Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Correct default value for client-broker encryption setting. #12177

Merged
merged 2 commits into from
Mar 3, 2020
Merged

Correct default value for client-broker encryption setting. #12177

merged 2 commits into from
Mar 3, 2020

Conversation

matthewswain
Copy link
Contributor

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Release note for CHANGELOG:

Minor update to MSK Cluster resource documentation.

Output from acceptance testing: N/A, documentation change only.

Description

Previously the MSK cluster resource documentation stated the default client/broker encryption setting is TLS_PLAINTEXT. This actual default is TLS (see EncryptionInTransit section here).

@matthewswain matthewswain requested a review from a team February 26, 2020 10:37
@ghost ghost added needs-triage Waiting for first response or review from a maintainer. size/XS Managed by automation to categorize the size of a PR. service/kafka Issues and PRs that pertain to the kafka service. documentation Introduces or discusses updates to documentation. labels Feb 26, 2020
@bflad bflad removed the needs-triage Waiting for first response or review from a maintainer. label Mar 3, 2020
@bflad
Copy link
Contributor

bflad commented Mar 3, 2020

Hi @matthewswain 👋 Thank you for submitting this documentation update. The situation is actually a little more complicated -- some additional context can be found here: #10673 (comment)

If operators provide the encryption_in_transit configuration block but do not specify a value for client_broker, it will actually default to TLS_PLAINTEXT:

https://github.com/terraform-providers/terraform-provider-aws/blob/84948513ad0fd99552745d37ab4d5276d08650ce/aws/resource_aws_msk_cluster.go#L169

We plan on correcting that default in our next major version release of the provider, but it might make sense in the meantime (e.g. this pull request) to clarify that without encryption_info and encryption_in_transit configuration blocks defined, its value will default to TLS but if encryption_in_transit is defined but without client_broker configured, it will default to TLS_PLAINTEXT. 😖

@bflad bflad self-assigned this Mar 3, 2020
While TLS_PLAINTEXT is the default, if the parent block is omitted
the AWS default of TLS takes effect. The documentation did not
make this clear.
@bflad bflad added this to the v2.52.0 milestone Mar 3, 2020
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much, @matthewswain 🚀

@matthewswain
Copy link
Contributor Author

No problem @bflad, thank you for explaining!

@bflad bflad merged commit 5ff0705 into hashicorp:master Mar 3, 2020
@ghost
Copy link

ghost commented Mar 6, 2020

This has been released in version 2.52.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. service/kafka Issues and PRs that pertain to the kafka service. size/XS Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants