From d0bac8bc48d35be7578a1bae02e9d36243752bf1 Mon Sep 17 00:00:00 2001 From: Darren Oakley Date: Thu, 13 Jun 2024 12:05:26 +0100 Subject: [PATCH] Add the option to ignore TLS certificate errors when calling the PD API. This is useful when you're behind a corporate proxy that messes with with the certificates... --- pagerduty/config.go | 18 ++++++++++++++++-- pagerduty/config_test.go | 13 +++++++++++++ pagerduty/provider.go | 7 +++++++ pagerdutyplugin/config.go | 11 ++++++++++- pagerdutyplugin/config_test.go | 13 +++++++++++++ pagerdutyplugin/provider.go | 4 ++++ website/docs/index.html.markdown | 1 + 7 files changed, 64 insertions(+), 3 deletions(-) diff --git a/pagerduty/config.go b/pagerduty/config.go index 2c1aa54fe..a508271ee 100644 --- a/pagerduty/config.go +++ b/pagerduty/config.go @@ -1,6 +1,7 @@ package pagerduty import ( + "crypto/tls" "fmt" "log" "net/http" @@ -37,6 +38,9 @@ type Config struct { // UserAgent for API Client UserAgent string + // Do not verify TLS certs for HTTPS requests - useful if you're behind a corporate proxy + InsecureTls bool + APITokenType *pagerduty.AuthTokenType AppOauthScopedTokenParams *persistentconfig.AppOauthScopedTokenParams @@ -72,7 +76,12 @@ func (c *Config) Client() (*pagerduty.Client, error) { var httpClient *http.Client httpClient = http.DefaultClient httpClient.Timeout = 1 * time.Minute - httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport) + + transport := http.DefaultTransport.(*http.Transport).Clone() + if c.InsecureTls { + transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + } + httpClient.Transport = logging.NewTransport("PagerDuty", transport) apiUrl := c.ApiUrl if c.ApiUrlOverride != "" { @@ -125,7 +134,12 @@ func (c *Config) SlackClient() (*pagerduty.Client, error) { var httpClient *http.Client httpClient = http.DefaultClient - httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport) + + transport := http.DefaultTransport.(*http.Transport).Clone() + if c.InsecureTls { + transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + } + httpClient.Transport = logging.NewTransport("PagerDuty", transport) config := &pagerduty.Config{ BaseURL: c.AppUrl, diff --git a/pagerduty/config_test.go b/pagerduty/config_test.go index 408a629a1..a36a73316 100644 --- a/pagerduty/config_test.go +++ b/pagerduty/config_test.go @@ -65,3 +65,16 @@ func TestConfigCustomAppUrl(t *testing.T) { t.Fatalf("error: expected the client to not fail: %v", err) } } + +// Test config with InsecureTls setting +func TestConfigInsecureTls(t *testing.T) { + config := Config{ + Token: "foo", + InsecureTls: true, + SkipCredsValidation: true, + } + + if _, err := config.Client(); err != nil { + t.Fatalf("error: expected the client to not fail: %v", err) + } +} diff --git a/pagerduty/provider.go b/pagerduty/provider.go index d0c38576b..dd402082b 100644 --- a/pagerduty/provider.go +++ b/pagerduty/provider.go @@ -77,6 +77,12 @@ func Provider(isMux bool) *schema.Provider { Optional: true, Default: "", }, + + "insecure_tls": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, DataSourcesMap: map[string]*schema.Resource{ @@ -228,6 +234,7 @@ func providerConfigureContextFunc(_ context.Context, data *schema.ResourceData, UserAgent: fmt.Sprintf("(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, terraformVersion), ApiUrlOverride: data.Get("api_url_override").(string), ServiceRegion: serviceRegion, + InsecureTls: data.Get("insecure_tls").