Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI config "host" block not documented #20453

Open
rmb938 opened this issue Feb 23, 2019 · 4 comments
Open

CLI config "host" block not documented #20453

rmb938 opened this issue Feb 23, 2019 · 4 comments
Labels
cli documentation

Comments

@rmb938
Copy link

rmb938 commented Feb 23, 2019
edited

Current Terraform Version

Terraform v0.11.11

Use-cases

I am developing a private module registry and I hit a road block. It seems that module registries are forced to use HTTPS which means for local development I need to use a certificate.

So I generated my own root ca and cert for the registry server to use however there is no way to tell terraform that the certificate is valid.

I can add the CA to my system certificates, however this cert is just for local development so I rather not have to pollute my system certs with an insecure certificate authority.

Attempted Solutions

Go reads the environment variable SSL_CERT_DIR for certificates, however this overrides the systems default which isn't ideal.

Proposal

Add a TF_REGISTRY_CA environment variable or a insecure = true to the module definitions
@apparentlymart
Copy link
Member

Hi @rmb938,

The TLS requirement is only for the discovery protocol, so for development purposes you can temporarily add a local override via a CLI config file:

host "your.hostname.example.com" {
  services = {
    "modules.v1": "your API root",
  }
}

I'm not sure why the docs for this are missing from the CLI config page, but a block like the above will cause Terraform to skip network-based discovery for the given hostname and use the inline service map instead. This is how we work on the main Terraform Registry and on the client for it in the Terraform code.

@rmb938
Copy link
Author

rmb938 commented Feb 24, 2019

Ah perfect that did it. Thanks!

@apparentlymart apparentlymart changed the title Private Module Registry certificate authority CLI config "host" block not documented Feb 25, 2019
@apparentlymart
Copy link
Member

Thanks for confirming, @rmb938!

I've renamed and relabeled this to represent adding some documentation for this. We'll need to think a little about where is best to document it, since we usually keep developer-focused documentation separate from user-focused documentation, but in this case we should at least have a link from the CLI Config reference page to wherever we write this out in full so that the CLI config reference has full coverage of all arguments and blocks that could potentially appear in a CLI config file.

@adeniyistephen
Copy link

@apparentlymart Hi, has this issue been documented yet? if not kindly provide input and pointers I will like to work on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cli documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@apparentlymart @rmb938 @adeniyistephen