fix: Default transit_encryption_mode to null if var.transit_encryption_enabled is false

[amontalban]

what

Fixing this problem when var.transit_encryption_enabled is false the transit_encryption_mode value should be null.

why

I was blindsided with my use case of encrypting everything and I should have covered the default use case.

references

• feat: Allow configuring transit_encryption_mode #231 (comment)
• Closes 1.4.0 release causes issues with existing cluster where you don't want to enforce encryption in transit #240
• Closes InvalidParameterCombination: Transit encryption preferred is not supported with redis access control. #239

[z0rc]

These changes were released in v1.4.1.

[nitrocode]

@z0rc couldn't you set this for redis 6.2.6

  transit_encryption_enabled = true
  transit_encryption_mode    = null

or would it be better to default the transit_encryption_mode to null ?

[z0rc]

@nitrocode I'd prefer transit_encryption_mode to be null by default. In provider it's computed field, so default preferred will be applied when possible. If user wants to have it as required, then this is what this parameter is for.

[z0rc]

Also I think module's variable validation isn't needed, as it duplicates validation built in provider.

[nitrocode]

Yes that makes sense to me. Since this pr is already open, could you make these changes and regenerate the readme @amontalban ? Thank you so much for your contributions

[amontalban]

@nitrocode I have just pushed the change and also validated with the following changes to the fixtures and it worked fine.

diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 62676be..78164b8 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -15,9 +15,9 @@ instance_type = "cache.m6g.large"

 cluster_size = 1

-family = "redis7"
+family = "redis6.x"

-engine_version = "7.0"
+engine_version = "6.2"

 at_rest_encryption_enabled = false

[nitrocode]

/terratest