Running inspec aws tests through authenticated http proxy


#1

Hi there, we're just exploring using inspec to do some testing and have hit a bit of a snag.
Our environment is pretty well locked down so any http/s traffic needs to go via a proxy. Generally we define the HTTP_PROXY environment variable and most tooling seems to work with this ok but inspec seems to be returning a "error!: 407 Proxy authentication required" response when performing a simple test (e.g. verify existence of s3 bucket). The credentials for the proxy are in the HTTP_PROXY var as user:pass@proxy:port, and indeed removing that variable gives me a "failed to open TCP Connection to s3.eu-west-1.amazonaws.com:443" suggesting that there is no egress without the proxy setting.

Has anyone else used inspec with an authenticated proxy?


#2

So the problem appears to be with the aws-sdk for ruby, seemingly it somehow strips the credentials out of the environment variable which causes the 407 response from the proxy.

A the moment it seems we can get round this by including the code

Aws.config[:http_proxy] = ENV['http_proxy']

in each test file.

Is there a way that I can only specify this once for a test of tests e.g. fixture_setup style?