From c88703929ddc85d65f2429923835e7637a0f28af Mon Sep 17 00:00:00 2001 From: Sean Nixon Date: Mon, 27 Jan 2020 15:41:51 -0600 Subject: [PATCH 01/10] r/front_door - Add minimum_tls_version property --- .../frontdoor/resource_arm_front_door.go | 16 +++++++++++++++- website/docs/r/front_door.html.markdown | 2 ++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/azurerm/internal/services/frontdoor/resource_arm_front_door.go b/azurerm/internal/services/frontdoor/resource_arm_front_door.go index 899127785c60..5e57b0ac7349 100644 --- a/azurerm/internal/services/frontdoor/resource_arm_front_door.go +++ b/azurerm/internal/services/frontdoor/resource_arm_front_door.go @@ -408,6 +408,15 @@ func resourceArmFrontDoor() *schema.Resource { }, false), Default: string(frontdoor.CertificateSourceFrontDoor), }, + "minimum_tls_version": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{ + string(frontdoor.OneFullStopTwo), + string(frontdoor.OneFullStopZero), + }, false), + Default: string(frontdoor.OneFullStopTwo), + }, "provisioning_state": { Type: schema.TypeString, Computed: true, @@ -1265,6 +1274,8 @@ func flattenArmFrontDoorFrontendEndpoint(d *schema.ResourceData, input *[]frontd chc["certificate_source"] = string(frontdoor.CertificateSourceFrontDoor) } + chc["minimum_tls_version"] = string(customHTTPSConfiguration.MinimumTLSVersion) + if provisioningState := properties.CustomHTTPSProvisioningState; provisioningState != "" { chc["provisioning_state"] = provisioningState if provisioningState == frontdoor.CustomHTTPSProvisioningStateEnabled || provisioningState == frontdoor.CustomHTTPSProvisioningStateEnabling { @@ -1502,8 +1513,11 @@ func makeCustomHttpsConfiguration(customHttpsConfiguration map[string]interface{ // https://github.com/Azure/azure-sdk-for-go/issues/6882 defaultProtocolType := "ServerNameIndication" + minTLSVersion := customHttpsConfiguration["minimum_tls_version"].(string) + customHTTPSConfigurationUpdate := frontdoor.CustomHTTPSConfiguration{ - ProtocolType: &defaultProtocolType, + ProtocolType: &defaultProtocolType, + MinimumTLSVersion: frontdoor.MinimumTLSVersion(minTLSVersion), } if customHttpsConfiguration["certificate_source"].(string) == "AzureKeyVault" { diff --git a/website/docs/r/front_door.html.markdown b/website/docs/r/front_door.html.markdown index 87136435d8bc..1fce73688aa3 100644 --- a/website/docs/r/front_door.html.markdown +++ b/website/docs/r/front_door.html.markdown @@ -229,6 +229,8 @@ The `custom_https_configuration` block supports the following: * `certificate_source` - (Optional) Certificate source to encrypted `HTTPS` traffic with. Allowed values are `FrontDoor` or `AzureKeyVault`. Defaults to `FrontDoor`. +* `minimum_tls_version` - (Optional) Minimum TLS version required for clients to connect. Allowed values are `1.0` or `1.2`. Defaults to `1.2`. + The following attributes are only valid if `certificate_source` is set to `AzureKeyVault`: * `azure_key_vault_certificate_vault_id` - (Required) The ID of the Key Vault containing the SSL certificate. From 9d57affed22b0f266bae04b00842caca2504a207 Mon Sep 17 00:00:00 2001 From: Sean Nixon Date: Mon, 27 Jan 2020 15:54:37 -0600 Subject: [PATCH 02/10] r/frontdoor Make default min TLS version 1.0 until v2.0 --- .../internal/services/frontdoor/resource_arm_front_door.go | 2 +- website/docs/guides/2.0-upgrade-guide.html.markdown | 4 ++++ website/docs/r/front_door.html.markdown | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/azurerm/internal/services/frontdoor/resource_arm_front_door.go b/azurerm/internal/services/frontdoor/resource_arm_front_door.go index 5e57b0ac7349..209db10fa98e 100644 --- a/azurerm/internal/services/frontdoor/resource_arm_front_door.go +++ b/azurerm/internal/services/frontdoor/resource_arm_front_door.go @@ -415,7 +415,7 @@ func resourceArmFrontDoor() *schema.Resource { string(frontdoor.OneFullStopTwo), string(frontdoor.OneFullStopZero), }, false), - Default: string(frontdoor.OneFullStopTwo), + Default: string(frontdoor.OneFullStopZero), // TODO: Update default to TLS 1.2 in version 2.0 }, "provisioning_state": { Type: schema.TypeString, diff --git a/website/docs/guides/2.0-upgrade-guide.html.markdown b/website/docs/guides/2.0-upgrade-guide.html.markdown index 4d3e2c33ee6b..0842826086a1 100644 --- a/website/docs/guides/2.0-upgrade-guide.html.markdown +++ b/website/docs/guides/2.0-upgrade-guide.html.markdown @@ -299,6 +299,10 @@ The deprecated `location` field will be removed, since this is no longer used. The deprecated `internal_public_ip_address_id` field in the `ip_configuration` block will be removed. This field has been replaced by the `public_ip_address_id` field in the `ip_configuration` block. +### Resource: `azurerm_frontdoor` + +The default value of the `minimum_tls_version` field in the `custom_https_configuration` block will be changed from `1.0` to `1.2` to align with [updates to the Azure platform defaults](https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#what-tls-versions-are-supported-by-azure-front-door-service) + ### Resource: `azurerm_iothub` The deprecated `sku.tier` property will be remove. diff --git a/website/docs/r/front_door.html.markdown b/website/docs/r/front_door.html.markdown index 1fce73688aa3..89024ac4082c 100644 --- a/website/docs/r/front_door.html.markdown +++ b/website/docs/r/front_door.html.markdown @@ -229,7 +229,7 @@ The `custom_https_configuration` block supports the following: * `certificate_source` - (Optional) Certificate source to encrypted `HTTPS` traffic with. Allowed values are `FrontDoor` or `AzureKeyVault`. Defaults to `FrontDoor`. -* `minimum_tls_version` - (Optional) Minimum TLS version required for clients to connect. Allowed values are `1.0` or `1.2`. Defaults to `1.2`. +* `minimum_tls_version` - (Optional) Minimum TLS version required for clients to connect. Allowed values are `1.0` or `1.2`. Defaults to `1.0`. The following attributes are only valid if `certificate_source` is set to `AzureKeyVault`: From 2d6abd10669adddc5217c1e36ad398eb22155e6a Mon Sep 17 00:00:00 2001 From: Sean Nixon Date: Wed, 29 Jan 2020 14:16:49 -0600 Subject: [PATCH 03/10] r/frontdoor: Make minimum_tls_version computed This updates the behavior to better fit with the Portal experience. Existing frontends will continue to use TLS 1.0 while new frontends will use TLS 1.2 as the minimum --- .../frontdoor/resource_arm_front_door.go | 45 ++++--------------- 1 file changed, 9 insertions(+), 36 deletions(-) diff --git a/azurerm/internal/services/frontdoor/resource_arm_front_door.go b/azurerm/internal/services/frontdoor/resource_arm_front_door.go index 209db10fa98e..2af4efdfb7df 100644 --- a/azurerm/internal/services/frontdoor/resource_arm_front_door.go +++ b/azurerm/internal/services/frontdoor/resource_arm_front_door.go @@ -410,12 +410,7 @@ func resourceArmFrontDoor() *schema.Resource { }, "minimum_tls_version": { Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringInSlice([]string{ - string(frontdoor.OneFullStopTwo), - string(frontdoor.OneFullStopZero), - }, false), - Default: string(frontdoor.OneFullStopZero), // TODO: Update default to TLS 1.2 in version 2.0 + Computed: true, }, "provisioning_state": { Type: schema.TypeString, @@ -558,9 +553,12 @@ func resourceArmFrontDoorCreateUpdate(d *schema.ResourceData, meta interface{}) // Build a custom Https configuration based off the config file to send to the enable call // NOTE: I do not need to check to see if this exists since I already do that in the validation code chc := frontendEndpoint["custom_https_configuration"].