Introduction
Problem
When using an authenticated proxy with a password that contains special characters in Terraform Enterprise, all functionality of Terraform Enterprise that reaches out to the public internet will not work.
For example, terraform runs might fail with the following error:
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider
│ hashicorp/null: could not connect to registry.terraform.io: failed to
│ request discovery document: Get
│ "https://registry.terraform.io/.well-known/terraform.json": proxyconnect
│ tcp: dial tcp: lookup http on 172.31.0.2:53: no such host
│
│ To see which modules are currently depending on hashicorp/null and what
│ versions are specified, run the following command:
│ terraform providers
╵
Operation failed: failed running terraform init (exit 1)
In the logs of the proxy you might see a message similar to:
44.33.22.11:55405: GET http://11.22.33.44:8080/
<< 407 Proxy Authentication Required 129b
Prerequisites
- Terraform Enterprise
- A proxy with authentication
- Special characters in your proxy username or password
Cause
-
Special characters in the connection string for the proxy are not automatically HTML encoded.
Solutions:
-
Remove the special characters from your proxy username and password.
- Manually HTML encode your special characters in your proxy username or password.
Example with HTML encoded password
Let's have a proxy with the username proxytest and the password proxy#pass. Here the password contains a #.
After HTML encoding, the password will look like this: proxy%23pass.
In your configuration it will look like this:
http_proxy: "http://proxytest:proxy%23pass@proxyhost:8080"
https_proxy: "http://proxytest:proxy%23pass@proxyhost:8080"
no_proxy: "127.0.0.1,localhost,<your_tfe_host>,"
Outcome
Able to use the proxy with authentication.