(bool), } useAuthTokenType := pagerduty.AuthTokenTypeAPIToken diff --git a/pagerdutyplugin/config.go b/pagerdutyplugin/config.go index 48b05a470..9d104e0fc 100644 --- a/pagerdutyplugin/config.go +++ b/pagerdutyplugin/config.go @@ -2,6 +2,7 @@ package pagerduty import ( "context" + "crypto/tls" "fmt" "log" "net/http" @@ -44,6 +45,9 @@ type Config struct { // Region where the server of the service is deployed ServiceRegion string + // Do not verify TLS certs for HTTPS requests - useful if you're behind a corporate proxy + InsecureTls bool + // Parameters for fine-grained access control AppOauthScopedToken *AppOauthScopedToken @@ -73,7 +77,12 @@ func (c *Config) Client(ctx context.Context) (*pagerduty.Client, error) { httpClient := http.DefaultClient httpClient.Timeout = 1 * time.Minute - httpClient.Transport = logging.NewTransport("PagerDuty", http.DefaultTransport) + + transport := http.DefaultTransport.(*http.Transport).Clone() + if c.InsecureTls { + transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + } + httpClient.Transport = logging.NewTransport("PagerDuty", transport) apiUrl := c.ApiUrl if c.ApiUrlOverride != "" { diff --git a/pagerdutyplugin/config_test.go b/pagerdutyplugin/config_test.go index e199dbcb6..480f5aae6 100644 --- a/pagerdutyplugin/config_test.go +++ b/pagerdutyplugin/config_test.go @@ -66,3 +66,16 @@ func TestConfigCustomAppUrl(t *testing.T) { t.Fatalf("error: expected the client to not fail: %v", err) } } + +// Test config with InsecureTls +func TestConfigInsecureTls(t *testing.T) { + config := Config{ + Token: "foo", + InsecureTls: true, + SkipCredsValidation: true, + } + + if _, err := config.Client(context.Background()); err != nil { + t.Fatalf("error: expected the client to not fail: %v", err) + } +} diff --git a/pagerdutyplugin/provider.go b/pagerdutyplugin/provider.go index dfdd448b0..1fd4087fb 100644 --- a/pagerdutyplugin/provider.go +++ b/pagerdutyplugin/provider.go @@ -42,6 +42,7 @@ func (p *Provider) Schema(ctx context.Context, req provider.SchemaRequest, resp "skip_credentials_validation": schema.BoolAttribute{Optional: true}, "token": schema.StringAttribute{Optional: true}, "user_token": schema.StringAttribute{Optional: true}, + "insecure_tls": schema.BoolAttribute{Optional: true}, }, Blocks: map[string]schema.Block{ "use_app_oauth_scoped_token": useAppOauthScopedTokenBlock, @@ -99,6 +100,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest, } skipCredentialsValidation := args.SkipCredentialsValidation.Equal(types.BoolValue(true)) + insecureTls := args.InsecureTls.Equal(types.BoolValue(true)) config := Config{ ApiUrl: "https://api." + regionApiUrl + "pagerduty.com", @@ -109,6 +111,7 @@ func (p *Provider) Configure(ctx context.Context, req provider.ConfigureRequest, TerraformVersion: req.TerraformVersion, ApiUrlOverride: args.ApiUrlOverride.ValueString(), ServiceRegion: serviceRegion, + InsecureTls: insecureTls, } if !args.UseAppOauthScopedToken.IsNull() { @@ -192,6 +195,7 @@ type providerArguments struct { ServiceRegion types.String `tfsdk:"service_region"` ApiUrlOverride types.String `tfsdk:"api_url_override"` UseAppOauthScopedToken types.List `tfsdk:"use_app_oauth_scoped_token"` + InsecureTls types.Bool `tfsdk:"insecure_tls"` } type SchemaGetter interface { diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index d05c38f0d..3384216a0 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -58,6 +58,7 @@ The following arguments are supported: * `skip_credentials_validation` - (Optional) Skip validation of the token against the PagerDuty API. * `service_region` - (Optional) The PagerDuty service region to use. Default to empty (uses US region). Supported value: `eu`. This setting also affects configuration of `use_app_oauth_scoped_token` for setting Region of *App Oauth token credentials*. It can also be sourced from the `PAGERDUTY_SERVICE_REGION` environment variable. * `api_url_override` - (Optional) It can be used to set a custom proxy endpoint as PagerDuty client api url overriding `service_region` setup. +* `insecure_tls` - (Optional) Can be used to disable TLS certificate checking when calling the PagerDuty API. This can be useful if you're behind a corporate proxy. The `use_app_oauth_scoped_token` block contains the following arguments: