search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.36k stars 1.74k forks source link

Support to use the Terraform provider in `insecure` mode #39004

Open philip-teleport opened 6 months ago

philip-teleport commented 6 months ago

What would you like Teleport to do?

Add support to use the Terraform provider in insecure mode so that it can be run against test Teleport clusters that use self-signed TLS certificates.

Other Terraform providers provide this configuration option insecure: true/false which is not currently available here.

What problem does this solve?

Using the Terraform provider with an insecure cluster throws errors: tls: failed to verify certificate: x509: certificate signed by unknown authority

If a workaround exists, please include it.

N/A

hugoShaka commented 3 months ago

The workaround is to set SSL_CERT_FILE=<path ot the private CA or self-signed cert> before running the Terraform provider. This is better than --insecure as Terraform only trusts this specific private CA/self-signed cert and will reject other servers.

This workaround should be documented in the TF provider docs.