fix: resolved failing enotfound error in hcp vault app connection

[akhilmhdh]

Context

This PR fixes ENOTFOUND error with gateway usage ofr hcp vault app connection. This was because the gateway boolean flag was not getting passed to the function.

Removed check blockLocalAndPrivateIpAddresses from getInstanceURl` as it's already done in main request function

Screenshots

1. Create an app connection for vault with gateway that can only be reached by gateway

Steps to verify the change

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

Fixed ENOTFOUND error when using HCP Vault app connections with a gateway by correctly passing the gateway flag to blockLocalAndPrivateIpAddresses. The function now skips IP validation for gateway-routed connections, which is necessary because internal hosts may only be accessible through the gateway.

Changes made:

• Moved blockLocalAndPrivateIpAddresses call in requestWithHCVaultGateway to before the gateway check and passed Boolean(gatewayId) as the second parameter to properly skip validation for gateway connections
• Removed redundant blockLocalAndPrivateIpAddresses call from getHCVaultInstanceUrl since validation is already performed in requestWithHCVaultGateway

The fix correctly addresses the root cause where DNS resolution was failing for internal hosts that should only be accessed via gateway.

Confidence Score: 4/5

• Safe to merge with minor style consideration
• The fix correctly addresses the ENOTFOUND error by properly passing the gateway flag to skip IP validation for gateway-routed connections. The removal of redundant validation from getHCVaultInstanceUrl is appropriate since validation is done at the request level. The logic is sound and aligns with the security model where gateway connections need to bypass local/private IP blocking. One style inconsistency noted with GitHub implementation but doesn't affect functionality.
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/services/app-connection/hc-vault/hc-vault-connection-fns.ts	Fixed ENOTFOUND error by passing gateway flag to blockLocalAndPrivateIpAddresses and removed redundant IP check from getHCVaultInstanceUrl. The fix ensures gateway-routed connections bypass IP blocking.

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}