Merge branch 'rakutentech-insecure-flag'

Rebase of @tkak's work onto master. Closes #3933
hashicorp · Dec 4, 2015 · 5985220 · 5985220
2 parents 2a49ebb + 3a08cc9
commit 5985220
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 5 deletions.
diff --git a/builtin/providers/vsphere/config.go b/builtin/providers/vsphere/config.go
@@ -9,14 +9,11 @@ import (
 	"golang.org/x/net/context"
 )
 
-const (
-	defaultInsecureFlag = true
-)
-
 type Config struct {
 	User          string
 	Password      string
 	VSphereServer string
+	InsecureFlag  bool
 }
 
 // Client() returns a new client for accessing VMWare vSphere.
@@ -28,7 +25,7 @@ func (c *Config) Client() (*govmomi.Client, error) {
 
 	u.User = url.UserPassword(c.User, c.Password)
 
-	client, err := govmomi.NewClient(context.TODO(), u, defaultInsecureFlag)
+	client, err := govmomi.NewClient(context.TODO(), u, c.InsecureFlag)
 	if err != nil {
 		return nil, fmt.Errorf("Error setting up client: %s", err)
 	}

diff --git a/builtin/providers/vsphere/provider.go b/builtin/providers/vsphere/provider.go
@@ -29,6 +29,13 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_SERVER", nil),
 				Description: "The vSphere Server name for vSphere API operations.",
 			},
+
+			"allow_unverified_ssl": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_ALLOW_UNVERIFIED_SSL", false),
+				Description: "If set, VMware vSphere client will permit unverifiable SSL certificates.",
+			},
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -44,6 +51,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		User:          d.Get("user").(string),
 		Password:      d.Get("password").(string),
 		VSphereServer: d.Get("vsphere_server").(string),
+		InsecureFlag:  d.Get("allow_unverified_ssl").(bool),
 	}
 
 	return config.Client()

diff --git a/website/source/docs/providers/vsphere/index.html.markdown b/website/source/docs/providers/vsphere/index.html.markdown
@@ -58,6 +58,11 @@ The following arguments are used to configure the VMware vSphere Provider:
 * `vsphere_server` - (Required) This is the vCenter server name for vSphere API
   operations. Can also be specified with the `VSPHERE_SERVER` environment
   variable.
+* `allow_unverified_ssl` - (Optional) Boolean that can be set to true to
+  disable SSL certificate verification. This should be used with care as it
+  could allow an attacker to intercept your auth token. If omitted, default
+  value is `false`. Can also be specified with the `VSPHERE_ALLOW_UNVERIFIED_SSL`
+  environment variable.
 
 ## Acceptance Tests