Skip to content

tracing: default sender proxy support broken #379

New issue
New issue
Closed
#381
Closed
tracing: default sender proxy support broken#379
#381

Description

@grrtrr

grrtrr
openedon Apr 1, 2019

The autorest package can currently not make use of proxies (specified via lower/upper-case http(s)_proxy environment variables) unless explicitly filling in the Client.Sender field.

Problem description

The tracing module transparently allows proxy support by virtue of using the http.DefaultTransport, which uses ProxyFromEnvironment to re-route traffic via a Http(s) proxy.

Where no Sender is provided explicitly to theClient, transparent proxy support is no longer possible, due to the initialization in sender():

// client.go

// sender returns the Sender to which to send requests.
func (c Client) sender() Sender {
    if c.Sender == nil {
       j, _ := cookiejar.New(nil)
       tracing.Transport.Base = &http.Transport{
                TLSClientConfig: &tls.Config{
                MinVersion: tls.VersionTLS12,
               },
       }
       client := &http.Client{Jar: j, Transport: tracing.Transport}
       return client
    }
    return c.Sender
}

The cause is that, since the Proxy field uses the zero value, the ProxyFromEnvironment, which the http.DefaultTransport uses, no longer applies.

A second, related, problem is that the default timeouts no longer apply.

As a result, proxied requests of code that relies on the default sender currently time out:

Azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/path/to/resource?api-version=2018-04-01: |
StatusCode=0 -- Original Error: adal: Failed to execute the refresh request.
Error = 'Post https://login.microsoftonline.com/<uuid here>/oauth2/token?api-version=1.0:
dial tcp 40.126.2.38:443: connect: connection timed out

Fix for first problem

We were able to bring back the http.DefaultTransport default using

   tracing.Transport.Base = http.DefaultTransport
   tracing.Transport.Base
    if c.Sender == nil {
       // Use behaviour compatible with DefaultTransport, but require TLS minimum version.
       var baseTransport = *http.DefaultTransport.(*http.Transport)

       baseTransport.TLSClientConfig = &tls.Config{
                MinVersion: tls.VersionTLS12,
       }

       tracing.Transport.Base = &baseTransport
       j, _ := cookiejar.New(nil)
       // ...
     }

However, we then ran into another error (parts redacted as above):

azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/<uuid here>/resourceGroups/COSMIN/providers/Microsoft.Compute/disks/<diskName>?api-version=2018-04-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post https://login.microsoftonline.com/<uuid here>/oauth2/token?api-version=1.0: proxyconnect tcp: tls: oversized record received with length 20527

This second error is mysterious - it fails on a standard SQUID proxy configuration using https_proxy=https://proxy:port.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions