From 36fadc8946c5b77870f291639a02117db575757a Mon Sep 17 00:00:00 2001
From: Zradlo1984 <zradlo1984@gmail.org>
Date: Wed, 29 Sep 2021 12:10:51 +0200
Subject: [PATCH 1/3] fix(cli): Allow use CA bundle and proxy at the same time
 (#5804)

---
 .../aws-cdk/lib/api/aws-auth/sdk-provider.ts    | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
index d06fba8a59529..c3293b6ebc8c8 100644
--- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
+++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -378,21 +378,22 @@ function parseHttpOptions(options: SdkHttpOptions) {
   const caBundlePath = options.caBundlePath || caBundlePathFromEnvironment();
 
   if (proxyAddress && caBundlePath) {
-    throw new Error(`At the moment, cannot specify Proxy (${proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https://github.com/aws/aws-cdk/issues/5804`);
-    // Maybe it's possible after all, but I've been staring at
-    // https://github.com/TooTallNate/node-proxy-agent/blob/master/index.js#L79
-    // a while now trying to figure out what to pass in so that the underlying Agent
-    // object will get the 'ca' argument. It's not trivial and I don't want to risk it.
-  }
+    debug('Using proxy server: %s', proxyAddress);
+    debug('Using CA bundle path: %s', caBundlePath);
 
-  if (proxyAddress) { // Ignore empty string on purpose
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const ProxyAgent: any = require('proxy-agent');
+    config.httpOptions.agent = new ProxyAgent(proxyAddress);
+    config.httpOptions.ca = readIfPossible(caBundlePath);
+  }
+  else if (proxyAddress) { // Ignore empty string on purpose
     // https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/
     debug('Using proxy server: %s', proxyAddress);
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const ProxyAgent: any = require('proxy-agent');
     config.httpOptions.agent = new ProxyAgent(proxyAddress);
   }
-  if (caBundlePath) {
+  else if (caBundlePath) {
     debug('Using CA bundle path: %s', caBundlePath);
     config.httpOptions.agent = new https.Agent({
       ca: readIfPossible(caBundlePath),

From 63c3d011a18855811252ef18e836f372e5ce8af5 Mon Sep 17 00:00:00 2001
From: Zradlo1984 <zradlo1984@gmail.org>
Date: Wed, 29 Sep 2021 14:47:59 +0200
Subject: [PATCH 2/3] fix(cli): Allow use CA bundle and proxy at the same time
 (#5804)

---
 packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
index c3293b6ebc8c8..fd5f54666cdce 100644
--- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
+++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -384,7 +384,7 @@ function parseHttpOptions(options: SdkHttpOptions) {
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const ProxyAgent: any = require('proxy-agent');
     config.httpOptions.agent = new ProxyAgent(proxyAddress);
-    config.httpOptions.ca = readIfPossible(caBundlePath);
+    (config.httpOptions as any).ca = readIfPossible(caBundlePath);
   }
   else if (proxyAddress) { // Ignore empty string on purpose
     // https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/

From ffb4203bc045f7c817d5bca704607603fb0bdb9e Mon Sep 17 00:00:00 2001
From: Zradlo1984 <zradlo1984@gmail.org>
Date: Wed, 29 Sep 2021 15:09:12 +0200
Subject: [PATCH 3/3] fix(cli): Allow use CA bundle and proxy at the same time
 (#5804) - brace style

---
 packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
index fd5f54666cdce..942e9128f5c1a 100644
--- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
+++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -380,20 +380,17 @@ function parseHttpOptions(options: SdkHttpOptions) {
   if (proxyAddress && caBundlePath) {
     debug('Using proxy server: %s', proxyAddress);
     debug('Using CA bundle path: %s', caBundlePath);
-
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const ProxyAgent: any = require('proxy-agent');
     config.httpOptions.agent = new ProxyAgent(proxyAddress);
     (config.httpOptions as any).ca = readIfPossible(caBundlePath);
-  }
-  else if (proxyAddress) { // Ignore empty string on purpose
+  } else if (proxyAddress) { // Ignore empty string on purpose
     // https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/
     debug('Using proxy server: %s', proxyAddress);
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const ProxyAgent: any = require('proxy-agent');
     config.httpOptions.agent = new ProxyAgent(proxyAddress);
-  }
-  else if (caBundlePath) {
+  } else if (caBundlePath) {
     debug('Using CA bundle path: %s', caBundlePath);
     config.httpOptions.agent = new https.Agent({
       ca: readIfPossible(caBundlePath),