v3.2.0 No Longer Supports Proxy Settings

[dcaswell-square]

Terraform CLI and Provider Versions

Terraform v1.1.6
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.74.3
+ provider registry.terraform.io/hashicorp/http v3.2.0
+ provider registry.terraform.io/hashicorp/null v3.2.0

Terraform Configuration

data "http" "foobar-access-token" {
  url = "https://foo.bar/v2/token?name=${var.token_name}"

  request_headers = {
    X-FOO-BAR-TOKEN: var.foo_session_token
  }
}

Expected Behavior

The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables should be respected, and the http request should be made using the proxy values defined in them.

Actual Behavior

All proxy values are ignored, and ultimately the request fails with a timeout because direct access to public IPs from our environment is completely blocked.

Steps to Reproduce

1. terraform apply

How much impact is this issue causing?

High

Logs

No response

Additional Information

PR #125 causes a breaking change for anyone using the provider in an environment that configures HTTP_PROXY, HTTPS_PROXY, and/or NO_PROXY environment variables.

The default behavior of http.Client does not use an empty http.Transport, but instead, has several properties configured in the DefaultTransport. There is also no other way to configure the proxy setting through the provider, since it is not exposed as an input. This renders v3.2.0 completely unusable for anyone that requires use of an HTTP proxy.

This line in the PR creates a new http.Transport{} and only assigns a new tls.Config to it, but doesn't configure any of the other properties that would have previously be configured (Proxy = ProxyFromEnvironment being the primary issue we experienced).

I assume the intention was to maintain compatibility for those of us on previous versions, since it was not released as a Major version. I believe this could have been accomplished by assigning tr := &http.DefaultTransport and then further customizing that instance with the TLSClientConfig, instead of starting "from scratch" with an empty http.Transport.

Code of Conduct

• I agree to follow this project's Code of Conduct

[chaoqi]

Hi @dcaswell-square, we also have this problem today. http does not work anymore with proxy settings.

[dcaswell-square]

Hi @dcaswell-square, we also have this problem today. http does not work anymore with proxy settings.

@chaoqi - I've confirmed that the proxy behavior works fine in at least v3.0.1 and v3.1.0, so if you pin the http provider version in your terraform block to one of those, you should be able to get back up and running again, while we wait for a fix.

[chaoqi]

yes... Thank you @dcaswell-square , v3.1.0 works like a charm... but v3.2.0 does not work anymore....

[bookshelfdave]

Thanks for submitting this bug, we're looking into the issue and will post an update shortly.

[RaphaelDucay]

Any planned date for the fix release ? @bendbennett

[bendbennett]

Any planned date for the fix release ? @bendbennett

Hi @RaphaelDucay 👋
We are currently finalising the changes and hope to have the fix released in the next few days.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.