fix: CDK does not honor NO_PROXY settings (#16751)

CDK was extracting the value of `HTTPS?_PROXY` and passing this to `proxy-agent` explicitly, which resulted in not honoring the `NO_PROXY` setting. This removes that behavior and lets `proxy-agent` delegate to `proxy-from-env`, which will leverage values in `HTTPS?_PROXY` and NO_PROXY correctly. Fixes #7121
aws · Oct 11, 2021 · 3594383 · 3594383
1 parent f609043
commit 3594383
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 42 deletions.
diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts
@@ -39,15 +39,13 @@ export abstract class ResourceHandler {
  RoleSessionName: `AWSCDK.EKSCluster.${this.requestType}.${this.requestId}`,
  });
 
- const proxyAddress = this.httpProxyFromEnvironment();
- if (proxyAddress) {
- this.log(`Using proxy server: ${proxyAddress}`);
- // eslint-disable-next-line @typescript-eslint/no-require-imports, import/no-extraneous-dependencies
- const ProxyAgent: any = require('proxy-agent');
- aws.config.update({
- httpOptions: { agent: new ProxyAgent(proxyAddress) },
- });
- }
+ // Configure the proxy agent. By default, this will use HTTPS?_PROXY and
+ // NO_PROXY environment variables to determine which proxy to use for each
+ // request.
+ //
+ // eslint-disable-next-line @typescript-eslint/no-require-imports, import/no-extraneous-dependencies
+ const ProxyAgent: any = require('proxy-agent');
+ aws.config.update({ httpOptions: { agent: new ProxyAgent() } });
  }
 
  public onEvent() {
@@ -75,16 +73,6 @@ export abstract class ResourceHandler {
  console.log(JSON.stringify(x, undefined, 2));
  }
 
- private httpProxyFromEnvironment(): string | undefined {
- if (process.env.http_proxy) {
- return process.env.http_proxy;
- }
- if (process.env.HTTP_PROXY) {
- return process.env.HTTP_PROXY;
- }
- return undefined;
- }
-
  protected abstract async onCreate(): Promise<OnEventResponse>;
  protected abstract async onDelete(): Promise<OnEventResponse | void>;
  protected abstract async onUpdate(): Promise<(OnEventResponse & EksUpdateId) | void>;

diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
@@ -374,48 +374,35 @@ function parseHttpOptions(options: SdkHttpOptions) {
  }
  config.customUserAgent = userAgent;
 
- const proxyAddress = options.proxyAddress || httpsProxyFromEnvironment();
  const caBundlePath = options.caBundlePath || caBundlePathFromEnvironment();
 
- if (proxyAddress && caBundlePath) {
- throw new Error(`At the moment, cannot specify Proxy (${proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https:/aws/aws-cdk/issues/5804`);
+ if (options.proxyAddress && caBundlePath) {
+ throw new Error(`At the moment, cannot specify Proxy (${options.proxyAddress}) and CA Bundle (${caBundlePath}) at the same time. See https:/aws/aws-cdk/issues/5804`);
  // Maybe it's possible after all, but I've been staring at
  // https:/TooTallNate/node-proxy-agent/blob/master/index.js#L79
  // a while now trying to figure out what to pass in so that the underlying Agent
  // object will get the 'ca' argument. It's not trivial and I don't want to risk it.
  }
 
- if (proxyAddress) { // Ignore empty string on purpose
- // https://aws.amazon.com/blogs/developer/using-the-aws-sdk-for-javascript-from-behind-a-proxy/
- debug('Using proxy server: %s', proxyAddress);
- // eslint-disable-next-line @typescript-eslint/no-require-imports
- const ProxyAgent: any = require('proxy-agent');
- config.httpOptions.agent = new ProxyAgent(proxyAddress);
- }
  if (caBundlePath) {
  debug('Using CA bundle path: %s', caBundlePath);
  config.httpOptions.agent = new https.Agent({
  ca: readIfPossible(caBundlePath),
  keepAlive: true,
  });
+ } else {
+ // Configure the proxy agent. By default, this will use HTTPS?_PROXY and
+ // NO_PROXY environment variables to determine which proxy to use for each
+ // request.
+ //
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
+ const ProxyAgent: any = require('proxy-agent');
+ config.httpOptions.agent = new ProxyAgent();
  }
 
  return config;
 }
 
-/**
- * Find and return the configured HTTPS proxy address
- */
-function httpsProxyFromEnvironment(): string | undefined {
- if (process.env.https_proxy) {
- return process.env.https_proxy;
- }
- if (process.env.HTTPS_PROXY) {
- return process.env.HTTPS_PROXY;
- }
- return undefined;
-}
-
 /**
  * Find and return a CA certificate bundle path to be passed into the SDK.
  */