([]interface{}) - customHttpsConfiguration := chc[0].(map[string]interface{}) - customHTTPSConfigurationUpdate := makeCustomHttpsConfiguration(customHttpsConfiguration) - + customHTTPSConfiguration := chc[0].(map[string]interface{}) + minTLSVersion := frontdoor.OneFullStopTwo // Default to TLS 1.2 + if httpsConfig := properties.CustomHTTPSConfiguration; httpsConfig != nil { + minTLSVersion = httpsConfig.MinimumTLSVersion + } + customHTTPSConfigurationUpdate := makeCustomHttpsConfiguration(customHTTPSConfiguration, minTLSVersion) // Enable Custom Domain HTTPS for the Frontend Endpoint if err := resourceArmFrontDoorFrontendEndpointEnableHttpsProvisioning(d, true, name, frontendEndpointName, resourceGroup, customHTTPSConfigurationUpdate, meta); err != nil { return fmt.Errorf("Unable enable Custom Domain HTTPS for Frontend Endpoint %q (Resource Group %q): %+v", frontendEndpointName, resourceGroup, err) @@ -820,7 +818,6 @@ func expandArmFrontDoorFrontendEndpoint(input []interface{}, frontDoorPath strin hostName := frontendEndpoint["host_name"].(string) isSessionAffinityEnabled := frontendEndpoint["session_affinity_enabled"].(bool) sessionAffinityTtlSeconds := int32(frontendEndpoint["session_affinity_ttl_seconds"].(int)) - customHttpsConfiguration := frontendEndpoint["custom_https_configuration"].([]interface{}) waf := frontendEndpoint["web_application_firewall_policy_link_id"].(string) name := frontendEndpoint["name"].(string) id := utils.String(frontDoorPath + "/FrontendEndpoints/" + name) @@ -834,7 +831,6 @@ func expandArmFrontDoorFrontendEndpoint(input []interface{}, frontDoorPath strin ID: id, Name: utils.String(name), FrontendEndpointProperties: &frontdoor.FrontendEndpointProperties{ - CustomHTTPSConfiguration: expandArmFrontDoorCustomHTTPSConfiguration(customHttpsConfiguration), HostName: utils.String(hostName), SessionAffinityEnabledState: sessionAffinityEnabled, SessionAffinityTTLSeconds: utils.Int32(sessionAffinityTtlSeconds), @@ -853,27 +849,6 @@ func expandArmFrontDoorFrontendEndpoint(input []interface{}, frontDoorPath strin return &output } -func expandArmFrontDoorCustomHTTPSConfiguration(input []interface{}) *frontdoor.CustomHTTPSConfiguration { - if len(input) == 0 { - // https://github.com/Azure/azure-sdk-for-go/issues/6882 - defaultProtocolType := "ServerNameIndication" - - defaultHttpsConfiguration := frontdoor.CustomHTTPSConfiguration{ - ProtocolType: &defaultProtocolType, - CertificateSource: frontdoor.CertificateSourceFrontDoor, - CertificateSourceParameters: &frontdoor.CertificateSourceParameters{ - CertificateType: frontdoor.Dedicated, - }, - } - return &defaultHttpsConfiguration - } - - v := input[0].(map[string]interface{}) - customHttpsConfiguration := makeCustomHttpsConfiguration(v) - - return &customHttpsConfiguration -} - func expandArmFrontDoorHealthProbeSettingsModel(input []interface{}, frontDoorPath string) *[]frontdoor.HealthProbeSettingsModel { if len(input) == 0 { return &[]frontdoor.HealthProbeSettingsModel{} @@ -1509,15 +1484,13 @@ func flattenArmFrontDoorFrontendEndpointsSubResources(input *[]frontdoor.SubReso return output } -func makeCustomHttpsConfiguration(customHttpsConfiguration map[string]interface{}) frontdoor.CustomHTTPSConfiguration { +func makeCustomHttpsConfiguration(customHttpsConfiguration map[string]interface{}, minTLSVersion frontdoor.MinimumTLSVersion) frontdoor.CustomHTTPSConfiguration { // https://github.com/Azure/azure-sdk-for-go/issues/6882 defaultProtocolType := "ServerNameIndication" - minTLSVersion := customHttpsConfiguration["minimum_tls_version"].