Details
-
Bug Report
-
Resolution: Won't Fix
-
L3 - Default
-
None
-
None
-
None
-
None
Description
Environment (Required on creation): docker
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):
From: https://forum.camunda.org/t/https-baseurl-with-camunda-external-task-client-js-does-not-work/26362
When I attempt to use a https baseUrl with Client object like this:
const client = new Client( { baseUrl: process.env.CAMUNDA_BACKEND_URL, use: logger.bind(null, log), asyncResponseTimeout: 30000, workerId: os.hostname(), maxTasks: 3, //max number of tasks to fetch in one poll maxParallelExecutions: 3, //max number of outstanding (incomplete) async tasks }
then a subsequent call via the Client object fails at this line:
with a message like this
RequestError: connect ECONNREFUSED 127.0.0.1:443`
The camunda library uses a library called 'got'. According to this problem report:
[RequestError: connect ECONNREFUSED 127.0.0.1:443 1|https://github.com/sindresorhus/got/issues/1572] opened Dec 29, 2020 closed Dec 30, 2020 [!https://avatars.githubusercontent.com/u/1852455?v=4|width=20,height=20! franleplant|https://github.com/franleplant] Describe the bug Node.js version: 12 & version: docker/alpine
Using this library through https://github.com/panva/node-openid-client , when making the initial request of the open...
The probable reason is that a third party library, https-proxy-agent, patches the http.request function in a manner that is not compatible with node 10 (or got). https-proxy-agent seems to be fairly ubiquitous in the node eco-system, being used by sentry and datadog and auth0 libraries, for example.
As far as I can tell, my only option at this point is to stop using the camunda JavaScript client library and start using axios directly.
Is this everyone else's experience or is there a supported way to use camunda-external-task-client-js with https URLs?
Steps to reproduce (Required on creation):
- Create a node camunda workflow client that also uses sentry or one of the other 3rd party libaries that (indirectly) or more directly, the https-proxy-agent module itself.
- Initialise the libraries 3rd party libraries and create a Camunda client which specifies an https engine URL that attempts connect to the engine in some way.
Observed Behavior (Required on creation):
Connections to camunda fail.
Error reports of the form:
RequestError: connect ECONNREFUSED 127.0.0.1:443`
Expected behavior (Required on creation):
Connections complete without error.
Root Cause (Required on prioritization):
The root cause is an incorrect monkey-patch of the node 10 https.request function by the https-proxy-agent library that is not even used by the camunda code directly. However, the monkey patch interferes with the (reasonable) assumption (made by the got library that camunda does use) that the https.request supports a 3-argument invocation.
Solution Ideas (Optional):
The "correct solution" is for https-proxy-agent to be fixed so that it tolerates 3-argument invocations.
A workaround is a second monkey patch that undoes the consequences of the https-proxy-agent monkey patch
{color:#ff0000}const https = require("https") {color} {color:#ff0000}...{color} {color:#ff0000}https.request = function(request) {{color} {color:#ff0000}//{color} {color:#ff0000} // This function overrides the https.request function (from Node 10+) so that all 3-argument http.request{color} {color:#ff0000} // calls are converted into equivalent 2-argument request calls prior to passing those calls onto the original{color} {color:#ff0000} // handler. This is required to undo the effects of a monkey patch performed by https-proxy-agent which{color} {color:#ff0000} // inteferes with a completely different library, got, that expects to be able to use the{color} {color:#ff0000} // 3-argument version of https.request{color} {color:#ff0000} //{color} {color:#ff0000} // The ultinately correct fix for this issue is for httos-proxy-agent to change and then for all{color} {color:#ff0000} // dependent node packages to upgrade their dependencies to depend on the fixed https-proxy-agent{color} {color:#ff0000} // package but for whatever reason this has not yet been done.{color} {color:#ff0000} //{color} {color:#ff0000} // For more information about this issue refer to:{color} {color:#ff0000} //{color} {color:#ff0000} // - [https://forum.camunda.org/t/https-baseurl-with-camunda-external-task-client-js-does-not-work/26362]{color} {color:#ff0000} // - https://jira.camunda.com/browse/CAM-13347{color} {color:#ff0000} //{color} {color:#ff0000}log.info('installing UPowr/https-proxy-agent monkey patch compensation...'){color} {color:#ff0000}return function(...args) {{color} {color:#ff0000} if (args.length == 3) {{color} {color:#ff0000} const url = args[0]{color} {color:#ff0000} const options = args[1]{color} {color:#ff0000} const callback = args[2]{color} {color:#ff0000}// URL {{color} {color:#ff0000} // href: 'https://camunda.acme.net/engine-rest/external-task/fetchAndLock',{color} {color:#ff0000} // origin: 'https://camunda.acme.net',{color} {color:#ff0000} // protocol: 'https:',{color} {color:#ff0000} // username: '',{color} {color:#ff0000} // password: '',{color} {color:#ff0000} // host: 'camunda.acme.net',{color} {color:#ff0000} // hostname: 'camunda.acme.net',{color} {color:#ff0000} // port: '',{color} {color:#ff0000} // pathname: '/engine-rest/external-task/fetchAndLock',{color} {color:#ff0000} // search: '',{color} {color:#ff0000} // searchParams: URLSearchParams {},{color} {color:#ff0000} // hash: ''{color} {color:#ff0000} // },{color} {color:#ff0000}options.protocol = url.protocol;{color} {color:#ff0000} options.hostname = url.hostname ? url.hostname : url.host;{color} {color:#ff0000} options.auth = url.username ? url.username+":"+url.password : "";{color} {color:#ff0000} options.port = url.port;{color} {color:#ff0000} options.path = url.search ? url.pathname+"?"+url.search : url.pathname;{color} {color:#ff0000}return request.call(https, options, callback);{color} {color:#ff0000} } else {{color} {color:#ff0000} return request.call(https, ...args);{color} {color:#ff0000} }{color} {color:#ff0000} }{color} {color:#ff0000} }(https.request);{color}
This converts all 3-argument calls into 2-argument calls so that they pass unmolested through the broken monkey-patch installed by https-proxy-agent
The problem report has been raised to provide visibility to the camunda support teams about an issue of this kind so that they can advise customers about the correct course of action should they encounter this issue themselves.