Skip to content

Commit

Permalink
Support sslnegotiation option
Browse files Browse the repository at this point in the history
Signed-off-by: magic_rb <[email protected]>
  • Loading branch information
MagicRB committed Dec 31, 2024
1 parent 25fbd1c commit 59f88a7
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
8 changes: 8 additions & 0 deletions postgresql/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ const (
featureServer
featureCreateRoleSelfGrant
featureSecurityLabel
featureSSLNegotation
)

var (
Expand Down Expand Up @@ -122,6 +123,9 @@ var (
// https://www.postgresql.org/docs/16/release-16.html#RELEASE-16-PRIVILEGES
featureCreateRoleSelfGrant: semver.MustParseRange(">=16.0.0"),
featureSecurityLabel: semver.MustParseRange(">=11.0.0"),

// SSL without STARTTLS
featureSSLNegotation: semver.MustParseRange(">=17.0.0"),
}
)

Expand Down Expand Up @@ -175,6 +179,7 @@ type Config struct {
DatabaseUsername string
Superuser bool
SSLMode string
SSLNegotiation string
ApplicationName string
Timeout int
ConnectTimeoutSec int
Expand Down Expand Up @@ -221,6 +226,9 @@ func (c *Config) connParams() []string {
// (TLS is provided by gocloud directly)
if c.Scheme == "postgres" {
params["sslmode"] = c.SSLMode
if c.featureSupported(featureSSLNegotation) {
params["sslnegotiation"] = c.SSLNegotiation
}
params["connect_timeout"] = strconv.Itoa(c.ConnectTimeoutSec)
}

Expand Down
7 changes: 7 additions & 0 deletions postgresql/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,12 @@ func Provider() *schema.Provider {
Optional: true,
Deprecated: "Rename PostgreSQL provider `ssl_mode` attribute to `sslmode`",
},
"sslnegotiation": {
Type: schema.TypeString,
Optional: true,
Default: "postgres",
Description: "This option controls how SSL encryption is negotiated with the server, if SSL is used. In the default postgres mode, the client first asks the server if SSL is supported. In direct mode, the client starts the standard SSL handshake directly after establishing the TCP/IP connection.",
},
"clientcert": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -376,6 +382,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
DatabaseUsername: d.Get("database_username").(string),
Superuser: d.Get("superuser").(bool),
SSLMode: sslMode,
SSLNegotiation: d.get("sslnegotiation").(string),
ApplicationName: "Terraform provider",
ConnectTimeoutSec: d.Get("connect_timeout").(int),
MaxConns: d.Get("max_connections").(int),
Expand Down

0 comments on commit 59f88a7

Please sign in to comment.