origin: HTTP proxy implementation does not escape correctly

$CUSTOMER has to use an HTTP proxy to access the internet. Authentication requires an Active Directory account in the format: DOMAIN\USER or USER@DOMAIN which means the URL to the proxy results in:

http://DOMAIN\USER:password@proxy.local:8080/

http://USER@DOMAIN:password@proxy.local:8080/

Both are problematic for various reasons:

Docker and Openshift require environment variables in a shell-script, which means the backslash needs to be escaped ! (Which it does not, so we have to do it ourselves)
- openshift_http_proxy=‘http://DOMAIN\USER:password@proxy.local:8080/’
- openshift_https_proxy=‘http://DOMAIN\USER:password@proxy.local:8080/’
Openshift provides the proxy settings for pulling sources and pushing images, and this leads to various problems depending on the tools that require these settings, e.g.
- github works fine with the backslash as is (so it should not be escaped)
- however for npm there is an issue because the backslash is being translated into %5C, and npm is trying to resolve DOMAIN rather than proxy.local.

So the whole http_proxy implementation is very prone to issues specific to how this specific string is being used by individual tools.

Version

Openshift Container Platform 3.3

Steps To Reproduce

Configure the HTTP_PROXY in your Ansible inventory and use an Active Directory style username
Install/re-configure your setup
Watch it fail to build or push (or worse, fail to see any proper logs)
Current Result

Failure

Expected Result

Success

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 26 (9 by maintainers)

Most upvoted comments

Example output from builds:

Using HTTP proxy http://USER%40DOMAIN:password@proxy.local:8080/ and HTTPS proxy http://USER%40DOMAIN:password@proxy.local:8080/ for script download
Cloning "https://github.com/openshift/cakephp-ex.git" ...
error: build error: fatal: unable to access 'https://github.com/openshift/cakephp-ex.git/'; Could not resolve proxy: DOMAIN; Name or service not known

---> Installing application source ...
---> Setting nm http proxy to http://DOMAIN\USER:password@proxy.local:8080/
---> Setting nm http proxy to http://DOMAIN\USER:password@proxy.local:8080/
---> Setting nm https proxy to http://DOMAIN\USER:password@proxy.local:8080/
---> Setting nm https proxy to http://DOMAIN\USER:password@proxy.local:8080/
---> Building your Node application from Source
npm info it worked if it ends with ok
npm info using npm@2.15.1
npm info using node@v4.4.2
npm info preinstall nodejs-ex@0.0.1
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/ejs
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/express
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/mocha
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/mongodb
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/morgan
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/object-assign
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/chai
npm info attempt registry request try #1 at 10:26:56
npm http request GET https://registry.npmjs.org/chai-http
npm info retry will retry, error on last attempt: Error: tunneling socket could not be established, cause=getaddrinfo ENOTFOUND domain domain:80
npm info retry will retry, error on last attempt: Error: tunneling socket could not be established, cause=getaddrinfo ENOTFOUND domain domain:80
npm info retry will retry, error on last attempt: Error: tunneling socket could not be established, cause=getaddrinfo ENOTFOUND domain domain:80
npm info retry will retry, error on last attempt: Error: tunneling socket could not be established, cause=getaddrinfo ENOTFOUND domain domain:80
...

dagwieers on Oct 12, 2016