Enhancement: (a) log certificate-issues as certificate-issue (b) allow ssl-insecure-mode

[heitmanr]

System Information

When using a (lab-)firewall with "self-signed"-certificate, you'll end up in:

• Error: Failed to connect to OPNSense

c:\ terraform plan
...
╷
│ Error: Failed to connect to OPNSense
│
│   with module.vcenter-t.provider["registry.terraform.io/gxben/opnsense"],
│   on ..\#modules\vsphere-vcenter\42-vcenter-static-dhcp-ip.tf line 2, in provider "opnsense":
│    2: provider "opnsense" {
│
╵
╷
│ Error: Failed to connect to OPNSense
│
│   with module.vcenter-v.provider["registry.terraform.io/gxben/opnsense"],
│   on ..\#modules\vsphere-vcenter\42-vcenter-static-dhcp-ip.tf line 2, in provider "opnsense":
│    2: provider "opnsense" {
│

Versions

C:\ >terraform version
Terraform v1.1.4
on windows_amd64
+ provider registry.terraform.io/gxben/opnsense v0.3.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0
+ provider registry.terraform.io/hashicorp/time v0.7.2
+ provider registry.terraform.io/hashicorp/vsphere v2.0.2

Description of Issue/Question

Troubleshooting using Wireshark shows "TCP 3way-handshake". Audit-Log in OPNSense is empty

Educated guess leads to certificates.

Enhancement

A switch to disable the ssl-certificate-security-stuff would be great.

For example

provider "opnsense" {
  uri      = var.opnsense_connection.firewall
  user     = "terraform"
  password = "TerraF0rm"

 # If you have a self-signed cert
  allow_unverified_ssl = true
}

A error-message leading to the real-issue would be great, too.

[flexarts]

Hi @heitmanr, I created a pull request for support of "allow_unverified_ssl" flag here: see https://github.com/gxben/terraform-provider-opnsense/pull/4 Kind regards, Dominic

[Yukics]

Would be nice to be merged