Support for TLS version in azurerm_mariadb_server

[alex-3sr]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hi team,

it could be nice, if we can manage TLS version for Azure MariaDB servers, like it's already the case for MySQL and PostGreSQL.

New or Affected Resource(s)

• azurerm_mariadb_server

Potential Terraform Configuration

My suggest is just to add ssl_minimal_tls_version_enforced like others database servers ressources

resource "azurerm_mariadb_server" "example" {
  name                = "example-mariadb-server"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  administrator_login          = "mariadbadmin"
  administrator_login_password = "H@Sh1CoR3!"

  sku_name   = "B_Gen5_2"
  storage_mb = 5120
  version    = "10.2"

  auto_grow_enabled             = true
  backup_retention_days         = 7
  geo_redundant_backup_enabled  = false
  public_network_access_enabled = false
  ssl_enforcement_enabled       = true
  ssl_minimal_tls_version_enforced  = "TLS1_2"
}

References

I've no idea exactly limitations for TF against ARM ressources, around SDK Go I think, but at least in ARM template I can see that the option seem not yet exist
https://docs.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers

Than you and have a nice day
regards
Alex

[yupwei68]

Hi @alex-3sr , thanks for opening this issue. You're right, the service api has not supported this field yet. Would you mind opening an issue in https://github.com/Azure/azure-rest-api-specs/issues to suggest the service team?

[alex-3sr]

Hi @yupwei68 ,

Yes sure, no problem ;) I create this issue -> Azure/azure-rest-api-specs#10259

Thanks and have a nice day
Regards
Alexandre

[lutzwillek-tomtom]

Hello. I think this ticket is unblocked now, as https://docs.microsoft.com/en-us/rest/api/mariadb/servers/create#minimaltlsversionenum is available.

MinimalTlsVersionEnum - Enforce a minimal TLS version for the server.


Name                   | Type 
TLS1_0                 | string 
TLS1_1                 | string
TLS1_2                 | string 
TLSEnforcementDisabled | string

[miiitch]

Hello, any ETA ?

[favoretti]

Just checked the latest SDK, latest API version available is 2020-01-01, and that enum is not yet supported there.
@tombuildsstuff apparently portal suggests 2018-06-01-preview for use, could we generate an SDK for it from the swagger?

[torblerone]

Is anything happening here? It's quite a pain to provision stuff and modify it in the portal afterwards.

[philipp-hb]

ping?

[favoretti]

Pong. I'm a tad blocked on some teammates helping me generate a different version of SDK... Otherwise I was planning to tackle this one as soon as that happens.

// cc @tombuildsstuff would you please? :) I pinged you the swagger URL in one of our slack conversations lately. Thanks!

[torbendury]

Hello again, is there a nice new-year present for us? 🙂

[favoretti]

Just checked, official SDK is still in the same state. I'll ask @tombuildsstuff again to generate that internal SDK for a spin, but this would be 3rd in line, unless someone else beats me to it.

[torbendury]

@tombuildsstuff we need you here!

[plonkernickel]

Why is nothing happening here? 😢

[torbendury]

@favoretti just a casual ping, is there any chance? 😄

[favoretti]

@tombuildsstuff Would you mind dropping Pandora version of https://github.com/Azure/azure-rest-api-specs/blob/master/specification/mariadb/resource-manager/Microsoft.DBforMariaDB/preview/2018-06-01-preview/mariadb.json into a branch for me please?

[philipp-hb]

@favoretti @tombuildsstuff it's been nearly a year since the last comment. Any updates?

[favoretti]

Ahh, yeah, now I can do this myself indeed. I'll work on this one later today.

[torbendury]

Sounds great! Looking forward to it :)

[favoretti]

SDK has been generated, I'll do my best to get you folks support for this over the weekend.

[favoretti]

I swear, I either must have been blind or something, but magically 2018-06-01 stable started supporting this property.. Oh well. Coming soon to a release near you...

[philipp-hb]

@favoretti How soon is "soon" ? ;-)

[favoretti]

@philipp-hb oh, I'm so sorry, I completely forgot about it. I'll try to have a look this week, I thought I had a branch somewhere, which probably would need a ton of rebase by now.

[favoretti]

@philipp-hb Umm, "soon" was on March 7th of this year... #20782

I forgot to update this issue, but this has been released ages ago :)

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.