From 977c36d097db98bb96ee3ff84c6402d3ecb58128 Mon Sep 17 00:00:00 2001 From: Christoph Kluenter Date: Thu, 28 Nov 2024 17:56:46 +0100 Subject: [PATCH 1/2] Documentation: require_ssl does not have an effect --- examples/postgresql-with-cross-region-failover/main.tf | 2 +- modules/postgresql/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/postgresql-with-cross-region-failover/main.tf b/examples/postgresql-with-cross-region-failover/main.tf index ec047dbb..b9e5ae76 100644 --- a/examples/postgresql-with-cross-region-failover/main.tf +++ b/examples/postgresql-with-cross-region-failover/main.tf @@ -94,7 +94,7 @@ module "pg1" { ip_configuration = { ipv4_enabled = false - require_ssl = true + ssl_mode = "ENCRYPTED_ONLY" private_network = google_compute_network.default.self_link allocated_ip_range = null authorized_networks = [ diff --git a/modules/postgresql/README.md b/modules/postgresql/README.md index 5ea35112..4b953dc0 100644 --- a/modules/postgresql/README.md +++ b/modules/postgresql/README.md @@ -39,7 +39,7 @@ module "pg" { ip_configuration = { ipv4_enabled = true - require_ssl = true + ssl_mode = "ENCRYPTED_ONLY" // can also be ALLOW_UNENCRYPTED_AND_ENCRYPTED private_network = null allocated_ip_range = null authorized_networks = [ From df5080bde6f02cd1a69a37d18dc5a6c642b594bd Mon Sep 17 00:00:00 2001 From: Christoph Kluenter Date: Wed, 29 Jan 2025 14:18:50 +0100 Subject: [PATCH 2/2] fix: The default is 'ENCRYPTED_ONLY' now. Adapting tests accordingly --- .../postgresql_cross_region_failover_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/postgresql-with-cross-region-failover/postgresql_cross_region_failover_test.go b/test/integration/postgresql-with-cross-region-failover/postgresql_cross_region_failover_test.go index 7e2bb046..2ace15bc 100644 --- a/test/integration/postgresql-with-cross-region-failover/postgresql_cross_region_failover_test.go +++ b/test/integration/postgresql-with-cross-region-failover/postgresql_cross_region_failover_test.go @@ -67,7 +67,7 @@ func TestPostgreSqlCrossRegionFailover(t *testing.T) { // assert general database settings assert.Equal("REGIONAL", op.Get("settings.availabilityType").String(), "Expected REGIONAL availabilityType") assert.Equal("PD_SSD", op.Get("settings.dataDiskType").String(), "Expected PD_SSD dataDiskType") - assert.Equal("ALLOW_UNENCRYPTED_AND_ENCRYPTED", op.Get("settings.ipConfiguration.sslMode").String(), "Expected ssl_mode") + assert.Equal("ENCRYPTED_ONLY", op.Get("settings.ipConfiguration.sslMode").String(), "Expected ssl_mode") // assert user labels assert.JSONEq(`{"foo": "bar", "instance": "instance-1"}`, op.Get("settings.userLabels").Raw, `Expected {"foo": "bar", "instance": "instance-1"} userLabels`) @@ -85,7 +85,7 @@ func TestPostgreSqlCrossRegionFailover(t *testing.T) { assert.Equal(int64(365), op.Get("settings.backupConfiguration.backupRetentionSettings.retainedBackups").Int(), "Expected 365 backupConfigurationRetainedBackups") assert.Equal("COUNT", op.Get("settings.backupConfiguration.backupRetentionSettings.retentionUnit").String(), "Expected COUNT backupConfigurationRetentionUnit") assert.True(op.Get("settings.backupConfiguration.pointInTimeRecoveryEnabled").Bool(), "Expected TRUE") - assert.Equal("ALLOW_UNENCRYPTED_AND_ENCRYPTED", op.Get("settings.ipConfiguration.sslMode").String(), "Expected ssl_mode") + assert.Equal("ENCRYPTED_ONLY", op.Get("settings.ipConfiguration.sslMode").String(), "Expected ssl_mode") assert.Equal("14", op.Get("settings.backupConfiguration.transactionLogRetentionDays").String(), "Expected transactionLogRetentionDays 14") // assert Encryption configuration