diff --git a/internal/services/appservice/helpers/function_app_slot_schema.go b/internal/services/appservice/helpers/function_app_slot_schema.go index 3ed1480bc6bf..d2a5b6f446df 100644 --- a/internal/services/appservice/helpers/function_app_slot_schema.go +++ b/internal/services/appservice/helpers/function_app_slot_schema.go @@ -14,7 +14,6 @@ import ( apimValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/apimanagement/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" - "github.com/jackofallops/kermit/sdk/web/2022-09-01/web" ) type SiteConfigWindowsFunctionAppSlot struct { @@ -192,10 +191,10 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema { "managed_pipeline_mode": { Type: pluginsdk.TypeString, Optional: true, - Default: string(web.ManagedPipelineModeIntegrated), + Default: string(webapps.ManagedPipelineModeIntegrated), ValidateFunc: validation.StringInSlice([]string{ - string(web.ManagedPipelineModeClassic), - string(web.ManagedPipelineModeIntegrated), + string(webapps.ManagedPipelineModeClassic), + string(webapps.ManagedPipelineModeIntegrated), }, false), Description: "The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`.", }, @@ -255,11 +254,11 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema { "ftps_state": { Type: pluginsdk.TypeString, Optional: true, - Default: string(web.FtpsStateDisabled), + Default: string(webapps.FtpsStateDisabled), ValidateFunc: validation.StringInSlice([]string{ - string(web.FtpsStateAllAllowed), - string(web.FtpsStateDisabled), - string(web.FtpsStateFtpsOnly), + string(webapps.FtpsStateAllAllowed), + string(webapps.FtpsStateDisabled), + string(webapps.FtpsStateFtpsOnly), }, false), Description: "State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`.", }, @@ -287,27 +286,19 @@ func SiteConfigSchemaWindowsFunctionAppSlot() *pluginsdk.Schema { }, "minimum_tls_version": { - Type: pluginsdk.TypeString, - Optional: true, - Default: string(web.SupportedTLSVersionsOneFullStopTwo), - ValidateFunc: validation.StringInSlice([]string{ - string(web.SupportedTLSVersionsOneFullStopZero), - string(web.SupportedTLSVersionsOneFullStopOne), - string(web.SupportedTLSVersionsOneFullStopTwo), - }, false), - Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.", + Type: pluginsdk.TypeString, + Optional: true, + Default: string(webapps.SupportedTlsVersionsOnePointTwo), + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false), + Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.", }, "scm_minimum_tls_version": { - Type: pluginsdk.TypeString, - Optional: true, - Default: string(web.SupportedTLSVersionsOneFullStopTwo), - ValidateFunc: validation.StringInSlice([]string{ - string(web.SupportedTLSVersionsOneFullStopZero), - string(web.SupportedTLSVersionsOneFullStopOne), - string(web.SupportedTLSVersionsOneFullStopTwo), - }, false), - Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.", + Type: pluginsdk.TypeString, + Optional: true, + Default: string(webapps.SupportedTlsVersionsOnePointTwo), + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false), + Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.", }, "cors": CorsSettingsSchema(), @@ -526,10 +517,10 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema { "managed_pipeline_mode": { Type: pluginsdk.TypeString, Optional: true, - Default: string(web.ManagedPipelineModeIntegrated), + Default: string(webapps.ManagedPipelineModeIntegrated), ValidateFunc: validation.StringInSlice([]string{ - string(web.ManagedPipelineModeClassic), - string(web.ManagedPipelineModeIntegrated), + string(webapps.ManagedPipelineModeClassic), + string(webapps.ManagedPipelineModeIntegrated), }, false), Description: "The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`.", }, @@ -589,11 +580,11 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema { "ftps_state": { Type: pluginsdk.TypeString, Optional: true, - Default: string(web.FtpsStateDisabled), + Default: string(webapps.FtpsStateDisabled), ValidateFunc: validation.StringInSlice([]string{ - string(web.FtpsStateAllAllowed), - string(web.FtpsStateDisabled), - string(web.FtpsStateFtpsOnly), + string(webapps.FtpsStateAllAllowed), + string(webapps.FtpsStateDisabled), + string(webapps.FtpsStateFtpsOnly), }, false), Description: "State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`.", }, @@ -621,27 +612,19 @@ func SiteConfigSchemaLinuxFunctionAppSlot() *pluginsdk.Schema { }, "minimum_tls_version": { - Type: pluginsdk.TypeString, - Optional: true, - Default: string(web.SupportedTLSVersionsOneFullStopTwo), - ValidateFunc: validation.StringInSlice([]string{ - string(web.SupportedTLSVersionsOneFullStopZero), - string(web.SupportedTLSVersionsOneFullStopOne), - string(web.SupportedTLSVersionsOneFullStopTwo), - }, false), - Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.", + Type: pluginsdk.TypeString, + Optional: true, + Default: string(webapps.SupportedTlsVersionsOnePointTwo), + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false), + Description: "The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.", }, "scm_minimum_tls_version": { - Type: pluginsdk.TypeString, - Optional: true, - Default: string(web.SupportedTLSVersionsOneFullStopTwo), - ValidateFunc: validation.StringInSlice([]string{ - string(web.SupportedTLSVersionsOneFullStopZero), - string(web.SupportedTLSVersionsOneFullStopOne), - string(web.SupportedTLSVersionsOneFullStopTwo), - }, false), - Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`.", + Type: pluginsdk.TypeString, + Optional: true, + Default: string(webapps.SupportedTlsVersionsOnePointTwo), + ValidateFunc: validation.StringInSlice(webapps.PossibleValuesForSupportedTlsVersions(), false), + Description: "Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`.", }, "cors": CorsSettingsSchema(), diff --git a/internal/services/appservice/linux_function_app_slot_resource_test.go b/internal/services/appservice/linux_function_app_slot_resource_test.go index a5d5bd2f6c44..f1407bbcd07e 100644 --- a/internal/services/appservice/linux_function_app_slot_resource_test.go +++ b/internal/services/appservice/linux_function_app_slot_resource_test.go @@ -1496,6 +1496,22 @@ func TestAccLinuxFunctionAppSlot_publicNetworkAccessUpdate(t *testing.T) { }) } +func TestAccLinuxFunctionAppSlot_basicWithTlsOnePointThree(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_linux_function_app_slot", "test") + r := LinuxFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withTlsVersion(data, SkuConsumptionPlan, "1.3"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp,linux"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + // Configs func (r LinuxFunctionAppSlotResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { @@ -4262,3 +4278,24 @@ data "azurerm_storage_account_sas" "test" { } `, r.template(data, planSKU), data.RandomInteger) } + +func (r LinuxFunctionAppSlotResource) withTlsVersion(data acceptance.TestData, planSku string, tlsVersion string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_linux_function_app_slot" "test" { + name = "acctest-LFAS-%d" + function_app_id = azurerm_linux_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + minimum_tls_version = "%s" + } +} +`, r.template(data, planSku), data.RandomInteger, tlsVersion) +} diff --git a/internal/services/appservice/windows_function_app_slot_resource_test.go b/internal/services/appservice/windows_function_app_slot_resource_test.go index 745f0599b21a..c3a8a3510793 100644 --- a/internal/services/appservice/windows_function_app_slot_resource_test.go +++ b/internal/services/appservice/windows_function_app_slot_resource_test.go @@ -1295,6 +1295,22 @@ func TestAccWindowsFunctionAppSlot_publicNetworkAccessUpdate(t *testing.T) { }) } +func TestAccWindowsFunctionAppSlot_basicWithTlsOnePointThree(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_windows_function_app_slot", "test") + r := WindowsFunctionAppSlotResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withTlsVersion(data, SkuConsumptionPlan, "1.3"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("kind").HasValue("functionapp"), + ), + }, + data.ImportStep("site_credential.0.password"), + }) +} + // Exists func (r WindowsFunctionAppSlotResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { @@ -3383,3 +3399,24 @@ data "azurerm_storage_account_sas" "test" { } `, r.template(data, planSKU), data.RandomInteger) } + +func (r WindowsFunctionAppSlotResource) withTlsVersion(data acceptance.TestData, planSku string, tlsVersion string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_windows_function_app_slot" "test" { + name = "acctest-WFAS-%d" + function_app_id = azurerm_windows_function_app.test.id + storage_account_name = azurerm_storage_account.test.name + storage_account_access_key = azurerm_storage_account.test.primary_access_key + + site_config { + minimum_tls_version = "%s" + } +} +`, r.template(data, planSku), data.RandomInteger, tlsVersion) +} diff --git a/website/docs/r/linux_function_app_slot.html.markdown b/website/docs/r/linux_function_app_slot.html.markdown index af5faeebae08..fa0e87c82207 100644 --- a/website/docs/r/linux_function_app_slot.html.markdown +++ b/website/docs/r/linux_function_app_slot.html.markdown @@ -493,7 +493,7 @@ A `site_config` block supports the following: * `managed_pipeline_mode` - (Optional) The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. -* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. +* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. * `pre_warmed_instance_count` - (Optional) The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. @@ -509,7 +509,7 @@ A `site_config` block supports the following: * `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. -* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. +* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. * `scm_type` - The SCM Type in use by the Linux Function App. diff --git a/website/docs/r/windows_function_app_slot.html.markdown b/website/docs/r/windows_function_app_slot.html.markdown index 2929865a4d29..de2dd948ea91 100644 --- a/website/docs/r/windows_function_app_slot.html.markdown +++ b/website/docs/r/windows_function_app_slot.html.markdown @@ -486,7 +486,7 @@ A `site_config` block supports the following: * `managed_pipeline_mode` - (Optional) The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. -* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. +* `minimum_tls_version` - (Optional) The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. * `pre_warmed_instance_count` - (Optional) The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. @@ -502,7 +502,7 @@ A `site_config` block supports the following: * `scm_ip_restriction_default_action` - (Optional) The Default action for traffic that does not match any `scm_ip_restriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. -* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. +* `scm_minimum_tls_version` - (Optional) Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. * `scm_type` - The SCM Type in use by the Windows Function App.