Provider Configuration: Support SSL Client Certificates

[kevinbirch]

Fixes: #49

Adds a new optional nested block to the provider configuration for SSL client certificate files paths.

Example:

provider "postgresql" {
  host = "localhost"

  clientcert {
    cert     = "client-cert.pem"
    key      = "client-key.pem"
  }
  sslrootcert = "server-ca.pem"
}

I tried to match the coding conventions of the project as best as I understand them. I'm happy to adjust the property names if there are preferences from reviewers.

[kevinbirch]

Hi, could I get someone to take a look at this PR please? Perhaps @cyrilgdn?

[cyrilgdn]

Hi @kevinbirch ,

Thanks a lot for your work on this ! I've just tested it and it works fine 👍

I have just one question regarding the rootcert parameter (see my comments).

Also, could you update the website documentation accordingly please?

[cyrilgdn]

I wonder if rootcert must be in this nested block with client cert/key?

If I understood correctly, the CA (rootcert) is used to verify the server certificate (so authenticate the server).
The client cert is used to authenticate the client.

So you can specify only cert/key if you want to authenticate the client or only rootcert if you want to authenticate the server (and all of them if you want to authenticate both).

So wouldn't it be better to keep cert and key in this clientcert block but have sslrootcert outside of it?

[kevinbirch]

Sure, that would be totally fine with me.

[kevinbirch]

Ok, I've made the requested changes, thank you for your feedback!

[cyrilgdn]

Could you remove it please.

[kevinbirch]

done!

[cyrilgdn]

Very nice! Thanks a lot 👍

[cyrilgdn]

I'll let you know here when it's released, you can also watch the repository in "Releases only" mode.

[cyrilgdn]

Hi,

This feature has been released in v1.6.0 last Friday.