rspec/rules/S4423/azureresourcemanager/how-to-fix-it/azure-mysql.adoc

== How to fix it in Databases

=== Code examples

The following code samples are equivalent For
https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers[Azure Database for MySQL servers],
https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers[Azure Database for PostgreSQL servers],
and https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers[Azure Database for MariaDB servers].

For all of these, there is no minimal TLS version enforced by default.

==== Noncompliant code example

[source,json,diff-id=1,diff-type=noncompliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.DBforMySQL/servers",
      "apiVersion": "2017-12-01",
      "name": "example",
      "properties": {
        "minimalTlsVersion": "TLS1_0"
      }
    }
  ]
}
----

[source,bicep,diff-id=3,diff-type=noncompliant]
----
resource mysqlDbServer 'Microsoft.DBforMySQL/servers@2017-12-01' = {
  name: 'example'
  properties: {
    minimalTlsVersion: 'TLS1_0' // Noncompliant
  }
}
----

==== Compliant solution

[source,json,diff-id=1,diff-type=compliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.DBforMySQL/servers",
      "apiVersion": "2017-12-01",
      "name": "example",
      "properties": {
        "minimalTlsVersion": "TLS1_2"
      }
    }
  ]
}
----

[source,bicep,diff-id=3,diff-type=compliant]
----
resource mysqlDbServer 'Microsoft.DBforMySQL/servers@2017-12-01' = {
  name: 'example'
  properties: {
    minimalTlsVersion: 'TLS1_2'
  }
}
----

=== How does this work?

include::../../common/fix/fix.adoc[]
Modify S4423: Learn-As-You-Code Migration (#2097) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 17:36:01 +02:00			`== How to fix it in Databases`

			`=== Code examples`

			`The following code samples are equivalent For`
			`https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers[Azure Database for MySQL servers],`
			`https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers[Azure Database for PostgreSQL servers],`
			`and https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers[Azure Database for MariaDB servers].`

			`For all of these, there is no minimal TLS version enforced by default.`

			`==== Noncompliant code example`

			`[source,json,diff-id=1,diff-type=noncompliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.DBforMySQL/servers",`
			`"apiVersion": "2017-12-01",`
			`"name": "example",`
			`"properties": {`
			`"minimalTlsVersion": "TLS1_0"`
			`}`
			`}`
			`]`
			`}`
			`----`

Modify rule S4423: Add language AzureResourceManager (Bicep) (#1879) 2023-09-13 10:25:04 +02:00			`[source,bicep,diff-id=3,diff-type=noncompliant]`
			`----`
			`resource mysqlDbServer 'Microsoft.DBforMySQL/servers@2017-12-01' = {`
APPSEC-1090: S4423 Improved RSPEC example (#3096) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-09-20 14:46:42 +02:00			`name: 'example'`
Modify rule S4423: Add language AzureResourceManager (Bicep) (#1879) 2023-09-13 10:25:04 +02:00			`properties: {`
			`minimalTlsVersion: 'TLS1_0' // Noncompliant`
			`}`
			`}`
			`----`

Modify S4423: Learn-As-You-Code Migration (#2097) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 17:36:01 +02:00			`==== Compliant solution`

			`[source,json,diff-id=1,diff-type=compliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.DBforMySQL/servers",`
			`"apiVersion": "2017-12-01",`
			`"name": "example",`
			`"properties": {`
			`"minimalTlsVersion": "TLS1_2"`
			`}`
			`}`
			`]`
			`}`
			`----`

Modify rule S4423: Add language AzureResourceManager (Bicep) (#1879) 2023-09-13 10:25:04 +02:00			`[source,bicep,diff-id=3,diff-type=compliant]`
			`----`
			`resource mysqlDbServer 'Microsoft.DBforMySQL/servers@2017-12-01' = {`
APPSEC-1090: S4423 Improved RSPEC example (#3096) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-09-20 14:46:42 +02:00			`name: 'example'`
Modify rule S4423: Add language AzureResourceManager (Bicep) (#1879) 2023-09-13 10:25:04 +02:00			`properties: {`
			`minimalTlsVersion: 'TLS1_2'`
			`}`
			`}`
			`----`

Modify S4423: Learn-As-You-Code Migration (#2097) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 17:36:01 +02:00			`=== How does this work?`

			`include::../../common/fix/fix.adoc[]`