Add support for override the default endpoint URL and insecure option

[eranco74]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Allow to configure terraform to work with custom endpoint rather than www.googleapis.com/compute www.googleapis.com/storage and others.
Also, in case of selfsigned certificate on that endpoint, it would be great to provide an insecure option.

New or Affected Resource(s)

• None

Potential Terraform Configuration

Allow overriding the default endpoint URL. this option should allow connection to custom GCE endpoints
The insecure option should allow the provider to perform "insecure" SSL requests. If omitted, default value should be false.
# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.

References

• #0000

[Chupaka]

How much "insecure"?.. Any background for the request?

[rileykarson]

Hey @eran-stratoscale! As @Chupaka asked, it isn't clear which requests should be insecure or why based on this issue. Do you mind elaborating more, and sharing what kind of use case this opens up for you?

[eranco74]

Hey, I've updated the title and the description.

[rileykarson]

Thanks! If this is for https://www.terraform.io/docs/providers/google/r/endpoints_service.html, can you point out somewhere else the default endpoint URL / insecure option can be configured? For example, on the Cloud Console, gcloud, or through an API / language-specific client.

[eranco74]

Hey @rileykarson
This request is relevant for running terraform using the google provider on cloud providers that support the google cloud platform API.

In gcloud I can configure api endpoint overrides:
gcloud config set api_endpoint_overrides/compute http://localhost:8082/

This option is also supported in terraform aws provider:
https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/config.go#L159

In the aws provider there is also an option to configure the insecure flag:
https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/config.go#L179

[romfreiman]

@Chupaka @rileykarson does the requirement make sense? The goal is to configure terraform to work with custom endpoint rather than google.com/ auth2.google.com and others.
Also, in case of selfsigned certificate on that endpoint, it would be great to provide an insecure mode.

Similar to what aws provider supports

[rileykarson]

The requirement makes sense, I'll follow through on what changes this would require. I'll probably post an update ~EOW.

[rileykarson]

Alright, went through the changes with the team and confirmed this is something we want to do. That said, it's also something we'd like to cut over almost entirely in a single release, and there's some work to be done in Magic Modules to support this use case. None of us have cycles immediately, but this is absolutely an issue we're going to tackle for a future release.

If I don't find time within the next ~month I'll set aside time to work through this change.

[romfreiman]

@rileykarson can we @ Stratoscale assist maybe?

[rileykarson]

I'd rather do most of this in one swoop I think, it's just a matter of me getting enough time to accomplish that in a short enough time period to include it in a release window.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!