Extend ProxyHandler to support CIDR ranges for no_proxy

test/integration/targets/setup_proxy/files/hamsandwich.py

@@ -0,0 +1,12 @@
+from __future__ import annotations
+
+from proxy.http.proxy import HttpProxyBasePlugin
+
+
+class HamSandwichPlugin(HttpProxyBasePlugin):
+
+    def handle_upstream_chunk(self, chunk):
+        headers, sep, body = chunk.tobytes().partition(b'\r\n\r\n')
+        if not sep:
+            return chunk
+        return memoryview(bytearray(headers + b'\r\nX-Sandwich: ham' + sep + body))

test/integration/targets/setup_proxy/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: stop proxy.py
+  command: kill {{ proxy_py_pid.content|b64decode }}

test/integration/targets/setup_proxy/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_remote_tmp_dir

test/integration/targets/setup_proxy/tasks/main.yml

@@ -0,0 +1,35 @@
+- name: install proxy.py
+  pip:
+    name: proxy.py
+    virtualenv: '{{ remote_tmp_dir }}/proxy_py'
+    virtualenv_command: "{{ ansible_python_interpreter }} -m venv"
+  notify: stop proxy.py
+
+- name: get venv site-packages
+  command: >-
+    {{ remote_tmp_dir }}/proxy_py/bin/python -c 'import site; print(site.getsitepackages()[0])'
+  register: proxy_py_site_packages
+
+- name: install proxy.py plugin
+  copy:
+    src: hamsandwich.py
+    dest: '{{ proxy_py_site_packages.stdout }}/hamsandwich.py'
+
+- name: start proxy.py
+  command: >-
+    {{ remote_tmp_dir }}/proxy_py/bin/proxy --port 8080 --log-file "{{ remote_tmp_dir }}/proxy_py/proxy_py.log"
+    --plugins hamsandwich.HamSandwichPlugin --pid-file "{{ remote_tmp_dir }}/proxy_py/proxy_py.pid"
+  async: 120
+  poll: 0
+  register: proxy_py
+
+- name: wait for proxy.py to start
+  wait_for:
+    port: 8080
+    connect_timeout: 1
+    timeout: 10
+
+- name: get proxy.py pid
+  slurp:
+    path: '{{ remote_tmp_dir }}/proxy_py/proxy_py.pid'
+  register: proxy_py_pid

test/integration/targets/uri/aliases

@@ -1,3 +1,4 @@
 destructive
 shippable/posix/group1
 needs/httptester
+needs/target/setup_proxy

test/integration/targets/uri/tasks/main.yml

@@ -728,7 +728,7 @@
   import_tasks: install-socat-and-test-unix-socket.yml
 
 - name: Test proxy
-  import_tasks: install-proxy-and-test.yml
+  import_tasks: proxy.yml
 
 - name: ensure skip action
   uri:

test/integration/targets/uri/tasks/proxy.yml

@@ -1,63 +1,18 @@
+- include_role:
+    name: setup_proxy
+
 - name: Get IP address for ansible.http.tests
   command: >-
     {{ ansible_python_interpreter }} -c 'import socket; print(socket.gethostbyname("{{ httpbin_host }}"))'
   register: httpbin_ip
 
-- name: Get groups
-  ansible.builtin.getent:
-    database: group
-
-- name: Set var for nobody/nogroup group
-  set_fact:
-    nobody_group: '{{ ansible_facts.getent_group|list|select("match", "no(group|body)")|first }}'
-
-- name: Allow nobody to traverse remote_tmp_dir
-  file:
-    path: '{{ remote_tmp_dir }}'
-    mode: '0755'
-
-- name: Create log dir
-  file:
-    path: '{{ remote_tmp_dir }}/proxy-logs'
-    state: directory
-    owner: nobody
-    group: '{{ nobody_group }}'
-
-- name: Install tinyproxy config
-  copy:
-    dest: '{{ remote_tmp_dir }}/tinyproxy.conf'
-    content: |
-      User nobody
-      Group {{ nobody_group }}
-      Port 8080
-      Listen 127.0.0.1
-      Timeout 10
-      LogLevel Info
-      MaxClients 1
-      StartServers 1
-      Allow 127.0.0.1
-      Allow ::1
-      Allow ::
-      ViaProxyName "tinyproxy"
-      LogFile "{{ remote_tmp_dir }}/proxy-logs/tinyproxy.log"
-
-- name: Start tinyproxy
-  command: tinyproxy -d -c "{{ remote_tmp_dir }}/tinyproxy.conf"
-  async: 30
-  poll: 0
-  register: tinyproxy
-
-- name: Ensure tinyproxy started
-  async_status:
-    jid: '{{ tinyproxy.ansible_job_id }}'
-
 - name: Test http over http proxy
   uri:
     url: http://{{ httpbin_host }}/get
   environment:
     http_proxy: http://127.0.0.1:8080
   register: http_over_http
-  failed_when: http_over_http.via is undefined
+  failed_when: http_over_http.x_sandwich is undefined
 
 - name: Test https over http proxy
   uri:
@@ -74,7 +29,7 @@
   uri:
     url: http://{{ httpbin_host }}/get
   register: request_without_proxy
-  failed_when: request_without_proxy.via is defined
+  failed_when: request_without_proxy.x_sandwich is defined
 
 - name: Test request with proxy and no_proxy=hostname
   uri:
@@ -83,7 +38,7 @@
     http_proxy: http://127.0.0.1:8080
     no_proxy: '{{ httpbin_host }}'
   register: no_proxy_hostname
-  failed_when: no_proxy_hostname.via is defined
+  failed_when: no_proxy_hostname.x_sandwich is defined
 
 - name: Test request with proxy and no_proxy=ip
   uri:
@@ -92,7 +47,7 @@
     http_proxy: http://127.0.0.1:8080
     no_proxy: '{{ httpbin_ip.stdout }}'
   register: no_proxy_ip
-  failed_when: no_proxy_ip.via is defined
+  failed_when: no_proxy_ip.x_sandwich is defined
 
 - name: Test request with proxy and no_proxy=cidr/32
   uri:
@@ -101,7 +56,7 @@
     http_proxy: http://127.0.0.1:8080
     no_proxy: '{{ httpbin_ip.stdout }}/32'
   register: no_proxy_cidr_32
-  failed_when: no_proxy_cidr_32.via is defined
+  failed_when: no_proxy_cidr_32.x_sandwich is defined
 
 - name: Test request with proxy and no_proxy=cidr/24
   uri:
@@ -112,7 +67,7 @@
   register: no_proxy_cidr_24
   vars:
     httpbin_cidr: "{{ httpbin_ip.stdout.split('.')[:3]|join('.') }}.0/24"
-  failed_when: no_proxy_cidr_24.via is defined
+  failed_when: no_proxy_cidr_24.x_sandwich is defined
 
 - name: Test request with proxy and non-matching no_proxy=cidr
   uri:
@@ -121,7 +76,7 @@
     http_proxy: http://127.0.0.1:8080
     no_proxy: 1.2.3.0/24
   register: no_proxy_non_matching_cidr
-  failed_when: no_proxy_non_matching_cidr.via is undefined
+  failed_when: no_proxy_non_matching_cidr.x_sandwich is undefined
 
 - name: Test request with proxy and no_proxy=cidr:port
   uri:
@@ -130,7 +85,7 @@
     http_proxy: http://127.0.0.1:8080
     no_proxy: '{{ httpbin_ip.stdout }}/32:80'
   register: no_proxy_cidr_port
-  failed_when: no_proxy_cidr_port.via is defined
+  failed_when: no_proxy_cidr_port.x_sandwich is defined
 
 - name: Test request with proxy and non-matching no_proxy=cidr:port
   uri:
@@ -139,21 +94,24 @@
     http_proxy: http://127.0.0.1:8080
     no_proxy: '{{ httpbin_ip.stdout }}/32:8080'
   register: no_proxy_non_matching_cidr_port
-  failed_when: no_proxy_non_matching_cidr_port.via is undefined
+  failed_when: no_proxy_non_matching_cidr_port.x_sandwich is undefined
 
 - slurp:
-    path: "{{ remote_tmp_dir }}/proxy-logs/tinyproxy.log"
-  register: tinyproxy_logs
+    path: "{{ remote_tmp_dir }}/proxy_py/proxy_py.log"
+  register: proxy_py_logs
+
+- debug:
+    msg: '{{ proxy_py_logs.content|b64decode }}'
 
 - assert:
     that:
       - >-
         log_content is contains "CONNECT " ~ httpbin_host ~ ":443"
       # https over http
       - >-
-        log_content|regex_findall(": CONNECT ")|length == 1
+        log_content|regex_findall("CONNECT ")|length == 1
       # 3 http over http
       - >-
-        log_content|regex_findall(': GET')|length == 3
+        log_content|regex_findall('GET')|length == 3
   vars:
-    log_content: '{{ tinyproxy_logs.content|b64decode }}'
+    log_content: '{{ proxy_py_logs.content|b64decode }}'