dstebukov
commented
8 months ago I've got this error trying to create DB in the AWS serverless v1 cluster, CA rds-ca-rsa2048-g1
- provider registry.terraform.io/cyrilgdn/postgresql v1.21.0
Open adkafka opened 10 months ago
dstebukov
commented
8 months ago I've got this error trying to create DB in the AWS serverless v1 cluster, CA rds-ca-rsa2048-g1
ghost
commented
8 months ago same error with scheme = "gcppostgres"
pexa-afarrugia
commented
7 months ago AWS given customers 12 months to migrate to the new CA. This is now a important issue that needs resolving
grilla99
commented
7 months ago Having a similar issue myself using rds-ca-rsa2048-g1 and scheme:awspostgres. Changing from awspostgres to postgres fixes it, what are the implications of this?
romikoops
commented
3 months ago The problem has gone after upgrading to 1.22.0 from 1.20.0
If we setup a provider as such:
And connect to an RDS instance whose CA comes from
rds-ca-ecc384-g1, we get an unexpected error:Based on
sslmode = "require", I expect no certificate validation.I believe the issue is here: https://github.com/cyrilgdn/terraform-provider-postgresql/blob/fea83f376887d76424148b665b47c7f5c72371cc/postgresql/config.go#L205-L210
We should change this to
if c.Scheme == "postgres" || c.Scheme == "awspostgres"I'm able to workaround this by just setting
scheme=postgres.Terraform Version
Affected Resource(s)
Terraform Configuration Files
See above snipped
Debug Output
N/A
Panic Output
N/A
Expected Behavior
We should be able to connect with above config to an RDS instance.
Actual Behavior
Error
Steps to Reproduce
Create RDS instance with issuing CA
rds-ca-ecc384-g1(I expect the same behavior for other new CAs too) Try to connect to the provider usingscheme = "awspostgres"andsslmode = "require"Important Factoids
No
References
None