From 3750bf7af220d91acbce3dde5ce4fba714c2db3b Mon Sep 17 00:00:00 2001 From: Sean Chittenden Date: Sun, 6 Nov 2016 01:44:57 -0700 Subject: [PATCH] Depreciate the PostgreSQL provider's `ssl_mode` option in favor of `sslmode`. Both libpq(3) and github.com/lib/pq both use `sslmode`. Prefer this vs the non-standard `ssl_mode`. `ssl_mode` is supported for compatibility but should be removed in the future. Changelog: yes --- builtin/providers/postgresql/config.go | 2 +- builtin/providers/postgresql/provider.go | 12 +++++++++++- .../docs/providers/postgresql/index.html.markdown | 10 +++++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/builtin/providers/postgresql/config.go b/builtin/providers/postgresql/config.go index 81ad07583..2d14baba8 100644 --- a/builtin/providers/postgresql/config.go +++ b/builtin/providers/postgresql/config.go @@ -15,7 +15,7 @@ type Config struct { Database string Username string Password string - SslMode string + SSLMode string Timeout int ApplicationName string } diff --git a/builtin/providers/postgresql/provider.go b/builtin/providers/postgresql/provider.go index 62a12bcea..9c6dc949c 100644 --- a/builtin/providers/postgresql/provider.go +++ b/builtin/providers/postgresql/provider.go @@ -59,6 +59,11 @@ func Provider() terraform.ResourceProvider { DefaultFunc: schema.EnvDefaultFunc("PGCONNECT_TIMEOUT", nil), Description: "Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.", }, + "ssl_mode": { + Type: schema.TypeString, + Optional: true, + Deprecated: "Rename PostgreSQL provider `ssl_mode` attribute to `sslmode`", + }, }, ResourcesMap: map[string]*schema.Resource{ @@ -72,14 +77,19 @@ func Provider() terraform.ResourceProvider { } func providerConfigure(d *schema.ResourceData) (interface{}, error) { + var sslMode string + var ok bool + if sslMode, ok = d.GetOk("sslmode").(string); !ok { + sslMode = d.Get("ssl_mode").(string) + } config := Config{ Host: d.Get("host").(string), Port: d.Get("port").(int), Database: d.Get("database").(string), Username: d.Get("username").(string), Password: d.Get("password").(string), + SSLMode: sslMode, Timeout: d.Get("connect_timeout").(int), - SslMode: d.Get("sslmode").(string), ApplicationName: tfAppName(), } diff --git a/website/source/docs/providers/postgresql/index.html.markdown b/website/source/docs/providers/postgresql/index.html.markdown index f5757efc4..3f30d6574 100644 --- a/website/source/docs/providers/postgresql/index.html.markdown +++ b/website/source/docs/providers/postgresql/index.html.markdown @@ -21,7 +21,7 @@ provider "postgresql" { database = "postgres" username = "postgres_user" password = "postgres_password" - ssl_mode = "require" + sslmode = "require" connect_timeout = 15 } @@ -66,6 +66,14 @@ The following arguments are supported: * `username` - (Required) Username for the server connection. * `password` - (Optional) Password for the server connection. * `sslmode` - (Optional) Set the priority for an SSL connection to the server. + Valid values for `sslmode` are (note: `prefer` is not supported by Go's + [`lib/pq`](https://godoc.org/github.com/lib/pq)): + * disable - No SSL + * require - Always SSL (the default, also skip verification) + * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA) + * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate) + Additional information on the options and their implications can be seen + [in the `libpq(3)` SSL guide](http://www.postgresql.org/docs/current/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION). * `connect_timeout` - (Optional) Maximum wait for connection, in seconds. Zero means wait indefinitely, the default is `15`. The default is `prefer`; the full set of options and their implications can be seen [in the libpq SSL guide](http://www.postgresql.org/docs/9.4/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION).