Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: http proxy does not work anymore #32228

Closed
1 task
holomekc opened this issue Nov 21, 2024 · 8 comments
Closed
1 task

cli: http proxy does not work anymore #32228

holomekc opened this issue Nov 21, 2024 · 8 comments
Labels
bug This issue is a bug. effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI

Comments

@holomekc
Copy link

holomekc commented Nov 21, 2024
edited
Loading

Describe the bug

With the migration to aws-sdk-js-v3 the http proxy options do not work anymore.

Using HTTP(S)_PROXY or http(s)_proxy are ignored as it seems by the aws-sdk. The cdk cli also do not extract those values.
Using --proxy also does not work and results in an error, which is only visible with --debug --verbose:

[08:08:22] Unable to determine the default AWS account (TypeError): Invalid IP address: http://127.0.0.1:3128

Due to the fact that env variables are ignored now I tried to provide the proxy settings to the cli via --proxy in different ways, but none was successful:
--proxy="http://localhost:3128"
--proxy="http://127.0.0.1:3128"
--proxy "http://localhost:3128"
--proxy "http://127.0.0.1:3128"
--proxy="127.0.0.1:3128"

This issue describes some issues with http proxies in v3:
aws/aws-sdk-js-v3#5168

I am still searching for a way to work around this by editing the aws-cdk from the nodes_modules folder, but no luck so far.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

2.165.0

Expected Behavior

http proxy env variables are used properly as well as the --proxy option

Current Behavior

http proxy env variables are not working. Same applies for --proxy

Reproduction Steps

Well. Most likely you need an http proxy to test this

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.168.0

Framework Version

No response

Node.js Version

22.11.0

OS

mac osx

Language

Java

Language Version

Java 21

Other information

No response
@holomekc holomekc added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 21, 2024
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Nov 21, 2024
@holomekc
Copy link
Author

Also see: https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/node-configuring-proxies.html

@pahud
Copy link
Contributor

pahud commented Nov 21, 2024

did you simply

export HTTPS_PROXY=http://127.0.0.1:3128

And it was working in 2.165.0 but not anymore since 2.166.0 ?

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Nov 21, 2024
@munch9
Copy link

munch9 commented Nov 21, 2024
edited
Loading

We are also experiencing similar issues.
Deployment is across multiple accounts using temporary credentials also set as environment variables.
Bootstrapping is up to date, and trust in place between acct2 and acct1
Have HTTP_PROXY/HTTPS_PROXY set in the environment. Have also tried setting using --proxy option.
Synth/Deploy fails when attempting to populate cdk.context.json I think.

Works with versions <=2.166.0
Fails with all versions >=2.167.*

`[16:46:26] Some context information is missing. Fetching...

[16:46:26] [trace] SdkProvider#resolveEnvironment()
[16:46:26] [trace] SdkProvider#baseCredentialsPartition()
[16:46:26] [trace] SdkProvider#resolveEnvironment()
[16:46:26] [trace] SdkProvider#obtainBaseCredentials()
[16:46:26] [trace] SdkProvider#defaultAccount()
[16:46:26] [trace] SdkProvider#defaultCredentials()
[16:46:26] [trace] SDK#currentAccount()
[16:46:26] Retrieved account ID from disk cache
[16:46:26] Reading SSM parameter :eu-west-1:/
[16:46:26] [trace] SdkProvider#forEnvironment()
[16:46:26] [trace] SdkProvider#resolveEnvironment()
[16:46:26] [trace] SdkProvider#obtainBaseCredentials()
[16:46:26] [trace] SdkProvider#defaultAccount()
[16:46:26] [trace] SdkProvider#defaultCredentials()
[16:46:26] [trace] SdkProvider#withAssumedRole()
[16:46:26] Assuming role 'arn:aws:iam:::role/cdk-hnb659fds-lookup-role--eu-west-1'.
[16:53:12] Assuming role failed: connect ETIMEDOUT 67.220.226.247:443
[16:53:12] Setting "ssm:account=:parameterName=/:region=eu-west-1" context to {"$providerError":"Could not assume role in target account using current credentials (which are for account ) connect ETIMEDOUT 67.220.226.247:443 . Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.","$dontSaveContext":true}
`

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Nov 21, 2024
@holomekc
Copy link
Author

holomekc commented Nov 22, 2024
edited
Loading

Yes before HTTPS_PROXY was working. I think the proxy config for v2 was easier. With v3 you need to do more manually as the linked AWS docu describes. Seems like third party libs are necessary.

That is also the reason why it worked with 2.165.0 because there v2 of aws sdk was used. We did not test 2.166.0 to be honest, but as @munch9 wrote it seems to work with 2.166.0, but since the update to aws-sdk v3 it does not work. This change was applied in 2.167.0.

@ashleydaley
Copy link

Same here, this is a critical bug for us as we cannot move past version 2.166.0 now due to this.

"Could not assume role in target account using current credentials" error due to ETIMEDOUT

@munch9 munch9 mentioned this issue Nov 25, 2024
Open
1 task
@pahud
Copy link
Contributor

pahud commented Nov 25, 2024

From my investigation, in SDK v3, proxy configuration must be explicitly set through an HTTP/HTTPS agent in the request handler, whereas v2 would automatically pick up the HTTP_PROXY environment variable through the httpOptions.proxy setting. I guess CDK should look into its implementation to address that. I am reaching out to the team for further investigation.

@pahud pahud added p1 and removed p2 labels Nov 25, 2024
@rix0rrr
Copy link
Contributor

rix0rrr commented Nov 25, 2024
edited
Loading

Thanks for reporting! We were aware of this issue and a fix is already released. 2.171.0 (the latest version, just got released) is recommended, though 2.170.0 will also have the fix for this particular issue.

To be clear: the $HTTP(S)_PROXY environment variables also work again.

@rix0rrr rix0rrr closed this as completed Nov 25, 2024
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug This issue is a bug. effort/medium Medium work item – several days of effort p1 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pahud @rix0rrr @holomekc @ashleydaley @munch9