diff --git a/builtin/providers/nomad/provider.go b/builtin/providers/nomad/provider.go index d23c4ad97f92..61f8603bcbf9 100644 --- a/builtin/providers/nomad/provider.go +++ b/builtin/providers/nomad/provider.go @@ -24,6 +24,24 @@ func Provider() terraform.ResourceProvider { DefaultFunc: schema.EnvDefaultFunc("NOMAD_REGION", ""), Description: "Region of the target Nomad agent.", }, + "ca_file": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("NOMAD_CACERT", ""), + Description: "A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.", + }, + "cert_file": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_CERT", ""), + Description: "A path to a PEM-encoded certificate provided to the remote agent; requires use of key_file.", + }, + "key_file": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_KEY", ""), + Description: "A path to a PEM-encoded private key, required if cert_file is specified.", + }, }, ConfigureFunc: providerConfigure, @@ -38,6 +56,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { config := api.DefaultConfig() config.Address = d.Get("address").(string) config.Region = d.Get("region").(string) + config.TLSConfig.CACert = d.Get("ca_file").(string) + config.TLSConfig.ClientCert = d.Get("cert_file").(string) + config.TLSConfig.ClientKey = d.Get("key_file").(string) client, err := api.NewClient(config) if err != nil { diff --git a/website/source/docs/providers/nomad/index.html.markdown b/website/source/docs/providers/nomad/index.html.markdown index acf696d2e4d8..129a9540b463 100644 --- a/website/source/docs/providers/nomad/index.html.markdown +++ b/website/source/docs/providers/nomad/index.html.markdown @@ -34,3 +34,6 @@ The following arguments are supported: * `address` - (Optional) The HTTP(S) API address of the Nomad agent to use. Defaults to `http://127.0.0.1:4646`. The `NOMAD_ADDR` environment variable can also be used. * `region` - (Optional) The Nomad region to target. The `NOMAD_REGION` environment variable can also be used. +* `ca_file` - (Optional) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate. The `NOMAD_CACERT` environment variable can also be used. +* `cert_file` - (Optional) A path to a PEM-encoded certificate provided to the remote agent; requires use of `key_file`. The `NOMAD_CLIENT_CERT` environment variable can also be used. +* `key_file`- (Optional) A path to a PEM-encoded private key, required if `cert_file` is specified. The `NOMAD_CLIENT_KEY` environment variable can also be used.