fastly
feat(backend): enable SSL by default for backend create
Change summary
Make --use-ssl default to true when creating backends to provide better security defaults.
Add a --no-use-ssl flag.
Update documentation and tests.
All Submissions:
- [X] Have you followed the guidelines in our Contributing document?
- [X] Have you checked to ensure there aren't other open Pull Requests for the same update/change?
New Feature Submissions:
- [X] Does your submission pass tests?
Changes to Core Features:
- [X] Have you written new tests for your core changes, as applicable?
- [X] Have you successfully run tests with your changes locally?
User Impact
- [X] What is the user impact of this change?
Are there any considerations that need to be addressed for release?
Well, it is a breaking change.
Unfortunately we can't make a change like this without labeling it as a breaking change, because it could break a customer's existing workflows which are not prepared for the new backend to have TLS enabled. While it would certainly be better, it's not a transparent change.
In addition we've had multiple internal discussions about the lack of consistency in this area, as the behavior is different when using the API directly, using the Control Panel, using the CLI, using the Terraform provider, etc. There will need to be a decision made about what the proper defaults should be across all of our interfaces before we can changes the defaults in any of them. That's not a topic to be discussed and decided here, though :-)
Ahh, I see you did label this is a breaking change, so thank you for that. The rest of my comment still applies though - before we can deliver a change like this we'll need to be prepared with customer communications describing why it was necessary, and that will require coordination across the other customer-visible interfaces too.
I considered renaming "ssl" to "tls" outside of scope for the pull request, but I'd like that too.