(string) - customHTTPSConfigurationUpdate := frontdoor.CustomHTTPSConfiguration{ ProtocolType: &defaultProtocolType, - MinimumTLSVersion: frontdoor.MinimumTLSVersion(minTLSVersion), + MinimumTLSVersion: minTLSVersion, } if customHttpsConfiguration["certificate_source"].(string) == "AzureKeyVault" { From 761add0b77e34546355d721aeafcb6eac2edea89 Mon Sep 17 00:00:00 2001 From: Sean Nixon Date: Wed, 29 Jan 2020 14:17:33 -0600 Subject: [PATCH 04/10] Revert azurerm_frontdoor 2.0 upgrade note --- website/docs/guides/2.0-upgrade-guide.html.markdown | 4 ---- 1 file changed, 4 deletions(-) diff --git a/website/docs/guides/2.0-upgrade-guide.html.markdown b/website/docs/guides/2.0-upgrade-guide.html.markdown index 0842826086a1..4d3e2c33ee6b 100644 --- a/website/docs/guides/2.0-upgrade-guide.html.markdown +++ b/website/docs/guides/2.0-upgrade-guide.html.markdown @@ -299,10 +299,6 @@ The deprecated `location` field will be removed, since this is no longer used. The deprecated `internal_public_ip_address_id` field in the `ip_configuration` block will be removed. This field has been replaced by the `public_ip_address_id` field in the `ip_configuration` block. -### Resource: `azurerm_frontdoor` - -The default value of the `minimum_tls_version` field in the `custom_https_configuration` block will be changed from `1.0` to `1.2` to align with [updates to the Azure platform defaults](https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq#what-tls-versions-are-supported-by-azure-front-door-service) - ### Resource: `azurerm_iothub` The deprecated `sku.tier` property will be remove. From 22f7fd90637ba1178ffbcfd330ccebf78bb648d0 Mon Sep 17 00:00:00 2001 From: Sean Nixon Date: Wed, 29 Jan 2020 14:29:07 -0600 Subject: [PATCH 05/10] r/frontdoor: Remove minimum_tls_version from docs That attribute is now calculated so it should not be set by the user --- website/docs/r/front_door.html.markdown | 2 -- 1 file changed, 2 deletions(-) diff --git a/website/docs/r/front_door.html.markdown b/website/docs/r/front_door.html.markdown index 89024ac4082c..87136435d8bc 100644 --- a/website/docs/r/front_door.html.markdown +++ b/website/docs/r/front_door.html.markdown @@ -229,8 +229,6 @@ The `custom_https_configuration` block supports the following: * `certificate_source` - (Optional) Certificate source to encrypted `HTTPS` traffic with. Allowed values are `FrontDoor` or `AzureKeyVault`. Defaults to `FrontDoor`. -* `minimum_tls_version` - (Optional) Minimum TLS version required for clients to connect. Allowed values are `1.0` or `1.2`. Defaults to `1.0`. - The following attributes are only valid if `certificate_source` is set to `AzureKeyVault`: * `azure_key_vault_certificate_vault_id` - (Required) The ID of the Key Vault containing the SSL certificate. From 4179b6761ded3a0a0cdc14f298684b02ca5d3e61 Mon Sep 17 00:00:00 2001 From: Jeffrey Cline <20408400+WodansSon@users.noreply.github.com> Date: Wed, 29 Jan 2020 15:13:42 -0800 Subject: [PATCH 06/10] Added test case for custom https --- .../tests/resource_arm_front_door_test.go | 159 ++++++++++++++++++ 1 file changed, 159 insertions(+) diff --git a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go index 693b739a83dc..94a800aaf994 100644 --- a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go +++ b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go @@ -160,6 +160,40 @@ func TestAccAzureRMFrontDoor_EnableDisableCache(t *testing.T) { }) } +func TestAccAzureRMFrontDoor_CustomHttps(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_frontdoor", "test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMFrontDoorDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMFrontDoor_CustomHttpsEnabled(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMFrontDoorExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_provisioning_enabled", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.certificate_source", "FrontDoor"), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.minimum_tls_version", "1.2"), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.provisioning_state", "Enabled"), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.provisioning_substate", "CertificateDeployed"), + ), + }, + { + Config: