wip

Author: joemiller

README.md

@@ -33,7 +33,7 @@ Run [acceptance tests](https://www.terraform.io/docs/extend/testing/acceptance-t
 # In one terminal, run a Grafana container.
 # You may optionally override the image tag...
 # GRAFANA_VERSION=7.1.1 \
-make test-serve
+make test-serv
 
 # In another...
 GRAFANA_URL=http://localhost:3000 \

grafana/provider.go

@@ -1,6 +1,9 @@
 package grafana
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"io/ioutil"
 	"net/url"
 	"strings"
 
@@ -28,6 +31,30 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_AUTH", nil),
 				Description: "Credentials for accessing the Grafana API.",
 			},
+			"tls_key": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_TLS_KEY", nil),
+				Description: "Client TLS key for accessing the Grafana API.",
+			},
+			"tls_cert": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_TLS_CERT", nil),
+				Description: "Client TLS cert for accessing the Grafana API.",
+			},
+			"ca_cert": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_CA_CERT", nil),
+				Description: "CA cert bundle for validating the Grafana API's certificate.",
+			},
+			"insecure_skip_verify": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_INSECURE_SKIP_VERIFY", nil),
+				Description: "Skip TLS certificate verification",
+			},
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -49,7 +76,34 @@ func Provider() terraform.ResourceProvider {
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	auth := strings.SplitN(d.Get("auth").(string), ":", 2)
 	cli := cleanhttp.DefaultClient()
-	cli.Transport = logging.NewTransport("Grafana", cli.Transport)
+	transport := cleanhttp.DefaultTransport()
+
+	// TLS Config
+	tlsKey := d.Get("tls_key").(string)
+	tlsCert := d.Get("tls_cert").(string)
+	caCert := d.Get("ca_cert").(string)
+	insecure := d.Get("insecure_skip_verify").(bool)
+	if caCert != "" {
+		ca, err := ioutil.ReadFile(caCert)
+		if err != nil {
+			return nil, err
+		}
+		pool := x509.NewCertPool()
+		pool.AppendCertsFromPEM(ca)
+		transport.TLSClientConfig.RootCAs = pool
+	}
+	if tlsKey != "" && tlsCert != "" {
+		cert, err := tls.LoadX509KeyPair(tlsCert, tlsKey)
+		if err != nil {
+			return nil, err
+		}
+		transport.TLSClientConfig.Certificates = []tls.Certificate{cert}
+	}
+	if insecure {
+		transport.TLSClientConfig.InsecureSkipVerify = true
+	}
+
+	cli.Transport = logging.NewTransport("Grafana", transport)
 	cfg := gapi.Config{
 		Client: cli,
 	}

website/docs/index.html.markdown

@@ -22,6 +22,22 @@ The provider configuration block accepts the following arguments:
   are provided in a single string and separated by a colon. May alternatively
   be set via the ``GRAFANA_AUTH`` environment variable.
 
+* ``tls_key`` - (Optional) Client TLS key file to use to authenticate to the
+  Grafana server. May alternatively be set via the ``GRAFANA_TLS_KEY``
+  environment variable.
+
+* ``tls_cert`` - (Optional) Client TLS certificate file to use to authenticate
+  to the Grafana server. May alternatively be set via the ``GRAFANA_TLS_CERT``
+  environment variable.
+
+* ``ca_cert`` - (Optional) Certificate CA bundle to use to verify the
+  Grafana server's certifiate.. May alternatively be set via the
+  ``GRAFANA_CA_CERT`` environment variable.
+
+* ``insecure_skip_verify`` - (Optional) Bool. Disable verification of the
+  Grafana Server's certificate. May alternatively be set via the
+  ``GRAFANA_INSECURE_SKIP_VERIFY`` environment variable.
+
 Use the navigation to the left to read about the available resources.
 
 ## Example Usage