Allow insecure TLS connections (ie. self-signed)

vatesfr / terraform-provider-xenorchestra

Xen Orchestra provider for Terraform

MIT License

150 stars 32 forks source link

Allow insecure TLS connections (ie. self-signed) #102

Closed michaelkoetter closed 3 years ago

michaelkoetter commented 3 years ago

I'm running XO from the sources with a self-signed certificate. This leads to the following error:

$ export XOA_URL=wss://192.168.30.36
$ terraform apply         

Error: x509: certificate signed by unknown authority

  on providers.tf line 10, in provider "xenorchestra":
  10: provider "xenorchestra" {

I know I could probably add the self-signed CA to some system store to make it work ... :smiley: But it would be much easier to have an "insecure" flag like most other TLS tools, which would basically skip certificate validation.

ddelnano commented 3 years ago

@michaelkoetter appreciate the feedback. I think this should be configured through an environment variable or the provider configuration (provider.tf) since terraform launches the provider and so there isn't an opportunity to pass an "insecure" flag.

michaelkoetter commented 3 years ago

Maybe something like this?

# Configure the XenServer Provider
provider "xenorchestra" {
  # Must be ws or wss
  url      = "ws://hostname-of-server" # Or set XOA_URL environment variable
  username = "<username>"              # Or set XOA_USER environment variable
  password = "<password>"              # Or set XOA_PASSWORD environment variable

  insecure = <true|false> # or set XOA_INSECURE
}

ddelnano commented 3 years ago

yep, would that work for your use case?

michaelkoetter commented 3 years ago

yes that would be perfect :)

ddelnano commented 3 years ago

This will be released in v0.12.0