provider/vSphere: Add allow_unverified_ssl opt

This patch parameterizes the allow_unverified_ssl option for the vSphere provider used by both Terraform vSphere provider and the K8s vSphere cloud provider. This patch enables the configuration of the allow_unverified_ssl option by users at runtime. The default value is "true". Setting the value to false will cause TLS connections to reject endpoints where the peer certificate cannot be validated.
crosscloudci · Jun 19, 2018 · 88aa523 · 88aa523
1 parent dc90a62
commit 88aa523
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/vsphere/cloud.conf b/vsphere/cloud.conf
@@ -2,7 +2,7 @@
 user="${ vsphere_user }"
 password="${ vsphere_password }"
 server="${ vsphere_server }"
-insecure-flag="1"
+insecure-flag="${ allow_unverified_ssl }"
 datacenter="${ vsphere_datacenter }"
 datastore="${ vsphere_datastore }"
 working-dir="${ vsphere_vm_folder }"
diff --git a/vsphere/input.tf b/vsphere/input.tf
@@ -13,6 +13,10 @@ variable "vsphere_server" {}
 variable "vsphere_user" {}
 variable "vsphere_password" {}
 
+variable "allow_unverified_ssl" {
+  default = false
+}
+
 # AWS Auth Settings for the Load Balancer & Elastic IP
 # This should be the account linked to the VMC SDDC.
 variable "vsphere_aws_access_key_id" {}

diff --git a/vsphere/vsphere.tf b/vsphere/vsphere.tf
@@ -13,7 +13,7 @@ provider "vsphere" {
   user           = "${var.vsphere_user}"
   password       = "${var.vsphere_password}"
 
-  allow_unverified_ssl = true
+  allow_unverified_ssl = "${var.allow_unverified_ssl}"
 }
 
 # Enable the GZIP Provider
@@ -25,11 +25,12 @@ data "template_file" "cloud_conf" {
   template = "${file( "${ path.module}/cloud.conf" )}"
 
   vars {
-    vsphere_user       = "${var.vsphere_user}"
-    vsphere_server     = "${var.vsphere_server}"
-    vsphere_password   = "${var.vsphere_password}"
-    vsphere_datacenter = "${var.datacenter}"
-    vsphere_datastore  = "${var.datastore_name}"
-    vsphere_vm_folder  = "${var.vm_folder}"
+    vsphere_user         = "${var.vsphere_user}"
+    vsphere_server       = "${var.vsphere_server}"
+    vsphere_password     = "${var.vsphere_password}"
+    vsphere_datacenter   = "${var.datacenter}"
+    vsphere_datastore    = "${var.datastore_name}"
+    vsphere_vm_folder    = "${var.vm_folder}"
+    allow_unverified_ssl = "${var.allow_unverified_ssl ? 1 : 0}"
   }
 }