Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_application_gateway - send min_protocol_version and correct policy_type for CustomV2 #22535

Merged
merged 2 commits into from
Jul 17, 2023
Merged

azurerm_application_gateway - send min_protocol_version and correct policy_type for CustomV2 #22535

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a796dc1
send min_protocol_version and correct policy_type for CustomV2
stephybun Jul 14, 2023
6041585
remove cipher suite
stephybun Jul 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/services/network/application_gateway_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2719,7 +2719,7 @@ func expandApplicationGatewaySslPolicy(vs []interface{}) *network.ApplicationGat
PolicyType: policyType,
PolicyName: policyName,
}
} else if policyType == network.ApplicationGatewaySslPolicyTypeCustom {
} else if policyType == network.ApplicationGatewaySslPolicyTypeCustom || policyType == network.ApplicationGatewaySslPolicyTypeCustomV2 {
minProtocolVersion := network.ApplicationGatewaySslProtocol(v["min_protocol_version"].(string))
cipherSuites := make([]network.ApplicationGatewaySslCipherSuite, 0)

Expand Down
99 changes: 99 additions & 0 deletions internal/services/network/application_gateway_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -892,6 +892,22 @@ func TestAccApplicationGateway_sslPolicy_policyType_custom(t *testing.T) {
})
}

func TestAccApplicationGateway_sslPolicy_policyType_customV2(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_application_gateway", "test")
r := ApplicationGatewayResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.sslPolicy_policyType_customV2(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("ssl_policy.0.policy_type").HasValue("CustomV2"),
check.That(data.ResourceName).Key("ssl_policy.0.min_protocol_version").HasValue("TLSv1_3"),
),
},
})
}

func TestAccApplicationGateway_sslPolicy_disabledProtocols(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_application_gateway", "test")
r := ApplicationGatewayResource{}
Expand Down Expand Up @@ -5885,6 +5901,89 @@ resource "azurerm_application_gateway" "test" {
`, r.template(data), data.RandomInteger, data.RandomInteger)
}

func (r ApplicationGatewayResource) sslPolicy_policyType_customV2(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
# since these variables are re-used - a locals block makes this more maintainable
locals {
backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap"
frontend_port_name = "${azurerm_virtual_network.test.name}-feport"
frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
http_setting_name = "${azurerm_virtual_network.test.name}-be-htst"
listener_name = "${azurerm_virtual_network.test.name}-httplstn"
request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt"
}

resource "azurerm_public_ip" "test_standard" {
name = "acctest-pubip-%d-standard"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
sku = "Standard"
allocation_method = "Static"
}

resource "azurerm_application_gateway" "test" {
name = "acctestag-%d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location

sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 1
}

ssl_policy {
policy_type = "CustomV2"
min_protocol_version = "TLSv1_3"
}

gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.test.id
}

frontend_port {
name = local.frontend_port_name
port = 80
}

frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.test_standard.id
}

backend_address_pool {
name = local.backend_address_pool_name
}

backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 1
}

http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Http"
}

request_routing_rule {
name = local.request_routing_rule_name
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
priority = 10
}
}
`, r.template(data), data.RandomInteger, data.RandomInteger)
}

func (r ApplicationGatewayResource) sslPolicy_disabledProtocols(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand Down