This message was deleted Infracost Community #help

$https://infracost.io logo$

Join Slack

This message was deleted.

# help

broad-zoo-34077

07/14/2023, 12:29 PM

This message was deleted.

little-author-61621

07/14/2023, 12:30 PM

Hi @powerful-author-61934. Does your Jenkins have an http proxy enabled?

powerful-author-61934

07/14/2023, 12:39 PM

Hi @little-author-61621, sorry but I don't have the idea of setting proxy for Infracost in Jenkins. Can you please guide a little bit more on the same. Thanks

little-author-61621

07/14/2023, 12:43 PM

Hi @powerful-author-61934, I’ve seen this error before when someone has their CI/CD integration configured with

http_proxy

https_proxy

environment variables, so I was wondering if your Jenkins installation has anything like this. One option to test this is to set the following env variable in your pipeline:

Copy code

no_proxy=<http://pricing.api.infracost.io|pricing.api.infracost.io>

powerful-author-61934

07/14/2023, 12:46 PM

I have tried with this also, but still getting the same error

little-author-61621

07/14/2023, 12:48 PM

Does running this in the pipeline work:

Copy code

curl -i <https://pricing.api.infracost.io/health> -H "X-Api-Key: API_KEY"

little-author-61621

07/14/2023, 12:48 PM

Where

API_KEY

is your api key

powerful-author-61934

07/14/2023, 12:49 PM

I have checked and found a raised issue on Infracost https://github.com/infracost/infracost/issues/1238 It is stated that this issue was resolved in v0.9.16

little-author-61621

07/14/2023, 12:50 PM

Ah okay, which version are you using?

powerful-author-61934

07/14/2023, 12:50 PM

Currently I am using v0.10.22

powerful-author-61934

07/14/2023, 12:50 PM

As HTML report issues is there in v0.10.24

little-author-61621

07/14/2023, 12:51 PM

Ok, that fix should be in v0.10.22

powerful-author-61934

07/14/2023, 12:52 PM

No i am using the same version bt still getting that issue

little-author-61621

07/14/2023, 12:52 PM

Does the

curl

command work for you?

powerful-author-61934

07/14/2023, 12:58 PM

No it is giving "SSL certificate problem: unable to get local issuer certificate" error

little-author-61621

07/14/2023, 12:59 PM

Does it work for other URLs like https://google.com?

powerful-author-61934

07/14/2023, 1:00 PM

No maybe curl is having certificate issue here

little-author-61621

07/14/2023, 1:01 PM

You could try curl with

--insecure

option to see.

powerful-author-61934

07/14/2023, 1:03 PM

Yes tried that, it is not giving any output and pipeline failed without stating any error with exit code 6

little-author-61621

07/14/2023, 1:04 PM

You could try this env variable

INFRACOST_TLS_INSECURE_SKIP_VERIFY=true

That will work the same as the curl

--insecure

flag.

powerful-author-61934

07/14/2023, 1:17 PM

I tried setting this env variable

INFRACOST_TLS_INSECURE_SKIP_VERIFY=true

But if I set this then infracost is showing INVALID API KEY. I tried switching this variable then I am getting the same error as above(x509)

little-author-61621

07/14/2023, 1:19 PM

What does

curl -vvv <https://pricing.api.infracost.io/>

show?

powerful-author-61934

07/14/2023, 1:25 PM

Same: SSL certificate problem: unable to get local issuer certificate Tried it with -insecure option as well

little-author-61621

07/14/2023, 1:25 PM

Okay, but did it give more logs… they might help in working out what the problem is.

powerful-author-61934

07/14/2023, 1:26 PM

Sure I will paste the complete log here

👍 1

powerful-author-61934

07/17/2023, 8:46 AM

Hi @little-author-61621, I have tried the

curl -vvv <https://pricing.api.infracost.io/> --cacert cacert.pem -k

command, and after connecting to host pricing.api.infracost.io it is saying

* Connection #0 to host <http://pricing.api.infracost.io|pricing.api.infracost.io> left intact {"error": "Invalid API key"}

and ultimately throwing same x509 error

little-author-61621

07/17/2023, 9:12 AM

@powerful-author-61934 do you have the full logs from that command?

