Running inspec aws tests through authenticated http proxy

paulforsyth · March 13, 2019, 3:53pm

Hi there, we're just exploring using inspec to do some testing and have hit a bit of a snag.
Our environment is pretty well locked down so any http/s traffic needs to go via a proxy. Generally we define the HTTP_PROXY environment variable and most tooling seems to work with this ok but inspec seems to be returning a "error!: 407 Proxy authentication required" response when performing a simple test (e.g. verify existence of s3 bucket). The credentials for the proxy are in the HTTP_PROXY var as user:pass@proxy:port, and indeed removing that variable gives me a "failed to open TCP Connection to s3.eu-west-1.amazonaws.com:443" suggesting that there is no egress without the proxy setting.

Has anyone else used inspec with an authenticated proxy?

paulforsyth · March 14, 2019, 10:48am

So the problem appears to be with the aws-sdk for ruby, seemingly it somehow strips the credentials out of the environment variable which causes the 407 response from the proxy.

A the moment it seems we can get round this by including the code

Aws.config[:http_proxy] = ENV['http_proxy']

in each test file.

Is there a way that I can only specify this once for a test of tests e.g. fixture_setup style?

Topic		Replies	Views
How to run inspec exec with ssh Chef InSpec	4	13111	April 4, 2016
Inspec with a different username and password (windows) Chef InSpec	2	705	July 22, 2020
About the Chef InSpec category Chef InSpec	1	1347	January 28, 2019
Remote scan with Ed25519 key Chef InSpec	0	922	November 15, 2018
Client.rb Documentation on HTTPS Proxy Setting Chef Infra (archive)	2	1970	March 10, 2014

Running inspec aws tests through authenticated http proxy

Related Topics