support for socks5 proxy

[bradbeam]

Related to #523.

By default go honors the http_proxy/https_proxy environment variables, but will only work with http proxies. If you are using a socks5 proxy, this method does not work because go attempts to prepend the socks5 uri with http:// leaving you with something like: http://socks5://127.0.0.1:8888. socks5 support is provided via https://godoc.org/golang.org/x/net/proxy.

[kuzuha]

any update?

I want to use mysql provider for private endpoint from behind a socks5 proxy.

[apparentlymart]

We are aware that right now it's difficult to use Terraform with in-house services that are reachable only via a bastion host providing tunnel/proxy services. While we have support for bastion hosts with SSH, that doesn't help with non-SSH services like MySQL.

Unfortunately implementing support for SOCKS proxies would be a major undertaking since Terraform generally accesses remote services via third-party client libraries that usually do not support SOCKS proxies themselves, and we don't have the capacity to take on maintainership of in-house forks to add such support.

Currently our plan is to implement something like what is being discussed in #8367. Although that approach is not as transparent as a SOCKS proxy would be in theory, it treats the tunnel as an entirely-orthogonal concern from the client using it, which therefore allows this feature to be used with any client library that opens a TCP socket.

Since this issue covers the same high-level use-case as #8367, albeit with a different suggested implementation, I'm going to close this one just to consolidate the discussion in the other issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.