Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_windows_web_app, azurerm_windows_function_app, azurerm_linux_function_app, azurerm_linux_web_app - support for minimum_tls_cipher_suite property #26584

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

azurerm_windows_web_app, azurerm_windows_function_app, azurerm_linux_function_app, azurerm_linux_web_app - support for minimum_tls_cipher_suite property #26584

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
b35369e
add minimum tls cipher suite feature to windows[linux] web[function] app
xiaxyi Jul 10, 2024
341242b
update test case for windows web app
xiaxyi Jul 10, 2024
45b19df
update test case by passing string value
xiaxyi Jul 10, 2024
72d5481
update test cases
xiaxyi Jul 10, 2024
f7c57dc
update test cases for windows web app
xiaxyi Jul 10, 2024
0b62054
Merge remote-tracking branch 'upstream/main' into app/props/minTlsCip…
xiaxyi Jul 10, 2024
d514e08
update test cases for windows web app
xiaxyi Jul 11, 2024
2eee002
Merge remote-tracking branch 'upstream/main' into app/props/minTlsCip…
xiaxyi Aug 7, 2024
e9ac38a
add the cipher suite for function app slot
xiaxyi Aug 7, 2024
c9f1556
Merge remote-tracking branch 'upstream/main' into app/props/minTlsCip…
xiaxyi Aug 8, 2024
9c3f3c5
add cipher suite to web app slot
xiaxyi Aug 8, 2024
5d7ef18
rebase upstream
xiaxyi Aug 26, 2024
9f2180d
update code after rebase
xiaxyi Aug 26, 2024
2248a3e
merging upstream
xiaxyi Jan 20, 2025
d539f24
Merge remote-tracking branch 'origin/app/props/minTlsCipherSuite' int…
xiaxyi Jan 20, 2025
9009f9c
fmt
xiaxyi Jan 20, 2025
61c82ad
fmt
xiaxyi Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions internal/services/appservice/helpers/function_app_schema.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ type SiteConfigLinuxFunctionApp struct {
ApplicationStack []ApplicationStackLinuxFunctionApp `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
MinTlsCipherSuite string `tfschema:"minimum_tls_cipher_suite"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
LinuxFxVersion string `tfschema:"linux_fx_version"`
Expand Down Expand Up @@ -313,6 +314,13 @@ func SiteConfigSchemaLinuxFunctionApp() *pluginsdk.Schema {
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForTlsCipherSuites(), false),
Description: "Configures the minimum TLS cipher suite for the incoming requests to the Site.",
},

"cors": CorsSettingsSchema(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -507,6 +515,11 @@ func SiteConfigSchemaLinuxFunctionAppComputed() *pluginsdk.Schema {
Computed: true,
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Computed: true,
},

"cors": CorsSettingsSchemaComputed(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -561,6 +574,7 @@ type SiteConfigWindowsFunctionApp struct {
ApplicationStack []ApplicationStackWindowsFunctionApp `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
MinTlsCipherSuite string `tfschema:"minimum_tls_cipher_suite"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
WindowsFxVersion string `tfschema:"windows_fx_version"`
Expand Down Expand Up @@ -800,6 +814,13 @@ func SiteConfigSchemaWindowsFunctionApp() *pluginsdk.Schema {
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForTlsCipherSuites(), false),
Description: "Configures the minimum TLS cipher suite for the incoming requests to the Site.",
},

"cors": CorsSettingsSchema(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -983,6 +1004,11 @@ func SiteConfigSchemaWindowsFunctionAppComputed() *pluginsdk.Schema {
Computed: true,
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Computed: true,
},

"cors": CorsSettingsSchemaComputed(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -1737,6 +1763,10 @@ func ExpandSiteConfigLinuxFunctionApp(siteConfig []SiteConfigLinuxFunctionApp, e
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(linuxSiteConfig.ScmMinTlsVersion))
}

if metadata.ResourceData.HasChange("site_config.0.minimum_tls_cipher_suite") {
expanded.MinTlsCipherSuite = pointer.To(webapps.TlsCipherSuites(linuxSiteConfig.MinTlsCipherSuite))
}

if metadata.ResourceData.HasChange("site_config.0.cors") {
cors := ExpandCorsSettings(linuxSiteConfig.Cors)
expanded.Cors = cors
Expand Down Expand Up @@ -1977,6 +2007,10 @@ func ExpandSiteConfigWindowsFunctionApp(siteConfig []SiteConfigWindowsFunctionAp
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(windowsSiteConfig.ScmMinTlsVersion))
}

if metadata.ResourceData.HasChange("site_config.0.minimum_tls_cipher_suite") {
expanded.MinTlsCipherSuite = pointer.To(webapps.TlsCipherSuites(windowsSiteConfig.MinTlsCipherSuite))
}

