Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support sslnegotiation option #503

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Support sslnegotiation option #503

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions postgresql/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ const (
featureServer
featureCreateRoleSelfGrant
featureSecurityLabel
featureSSLNegotiation
)

var (
Expand Down Expand Up @@ -122,6 +123,9 @@ var (
// https://www.postgresql.org/docs/16/release-16.html#RELEASE-16-PRIVILEGES
featureCreateRoleSelfGrant: semver.MustParseRange(">=16.0.0"),
featureSecurityLabel: semver.MustParseRange(">=11.0.0"),

// SSL without STARTTLS
featureSSLNegotiation: semver.MustParseRange(">=17.0.0"),
}
)

Expand Down Expand Up @@ -175,6 +179,7 @@ type Config struct {
DatabaseUsername string
Superuser bool
SSLMode string
SSLNegotiation string
ApplicationName string
Timeout int
ConnectTimeoutSec int
Expand Down Expand Up @@ -221,6 +226,9 @@ func (c *Config) connParams() []string {
// (TLS is provided by gocloud directly)
if c.Scheme == "postgres" {
params["sslmode"] = c.SSLMode
if c.featureSupported(featureSSLNegotiation) {
params["sslnegotiation"] = c.SSLNegotiation
}
params["connect_timeout"] = strconv.Itoa(c.ConnectTimeoutSec)
}

Expand Down
7 changes: 7 additions & 0 deletions postgresql/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,12 @@ func Provider() *schema.Provider {
Optional: true,
Deprecated: "Rename PostgreSQL provider `ssl_mode` attribute to `sslmode`",
},
"sslnegotiation": {
Type: schema.TypeString,
Optional: true,
Default: "postgres",
Description: "This option controls how SSL encryption is negotiated with the server, if SSL is used. In the default postgres mode, the client first asks the server if SSL is supported. In direct mode, the client starts the standard SSL handshake directly after establishing the TCP/IP connection.",
},
"clientcert": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -376,6 +382,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
DatabaseUsername: d.Get("database_username").(string),
Superuser: d.Get("superuser").(bool),
SSLMode: sslMode,
SSLNegotiation: d.Get("sslnegotiation").(string),
ApplicationName: "Terraform provider",
ConnectTimeoutSec: d.Get("connect_timeout").(int),
MaxConns: d.Get("max_connections").(int),
Expand Down