Open hkantare opened 4 years ago
https://golang.org/pkg/net/http/#ProxyFromEnvironment
var DefaultTransport RoundTripper = &Transport{
Proxy: ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}).DialContext,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
The client ignores the proxies by design. That effectively can void the warranty on the secure connection between the client and the KMS services (HPCS or KeyProtect.)
It is possible for the user of the SDK to inject their own transport with a proxy setting if they want... you just have to specify the Transport attribute on the New() constructor for the client.
This is something the terraform could detect and allow if you want, but I am not going to change the "secure by default" decision of ignoring HTTP_ and HTTPS_PROXY. It's far to easy to hijack the keys to a kingdom with that if the user is not aware.
We have request from client team where they working to provision the HPCS service keys using Terraform.
We developed Terraform resource to use this SDK to support key management for both HPCS and key-protect service.
From the client