mssql_server: add minimal_tls_version property

azurerm/internal/services/mssql/mssql_server_resource.go

@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	uuid "github.com/satori/go.uuid"
+
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
@@ -136,6 +137,16 @@ func resourceArmMsSqlServer() *schema.Resource {
 				},
 			},
 
+			"minimum_tls_version": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"1.0",
+					"1.1",
+					"1.2",
+				}, false),
+			},
+
 			"public_network_access_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -183,7 +194,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 		existing, err := client.Get(ctx, resGroup, name)
 		if err != nil {
 			if !utils.ResponseWasNotFound(existing.Response) {
-				return fmt.Errorf("Error checking for presence of existing SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
+				return fmt.Errorf("checking for presence of existing SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
 			}
 		}
 
@@ -216,22 +227,26 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 		props.ServerProperties.AdministratorLoginPassword = utils.String(adminPassword)
 	}
 
+	if v := d.Get("minimum_tls_version"); v.(string) != "" {
+		props.ServerProperties.MinimalTLSVersion = utils.String(v.(string))
+	}
+
 	future, err := client.CreateOrUpdate(ctx, resGroup, name, props)
 	if err != nil {
-		return fmt.Errorf("Error issuing create/update request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
+		return fmt.Errorf("issuing create/update request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
 	}
 
 	if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
 		if response.WasConflict(future.Response()) {
 			return fmt.Errorf("SQL Server names need to be globally unique and %q is already in use.", name)
 		}
 
-		return fmt.Errorf("Error waiting on create/update future for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
+		return fmt.Errorf("waiting on create/update future for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
 	}
 
 	resp, err := client.Get(ctx, resGroup, name)
 	if err != nil {
-		return fmt.Errorf("Error issuing get request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
+		return fmt.Errorf("issuing get request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
 	}
 
 	d.SetId(*resp.ID)
@@ -264,7 +279,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 		},
 	}
 	if _, err = connectionClient.CreateOrUpdate(ctx, resGroup, name, connection); err != nil {
-		return fmt.Errorf("Error issuing create/update request for SQL Server %q Connection Policy (Resource Group %q): %+v", name, resGroup, err)
+		return fmt.Errorf("issuing create/update request for SQL Server %q Connection Policy (Resource Group %q): %+v", name, resGroup, err)
 	}
 
 	auditingProps := sql.ExtendedServerBlobAuditingPolicy{
@@ -273,7 +288,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 
 	auditingFuture, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps)
 	if err != nil {
-		return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err)
+		return fmt.Errorf("issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err)
 	}
 
 	if err = auditingFuture.WaitForCompletionRef(ctx, auditingClient.Client); err != nil {
@@ -308,7 +323,7 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
 			return nil
 		}
 
-		return fmt.Errorf("Error reading SQL Server %s: %v", name, err)
+		return fmt.Errorf("reading SQL Server %s: %v", name, err)
 	}
 
 	d.Set("name", name)
@@ -318,20 +333,21 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	if err := d.Set("identity", flattenAzureRmSqlServerIdentity(resp.Identity)); err != nil {
-		return fmt.Errorf("Error setting `identity`: %+v", err)
+		return fmt.Errorf("setting `identity`: %+v", err)
 	}
 
 	if props := resp.ServerProperties; props != nil {
 		d.Set("version", props.Version)
 		d.Set("administrator_login", props.AdministratorLogin)
 		d.Set("fully_qualified_domain_name", props.FullyQualifiedDomainName)
+		d.Set("minimum_tls_version", props.MinimalTLSVersion)
 		d.Set("public_network_access_enabled", props.PublicNetworkAccess == sql.ServerPublicNetworkAccessEnabled)
 	}
 
 	adminResp, err := adminClient.Get(ctx, resGroup, name)
 	if err != nil {
 		if !utils.ResponseWasNotFound(adminResp.Response) {
-			return fmt.Errorf("Error reading SQL Server %s AAD admin: %v", name, err)
+			return fmt.Errorf("reading SQL Server %s AAD admin: %v", name, err)
 		}
 	} else {
 		if err := d.Set("azuread_administrator", flatternAzureRmMsSqlServerAdministrator(adminResp)); err != nil {
@@ -341,7 +357,7 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
 
