Depreciate the PostgreSQL provider's `ssl_mode` option in favor of `sslmode`.

Both libpq(3) and github.com/lib/pq both use `sslmode`.  Prefer this vs
the non-standard `ssl_mode`.  `ssl_mode` is supported for compatibility
but should be removed in the future.

Changelog: yes
This commit is contained in:
Sean Chittenden 2016-11-06 01:44:57 -07:00
parent a200899d93
commit 3750bf7af2
No known key found for this signature in database
GPG Key ID: 4EBC9DC16C2E5E16
3 changed files with 21 additions and 3 deletions

View File

@ -15,7 +15,7 @@ type Config struct {
Database string
Username string
Password string
SslMode string
SSLMode string
Timeout int
ApplicationName string
}

View File

@ -59,6 +59,11 @@ func Provider() terraform.ResourceProvider {
DefaultFunc: schema.EnvDefaultFunc("PGCONNECT_TIMEOUT", nil),
Description: "Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.",
},
"ssl_mode": {
Type: schema.TypeString,
Optional: true,
Deprecated: "Rename PostgreSQL provider `ssl_mode` attribute to `sslmode`",
},
},
ResourcesMap: map[string]*schema.Resource{
@ -72,14 +77,19 @@ func Provider() terraform.ResourceProvider {
}
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
var sslMode string
var ok bool
if sslMode, ok = d.GetOk("sslmode").(string); !ok {
sslMode = d.Get("ssl_mode").(string)
}
config := Config{
Host: d.Get("host").(string),
Port: d.Get("port").(int),
Database: d.Get("database").(string),
Username: d.Get("username").(string),
Password: d.Get("password").(string),
SSLMode: sslMode,
Timeout: d.Get("connect_timeout").(int),
SslMode: d.Get("sslmode").(string),
ApplicationName: tfAppName(),
}

View File

@ -21,7 +21,7 @@ provider "postgresql" {
database = "postgres"
username = "postgres_user"
password = "postgres_password"
ssl_mode = "require"
sslmode = "require"
connect_timeout = 15
}
@ -66,6 +66,14 @@ The following arguments are supported:
* `username` - (Required) Username for the server connection.
* `password` - (Optional) Password for the server connection.
* `sslmode` - (Optional) Set the priority for an SSL connection to the server.
Valid values for `sslmode` are (note: `prefer` is not supported by Go's
[`lib/pq`](https://godoc.org/github.com/lib/pq)):
* disable - No SSL
* require - Always SSL (the default, also skip verification)
* verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
* verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
Additional information on the options and their implications can be seen
[in the `libpq(3)` SSL guide](http://www.postgresql.org/docs/current/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION).
* `connect_timeout` - (Optional) Maximum wait for connection, in seconds. Zero means wait indefinitely, the default is `15`.
The default is `prefer`; the full set of options and their implications
can be seen [in the libpq SSL guide](http://www.postgresql.org/docs/9.4/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION).