diff --git a/internal/services/mariadb/mariadb_server_resource.go b/internal/services/mariadb/mariadb_server_resource.go index 7f8c095a744a..5ab01edce589 100644 --- a/internal/services/mariadb/mariadb_server_resource.go +++ b/internal/services/mariadb/mariadb_server_resource.go @@ -159,7 +159,12 @@ func resourceMariaDbServer() *pluginsdk.Resource { validation.IntDivisibleBy(1024), ), }, - + "ssl_minimal_tls_version_enforced": { + Type: pluginsdk.TypeString, + Optional: true, + Default: string(servers.MinimalTlsVersionEnumTLSOneTwo), + ValidateFunc: validation.StringInSlice(servers.PossibleValuesForMinimalTlsVersionEnum(), false), + }, "tags": commonschema.Tags(), "version": { @@ -215,6 +220,11 @@ func resourceMariaDbServerCreate(d *pluginsdk.ResourceData, meta interface{}) er ssl = servers.SslEnforcementEnumDisabled } + tlsMin := servers.MinimalTlsVersionEnum(d.Get("ssl_minimal_tls_version_enforced").(string)) + if ssl == servers.SslEnforcementEnumDisabled && tlsMin != servers.MinimalTlsVersionEnumTLSEnforcementDisabled { + return fmt.Errorf("`ssl_minimal_tls_version_enforced` must be set to `TLSEnforcementDisabled` if `ssl_enforcement_enabled` is set to `false`") + } + storage := expandMariaDbStorageProfile(d) var props servers.ServerPropertiesForCreate @@ -238,6 +248,7 @@ func resourceMariaDbServerCreate(d *pluginsdk.ResourceData, meta interface{}) er AdministratorLogin: admin, AdministratorLoginPassword: pass, PublicNetworkAccess: &publicAccess, + MinimalTlsVersion: &tlsMin, SslEnforcement: &ssl, StorageProfile: storage, Version: &version, @@ -316,12 +327,19 @@ func resourceMariaDbServerUpdate(d *pluginsdk.ResourceData, meta interface{}) er ssl = servers.SslEnforcementEnumDisabled } + tlsMin := servers.MinimalTlsVersionEnum(d.Get("ssl_minimal_tls_version_enforced").(string)) + + if ssl == servers.SslEnforcementEnumDisabled && tlsMin != servers.MinimalTlsVersionEnumTLSEnforcementDisabled { + return fmt.Errorf("`ssl_minimal_tls_version_enforced` must be set to `TLSEnforcementDisabled` if `ssl_enforcement_enabled` is set to `false`") + } + storageProfile := expandMariaDbStorageProfile(d) serverVersion := servers.ServerVersion(d.Get("version").(string)) properties := servers.ServerUpdateParameters{ Properties: &servers.ServerUpdateParametersProperties{ AdministratorLoginPassword: utils.String(d.Get("administrator_login_password").(string)), PublicNetworkAccess: &publicAccess, + MinimalTlsVersion: &tlsMin, SslEnforcement: &ssl, StorageProfile: storageProfile, Version: &serverVersion, @@ -370,6 +388,7 @@ func resourceMariaDbServerRead(d *pluginsdk.ResourceData, meta interface{}) erro if props := model.Properties; props != nil { d.Set("administrator_login", props.AdministratorLogin) + d.Set("ssl_minimal_tls_version_enforced", props.MinimalTlsVersion) publicNetworkAccess := false if props.PublicNetworkAccess != nil { diff --git a/internal/services/mariadb/mariadb_server_resource_test.go b/internal/services/mariadb/mariadb_server_resource_test.go index ed9461460ef1..3ee47b458b11 100644 --- a/internal/services/mariadb/mariadb_server_resource_test.go +++ b/internal/services/mariadb/mariadb_server_resource_test.go @@ -290,13 +290,14 @@ resource "azurerm_mariadb_server" "test" { sku_name = "B_Gen5_2" version = "%s" - administrator_login = "acctestun" - administrator_login_password = "H@Sh1CoR3!" - auto_grow_enabled = true - backup_retention_days = 7 - geo_redundant_backup_enabled = false - ssl_enforcement_enabled = true - storage_mb = 51200 + administrator_login = "acctestun" + administrator_login_password = "H@Sh1CoR3!" + auto_grow_enabled = true + backup_retention_days = 7 + geo_redundant_backup_enabled = false + ssl_enforcement_enabled = true + ssl_minimal_tls_version_enforced = "TLS1_2" + storage_mb = 51200 } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, version) } diff --git a/website/docs/r/mariadb_server.html.markdown b/website/docs/r/mariadb_server.html.markdown index 91a2db5128eb..aa1ff661d174 100644 --- a/website/docs/r/mariadb_server.html.markdown +++ b/website/docs/r/mariadb_server.html.markdown @@ -34,11 +34,12 @@ resource "azurerm_mariadb_server" "example" { storage_mb = 5120 version = "10.2" - auto_grow_enabled = true - backup_retention_days = 7 - geo_redundant_backup_enabled = false - public_network_access_enabled = false - ssl_enforcement_enabled = true + auto_grow_enabled = true + backup_retention_days = 7 + geo_redundant_backup_enabled = false + public_network_access_enabled = false + ssl_enforcement_enabled = true + ssl_minimal_tls_version_enforced = "TLS1_2" } ``` @@ -76,6 +77,10 @@ The following arguments are supported: * `ssl_enforcement_enabled` - (Required) Specifies if SSL should be enforced on connections. Possible values are `true` and `false`. +-> **NOTE:** `ssl_minimal_tls_version_enforced` must be set to `TLSEnforcementDisabled` when `ssl_enforcement_enabled` is set to `false`. + +* `ssl_minimal_tls_version_enforced` - (Optional) The minimum TLS version to support on the sever. Possible values are `TLSEnforcementDisabled`, `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2`. + * `storage_mb` - (Optional) Max storage allowed for a server. Possible values are between `5120` MB (5GB) and `1024000`MB (1TB) for the Basic SKU and between `5120` MB (5GB) and `4096000` MB (4TB) for General Purpose/Memory Optimized SKUs. For more information see the [product documentation](https://docs.microsoft.com/rest/api/mariadb/servers/create#storageprofile). * `tags` - (Optional) A mapping of tags to assign to the resource.