Merge pull request #95 from terraform-providers/svh/f-ssl-skip-verify

Add an option to skip certificate verifications
hashicorp · Oct 8, 2020 · c7ee8d3 · c7ee8d3
2 parents 3333bea + 4b38b3d
commit c7ee8d3
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/tfe/provider.go b/tfe/provider.go
@@ -2,9 +2,11 @@ package tfe
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"log"
+	"net/http"
 	"net/url"
 	"os"
 	"sort"
@@ -59,6 +61,13 @@ func Provider() terraform.ResourceProvider {
 				Description: descriptions["token"],
 				DefaultFunc: schema.EnvDefaultFunc("TFE_TOKEN", nil),
 			},
+
+			"ssl_skip_verify": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: descriptions["ssl_skip_verify"],
+				DefaultFunc: schema.EnvDefaultFunc("TFE_SSL_SKIP_VERIFY", false),
+			},
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
@@ -106,14 +115,25 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 
 	providerUaString := fmt.Sprintf("terraform-provider-tfe/%s", providerVersion.ProviderVersion)
 
+	httpClient := tfe.DefaultConfig().HTTPClient
+
+	// Make sure the transport has a TLS config.
+	transport := httpClient.Transport.(*http.Transport)
+	if transport.TLSClientConfig == nil {
+		transport.TLSClientConfig = &tls.Config{}
+	}
+
+	// Configure the certificate verification options.
+	transport.TLSClientConfig.InsecureSkipVerify = d.Get("ssl_skip_verify").(bool)
+
 	// Get the Terraform CLI configuration.
 	config := cliConfig()
 
 	// Create a new credential source and service discovery object.
 	credsSrc := credentialsSource(config)
 	services := disco.NewWithCredentialsSource(credsSrc)
 	services.SetUserAgent(providerUaString)
-	services.Transport = logging.NewTransport("TFE Discovery", services.Transport)
+	services.Transport = logging.NewTransport("TFE Discovery", transport)
 
 	// Add any static host configurations service discovery object.
 	for userHost, hostConfig := range config.Hosts {
@@ -190,8 +210,8 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		return nil, fmt.Errorf("required token could not be found")
 	}
 
-	httpClient := tfe.DefaultConfig().HTTPClient
-	httpClient.Transport = logging.NewTransport("TFE", httpClient.Transport)
+	// Wrap the configured transport to enable logging.
+	httpClient.Transport = logging.NewTransport("TFE", transport)
 
 	// Create a new TFE client config
 	cfg := &tfe.Config{
@@ -378,4 +398,5 @@ var descriptions = map[string]string{
 	"hostname": "The Terraform Enterprise hostname to connect to. Defaults to app.terraform.io.",
 	"token": "The token used to authenticate with Terraform Enterprise. We recommend omitting\n" +
 		"the token which can be set as credentials in the CLI config file.",
+	"ssl_skip_verify": "Whether or not to skip certificate verifications.",
 }
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -120,3 +120,6 @@ The following arguments are supported:
   in the [CLI config file](/docs/commands/cli-config.html#credentials) or set
   the `TFE_TOKEN` environment variable. See [Authentication](#authentication)
   above for more.
+* `ssl_skip_verify` - (Optional) Whether or not to skip certificate verifications.
+  Defaults to `false`. Can be overridden setting the `TFE_SSL_SKIP_VERIFY`
+  environment variable.