diff --git a/azurerm/internal/services/apimanagement/resource_arm_api_management.go b/azurerm/internal/services/apimanagement/resource_arm_api_management.go index 50006deb1ac2..5146ebd6650d 100644 --- a/azurerm/internal/services/apimanagement/resource_arm_api_management.go +++ b/azurerm/internal/services/apimanagement/resource_arm_api_management.go @@ -28,6 +28,7 @@ var apimFrontendProtocolSsl3 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Sec var apimFrontendProtocolTls10 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10" var apimFrontendProtocolTls11 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11" var apimTripleDesCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168" +var apimHttp2Protocol = "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2" func resourceArmApiManagementService() *schema.Resource { return &schema.Resource{ @@ -201,6 +202,22 @@ func resourceArmApiManagementService() *schema.Resource { }, }, + "protocols": { + Type: schema.TypeList, + Optional: true, + Computed: true, // TODO: remove in 2.0 + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_http2": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + }, + }, + }, + "security": { Type: schema.TypeList, Optional: true, @@ -658,10 +675,14 @@ func resourceArmApiManagementServiceRead(d *schema.ResourceData, meta interface{ d.Set("scm_url", props.ScmURL) d.Set("public_ip_addresses", props.PublicIPAddresses) - if err := d.Set("security", flattenApiManagementCustomProperties(props.CustomProperties)); err != nil { + if err := d.Set("security", flattenApiManagementSecurityCustomProperties(props.CustomProperties)); err != nil { return fmt.Errorf("Error setting `security`: %+v", err) } + if err := d.Set("protocols", flattenApiManagementProtocolsCustomProperties(props.CustomProperties)); err != nil { + return fmt.Errorf("Error setting `protocols`: %+v", err) + } + hostnameConfigs := flattenApiManagementHostnameConfigurations(props.HostnameConfigurations, d) if err := d.Set("hostname_configuration", hostnameConfigs); err != nil { return fmt.Errorf("Error setting `hostname_configuration`: %+v", err) @@ -1094,7 +1115,7 @@ func expandApiManagementCustomProperties(d *schema.ResourceData) map[string]*str backendProtocolSsl3 = c.(bool) } - return map[string]*string{ + customProperties := map[string]*string{ apimBackendProtocolSsl3: utils.String(strconv.FormatBool(backendProtocolSsl3)), apimBackendProtocolTls10: utils.String(strconv.FormatBool(backendProtocolTls10)), apimBackendProtocolTls11: utils.String(strconv.FormatBool(backendProtocolTls11)), @@ -1103,9 +1124,17 @@ func expandApiManagementCustomProperties(d *schema.ResourceData) map[string]*str apimFrontendProtocolTls11: utils.String(strconv.FormatBool(frontendProtocolTls11)), apimTripleDesCiphers: utils.String(strconv.FormatBool(tripleDesCiphers)), } + + if vp := d.Get("protocols").(([]interface{})); len(vp) > 0 { + if p, ok := d.GetOkExists("protocols.0.enable_http2"); ok { + customProperties[apimHttp2Protocol] = utils.String(strconv.FormatBool(p.(bool))) + } + } + + return customProperties } -func flattenApiManagementCustomProperties(input map[string]*string) []interface{} { +func flattenApiManagementSecurityCustomProperties(input map[string]*string) []interface{} { output := make(map[string]interface{}) output["enable_backend_ssl30"] = parseApiManagementNilableDictionary(input, apimBackendProtocolSsl3) @@ -1128,6 +1157,14 @@ func flattenApiManagementCustomProperties(input map[string]*string) []interface{ return []interface{}{output} } +func flattenApiManagementProtocolsCustomProperties(input map[string]*string) []interface{} { + output := make(map[string]interface{}) + + output["enable_http2"] = parseApiManagementNilableDictionary(input, apimHttp2Protocol) + + return []interface{}{output} +} + func apiManagementResourceHostnameSchema(schemaName string) map[string]*schema.Schema { return map[string]*schema.Schema{ "host_name": { diff --git a/azurerm/internal/services/apimanagement/tests/resource_arm_api_management_test.go b/azurerm/internal/services/apimanagement/tests/resource_arm_api_management_test.go index 7c287d5274c8..a31d047b5a5f 100644 --- a/azurerm/internal/services/apimanagement/tests/resource_arm_api_management_test.go +++ b/azurerm/internal/services/apimanagement/tests/resource_arm_api_management_test.go @@ -104,6 +104,7 @@ func TestAccAzureRMApiManagement_customProps(t *testing.T) { Config: testAccAzureRMApiManagement_customProps(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMApiManagementExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "protocols.0.enable_http2", "false"), ), }, data.ImportStep(), @@ -125,6 +126,7 @@ func TestAccAzureRMApiManagement_complete(t *testing.T) { testCheckAzureRMApiManagementExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "tags.Acceptance", "Test"), resource.TestCheckResourceAttrSet(data.ResourceName, "public_ip_addresses.#"), + resource.TestCheckResourceAttr(data.ResourceName, "protocols.0.enable_http2", "true"), ), }, { @@ -511,6 +513,10 @@ resource "azurerm_api_management" "test" { store_name = "Root" } + protocols { + enable_http2 = true + } + security { enable_backend_tls11 = true enable_backend_ssl30 = true diff --git a/website/docs/r/api_management.html.markdown b/website/docs/r/api_management.html.markdown index fccbf694dd37..1189514c5fad 100644 --- a/website/docs/r/api_management.html.markdown +++ b/website/docs/r/api_management.html.markdown @@ -72,6 +72,8 @@ The following arguments are supported: * `policy` - (Optional) A `policy` block as defined below. +* `protocols` - (Optional) A `protocols` block as defined below. + * `security` - (Optional) A `security` block as defined below. * `sign_in` - (Optional) A `sign_in` block as defined below. @@ -163,6 +165,12 @@ A `proxy` block supports the following: --- +A `protocols` block supports the following: + +* `enable_http2` - (Optional) Should HTTP/2 be supported by the API Management Service? Defaults to `false`. + +--- + A `security` block supports the following: * `enable_backend_ssl30` - (Optional) Should SSL 3.0 be enabled on the backend of the gateway? Defaults to `false`.