From 220d73f32c8cfef1de1a40e5f29ef3f39aa51c2d Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Sun, 17 Apr 2016 08:32:02 -0700 Subject: [PATCH] provider/postgresql: default ssl_mode is "prefer" According to the libpq documentation, "prefer" is the default in the underlying library and so setting a different default in the Terraform layer would be a breaking change for existing users of this provider whose servers do not have TLS correctly configured. The docs now link to the libpq manual's discussion of the security implications of each of the ssl_mode options, so the user can understand the limitations of the "prefer" default and can make an informed decision about which setting is appropriate for their situation. --- builtin/providers/postgresql/provider.go | 2 +- .../source/docs/providers/postgresql/index.html.markdown | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/builtin/providers/postgresql/provider.go b/builtin/providers/postgresql/provider.go index 8a8da8c8f4..308c11f616 100644 --- a/builtin/providers/postgresql/provider.go +++ b/builtin/providers/postgresql/provider.go @@ -38,7 +38,7 @@ func Provider() terraform.ResourceProvider { "ssl_mode": &schema.Schema{ Type: schema.TypeString, Optional: true, - Default: "require", + Default: "prefer", Description: "Connection mode for postgresql server", }, }, diff --git a/website/source/docs/providers/postgresql/index.html.markdown b/website/source/docs/providers/postgresql/index.html.markdown index 0689e0ddc6..87d0ba87fa 100644 --- a/website/source/docs/providers/postgresql/index.html.markdown +++ b/website/source/docs/providers/postgresql/index.html.markdown @@ -59,7 +59,9 @@ resource "postgresql_database" "my_db2" { The following arguments are supported: * `host` - (Required) The address for the postgresql server connection. -* `port` - (Optional) The port for the postgresql server connection. (Default 5432) +* `port` - (Optional) The port for the postgresql server connection. The default is `5432`. * `username` - (Required) Username for the server connection. * `password` - (Optional) Password for the server connection. -* `ssl_mode` - (Optional) Set connection mode for postgresql server (Default "require", more options [lib/pq documentations](https://godoc.org/github.com/lib/pq)). \ No newline at end of file +* `ssl_mode` - (Optional) Set the priority for an SSL connection to the server. + The default is `prefer`; the full set of options and their implications + can be seen [in the libpq SSL guide](http://www.postgresql.org/docs/9.4/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION).