From 80c1ebbb66dd9e79a6ef23040230bf13c337015b Mon Sep 17 00:00:00 2001 From: magodo Date: Wed, 26 Apr 2023 09:30:10 +0800 Subject: [PATCH] New provider option: `tls_insecure_skip_verify` (#58) --- docs/index.md | 1 + internal/client/build_option.go | 2 ++ internal/client/client.go | 3 +++ internal/provider/provider.go | 26 +++++++++++++++++--------- 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/docs/index.md b/docs/index.md index df38982..e45db74 100644 --- a/docs/index.md +++ b/docs/index.md @@ -125,6 +125,7 @@ provider "restful" { - `merge_patch_disabled` (Boolean) Whether to use a JSON Merge Patch as the request body in the PATCH update? Defaults to `false`. This is only effective when `update_method` is set to `PATCH`. - `query` (Map of List of String) The query parameters that are applied to each request. - `security` (Attributes) The OpenAPI security scheme that is be used for auth. Only one of `http`, `apikey` and `oauth2` can be specified. (see [below for nested schema](#nestedatt--security)) +- `tls_insecure_skip_verify` (Boolean) Whether a client verifies the server's certificate chain and host name. Defaults to `false`. - `update_method` (String) The method used to update the resource. Possible values are `PUT` and `PATCH`. Defaults to `PUT`. diff --git a/internal/client/build_option.go b/internal/client/build_option.go index f20f3c7..28ea747 100644 --- a/internal/client/build_option.go +++ b/internal/client/build_option.go @@ -2,6 +2,7 @@ package client import ( "context" + "crypto/tls" "net/http" "time" @@ -13,6 +14,7 @@ import ( type BuildOption struct { Security securityOption CookieEnabled bool + TLSConfig tls.Config } type securityOption interface { diff --git a/internal/client/client.go b/internal/client/client.go index 8dc92f1..747ba15 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -91,11 +91,14 @@ func New(ctx context.Context, baseURL string, opt *BuildOption) (*Client, error) client.SetCookieJar(nil) } + client.SetTLSClientConfig(&opt.TLSConfig) + if _, err := url.Parse(baseURL); err != nil { return nil, err } client.SetBaseURL(baseURL) + return &Client{client}, nil } diff --git a/internal/provider/provider.go b/internal/provider/provider.go index d7e22e2..90142e3 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -36,15 +36,16 @@ type providerData struct { } type providerConfig struct { - BaseURL types.String `tfsdk:"base_url"` - Security types.Object `tfsdk:"security"` - CreateMethod types.String `tfsdk:"create_method"` - UpdateMethod types.String `tfsdk:"update_method"` - DeleteMethod types.String `tfsdk:"delete_method"` - MergePatchDisabled types.Bool `tfsdk:"merge_patch_disabled"` - Query types.Map `tfsdk:"query"` - Header types.Map `tfsdk:"header"` - CookieEnabled types.Bool `tfsdk:"cookie_enabled"` + BaseURL types.String `tfsdk:"base_url"` + Security types.Object `tfsdk:"security"` + CreateMethod types.String `tfsdk:"create_method"` + UpdateMethod types.String `tfsdk:"update_method"` + DeleteMethod types.String `tfsdk:"delete_method"` + MergePatchDisabled types.Bool `tfsdk:"merge_patch_disabled"` + Query types.Map `tfsdk:"query"` + Header types.Map `tfsdk:"header"` + CookieEnabled types.Bool `tfsdk:"cookie_enabled"` + TlsInsecureSkipVerify types.Bool `tfsdk:"tls_insecure_skip_verify"` } type securityData struct { @@ -481,6 +482,11 @@ func (*Provider) Schema(ctx context.Context, req provider.SchemaRequest, resp *p MarkdownDescription: "Save cookies during API contracting. Defaults to `false`.", Optional: true, }, + "tls_insecure_skip_verify": schema.BoolAttribute{ + Description: "Whether a client verifies the server's certificate chain and host name. Defaults to `false`.", + MarkdownDescription: "Whether a client verifies the server's certificate chain and host name. Defaults to `false`.", + Optional: true, + }, }, } } @@ -508,6 +514,8 @@ func (p *Provider) Init(ctx context.Context, config providerConfig) diag.Diagnos CookieEnabled: config.CookieEnabled.ValueBool(), } + clientOpt.TLSConfig.InsecureSkipVerify = config.TlsInsecureSkipVerify.ValueBool() + if secRaw := config.Security; !secRaw.IsNull() { var sec securityData if diags := secRaw.As(ctx, &sec, basetypes.ObjectAsOptions{}); diags.HasError() {