-support optional insecure TLS proxmox nodes

-restore previous ssh key behavior (works in 0.11.x)
wearespindle · Jul 10, 2018 · ac80ff2 · ac80ff2
1 parent d200edd
commit ac80ff2
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@ terraform apply
 main.tf:
 ```
 provider "proxmox" {
+	pm_tls_insecure = true
 }
 
 resource "proxmox_vm_qemu" "test" {

diff --git a/proxmox/provider.go b/proxmox/provider.go
@@ -1,6 +1,7 @@
 package proxmox
 
 import (
+	"crypto/tls"
 	"fmt"
 	"regexp"
 	"strconv"
@@ -47,6 +48,11 @@ func Provider() *schema.Provider {
 				Optional: true,
 				Default:  4,
 			},
+			"pm_tls_insecure": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -61,7 +67,7 @@ func Provider() *schema.Provider {
 }
 
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
-	client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string))
+	client, err := getClient(d.Get("pm_api_url").(string), d.Get("pm_user").(string), d.Get("pm_password").(string), d.Get("pm_tls_insecure").(bool))
 	if err != nil {
 		return nil, err
 	}
@@ -76,8 +82,12 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	}, nil
 }
 
-func getClient(pm_api_url string, pm_user string, pm_password string) (*pxapi.Client, error) {
-	client, _ := pxapi.NewClient(pm_api_url, nil, nil)
+func getClient(pm_api_url string, pm_user string, pm_password string, pm_tls_insecure bool) (*pxapi.Client, error) {
+	tlsconf := &tls.Config{InsecureSkipVerify: true}
+	if !pm_tls_insecure {
+		tlsconf = nil
+	}
+	client, _ := pxapi.NewClient(pm_api_url, nil, tlsconf)
 	err := client.Login(pm_user, pm_password)
 	if err != nil {
 		return nil, err

diff --git a/proxmox/provisioner.go b/proxmox/provisioner.go
@@ -44,7 +44,7 @@ func applyFn(ctx context.Context) error {
 	vmr.SetNode(targetNode)
 	client := currentClient
 	if client == nil {
-		client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"])
+		client, err = getClient(connInfo["pm_api_url"], connInfo["pm_user"], connInfo["pm_password"], connInfo["pm_tls_insecure"] == "true")
 		if err != nil {
 			return err
 		}

diff --git a/proxmox/resource_vm_qemu.go b/proxmox/resource_vm_qemu.go
@@ -111,9 +111,6 @@ func resourceVmQemu() *schema.Resource {
 				Optional:  true,
 				Sensitive: true,
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
-					if old == "" {
-						return true
-					}
 					return strings.TrimSpace(old) == strings.TrimSpace(new)
 				},
 			},
@@ -244,14 +241,15 @@ func resourceVmQemuCreate(d *schema.ResourceData, meta interface{}) error {
 	pmParallelEnd(pconf)
 
 	d.SetConnInfo(map[string]string{
-		"type":        "ssh",
-		"host":        d.Get("ssh_forward_ip").(string),
-		"port":        sshPort,
-		"user":        d.Get("ssh_user").(string),
-		"private_key": d.Get("ssh_private_key").(string),
-		"pm_api_url":  client.ApiUrl,
-		"pm_user":     client.Username,
-		"pm_password": client.Password,
+		"type":            "ssh",
+		"host":            d.Get("ssh_forward_ip").(string),
+		"port":            sshPort,
+		"user":            d.Get("ssh_user").(string),
+		"private_key":     d.Get("ssh_private_key").(string),
+		"pm_api_url":      client.ApiUrl,
+		"pm_user":         client.Username,
+		"pm_password":     client.Password,
+		"pm_tls_insecure": "true", // TODO - pass pm_tls_insecure state around, but if we made it this far, default insecure
 	})
 
 	switch d.Get("os_type").(string) {