Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unix socket transport #60

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Unix socket transport #60

wants to merge 2 commits into from

Conversation

h2o2-stripe
Copy link

The intention was to allow to use unix socket as transport.
In our case a proxy service opens unix socket and adds certificates and credentials on the way to Artifactory.

@jamestoyer
Copy link
Contributor

@h2o2-stripe could you give some more context around the need to use a unix socket? Most other providers I'm aware of or use don't have this functionality, so this seems like an interesting request

@h2o2-stripe
Copy link
Author

@jamestoyer, thanks for the response!

We use an HTTP proxy that runs on developer laptops that allows command line tools to access internal sites that require client certificates.

In particular, it exposes a Unix domain socket that acts as an HTTP proxy. Plain HTTP requests to this proxy will be forwarded over HTTPS using the user's client certificate.

@jamestoyer
Copy link
Contributor

That's certainly not a use case I've heard of or seen before.

How are you getting around this for other providers? Or do you not use them locally?

@h2o2-stripe
Copy link
Author

Most of our other providers either:
(a) don't connect to things inside the VPN, which need this support (e.g. AWS, G Suite, etc.), or
(b) are run from server infrastructure, which doesn't need the Unix socket (if we ever actually use the Jira provider like we were thinking, it'd be run on the server, since it's mostly for centralized configuration, and not something that we'd want everyone running)
However, for developers to manage Artifactory, we'd want them to both run from a laptop, and since we're hosting the server, it needs to run through our authenticating proxy.

@ttsangAtlassian
Copy link
Contributor

@h2o2-stripe Have you tried using the HTTP_PROXY env variable?

DefaultTransport is the default implementation of Transport and is used by DefaultClient. It establishes network connections as needed and caches them for reuse by subsequent calls. It uses HTTP proxies as directed by the $HTTP_PROXY and $NO_PROXY (or $http_proxy and $no_proxy) environment variables.

From: https://golang.org/pkg/net/http/

It feels like this is the more correct solution. If it doesn't work, we can try and fix that instead

@jamestoyer
Copy link
Contributor

The more I think about his PR the more I believe it's not something that should exist in this provider for two reasons.

  1. When I look at the other providers, and the AWS provider in particular, there are no settings in them to set a unix socket. The AWS provider is a first class provider and doesn't support it, so that suggests it shouldn't live in a provider
  2. This feels like it's something Terraform the CLI should provide as it's something that would be useful for many providers. Implementing on a case by case basis means that will be divergent implementations and would require setting different values for each

jlrgraham23 pushed a commit to jlrgraham23/terraform-provider-artifactory that referenced this pull request Apr 6, 2021
@chb0github
Merge pull request atlassian#60 from jasonwbarnett/fix-xray-policy-re…
93b198b 
…ad-function

Set name property in resourceXrayPolicyRead
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@h2o2-stripe @jamestoyer @ttsangAtlassian