_affirmative(instance.get('no_proxy', False))
 
         return url, username, password, http_response_status_code, timeout, include_content,\
             headers, response_time, content_match, tags, ssl, ssl_expire, instance_ca_certs,\
-            weakcipher, ignore_ssl_warning
+            weakcipher, ignore_ssl_warning, skip_proxy
 
     def _check(self, instance):
         addr, username, password, http_response_status_code, timeout, include_content, headers,\
             response_time, content_match, tags, disable_ssl_validation,\
-            ssl_expire, instance_ca_certs, weakcipher, ignore_ssl_warning = self._load_conf(instance)
+            ssl_expire, instance_ca_certs, weakcipher, ignore_ssl_warning, skip_proxy = self._load_conf(instance)
         start = time.time()
 
         service_checks = []
@@ -208,18 +217,33 @@ def _check(self, instance):
                 self.warning("Skipping SSL certificate validation for %s based on configuration"
                              % addr)
 
+            instance_proxy = self.proxies.copy()
+
+            # disable proxy if necessary
+            if skip_proxy:
+                instance_proxy.pop('http')
+                instance_proxy.pop('https')
+            else:
+                for url in self.proxies['no'].replace(';',',').split(","):
+                    if url in parsed_uri.netloc:
+                        instance_proxy.pop('http')
+                        instance_proxy.pop('https')
+
+            self.log.debug("Proxies used for %s - %s", addr, instance_proxy)
+
             auth = None
             if username is not None and password is not None:
                 auth = (username, password)
 
             sess = requests.Session()
+            sess.trust_env = False
             if weakcipher:
                 base_addr = '{uri.scheme}://{uri.netloc}/'.format(uri=parsed_uri)
                 sess.mount(base_addr, WeakCiphersAdapter())
                 self.log.debug("Weak Ciphers will be used for {0}. Suppoted Cipherlist: {1}".format(
                     base_addr, WeakCiphersHTTPSConnection.SUPPORTED_CIPHERS))
 
-            r = sess.request('GET', addr, auth=auth, timeout=timeout, headers=headers, proxies = self.proxies,
+            r = sess.request('GET', addr, auth=auth, timeout=timeout, headers=headers, proxies = instance_proxy,
                              verify=False if disable_ssl_validation else instance_ca_certs)
 
         except (socket.timeout, requests.exceptions.ConnectionError, requests.exceptions.Timeout) as e:

diff --git a/conf.d/http_check.yaml.example b/conf.d/http_check.yaml.example
@@ -105,6 +105,13 @@ instances:
     #
     skip_event: true
 
+    # The (optional) no_proxy parameter would bypass any proxy settings enabled
+    # and attempt to reach the the URL directly.
+    # If no proxy is defined at any level, this flag bears no effect.
+    # Defaults to False.
+    #
+    # no_proxy: false
+
     # tags:
     #   - url:http://alternative.host.example.com
     #   - env:production