From 89cf252a7fa55df290901206158c4c3de014bd49 Mon Sep 17 00:00:00 2001 From: Ariel Ramirez Date: Mon, 27 Jun 2022 11:38:48 -0700 Subject: [PATCH 1/3] Adding param for min tls version --- .../Microsoft.Sql/servers/.parameters/parameters.json | 3 +++ modules/Microsoft.Sql/servers/deploy.bicep | 9 +++++++++ modules/Microsoft.Sql/servers/readme.md | 5 +++++ settings.json | 2 +- 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.Sql/servers/.parameters/parameters.json b/modules/Microsoft.Sql/servers/.parameters/parameters.json index 091333e683..13ec2f832b 100644 --- a/modules/Microsoft.Sql/servers/.parameters/parameters.json +++ b/modules/Microsoft.Sql/servers/.parameters/parameters.json @@ -27,6 +27,9 @@ "location": { "value": "westeurope" }, + "minimalTlsVersion": { + "value": "1.2" + }, "roleAssignments": { "value": [ { diff --git a/modules/Microsoft.Sql/servers/deploy.bicep b/modules/Microsoft.Sql/servers/deploy.bicep index 91e1453530..63518b250e 100644 --- a/modules/Microsoft.Sql/servers/deploy.bicep +++ b/modules/Microsoft.Sql/servers/deploy.bicep @@ -46,6 +46,14 @@ param securityAlertPolicies array = [] @description('Conditional. The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided.') param administrators object = {} +@allowed([ + '1.0' + '1.1' + '1.2' +]) +@description('Optional. Minimal TLS version allowed.') +param minimalTlsVersion string = '1.2' + @description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @@ -90,6 +98,7 @@ resource server 'Microsoft.Sql/servers@2021-05-01-preview' = { tenantId: administrators.tenantId } : null version: '12.0' + minimalTlsVersion: minimalTlsVersion } } diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md index c83c4d5229..529b1018b5 100644 --- a/modules/Microsoft.Sql/servers/readme.md +++ b/modules/Microsoft.Sql/servers/readme.md @@ -46,6 +46,7 @@ This module deploys a SQL server. | `firewallRules` | _[firewallRules](firewallRules/readme.md)_ array | `[]` | | The firewall rules to create in the server. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | +| `minimalTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Minimal TLS version allowed. | | `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `securityAlertPolicies` | _[securityAlertPolicies](securityAlertPolicies/readme.md)_ array | `[]` | | The security alert policies to create in the server. | @@ -405,6 +406,9 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = { "location": { "value": "westeurope" }, + "minimalTlsVersion": { + "value": "1.2" + }, "roleAssignments": { "value": [ { @@ -504,6 +508,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = { administratorLogin: kv1.getSecret('administratorLogin') administratorLoginPassword: kv1.getSecret('administratorLoginPassword') location: 'westeurope' + minimalTlsVersion: '1.2' roleAssignments: [ { roleDefinitionIdOrName: 'Reader' diff --git a/settings.json b/settings.json index 9198a0f7d0..30fbf24028 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "carml", + "value": "mop", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 08038245ac5213710ad0dff30cdd31bcad093ac5 Mon Sep 17 00:00:00 2001 From: Ariel Ramirez Date: Mon, 27 Jun 2022 12:18:58 -0700 Subject: [PATCH 2/3] update namePrefix --- settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json b/settings.json index 30fbf24028..5511446ff7 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "mop", + "value": "mtx", "metadata": { "description": "A 3-5 character length string, included in the resources names" } From 9a08132b772c5d98d232971a0e2975307ba1dd71 Mon Sep 17 00:00:00 2001 From: Ariel Ramirez Date: Mon, 27 Jun 2022 13:45:04 -0700 Subject: [PATCH 3/3] reverting name prefix --- settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json b/settings.json index 5511446ff7..9198a0f7d0 100644 --- a/settings.json +++ b/settings.json @@ -5,7 +5,7 @@ "localTokens": [ { "name": "namePrefix", - "value": "mtx", + "value": "carml", "metadata": { "description": "A 3-5 character length string, included in the resources names" }