[util] Ignore proxies when calling Nova Metadata (#2218)

pierreprinetti · web-flow · commit 315f6e6c348a · 2023-04-28T03:32:16.000-07:00
Prior to this change, the call to the Nova Metadata service used HTTP proxies as directed by the environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY (or the lowercase versions thereof). However, the call to the Metadata well-known IP must originate from the requesting server directly to be correctly served. With this change, calls to the Nova Metadata service ignore proxy settings. Fixes #2217
diff --git a/pkg/util/metadata/metadata.go b/pkg/util/metadata/metadata.go
@@ -189,11 +189,17 @@ func getFromConfigDrive(metadataVersion string) (*Metadata, error) {
 	return parseMetadata(f)
 }
 
+func noProxyHTTPClient() *http.Client {
+	noProxyTransport := http.DefaultTransport.(*http.Transport).Clone()
+	noProxyTransport.Proxy = nil
+	return &http.Client{Transport: noProxyTransport}
+}
+
 func getFromMetadataService(metadataVersion string) (*Metadata, error) {
 	// Try to get JSON from metadata server.
 	metadataURL := getMetadataURL(metadataVersion)
-	klog.V(4).Infof("Attempting to fetch metadata from %s", metadataURL)
-	resp, err := http.Get(metadataURL)
+	klog.V(4).Infof("Attempting to fetch metadata from %s, ignoring proxy settings", metadataURL)
+	resp, err := noProxyHTTPClient().Get(metadataURL)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching %s: %v", metadataURL, err)
 	}
diff --git a/pkg/util/metadata/metadata_test.go b/pkg/util/metadata/metadata_test.go
@@ -18,6 +18,9 @@ package metadata
 
 import (
 	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
 	"strings"
 	"testing"
 )
@@ -148,3 +151,27 @@ func TestCheckMetaDataOpts(t *testing.T) {
 		}
 	}
 }
+
+func TestGetFromMetadataService(t *testing.T) {
+	t.Run("ignores HTTP_PROXY", func(t *testing.T) {
+		// Here I spin up an HTTP server, set it as HTTP_PROXY, and
+		// assert that the request to the Metadata server doesn't hit
+		// it.
+		fakeProxy := httptest.NewServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
+			t.Errorf("the call to Metadata hit the proxy server")
+		}))
+		defer fakeProxy.Close()
+
+		// defer resetting HTTP_PROXY to whatever it was before this test
+		defer func(originalValue string, wasSet bool) {
+			if wasSet {
+				os.Setenv("HTTP_PROXY", originalValue)
+			} else {
+				os.Unsetenv("HTTP_PROXY")
+			}
+		}(os.LookupEnv("HTTP_PROXY"))
+
+		os.Setenv("HTTP_PROXY", fakeProxy.URL)
+		_, _ = getFromMetadataService("")
+	})
+}
