Feature Request: Full sslPolicy support for azurerm_application_gateway

[cdhunt]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It looks like a single property (disabledSslProtocols) of the sslPolicy configuration object was added to the resource. We would like access to the full object.

New or Affected Resource(s)

• azurerm_application_gateway

Potential Terraform Configuration

  ssl_policy {
    disabled_ssl_protocols = list
    policy_type = string
    policy_name = string
    cipher_suites = list
    min_protocol_version = list
  }

References

• https://docs.microsoft.com/en-us/azure/templates/microsoft.network/applicationgateways#applicationgatewaysslpolicy-object

[stack72]

@katbyte / @tombuildsstuff is this a duplicate of this? #619

[tombuildsstuff]

Duplicate of #619 - thanks for pointing that out @stack72 :)

[cdhunt]

There's no mention of sslPolicy in #619. Will that be included in that work?

[tombuildsstuff]

Reopening this to split this out from #1576

[cdhunt]

Are there still blockers for this or is it now technically possible?

[tombuildsstuff]

@cdhunt I believe it should be possible for someone to implement this once #2054 is merged - it requires a little thought around deprecating the existing disabled_ssl_protocols block (as we'll want to move it into the new ssl_policy block) probably as a part of 2.0

[cdhunt]

Yeah, dealing with the existing disabled_ssl_protocols block without a breaking change was my concern. Thanks.

[bs-matil]

I will soon file a PR regards this topic. I feel our Implementation which was done a while ago before this discussion may not fully fit. But I will adopt it in any way needed to get it upstream. See ya later :).

[jstewart612]

@bs-matil has this work begun yet? I am curious because, if there is partial work complete, I was going to expand from that and submit a PR. If not, I am considering taking a crack at this myself from scratch: my organization has a large number of AAGs and it's a real PITA not having this.

[bs-matil]

@jstewart612 I am about to publish the work today

[bs-matil]

@tombuildsstuff I submitted a PR under #3360
I expect changes are needed I'll wait for input :)

[ghost]

This has been released in version 1.29.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
	version = "~> 1.29.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!