Depreciate the PostgreSQL provider's `ssl_mode` option in favor of `sslmode`.

Both libpq(3) and github.com/lib/pq both use `sslmode`. Prefer this vs the non-standard `ssl_mode`. `ssl_mode` is supported for compatibility but should be removed in the future. Changelog: yes
2016-11-06 01:44:57 -07:00 · 2016-11-06 01:44:57 -07:00 · 3750bf7af2
parent a200899d93
commit 3750bf7af2
3 changed files with 21 additions and 3 deletions
--- a/builtin/providers/postgresql/config.go
+++ b/builtin/providers/postgresql/config.go
@ -15,7 +15,7 @@ type Config struct {
 	Database        string
 	Username        string
 	Password        string
-	SslMode         string
+	SSLMode         string
 	Timeout         int
 	ApplicationName string
 }
--- a/builtin/providers/postgresql/provider.go
+++ b/builtin/providers/postgresql/provider.go
@ -59,6 +59,11 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("PGCONNECT_TIMEOUT", nil),
 				Description: "Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.",
 			},
+			"ssl_mode": {
+				Type:       schema.TypeString,
+				Optional:   true,
+				Deprecated: "Rename PostgreSQL provider `ssl_mode` attribute to `sslmode`",
+			},
 		},

 		ResourcesMap: map[string]*schema.Resource{
@ -72,14 +77,19 @@ func Provider() terraform.ResourceProvider {
 }

 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	var sslMode string
+	var ok bool
+	if sslMode, ok = d.GetOk("sslmode").(string); !ok {
+		sslMode = d.Get("ssl_mode").(string)
+	}
 	config := Config{
 		Host:            d.Get("host").(string),
 		Port:            d.Get("port").(int),
 		Database:        d.Get("database").(string),
 		Username:        d.Get("username").(string),
 		Password:        d.Get("password").(string),
+		SSLMode:         sslMode,
 		Timeout:         d.Get("connect_timeout").(int),
-		SslMode:         d.Get("sslmode").(string),
 		ApplicationName: tfAppName(),
 	}

--- a/website/source/docs/providers/postgresql/index.html.markdown
+++ b/website/source/docs/providers/postgresql/index.html.markdown
@ -21,7 +21,7 @@ provider "postgresql" {
  database = "postgres"
  username = "postgres_user"
  password = "postgres_password"
-  ssl_mode = "require"
+  sslmode = "require"
  connect_timeout = 15
 }

@ -66,6 +66,14 @@ The following arguments are supported:
 * `username` - (Required) Username for the server connection.
 * `password` - (Optional) Password for the server connection.
 * `sslmode` - (Optional) Set the priority for an SSL connection to the server.
+  Valid values for `sslmode` are (note: `prefer` is not supported by Go's
+  [`lib/pq`](https://godoc.org/github.com/lib/pq)):
+    * disable - No SSL
+    * require - Always SSL (the default, also skip verification)
+    * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
+    * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
+  Additional information on the options and their implications can be seen
+  [in the `libpq(3)` SSL guide](http://www.postgresql.org/docs/current/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION).
 * `connect_timeout` - (Optional) Maximum wait for connection, in seconds. Zero means wait indefinitely, the default is `15`.
  The default is `prefer`; the full set of options and their implications
  can be seen [in the libpq SSL guide](http://www.postgresql.org/docs/9.4/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION).