Running inspec aws tests through authenticated http proxy

paulforsyth · March 13, 2019, 3:53pm

Hi there, we're just exploring using inspec to do some testing and have hit a bit of a snag.
Our environment is pretty well locked down so any http/s traffic needs to go via a proxy. Generally we define the HTTP_PROXY environment variable and most tooling seems to work with this ok but inspec seems to be returning a "error!: 407 Proxy authentication required" response when performing a simple test (e.g. verify existence of s3 bucket). The credentials for the proxy are in the HTTP_PROXY var as user:pass@proxy:port, and indeed removing that variable gives me a "failed to open TCP Connection to s3.eu-west-1.amazonaws.com:443" suggesting that there is no egress without the proxy setting.

Has anyone else used inspec with an authenticated proxy?

paulforsyth · March 14, 2019, 10:48am

So the problem appears to be with the aws-sdk for ruby, seemingly it somehow strips the credentials out of the environment variable which causes the 407 response from the proxy.

A the moment it seems we can get round this by including the code

Aws.config[:http_proxy] = ENV['http_proxy']

in each test file.

Is there a way that I can only specify this once for a test of tests e.g. fixture_setup style?

Topic		Replies	Views
Parameters test Inspec (files) Chef InSpec	1	545	March 6, 2019
Undefined method `http' when running Inspec via Jenkins pipeline Chef InSpec	0	583	March 31, 2023
Using ssh with Inspec via the docker container Chef InSpec	2	1971	June 23, 2018
InSpec SSL Testing Chef Infra (archive)	0	431	July 17, 2016
InSpec 2.0 Release! Chef Release Announcements	0	1554	February 20, 2018

Running inspec aws tests through authenticated http proxy

Related topics