Support SSL certificates directly, not as pathsΒ #253
Description
For example when working with cloud databases, we usually have the SSL certificate material available directly as terraform variables (e.g. google_sql_database_instance.mydb.server_ca_cert.0.cert). Currently, we have to write those to temporary files first to configure the postgresql provider, which works (see example below), but is inconvenient and seems extraneous, even if it had better support. The lib/pq library added support for passing SSL material directly in v1.10.0. It would be great if the provider supported this mode of configuration as well.
Configuring SSL with local_sensitive_file
provider "postgresql" {
host = ...
database = ...
username = ...
password = ...
sslmode = "verify-ca"
clientcert {
cert = local_sensitive_file.mydb_client_cert.filename
key = local_sensitive_file.mydb_client_key.filename
}
sslrootcert = local_sensitive_file.mydb_server_ca_cert.filename
}
resource "local_sensitive_file" "mydb_client_cert" {
filename = "${path.root}/.terraform/tmp/${google_sql_database_instance.mydb.name}_client_cert"
content = google_sql_ssl_cert.mydb_client.cert
}
resource "local_sensitive_file" "mydb_client_key" {
filename = "${path.root}/.terraform/tmp/cloudsql_${google_sql_database_instance.mydb.name}_client_key"
content = google_sql_ssl_cert.mydb_client.private_key
}
resource "local_sensitive_file" "cloudsql_main_production_pg14_server_ca_cert" {
filename = "${path.root}/.terraform/tmp/${google_sql_database_instance.mydb.name}_server_ca_cert"
content = google_sql_database_instance.mydb.server_ca_cert.0.cert
}