Open matthawley opened 8 months ago
Thanks @matthawley for raising this issue, let me try reproducing it and let you know about the progress.
@matthawley I can successfully upgrade the tls version to 1.2 without any problems
Can you enable TF log and try the deployment again and share the logs of the deployment?
Enable TF log by setting the env:
export TF_LOG_PATH=D:/logs/debug.log
export TF_LOG=DEBUG
@xiaxyi I captured the debug output already, it's in the gist link. I can retry again, though.
@xiaxyi re-ran things again, while terraform did detect going from 1.0 -> 1.2, it did not update it.
Re-running the apply, again detected it should upgrade from 1.0 -> 1.2.
Updated debug log @ https://gist.github.com/matthawley/9d82e36c55633cfb2bf01870bcba912d
Looking at the logs, it does issue the request to set TLS to 1.2 and we get back a 200 OK from Azure, but the response is still stating TLS is 1.0. So this might be an issue with Azure?
@xiaxyi My suspicion is that the rest api version being used (2022-01-01-preview
) is old and potentially outdated (or not available for my sub)? I can't find documentation on it, but maybe it should be upgraded to use 2024-01-01
which does list minimumTlsVersion
as a supported property.
@matthawley are you able to update the property via azure portal?
@xiaxyi yes - and once I do, 1.2
gets sent back and detected so no changes are necessary.
@matthawley I checked the log but couldn't find any request relates to the eventhub namepsace creation/ update like PUT https://management.azure.com/subscriptions/XXX/resourceGroups/xxx/providers/Microsoft.EventHub/namespaces/xxx
.
The property minimum_tls_version
is available in api version 2022-01-01-preview
and I can do the update without any problem.
Can you share the log that contains eventhub namespace creation and let me know the namespace id? Thanks
@xiaxyi Pulled this from the gist log above
PUT /subscriptions/29948a76-6c12-48ea-a9ab-6b29236bb95c/resourceGroups/matthaw-ex/providers/Microsoft.EventHub/namespaces/matthaw-ex?api-version=2022-01-01-preview HTTP/1.1
{"identity":{"type":"None","userAssignedIdentities":null},"location":"westus2","properties":{"disableLocalAuth":false,"isAutoInflateEnabled":false,"minimumTlsVersion":"1.0","publicNetworkAccess":"Enabled","zoneRedundant":false},"sku":{"capacity":2,"name":"Standard","tier":"Standard"},"tags":{}}
and the update
PATCH /subscriptions/29948a76-6c12-48ea-a9ab-6b29236bb95c/resourceGroups/matthaw-ex/providers/Microsoft.EventHub/namespaces/matthaw-ex?api-version=2022-01-01-preview HTTP/1.1
{"identity":{"type":"None","userAssignedIdentities":null},"location":"westus2","properties":{"disableLocalAuth":false,"isAutoInflateEnabled":false,"minimumTlsVersion":"1.2","publicNetworkAccess":"Enabled","zoneRedundant":false},"sku":{"capacity":2,"name":"Standard","tier":"Standard"},"tags":{}}
@matthawley Let me check with the Patch API and let you know
Is there an existing issue for this?
Community Note
Terraform Version
1.6.6
AzureRM Provider Version
3.93.0
Affected Resource(s)/Data Source(s)
eventhub_namespace_resource
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
When upgrading the TLS version from 1.0 to 1.2, it should affect the azure resource and be set to TLS 1.2
Actual Behaviour
After the apply, TLS 1.0 is still configured on the azure resource
Steps to Reproduce
terraform apply
using the initial terraform configuration (using TLS 1.0)terraform apply
and note the update-in-place notice~ minimum_tls_version = "1.0" -> "1.2"
Important Factoids
No response
References
Issue #17030