From c877312a4d1b432e643608642e449ff0f16b5538 Mon Sep 17 00:00:00 2001 From: stack72 Date: Tue, 20 Mar 2018 22:10:12 +0200 Subject: [PATCH] builder/triton: Add support to Skip TLS Verification of Triton URL In order to allow Packer to connect to Private Triton installations we now expose `insecure_skip_tls_verify` which, if set to true, will allow the user to make requests to Triton installations that use a certificate not signed by a trusted root CA --- builder/triton/access_config.go | 25 +++++++++++++++------ website/source/docs/builders/triton.html.md | 5 +++++ 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/builder/triton/access_config.go b/builder/triton/access_config.go index 3212c37a1..3fe380e73 100644 --- a/builder/triton/access_config.go +++ b/builder/triton/access_config.go @@ -17,11 +17,12 @@ import ( // AccessConfig is for common configuration related to Triton access type AccessConfig struct { - Endpoint string `mapstructure:"triton_url"` - Account string `mapstructure:"triton_account"` - Username string `mapstructure:"triton_user"` - KeyID string `mapstructure:"triton_key_id"` - KeyMaterial string `mapstructure:"triton_key_material"` + Endpoint string `mapstructure:"triton_url"` + Account string `mapstructure:"triton_account"` + Username string `mapstructure:"triton_user"` + KeyID string `mapstructure:"triton_key_id"` + KeyMaterial string `mapstructure:"triton_key_material"` + InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify"` signer authentication.Signer } @@ -131,12 +132,14 @@ func (c *AccessConfig) CreateTritonClient() (*Client, error) { } return &Client{ - config: config, + config: config, + insecureSkipTLSVerify: c.InsecureSkipTLSVerify, }, nil } type Client struct { - config *tgo.ClientConfig + config *tgo.ClientConfig + insecureSkipTLSVerify bool } func (c *Client) Compute() (*compute.ComputeClient, error) { @@ -145,6 +148,10 @@ func (c *Client) Compute() (*compute.ComputeClient, error) { return nil, errwrap.Wrapf("Error Creating Triton Compute Client: {{err}}", err) } + if c.insecureSkipTLSVerify { + computeClient.Client.InsecureSkipTLSVerify() + } + return computeClient, nil } @@ -154,6 +161,10 @@ func (c *Client) Network() (*network.NetworkClient, error) { return nil, errwrap.Wrapf("Error Creating Triton Network Client: {{err}}", err) } + if c.insecureSkipTLSVerify { + networkClient.Client.InsecureSkipTLSVerify() + } + return networkClient, nil } diff --git a/website/source/docs/builders/triton.html.md b/website/source/docs/builders/triton.html.md index 2a62dbe12..889b0d9d8 100644 --- a/website/source/docs/builders/triton.html.md +++ b/website/source/docs/builders/triton.html.md @@ -95,6 +95,11 @@ builder. - `triton_user` (string) - The username of a user who has access to your Triton account. + +- `insecure_skip_tls_verify` - (bool) This allows skipping TLS verification of + the Triton endpoint. It is useful when connecting to a temporary Triton + installation such as Cloud-On-A-Laptop which does not generally use a + certificate signed by a trusted root CA. The default is `false`. - `source_machine_firewall_enabled` (boolean) - Whether or not the firewall of the VM used to create an image of is enabled. The Triton firewall only