 	connection, err := connectionClient.Get(ctx, resGroup, name)
 	if err != nil {
-		return fmt.Errorf("Error reading SQL Server %s Blob Connection Policy: %v ", name, err)
+		return fmt.Errorf("reading SQL Server %s Blob Connection Policy: %v ", name, err)
 	}
 
 	if props := connection.ServerConnectionPolicyProperties; props != nil {
@@ -350,11 +366,11 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
 
 	auditingResp, err := auditingClient.Get(ctx, resGroup, name)
 	if err != nil {
-		return fmt.Errorf("Error reading SQL Server %s Blob Auditing Policies: %v ", name, err)
+		return fmt.Errorf("reading SQL Server %s Blob Auditing Policies: %v ", name, err)
 	}
 
 	if err := d.Set("extended_auditing_policy", helper.FlattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)); err != nil {
-		return fmt.Errorf("Error setting `extended_auditing_policy`: %+v", err)
+		return fmt.Errorf("setting `extended_auditing_policy`: %+v", err)
 	}
 
 	restorableResp, err := restorableDroppedDatabasesClient.ListByServer(ctx, resGroup, name)
@@ -383,7 +399,7 @@ func resourceArmMsSqlServerDelete(d *schema.ResourceData, meta interface{}) erro
 
 	future, err := client.Delete(ctx, resGroup, name)
 	if err != nil {
-		return fmt.Errorf("Error deleting SQL Server %s: %+v", name, err)
+		return fmt.Errorf("deleting SQL Server %s: %+v", name, err)
 	}
 
 	return future.WaitForCompletionRef(ctx, client.Client)

azurerm/internal/services/mssql/tests/mssql_server_resource_test.go

@@ -389,6 +389,7 @@ resource "azurerm_mssql_server" "test" {
   version                      = "12.0"
   administrator_login          = "missadministrator"
   administrator_login_password = "thisIsKat11"
+  minimum_tls_version          = "1.2"
 
   public_network_access_enabled = true
 

website/docs/r/mssql_server.html.markdown

@@ -37,6 +37,7 @@ resource "azurerm_mssql_server" "example" {
   version                      = "12.0"
   administrator_login          = "missadministrator"
   administrator_login_password = "thisIsKat11"
+  minimum_tls_version          = "1.2"
 
   azuread_administrator {
     login_username = "AzureAD Admin"
@@ -65,9 +66,9 @@ The following arguments are supported:
 
 * `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
 
-* `version` - (Required) This servers MS SQL version. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).
+* `version` - (Required) The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).
 
-* `administrator_login` - (Required) The administrator's login name for the new server. Changing this forces a new resource to be created.
+* `administrator_login` - (Required) The administrator login name for the new server. Changing this forces a new resource to be created.
 
 * `administrator_login_password` - (Required) The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx)
 
@@ -79,6 +80,8 @@ The following arguments are supported:
 
 * `identity` - (Optional) An `identity` block as defined below.
 
+* `minimum_tls_version` - (Optional) The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: `1.0`, `1.1` and `1.2`.
+
 * `public_network_access_enabled` - (Optional) Whether or not public network access is allowed for this server. Defaults to `true`.
 
 * `tags` - (Optional) A mapping of tags to assign to the resource.
@@ -109,11 +112,11 @@ The following attributes are exported:
 
 * `tenant_id` - The Tenant ID for the Service Principal associated with the Identity of this SQL Server.
 
--> You can access the Principal ID via `${azurerm_sql_server.example.identity.0.principal_id}` and the Tenant ID via `${azurerm_sql_server.example.identity.0.tenant_id}`
+-> You can access the Principal ID via `azurerm_mssql_server.example.identity.0.principal_id` and the Tenant ID via `azurerm_mssql_server.example.identity.0.tenant_id`
 
 ---
 
-A `azuread_administrator` block supports the following:
+An `azuread_administrator` block supports the following:
 
 * `login_username` - (Required)  The login username of the Azure AD Administrator of this SQL Server.
 
@@ -123,7 +126,7 @@ A `azuread_administrator` block supports the following:
 
 ---
 
-A `extended_auditing_policy` block supports the following:
+An `extended_auditing_policy` block supports the following:
 
 * `storage_account_access_key` - (Required)  Specifies the access key to use for the auditing storage account.