Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support insecure TLS communication to API endpoint #163

Merged
merged 1 commit into from
Dec 18, 2021
+14 −1
Merged

Support insecure TLS communication to API endpoint #163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,5 @@ provider "boundary" {
- **password_auth_method_login_name** (String) The auth method login name for password-style auth methods
- **password_auth_method_password** (String) The auth method password for password-style auth methods
- **recovery_kms_hcl** (String) Can be a heredoc string or a path on disk. If set, the string/file will be parsed as HCL and used with the recovery KMS mechanism. While this is set, it will override any other authentication information; the KMS mechanism will always be used. See Boundary's KMS docs for examples: https://boundaryproject.io/docs/configuration/kms
- **token** (String) The Boundary token to use, as a string or path on disk containing just the string. If set, the token read here will be used in place of authenticating with the auth method specified in "auth_method_id", although the recovery KMS mechanism will still override this. Can also be set with the BOUNDARY_TOKEN environment variable.
- **token** (String) The Boundary token to use, as a string or path on disk containing just the string. If set, the token read here will be used in place of authenticating with the auth method specified in "auth_method_id", although the recovery KMS mechanism will still override this. Can also be set with the BOUNDARY_TOKEN environment variable.
- **tls_insecure** (Boolean) When set to true, does not validate the Boundary API endpoint certificate. Can be set through `BOUNDARY_TLS_INSECURE` environment variable. Defaults to `false`.
12 changes: 12 additions & 0 deletions internal/provider/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ func New() *schema.Provider {
Optional: true,
Description: "The auth method password for password-style auth methods",
},
"tls_insecure": {
Type: schema.TypeBool,
Optional: true,
Description: "When set to true, does not validate the Boundary API endpoint certificate",
DefaultFunc: schema.EnvDefaultFunc("BOUNDARY_TLS_INSECURE", false),
},
},
ResourcesMap: map[string]*schema.Resource{
"boundary_account": resourceAccount(),
Expand Down Expand Up @@ -169,6 +175,12 @@ func providerConfigure(p *schema.Provider) schema.ConfigureContextFunc {
return nil, diag.Errorf(`"no valid address could be determined from "addr" or "BOUNDARY_ADDR" env var`)
}

if tlsInsecure, ok := d.GetOk("tls_insecure"); ok {
if client.SetTLSConfig(&api.TLSConfig{Insecure: tlsInsecure.(bool)}) != nil {
return nil, diag.Errorf("could not set insecure tls")
}
}

client.SetLimiter(5, 5)

md := &metaData{
Expand Down