feat(terraform): add option to add proxy to request (#6923)

* . * . * . * . * . * . * . * remove git clone support * remove git clone support * remove git clone support
bridgecrewio · Jan 1, 2025 · b25fe42 · b25fe42
1 parent ca83e66
commit b25fe42
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 8 deletions.
diff --git a/checkov/common/proxy/__init__.py b/checkov/common/proxy/__init__.py
diff --git a/.../terraform/module_loading/proxy_client.py → checkov/common/proxy/proxy_client.py b/.../terraform/module_loading/proxy_client.py → checkov/common/proxy/proxy_client.py
@@ -1,19 +1,24 @@
-import os
+from __future__ import annotations
+
+import logging
 from typing import Any
 
 import requests
 
+from checkov.common.util.env_vars_config import env_vars_config
+
 
 class ProxyClient:
     def __init__(self) -> None:
-        self.proxy_ca_path = os.getenv('PROXY_CA_PATH', None)
+        self.identity = env_vars_config.PROXY_HEADER_VALUE
+        self.proxy_ca_path = env_vars_config.PROXY_CA_PATH
         if self.proxy_ca_path is None:
-            raise Exception("[ProxyClient] CA certificate path is missing")
+            logging.warning("[ProxyClient] CA certificate path is missing")
 
     def get_session(self) -> requests.Session:
-        if not os.getenv('PROXY_URL', None):
-            raise Exception('Please provide "PROXY_URL" env var')
-        proxy_url = os.getenv('PROXY_URL')
+        if not env_vars_config.PROXY_URL:
+            logging.warning('Please provide "PROXY_URL" env var')
+        proxy_url = env_vars_config.PROXY_URL
         session = requests.Session()
         proxies = {
             "http": proxy_url,
@@ -22,8 +27,13 @@ def get_session(self) -> requests.Session:
         session.proxies.update(proxies)  # type: ignore
         return session
 
+    def update_request_header(self, request: requests.Request) -> None:
+        if env_vars_config.PROXY_HEADER_VALUE:
+            request.headers[env_vars_config.PROXY_HEADER_VALUE] = self.identity
+
     def send_request(self, request: requests.Request) -> requests.Response:
         session = self.get_session()
+        self.update_request_header(request=request)
         prepared_request = session.prepare_request(request)
         return session.send(prepared_request, verify=self.proxy_ca_path)
 

diff --git a/checkov/common/util/env_vars_config.py b/checkov/common/util/env_vars_config.py
@@ -81,6 +81,8 @@ def __init__(self) -> None:
         self.JAVA_FULL_DT = os.getenv('JAVA_FULL_DT', False)
         self.PROXY_CA_PATH = os.getenv('PROXY_CA_PATH', None)
         self.PROXY_URL = os.getenv('PROXY_URL', None)
+        self.PROXY_HEADER_VALUE = os.getenv('PROXY_HEADER_VALUE', None)
+        self.PROXY_HEADER_KEY = os.getenv('PROXY_HEADER_VALUE', None)
 
 
 env_vars_config = EnvVarsConfig()
diff --git a/checkov/terraform/module_loading/loaders/registry_loader.py b/checkov/terraform/module_loading/loaders/registry_loader.py
@@ -19,7 +19,7 @@
     order_versions_in_descending_order,
     get_version_constraints
 )
-from checkov.terraform.module_loading.proxy_client import call_http_request_with_proxy
+from checkov.common.proxy.proxy_client import call_http_request_with_proxy
 
 if TYPE_CHECKING:
     from checkov.terraform.module_loading.module_params import ModuleParams
@@ -90,7 +90,7 @@ def _load_module(self, module_params: ModuleParams) -> ModuleContent:
                 headers={"Authorization": f"Bearer {module_params.token}"} if module_params.token else None
             )
             if os.getenv('PROXY_URL'):
-                logging.info('Send request with proxy')
+                logging.info('Sending request with proxy')
                 response = call_http_request_with_proxy(request)
             else:
                 session = requests.Session()