Open adkafka opened 10 months ago
I've got this error trying to create DB in the AWS serverless v1 cluster, CA rds-ca-rsa2048-g1
same error with scheme = "gcppostgres"
AWS given customers 12 months to migrate to the new CA. This is now a important issue that needs resolving
Having a similar issue myself using rds-ca-rsa2048-g1 and scheme:awspostgres. Changing from awspostgres to postgres fixes it, what are the implications of this?
The problem has gone after upgrading to 1.22.0 from 1.20.0
If we setup a provider as such:
And connect to an RDS instance whose CA comes from
rds-ca-ecc384-g1
, we get an unexpected error:Based on
sslmode = "require"
, I expect no certificate validation.I believe the issue is here: https://github.com/cyrilgdn/terraform-provider-postgresql/blob/fea83f376887d76424148b665b47c7f5c72371cc/postgresql/config.go#L205-L210
We should change this to
if c.Scheme == "postgres" || c.Scheme == "awspostgres"
I'm able to workaround this by just setting
scheme=postgres
.Terraform Version
Affected Resource(s)
Terraform Configuration Files
See above snipped
Debug Output
N/A
Panic Output
N/A
Expected Behavior
We should be able to connect with above config to an RDS instance.
Actual Behavior
Error
Steps to Reproduce
Create RDS instance with issuing CA
rds-ca-ecc384-g1
(I expect the same behavior for other new CAs too) Try to connect to the provider usingscheme = "awspostgres"
andsslmode = "require"
Important Factoids
No
References
None