provider/triton: Add `insecure_skip_tls_verify`

This commit adds an option to skip TLS verification of the Triton endpoint, which can be useful for private or temporary installations not using a certificate signed by a trusted root CA. Fixes #13722.
2017-04-28 11:56:26 -07:00 · 2017-04-28 11:56:26 -07:00 · eaed36b47e
parent 01714eceb5
commit eaed36b47e
2 changed files with 18 additions and 4 deletions
--- a/builtin/providers/triton/provider.go
+++ b/builtin/providers/triton/provider.go
@ -42,6 +42,12 @@ func Provider() terraform.ResourceProvider {
 				Required:    true,
 				DefaultFunc: schema.MultiEnvDefaultFunc([]string{"TRITON_KEY_ID", "SDC_KEY_ID"}, ""),
 			},
+
+			"insecure_skip_tls_verify": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("TRITON_SKIP_TLS_VERIFY", ""),
+			},
 		},

 		ResourcesMap: map[string]*schema.Resource{
@ -56,10 +62,11 @@ func Provider() terraform.ResourceProvider {
 }

 type Config struct {
-	Account     string
-	KeyMaterial string
-	KeyID       string
-	URL         string
+	Account               string
+	KeyMaterial           string
+	KeyID                 string
+	URL                   string
+	InsecureSkipTLSVerify bool
 }

 func (c Config) validate() error {
@ -98,6 +105,10 @@ func (c Config) getTritonClient() (*triton.Client, error) {
 		return nil, errwrap.Wrapf("Error Creating Triton Client: {{err}}", err)
 	}

+	if c.InsecureSkipTLSVerify {
+		client.InsecureSkipTLSVerify()
+	}
+
 	return client, nil
 }

@ -106,6 +117,8 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		Account: d.Get("account").(string),
 		URL:     d.Get("url").(string),
 		KeyID:   d.Get("key_id").(string),
+
+		InsecureSkipTLSVerify: d.Get("insecure_skip_tls_verify").(bool),
 	}

 	if keyMaterial, ok := d.GetOk("key_material"); ok {
--- a/website/source/docs/providers/triton/index.html.markdown
+++ b/website/source/docs/providers/triton/index.html.markdown
@ -33,3 +33,4 @@ The following arguments are supported in the `provider` block:
 * `key_material` - (Optional) This is the private key of an SSH key associated with the Triton account to be used. If this is not set, the private key corresponding to the fingerprint in `key_id` must be available via an SSH Agent.
 * `key_id` - (Required) This is the fingerprint of the public key matching the key specified in `key_path`. It can be obtained via the command `ssh-keygen -l -E md5 -f /path/to/key`
 * `url` - (Optional) This is the URL to the Triton API endpoint. It is required if using a private installation of Triton. The default is to use the Joyent public cloud us-west-1 endpoint. Valid public cloud endpoints include: `us-east-1`, `us-east-2`, `us-east-3`, `us-sw-1`, `us-west-1`, `eu-ams-1`
+* `insecure_skip_tls_verify` (Optional - defaults to false) This allows skipping TLS verification of the Triton endpoint. It is useful when connecting to a temporary Triton installation such as Cloud-On-A-Laptop which does not generally use a certificate signed by a trusted root CA.