rspec/rules/S4423/azureresourcemanager/how-to-fix-it/azure-mysql.adoc

== How to fix it in Databases

=== Code examples

The following code samples are equivalent For
https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers[Azure Database for MySQL servers],
https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers[Azure Database for PostgreSQL servers],
and https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers[Azure Database for MariaDB servers].

For all of these, there is no minimal TLS version enforced by default.

==== Noncompliant code example

[source,json,diff-id=1,diff-type=noncompliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.DBforMySQL/servers",
      "apiVersion": "2017-12-01",
      "name": "example",
      "properties": {
        "minimalTlsVersion": "TLS1_0"
      }
    }
  ]
}
----

[source,bicep,diff-id=3,diff-type=noncompliant]
----
resource mysqlDbServer 'Microsoft.DBforMySQL/servers@2017-12-01' = {
  name: 'example'
  properties: {
    minimalTlsVersion: 'TLS1_0' // Noncompliant
  }
}
----

==== Compliant solution

[source,json,diff-id=1,diff-type=compliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.DBforMySQL/servers",
      "apiVersion": "2017-12-01",
      "name": "example",
      "properties": {
        "minimalTlsVersion": "TLS1_2"
      }
    }
  ]
}
----

[source,bicep,diff-id=3,diff-type=compliant]
----
resource mysqlDbServer 'Microsoft.DBforMySQL/servers@2017-12-01' = {
  name: 'example'
  properties: {
    minimalTlsVersion: 'TLS1_2'
  }
}
----

=== How does this work?

include::../../common/fix/fix.adoc[]