azure-vm-agents-plugin icon indicating copy to clipboard operation
azure-vm-agents-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Plugin seemingly not respecting Jenkins noproxy list

Open eetu-n opened this issue 2 years ago • 8 comments

Jenkins and plugins versions report

Environment

Omitted due to customer's security policy, plugin version 859.v7213476e4fea_, Jenkins version 2.401.1

What Operating System are you using (both controller, and any agents involved in the problem)?

Linux for controller, trying to provision Windows agents but networking issues prevent this

Reproduction steps

  1. Set storage account to only accept connections via privatelink
  2. Have controller only be able to access specific domains via proxy
  3. Set up proxy and noproxy rules in Jenkins UI

Expected Results

blob.core.windows.net must be accessed without proxy, whereas login.microsoftonline.com must be accessed via proxy.

Both connections work due to Jenkins' noproxy filter

Actual Results

noproxy filter is being ignored

Anything else?

Does the plugin implement Jenkins' proxy config manually, or does it come "for free"?

eetu-n avatar Aug 17 '23 11:08 eetu-n

So it should come for free,

The implementation is here: https://github.com/jenkinsci/azure-vm-agents-plugin/blob/acd1fc5c0382c58fe35eb3debc3f4339311326d8/src/main/java/com/microsoft/azure/vmagent/AzureVMManagementServiceDelegate.java#L2713C33-L2713C52

Then: https://github.com/jenkinsci/azure-sdk-plugin/blob/b4b94e4cccf5f29cf4bee6e3b3f2f56403ff16da/src/main/java/io/jenkins/plugins/azuresdk/HttpClientRetriever.java#L23-L30 and https://github.com/jenkinsci/azure-sdk-plugin/blob/b4b94e4cccf5f29cf4bee6e3b3f2f56403ff16da/src/main/java/io/jenkins/plugins/azuresdk/HttpClientRetriever.java#L42-L44

Proxy support is best effort, I do not have an environment to test this sort of thing in.

timja avatar Aug 17 '23 13:08 timja

Hmm, seems the Azure SDK expects a list of noproxy hosts separated by |, but the method used to retrieve the list from jenkins is a \n separated list. Seems like an easy fix, as Jenkins also provides a method that returns a java List object

eetu-n avatar Aug 18 '23 12:08 eetu-n

You able to contribute a fix?

timja avatar Aug 18 '23 12:08 timja

Yeah, I'll have to do some finagling to do proper testing, but shouldn't be a big issue

eetu-n avatar Aug 18 '23 13:08 eetu-n

Somewhat related question on this issue. Looking at the azure-sdk-plugin code mentioned previously, it looks like the proxy config is pulled from "Manage Jenkins -> Plugins -> Advanced" (Jenkins.get().proxy). We have env vars set for proxy configuration. Am I right in assuming that the env vars will not be honored by the plugin?

DonaldKallman avatar Oct 20 '23 18:10 DonaldKallman

Somewhat related question on this issue. Looking at the azure-sdk-plugin code mentioned previously, it looks like the proxy config is pulled from "Manage Jenkins -> Plugins -> Advanced" (Jenkins.get().proxy). We have env vars set for proxy configuration. Am I right in assuming that the env vars will not be honored by the plugin?

No it only honours Jenkins proxy configuration, some libraries may pick those up but I don't think they will be here.

timja avatar Oct 20 '23 21:10 timja

Quickly proposed https://github.com/jenkinsci/azure-sdk-plugin/pull/232. I don't have an env to test this though.... Note: As a workaround, maybe a | delimited string can be added to "Manage Jenkins -> Plugins -> Advanced" . Kind of hacky but it might work:

*.test.org1.com
*.test.org2.com
dummy|*.test.org1.com|*.test.org2.com

Dohbedoh avatar Oct 24 '23 08:10 Dohbedoh

@Dohbedoh's change has been released in https://github.com/jenkinsci/azure-sdk-plugin/releases/tag/157.v855da_0b_eb_dc2

Is someone with this issue able to test it please?

timja avatar Oct 24 '23 14:10 timja