Merge pull request #5106 from kars7e/master

Add optional cacert_file parameter to openstack provider

builtin/providers/openstack/config.go

@@ -2,7 +2,9 @@ package openstack
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 
 	"github.com/rackspace/gophercloud"
@@ -21,6 +23,7 @@ type Config struct {
 	DomainName       string
 	Insecure         bool
 	EndpointType     string
+	CACertFile       string
 
 	osClient *gophercloud.ProviderClient
 }
@@ -51,6 +54,24 @@ func (c *Config) loadAndValidate() error {
 		return err
 	}
 
+	if c.CACertFile != "" {
+
+		caCert, err := ioutil.ReadFile(c.CACertFile)
+		if err != nil {
+			return err
+		}
+
+		caCertPool := x509.NewCertPool()
+		caCertPool.AppendCertsFromPEM(caCert)
+
+		config := &tls.Config{
+			RootCAs: caCertPool,
+		}
+
+		transport := &http.Transport{TLSClientConfig: config}
+		client.HTTPClient.Transport = transport
+	}
+
 	if c.Insecure {
 		// Configure custom TLS settings.
 		config := &tls.Config{InsecureSkipVerify: true}

builtin/providers/openstack/provider.go

@@ -66,6 +66,11 @@ func Provider() terraform.ResourceProvider {
 				Optional:    true,
 				DefaultFunc: envDefaultFuncAllowMissing("OS_ENDPOINT_TYPE"),
 			},
+			"cacert_file": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: envDefaultFuncAllowMissing("OS_CACERT"),
+			},
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -108,6 +113,7 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
 		DomainName:       d.Get("domain_name").(string),
 		Insecure:         d.Get("insecure").(bool),
 		EndpointType:     d.Get("endpoint_type").(string),
+		CACertFile:       d.Get("cacert_file").(string),
 	}
 
 	if err := config.loadAndValidate(); err != nil {