From 3a08cc9334dc5feebebfc4145da49c4e7273dd51 Mon Sep 17 00:00:00 2001 From: Takaaki Furukawa Date: Sun, 15 Nov 2015 12:24:28 +0900 Subject: [PATCH] provider/vsphere: Add allow_unverified_ssl flag for unverified SSL requests --- builtin/providers/vsphere/config.go | 7 ++----- builtin/providers/vsphere/provider.go | 8 ++++++++ website/source/docs/providers/vsphere/index.html.markdown | 5 +++++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/builtin/providers/vsphere/config.go b/builtin/providers/vsphere/config.go index 06deedaeb..07ec95d00 100644 --- a/builtin/providers/vsphere/config.go +++ b/builtin/providers/vsphere/config.go @@ -9,14 +9,11 @@ import ( "golang.org/x/net/context" ) -const ( - defaultInsecureFlag = true -) - type Config struct { User string Password string VSphereServer string + InsecureFlag bool } // Client() returns a new client for accessing VMWare vSphere. @@ -28,7 +25,7 @@ func (c *Config) Client() (*govmomi.Client, error) { u.User = url.UserPassword(c.User, c.Password) - client, err := govmomi.NewClient(context.TODO(), u, defaultInsecureFlag) + client, err := govmomi.NewClient(context.TODO(), u, c.InsecureFlag) if err != nil { return nil, fmt.Errorf("Error setting up client: %s", err) } diff --git a/builtin/providers/vsphere/provider.go b/builtin/providers/vsphere/provider.go index 9a749a127..4ed148885 100644 --- a/builtin/providers/vsphere/provider.go +++ b/builtin/providers/vsphere/provider.go @@ -29,6 +29,13 @@ func Provider() terraform.ResourceProvider { DefaultFunc: schema.EnvDefaultFunc("VSPHERE_SERVER", nil), Description: "The vSphere Server name for vSphere API operations.", }, + + "allow_unverified_ssl": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("VSPHERE_ALLOW_UNVERIFIED_SSL", false), + Description: "If set, VMware vSphere client will permit unverifiable SSL certificates.", + }, }, ResourcesMap: map[string]*schema.Resource{ @@ -44,6 +51,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { User: d.Get("user").(string), Password: d.Get("password").(string), VSphereServer: d.Get("vsphere_server").(string), + InsecureFlag: d.Get("allow_unverified_ssl").(bool), } return config.Client() diff --git a/website/source/docs/providers/vsphere/index.html.markdown b/website/source/docs/providers/vsphere/index.html.markdown index 8cacfd36b..db0edc192 100644 --- a/website/source/docs/providers/vsphere/index.html.markdown +++ b/website/source/docs/providers/vsphere/index.html.markdown @@ -58,6 +58,11 @@ The following arguments are used to configure the VMware vSphere Provider: * `vsphere_server` - (Required) This is the vCenter server name for vSphere API operations. Can also be specified with the `VSPHERE_SERVER` environment variable. +* `allow_unverified_ssl` - (Optional) Boolean that can be set to true to + disable SSL certificate verification. This should be used with care as it + could allow an attacker to intercept your auth token. If omitted, default + value is `false`. Can also be specified with the `VSPHERE_ALLOW_UNVERIFIED_SSL` + environment variable. ## Acceptance Tests