diff --git a/builder/openstack/access_config.go b/builder/openstack/access_config.go index 151288679..475b859d7 100644 --- a/builder/openstack/access_config.go +++ b/builder/openstack/access_config.go @@ -1,6 +1,7 @@ package openstack import ( + "crypto/tls" "fmt" "github.com/mitchellh/packer/common" "github.com/mitchellh/packer/packer" @@ -21,6 +22,7 @@ type AccessConfig struct { RawRegion string `mapstructure:"region"` ProxyUrl string `mapstructure:"proxy_url"` TenantId string `mapstructure:"tenant_id"` + Insecure bool `mapstructure:"insecure"` } // Auth returns a valid Auth object for access to openstack services, or @@ -51,6 +53,14 @@ func (c *AccessConfig) Auth() (gophercloud.AccessProvider, error) { Password: c.Password, } + default_transport := &http.Transport{} + + if c.Insecure { + cfg := new(tls.Config) + cfg.InsecureSkipVerify = true + default_transport.TLSClientConfig = cfg + } + // For corporate networks it may be the case where we want our API calls // to be sent through a separate HTTP proxy than external traffic. if c.ProxyUrl != "" { @@ -61,7 +71,11 @@ func (c *AccessConfig) Auth() (gophercloud.AccessProvider, error) { // The gophercloud.Context has a UseCustomClient method which // would allow us to override with a new instance of http.Client. - http.DefaultTransport = &http.Transport{Proxy: http.ProxyURL(url)} + default_transport.Proxy = http.ProxyURL(url) + } + + if c.Insecure || c.ProxyUrl != "" { + http.DefaultTransport = default_transport } return gophercloud.Authenticate(c.Provider, authoptions) diff --git a/website/source/docs/builders/openstack.html.markdown b/website/source/docs/builders/openstack.html.markdown index d4ca59a81..130c7a7d9 100644 --- a/website/source/docs/builders/openstack.html.markdown +++ b/website/source/docs/builders/openstack.html.markdown @@ -66,6 +66,9 @@ each category, the available configuration keys are alphabetized. to allocate a floating IP. `use_floating_ip` must also be set to true for this to have an affect. +* `insecure` (boolean) - Whether or not the connection to OpenStack can be done + over an insecure connection. By default this is false. + * `openstack_provider` (string)