Merge pull request #5074 from aqche/support_function_app_min_tls_version

`azurerm_function_app` - support for `min_tls_version`
hashicorp · Dec 12, 2019 · 054cf78 · 054cf78
2 parents 27c356c + b62ce88
commit 054cf78
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 1 deletion.
diff --git a/azurerm/resource_arm_function_app.go b/azurerm/resource_arm_function_app.go
@@ -225,6 +225,16 @@ func resourceArmFunctionApp() *schema.Resource {
 							Optional: true,
 							Default:  false,
 						},
+						"min_tls_version": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Computed: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								string(web.OneFullStopZero),
+								string(web.OneFullStopOne),
+								string(web.OneFullStopTwo),
+							}, false),
+						},
 						"cors": azure.SchemaWebCorsSettings(),
 					},
 				},
@@ -726,6 +736,10 @@ func expandFunctionAppSiteConfig(d *schema.ResourceData) web.SiteConfig {
 		siteConfig.HTTP20Enabled = utils.Bool(v.(bool))
 	}
 
+	if v, ok := config["min_tls_version"]; ok {
+		siteConfig.MinTLSVersion = web.SupportedTLSVersions(v.(string))
+	}
+
 	return siteConfig
 }
 
@@ -762,6 +776,8 @@ func flattenFunctionAppSiteConfig(input *web.SiteConfig) []interface{} {
 		result["http2_enabled"] = *input.HTTP20Enabled
 	}
 
+	result["min_tls_version"] = string(input.MinTLSVersion)
+
 	result["cors"] = azure.FlattenWebCorsSettings(input.Cors)
 
 	results = append(results, result)

diff --git a/azurerm/resource_arm_function_app_test.go b/azurerm/resource_arm_function_app_test.go
@@ -721,6 +721,33 @@ func TestAccAzureRMFunctionApp_enableHttp2(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMFunctionApp_minTlsVersion(t *testing.T) {
+	resourceName := "azurerm_function_app.test"
+	ri := tf.AccRandTimeInt()
+	rs := strings.ToLower(acctest.RandString(11))
+	config := testAccAzureRMFunctionApp_minTlsVersion(ri, rs, testLocation())
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMFunctionAppDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMFunctionAppExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "site_config.0.min_tls_version", "1.2"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testCheckAzureRMFunctionAppDestroy(s *terraform.State) error {
 	client := testAccProvider.Meta().(*ArmClient).Web.AppServicesClient
 
@@ -1741,3 +1768,43 @@ resource "azurerm_function_app" "test" {
 }
 `, rInt, location, rString, rInt, rInt)
 }
+
+func testAccAzureRMFunctionApp_minTlsVersion(rInt int, rString string, location string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_storage_account" "test" {
+  name                     = "acctestsa%s"
+  resource_group_name      = "${azurerm_resource_group.test.name}"
+  location                 = "${azurerm_resource_group.test.location}"
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+resource "azurerm_app_service_plan" "test" {
+  name                = "acctestASP-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+
+  sku {
+    tier = "Standard"
+    size = "S1"
+  }
+}
+
+resource "azurerm_function_app" "test" {
+  name                      = "acctest-%d-func"
+  location                  = "${azurerm_resource_group.test.location}"
+  resource_group_name       = "${azurerm_resource_group.test.name}"
+  app_service_plan_id       = "${azurerm_app_service_plan.test.id}"
+  storage_connection_string = "${azurerm_storage_account.test.primary_connection_string}"
+
+  site_config {
+    min_tls_version = "1.2"
+  }
+}
+`, rInt, location, rString, rInt, rInt)
+}
diff --git a/website/docs/r/function_app.html.markdown b/website/docs/r/function_app.html.markdown
@@ -149,6 +149,8 @@ The following arguments are supported:
 
 * `http2_enabled` - (Optional) Specifies whether or not the http2 protocol should be enabled. Defaults to `false`.
 
+* `min_tls_version` - (Optional) The minimum supported TLS version for the function app. Possible values are `1.0`, `1.1`, and `1.2`. Defaults to `1.2` for new function apps.
+
 * `cors` - (Optional) A `cors` block as defined below.
 
 ---
@@ -179,7 +181,7 @@ An `auth_settings` block supports the following:
 
 * `default_provider` - (Optional) The default provider to use when multiple providers have been set up. Possible values are `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount` and `Twitter`.
 
-~> **NOTE:** When using multiple providers, the default provider must be set for settings like `unauthenticated_client_action` to work. 
+~> **NOTE:** When using multiple providers, the default provider must be set for settings like `unauthenticated_client_action` to work.
 
 * `facebook` - (Optional) A `facebook` block as defined below.