Summary
Operators that need to route inventory sync or project update (SCM) traffic through a proxy currently rely on the global "Extra Environment Variables" setting to inject http_proxy/https_proxy. This is an all-or-nothing approach: every sync and update uses the same proxy (or none).
This request is for a dedicated proxy field on Inventory Source and Project resources, allowing per-resource proxy configuration for HTTP, HTTPS, and SOCKS proxies. The field would set http_proxy, https_proxy, HTTP_PROXY, and HTTPS_PROXY environment variables during the update operation, overriding the global setting.
Use case
Environments with segmented networks where different inventory sources or SCM repositories are reachable through different proxies. For example, an operator may have:
- An internal VMware vCenter inventory source accessible directly
- A cloud-based inventory source that requires an egress proxy
- A Git repository behind a corporate proxy with authentication
Currently there is no way to configure proxy on a per-resource basis without resorting to custom credential plugins or wrapper scripts.
Proposed behaviour
- Add a
proxy field (string, optional) to Inventory Source and Project models
- When set, the proxy URL is injected as
http_proxy, https_proxy, HTTP_PROXY, and HTTPS_PROXY into the execution environment for that specific update operation
- The proxy value supports authentication (e.g.
http://user:pass@proxy.example.com:3128)
- Credentials in the proxy URL are encrypted at rest and masked in API responses (consistent with EDA's
Project.proxy field)
- Integrated with the
regenerate_secret_key management command for key rotation
- The per-resource proxy overrides the global proxy set in Extra Environment Variables
Prior art
Event-Driven Ansible (EDA) already has a proxy field on its Project model with similar semantics.
Summary
Operators that need to route inventory sync or project update (SCM) traffic through a proxy currently rely on the global "Extra Environment Variables" setting to inject
http_proxy/https_proxy. This is an all-or-nothing approach: every sync and update uses the same proxy (or none).This request is for a dedicated
proxyfield on Inventory Source and Project resources, allowing per-resource proxy configuration for HTTP, HTTPS, and SOCKS proxies. The field would sethttp_proxy,https_proxy,HTTP_PROXY, andHTTPS_PROXYenvironment variables during the update operation, overriding the global setting.Use case
Environments with segmented networks where different inventory sources or SCM repositories are reachable through different proxies. For example, an operator may have:
Currently there is no way to configure proxy on a per-resource basis without resorting to custom credential plugins or wrapper scripts.
Proposed behaviour
proxyfield (string, optional) to Inventory Source and Project modelshttp_proxy,https_proxy,HTTP_PROXY, andHTTPS_PROXYinto the execution environment for that specific update operationhttp://user:pass@proxy.example.com:3128)Project.proxyfield)regenerate_secret_keymanagement command for key rotationPrior art
Event-Driven Ansible (EDA) already has a
proxyfield on itsProjectmodel with similar semantics.