Open jesperalmstrom opened 5 years ago
https://github.com/Microsoft/vscode/issues/12588 This could be interesting.
Tested with latest VSCode and latest aws-toolkit-vscode build but it did not help.
2019-03-12 21:48:54 [INFO]: > Downloading latest toolkits endpoint data
2019-03-12 21:48:54 [ERROR]: Error getting resource from https://aws-toolkit-endpoints.s3.amazonaws.com/endpoints.json : Error: tunneling socket could not be established, statusCode=403
at ClientRequest.onConnect (/home/jesper/.vscode/extensions/amazonwebservices.aws-toolkit-vscode-0.0.1/node_modules/tunnel-agent/index.js:166:19)
at Object.onceWrapper (events.js:273:13)
at ClientRequest.emit (events.js:182:13)
at ClientRequest.EventEmitter.emit (domain.js:442:20)
at Socket.socketOnData (_http_client.js:465:11)
at Socket.emit (events.js:182:13)
at Socket.EventEmitter.emit (domain.js:442:20)
at ClientRequest.onsocket (/usr/share/code/resources/app/node_modules.asar/https-proxy-agent/index.js:182:14)
at Object.onceWrapper (events.js:273:13)
at ClientRequest.emit (events.js:187:15)
at ClientRequest.EventEmitter.emit (domain.js:442:20)
at tickOnSocket (_http_client.js:651:7)
at onSocketNT (_http_client.js:667:5)
at process._tickCallback (internal/process/next_tick.js:63:19)
2019-03-12 21:57:58 [ERROR]: Error: connect ETIMEDOUT 52.94.241.129:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1161:14)
I'm assuming all VS Code-written networking features work fine? If so, the proxy is probably only affecting the AWS JS SDK and CLI (both of which we leverage).
For our future reference, here's how to implement a proxy with the JS SDK (we'll have to implement this) https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/node-configuring-proxies.html . If you're getting blocked on SAM-related calls (such as deploying functions), this should work if you export these for all new sessions (we'll look to add a configuration for this through VS Code directly): https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-proxy.html
We currently lack an explicit strategy for dealing with proxies. As part of the solution for this issue, we need to define and document a complete story for proxy support, and validation for that story. This includes (at mimimum):
From https://github.com/microsoft/vscode/issues/12588#issuecomment-2111861237 :
Work is under way to make Chromium's implementation of
fetch
available to extensions. This issue is unlikely to be closed soon though, as many extensions are using Node'shttps
module for which we have only partial support for proxies. Only proxies without auth and with Kerberos auth are supported at the moment.If you think your setup should already work with the
https
module, but doesn't, please install the Network Proxy Test extension (https://marketplace.visualstudio.com/items?itemName=chrmarti.network-proxy-test) and check the output ofF1
>Network Proxy Test: Test Connection
in VS Code.
This configuration was observed to work (on macOS):
Http > Experimental: System Certificates V2
which helps "if your self signed cert is trusted by your OS".{
"http.proxyStrictSSL": false,
"http.proxySupport": "on",
"http.experimental.systemCertificatesV2": true,
"http.proxy": "http://0.0.0.0:1080",
}
From https://github.com/microsoft/vscode/issues/12588#issuecomment-297341617 :
For downloading extensions and updates, VS Code uses Chromium's cross-platform support for proxies. That looks up the proxy configuration in the OS.
For extensions (which run in a separate process that does not have Chromium's network library available) we are using an Electron API to look up the proxy configuration from the OS. That is cross-platform, but it does not support authentication.
For our future reference, here's how to implement a proxy with the JS SDK (we'll have to implement: sdk v2 sdk v3)
Patch for trying that in our codebase (sdk v2):
diff --git a/src/shared/awsClientBuilder.ts b/src/shared/awsClientBuilder.ts
index 12bfde9bfe86..9622a5d0267e 100644
--- a/src/shared/awsClientBuilder.ts
+++ b/src/shared/awsClientBuilder.ts
@@ -7,6 +7,7 @@ import { ServiceConfigurationOptions } from 'aws-sdk/lib/service'
import { env, version } from 'vscode'
import { AwsContext } from './awsContext'
import { pluginVersion } from './constants'
+import * as proxyagent from 'proxy-agent'
-
export interface AWSClientBuilder {
createAndConfigureServiceClient<T>(
@@ -34,6 +35,9 @@ export class DefaultAWSClientBuilder implements AWSClientBuilder {
awsServiceOpts = {}
}
-
+ // awsServiceOpts.httpOptions = { agent: new proxyagent('http://example.com') }
+ awsServiceOpts.httpOptions = { proxy: 'http://example.com' }
+
if (!awsServiceOpts.credentials) {
awsServiceOpts.credentials = await this._awsContext.getCredentials()
}
And/or we may need to provide the ability to specify paths to certificates. In the node.js API typically this is the ca
field on calls to https.Agent()
, tls.connect()
, etc.
ca: [ fs.readFileSync('path/intermed-ca.cert.pem'), fs.readFileSync('path/root-ca.cert.pem') ]
ref https://github.com/microsoft/vscode/issues/189133 https://github.com/microsoft/vscode-test-cli/issues/7
"http.experimental.systemCertificatesV2": true
Developer: Set Log Level...
.ProxyResolver#tls.connect
entries.@justinmk3 has there been any more updates on the ability to specify paths on the CA certificates? I'm having this exact issue and the SAM team sent me over to the toolkit team. See (https://github.com/awslabs/aws-sam-cli/issues/1981) for details. A member of my team also mentioned it here (https://github.com/aws/aws-toolkit-vscode/issues/917#issuecomment-583658923).
@boyersnet no update since https://github.com/aws/aws-toolkit-vscode/issues/185#issuecomment-589500254 .
ability to specify paths on the CA certificates?
Do you do this in other software? Examples would be helpful.
@justinmk3 - In order to get the docker container to work with SAM CLI, I had to pass the path to my cert bundle as an env variable (AWS_CA_BUNDLE - per AWS CLI documentation). Once that was done, the call to SSM worked as expected from the container. The problem I face now is how to debug in VS Code with the toolkit. The toolkit should follow the same pattern as the AWS CLI and respect order specified here: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html
Thanks for mentioning that. AWS_CA_BUNDLE
is another mechanism that has not been mentioned yet. Related SDK issue: https://github.com/aws/aws-sdk-js/issues/2970
Related: VSCode 1.51 release notes mention
window.enableExperimentalProxyLoginDialog: true
settingGo to Visual Studio -> Settings icon -> Settings -> search for Proxy -> Remove http proxy if any -> uncheck Http: Proxy Strict SSL -> restart Visual studio code
This solved my problem.
If at all you are not able to do it. Try removing proxy from settings.. Go out of VPN and then try it again.
Or else check if u are setting any http proxy in your environmental variables. Remove it and try
Describe the bug When trying to install and run behind a corporate proxy solution (MITM) the extension will time-out after some while with the following message
To Reproduce
HTTP_PROXY
andHTTPS_PROXY
config.Select your profile in Visual Studio Code
View > Command Palette...
and search forAWS
.AWS: Connect to AWS
Expected behavior Something should load ...
Desktop (please complete the following information):
Additional context There is a experimental setting in VS Code
"http.proxySupport": "on"
This does not work.