Add optional cacert_file parameter to openstack provider
Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured
This commit is contained in:
Karol Stepniewski
parent
45d76e4634
commit
88fb724af8
|
|
@ -2,7 +2,9 @@ package openstack
|
|||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/rackspace/gophercloud"
|
||||
|
|
@ -21,6 +23,7 @@ type Config struct {
|
|||
DomainName string
|
||||
Insecure bool
|
||||
EndpointType string
|
||||
CACertFile string
|
||||
|
||||
osClient *gophercloud.ProviderClient
|
||||
}
|
||||
|
|
@ -51,6 +54,24 @@ func (c *Config) loadAndValidate() error {
|
|||
return err
|
||||
}
|
||||
|
||||
if c.CACertFile != "" {
|
||||
|
||||
caCert, err := ioutil.ReadFile(c.CACertFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
caCertPool := x509.NewCertPool()
|
||||
caCertPool.AppendCertsFromPEM(caCert)
|
||||
|
||||
config := &tls.Config{
|
||||
RootCAs: caCertPool,
|
||||
}
|
||||
|
||||
transport := &http.Transport{TLSClientConfig: config}
|
||||
client.HTTPClient.Transport = transport
|
||||
}
|
||||
|
||||
if c.Insecure {
|
||||
// Configure custom TLS settings.
|
||||
config := &tls.Config{InsecureSkipVerify: true}
|
||||
|
|
|
|||
|
|
@ -66,6 +66,11 @@ func Provider() terraform.ResourceProvider {
|
|||
Optional: true,
|
||||
DefaultFunc: envDefaultFuncAllowMissing("OS_ENDPOINT_TYPE"),
|
||||
},
|
||||
"cacert_file": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: envDefaultFuncAllowMissing("OS_CACERT"),
|
||||
},
|
||||
},
|
||||
|
||||
ResourcesMap: map[string]*schema.Resource{
|
||||
|
|
@ -108,6 +113,7 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
|
|||
DomainName: d.Get("domain_name").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
EndpointType: d.Get("endpoint_type").(string),
|
||||
CACertFile: d.Get("cacert_file").(string),
|
||||
}
|
||||
|
||||
if err := config.loadAndValidate(); err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue