From 4cf106a956345e405ee625f99dab41d49459027b Mon Sep 17 00:00:00 2001
From: vijay-veeranki-moj <vijay.veeranki@digital.justice.gov.uk>
Date: Tue, 3 Sep 2019 16:33:10 +0100
Subject: [PATCH 1/3] Set force_ssl default to true.

Added apply_method var as force ssl can't set immediate for some engines
---
 main.tf      | 5 +++--
 variables.tf | 7 ++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index 99d6be3..214d09c 100644
--- a/main.tf
+++ b/main.tf
@@ -125,7 +125,8 @@ resource "aws_db_parameter_group" "custom_parameters" {
   family = "${var.rds_family}"
 
   parameter {
-    name  = "rds.force_ssl"
-    value = "${var.force_ssl ? 1 : 0}"
+    name         = "rds.force_ssl"
+    value        = "${var.force_ssl ? 1 : 0}"
+    apply_method = "${var.apply_method}"
   }
 }
diff --git a/variables.tf b/variables.tf
index 16d6a90..b540b63 100644
--- a/variables.tf
+++ b/variables.tf
@@ -72,10 +72,15 @@ variable "allow_major_version_upgrade" {
 
 variable "force_ssl" {
   description = "Enforce SSL connections, set to true to enable"
-  default     = "false"
+  default     = "true"
 }
 
 variable "rds_family" {
   description = "Maps the postgres version with the rds family, a family often covers several versions"
   default     = "postgres10"
 }
+
+variable "apply_method" {
+  description = "Indicates when to apply parameter updates, some engines can't apply some parameters without a reboot, so set to pending-reboot"
+  default     = "immediate"
+}

From 08a6376bcd07a7e6dae1886df29ddc8e3e4ea47b Mon Sep 17 00:00:00 2001
From: vijay-veeranki-moj <vijay.veeranki@digital.justice.gov.uk>
Date: Tue, 3 Sep 2019 16:33:55 +0100
Subject: [PATCH 2/3] Updated Readme with force_ssl and apply_method info

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3beabf8..c47515e 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,8 @@ The outputs of this module should allow a user to connect to the database instan
 
 When upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`, as default is set to false.
 
+Some engines can't apply some parameters without a reboot(ex postgres9.x cant apply force_ssl immediate), and you will need to specify "pending-reboot" here.
+
 **IMPORTANT NOTE: From version 4.0, this module does not support Live-0 deployment. Be sure to use the previous one (3.1) is you need to deploy to Live-0.**
 
 ## Usage
@@ -60,10 +62,11 @@ For more details, be sure to read [this example](example/rds.tf)
 | db_backup_retention_period | The days to retain backups. Must be 1 or greater to be a source for a Read Replica | string | `7` | yes
 | db_iops | The amount of provisioned IOPS. Setting this implies a storage_type of io1 | string | `0` | ** Required if 'db_storage_type' is set to io1 ** |
 | db_name | The name of the database to be created on the instance (if empty, it will be the generated random identifier) | string |  | no |
-| force_ssl | Enforce SSL connections | boolean | `false` | no |
+| force_ssl | Enforce SSL connections | boolean | `true` | no |
 | snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console. | string | | no |
 | providers | provider (and region) creating the resources |  arrays of string | default provider | no |
 | rds_family | rds configuration version | string | `postgres10` | no  |
+| apply_method | Indicates when to apply parameter updates | string | `immediate` | no  |
 
 
 ### Tags

From 136978f1a7ac944ec2540050c077ef17933a9342 Mon Sep 17 00:00:00 2001
From: vijay-veeranki-moj <vijay.veeranki@digital.justice.gov.uk>
Date: Tue, 3 Sep 2019 16:45:51 +0100
Subject: [PATCH 3/3] Updated the example with force_ssl changes

---
 example/rds.tf | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/example/rds.tf b/example/rds.tf
index f8713c3..22c4de1 100644
--- a/example/rds.tf
+++ b/example/rds.tf
@@ -15,7 +15,7 @@ variable "cluster_state_bucket" {}
  *
  */
 module "example_team_rds" {
-  source                 = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=4.5"
+  source                 = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=4.6"
   cluster_name           = "${var.cluster_name}"
   cluster_state_bucket   = "${var.cluster_state_bucket}"
   team_name              = "example-repo"
@@ -23,15 +23,18 @@ module "example_team_rds" {
   application            = "exampleapp"
   is-production          = "false"
   # change the postgres version as you see fit.
-  db_engine_version      = "10"                                                                        
+  db_engine_version      = "10"
   environment-name       = "development"
   infrastructure-support = "example-team@digtal.justice.gov.uk"
-  force_ssl              = "true"
 
   # rds_family should be one of: postgres9.4, postgres9.5, postgres9.6, postgres10, postgres11
   # Pick the one that defines the postgres version the best
   rds_family = "postgres10"
 
+  # Some engines can't apply some parameters without a reboot(ex postgres9.x cant apply force_ssl immediate). 
+  # You will need to specify "pending-reboot" here, as default is set to "immediate".
+  apply_method = "pending-reboot"
+
   # use "allow_major_version_upgrade" when upgrading the major version of an engine
   allow_major_version_upgrade = "true"