diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go index ea95802cb2e9..10badc750e46 100644 --- a/internal/services/storage/storage_account_resource.go +++ b/internal/services/storage/storage_account_resource.go @@ -298,10 +298,12 @@ func resourceStorageAccount() *pluginsdk.Resource { }, "min_tls_version": { - Type: pluginsdk.TypeString, - Optional: true, - Default: string(storageaccounts.MinimumTlsVersionTLSOneTwo), - ValidateFunc: validation.StringInSlice(storageaccounts.PossibleValuesForMinimumTlsVersion(), false), + Type: pluginsdk.TypeString, + Optional: true, + Default: string(storageaccounts.MinimumTlsVersionTLSOneTwo), + ValidateFunc: validation.StringInSlice([]string{ + string(storageaccounts.MinimumTlsVersionTLSOneTwo), + }, false), }, "is_hns_enabled": { @@ -1273,6 +1275,15 @@ func resourceStorageAccount() *pluginsdk.Resource { Deprecated: "this block has been deprecated and superseded by the `azurerm_storage_account_queue_properties` resource and will be removed in v5.0 of the AzureRM provider", } + if !features.FivePointOhBeta() { + resource.Schema["min_tls_version"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + Optional: true, + Default: string(storageaccounts.MinimumTlsVersionTLSOneTwo), + ValidateFunc: validation.StringInSlice(storageaccounts.PossibleValuesForMinimumTlsVersion(), false), + } + } + return resource } diff --git a/internal/services/storage/storage_account_resource_test.go b/internal/services/storage/storage_account_resource_test.go index b05e6ad5de4d..5634d6dbcbd6 100644 --- a/internal/services/storage/storage_account_resource_test.go +++ b/internal/services/storage/storage_account_resource_test.go @@ -241,6 +241,9 @@ func TestAccStorageAccount_enableHttpsTrafficOnly(t *testing.T) { } func TestAccStorageAccount_minTLSVersion(t *testing.T) { + if features.FivePointOhBeta() { + t.Skipf("Skipping as the only possible value for `minimum_tls_version` is `1.2`") + } data := acceptance.BuildTestData(t, "azurerm_storage_account", "test") r := StorageAccountResource{} diff --git a/website/docs/5.0-upgrade-guide.html.markdown b/website/docs/5.0-upgrade-guide.html.markdown index 980c9eb2eb26..341554cf384a 100644 --- a/website/docs/5.0-upgrade-guide.html.markdown +++ b/website/docs/5.0-upgrade-guide.html.markdown @@ -153,6 +153,7 @@ Please follow the format in the example below for listing breaking changes in re * The deprecated `queue_properties` block has been removed and superseded by the `azurerm_storage_account_queue_properties` resource. * The deprecated `static_website` block has been removed and superseded by the `azurerm_storage_account_static_website` resource. +* The property `minimum_tls_version` no longer accepts `TLS1_0` or `TLS1_1` as a value. ### `azurerm_storage_container` diff --git a/website/docs/r/storage_account.html.markdown b/website/docs/r/storage_account.html.markdown index bac851ee8308..b461eeac6f8e 100644 --- a/website/docs/r/storage_account.html.markdown +++ b/website/docs/r/storage_account.html.markdown @@ -104,6 +104,8 @@ The following arguments are supported: * `min_tls_version` - (Optional) The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1`, and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. +~> **NOTE:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. + -> **Note:** At this time `min_tls_version` is only supported in the Public Cloud, China Cloud, and US Government Cloud. * `allow_nested_items_to_be_public` - (Optional) Allow or disallow nested items within this Account to opt into being public. Defaults to `true`.