testAccAzureRMFrontDoor_CustomHttpsDisabled(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMFrontDoorExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_provisioning_enabled", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.certificate_source", ""), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.minimum_tls_version", ""), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.provisioning_state", ""), + resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.provisioning_substate", ""), + ), + }, + data.ImportStep(), + }, + }) +} + func testCheckAzureRMFrontDoorExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Frontdoor.FrontDoorsClient @@ -573,3 +607,128 @@ resource "azurerm_frontdoor" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) } + +func testAccAzureRMFrontDoor_CustomHttpsEnabled(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +locals { + backend_name = "backend-bing" + endpoint_name = "frontend-endpoint" + health_probe_name = "health-probe" + load_balancing_name = "load-balancing-setting" +} + +resource "azurerm_frontdoor" "test" { + name = "acctestfd-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + enforce_backend_pools_certificate_name_check = false + + routing_rule { + name = "routing-rule" + accepted_protocols = ["Http", "Https"] + patterns_to_match = ["/*"] + frontend_endpoints = [local.endpoint_name] + + forwarding_configuration { + forwarding_protocol = "MatchRequest" + backend_pool_name = local.backend_name + } + } + + backend_pool_load_balancing { + name = local.load_balancing_name + } + + backend_pool_health_probe { + name = local.health_probe_name + } + + backend_pool { + name = local.backend_name + backend { + host_header = "www.bing.com" + address = "www.bing.com" + http_port = 80 + https_port = 443 + } + + load_balancing_name = local.load_balancing_name + health_probe_name = local.health_probe_name + } + + frontend_endpoint { + name = local.endpoint_name + host_name = "acctestfd-%d.azurefd.net" + custom_https_provisioning_enabled = true + certificate_source = "FrontDoor" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} + +func testAccAzureRMFrontDoor_CustomHttpsDisabled(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +locals { + backend_name = "backend-bing" + endpoint_name = "frontend-endpoint" + health_probe_name = "health-probe" + load_balancing_name = "load-balancing-setting" +} + +resource "azurerm_frontdoor" "test" { + name = "acctestfd-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + enforce_backend_pools_certificate_name_check = false + + routing_rule { + name = "routing-rule" + accepted_protocols = ["Http", "Https"] + patterns_to_match = ["/*"] + frontend_endpoints = [local.endpoint_name] + + forwarding_configuration { + forwarding_protocol = "MatchRequest" + backend_pool_name = local.backend_name + } + } + + backend_pool_load_balancing { + name = local.load_balancing_name + } + + backend_pool_health_probe { + name = local.health_probe_name + } + + backend_pool { + name = local.backend_name + backend { + host_header = "www.bing.com" + address = "www.bing.com" + http_port = 80 + https_port = 443 + } + + load_balancing_name = local.load_balancing_name + health_probe_name = local.health_probe_name + } + + frontend_endpoint { + name = local.endpoint_name + host_name = "acctestfd-%d.azurefd.net" + custom_https_provisioning_enabled = false + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} From a3b57de940c039f811a429cd3a82ff454ec709ee Mon Sep 17 00:00:00 2001 From: Jeffrey Cline <20408400+WodansSon@users.noreply.github.com> Date: Wed, 29 Jan 2020 15:16:28 -0800 Subject: [PATCH 07/10] Fixed test HCL formatting --- .../services/frontdoor/tests/resource_arm_front_door_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go index 94a800aaf994..94200a0b3136 100644 --- a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go +++ b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go @@ -665,7 +665,9 @@ resource "azurerm_frontdoor" "test" { name = local.endpoint_name host_name = "acctestfd-%d.azurefd.net" custom_https_provisioning_enabled = true - certificate_source = "FrontDoor" + custom_https_configuration { + certificate_source = "FrontDoor" + } } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) From da20eed6e718e8281feb8190a41364754cfb3420 Mon Sep 17 00:00:00 2001 From: Jeffrey Cline <20408400+WodansSon@users.noreply.github.com> Date: Wed, 29 Jan 2020 16:43:26 -0800 Subject: [PATCH 08/10] Fixed test fmt lint issue --- .../services/frontdoor/tests/resource_arm_front_door_test.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go index 94200a0b3136..6389ec8ca1f8 100644 --- a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go +++ b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go @@ -183,10 +183,6 @@ func TestAccAzureRMFrontDoor_CustomHttps(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMFrontDoorExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_provisioning_enabled", "false"), - resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.certificate_source", ""), - resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.minimum_tls_version", ""), - resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.provisioning_state", ""), - resource.TestCheckResourceAttr(data.ResourceName, "frontend_endpoint.0.custom_https_configuration.0.provisioning_substate", ""), ), }, data.ImportStep(), From b59ed71559ea836d87324790e1c5342783ede103 Mon Sep 17 00:00:00 2001 From: Jeffrey Cline <20408400+WodansSon@users.noreply.github.com> Date: Thu, 30 Jan 2020 12:41:09 -0800 Subject: [PATCH 09/10] Fix test lint error --- .../services/frontdoor/tests/resource_arm_front_door_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go index 6389ec8ca1f8..f288ee6a6827 100644 --- a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go +++ b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go @@ -726,7 +726,7 @@ resource "azurerm_frontdoor" "test" { name = local.endpoint_name host_name = "acctestfd-%d.azurefd.net" custom_https_provisioning_enabled = false - } + } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) } From 1512b04f0f0abe0c765925008946fd1c0e86571a Mon Sep 17 00:00:00 2001 From: Jeffrey Cline <20408400+WodansSon@users.noreply.github.com> Date: Thu, 30 Jan 2020 14:47:22 -0800 Subject: [PATCH 10/10] Added minimum tls to documentation --- website/docs/r/front_door.html.markdown | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/website/docs/r/front_door.html.markdown b/website/docs/r/front_door.html.markdown index 87136435d8bc..22de3c2302ee 100644 --- a/website/docs/r/front_door.html.markdown +++ b/website/docs/r/front_door.html.markdown @@ -274,10 +274,14 @@ The following attributes are only valid if `certificate_source` is set to `Azure * `id` - The Resource ID of the Azure Front Door Backend Load Balancer. -`routing_rule` exports the following: +`routing_rule` exports the following: * `id` - The Resource ID of the Azure Front Door Backend Routing Rule. +`custom_https_configuration` exports the following: + +* `minimum_tls_version` - Minimum client TLS version supported. + The following attributes are exported: