Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_mariadb_server: Add support for ssl_minimal_tls_version_enforced #20556

Closed
wants to merge 3 commits into from
Closed

azurerm_mariadb_server: Add support for ssl_minimal_tls_version_enforced #20556

wants to merge 3 commits into from

Conversation

favoretti
Copy link
Collaborator

@favoretti favoretti commented Feb 19, 2023
edited
Loading 

$ TF_ACC=1 go test -v ./internal/services/mariadb -timeout=1000m -run='TestAccMariaDbServer_basicTenTwo'

=== RUN   TestAccMariaDbServer_basicTenTwo
=== PAUSE TestAccMariaDbServer_basicTenTwo
=== CONT  TestAccMariaDbServer_basicTenTwo
--- PASS: TestAccMariaDbServer_basicTenTwo (296.33s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/mariadb	297.574s

Fixes #7899

@favoretti
azurerm_mariadb_server: Add support for `ssl_minimal_tls_version_en…
d976b21 
…forced`

```
$ TF_ACC=1 go test -v ./internal/services/mariadb -timeout=1000m -run='TestAccMariaDbServer_basicTenTwo'

=== RUN   TestAccMariaDbServer_basicTenTwo
=== PAUSE TestAccMariaDbServer_basicTenTwo
=== CONT  TestAccMariaDbServer_basicTenTwo
--- PASS: TestAccMariaDbServer_basicTenTwo (296.33s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/mariadb	297.574s
```

Fixes hashicorp#7899
@github-actions github-actions bot added size/XL and removed size/L labels Feb 19, 2023
@favoretti
Copy link
Collaborator Author

image

@favoretti favoretti changed the title azurerm_mariadb_server: Add support for `ssl_minimal_tls_version_en… azurerm_mariadb_server: Add support for ssl_minimal_tls_version_enforced Feb 20, 2023
stephybun
stephybun requested changes Feb 21, 2023
View reviewed changes
Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this @favoretti, one minor typo in the docs and also a concern regarding the default value for the property. Once those are resolved this should be good to go though!

website/docs/r/mariadb_server.html.markdown
@@ -76,6 +77,8 @@ The following arguments are supported:

* `ssl_enforcement_enabled` - (Required) Specifies if SSL should be enforced on connections. Possible values are `true` and `false`.

* `ssl_minimal_tls_version_enforced` - (Optional) The minimum TLS version to support on the sever. Possible values are `TLSEnforcementDisabled`, `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `ssl_minimal_tls_version_enforced` - (Optional) The minimum TLS version to support on the sever. Possible values are `TLSEnforcementDisabled`, `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2`.
* `ssl_minimal_tls_version_enforced` - (Optional) The minimum TLS version to support on the server. Possible values are `TLSEnforcementDisabled`, `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2`.

internal/services/mariadb/mariadb_server_resource.go
Comment on lines +153 to +158
"ssl_minimal_tls_version_enforced": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(servers.MinimalTlsVersionEnumTLSOneTwo),
ValidateFunc: validation.StringInSlice(servers.PossibleValuesForMinimalTlsVersionEnum(), false),
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whilst I agree from a security perspective that this should be defaulted to TLS1_2, it looks like the API is defaulting this to TLSEnforcementDisabled. Perhaps this should be Computed for now and default to TLS1_2 in 4.x?

@stephybun
Copy link
Member

@favoretti any updates?

@favoretti
Copy link
Collaborator Author

favoretti commented Apr 9, 2023 via email

@favoretti
Copy link
Collaborator Author

Ah, it seems #20782 got merged ahead of slowpokle me :) Closing this one then.

@favoretti favoretti closed this Apr 11, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stephybun stephybun stephybun requested changes

Assignees
No one assigned
Labels
documentation service/data-factory service/data-share service/maria-db size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for TLS version in azurerm_mariadb_server
2 participants
@favoretti @stephybun