Merge pull request #7377 from davividal/vagrant-cloud-disable-ssl-verify

Ignores SSL verification when on premise vagrant cloud
2019-03-06 14:24:42 -08:00 · 2019-03-06 14:24:42 -08:00 · a6d1d852bb
parent a7078a1f9b e3618bdedf
commit a6d1d852bb
4 changed files with 52 additions and 8 deletions
--- a/post-processor/vagrant-cloud/client.go
+++ b/post-processor/vagrant-cloud/client.go
@ -2,6 +2,7 @@ package vagrantcloud

 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@ -37,13 +38,20 @@ func (v VagrantCloudErrors) FormatErrors() string {
 	return strings.Join(errs, ". ")
 }

-func (v VagrantCloudClient) New(baseUrl string, token string) (*VagrantCloudClient, error) {
+func (v VagrantCloudClient) New(baseUrl string, token string, InsecureSkipTLSVerify bool) (*VagrantCloudClient, error) {
 	c := &VagrantCloudClient{
 		client:      commonhelper.HttpClientWithEnvironmentProxy(),
 		BaseURL:     baseUrl,
 		AccessToken: token,
 	}

+	if InsecureSkipTLSVerify {
+		transport := c.client.Transport.(*http.Transport)
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
 	return c, c.ValidateAuthentication()
 }

--- a/post-processor/vagrant-cloud/post-processor.go
+++ b/post-processor/vagrant-cloud/post-processor.go
@ -27,8 +27,9 @@ type Config struct {
 	VersionDescription string `mapstructure:"version_description"`
 	NoRelease          bool   `mapstructure:"no_release"`

-	AccessToken     string `mapstructure:"access_token"`
-	VagrantCloudUrl string `mapstructure:"vagrant_cloud_url"`
+	AccessToken           string `mapstructure:"access_token"`
+	VagrantCloudUrl       string `mapstructure:"vagrant_cloud_url"`
+	InsecureSkipTLSVerify bool   `mapstructure:"insecure_skip_tls_verify"`

 	BoxDownloadUrl string `mapstructure:"box_download_url"`

@ -41,10 +42,11 @@ type boxDownloadUrlTemplate struct {
 }

 type PostProcessor struct {
-	config         Config
-	client         *VagrantCloudClient
-	runner         multistep.Runner
-	warnAtlasToken bool
+	config                Config
+	client                *VagrantCloudClient
+	runner                multistep.Runner
+	warnAtlasToken        bool
+	insecureSkipTLSVerify bool
 }

 func (p *PostProcessor) Configure(raws ...interface{}) error {
@ -66,6 +68,8 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
 		p.config.VagrantCloudUrl = VAGRANT_CLOUD_URL
 	}

+	p.insecureSkipTLSVerify = p.config.InsecureSkipTLSVerify == true && p.config.VagrantCloudUrl != VAGRANT_CLOUD_URL
+
 	if p.config.AccessToken == "" {
 		envToken := os.Getenv("VAGRANT_CLOUD_TOKEN")
 		if envToken == "" {
@ -95,7 +99,7 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
 	}

 	// create the HTTP client
-	p.client, err = VagrantCloudClient{}.New(p.config.VagrantCloudUrl, p.config.AccessToken)
+	p.client, err = VagrantCloudClient{}.New(p.config.VagrantCloudUrl, p.config.AccessToken, p.insecureSkipTLSVerify)
 	if err != nil {
 		errs = packer.MultiErrorAppend(
 			errs, fmt.Errorf("Failed to verify authentication token: %v", err))
--- a/post-processor/vagrant-cloud/post-processor_test.go
+++ b/post-processor/vagrant-cloud/post-processor_test.go
@ -41,6 +41,32 @@ func newSecureServer(token string, handler http.HandlerFunc) *httptest.Server {
 	}))
 }

+func newSelfSignedSslServer(token string, handler http.HandlerFunc) *httptest.Server {
+	token = fmt.Sprintf("Bearer %s", token)
+	return httptest.NewTLSServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if req.Header.Get("authorization") != token {
+			http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+		if handler != nil {
+			handler(rw, req)
+		}
+	}))
+}
+
+func TestPostProcessor_Insecure_Ssl(t *testing.T) {
+	var p PostProcessor
+	server := newSelfSignedSslServer("foo", nil)
+	defer server.Close()
+
+	config := testGoodConfig()
+	config["vagrant_cloud_url"] = server.URL
+	config["insecure_skip_tls_verify"] = true
+	if err := p.Configure(config); err != nil {
+		t.Fatalf("Expected TLS to skip certificate validation: %s", err)
+	}
+}
+
 func TestPostProcessor_Configure_fromVagrantEnv(t *testing.T) {
 	var p PostProcessor
 	config := testGoodConfig()
--- a/website/source/docs/post-processors/vagrant-cloud.html.md
+++ b/website/source/docs/post-processors/vagrant-cloud.html.md
@ -78,6 +78,12 @@ on Vagrant Cloud, as well as authentication and version information.
    This is useful if you're using Vagrant Private Cloud in your own network.
    Defaults to `https://vagrantcloud.com/api/v1`

+-   `insecure_skip_tls_verify` (boolean) - If set to true *and* `vagrant_cloud_url`
+    is set to something different than its default, it will set TLS InsecureSkipVerify
+    to true. In other words, this will disable security checks of SSL. You may need
+    to set this option to true if your host at vagrant_cloud_url is using a
+    self-signed certificate.
+
 -   `version_description` (string) - Optionally markdown text used as a
    full-length and in-depth description of the version, typically for denoting
    changes introduced