provider/vsphere: Add allow_unverified_ssl flag for unverified SSL requests

2015-11-15 12:24:28 +09:00 · 2015-11-15 12:24:28 +09:00 · 3a08cc9334
parent 2a49ebb448
commit 3a08cc9334
3 changed files with 15 additions and 5 deletions
--- a/builtin/providers/vsphere/config.go
+++ b/builtin/providers/vsphere/config.go
@ -9,14 +9,11 @@ import (
 	"golang.org/x/net/context"
 )

-const (
-	defaultInsecureFlag = true
-)
-
 type Config struct {
 	User          string
 	Password      string
 	VSphereServer string
+	InsecureFlag  bool
 }

 // Client() returns a new client for accessing VMWare vSphere.
@ -28,7 +25,7 @@ func (c *Config) Client() (*govmomi.Client, error) {

 	u.User = url.UserPassword(c.User, c.Password)

-	client, err := govmomi.NewClient(context.TODO(), u, defaultInsecureFlag)
+	client, err := govmomi.NewClient(context.TODO(), u, c.InsecureFlag)
 	if err != nil {
 		return nil, fmt.Errorf("Error setting up client: %s", err)
 	}
--- a/builtin/providers/vsphere/provider.go
+++ b/builtin/providers/vsphere/provider.go
@ -29,6 +29,13 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_SERVER", nil),
 				Description: "The vSphere Server name for vSphere API operations.",
 			},
+
+			"allow_unverified_ssl": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_ALLOW_UNVERIFIED_SSL", false),
+				Description: "If set, VMware vSphere client will permit unverifiable SSL certificates.",
+			},
 		},

 		ResourcesMap: map[string]*schema.Resource{
@ -44,6 +51,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		User:          d.Get("user").(string),
 		Password:      d.Get("password").(string),
 		VSphereServer: d.Get("vsphere_server").(string),
+		InsecureFlag:  d.Get("allow_unverified_ssl").(bool),
 	}

 	return config.Client()
--- a/website/source/docs/providers/vsphere/index.html.markdown
+++ b/website/source/docs/providers/vsphere/index.html.markdown
@ -58,6 +58,11 @@ The following arguments are used to configure the VMware vSphere Provider:
 * `vsphere_server` - (Required) This is the vCenter server name for vSphere API
  operations. Can also be specified with the `VSPHERE_SERVER` environment
  variable.
+* `allow_unverified_ssl` - (Optional) Boolean that can be set to true to
+  disable SSL certificate verification. This should be used with care as it
+  could allow an attacker to intercept your auth token. If omitted, default
+  value is `false`. Can also be specified with the `VSPHERE_ALLOW_UNVERIFIED_SSL`
+  environment variable.

 ## Acceptance Tests