powerful-author-61934

07/17/2023, 9:23 AM

Copy code

+ curl -vvv <https://pricing.api.infracost.io/> --cacert cacert.pem -k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0*   Trying 52.95.251.237:443...
* Connected to <http://pricing.api.infracost.io|pricing.api.infracost.io> (52.95.251.237) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: cacert.pem
*  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
 
  0     0    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [155 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3222 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.<http://api.infracost.io|api.infracost.io>
*  start date: Jul 15 09:25:06 2023 GMT
*  expire date: Jul 29 09:25:06 2023 GMT
*  issuer: C=US; ST=California; O=Zscaler Inc.; OU=Zscaler Inc.; CN=Zscaler Intermediate Root CA (<http://zscalerthree.net|zscalerthree.net>) (t) 
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
} [5 bytes data]
> GET / HTTP/1.1
> Host: <http://pricing.api.infracost.io|pricing.api.infracost.io>
> User-Agent: curl/7.74.0
> Accept: */*
> 
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Mon, 17 Jul 2023 07:38:01 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 27
< Connection: keep-alive
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< ETag: W/"1b-MUVDKc802GySH68qxmhhZ8AjuoI"
< 
{ [27 bytes data]
 
100    27  100    27    0     0      5      0  0:00:05  0:00:04  0:00:01     6
* Connection #0 to host <http://pricing.api.infracost.io|pricing.api.infracost.io> left intact
{"error":"Invalid API key"}
[Pipeline] sh
+ infracost breakdown --path=.
time="2023-07-17T07:38:02Z" level=info msg="Evaluating Terraform directory at ."
time="2023-07-17T07:38:02Z" level=info msg="Starting: Downloading Terraform modules"
time="2023-07-17T07:38:02Z" level=info msg="Starting: Evaluating Terraform directory"
time="2023-07-17T07:38:02Z" level=info msg="Starting: Retrieving cloud prices to calculate costs"
time="2023-07-17T07:38:09Z" level=error library=retryablehttp msg="request failed error Post \"<https://pricing.api.infracost.io/graphql>\": x509: certificate signed by unknown authority method POST url <https://pricing.api.infracost.io/graphql>"
 
time="2023-07-17T07:38:12Z" level=error library=retryablehttp msg="request failed error Post \"<https://pricing.api.infracost.io/event>\": x509: certificate signed by unknown authority method POST url <https://pricing.api.infracost.io/event>"
time="2023-07-17T07:38:12Z" level=error msg="Error reporting event: Error sending API request: Post \"<https://pricing.api.infracost.io/event>\": POST <https://pricing.api.infracost.io/event> giving up after 1 attempt(s): Post \"<https://pricing.api.infracost.io/event>\": x509: certificate signed by unknown authority"
 
Project: *****
 
Errors:
  Error sending API request:
    Post "<https://pricing.api.infracost.io/graphql>":
      POST <https://pricing.api.infracost.io/graphql> giving up after 1 attempt(s):
        Post "<https://pricing.api.infracost.io/graphql>":
          x509:
            certificate signed by unknown authority
 
 OVERALL TOTAL       $0.00

powerful-author-61934

07/17/2023, 9:24 AM

Hi @little-author-61621 this are the logs

little-author-61621

07/17/2023, 9:30 AM

Copy code

*  issuer: C=US; ST=California; O=Zscaler Inc.; OU=Zscaler Inc.; CN=Zscaler Intermediate Root CA (<http://zscalerthree.net|zscalerthree.net>) (t) 
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

Looks like this is a going through a proxy server on your end which it’s unable to get the certificate for. Do you have the Zscaler Intermediate Root CA certificate installed?

powerful-author-61934

07/17/2023, 9:36 AM

I have Zscaler service enabled currently but I dont have any knowledge about the Zscaler Intermediate Root CA certificate.

little-author-61621

07/17/2023, 9:54 AM

Okay, it’s not something I’ve used before but we do support passing a custom certificates using:

Copy code

export INFRACOST_TLS_CA_CERT_FILE=/path/to/ca.crt

little-author-61621

07/17/2023, 9:55 AM

Here’s some relevant docs I could find from the Zscaler website: https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trust-store

powerful-author-61934

07/18/2023, 3:09 PM

Hi @little-author-61621, I have implement the integration. The issue was ZscalerRoot certificate. Thank you for your assistance. Glad to use Infracost.

little-author-61621

07/18/2023, 3:55 PM

Awesome! Thanks @powerful-author-61934 🙏

3 Views

Open in Slack

Previous Next