search

navicore / teams-notification-resource

for Concourse CI notifications on Microsoft Teams
MIT License
32 stars 33 forks source link

Proxy? #17

Closed hugoo10 closed 2 years ago

hugoo10 commented 2 years ago

Hello, thank you for this project! it appears that I can't use it behind a proxy, is it possible to add this feature? maybe a simple proxy param will be enough

navicore commented 2 years ago

@hugoo10 should be easy. I'll take a look this weekend.

hugoo10 commented 2 years ago

Thanks!

navicore commented 2 years ago

@hugoo10 I merged my first pass at proxy support after testing it with squid4 and verifying no regressions.

see https://github.com/navicore/teams-notification-resource/releases/tag/v0.9.6

thx for the idea / request. if you need more params to make ntlm work beyond what squid implements, let me know.

hugoo10 commented 2 years ago

Thank you, the request pass through the proxy!

I have a follow up issue but I don't know if it's linked to the proxy:

  • Connected to proxy.proxy (xxx.xxx.xxx.xxx) port 8080 (#0)
  • allocate connect buffer!
  • Establish HTTP proxy tunnel to xxxxxxx.webhook.office.com:443

    CONNECT xxxxxxx.webhook.office.com:443 HTTP/1.1 Host: xxxxxxx.webhook.office.com:443 User-Agent: curl/7.74.0 Proxy-Connection: Keep-Alive

    < HTTP/1.1 200 Connection established <

  • Proxy replied 200 to CONNECT request
  • CONNECT phase completed!
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
  • Closing connection 0 curl: (77) error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs

But when I execute the curl command from my terminal, it works fine

curl --proxy "http://proxy.proxy:8080" -d "{\"TextFormat\": \"markdown\", \"text\": \"TEST\", \"title\": \"Concourse CI\", \"themeColor\": \"00EA43\", \"potentialAction\": [{\"@context\": \"https://schema.org\", \"@type\": \"ViewAction\", \"name\": \"Open Concourse\", \"target\": [\"https://concourse.ci\"]}]}" "https://xxxxxxx.webhook.office.com/webhookb2/REDACTED"

Do you have an idea or it's a lost cause?

navicore commented 2 years ago

@hugoo10 I think this error can happen when the process does not have read/exec access to the crt files and dirs.

Can you confirm how you are running concourse? I am trying to figure out what is different in my test setup. I have uploaded my test docker-compose to the "testing" dir in this repo if you want to try to reproduce my dev env.

I'll look at this later in the week. Happy to keep this issue open until we figure it out.

navicore commented 2 years ago

Another thought @hugoo10 is to confirm there is no SSL rewriting agent in the mix like "goscope" that is inserting an internal SSL rewrite layer. If that is the case - we'll have to create a way for you to insert your company's self-signed certs into the mix.

navicore commented 2 years ago

@hugoo10 for now, I'll add a debug param that lets you turn off verification "for debugging purposes only"

I'll update this issue when that build is out.

navicore commented 2 years ago

@hugoo10 try the latest build that adds the -k for debug purposes. if it works, then we probably need to inject the right private signing certs somehow for a proper solution.

https://github.com/navicore/teams-notification-resource/releases/tag/v0.9.8

hugoo10 commented 2 years ago

Ok I tried it, the -k parameter works ! I will investigate about any goscope like agent in my company, adress this issue and go back to you when I have an answer. Thank you!

navicore commented 2 years ago

excellent. I'll close this issue and if you are able to test injecting custom crt data, lets use #23 and consider it a new feature.