Add TLS verification configuration

Makefile

@@ -1,6 +1,7 @@
-HOST=http://localhost:8081
+HOST=https://teampasswordmanager.localhost
 PUBLIC_KEY=1356a192b7913b04c54574d18c28d46e6395428ab3e412034b8b325de8791d25
 PRIVATE_KEY=bcc17645f12660f6bbf00801e48830429c66b52775bd8c39fca3f2d6d16c6578
+TPM_TLS_SKIP_VERIFY=true
 
 test: test-v5 test-v4
 
@@ -9,6 +10,7 @@ test-v4:
 	TPM_HOST=${HOST} \
 	TPM_PUBLIC_KEY=${PUBLIC_KEY} \
 	TPM_PRIVATE_KEY=${PRIVATE_KEY} \
+	TPM_TLS_SKIP_VERIFY=${TPM_TLS_SKIP_VERIFY} \
 	TPM_API_VERSION=v4 \
 	go test --race ./...
 
@@ -17,6 +19,7 @@ test-v5:
 	TPM_HOST=${HOST} \
 	TPM_PUBLIC_KEY=${PUBLIC_KEY} \
 	TPM_PRIVATE_KEY=${PRIVATE_KEY} \
+	TPM_TLS_SKIP_VERIFY=${TPM_TLS_SKIP_VERIFY} \
 	TPM_API_VERSION=v5 \
 	go test --race ./...
 

docker-compose.yml

@@ -1,7 +1,29 @@
-version: '3'
-
 services:
 
+  traefik:
+    image: "traefik:v3.2"
+    command:
+      - "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--accesslog=true"
+      - "--entryPoints.web.address=:80"
+      # TLS
+      - "--entryPoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "letsencrypt_volume:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+     - tpm_network
+
   teampasswordmanager:
     image: teampasswordmanager/teampasswordmanager:latest
     depends_on:
@@ -22,6 +44,11 @@ services:
       - TPM_CONFIG_PASSWORD=tpm_password
       - TPM_CONFIG_DATABASE=tpm_database
       - TPM_UPGRADE=0
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teampasswordmanager.rule=Host(`teampasswordmanager.localhost`)"
+      - "traefik.http.routers.teampasswordmanager.entrypoints=websecure"
+      - "traefik.http.routers.teampasswordmanager.tls.certresolver=myresolver"
 
   mysql:
     image: mysql:5.7
@@ -46,3 +73,5 @@ volumes:
     driver: "local"
   tpm_volume:
     driver: "local"
+  letsencrypt_volume:
+    driver: "local"

docs/data-sources/group.md

@@ -75,5 +75,3 @@ Read-Only:
 - `name` (String)
 - `role` (String)
 - `username` (String)
-
-

docs/data-sources/password.md

@@ -212,5 +212,3 @@ Read-Only:
 - `name` (String)
 - `role` (String)
 - `username` (String)
-
-

docs/data-sources/project.md

@@ -49,5 +49,3 @@ data "teampasswordmanager_project" "child" {
 - `notes` (String) Notes are used to store additional information about the project.
 - `parent_id` (Number) Parent project ID. If the project is a 'root' project then the value should be 0, otherwise set the id of the parent project.
 - `tags` (List of String) Project tags, usually used for search. Tags should be unique and in alphabetical order.
-
-

docs/index.md

@@ -21,6 +21,9 @@ provider "teampasswordmanager" {
   // optional, default version is v5
   api_version = "v5" // "v4"
 
+  // optional, skip TLS certificate verification?
+  tls_skip_verify = false
+
   # Or you can provide these values via env variables: TPM_HOST, TPM_PUBLIC_KEY, TPM_PRIVATE_KEY and TPM_API_VERSION
 }
 ```
@@ -37,3 +40,4 @@ provider "teampasswordmanager" {
 ### Optional
 
 - `api_version` (String, Deprecated) Api version to use (defaults to v5). Lower versions than v4 might not work correctly or at all. For more information https://teampasswordmanager.com/docs
+- `tls_skip_verify` (Boolean) Whether the TLS certificate should be verified (defaults to false).

docs/resources/group.md

@@ -71,5 +71,3 @@ Read-Only:
 - `name` (String)
 - `role` (String)
 - `username` (String)
-
-

docs/resources/group_membership.md

@@ -34,5 +34,3 @@ resource "teampasswordmanager_group_membership" "new_group_user" {
 ### Read-Only
 
 - `id` (String) Group ID.
-
-

docs/resources/password.md

@@ -206,5 +206,3 @@ Read-Only:
 - `name` (String)
 - `role` (String)
 - `username` (String)
-
-

docs/resources/project.md

@@ -41,5 +41,3 @@ resource "teampasswordmanager_project" "child" {
 - `notes` (String) Notes are used to store additional information about the project.
 - `parent_id` (Number) Parent project ID. If the project is a 'root' project then the value should be 0, otherwise set the id of the parent project.
 - `tags` (List of String) Tags which are usually used for search. Tags should be unique and in alphabetical order.
-
-

examples/provider/provider.tf

@@ -6,5 +6,8 @@ provider "teampasswordmanager" {
   // optional, default version is v5
   api_version = "v5" // "v4"
 
+  // optional, skip TLS certificate verification?
+  tls_skip_verify = false
+
   # Or you can provide these values via env variables: TPM_HOST, TPM_PUBLIC_KEY, TPM_PRIVATE_KEY and TPM_API_VERSION
 }

go.mod

@@ -1,51 +1,59 @@
 module github.com/ernestre/terraform-provider-teampasswordmanager
 
-go 1.18
+go 1.23
 
 require (
-	github.com/hashicorp/terraform-plugin-docs v0.13.0
+	github.com/hashicorp/terraform-plugin-docs v0.20.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.25.0
-	github.com/stretchr/testify v1.7.2
-	golang.org/x/tools v0.6.0
+	github.com/stretchr/testify v1.8.2
+	golang.org/x/tools v0.27.0
 )
 
 require (
+	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/Masterminds/semver/v3 v3.2.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.7.1 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/hashicorp/cli v1.1.6 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
-	github.com/hashicorp/go-hclog v1.4.0 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.8 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hc-install v0.5.0 // indirect
+	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/hashicorp/hc-install v0.9.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.16.1 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
-	github.com/hashicorp/terraform-exec v0.17.3 // indirect
-	github.com/hashicorp/terraform-json v0.15.0 // indirect
+	github.com/hashicorp/terraform-exec v0.21.0 // indirect
+	github.com/hashicorp/terraform-json v0.23.0 // indirect
 	github.com/hashicorp/terraform-plugin-go v0.14.3 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.8.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.1.0 // indirect
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
 	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/mitchellh/cli v1.1.5 // indirect
+	github.com/huandu/xstrings v1.3.3 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@@ -54,22 +62,26 @@ require (
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/posener/complete v1.2.3 // indirect
-	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
 	github.com/vmihailenco/tagparser v0.1.2 // indirect
-	github.com/xanzy/ssh-agent v0.3.1 // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
-	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	github.com/yuin/goldmark v1.7.7 // indirect
+	github.com/yuin/goldmark-meta v1.1.0 // indirect
+	github.com/zclconf/go-cty v1.15.0 // indirect
+	go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
+	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
+	golang.org/x/mod v0.22.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sync v0.9.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac // indirect
 	google.golang.org/grpc v1.51.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/yaml.v2 v2.3.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )