Add support for proxy server (#2371)

deepfence_agent/plugins/deepfence_shipper/output.go

@@ -160,15 +160,17 @@ func NewPublisher(cfg PublisherConfig, maxRetries int, batchSize int) *Publisher
 		return rhttp.DefaultRetryPolicy(ctx, resp, err)
 	}
 
+	tr := http.DefaultTransport.(*http.Transport).Clone()
+	tr.Proxy = http.ProxyFromEnvironment
+
 	if cfg.URLSchema == "https" {
-		tr := http.DefaultTransport.(*http.Transport).Clone()
 		tr.TLSClientConfig = &tls.Config{
 			RootCAs:            x509.NewCertPool(),
 			InsecureSkipVerify: true,
 		}
 		tr.DisableKeepAlives = false
-		rhc.HTTPClient.Transport = tr
 	}
+	rhc.HTTPClient.Transport = tr
 
 	hc = rhc.StandardClient()
 

deepfence_agent/tools/apache/deepfence/df-utils/utils.go

@@ -19,50 +19,11 @@ import (
 	"github.com/deepfence/ThreatMapper/deepfence_utils/log"
 )
 
-type PktDirection string
-type PolicyAction string
-
-const (
-	maxIdleConnsPerHost = 1024
-	HostMountDir        = "/fenced/mnt/host/"
-	CheckTypeHIPAA      = "hipaa"
-	CheckTypePCI        = "pci"
-	CheckTypeNIST       = "nist"
-	CheckTypeGDPR       = "gdpr"
-)
-
-type ComplianceScan struct {
-	Code  string `json:"code"`
-	Label string `json:"label"`
-}
-
 func RemoveLastCharacter(s string) string {
 	r := []rune(s)
 	return string(r[:len(r)-1])
 }
 
-func BuildHttpClientWithCert(certPath string) (*http.Client, error) {
-	// Set up our own certificate pool
-	tlsConfig := &tls.Config{RootCAs: x509.NewCertPool(), InsecureSkipVerify: true}
-	transport := &http.Transport{
-		MaxIdleConnsPerHost: maxIdleConnsPerHost,
-		TLSHandshakeTimeout: 0 * time.Second,
-		TLSClientConfig:     tlsConfig,
-	}
-	client := &http.Client{Transport: transport}
-
-	// Load our trusted certificate path
-	pemData, err := os.ReadFile(certPath)
-	if err != nil {
-		return nil, err
-	}
-	ok := tlsConfig.RootCAs.AppendCertsFromPEM(pemData)
-	if !ok {
-		return nil, errors.New("unable to append certificates to PEM")
-	}
-	return client, nil
-}
-
 func GetKubernetesClusterId() string {
 	var kubeSystemNamespaceUid string
 	serviceHost := os.Getenv("KUBERNETES_SERVICE_HOST")

deepfence_bootstrapper/router/upgrade.go

@@ -110,6 +110,7 @@ func downloadFile(filepath string, url string) (err error) {
 
 	tr := http.DefaultTransport.(*http.Transport).Clone()
 	tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	tr.Proxy = http.ProxyFromEnvironment
 
 	client := &http.Client{
 		Timeout:   5 * time.Minute,

deepfence_utils/threatintel/common.go

@@ -155,6 +155,7 @@ func ExposeFile(ctx context.Context, fName string, consoleURL string, ttlCache *
 func downloadFile(ctx context.Context, url string) (*bytes.Buffer, error) {
 
 	tr := http.DefaultTransport.(*http.Transport).Clone()
+	tr.Proxy = http.ProxyFromEnvironment
 	tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 
 	client := http.Client{Timeout: 600 * time.Second}

deepfence_utils/utils/utils.go

@@ -58,9 +58,12 @@ var (
 
 func GetHTTPClient() *http.Client {
 	once1.Do(func() {
+		tr := http.DefaultTransport.(*http.Transport).Clone()
+		tr.Proxy = http.ProxyFromEnvironment
+
 		secureClient = &http.Client{
 			Timeout:   time.Second * 10,
-			Transport: http.DefaultTransport.(*http.Transport).Clone(),
+			Transport: tr,
 		}
 	})
 
@@ -77,6 +80,7 @@ func GetInsecureHTTPClient() *http.Client {
 		tr := http.DefaultTransport.(*http.Transport).Clone()
 		tr.TLSClientConfig = tlsConfig
 		tr.WriteBufferSize = 10240
+		tr.Proxy = http.ProxyFromEnvironment
 
 		insecureClient = &http.Client{
 			Timeout:   time.Second * 10,

deepfence_worker/cronjobs/rules_fetcher.go

@@ -50,6 +50,7 @@ func FetchThreatIntelListing(ctx context.Context, token string) (threatintel.Lis
 	tr.TLSClientConfig = &tls.Config{
 		InsecureSkipVerify: true,
 	}
+	tr.Proxy = http.ProxyFromEnvironment
 	hc := http.Client{
 		Timeout:   10 * time.Second,
 		Transport: tr,