v3.2.0 No Longer Supports Proxy Settings

[bendbennett]

Closes: #197

[dcaswell-square]

I'm not sure this is the most complete way to handle behavior differences that were introduced in v3.2.0, as the Proxy is only one of several properties that are set on the DefaultTransport (https://github.com/golang/go/blob/f3c39a83a3076eb560c7f687cbb35eef9b506e7d/src/net/http/transport.go#L38-L54) that are no longer going to be consistent with the previous version behavior. Ignoring the proxy values was the most immediately noticeable to users, but what about all of the timeouts, MaxIdleConns, and ForceAttemptHTTP2 which will also default to different values than those from older provider versions?

[bflad]

I would also recommend using http.DefaultTransport to prevent other potential behavior changes. There could also be consideration for using https://pkg.go.dev/github.com/hashicorp/go-cleanhttp similar to other HashiCorp maintained Go modules to prevent potential issues with multiple host connections across data sources or other regressions involving a mutated http.DefaultTransport.

[bendbennett]

Have switched to using http.DefaultTransport. I took a look at https://pkg.go.dev/github.com/hashicorp/go-cleanhttp but it seems that there are differences in the configuration of the Transport so in order to avoid changes in behaviour this has not been used at this time.

[bflad]

Over in the terraform-provider-tls acceptance testing, all the testing HTTP servers, including the proxies, have connection counting:

https://github.com/hashicorp/terraform-provider-tls/blob/b9cbb62bc2a8b90f6af91e86047082a5357e8c2f/internal/provider/testutils/local_server.go#L38-L46

Then there is a TestCheckFunc which ensures that the "real" HTTP server and proxy HTTP server have matching connection counts:

https://github.com/hashicorp/terraform-provider-tls/blob/b9cbb62bc2a8b90f6af91e86047082a5357e8c2f/internal/provider/testutils/local_server.go#L117-L127

I think we'll need something similar here to verify that the proxy is correctly being used, unless there is a better testing strategy.

[bendbennett]

I'm looking into the current test failures (e.g., https://github.com/hashicorp/terraform-provider-http/actions/runs/3376234811/jobs/5603729486).

Check 2/2 error: expected server and proxy active connection count to match: server was 1, while proxy was 0

I can't reproduce this failure locally, I see a different failure.

Check 2/2 error: expected server and proxy active connection count to match: server was 3, while proxy was 1

[bendbennett]

I see the same failures in CI (e.g., https://github.com/hashicorp/terraform-provider-http/actions/runs/3376368850/jobs/5604018894) when using

	tr := &http.Transport{
		Proxy: http.ProxyFromEnvironment,
	}

Check 2/2 error: expected server and proxy active connection count to match: server was 1, while proxy was 0

But all tests pass when running locally with this configuration.

[bflad]

I would also recommend using http.DefaultTransport to prevent other potential behavior changes. There could also be consideration for using https://pkg.go.dev/github.com/hashicorp/go-cleanhttp similar to other HashiCorp maintained Go modules to prevent potential issues with multiple host connections across data sources or other regressions involving a mutated http.DefaultTransport.

[bflad]

This test looks correct to me, but for some reason is unhappy on Terraform version 0.14:

=== RUN   TestDataSource_HTTPViaProxyWithEnv
    data_source_http_test.go:489: Step 1/1 error: Check failed: Not found: data.http.http_test in [root]
--- FAIL: TestDataSource_HTTPViaProxyWithEnv (0.40s)

I'll try to do some investigative work with my end of day.

[bflad]

The quirk with Terraform version 0.14.x is that it will not set the Terraform state for a data source which returns a warning diagnostic. The warning being generated here is:

2022-11-01T16:50:56.310-0400 [TRACE] sdk.proto: Received downstream response: diagnostic_error_count=0 diagnostic_warning_count=1 tf_req_duration_ms=0 tf_data_source_type=http tf_req_id=5887d459-0e1a-5aa1-0241-13d21f8698ca tf_provider_addr=registry.terraform.io/hashicorp/http tf_proto_version=5.3 tf_rpc=ReadDataSource
2022-11-01T16:50:56.310-0400 [WARN]  sdk.proto: Response contains warning diagnostic: tf_provider_addr=registry.terraform.io/hashicorp/http tf_proto_version=5.3 tf_rpc=ReadDataSource tf_data_source_type=http diagnostic_severity=WARNING diagnostic_summary="Content-Type is not recognized as a text type, got \"\"" diagnostic_detail="If the content is binary data, Terraform may not properly handle the contents of the response." tf_req_id=5887d459-0e1a-5aa1-0241-13d21f8698ca
2022-11-01T16:50:56.310-0400 [TRACE] sdk.proto: Served request: tf_provider_addr=registry.terraform.io/hashicorp/http tf_proto_version=5.3 tf_rpc=ReadDataSource tf_data_source_type=http tf_req_id=5887d459-0e1a-5aa1-0241-13d21f8698ca

The data source correctly does not exit early in this case. The testing fix for this is to ensure the HTTP response also includes a valid Content-Type header, e.g.

svr := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/plain")
	w.WriteHeader(http.StatusOK)
}))

[bendbennett]

Thanks for the investigation. Have added the fix you suggested.

[bflad]

One more little consideration, otherwise looks good to me 🚀

[bflad]

Nit: To further prevent any differences due version to 3.2.0 changes, it is mentioned in the TLSClientConfig documentation that:

// If nil, the default configuration is used.
// If non-nil, HTTP/2 support may not be enabled by default.

I think we may want to consider moving this nil check inside each of the !IsNull() branches below to prevent any sort of further HTTP/2 oddities when there is no custom TLS configuration.

[bflad]

My editor is also prompting to run go mod tidy, which moves golang.org/x/net v0.0.0-20220708220712-1185a9018129 to the direct dependencies. While we're doing that, we may want to consider updating it to its first tagged release (v0.1.0; go get golang.org/x/net@v0.1.0), so dependabot can appropriately prompt us for updates. I'm not seeing anything in golang/net@1185a90...v0.1.0 that gives me pause.

[RaphaelDucay]

Any date in mind for the release of the fix ? Thx in advance

[bendbennett]

Any date in mind for the release of the fix ? Thx in advance

Hi @RaphaelDucay 👋
We are currently finalising the changes and hope to have the fix released in the next few days.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.