Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_api_management - Add http2 protocol support for API Management #5593

Merged
merged 4 commits into from
Feb 10, 2020
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ var apimFrontendProtocolSsl3 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Sec
var apimFrontendProtocolTls10 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10"
var apimFrontendProtocolTls11 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11"
var apimTripleDesCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168"
var apimHttp2Protocol = "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2"

func resourceArmApiManagementService() *schema.Resource {
return &schema.Resource{
Expand Down Expand Up @@ -201,6 +202,23 @@ func resourceArmApiManagementService() *schema.Resource {
},
},

"protocols": {
Type: schema.TypeList,
Optional: true,
Computed: true,
wasfree marked this conversation as resolved.
Show resolved Hide resolved
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{

wasfree marked this conversation as resolved.
Show resolved Hide resolved
"enable_http2": {
Type: schema.TypeBool,
Optional: true,
Computed: true,
wasfree marked this conversation as resolved.
Show resolved Hide resolved
},
},
},
},

"security": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -658,10 +676,14 @@ func resourceArmApiManagementServiceRead(d *schema.ResourceData, meta interface{
d.Set("scm_url", props.ScmURL)
d.Set("public_ip_addresses", props.PublicIPAddresses)

if err := d.Set("security", flattenApiManagementCustomProperties(props.CustomProperties)); err != nil {
if err := d.Set("security", flattenApiManagementSecurityCustomProperties(props.CustomProperties)); err != nil {
return fmt.Errorf("Error setting `security`: %+v", err)
}

if err := d.Set("protocols", flattenApiManagementProtocolsCustomProperties(props.CustomProperties)); err != nil {
return fmt.Errorf("Error setting `protocols`: %+v", err)
}

hostnameConfigs := flattenApiManagementHostnameConfigurations(props.HostnameConfigurations, d)
if err := d.Set("hostname_configuration", hostnameConfigs); err != nil {
return fmt.Errorf("Error setting `hostname_configuration`: %+v", err)
Expand Down Expand Up @@ -1094,7 +1116,7 @@ func expandApiManagementCustomProperties(d *schema.ResourceData) map[string]*str
backendProtocolSsl3 = c.(bool)
}

return map[string]*string{
customProperties := map[string]*string{
apimBackendProtocolSsl3: utils.String(strconv.FormatBool(backendProtocolSsl3)),
apimBackendProtocolTls10: utils.String(strconv.FormatBool(backendProtocolTls10)),
apimBackendProtocolTls11: utils.String(strconv.FormatBool(backendProtocolTls11)),
Expand All @@ -1103,9 +1125,17 @@ func expandApiManagementCustomProperties(d *schema.ResourceData) map[string]*str
apimFrontendProtocolTls11: utils.String(strconv.FormatBool(frontendProtocolTls11)),
apimTripleDesCiphers: utils.String(strconv.FormatBool(tripleDesCiphers)),
}

if vp := d.Get("protocols").(([]interface{})); len(vp) > 0 {
if p, ok := d.GetOkExists("protocols.0.enable_http2"); ok {
customProperties[apimHttp2Protocol] = utils.String(strconv.FormatBool(p.(bool)))
}
}

return customProperties
}

func flattenApiManagementCustomProperties(input map[string]*string) []interface{} {
func flattenApiManagementSecurityCustomProperties(input map[string]*string) []interface{} {
output := make(map[string]interface{})

output["enable_backend_ssl30"] = parseApiManagementNilableDictionary(input, apimBackendProtocolSsl3)
Expand All @@ -1128,6 +1158,14 @@ func flattenApiManagementCustomProperties(input map[string]*string) []interface{
return []interface{}{output}
}

func flattenApiManagementProtocolsCustomProperties(input map[string]*string) []interface{} {
output := make(map[string]interface{})

output["enable_http2"] = parseApiManagementNilableDictionary(input, apimHttp2Protocol)

return []interface{}{output}
}

func apiManagementResourceHostnameSchema(schemaName string) map[string]*schema.Schema {
return map[string]*schema.Schema{
"host_name": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ func TestAccAzureRMApiManagement_customProps(t *testing.T) {
Config: testAccAzureRMApiManagement_customProps(data),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMApiManagementExists(data.ResourceName),
resource.TestCheckResourceAttr(data.ResourceName, "protocols.0.enable_http2", "true"),
),
},
data.ImportStep(),
Expand Down Expand Up @@ -427,6 +428,10 @@ resource "azurerm_api_management" "test" {

sku_name = "Developer_1"

protocols {
enable_http2 = true
}

security {
enable_frontend_tls10 = true
enable_triple_des_ciphers = true
Expand Down Expand Up @@ -511,6 +516,10 @@ resource "azurerm_api_management" "test" {
store_name = "Root"
}

protocols {
enable_http2 = true
}

security {
enable_backend_tls11 = true
enable_backend_ssl30 = true
Expand Down
8 changes: 8 additions & 0 deletions website/docs/r/api_management.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ The following arguments are supported:

* `policy` - (Optional) A `policy` block as defined below.

* `protocols` - (Optional) A `protocols` block as defined below.

* `security` - (Optional) A `security` block as defined below.

* `sign_in` - (Optional) A `sign_in` block as defined below.
Expand Down Expand Up @@ -163,6 +165,12 @@ A `proxy` block supports the following:

---

A `protocols` block supports the following:

* `enable_http2` - (Optional) Should HTTP/2 support be enabled on the client-facing side of the gateway?
wasfree marked this conversation as resolved.
Show resolved Hide resolved

---

A `security` block supports the following:

* `enable_backend_ssl30` - (Optional) Should SSL 3.0 be enabled on the backend of the gateway? Defaults to `false`.
Expand Down