if metadata.ResourceData.HasChange("site_config.0.cors") {
cors := ExpandCorsSettings(windowsSiteConfig.Cors)
expanded.Cors = cors
Expand Down Expand Up @@ -2028,6 +2062,7 @@ func FlattenSiteConfigLinuxFunctionApp(functionAppSiteConfig *webapps.SiteConfig
RuntimeScaleMonitoring: pointer.From(functionAppSiteConfig.FunctionsRuntimeScaleMonitoringEnabled),
MinTlsVersion: string(pointer.From(functionAppSiteConfig.MinTlsVersion)),
ScmMinTlsVersion: string(pointer.From(functionAppSiteConfig.ScmMinTlsVersion)),
MinTlsCipherSuite: string(pointer.From(functionAppSiteConfig.MinTlsCipherSuite)),
PreWarmedInstanceCount: pointer.From(functionAppSiteConfig.PreWarmedInstanceCount),
ElasticInstanceMinimum: pointer.From(functionAppSiteConfig.MinimumElasticInstanceCount),
Use32BitWorker: pointer.From(functionAppSiteConfig.Use32BitWorkerProcess),
Expand Down Expand Up @@ -2094,6 +2129,7 @@ func FlattenSiteConfigWindowsFunctionApp(functionAppSiteConfig *webapps.SiteConf
RuntimeScaleMonitoring: pointer.From(functionAppSiteConfig.FunctionsRuntimeScaleMonitoringEnabled),
MinTlsVersion: string(pointer.From(functionAppSiteConfig.MinTlsVersion)),
ScmMinTlsVersion: string(pointer.From(functionAppSiteConfig.ScmMinTlsVersion)),
MinTlsCipherSuite: string(pointer.From(functionAppSiteConfig.MinTlsCipherSuite)),
PreWarmedInstanceCount: pointer.From(functionAppSiteConfig.PreWarmedInstanceCount),
ElasticInstanceMinimum: pointer.From(functionAppSiteConfig.MinimumElasticInstanceCount),
Use32BitWorker: pointer.From(functionAppSiteConfig.Use32BitWorkerProcess),
Expand Down
26 changes: 26 additions & 0 deletions internal/services/appservice/helpers/function_app_slot_schema.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ type SiteConfigWindowsFunctionAppSlot struct {
ApplicationStack []ApplicationStackWindowsFunctionApp `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
MinTlsCipherSuite string `tfschema:"minimum_tls_cipher_suite"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
WindowsFxVersion string `tfschema:"windows_fx_version"`
Expand Down Expand Up @@ -301,6 +302,13 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema {
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForTlsCipherSuites(), false),
Description: "Configures the minimum TLS cipher suite for the incoming requests to the Site.",
},

"cors": CorsSettingsSchema(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -362,6 +370,7 @@ type SiteConfigLinuxFunctionAppSlot struct {
ApplicationStack []ApplicationStackLinuxFunctionApp `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
MinTlsCipherSuite string `tfschema:"minimum_tls_cipher_suite"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
LinuxFxVersion string `tfschema:"linux_fx_version"`
Expand Down Expand Up @@ -627,6 +636,13 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema {
Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.",
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForTlsCipherSuites(), false),
Description: "Configures the minimum TLS cipher suite for the incoming requests to the Site.",
},

"cors": CorsSettingsSchema(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -846,6 +862,10 @@ func ExpandSiteConfigWindowsFunctionAppSlot(siteConfig []SiteConfigWindowsFuncti
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(windowsSlotSiteConfig.ScmMinTlsVersion))
}

if metadata.ResourceData.HasChange("site_config.0.minimum_tls_cipher_suite") {
expanded.MinTlsCipherSuite = pointer.To(webapps.TlsCipherSuites(windowsSlotSiteConfig.MinTlsCipherSuite))
}

if metadata.ResourceData.HasChange("site_config.0.cors") {
cors := ExpandCorsSettings(windowsSlotSiteConfig.Cors)
expanded.Cors = cors
Expand Down Expand Up @@ -883,6 +903,7 @@ func FlattenSiteConfigWindowsFunctionAppSlot(functionAppSlotSiteConfig *webapps.
RuntimeScaleMonitoring: pointer.From(functionAppSlotSiteConfig.FunctionsRuntimeScaleMonitoringEnabled),
MinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.MinTlsVersion)),
ScmMinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.ScmMinTlsVersion)),
MinTlsCipherSuite: string(pointer.From(functionAppSlotSiteConfig.MinTlsCipherSuite)),
PreWarmedInstanceCount: pointer.From(functionAppSlotSiteConfig.PreWarmedInstanceCount),
ElasticInstanceMinimum: pointer.From(functionAppSlotSiteConfig.MinimumElasticInstanceCount),
Use32BitWorker: pointer.From(functionAppSlotSiteConfig.Use32BitWorkerProcess),
Expand Down Expand Up @@ -1187,6 +1208,10 @@ func ExpandSiteConfigLinuxFunctionAppSlot(siteConfig []SiteConfigLinuxFunctionAp
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(linuxSlotSiteConfig.ScmMinTlsVersion))
}

if metadata.ResourceData.HasChange("site_config.0.minimum_tls_cipher_suite") {
expanded.MinTlsCipherSuite = pointer.To(webapps.TlsCipherSuites(linuxSlotSiteConfig.MinTlsCipherSuite))
}

