Support for azurerm_cosmosdb_account and azurerm_cosmosdb_* with TLS version enablement

[ramyaradhakrishnan2015]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It would be good to set the specific TLS version for Cosmos DB accounts so that we can allow only approved TLS versions and also a flag to turn it on by default with a default value would be appreciated.

New or Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_account and azurermcosmosdb*

Potential Terraform Configuration

resource "azurerm_cosmosdb_account" "db" {
  name                = "tfex-cosmos-db-${random_integer.ri.result}"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  offer_type          = "Standard"
  kind                = "MongoDB"
 tls_version          = "TLSv1_2"

  enable_automatic_failover = true

  capabilities {
    name = "EnableAggregationPipeline"
  }
}

References

No response

[neil-yechenwei]

Thanks for raising this issue. Seems service API doesn't support it for now since I didn't find this property from azure rest api spec.

[sehgalnamit]

The reason that the account didn't default to TLS1.2 is that the API version used to submit the request was not the minimum required 2022-11-15 (in this case, it had 2021-10-15). If Terraform doesn't use consistent API versions then it could result in such behavior.