The code in CliGitApiImpl will put the http_proxy and https_proxy variables in the env when a proxy should be used.
The relevant code can be found here:
In our concrete case we are using CodeCommit as git repository. Jenkins is running on an AWS EC2 instance which is configured with a Role that has the required allowed actions.
For this to work we use the codecommit credential-helper. This credential helper will handle the required authentication/authorization steps. One of these steps involves calling the local IP 169.254.169.254
Setup of this credential-helper can be found: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html
This EC2 also runs inside a subnet with no default route and needs to use a forward proxy.
Now when we configure the proxy inside Jenkins the git plugin will set the http_proxy and https_proxy. By doing this the credential helper's call to the IP 169.254.169.254 will also be sent over the proxy. Which shouldn't happen.
Now if NO_PROXY would be set with the list of the "No Proxy Host" field, it would work. As the credential-helper would not use the proxy to call the IP 169.254.169.254.
This can also be found in the AWS documentation: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-proxy.html#cli-configure-proxy-ec2
Would it be possible to alter the code so that after
The no_proxy would also be set?