From 79d843fb1cd663f95dc52a4e4505e43540fb8870 Mon Sep 17 00:00:00 2001 From: "Patrick J.P. Culp" Date: Thu, 31 Oct 2024 00:04:52 +0000 Subject: [PATCH] cfsignal: add proxy support Signed-off-by: Patrick J.P. Culp --- packages/os/cfsignal.service | 1 + sources/cfsignal/Cargo.toml | 12 +++++----- sources/cfsignal/src/cloudformation.rs | 33 ++++++++++++++++++++------ 3 files changed, 33 insertions(+), 13 deletions(-) diff --git a/packages/os/cfsignal.service b/packages/os/cfsignal.service index 804591740..f104d5e2d 100644 --- a/packages/os/cfsignal.service +++ b/packages/os/cfsignal.service @@ -9,6 +9,7 @@ ConditionPathExists=!/var/lib/bottlerocket/cfsignal.ran [Service] Type=simple +EnvironmentFile=/etc/network/proxy.env ExecStart=/usr/bin/cfsignal [Install] diff --git a/sources/cfsignal/Cargo.toml b/sources/cfsignal/Cargo.toml index c28c9af72..52cb8b496 100644 --- a/sources/cfsignal/Cargo.toml +++ b/sources/cfsignal/Cargo.toml @@ -11,19 +11,19 @@ exclude = ["README.md"] fips = ["rustls/fips", "aws-lc-rs/fips", "aws-smithy-experimental/crypto-aws-lc-fips"] [dependencies] -log.workspace = true -serde = { workspace = true, features = ["derive"] } -simplelog.workspace = true -snafu.workspace = true -toml.workspace = true -tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } aws-config.workspace = true aws-lc-rs = { workspace = true, features = ["bindgen"] } aws-sdk-cloudformation.workspace = true aws-smithy-experimental = { workspace = true, features = ["crypto-aws-lc"] } aws-types.workspace = true imdsclient.workspace = true +log.workspace = true rustls.workspace = true +serde = { workspace = true, features = ["derive"] } +simplelog.workspace = true +snafu.workspace = true +tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } +toml.workspace = true [build-dependencies] generate-readme.workspace = true diff --git a/sources/cfsignal/src/cloudformation.rs b/sources/cfsignal/src/cloudformation.rs index bf45f0964..53e365d2e 100644 --- a/sources/cfsignal/src/cloudformation.rs +++ b/sources/cfsignal/src/cloudformation.rs @@ -1,12 +1,13 @@ -use aws_config::BehaviorVersion; -use std::str::FromStr; - use crate::error::{self, Result}; + +use aws_config::BehaviorVersion; use aws_smithy_experimental::hyper_1_0::{CryptoMode, HyperClientBuilder}; use aws_types::region::Region; use imdsclient::ImdsClient; use log::info; use snafu::{OptionExt, ResultExt}; +use std::env; +use std::str::FromStr; /// Signals Cloudformation stack resource pub async fn signal_resource( @@ -29,15 +30,33 @@ pub async fn signal_resource( .load() .await; - // TODO: add support for HTTP Proxy #[cfg(feature = "fips")] let crypto_mode = CryptoMode::AwsLcFips; #[cfg(not(feature = "fips"))] let crypto_mode = CryptoMode::AwsLc; - let http_client = HyperClientBuilder::new() - .crypto_mode(crypto_mode) - .build_https(); + let https_proxy: Option = match env::var_os("HTTPS_PROXY") { + Some(https_proxy) => https_proxy.to_str().map(|h| h.to_string()), + _ => None, + }; + + let no_proxy: Option> = match env::var_os("NO_PROXY") { + Some(no_proxy) => no_proxy + .to_str() + .map(|n| n.split(',').map(|s| s.to_string()).collect()), + _ => None, + }; + + let http_client = if let Some(https_proxy) = https_proxy { + let no_proxy = no_proxy.as_deref(); + HyperClientBuilder::new() + .crypto_mode(crypto_mode) + .build_with_proxy(https_proxy, no_proxy) + } else { + HyperClientBuilder::new() + .crypto_mode(crypto_mode) + .build_https() + }; let cloudformation_config = aws_sdk_cloudformation::config::Builder::from(&config) .http_client(http_client)