From caf5ee0e72b98a066363cc088b5424fe84f8c075 Mon Sep 17 00:00:00 2001 From: Ryan Parker Date: Fri, 1 Oct 2021 16:49:48 -0700 Subject: [PATCH] fix(revert): "fix: CDK does not honor NO_PROXY settings (#16751)" (#16761) ## Summary This [commit](https://github.com/aws/aws-cdk/commit/ceab036fa9dfcd13c58c7d818339cd05ed515bec) broke EKS deployments. CloudFormation throws "Internal failure." when attempting to create an EKS cluster. Full details : https://github.com/aws/aws-cdk/pull/16751/files#r720549975 This reverts commit ceab036fa9dfcd13c58c7d818339cd05ed515bec. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/cluster-resource-handler/common.ts | 26 +++++++++++---- .../aws-cdk/lib/api/aws-auth/sdk-provider.ts | 33 +++++++++++++------ 2 files changed, 42 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts index c3f34ae4bbc6f..1adb2eb328564 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts @@ -39,13 +39,15 @@ export abstract class ResourceHandler { RoleSessionName: `AWSCDK.EKSCluster.${this.requestType}.${this.requestId}`, }); - // Configure the proxy agent. By default, this will use HTTPS?_PROXY and - // NO_PROXY environment variables to determine which proxy to use for each - // request. - // - // eslint-disable-next-line @typescript-eslint/no-require-imports, import/no-extraneous-dependencies - const ProxyAgent: any = require('proxy-agent'); - aws.config.update({ httpOptions: { agent: new ProxyAgent() } }); + const proxyAddress = this.httpProxyFromEnvironment(); + if (proxyAddress) { + this.log(`Using proxy server: ${proxyAddress}`); + // eslint-disable-next-line @typescript-eslint/no-require-imports, import/no-extraneous-dependencies + const ProxyAgent: any = require('proxy-agent'); + aws.config.update({ + httpOptions: { agent: new ProxyAgent(proxyAddress) }, + }); + } } public onEvent() { @@ -73,6 +75,16 @@ export abstract class ResourceHandler { console.log(JSON.stringify(x, undefined, 2)); } + private httpProxyFromEnvironment(): string | undefined { + if (process.env.http_proxy) { + return process.env.http_proxy; + } + if (process.env.HTTP_PROXY) { + return process.env.HTTP_PROXY; + } + return undefined; + } + protected abstract async onCreate(): Promise; protected abstract async onDelete(): Promise; protected abstract async onUpdate(): Promise<(OnEventResponse & EksUpdateId) | void>; diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts index 4621d171bc357..d06fba8a59529 100644 --- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts +++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts @@ -374,35 +374,48 @@ function parseHttpOptions(options: SdkHttpOptions) { } config.customUserAgent = userAgent; + const proxyAddress = options.proxyAddress || httpsProxyFromEnvironment(); const caBundlePath = options.caBundlePath || caBundlePathFromEnvironment(); - if (options.proxyAddress && caBundlePath) { - throw new Error(`At the moment, cannot specify Proxy (${options.proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https://github.com/aws/aws-cdk/issues/5804`); + if (proxyAddress && caBundlePath) { + throw new Error(`At the moment, cannot specify Proxy (${proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https://github.com/aws/aws-cdk/issues/5804`); // Maybe it's possible after all, but I've been staring at // https://github.com/TooTallNate/node-proxy-agent/blob/master/index.js#L79 // a while now trying to figure out what to pass in so that the underlying Agent // object will get the 'ca' argument. It's not trivial and I don't want to risk it. } + if (proxyAddress) { // Ignore empty string on purpose + // https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/ + debug('Using proxy server: %s', proxyAddress); + // eslint-disable-next-line @typescript-eslint/no-require-imports + const ProxyAgent: any = require('proxy-agent'); + config.httpOptions.agent = new ProxyAgent(proxyAddress); + } if (caBundlePath) { debug('Using CA bundle path: %s', caBundlePath); config.httpOptions.agent = new https.Agent({ ca: readIfPossible(caBundlePath), keepAlive: true, }); - } else { - // Configure the proxy agent. By default, this will use HTTPS?_PROXY and - // NO_PROXY environment variables to determine which proxy to use for each - // request. - // - // eslint-disable-next-line @typescript-eslint/no-require-imports - const ProxyAgent: any = require('proxy-agent'); - config.httpOptions.agent = new ProxyAgent(); } return config; } +/** + * Find and return the configured HTTPS proxy address + */ +function httpsProxyFromEnvironment(): string | undefined { + if (process.env.https_proxy) { + return process.env.https_proxy; + } + if (process.env.HTTPS_PROXY) { + return process.env.HTTPS_PROXY; + } + return undefined; +} + /** * Find and return a CA certificate bundle path to be passed into the SDK. */