Merge pull request #112 from MPritsch/proxy-variables

feat: provide option to set http_proxy variable

Author: szEvEz

README.md

@@ -119,6 +119,8 @@ For a local development setup, please take a look at
 | `defectDojoVerified`                  | `"false"`                  | Specifies whether findings should be marked as verified in DefectDojo.                       |
 | `defectDojoDoNotReactivate`           | `"true"`                   | If true the importing/reimporting will ignore uploaded active findings and not reactivate previously closed findings, while still creating new findings if there are new ones             |
 | `reports`                             | `"vulnerabilityreports"`   | Comma-separated list of reports that should be sent to DefectDojo. Possibilities: vulnerabilityreports, rbacassessmentreports, infraassessmentreports, configauditreports, exposedsecretreports |
+| `http_proxy`                          | `""`   | Option to set http_proxy variable                                             |
+| `https_proxy`                         | `""`   | Option to set https_proxy variable                                             |
 
 ### A note on eval
 

charts/templates/deployment.yaml

@@ -97,6 +97,10 @@ spec:
           value: {{ quote .Values.operator.trivyDojoReportOperator.env.reports }}
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ quote .Values.kubernetesClusterDomain }}
+        - name: HTTP_PROXY
+          value: {{ quote .Values.operator.trivyDojoReportOperator.env.http_proxy }}
+        - name: HTTPS_PROXY
+          value: {{ quote .Values.operator.trivyDojoReportOperator.env.https_proxy }}
         image: {{ .Values.operator.trivyDojoReportOperator.image.repository }}:{{ .Values.operator.trivyDojoReportOperator.image.tag | default .Chart.AppVersion }}
         livenessProbe:
           httpGet:

charts/values.yaml

@@ -52,6 +52,8 @@ operator:
       defectDojoTestTitle: Kubernetes
       defectDojoVerified: "false"
       reports: vulnerabilityreports
+      http_proxy: ""
+      https_proxy: ""
     image:
       repository: ghcr.io/telekom-mms/docker-trivy-dojo-operator
       tag: 0.8.7

src/handlers.py

@@ -16,6 +16,11 @@
 
 c = prometheus.Counter("requests_total", "HTTP Requests", ["status"])
 
+if settings.HTTP_PROXY or settings.HTTPS_PROXY:
+    proxies = {
+        "http": settings.HTTP_PROXY,
+        "https": settings.HTTPS_PROXY,
+    }
 
 def check_allowed_reports(report: str):
     allowed_reports: list[str] = [
@@ -162,6 +167,7 @@ def send_to_dojo(body, meta, logger, **_):
                 data=data,
                 files=report_file,
                 verify=True,
+                proxies=proxies,
             )
             response.raise_for_status()
         except HTTPError as http_err:

src/settings.py

@@ -74,3 +74,6 @@
 LOG_LEVEL: str = os.getenv("LOG_LEVEL", "INFO").upper()
 
 REPORTS: list = os.getenv("REPORTS", "vulnerabilityreports").split(",")
+
+HTTP_PROXY: str = os.getenv("HTTP_PROXY") or os.getenv("http_proxy")
+HTTPS_PROXY: str = os.getenv("HTTPS_PROXY") or os.getenv("https_proxy")