Skip to content

Commit

Permalink
Merge pull request #881 from dazoakley/insecure-tls
Browse files Browse the repository at this point in the history
Add the option to ignore TLS certificate errors when calling the PD API.
  • Loading branch information
imjaroiswebdev authored Jun 14, 2024
2 parents b15708d + d0bac8b commit befe18a
Show file tree
Hide file tree
Showing 7 changed files with 64 additions and 3 deletions.
18 changes: 16 additions & 2 deletions pagerduty/config.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package pagerduty

import (
"crypto/tls"
"fmt"
"log"
"net/http"
Expand Down Expand Up @@ -37,6 +38,9 @@ type Config struct {
// UserAgent for API Client
UserAgent string

// Do not verify TLS certs for HTTPS requests - useful if you're behind a corporate proxy
InsecureTls bool

APITokenType *pagerduty.AuthTokenType

AppOauthScopedTokenParams *persistentconfig.AppOauthScopedTokenParams
Expand Down Expand Up @@ -72,7 +76,12 @@ func (c *Config) Client() (*pagerduty.Client, error) {
var httpClient *http.Client
httpClient = http.DefaultClient
httpClient.Timeout = 1 * time.Minute
httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport)

transport := http.DefaultTransport.(*http.Transport).Clone()
if c.InsecureTls {
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
httpClient.Transport = logging.NewTransport("PagerDuty", transport)

apiUrl := c.ApiUrl
if c.ApiUrlOverride != "" {
Expand Down Expand Up @@ -125,7 +134,12 @@ func (c *Config) SlackClient() (*pagerduty.Client, error) {

var httpClient *http.Client
httpClient = http.DefaultClient
httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport)

transport := http.DefaultTransport.(*http.Transport).Clone()
if c.InsecureTls {
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
httpClient.Transport = logging.NewTransport("PagerDuty", transport)

config := &pagerduty.Config{
BaseURL: c.AppUrl,
Expand Down
13 changes: 13 additions & 0 deletions pagerduty/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,16 @@ func TestConfigCustomAppUrl(t *testing.T) {
t.Fatalf("error: expected the client to not fail: %v", err)
}
}

// Test config with InsecureTls setting
func TestConfigInsecureTls(t *testing.T) {
config := Config{
Token: "foo",
InsecureTls: true,
SkipCredsValidation: true,
}

if _, err := config.Client(); err != nil {
t.Fatalf("error: expected the client to not fail: %v", err)
}
}
7 changes: 7 additions & 0 deletions pagerduty/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ func Provider(isMux bool) *schema.Provider {
Optional: true,
Default: "",
},

"insecure_tls": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
},

DataSourcesMap: map[string]*schema.Resource{
Expand Down Expand Up @@ -230,6 +236,7 @@ func providerConfigureContextFunc(_ context.Context, data *schema.ResourceData,
UserAgent: fmt.Sprintf("(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, terraformVersion),
ApiUrlOverride: data.Get("api_url_override").(string),
ServiceRegion: serviceRegion,
InsecureTls: data.Get("insecure_tls").(bool),
}

useAuthTokenType := pagerduty.AuthTokenTypeAPIToken
Expand Down
11 changes: 10 additions & 1 deletion pagerdutyplugin/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package pagerduty

import (
"context"
"crypto/tls"
"fmt"
"log"
"net/http"
Expand Down Expand Up @@ -44,6 +45,9 @@ type Config struct {
// Region where the server of the service is deployed
ServiceRegion string

// Do not verify TLS certs for HTTPS requests - useful if you're behind a corporate proxy
InsecureTls bool

// Parameters for fine-grained access control
AppOauthScopedToken *AppOauthScopedToken

Expand Down Expand Up @@ -73,7 +77,12 @@ func (c *Config) Client(ctx context.Context) (*pagerduty.Client, error) {

httpClient := http.DefaultClient
httpClient.Timeout = 1 * time.Minute
httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport)

transport := http.DefaultTransport.(*http.Transport).Clone()
if c.InsecureTls {
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
httpClient.Transport = logging.NewTransport("PagerDuty", transport)

apiURL := c.APIURL
if c.APIURLOverride != "" {
Expand Down
13 changes: 13 additions & 0 deletions pagerdutyplugin/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,16 @@ func TestConfigCustomAppUrl(t *testing.T) {
t.Fatalf("error: expected the client to not fail: %v", err)
}
}

// Test config with InsecureTls
func TestConfigInsecureTls(t *testing.T) {
config := Config{
Token: "foo",
InsecureTls: true,
SkipCredsValidation: true,
}

if _, err := config.Client(context.Background()); err != nil {
t.Fatalf("error: expected the client to not fail: %v", err)
}
}
4 changes: 4 additions & 0 deletions pagerdutyplugin/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ func (p *Provider) Schema(_ context.Context, _ provider.SchemaRequest, resp *pro
"skip_credentials_validation": schema.BoolAttribute{Optional: true},
"token": schema.StringAttribute{Optional: true},
"user_token": schema.StringAttribute{Optional: true},
"insecure_tls": schema.BoolAttribute{Optional: true},
},
Blocks: map[string]schema.Block{
"use_app_oauth_scoped_token": useAppOauthScopedTokenBlock,
Expand Down Expand Up @@ -101,6 +102,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest,
}

skipCredentialsValidation := args.SkipCredentialsValidation.Equal(types.BoolValue(true))
insecureTls := args.InsecureTls.Equal(types.BoolValue(true))

config := Config{
APIURL: "https://api." + regionAPIURL + "pagerduty.com",
Expand All @@ -111,6 +113,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest,
TerraformVersion: req.TerraformVersion,
APIURLOverride: args.APIURLOverride.ValueString(),
ServiceRegion: serviceRegion,
InsecureTls: insecureTls,
}

if !args.UseAppOauthScopedToken.IsNull() {
Expand Down Expand Up @@ -194,6 +197,7 @@ type providerArguments struct {
ServiceRegion types.String `tfsdk:"service_region"`
APIURLOverride types.String `tfsdk:"api_url_override"`
UseAppOauthScopedToken types.List `tfsdk:"use_app_oauth_scoped_token"`
InsecureTls types.Bool `tfsdk:"insecure_tls"`
}

type SchemaGetter interface {
Expand Down
1 change: 1 addition & 0 deletions website/docs/index.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ The following arguments are supported:
* `skip_credentials_validation` - (Optional) Skip validation of the token against the PagerDuty API.
* `service_region` - (Optional) The PagerDuty service region to use. Default to empty (uses US region). Supported value: `eu`. This setting also affects configuration of `use_app_oauth_scoped_token` for setting Region of *App Oauth token credentials*. It can also be sourced from the `PAGERDUTY_SERVICE_REGION` environment variable.
* `api_url_override` - (Optional) It can be used to set a custom proxy endpoint as PagerDuty client api url overriding `service_region` setup.
* `insecure_tls` - (Optional) Can be used to disable TLS certificate checking when calling the PagerDuty API. This can be useful if you're behind a corporate proxy.

The `use_app_oauth_scoped_token` block contains the following arguments:

Expand Down

0 comments on commit befe18a

Please sign in to comment.