From 3d478ca64c6aae730fdd024c55f3a560dd4696fa Mon Sep 17 00:00:00 2001 From: zradlo1984 <76600175+zradlo1984@users.noreply.github.com> Date: Mon, 3 Jan 2022 17:43:57 +0100 Subject: [PATCH] fix(cli): cannot use CA bundle and proxy at the same time (#17990) fixes #5804 This is reworked solution I proposed 30.11.2021 in PR #16704 on current master. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .gitignore | 1 + .../aws-cdk/lib/api/aws-auth/sdk-provider.ts | 35 +++++++------------ 2 files changed, 14 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index 70bbad3393e00..1d6ae12ce76eb 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,7 @@ coverage/ *.sw[a-z] *~ .idea +*.iml junit.xml # We don't want tsconfig at the root diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts index 4621d171bc357..0da0b027bbc65 100644 --- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts +++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts @@ -1,4 +1,3 @@ -import * as https from 'https'; import * as os from 'os'; import * as path from 'path'; import * as cxapi from '@aws-cdk/cx-api'; @@ -375,31 +374,23 @@ function parseHttpOptions(options: SdkHttpOptions) { config.customUserAgent = userAgent; const caBundlePath = options.caBundlePath || caBundlePathFromEnvironment(); - - if (options.proxyAddress && caBundlePath) { - throw new Error(`At the moment, cannot specify Proxy (${options.proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https://github.com/aws/aws-cdk/issues/5804`); - // Maybe it's possible after all, but I've been staring at - // https://github.com/TooTallNate/node-proxy-agent/blob/master/index.js#L79 - // a while now trying to figure out what to pass in so that the underlying Agent - // object will get the 'ca' argument. It's not trivial and I don't want to risk it. - } - if (caBundlePath) { debug('Using CA bundle path: %s', caBundlePath); - config.httpOptions.agent = new https.Agent({ - ca: readIfPossible(caBundlePath), - keepAlive: true, - }); - } else { - // Configure the proxy agent. By default, this will use HTTPS?_PROXY and - // NO_PROXY environment variables to determine which proxy to use for each - // request. - // - // eslint-disable-next-line @typescript-eslint/no-require-imports - const ProxyAgent: any = require('proxy-agent'); - config.httpOptions.agent = new ProxyAgent(); + (config.httpOptions as any).ca = readIfPossible(caBundlePath); } + if (options.proxyAddress) { + debug('Proxy server from command-line arguments: %s', options.proxyAddress); + } + + // Configure the proxy agent. By default, this will use HTTPS?_PROXY and + // NO_PROXY environment variables to determine which proxy to use for each + // request. + // + // eslint-disable-next-line @typescript-eslint/no-require-imports + const ProxyAgent = require('proxy-agent'); + config.httpOptions.agent = new ProxyAgent(options.proxyAddress); + return config; }