provider/vsphere: Add allow_unverified_ssl flag for unverified SSL requests
This commit is contained in:
Takaaki Furukawa
Paul Hinze
parent
2a49ebb448
commit
3a08cc9334
|
|
@ -9,14 +9,11 @@ import (
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
|
||||||
defaultInsecureFlag = true
|
|
||||||
)
|
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
User string
|
User string
|
||||||
Password string
|
Password string
|
||||||
VSphereServer string
|
VSphereServer string
|
||||||
|
InsecureFlag bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Client() returns a new client for accessing VMWare vSphere.
|
// Client() returns a new client for accessing VMWare vSphere.
|
||||||
|
|
@ -28,7 +25,7 @@ func (c *Config) Client() (*govmomi.Client, error) {
|
||||||
|
|
||||||
u.User = url.UserPassword(c.User, c.Password)
|
u.User = url.UserPassword(c.User, c.Password)
|
||||||
|
|
||||||
client, err := govmomi.NewClient(context.TODO(), u, defaultInsecureFlag)
|
client, err := govmomi.NewClient(context.TODO(), u, c.InsecureFlag)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Error setting up client: %s", err)
|
return nil, fmt.Errorf("Error setting up client: %s", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,13 @@ func Provider() terraform.ResourceProvider {
|
||||||
DefaultFunc: schema.EnvDefaultFunc("VSPHERE_SERVER", nil),
|
DefaultFunc: schema.EnvDefaultFunc("VSPHERE_SERVER", nil),
|
||||||
Description: "The vSphere Server name for vSphere API operations.",
|
Description: "The vSphere Server name for vSphere API operations.",
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"allow_unverified_ssl": &schema.Schema{
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Optional: true,
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("VSPHERE_ALLOW_UNVERIFIED_SSL", false),
|
||||||
|
Description: "If set, VMware vSphere client will permit unverifiable SSL certificates.",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
ResourcesMap: map[string]*schema.Resource{
|
ResourcesMap: map[string]*schema.Resource{
|
||||||
|
|
@ -44,6 +51,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
||||||
User: d.Get("user").(string),
|
User: d.Get("user").(string),
|
||||||
Password: d.Get("password").(string),
|
Password: d.Get("password").(string),
|
||||||
VSphereServer: d.Get("vsphere_server").(string),
|
VSphereServer: d.Get("vsphere_server").(string),
|
||||||
|
InsecureFlag: d.Get("allow_unverified_ssl").(bool),
|
||||||
}
|
}
|
||||||
|
|
||||||
return config.Client()
|
return config.Client()
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,11 @@ The following arguments are used to configure the VMware vSphere Provider:
|
||||||
* `vsphere_server` - (Required) This is the vCenter server name for vSphere API
|
* `vsphere_server` - (Required) This is the vCenter server name for vSphere API
|
||||||
operations. Can also be specified with the `VSPHERE_SERVER` environment
|
operations. Can also be specified with the `VSPHERE_SERVER` environment
|
||||||
variable.
|
variable.
|
||||||
|
* `allow_unverified_ssl` - (Optional) Boolean that can be set to true to
|
||||||
|
disable SSL certificate verification. This should be used with care as it
|
||||||
|
could allow an attacker to intercept your auth token. If omitted, default
|
||||||
|
value is `false`. Can also be specified with the `VSPHERE_ALLOW_UNVERIFIED_SSL`
|
||||||
|
environment variable.
|
||||||
|
|
||||||
## Acceptance Tests
|
## Acceptance Tests
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue