Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_linux_function_app_slot, azurerm_windows_function_app_slot - site_config.minimum_tls_version and site_config.scm_minimum_tls_version accept 1.3 as a value #28016

Merged
merged 2 commits into from
Dec 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 34 additions & 51 deletions internal/services/appservice/helpers/function_app_slot_schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
apimValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/apimanagement/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
"github.com/jackofallops/kermit/sdk/web/2022-09-01/web"
)

type SiteConfigWindowsFunctionAppSlot struct {
Expand Down Expand Up @@ -192,10 +191,10 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema {
"managed_pipeline_mode": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.ManagedPipelineModeIntegrated),
Default: string(webapps.ManagedPipelineModeIntegrated),
ValidateFunc: validation.StringInSlice([]string{
string(web.ManagedPipelineModeClassic),
string(web.ManagedPipelineModeIntegrated),
string(webapps.ManagedPipelineModeClassic),
string(webapps.ManagedPipelineModeIntegrated),
}, false),
Description: "The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`.",
},
Expand Down Expand Up @@ -255,11 +254,11 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema {
"ftps_state": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.FtpsStateDisabled),
Default: string(webapps.FtpsStateDisabled),
ValidateFunc: validation.StringInSlice([]string{
string(web.FtpsStateAllAllowed),
string(web.FtpsStateDisabled),
string(web.FtpsStateFtpsOnly),
string(webapps.FtpsStateAllAllowed),
string(webapps.FtpsStateDisabled),
string(webapps.FtpsStateFtpsOnly),
}, false),
Description: "State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`.",
},
Expand Down Expand Up @@ -287,27 +286,19 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema {
},

"minimum_tls_version": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.SupportedTLSVersionsOneFullStopTwo),
ValidateFunc: validation.StringInSlice([]string{
string(web.SupportedTLSVersionsOneFullStopZero),
string(web.SupportedTLSVersionsOneFullStopOne),
string(web.SupportedTLSVersionsOneFullStopTwo),
}, false),
Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.",
Type: pluginsdk.TypeString,
Optional: true,
Default: string(webapps.SupportedTlsVersionsOnePointTwo),
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false),
Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"scm_minimum_tls_version": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.SupportedTLSVersionsOneFullStopTwo),
ValidateFunc: validation.StringInSlice([]string{
string(web.SupportedTLSVersionsOneFullStopZero),
string(web.SupportedTLSVersionsOneFullStopOne),
string(web.SupportedTLSVersionsOneFullStopTwo),
}, false),
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.",
Type: pluginsdk.TypeString,
Optional: true,
Default: string(webapps.SupportedTlsVersionsOnePointTwo),
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false),
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"cors": CorsSettingsSchema(),
Expand Down Expand Up @@ -526,10 +517,10 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema {
"managed_pipeline_mode": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.ManagedPipelineModeIntegrated),
Default: string(webapps.ManagedPipelineModeIntegrated),
ValidateFunc: validation.StringInSlice([]string{
string(web.ManagedPipelineModeClassic),
string(web.ManagedPipelineModeIntegrated),
string(webapps.ManagedPipelineModeClassic),
string(webapps.ManagedPipelineModeIntegrated),
}, false),
Description: "The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`.",
},
Expand Down Expand Up @@ -589,11 +580,11 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema {
"ftps_state": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.FtpsStateDisabled),
Default: string(webapps.FtpsStateDisabled),
ValidateFunc: validation.StringInSlice([]string{
string(web.FtpsStateAllAllowed),
string(web.FtpsStateDisabled),
string(web.FtpsStateFtpsOnly),
string(webapps.FtpsStateAllAllowed),
string(webapps.FtpsStateDisabled),
string(webapps.FtpsStateFtpsOnly),
}, false),
Description: "State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`.",
},
Expand Down Expand Up @@ -621,27 +612,19 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema {
},

