When scheme=awspostgres, sslmode is not respected, causing x509: certificate signed by unknown authority #343
Description
If we setup a provider as such:
provider "postgresql" {
scheme = "awspostgres"
sslmode = "require"
...
}
And connect to an RDS instance whose CA comes from rds-ca-ecc384-g1, we get an unexpected error:
│ Error: Error connecting to PostgreSQL server database-name.region.rds.amazonaws.com (scheme: awspostgres): tls: failed to verify certificate: x509: certificate signed by unknown authority
Based on sslmode = "require", I expect no certificate validation.
I believe the issue is here:
terraform-provider-postgresql/postgresql/config.go
Lines 205 to 210 in fea83f3
We should change this to if c.Scheme == "postgres" || c.Scheme == "awspostgres"
I'm able to workaround this by just setting scheme=postgres.
Terraform Version
$ terraform -v
Terraform v1.5.2
on darwin_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.20.0
+ provider registry.terraform.io/hashicorp/aws v4.59.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.18.1
+ provider registry.terraform.io/hashicorp/local v2.4.0
+ provider registry.terraform.io/hashicorp/random v3.4.3
Affected Resource(s)
- terraform-provider-postgresql (provider itself, not resources)
Terraform Configuration Files
See above snipped
Debug Output
N/A
Panic Output
N/A
Expected Behavior
We should be able to connect with above config to an RDS instance.
Actual Behavior
Error
Steps to Reproduce
Create RDS instance with issuing CA rds-ca-ecc384-g1 (I expect the same behavior for other new CAs too)
Try to connect to the provider using scheme = "awspostgres" and sslmode = "require"
Important Factoids
No
References
None