Add flags for unverified SSL/TLS

This commit is contained in:
Sebastiaan van Steenis 2016-01-24 20:25:41 +01:00
parent 1e99ff6c44
commit 6fe6ff4e7a
3 changed files with 25 additions and 9 deletions

View File

@ -14,11 +14,13 @@ type Config struct {
Href string
VDC string
MaxRetryTimeout int
InsecureFlag bool
}
type VCDClient struct {
*govcd.VCDClient
MaxRetryTimeout int
InsecureFlag bool
}
func (c *Config) Client() (*VCDClient, error) {
@ -28,8 +30,8 @@ func (c *Config) Client() (*VCDClient, error) {
}
vcdclient := &VCDClient{
govcd.NewVCDClient(*u),
c.MaxRetryTimeout}
govcd.NewVCDClient(*u, c.InsecureFlag),
c.MaxRetryTimeout, c.InsecureFlag}
org, vcd, err := vcdclient.Authenticate(c.User, c.Password, c.Org, c.VDC)
if err != nil {
return nil, fmt.Errorf("Something went wrong: %s", err)

View File

@ -50,6 +50,13 @@ func Provider() terraform.ResourceProvider {
DefaultFunc: schema.EnvDefaultFunc("VCD_MAX_RETRY_TIMEOUT", 60),
Description: "Max num seconds to wait for successful response when operating on resources within vCloud (defaults to 60)",
},
"allow_unverified_ssl": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("VCD_ALLOW_UNVERIFIED_SSL", false),
Description: "If set, VCDClient will permit unverifiable SSL certificates.",
},
},
ResourcesMap: map[string]*schema.Resource{
@ -72,6 +79,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
Href: d.Get("url").(string),
VDC: d.Get("vdc").(string),
MaxRetryTimeout: d.Get("maxRetryTimeout").(int),
InsecureFlag: d.Get("allow_unverified_ssl").(bool),
}
return config.Client()

View File

@ -25,6 +25,7 @@ provider "vcd" {
url = "${var.vcd_url}"
vdc = "${var.vcd_vdc}"
maxRetryTimeout = "${var.vcd_maxRetryTimeout}"
allow_unverified_ssl = "${var.vcd_allow_unverified_ssl}"
}
# Create a new network
@ -56,3 +57,8 @@ The following arguments are used to configure the VMware vCloud Director Provide
(as long as it is still within the `maxRetryTimeout` value) to try and ensure success.
Defaults to 60 seconds if not set.
Can also be specified with the `VCD_MAX_RETRY_TIMEOUT` environment variable.
* `allow_unverified_ssl` - (Optional) Boolean that can be set to true to
disable SSL certificate verification. This should be used with care as it
could allow an attacker to intercept your auth token. If omitted, default
value is false. Can also be specified with the
`VCD_ALLOW_UNVERIFIED_SSL` environment variable.