Open bugok opened 4 years ago
Hi @bugok!
Terraform uses the de-facto standard .netrc
file as a source for HTTP credentials, though since each Terraform provider uses a vendor-specific SDK that might configure its own HTTP client there's unfortunately no guarantee that all of them will honor this.
Terraform prefers to use existing general mechanisms for credentials where available, rather than invent its own, so that you can configure the credentials just once and use it with lots of different software, rather than having to configure each application separately.
We're not sure if .netrc
is consulted for HTTP proxy credentials in particular, but it might work to add a machine
entry for your proxy server's hostname in order to configure the credentials. Could you give that a try?
Unfortunately if it is not currently supported then it will need to be added to each provider separately, because the providers are separate programs that create and configure their own HTTP clients. If .netrc
isn't already working in the AWS provider then we'll need to instead request this in the AWS provider repository. The implementation could potentially use the same library Terraform Core uses for .netrc
handling: github.com/bgentry/go-netrc
.
@teamterraform, thanks for the detailed response. This is a great approach (as it's even programming language agnostic). I'll look into this.
Not sure how to continue with this issue - should I just close this?
Current Terraform Version
v0.11.14
Use-cases
This is required when running terraform behind a proxy which required client authentication.
Attempted Solutions
From what I saw, there isn't a way to achieve this using environment variables alone. Terraform is currently using at aws go sdk, which uses net/http to configure the proxy from environment variables. Going deeper into the httpproxy file, I couldn't find anything about authentication there.
Proposal
I'm not a terraform no golang expert - so I'm not sure how valuable my proposals are, but here it goes:
HTTPS_PROXY_CERT
andHTTPS_PROXY_KEY
environment variables). That, however, seems like an overkill, as there are many other options that could be added in the future. I don't think this is a very scalable approach.proxy
config in which we could configure all kinds of things like a proxy certificate file and a proxy key file.If I'm looking at the corresponding
curl
options, I'm looking for a way to configureterraform
to be able to use the--proxy-cert
and--proxy-key
options.