feat: Add options to skip TLS validation

Signed-off-by: Federico Barcelona <fede_rico_94@hotmail.com>
sysdiglabs · May 11, 2020 · 23b1e07 · 23b1e07
1 parent 7832e1b
commit 23b1e07
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 4 deletions.
diff --git a/sysdig/monitor/client.go b/sysdig/monitor/client.go
@@ -1,6 +1,7 @@
 package monitor
 
 import (
+	"crypto/tls"
 	"io"
 	"net/http"
 )
@@ -12,11 +13,17 @@ type SysdigMonitorClient interface {
 	GetAlertById(int) (Alert, error)
 }
 
-func NewSysdigMonitorClient(apiToken string, url string) SysdigMonitorClient {
+func NewSysdigMonitorClient(apiToken string, url string, insecure bool) SysdigMonitorClient {
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure},
+		},
+	}
+
 	return &sysdigMonitorClient{
 		SysdigMonitorAPIToken: apiToken,
 		URL:                   url,
-		httpClient:            http.DefaultClient,
+		httpClient:            httpClient,
 	}
 }
 

diff --git a/sysdig/provider.go b/sysdig/provider.go
@@ -19,6 +19,11 @@ func Provider() terraform.ResourceProvider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_SECURE_URL", "https://secure.sysdig.com"),
 			},
+			"sysdig_secure_insecure_tls": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_SECURE_INSECURE_TLS", false),
+			},
 			"sysdig_monitor_api_token": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -30,6 +35,11 @@ func Provider() terraform.ResourceProvider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_MONITOR_URL", "https://app.sysdigcloud.com"),
 			},
+			"sysdig_monitor_insecure_tls": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("SYSDIG_MONITOR_INSECURE_TLS", false),
+			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"sysdig_user": resourceSysdigUser(),

diff --git a/sysdig/secure/client.go b/sysdig/secure/client.go
@@ -1,6 +1,7 @@
 package secure
 
 import (
+	"crypto/tls"
 	"io"
 	"log"
 	"net/http"
@@ -45,11 +46,17 @@ type SysdigSecureClient interface {
 	UpdateMacro(Macro) (Macro, error)
 }
 
-func NewSysdigSecureClient(sysdigSecureAPIToken string, url string) SysdigSecureClient {
+func NewSysdigSecureClient(sysdigSecureAPIToken string, url string, insecure bool) SysdigSecureClient {
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure},
+		},
+	}
+
 	return &sysdigSecureClient{
 		SysdigSecureAPIToken: sysdigSecureAPIToken,
 		URL:                  url,
-		httpClient:           http.DefaultClient,
+		httpClient:           httpClient,
 	}
 }
 

diff --git a/sysdig/sysdig_clients.go b/sysdig/sysdig_clients.go
@@ -32,6 +32,7 @@ func (c *sysdigClients) sysdigMonitorClient() (m monitor.SysdigMonitorClient, er
 		c.monitorClient = monitor.NewSysdigMonitorClient(
 			monitorAPIToken,
 			c.d.Get("sysdig_monitor_url").(string),
+			c.d.Get("sysdig_monitor_insecure_tls").(bool),
 		)
 	})
 
@@ -49,6 +50,7 @@ func (c *sysdigClients) sysdigSecureClient() (s secure.SysdigSecureClient, err e
 		c.secureClient = secure.NewSysdigSecureClient(
 			secureAPIToken,
 			c.d.Get("sysdig_secure_url").(string),
+			c.d.Get("sysdig_secure_insecure_tls").(bool),
 		)
 	})