"minimum_tls_version": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.SupportedTLSVersionsOneFullStopTwo),
ValidateFunc: validation.StringInSlice([]string{
string(web.SupportedTLSVersionsOneFullStopZero),
string(web.SupportedTLSVersionsOneFullStopOne),
string(web.SupportedTLSVersionsOneFullStopTwo),
}, false),
Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.",
Type: pluginsdk.TypeString,
Optional: true,
Default: string(webapps.SupportedTlsVersionsOnePointTwo),
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false),
Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"scm_minimum_tls_version": {
Type: pluginsdk.TypeString,
Optional: true,
Default: string(web.SupportedTLSVersionsOneFullStopTwo),
ValidateFunc: validation.StringInSlice([]string{
string(web.SupportedTLSVersionsOneFullStopZero),
string(web.SupportedTLSVersionsOneFullStopOne),
string(web.SupportedTLSVersionsOneFullStopTwo),
}, false),
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.",
Type: pluginsdk.TypeString,
Optional: true,
Default: string(webapps.SupportedTlsVersionsOnePointTwo),
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false),
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"cors": CorsSettingsSchema(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1496,6 +1496,22 @@ func TestAccLinuxFunctionAppSlot_publicNetworkAccessUpdate(t *testing.T) {
})
}

func TestAccLinuxFunctionAppSlot_basicWithTlsOnePointThree(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test")
r := LinuxFunctionAppSlotResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.withTlsVersion(data, SkuConsumptionPlan, "1.3"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"),
),
},
data.ImportStep("site_credential.0.password"),
})
}

// Configs

func (r LinuxFunctionAppSlotResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
Expand Down Expand Up @@ -4262,3 +4278,24 @@ data "azurerm_storage_account_sas" "test" {
}
`, r.template(data, planSKU), data.RandomInteger)
}

func (r LinuxFunctionAppSlotResource) withTlsVersion(data acceptance.TestData, planSku string, tlsVersion string) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}

%s

resource "azurerm_linux_function_app_slot" "test" {
name = "acctest-LFAS-%d"
function_app_id = azurerm_linux_function_app.test.id
storage_account_name = azurerm_storage_account.test.name
storage_account_access_key = azurerm_storage_account.test.primary_access_key

site_config {
minimum_tls_version = "%s"
}
}
`, r.template(data, planSku), data.RandomInteger, tlsVersion)
}
Original file line number Diff line number Diff line change
Expand Up @@ -1295,6 +1295,22 @@ func TestAccWindowsFunctionAppSlot_publicNetworkAccessUpdate(t *testing.T) {
})
}

func TestAccWindowsFunctionAppSlot_basicWithTlsOnePointThree(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test")
r := WindowsFunctionAppSlotResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.withTlsVersion(data, SkuConsumptionPlan, "1.3"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("kind").HasValue("functionapp"),
),
},
data.ImportStep("site_credential.0.password"),
})
}

// Exists

func (r WindowsFunctionAppSlotResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
Expand Down Expand Up @@ -3383,3 +3399,24 @@ data "azurerm_storage_account_sas" "test" {
}
`, r.template(data, planSKU), data.RandomInteger)
}

func (r WindowsFunctionAppSlotResource) withTlsVersion(data acceptance.TestData, planSku string, tlsVersion string) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}

%s

resource "azurerm_windows_function_app_slot" "test" {
name = "acctest-WFAS-%d"
function_app_id = azurerm_windows_function_app.test.id
storage_account_name = azurerm_storage_account.test.name
storage_account_access_key = azurerm_storage_account.test.primary_access_key

site_config {
minimum_tls_version = "%s"
}
}
`, r.template(data, planSku), data.RandomInteger, tlsVersion)
}
4 changes: 2 additions & 2 deletions website/docs/r/linux_function_app_slot.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,7 @@ A `site_config` block supports the following:

* `managed_pipeline_mode` - (Optional) The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`.

* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.
* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.

* `pre_warmed_instance_count` - (Optional) The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan.

Expand All @@ -509,7 +509,7 @@ A `site_config` block supports the following:

* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`.

* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.
* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.

* `scm_type` - The SCM Type in use by the Linux Function App.

Expand Down
4 changes: 2 additions & 2 deletions website/docs/r/windows_function_app_slot.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -486,7 +486,7 @@ A `site_config` block supports the following:

* `managed_pipeline_mode` - (Optional) The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`.

* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.
* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.

* `pre_warmed_instance_count` - (Optional) The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan.

Expand All @@ -502,7 +502,7 @@ A `site_config` block supports the following:

* `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`.

* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.
* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.

* `scm_type` - The SCM Type in use by the Windows Function App.

Expand Down
Loading