Merge pull request #881 from dazoakley/insecure-tls

Add the option to ignore TLS certificate errors when calling the PD API.
PagerDuty · Jun 14, 2024 · befe18a · befe18a
2 parents b15708d + d0bac8b
commit befe18a
Show file tree

Hide file tree

Showing 7 changed files with 64 additions and 3 deletions.
diff --git a/pagerduty/config.go b/pagerduty/config.go
@@ -1,6 +1,7 @@
 package pagerduty
 
 import (
+ "crypto/tls"
  "fmt"
  "log"
  "net/http"
@@ -37,6 +38,9 @@ type Config struct {
  // UserAgent for API Client
  UserAgent string
 
+ // Do not verify TLS certs for HTTPS requests - useful if you're behind a corporate proxy
+ InsecureTls bool
+
  APITokenType *pagerduty.AuthTokenType
 
  AppOauthScopedTokenParams *persistentconfig.AppOauthScopedTokenParams
@@ -72,7 +76,12 @@ func (c *Config) Client() (*pagerduty.Client, error) {
  var httpClient *http.Client
  httpClient = http.DefaultClient
  httpClient.Timeout = 1 * time.Minute
- httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport)
+
+ transport := http.DefaultTransport.(*http.Transport).Clone()
+ if c.InsecureTls {
+ transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+ }
+ httpClient.Transport = logging.NewTransport("PagerDuty", transport)
 
  apiUrl := c.ApiUrl
  if c.ApiUrlOverride != "" {
@@ -125,7 +134,12 @@ func (c *Config) SlackClient() (*pagerduty.Client, error) {
 
  var httpClient *http.Client
  httpClient = http.DefaultClient
- httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport)
+
+ transport := http.DefaultTransport.(*http.Transport).Clone()
+ if c.InsecureTls {
+ transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+ }
+ httpClient.Transport = logging.NewTransport("PagerDuty", transport)
 
  config := &pagerduty.Config{
  BaseURL: c.AppUrl,

diff --git a/pagerduty/config_test.go b/pagerduty/config_test.go
@@ -65,3 +65,16 @@ func TestConfigCustomAppUrl(t *testing.T) {
  t.Fatalf("error: expected the client to not fail: %v", err)
  }
 }
+
+// Test config with InsecureTls setting
+func TestConfigInsecureTls(t *testing.T) {
+ config := Config{
+ Token: "foo",
+ InsecureTls: true,
+ SkipCredsValidation: true,
+ }
+
+ if _, err := config.Client(); err != nil {
+ t.Fatalf("error: expected the client to not fail: %v", err)
+ }
+}
diff --git a/pagerduty/provider.go b/pagerduty/provider.go
@@ -77,6 +77,12 @@ func Provider(isMux bool) *schema.Provider {
  Optional: true,
  Default: "",
  },
+
+ "insecure_tls": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ },
  },
 
  DataSourcesMap: map[string]*schema.Resource{
@@ -230,6 +236,7 @@ func providerConfigureContextFunc(_ context.Context, data *schema.ResourceData,
  UserAgent: fmt.Sprintf("(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, terraformVersion),
  ApiUrlOverride: data.Get("api_url_override").(string),
  ServiceRegion: serviceRegion,
+ InsecureTls: data.Get("insecure_tls").(bool),
  }
 
  useAuthTokenType := pagerduty.AuthTokenTypeAPIToken

diff --git a/pagerdutyplugin/config.go b/pagerdutyplugin/config.go
@@ -2,6 +2,7 @@ package pagerduty
 
 import (
  "context"
+ "crypto/tls"
  "fmt"
  "log"
  "net/http"
@@ -44,6 +45,9 @@ type Config struct {
  // Region where the server of the service is deployed
  ServiceRegion string
 
+ // Do not verify TLS certs for HTTPS requests - useful if you're behind a corporate proxy
+ InsecureTls bool
+
  // Parameters for fine-grained access control
  AppOauthScopedToken *AppOauthScopedToken
 
@@ -73,7 +77,12 @@ func (c *Config) Client(ctx context.Context) (*pagerduty.Client, error) {
 
  httpClient := http.DefaultClient
  httpClient.Timeout = 1 * time.Minute
- httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport)
+
+ transport := http.DefaultTransport.(*http.Transport).Clone()
+ if c.InsecureTls {
+ transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+ }
+ httpClient.Transport = logging.NewTransport("PagerDuty", transport)
 
  apiURL := c.APIURL
  if c.APIURLOverride != "" {

diff --git a/pagerdutyplugin/config_test.go b/pagerdutyplugin/config_test.go
@@ -66,3 +66,16 @@ func TestConfigCustomAppUrl(t *testing.T) {
  t.Fatalf("error: expected the client to not fail: %v", err)
  }
 }
+
+// Test config with InsecureTls
+func TestConfigInsecureTls(t *testing.T) {
+ config := Config{
+ Token: "foo",
+ InsecureTls: true,
+ SkipCredsValidation: true,
+ }
+
+ if _, err := config.Client(context.Background()); err != nil {
+ t.Fatalf("error: expected the client to not fail: %v", err)
+ }
+}
diff --git a/pagerdutyplugin/provider.go b/pagerdutyplugin/provider.go
@@ -42,6 +42,7 @@ func (p *Provider) Schema(_ context.Context, _ provider.SchemaRequest, resp *pro
  "skip_credentials_validation": schema.BoolAttribute{Optional: true},
  "token": schema.StringAttribute{Optional: true},
  "user_token": schema.StringAttribute{Optional: true},
+ "insecure_tls": schema.BoolAttribute{Optional: true},
  },
  Blocks: map[string]schema.Block{
  "use_app_oauth_scoped_token": useAppOauthScopedTokenBlock,
@@ -101,6 +102,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest,
  }
 
  skipCredentialsValidation := args.SkipCredentialsValidation.Equal(types.BoolValue(true))
+ insecureTls := args.InsecureTls.Equal(types.BoolValue(true))
 
  config := Config{
  APIURL: "https://api." + regionAPIURL + "pagerduty.com",
@@ -111,6 +113,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest,
  TerraformVersion: req.TerraformVersion,
  APIURLOverride: args.APIURLOverride.ValueString(),
  ServiceRegion: serviceRegion,
+ InsecureTls: insecureTls,
  }
 
  if !args.UseAppOauthScopedToken.IsNull() {
@@ -194,6 +197,7 @@ type providerArguments struct {
  ServiceRegion types.String `tfsdk:"service_region"`
  APIURLOverride types.String `tfsdk:"api_url_override"`
  UseAppOauthScopedToken types.List `tfsdk:"use_app_oauth_scoped_token"`
+ InsecureTls types.Bool `tfsdk:"insecure_tls"`
 }
 
 type SchemaGetter interface {

diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -58,6 +58,7 @@ The following arguments are supported:
 * `skip_credentials_validation` - (Optional) Skip validation of the token against the PagerDuty API.
 * `service_region` - (Optional) The PagerDuty service region to use. Default to empty (uses US region). Supported value: `eu`. This setting also affects configuration of `use_app_oauth_scoped_token` for setting Region of *App Oauth token credentials*. It can also be sourced from the `PAGERDUTY_SERVICE_REGION` environment variable.
 * `api_url_override` - (Optional) It can be used to set a custom proxy endpoint as PagerDuty client api url overriding `service_region` setup.
+* `insecure_tls` - (Optional) Can be used to disable TLS certificate checking when calling the PagerDuty API. This can be useful if you're behind a corporate proxy.
 
 The `use_app_oauth_scoped_token` block contains the following arguments: