opentofu/0001-backport-support-lower-case-http_proxy-or-https_proxy-env-variables-in-S3-backend.patch

From 547e2c2e8f2c9c5a3fe90a583876dad07f967e0c Mon Sep 17 00:00:00 2001
From: Janos <86970079+janosdebugs@users.noreply.github.com>
Date: Mon, 24 Jun 2024 13:24:12 +0200
Subject: [PATCH] [Backports/1.6] Support lower-case http/https_proxy env
 variables in S3 backend  (#1742)

Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
---
 CHANGELOG.md                                |  2 ++
 internal/backend/remote-state/s3/backend.go | 17 ++++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac11d9cea29..c260fcb4ee0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ ENHANCEMENTS:
 
 BUG FIXES:
 
+* Fix bug where lower-case `http_proxy`/`https_proxy` env variables were no longer supported in the S3 backend ([#1594](https://github.com/opentofu/opentofu/issues/1594))
+
 ## 1.6.2
 
 ENHANCEMENTS:
diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go
index 8201baf72a7..35b5717ff23 100644
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@@ -732,9 +732,10 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 		// Note: we don't need to read env variables explicitly because they are read implicitly by aws-sdk-base-go:
 		// see: https://github.com/hashicorp/aws-sdk-go-base/blob/v2.0.0-beta.41/internal/config/config.go#L133
 		// which relies on: https://cs.opensource.google/go/x/net/+/refs/tags/v0.18.0:http/httpproxy/proxy.go;l=89-96
-		HTTPProxy:            aws.String(stringAttrDefaultEnvVar(obj, "http_proxy", "HTTP_PROXY")),
-		HTTPSProxy:           aws.String(stringAttrDefaultEnvVar(obj, "https_proxy", "HTTPS_PROXY")),
-		NoProxy:              stringAttrDefaultEnvVar(obj, "no_proxy", "NO_PROXY"),
+		//
+		// Note: we are switching to "separate" mode here since the legacy mode is deprecated and should no longer be
+		// used.
+		HTTPProxyMode:        awsbase.HTTPProxyModeSeparate,
 		Insecure:             boolAttr(obj, "insecure"),
 		UseDualStackEndpoint: boolAttr(obj, "use_dualstack_endpoint"),
 		UseFIPSEndpoint:      boolAttr(obj, "use_fips_endpoint"),
@@ -754,6 +755,16 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 		cfg.UseLegacyWorkflow = true
 	}
 
+	if val, ok := stringAttrOk(obj, "http_proxy"); ok {
+		cfg.HTTPProxy = &val
+	}
+	if val, ok := stringAttrOk(obj, "https_proxy"); ok {
+		cfg.HTTPSProxy = &val
+	}
+	if val, ok := stringAttrOk(obj, "no_proxy"); ok {
+		cfg.NoProxy = val
+	}
+
 	if val, ok := boolAttrOk(obj, "skip_metadata_api_check"); ok {
 		if val {
 			cfg.EC2MetadataServiceEnableState = imds.ClientDisabled
Backport: support lower-case http/https_proxy env variables in S3 backend (cherry picked from commit ad4e9c485301105e2e8a5baef2f93a9efdee7b2c) 2025-04-10 13:36:58 +08:00			`From 547e2c2e8f2c9c5a3fe90a583876dad07f967e0c Mon Sep 17 00:00:00 2001`
			`From: Janos <86970079+janosdebugs@users.noreply.github.com>`
			`Date: Mon, 24 Jun 2024 13:24:12 +0200`
			`Subject: [PATCH] [Backports/1.6] Support lower-case http/https_proxy env`
			`variables in S3 backend (#1742)`

			`Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>`
			`---`
			`CHANGELOG.md \| 2 ++`
			`internal/backend/remote-state/s3/backend.go \| 17 ++++++++++++++---`
			`2 files changed, 16 insertions(+), 3 deletions(-)`

			`diff --git a/CHANGELOG.md b/CHANGELOG.md`
			`index ac11d9cea29..c260fcb4ee0 100644`
			`--- a/CHANGELOG.md`
			`+++ b/CHANGELOG.md`
			`@@ -4,6 +4,8 @@ ENHANCEMENTS:`

			`BUG FIXES:`

			+* Fix bug where lower-case `http_proxy`/`https_proxy` env variables were no longer supported in the S3 backend ([#1594](https://github.com/opentofu/opentofu/issues/1594))
			`+`
			`## 1.6.2`

			`ENHANCEMENTS:`
			`diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go`
			`index 8201baf72a7..35b5717ff23 100644`
			`--- a/internal/backend/remote-state/s3/backend.go`
			`+++ b/internal/backend/remote-state/s3/backend.go`
			`@@ -732,9 +732,10 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {`
			`// Note: we don't need to read env variables explicitly because they are read implicitly by aws-sdk-base-go:`
			`// see: https://github.com/hashicorp/aws-sdk-go-base/blob/v2.0.0-beta.41/internal/config/config.go#L133`
			`// which relies on: https://cs.opensource.google/go/x/net/+/refs/tags/v0.18.0:http/httpproxy/proxy.go;l=89-96`
			`- HTTPProxy: aws.String(stringAttrDefaultEnvVar(obj, "http_proxy", "HTTP_PROXY")),`
			`- HTTPSProxy: aws.String(stringAttrDefaultEnvVar(obj, "https_proxy", "HTTPS_PROXY")),`
			`- NoProxy: stringAttrDefaultEnvVar(obj, "no_proxy", "NO_PROXY"),`
			`+ //`
			`+ // Note: we are switching to "separate" mode here since the legacy mode is deprecated and should no longer be`
			`+ // used.`
			`+ HTTPProxyMode: awsbase.HTTPProxyModeSeparate,`
			`Insecure: boolAttr(obj, "insecure"),`
			`UseDualStackEndpoint: boolAttr(obj, "use_dualstack_endpoint"),`
			`UseFIPSEndpoint: boolAttr(obj, "use_fips_endpoint"),`
			`@@ -754,6 +755,16 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {`
			`cfg.UseLegacyWorkflow = true`
			`}`

			`+ if val, ok := stringAttrOk(obj, "http_proxy"); ok {`
			`+ cfg.HTTPProxy = &val`
			`+ }`
			`+ if val, ok := stringAttrOk(obj, "https_proxy"); ok {`
			`+ cfg.HTTPSProxy = &val`
			`+ }`
			`+ if val, ok := stringAttrOk(obj, "no_proxy"); ok {`
			`+ cfg.NoProxy = val`
			`+ }`
			`+`
			`if val, ok := boolAttrOk(obj, "skip_metadata_api_check"); ok {`
			`if val {`
			`cfg.EC2MetadataServiceEnableState = imds.ClientDisabled`