if metadata.ResourceData.HasChange("site_config.0.cors") {
cors := ExpandCorsSettings(linuxSlotSiteConfig.Cors)
expanded.Cors = cors
Expand Down Expand Up @@ -1225,6 +1250,7 @@ func FlattenSiteConfigLinuxFunctionAppSlot(functionAppSlotSiteConfig *webapps.Si
RuntimeScaleMonitoring: pointer.From(functionAppSlotSiteConfig.FunctionsRuntimeScaleMonitoringEnabled),
MinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.MinTlsVersion)),
ScmMinTlsVersion: string(pointer.From(functionAppSlotSiteConfig.ScmMinTlsVersion)),
MinTlsCipherSuite: string(pointer.From(functionAppSlotSiteConfig.MinTlsCipherSuite)),
PreWarmedInstanceCount: pointer.From(functionAppSlotSiteConfig.PreWarmedInstanceCount),
ElasticInstanceMinimum: pointer.From(functionAppSlotSiteConfig.MinimumElasticInstanceCount),
Use32BitWorker: pointer.From(functionAppSlotSiteConfig.Use32BitWorkerProcess),
Expand Down
19 changes: 19 additions & 0 deletions internal/services/appservice/helpers/linux_web_app_schema.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ type SiteConfigLinux struct {
ApplicationStack []ApplicationStackLinux `tfschema:"application_stack"`
MinTlsVersion string `tfschema:"minimum_tls_version"`
ScmMinTlsVersion string `tfschema:"scm_minimum_tls_version"`
MinTlsCipherSuite string `tfschema:"minimum_tls_cipher_suite"`
Cors []CorsSetting `tfschema:"cors"`
DetailedErrorLogging bool `tfschema:"detailed_error_logging_enabled"`
LinuxFxVersion string `tfschema:"linux_fx_version"`
Expand Down Expand Up @@ -250,6 +251,13 @@ func SiteConfigSchemaLinux() *pluginsdk.Schema {
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false),
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForTlsCipherSuites(), false),
Description: "Configures the minimum TLS cipher suite for the incoming requests to the Site.",
},

"cors": CorsSettingsSchema(),

"vnet_route_all_enabled": {
Expand Down Expand Up @@ -415,6 +423,11 @@ func SiteConfigSchemaLinuxComputed() *pluginsdk.Schema {
Computed: true,
},

"minimum_tls_cipher_suite": {
Type: pluginsdk.TypeString,
Computed: true,
},

"cors": CorsSettingsSchemaComputed(),

"detailed_error_logging_enabled": {
Expand Down Expand Up @@ -865,6 +878,7 @@ func (s *SiteConfigLinux) ExpandForCreate(appSettings map[string]string) (*webap
expanded.MinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.MinTlsVersion))
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.ScmMinTlsVersion))
expanded.AutoHealEnabled = pointer.To(false)
expanded.MinTlsCipherSuite = pointer.To(webapps.TlsCipherSuites(s.MinTlsCipherSuite))
expanded.VnetRouteAllEnabled = pointer.To(s.VnetRouteAllEnabled)
expanded.IPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.IpRestrictionDefaultAction))
expanded.ScmIPSecurityRestrictionsDefaultAction = pointer.To(webapps.DefaultAction(s.ScmIpRestrictionDefaultAction))
Expand Down Expand Up @@ -1136,6 +1150,10 @@ func (s *SiteConfigLinux) ExpandForUpdate(metadata sdk.ResourceMetaData, existin
expanded.ScmMinTlsVersion = pointer.To(webapps.SupportedTlsVersions(s.ScmMinTlsVersion))
}

if metadata.ResourceData.HasChange("site_config.0.minimum_tls_cipher_suite") {
expanded.MinTlsCipherSuite = pointer.To(webapps.TlsCipherSuites(s.MinTlsCipherSuite))
}

if metadata.ResourceData.HasChange("site_config.0.cors") {
cors := ExpandCorsSettings(s.Cors)
if cors == nil {
Expand Down Expand Up @@ -1179,6 +1197,7 @@ func (s *SiteConfigLinux) Flatten(appSiteConfig *webapps.SiteConfig) {
s.RemoteDebuggingVersion = strings.ToUpper(pointer.From(appSiteConfig.RemoteDebuggingVersion))
s.ScmIpRestriction = FlattenIpRestrictions(appSiteConfig.ScmIPSecurityRestrictions)
s.ScmMinTlsVersion = string(pointer.From(appSiteConfig.ScmMinTlsVersion))
s.MinTlsCipherSuite = string(pointer.From(appSiteConfig.MinTlsCipherSuite))
s.ScmUseMainIpRestriction = pointer.From(appSiteConfig.ScmIPSecurityRestrictionsUseMain)
s.Use32BitWorker = pointer.From(appSiteConfig.Use32BitWorkerProcess)
s.UseManagedIdentityACR = pointer.From(appSiteConfig.AcrUseManagedIdentityCreds)
Expand Down
Loading
Loading