diff --git a/tfe/provider.go b/tfe/provider.go index b425be492..9e60fb412 100644 --- a/tfe/provider.go +++ b/tfe/provider.go @@ -2,9 +2,11 @@ package tfe import ( "context" + "crypto/tls" "fmt" "io/ioutil" "log" + "net/http" "net/url" "os" "sort" @@ -59,6 +61,13 @@ func Provider() terraform.ResourceProvider { Description: descriptions["token"], DefaultFunc: schema.EnvDefaultFunc("TFE_TOKEN", nil), }, + + "ssl_skip_verify": { + Type: schema.TypeBool, + Optional: true, + Description: descriptions["ssl_skip_verify"], + DefaultFunc: schema.EnvDefaultFunc("TFE_SSL_SKIP_VERIFY", false), + }, }, DataSourcesMap: map[string]*schema.Resource{ @@ -106,6 +115,17 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { providerUaString := fmt.Sprintf("terraform-provider-tfe/%s", providerVersion.ProviderVersion) + httpClient := tfe.DefaultConfig().HTTPClient + + // Make sure the transport has a TLS config. + transport := httpClient.Transport.(*http.Transport) + if transport.TLSClientConfig == nil { + transport.TLSClientConfig = &tls.Config{} + } + + // Configure the certificate verification options. + transport.TLSClientConfig.InsecureSkipVerify = d.Get("ssl_skip_verify").(bool) + // Get the Terraform CLI configuration. config := cliConfig() @@ -113,7 +133,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { credsSrc := credentialsSource(config) services := disco.NewWithCredentialsSource(credsSrc) services.SetUserAgent(providerUaString) - services.Transport = logging.NewTransport("TFE Discovery", services.Transport) + services.Transport = logging.NewTransport("TFE Discovery", transport) // Add any static host configurations service discovery object. for userHost, hostConfig := range config.Hosts { @@ -190,8 +210,8 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { return nil, fmt.Errorf("required token could not be found") } - httpClient := tfe.DefaultConfig().HTTPClient - httpClient.Transport = logging.NewTransport("TFE", httpClient.Transport) + // Wrap the configured transport to enable logging. + httpClient.Transport = logging.NewTransport("TFE", transport) // Create a new TFE client config cfg := &tfe.Config{ @@ -378,4 +398,5 @@ var descriptions = map[string]string{ "hostname": "The Terraform Enterprise hostname to connect to. Defaults to app.terraform.io.", "token": "The token used to authenticate with Terraform Enterprise. We recommend omitting\n" + "the token which can be set as credentials in the CLI config file.", + "ssl_skip_verify": "Whether or not to skip certificate verifications.", } diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 6e9ad9394..5ccdb3bef 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -120,3 +120,6 @@ The following arguments are supported: in the [CLI config file](/docs/commands/cli-config.html#credentials) or set the `TFE_TOKEN` environment variable. See [Authentication](#authentication) above for more. +* `ssl_skip_verify` - (Optional) Whether or not to skip certificate verifications. + Defaults to `false`. Can be overridden setting the `TFE_SSL_SKIP_VERIFY` + environment variable.